mail-gpg 0.3.2 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0fa28ac570f95bf31e58025d3e29c4d8fe15c43a
-  data.tar.gz: 3a4afd5b7c7847333c364135aba9acb20fc9762d
+  metadata.gz: 62b5362e85b38c7c385a84c56270dea80710517a
+  data.tar.gz: 78e3dacfe29c126d91089b380083d32edfd35d9f
 SHA512:
-  metadata.gz: d96da3558cb0b0ed814dce389d0e969e19edf718712adcecc0dc5bad04c6d1a35ed8da20acbf9427212072daf1c462e48a9391d5fc0c6d5b63c4e6a9e3593052
-  data.tar.gz: 3a8e23f13198857aa5fe9f533a08d7209d55ee0ba9839d913b977fbea59841315c211c1f87f3440e0c7a1d3a239419ed84dcb0b593efa6590aa85aadfce129cd
+  metadata.gz: 36cadc855dc15bc8dbab934a44602d97c8a8831c575970ed61c4e3c3cce7bf86ac2d2cc956b910d0916aa53dd1702af001d57986d055e048e12f4868833c7931
+  data.tar.gz: d3a34b8a693ebf7b4e52aaff895af7275b01b335eac7c537443bab7eed61ceee1b86b5d7266fc35941e482d7ddd4e2044a42b8ad60f0e2189a4c7763bcd93c55

data/.gitignore

@@ -16,7 +16,7 @@ rdoc
 spec/reports
 test/tmp
 test/version_tmp
-test/gpghome/random_seed
+test/gpghome
 tmp
 *.swp
 tags

data/.travis.yml

@@ -1,18 +1,21 @@
 language: ruby
 rvm:
-  - 2.3.1
-  - 2.2.5
-  - 2.1.9
+  - 2.6.3
+  - 2.5.5
+  - 2.4.6
 env:
-  - RAILS=3.2.22.1
-  - RAILS=4.1.14.1
-  - RAILS=4.2.5.1
-  - RAILS=5.0.0.1
+  - RAILS=4.2.11.1 GPG_BIN=/usr/bin/gpg2
+  - RAILS=4.2.11.1 GPG_BIN=/usr/bin/gpg
+  - RAILS=5.2.3 GPG_BIN=/usr/bin/gpg2
+  - RAILS=5.2.3 GPG_BIN=/usr/bin/gpg
 matrix:
   exclude:
-    - rvm: 2.1.9
-      env: RAILS=5.0.0.1
 before_install:
-  - gem update bundler
-sudo: false
+  - gem install bundler -v "~> 2.0"
+  - sudo apt install -y gnupg gnupg2
 cache: bundler
+dist: xenial
+addons:
+  apt:
+    update: true
+

data/History.txt

@@ -1,3 +1,34 @@
+== 0.4.3 2020-02-12
+
+* fix bad signatures of some mails with Mail 2.7.1 by always enforcing
+  base64 encoding for signed content
+
+== 0.4.2 2019-09-02
+
+* do not die on invalid content-transfer encodings when checking if a message
+  is inline-signed or encrypted
+
+== 0.4.1 2019-07-08
+
+* do not modify argument hash #61
+* fix tests on travis and run them with both gpg < 2.0 and >= 2.1
+* gpg 2.0.x apparently has no way of preseeding passphrases and thus will only
+  ever work with passphraseless keys.
+
+== 0.4.0 2018-05-19
+
+* [MIGHT BREAK THINGS] changes to the way keys are looked up #55
+  Previously, keys that were not explicitly mentioned but already present in
+  the key chain for one of the recipient addresses would have been used
+  silently. This is no longer the case, if the :keys option is given, all
+  necessary keys have to be specified as either key data, key id, fingerprint
+  or GPGME::Key object.
+* fix error when calling encrypt with actual key objects #60
+
+== 0.3.3 2018-04-01
+
+* fix broken GpgmeHelper#keys_for_data #59
+
 == 0.3.2 2018-03-30
 
 * do not attempt to decrypt inline-encrypted HTML parts #52

data/README.md

@@ -84,6 +84,13 @@ In theory you only need to specify the key once like that, however doing it
 every time does not hurt as gpg is clever enough to recognize known keys, only
 updating it's db when necessary.
 
+Note: Mail-Gpg in version 0.4 and up is more strict regarding the keys option:
+if it is present, only key material from there (either given as key data like
+above, or as key id, key fingerprint or `GPGMe::Key` object if they have been
+imported before) will be used. Keys already present in the local keychain for
+any of the recipients that are not explicitly mentioned in the `keys` hash will
+be ignored.
+
 You may also want to have a look at the [GPGME](https://github.com/ueno/ruby-gpgme) docs and code base for more info on the various options, especially regarding the `passphrase_callback` arguments.
 
 

data/Rakefile

@@ -1,57 +1,14 @@
 require "bundler/gem_tasks"
 require 'rake/testtask'
 require 'gpgme'
+require 'byebug'
 
-def setup_gpghome
-  gpghome = File.join File.dirname(__FILE__), 'test', 'gpghome'
-  ENV['GNUPGHOME'] = gpghome
-  ENV['GPG_AGENT_INFO'] = '' # disable gpg agent
-  unless File.directory? gpghome
-    FileUtils.mkdir_p gpghome
-    GPGME::Ctx.new do |gpg|
-      gpg.generate_key <<-END
-<GnupgKeyParms format="internal">
-  Key-Type: DSA
-  Key-Length: 1024
-  Subkey-Type: ELG-E
-  Subkey-Length: 1024
-  Name-Real: Joe Tester
-  Name-Comment: with stupid passphrase
-  Name-Email: joe@foo.bar
-  Expire-Date: 0
-  Passphrase: abc
-</GnupgKeyParms>
-END
-      gpg.generate_key <<-END
-<GnupgKeyParms format="internal">
-  Key-Type: DSA
-  Key-Length: 1024
-  Subkey-Type: ELG-E
-  Subkey-Length: 1024
-  Name-Real: Jane Doe
-  Name-Comment: with stupid passphrase
-  Name-Email: jane@foo.bar
-  Expire-Date: 0
-  Passphrase: abc
-</GnupgKeyParms>
-END
-    end
-  end
-end
-
-task :default => ["mail_gpg:tests:setup", :test]
-
-namespace :mail_gpg do
-  namespace :tests do
-    task :setup do
-      setup_gpghome
-    end
-  end
-end
+task :default => [:test]
 
 Rake::TestTask.new(:test) do |test|
   test.libs << 'test'
   test.test_files = FileList['test/**/*_test.rb']
   test.verbose = true
+  test.warning = false
 end
 

data/lib/mail/gpg.rb

@@ -17,10 +17,13 @@ require 'mail/gpg/inline_signed_message'
 
 module Mail
   module Gpg
+    BEGIN_PGP_MESSAGE_MARKER = /^-----BEGIN PGP MESSAGE-----/
+    BEGIN_PGP_SIGNED_MESSAGE_MARKER = /^-----BEGIN PGP SIGNED MESSAGE-----/
+
     # options are:
     # :sign: sign message using the sender's private key
     # :sign_as: sign using this key (give the corresponding email address or key fingerprint)
-    # :passphrase: passphrase for the signing key
+    # :password: passphrase for the signing key
     # :keys: A hash mapping recipient email addresses to public keys or public
     # key ids. Imports any keys given here that are not already part of the
     # local keychain before sending the mail.
@@ -198,10 +201,10 @@ module Mail
     # check if inline PGP (i.e. if any parts of the mail includes
     # the PGP MESSAGE marker)
     def self.encrypted_inline?(mail)
-      return true if mail.body.include?('-----BEGIN PGP MESSAGE-----')
+      return true if mail.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER rescue nil
       if mail.multipart?
         mail.parts.each do |part|
-          return true if part.body.include?('-----BEGIN PGP MESSAGE-----')
+          return true if part.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER rescue nil
           return true if part.has_content_type? &&
             /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type &&
             /.*\.(?:pgp|gpg|asc)$/ =~ part.content_type_parameters[:name] &&
@@ -223,10 +226,10 @@ module Mail
     # check if inline PGP (i.e. if any parts of the mail includes
     # the PGP SIGNED marker)
     def self.signed_inline?(mail)
-      return true if mail.body.to_s =~ /^-----BEGIN PGP SIGNED MESSAGE-----/
+      return true if mail.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER rescue nil
       if mail.multipart?
         mail.parts.each do |part|
-          return true if part.body.to_s =~ /^-----BEGIN PGP SIGNED MESSAGE-----/
+          return true if part.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER rescue nil
         end
       end
       false

data/lib/mail/gpg/delivery_handler.rb

@@ -7,7 +7,7 @@ module Mail
           encrypted_mail = nil
           begin
             options = TrueClass === mail.gpg ? { encrypt: true } : mail.gpg
-            if options.delete(:encrypt)
+            if options[:encrypt]
               encrypted_mail = Mail::Gpg.encrypt(mail, options)
             elsif options[:sign] || options[:sign_as]
               encrypted_mail = Mail::Gpg.sign(mail, options)

data/lib/mail/gpg/encrypted_part.rb

@@ -11,7 +11,10 @@ module Mail
       # :recipients : array of receiver addresses
       # :keys : A hash mapping recipient email addresses to public keys or public
       # key ids. Imports any keys given here that are not already part of the
-      # local keychain before sending the mail.
+      # local keychain before sending the mail. If this option is given, strictly
+      # only the key material from this hash is used, ignoring any keys for
+      # recipients that might have been added to the local key chain but are
+      # not mentioned here.
       # :always_trust : send encrypted mail to untrusted receivers, true by default
       # :filename : define a custom name for the encrypted file attachment
       def initialize(cleartext_mail, options = {})

data/lib/mail/gpg/gpgme_helper.rb

@@ -115,21 +115,36 @@ module Mail
 
       # normalizes the list of recipients' emails, key ids and key data to a
       # list of Key objects
+      #
+      # if key_data is given, _only_ key material from there is used,
+      # and eventually already imported keys in the keychain are ignored.
       def self.keys_for_data(emails_or_shas_or_keys, key_data = nil)
         if key_data
+          # in this case, emails_or_shas_or_keys is supposed to be the list of
+          # recipients, and key_data the key material to be used.
+          # We now map these to whatever we find in key_data for each of these
+          # addresses.
           [emails_or_shas_or_keys].flatten.map do |r|
-            # import any given keys
             k = key_data[r]
-            if k and k =~ /-----BEGIN PGP/
-              k = GPGME::Key.import(k).imports.map(&:fpr)
-              k = nil if k.size == 0
-            end
-            key_id = k || r
+            key_id = case k
+                     when GPGME::Key
+                       # assuming this is already imported
+                       k.fingerprint
+                     when nil, ''
+                       # nothing
+                       nil
+                     when /-----BEGIN PGP/
+                       # ASCII key data
+                       GPGME::Key.import(k).imports.map(&:fpr)
+                     else
+                       # key id or fingerprint
+                       k
+                     end
             unless key_id.nil? || key_id.empty?
               GPGME::Key.find(:public, key_id, :encrypt)
             end
-          end.flatten
-        elsif emails_or_shas_or_keys.size > 0
+          end.flatten.compact
+        elsif emails_or_shas_or_keys and emails_or_shas_or_keys.size > 0
           # key lookup in keychain for all receivers
           GPGME::Key.find :public, emails_or_shas_or_keys, :encrypt
         else

data/lib/mail/gpg/sign_part.rb

@@ -24,19 +24,8 @@ module Mail
           return false
         end
 
-        # Work around the problem that plain_part.raw_source prefixes an
-        # erroneous CRLF, <https://github.com/mikel/mail/issues/702>.
-        if ! plain_part.raw_source.empty?
-          plaintext = [ plain_part.header.raw_source,
-                        "\r\n\r\n",
-                        plain_part.body.raw_source
-                      ].join
-        else
-          plaintext = plain_part.encoded
-        end
-
         signature = signature_part.body.encoded
-        GpgmeHelper.sign_verify(plaintext, signature, options)
+        GpgmeHelper.sign_verify(plain_part.encoded, signature, options)
       end
     end
   end

data/lib/mail/gpg/signed_part.rb

@@ -8,7 +8,7 @@ module Mail
 
       def self.build(cleartext_mail)
         new do
-          if cleartext_mail.body.multipart?
+          if cleartext_mail.multipart?
             if cleartext_mail.content_type =~ /^(multipart[^;]+)/
               # preserve multipart/alternative etc
               content_type $1
@@ -16,11 +16,18 @@ module Mail
               content_type 'multipart/mixed'
             end
             cleartext_mail.body.parts.each do |p|
-              add_part p
+              add_part Mail::Gpg::SignedPart.build(p)
             end
           else
             content_type cleartext_mail.content_type
-            body cleartext_mail.body.raw_source
+            if disposition = cleartext_mail.content_disposition
+              content_disposition disposition
+            end
+
+            # brute force approach to avoid messed up line endings that break
+            # signatures with Mail 2.7
+            body Mail::Encodings::Base64.encode cleartext_mail.body.to_s
+            body.encoding = 'base64'
           end
         end
       end

data/lib/mail/gpg/version.rb

@@ -1,5 +1,5 @@
 module Mail
   module Gpg
-    VERSION = "0.3.2"
+    VERSION = "0.4.3"
   end
 end

data/mail-gpg.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "mail", "~> 2.5", ">= 2.5.3"
   spec.add_dependency "gpgme", "~> 2.0", ">= 2.0.2"
-  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "test-unit", "~> 3.0"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "actionmailer", ">= 3.2.0"

data/test/action_mailer_test.rb

@@ -31,7 +31,7 @@ class MyMailer < ActionMailer::Base
 
 end
 
-class ActionMailerTest < Test::Unit::TestCase
+class ActionMailerTest < MailGpgTestCase
   context 'without return_path' do
     setup do
       set_passphrase('abc')

data/test/decrypted_part_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 require 'mail/gpg/decrypted_part'
 require 'mail/gpg/encrypted_part'
 
-class DecryptedPartTest < Test::Unit::TestCase
+class DecryptedPartTest < MailGpgTestCase
   context 'DecryptedPart' do
     setup do
       @mail = Mail.new do
@@ -11,7 +11,9 @@ class DecryptedPartTest < Test::Unit::TestCase
         subject 'test'
         body 'i am unencrypted'
       end
-      @part = Mail::Gpg::EncryptedPart.new(@mail, { :sign => true, :password => 'abc' })
+      @part = Mail::Gpg::EncryptedPart.new(@mail, { recipients: ['jane@foo.bar'],
+                                                    :sign => true,
+                                                    :password => 'abc' })
     end
 
     should 'decrypt' do

data/test/encrypted_part_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 require 'mail/gpg/encrypted_part'
 
-class EncryptedPartTest < Test::Unit::TestCase
+class EncryptedPartTest < MailGpgTestCase
 
   def check_key_list(keys)
     assert_equal 1, keys.size
@@ -17,67 +17,20 @@ class EncryptedPartTest < Test::Unit::TestCase
         subject 'test'
         body 'i am unencrypted'
       end
-      @part = Mail::Gpg::EncryptedPart.new(mail)
+      @part = Mail::Gpg::EncryptedPart.new(mail, recipients: ['jane@foo.bar'])
     end
 
-    context 'with email address' do
-      setup do
-        @email = 'jane@foo.bar'
-      end
-
-      should 'resolve email to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @email)
-        check_key_list keys
-      end
-
-      should 'resolve emails to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@email])
-        check_key_list keys
-      end
-
+    should 'have binary content type and name' do
+      assert_equal 'application/octet-stream; name=encrypted.asc', @part.content_type
     end
 
-    context 'with key id' do
-      setup do
-        @key_id = GPGME::Key.find(:public, 'jane@foo.bar').first.sha
-      end
-
-      should 'resolve single id  gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_id)
-        check_key_list keys
-      end
-      should 'resolve id list to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_id])
-        check_key_list keys
-      end
+    should 'have description' do
+      assert_match(/openpgp/i, @part.content_description)
     end
 
-    context 'with key fingerprint' do
-      setup do
-        @key_fpr = GPGME::Key.find(:public, 'jane@foo.bar').first.fingerprint
-      end
-
-      should 'resolve single id  gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_fpr)
-        check_key_list keys
-      end
-      should 'resolve id list to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_fpr])
-        check_key_list keys
-      end
+    should 'have inline disposition and default filename' do
+      assert_equal 'inline; filename=encrypted.asc', @part.content_disposition
     end
 
-    context 'with emails and key data' do
-      setup do
-        @key = GPGME::Key.find(:public, 'jane@foo.bar').first.export(armor: true).to_s
-        @emails = ['jane@foo.bar']
-        @key_data = { 'jane@foo.bar' => @key }
-      end
-
-      should 'resolve to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
-        check_key_list keys
-      end
-    end
   end
 end

data/test/gpg_test.rb

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class GpgTest < Test::Unit::TestCase
+class GpgTest < MailGpgTestCase
 
   def check_headers(mail = @mail, encrypted = @encrypted)
     assert_equal mail.to, encrypted.to

data/test/gpgme_helper_test.rb

@@ -0,0 +1,160 @@
+require 'test_helper'
+
+class GpgmeHelperTest < MailGpgTestCase
+
+  def check_key_list(keys)
+    assert_equal 1, keys.size
+    assert_equal GPGME::Key, keys.first.class
+    assert_equal 'jane@foo.bar', keys.first.email
+  end
+
+  context 'GpgmeHelper' do
+
+    should 'handle empty email list' do
+      assert_equal [], Mail::Gpg::GpgmeHelper.send(:keys_for_data, nil)
+      assert_equal [], Mail::Gpg::GpgmeHelper.send(:keys_for_data, [])
+    end
+
+    # no keys given, assuming they are already in the keychain
+    context 'with email address' do
+      setup do
+        @email = 'jane@foo.bar'
+      end
+
+      should 'resolve email to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @email)
+        check_key_list keys
+      end
+
+      should 'resolve emails to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@email])
+        check_key_list keys
+      end
+    end
+
+    # this is a use case we do not really need but it works due to the way
+    # Gpgme looks up keys
+    context 'with key id' do
+      setup do
+        @key_id = GPGME::Key.find(:public, 'jane@foo.bar').first.sha
+      end
+
+      should 'resolve single id  gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_id)
+        check_key_list keys
+      end
+      should 'resolve id list to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_id])
+        check_key_list keys
+      end
+    end
+
+    # this is a use case we do not really need but it works due to the way
+    # Gpgme looks up keys
+    context 'with key fingerprint' do
+      setup do
+        @key_fpr = GPGME::Key.find(:public, 'jane@foo.bar').first.fingerprint
+      end
+
+      should 'resolve single id  gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_fpr)
+        check_key_list keys
+      end
+      should 'resolve id list to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_fpr])
+        check_key_list keys
+      end
+    end
+
+    context 'with email addresses' do
+      setup do
+        @key = GPGME::Key.find(:public, 'jane@foo.bar').first
+        @emails = ['jane@foo.bar']
+      end
+
+      # probably the most common use case - one or more recipient addresses and a
+      # hash mapping them to public key data that the user pasted into a text
+      # field at some point
+      context 'and key data' do
+        setup do
+          @key = @key.export(armor: true).to_s
+          @key_data = { 'jane@foo.bar' => @key }
+        end
+
+        should 'resolve to gpg key for single address' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails.first, @key_data)
+          check_key_list keys
+        end
+
+        should 'resolve to gpg keys' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
+          check_key_list keys
+        end
+
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], @key_data)
+          assert keys.blank?
+        end
+
+        should 'ignore invalid key data and not use existing key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['jane@foo.bar'], { 'jane@foo.bar' => "-----BEGIN PGP\ninvalid key data" })
+          assert keys.blank?
+        end
+      end
+
+      context 'and key id or fpr' do
+        setup do
+          @key_id = @key.sha
+          @key_fpr = @key.fingerprint
+          @email = @emails.first
+        end
+
+        should 'resolve id to gpg key for single address' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails.first, { @email => @key_id })
+          check_key_list keys
+        end
+
+        should 'resolve id to gpg key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => @key_id })
+          check_key_list keys
+        end
+
+        should 'resolve fpr to gpg key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => @key_fpr })
+          check_key_list keys
+        end
+
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], { @email => @key_fpr })
+          assert keys.blank?
+        end
+
+        should 'ignore invalid key id and not use existing key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => "invalid key id" })
+          assert keys.blank?
+        end
+
+      end
+
+      # mapping email addresses to already retrieved key objects or
+      # key fingerprints is also possible.
+      context 'and key object' do
+        setup do
+          @key_data = { 'jane@foo.bar' => @key }
+        end
+
+        should 'resolve to gpg keys for these addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
+          check_key_list keys
+        end
+
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], @key_data)
+          assert keys.blank?
+        end
+      end
+
+    end
+  end
+end
+

data/test/hkp_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 require 'byebug'
 require 'hkp'
 
-class HkpTest < Test::Unit::TestCase
+class HkpTest < MailGpgTestCase
 
   context "hpk client" do
     {

data/test/inline_decrypted_message_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 
 # test cases for PGP inline messages (i.e. non-mime)
-class InlineDecryptedMessageTest < Test::Unit::TestCase
+class InlineDecryptedMessageTest < MailGpgTestCase
 
   context "InlineDecryptedMessage" do
 

data/test/inline_signed_message_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 
 # test cases for PGP inline signed messages (i.e. non-mime)
-class InlineSignedMessageTest < Test::Unit::TestCase
+class InlineSignedMessageTest < MailGpgTestCase
 
   context "InlineSignedMessage" do
 

data/test/message_test.rb

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class MessageTest < Test::Unit::TestCase
+class MessageTest < MailGpgTestCase
 
   context "Mail::Message" do
 
@@ -38,24 +38,96 @@ class MessageTest < Test::Unit::TestCase
       end
     end
 
+    context "with multi line utf-8 body and gpg signing only" do
+      setup do
+        @mail.charset = 'UTF-8'
+        @body = <<-END
+        one
+        two
+        euro €
+        three
+        END
+
+        @mail.body = @body
+        @mail.gpg sign: true, password: 'abc'
+        @mail.deliver
+        @signed = Mail.new @mails.first.to_s
+        @verified = @signed.verify
+        # Mail gem from 2.7.1 onwards converts "\n" to "\r\n"
+        @body = Mail::Utilities.to_crlf(@body)
+      end
+
+      should 'keep body unchanged' do
+        body = @verified.body.to_s.force_encoding 'UTF-8'
+        assert_equal @body, body
+      end
+
+      should 'verify signed mail' do
+        refute @signed.encrypted?
+        assert @signed.multipart?, "message should be multipart"
+        assert @signed.signed?, "message should be signed"
+        assert sign_part = @signed.parts.last
+        GPGME::Crypto.new.verify(sign_part.body.to_s, signed_text: @signed.parts.first.encoded) do |sig|
+          assert sig.valid?, "Signature is not valid"
+        end
+
+        assert @verified.signature_valid?, "Signature check failed!"
+        refute @verified.multipart?
+      end
+
+    end
+
     context "with gpg signing only" do
       setup do
         @mail.gpg sign: true, password: 'abc'
       end
 
+      context 'with attachment' do
+        setup do
+          p = Mail::Part.new do
+            body "and\nanother part euro €"
+          end
+          @mail.add_part p
+          # if we do not force it to binary, the line ending is changed to CRLF. WTF?
+          @attachment_data = "this is\n € not an image".force_encoding(Encoding::BINARY)
+          @mail.attachments['test.jpg'] = { mime_type: 'image/jpeg',
+                                            content: @attachment_data }
+
+          @mail.deliver
+          @signed = Mail.new @mails.first.to_s
+          @verified = @signed.verify
+        end
+
+        should 'verify signature' do
+          assert @verified.signature_valid?
+        end
+
+        should 'have original three parts' do
+          assert_equal 3, @verified.parts.size
+          assert_equal 'i am unencrypted', @verified.parts[0].body.to_s
+          assert_equal "and\r\nanother part euro €", @verified.parts[1].body.to_s.force_encoding('UTF-8')
+          assert attachment = @verified.parts[2]
+          assert attachment.attachment?
+          assert_equal "attachment; filename=test.jpg", attachment.content_disposition
+          assert_equal @attachment_data, attachment.body.to_s
+        end
+
+      end
+
       context 'with multiple parts' do
         setup do
           p = Mail::Part.new do
-            body 'and another part'
+            body "and\nanother part euro €"
           end
           @mail.add_part p
           p = Mail::Part.new do
-            body 'and a third part'
+            content_type "text/html; charset=UTF-8"
+            body "and an\nHTML part €"
           end
           @mail.add_part p
 
           @mail.deliver
-          @signed = @mails.first
+          @signed = Mail.new @mails.first.to_s
           @verified = @signed.verify
         end
 
@@ -67,8 +139,8 @@ class MessageTest < Test::Unit::TestCase
           assert_equal 3, @mail.parts.size
           assert_equal 3, @verified.parts.size
           assert_equal 'i am unencrypted', @verified.parts[0].body.to_s
-          assert_equal 'and another part', @verified.parts[1].body.to_s
-          assert_equal 'and a third part', @verified.parts[2].body.to_s
+          assert_equal "and\r\nanother part euro €", @verified.parts[1].body.to_s.force_encoding('UTF-8')
+          assert_equal "and an\r\nHTML part €", @verified.parts[2].body.to_s.force_encoding('UTF-8')
         end
       end
 
@@ -133,25 +205,42 @@ class MessageTest < Test::Unit::TestCase
       end
     end
 
-    context 'with encryption and signing' do
+    context 'utf-8 with encryption and signing' do
       setup do
+        @body = "one\neuro €"
+        @mail.charset = 'UTF-8'
+        @mail.body @body
         @mail.gpg encrypt: true, sign: true, password: 'abc'
         @mail.deliver
+        assert_equal 1, @mails.size
+        assert m = @mails.first
+        @received = Mail.new m.to_s
       end
 
       should 'decrypt and check signature' do
-        assert_equal 1, @mails.size
-        assert m = @mails.first
+        m = @received
         assert_equal 'test', m.subject
         assert m.multipart?
         assert m.encrypted?
         assert decrypted = m.decrypt(:password => 'abc', verify: true)
         assert_equal 'test', decrypted.subject
         assert decrypted == @mail
-        assert_equal 'i am unencrypted', decrypted.body.to_s
+        assert_equal "one\r\neuro €", decrypted.body.to_s.force_encoding('UTF-8')
         assert decrypted.signature_valid?
         assert_equal 1, decrypted.signatures.size
       end
+
+      should 'preserve headers in raw_source output' do
+        m = @received
+        assert decrypted = m.decrypt(:password => 'abc', verify: true)
+        assert s = decrypted.raw_source
+        assert s.include?('From: joe@foo.bar')
+        assert s.include?('To: jane@foo.bar')
+        assert s.include?('Subject: test')
+
+        body = decrypted.body.to_s.force_encoding('UTF-8')
+        assert body.include?('euro €'), s
+      end
     end
 
     context "with gpg turned on" do
@@ -213,9 +302,11 @@ class MessageTest < Test::Unit::TestCase
           assert m = @mails.first
           assert_equal 'test', m.subject
           # incorrect passphrase
-          if GPG21 == true
+          if @gpg_utils.preset_passphrases?
             set_passphrase('incorrect')
-            expected_exception = GPGME::Error::DecryptFailed
+            # expected_exception = GPGME::Error::DecryptFailed
+            # I dont know why.
+            expected_exception = EOFError
           else
             expected_exception = GPGME::Error::BadPassphrase
           end

data/test/sign_part_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 require 'mail/gpg/sign_part'
 
-class SignPartTest < Test::Unit::TestCase
+class SignPartTest < MailGpgTestCase
   context 'SignPart' do
     setup do
       set_passphrase('abc')

data/test/test_helper.rb

@@ -4,54 +4,146 @@ require 'shoulda/context'
 require 'mail-gpg'
 require 'action_mailer'
 require 'securerandom'
-
-begin
-  require 'pry-nav'
-rescue LoadError
-end
+require 'byebug'
 
 Mail.defaults do
   delivery_method :test
 end
 ActionMailer::Base.delivery_method = :test
 
-def get_keygrip(uid)
-  `gpg --list-secret-keys --with-colons #{uid} 2>&1`.lines.grep(/^grp/).first.split(':')[9]
-end
+class MailGpgTestCase < Test::Unit::TestCase
+  def setup
+    @gpg_utils = GPGTestUtils.new(ENV['GPG_BIN'])
+    @gpg_utils.setup
+  end
 
-# Test for and set up GnuPG v2.1
-gpg_engine = GPGME::Engine.info.find {|e| e.protocol == GPGME::PROTOCOL_OpenPGP }
-if Gem::Version.new(gpg_engine.version) >= Gem::Version.new("2.1.0")
-  GPG21 = true
-  libexecdir = `gpgconf --list-dir`.lines.grep(/^libexecdir:/).first.split(':').last.strip
-  GPPBIN = File.join(libexecdir, 'gpg-preset-passphrase')
-  KEYGRIP_JANE = get_keygrip('jane@foo.bar')
-  KEYGRIP_JOE = get_keygrip('joe@foo.bar')
-else
-  GPG21 = false
+  def set_passphrase(*args)
+    @gpg_utils.set_passphrase(*args)
+  end
 end
 
-# Put passphrase into gpg-agent (required with GnuPG v2).
-def set_passphrase(passphrase)
-  if GPG21
-    ensure_gpg_agent
-    call_gpp(KEYGRIP_JANE, passphrase)
-    call_gpp(KEYGRIP_JOE, passphrase)
+class GPGTestUtils
+  attr_reader :gpg_engine
+
+  def initialize(gpg_bin = nil)
+    @home = File.join File.dirname(__FILE__), 'gpghome'
+    @gpg_bin = gpg_bin
+
+    ENV['GPG_AGENT_INFO'] = '' # disable gpg agent
+    ENV['GNUPGHOME'] = @home
+
+    if @gpg_bin
+      GPGME::Engine.set_info(GPGME::PROTOCOL_OpenPGP, @gpg_bin, @home)
+    else
+      GPGME::Engine.home_dir = @home
+    end
+
+    @gpg_engine = GPGME::Engine.info.find {|e| e.protocol == GPGME::PROTOCOL_OpenPGP }
+    @gpg_bin ||= @gpg_engine.file_name
+
+    if Gem::Version.new(@gpg_engine.version) >= Gem::Version.new("2.1.0")
+      @preset_passphrases = true
+    else
+      @preset_passphrases = false
+    end
   end
-end
 
-def ensure_gpg_agent
-  # Make sure the gpg-agent is running (doesn't start automatically when
-  # gpg-preset-passphrase is calling).
-  output = `gpgconf --launch gpg-agent 2>&1`
-  if ! output.empty?
-    $stderr.puts "Launching gpg-agent returned: #{output}"
+  def preset_passphrases?
+    !!@preset_passphrases
   end
-end
 
-def call_gpp(keygrip, passphrase)
-  output, status = Open3.capture2e(GPPBIN, '--homedir', ENV['GNUPGHOME'], '--preset', keygrip, {stdin_data: passphrase})
-  if ! output.empty?
-    $stderr.puts "#{GPPBIN} returned status #{status.exitstatus}: #{output}"
+  def setup
+    gen_keys unless File.directory? @home
+
+    if @preset_passphrases
+      libexecdir = `gpgconf --list-dir`.lines.grep(/^libexecdir:/).first.split(':').last.strip
+      @gpp_bin = File.join(libexecdir, 'gpg-preset-passphrase')
+      @keygrip_jane = get_keygrip('jane@foo.bar')
+      @keygrip_joe = get_keygrip('joe@foo.bar')
+    end
+
+  end
+
+  def gen_keys
+    puts "setting up keydir #{@home}"
+    FileUtils.mkdir_p @home
+    (File.open(File.join(@home, "gpg-agent.conf"), "wb") << "allow-preset-passphrase\nbatch\n").close
+    GPGME::Ctx.new do |gpg|
+      gpg.generate_key <<-END
+<GnupgKeyParms format="internal">
+  Key-Type: DSA
+  Key-Length: 1024
+  Subkey-Type: ELG-E
+  Subkey-Length: 1024
+  Name-Real: Joe Tester
+  Name-Comment: with stupid passphrase
+  Name-Email: joe@foo.bar
+  Expire-Date: 0
+  Passphrase: abc
+</GnupgKeyParms>
+END
+      gpg.generate_key <<-END
+<GnupgKeyParms format="internal">
+  Key-Type: DSA
+  Key-Length: 1024
+  Subkey-Type: ELG-E
+  Subkey-Length: 1024
+  Name-Real: Jane Doe
+  Name-Comment: with stupid passphrase
+  Name-Email: jane@foo.bar
+  Expire-Date: 0
+  Passphrase: abc
+</GnupgKeyParms>
+END
+    end
+  end
+
+  # Put passphrase into gpg-agent (required with GnuPG v2).
+  def set_passphrase(passphrase)
+    if preset_passphrases?
+      ensure_gpg_agent
+      call_gpp(@keygrip_jane, passphrase)
+      call_gpp(@keygrip_joe, passphrase)
+    end
+  end
+
+  private
+
+  def get_keygrip(uid)
+    output = `#{@gpg_bin} --list-secret-keys --with-keygrip --with-colons #{uid} 2>&1`
+    if line = output.lines.grep(/^grp/).first
+      line.split(':')[9]
+    else
+      puts "malformed key list output:\n#{output}"
+      raise
+    end
+  end
+
+  def ensure_gpg_agent
+    # Make sure the gpg-agent is running (doesn't start automatically when
+    # gpg-preset-passphrase is calling).
+    output = `gpgconf --launch gpg-agent 2>&1`
+    if ! output.empty?
+      $stderr.puts "Launching gpg-agent returned: #{output}"
+    end
+  end
+
+  def call_gpp(keygrip, passphrase)
+    output, status = Open3.capture2e(@gpp_bin, '--homedir', ENV['GNUPGHOME'], '--preset', keygrip, {stdin_data: passphrase})
+    if ! output.empty?
+      $stderr.puts "#{@gpp_bin} returned status #{status.exitstatus}: #{output}"
+    end
   end
 end
+
+gpg_utils = GPGTestUtils.new(ENV['GPG_BIN'])
+v = Gem::Version.new(gpg_utils.gpg_engine.version)
+if v >= Gem::Version.new("2.1.0")
+  puts "Running with GPG >= 2.1"
+elsif v >= Gem::Version.new("2.0.0")
+  puts "Running with GPG 2.0, this isn't going well since we cannot set passphrases non-interactively"
+else
+  puts "Running with GPG < 2.0"
+end
+gpg_utils.setup
+

data/test/version_part_test.rb

@@ -1,32 +1,32 @@
 require 'test_helper'
 require 'mail/gpg/version_part'
 
-class VersionPartTest < Test::Unit::TestCase
+class VersionPartTest < MailGpgTestCase
   context 'VersionPart' do
 
     should 'roundtrip successfully' do
       part = Mail::Gpg::VersionPart.new()
       assert Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return false for non gpg mime type' do
       part = Mail::Gpg::VersionPart.new()
       part.content_type = 'text/plain'
       assert !Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return false for empty body' do
       part = Mail::Gpg::VersionPart.new()
       part.body = nil
       assert !Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return false for foul body' do
       part = Mail::Gpg::VersionPart.new()
       part.body = 'non gpg body'
       assert !Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return true for body with extra content' do
       part = Mail::Gpg::VersionPart.new()
       part.body = "#{part.body} extra content"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mail-gpg
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.4.3
 platform: ruby
 authors:
 - Jens Kraemer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-30 00:00:00.000000000 Z
+date: 2020-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
@@ -56,14 +56,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
@@ -182,6 +182,7 @@ files:
 - test/gpghome/random_seed
 - test/gpghome/secring.gpg
 - test/gpghome/trustdb.gpg
+- test/gpgme_helper_test.rb
 - test/hkp_test.rb
 - test/inline_decrypted_message_test.rb
 - test/inline_signed_message_test.rb
@@ -209,7 +210,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.14.4
 signing_key: 
 specification_version: 4
 summary: GPG/MIME encryption plugin for the Ruby Mail Library
@@ -224,6 +225,7 @@ test_files:
 - test/gpghome/random_seed
 - test/gpghome/secring.gpg
 - test/gpghome/trustdb.gpg
+- test/gpgme_helper_test.rb
 - test/hkp_test.rb
 - test/inline_decrypted_message_test.rb
 - test/inline_signed_message_test.rb