RubyGems - mail-gpg - Versions diffs - 0.3.3 → 0.4.0 - Mend

mail-gpg 0.3.3 → 0.4.0

Files changed (9) hide show

checksums.yaml +5 -5
data/History.txt +10 -0
data/README.md +7 -0
data/Rakefile +1 -0
data/lib/mail/gpg/encrypted_part.rb +4 -1
data/lib/mail/gpg/gpgme_helper.rb +21 -6
data/lib/mail/gpg/version.rb +1 -1
data/test/gpgme_helper_test.rb +88 -7
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: dc0c7bb838506fa1e0e3f01fbce200a95e13e76f
-  data.tar.gz: a528a571122d6c9b61c5ce2152b37973bdec88d9
+SHA256:
+  metadata.gz: 441163acdac450c30cee15a61caf0cdfced59f1014a3a25fb73725730c9dd04f
+  data.tar.gz: b9e69f9dbb562f7b776dba943990255bd16fe89367b3100afa9ec6b54aed1387
 SHA512:
-  metadata.gz: 40c3c768a539f4e016fc259cbd13b5d7323b423bde90be8dcb4a970017dc9d33e686d73e5d1a834facd8db82e9816f96f1e1e08eebbdbfa21773eeb435e51493
-  data.tar.gz: 1b37f11b4beb3311a1c894c2b1c77e626f8cadfd4cacdac74ab9bb96e528c6773ad10a91b093585276677825ed589555e21a7fe1673e82fd6193960e71bb7d87
+  metadata.gz: b53943970f5df90c515ed50d696bae79fa6842c9d5352bafba7e4fd278b0da9f322233a397d2c385d867220fe859714fa4d9f3664164b00adde1d9170ba99d27
+  data.tar.gz: 55124752f123ac57bab57450b93ad14e822868c7241c8f343a242278462985d918dfedfb6830ac21b25b8b855c99119d2c580974999cf7da9b80baa970c0adf6

data/History.txt CHANGED

@@ -1,3 +1,13 @@
+== 0.4.0 2018-05-19
+* [MIGHT BREAK THINGS] changes to the way keys are looked up #55
+  Previously, keys that were not explicitly mentioned but already present in
+  the key chain for one of the recipient addresses would have been used
+  silently. This is no longer the case, if the :keys option is given, all
+  necessary keys have to be specified as either key data, key id, fingerprint
+  or GPGME::Key object.
+* fix error when calling encrypt with actual key objects #60
 == 0.3.3 2018-04-01
 * fix broken GpgmeHelper#keys_for_data #59

data/README.md CHANGED

@@ -84,6 +84,13 @@ In theory you only need to specify the key once like that, however doing it
 every time does not hurt as gpg is clever enough to recognize known keys, only
 updating it's db when necessary.
+Note: Mail-Gpg in version 0.4 and up is more strict regarding the keys option:
+if it is present, only key material from there (either given as key data like
+above, or as key id, key fingerprint or `GPGMe::Key` object if they have been
+imported before) will be used. Keys already present in the local keychain for
+any of the recipients that are not explicitly mentioned in the `keys` hash will
+be ignored.
 You may also want to have a look at the [GPGME](https://github.com/ueno/ruby-gpgme) docs and code base for more info on the various options, especially regarding the `passphrase_callback` arguments.

data/Rakefile CHANGED

@@ -53,5 +53,6 @@ Rake::TestTask.new(:test) do |test|
   test.libs << 'test'
   test.test_files = FileList['test/**/*_test.rb']
   test.verbose = true
+  test.warning = false
 end

data/lib/mail/gpg/encrypted_part.rb CHANGED

@@ -11,7 +11,10 @@ module Mail
       # :recipients : array of receiver addresses
       # :keys : A hash mapping recipient email addresses to public keys or public
       # key ids. Imports any keys given here that are not already part of the
-      # local keychain before sending the mail.
+      # local keychain before sending the mail. If this option is given, strictly
+      # only the key material from this hash is used, ignoring any keys for
+      # recipients that might have been added to the local key chain but are
+      # not mentioned here.
       # :always_trust : send encrypted mail to untrusted receivers, true by default
       # :filename : define a custom name for the encrypted file attachment
       def initialize(cleartext_mail, options = {})

data/lib/mail/gpg/gpgme_helper.rb CHANGED

@@ -115,16 +115,31 @@ module Mail
       # normalizes the list of recipients' emails, key ids and key data to a
       # list of Key objects
+      #
+      # if key_data is given, _only_ key material from there is used,
+      # and eventually already imported keys in the keychain are ignored.
       def self.keys_for_data(emails_or_shas_or_keys, key_data = nil)
         if key_data
+          # in this case, emails_or_shas_or_keys is supposed to be the list of
+          # recipients, and key_data the key material to be used.
+          # We now map these to whatever we find in key_data for each of these
+          # addresses.
           [emails_or_shas_or_keys].flatten.map do |r|
-            # import any given keys
             k = key_data[r]
-            if k and k =~ /-----BEGIN PGP/
-              k = GPGME::Key.import(k).imports.map(&:fpr)
-              k = nil if k.size == 0
-            end
-            key_id = k || r
+            key_id = case k
+                     when GPGME::Key
+                       # assuming this is already imported
+                       k.fingerprint
+                     when nil, ''
+                       # nothing
+                       nil
+                     when /-----BEGIN PGP/
+                       # ASCII key data
+                       GPGME::Key.import(k).imports.map(&:fpr)
+                     else
+                       # key id or fingerprint
+                       k
+                     end
             unless key_id.nil? || key_id.empty?
               GPGME::Key.find(:public, key_id, :encrypt)
             end

data/lib/mail/gpg/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Mail
   module Gpg
-    VERSION = "0.3.3"
+    VERSION = "0.4.0"
   end
 end

data/test/gpgme_helper_test.rb CHANGED

@@ -15,6 +15,7 @@ class GpgmeHelperTest < Test::Unit::TestCase
       assert_equal [], Mail::Gpg::GpgmeHelper.send(:keys_for_data, [])
     end
+    # no keys given, assuming they are already in the keychain
     context 'with email address' do
       setup do
         @email = 'jane@foo.bar'
@@ -29,9 +30,10 @@ class GpgmeHelperTest < Test::Unit::TestCase
         assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@email])
         check_key_list keys
       end
     end
+    # this is a use case we do not really need but it works due to the way
+    # Gpgme looks up keys
     context 'with key id' do
       setup do
         @key_id = GPGME::Key.find(:public, 'jane@foo.bar').first.sha
@@ -47,6 +49,8 @@ class GpgmeHelperTest < Test::Unit::TestCase
       end
     end
+    # this is a use case we do not really need but it works due to the way
+    # Gpgme looks up keys
     context 'with key fingerprint' do
       setup do
         @key_fpr = GPGME::Key.find(:public, 'jane@foo.bar').first.fingerprint
@@ -62,17 +66,94 @@ class GpgmeHelperTest < Test::Unit::TestCase
       end
     end
-    context 'with emails and key data' do
+    context 'with email addresses' do
       setup do
-        @key = GPGME::Key.find(:public, 'jane@foo.bar').first.export(armor: true).to_s
+        @key = GPGME::Key.find(:public, 'jane@foo.bar').first
         @emails = ['jane@foo.bar']
-        @key_data = { 'jane@foo.bar' => @key }
       end
-      should 'resolve to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
-        check_key_list keys
+      # probably the most common use case - one or more recipient addresses and a
+      # hash mapping them to public key data that the user pasted into a text
+      # field at some point
+      context 'and key data' do
+        setup do
+          @key = @key.export(armor: true).to_s
+          @key_data = { 'jane@foo.bar' => @key }
+        end
+        should 'resolve to gpg key for single address' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails.first, @key_data)
+          check_key_list keys
+        end
+        should 'resolve to gpg keys' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
+          check_key_list keys
+        end
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], @key_data)
+          assert keys.blank?
+        end
+        should 'ignore invalid key data and not use existing key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['jane@foo.bar'], { 'jane@foo.bar' => "-----BEGIN PGP\ninvalid key data" })
+          assert keys.blank?
+        end
       end
+      context 'and key id or fpr' do
+        setup do
+          @key_id = @key.sha
+          @key_fpr = @key.fingerprint
+          @email = @emails.first
+        end
+        should 'resolve id to gpg key for single address' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails.first, { @email => @key_id })
+          check_key_list keys
+        end
+        should 'resolve id to gpg key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => @key_id })
+          check_key_list keys
+        end
+        should 'resolve fpr to gpg key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => @key_fpr })
+          check_key_list keys
+        end
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], { @email => @key_fpr })
+          assert keys.blank?
+        end
+        should 'ignore invalid key id and not use existing key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => "invalid key id" })
+          assert keys.blank?
+        end
+      end
+      # mapping email addresses to already retrieved key objects or
+      # key fingerprints is also possible.
+      context 'and key object' do
+        setup do
+          @key_data = { 'jane@foo.bar' => @key }
+        end
+        should 'resolve to gpg keys for these addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
+          check_key_list keys
+        end
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], @key_data)
+          assert keys.blank?
+        end
+      end
     end
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mail-gpg
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.4.0
 platform: ruby
 authors:
 - Jens Kraemer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-03-31 00:00:00.000000000 Z
+date: 2018-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
@@ -210,7 +210,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.5
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: GPG/MIME encryption plugin for the Ruby Mail Library