schleuder 4.0.3 → 5.0.0

data/lib/schleuder/mail/gpg/inline_signed_message.rb

@@ -0,0 +1,73 @@
+require 'schleuder/mail/gpg/verified_part'
+
+module Mail
+  module Gpg
+    class InlineSignedMessage < Mail::Message
+
+      def self.setup(signed_mail, options = {})
+        if signed_mail.multipart?
+          self.new do
+            global_verify_result = []
+            signed_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            signed_mail.parts.each do |part|
+              if Mail::Gpg.signed_inline?(part)
+                signed_text = part.body.to_s
+                success, vr = GpgmeHelper.inline_verify(signed_text, options)
+                p = VerifiedPart.new(part)
+                if success
+                  p.body self.class.strip_inline_signature signed_text
+                end
+                p.verify_result vr
+                global_verify_result << vr
+                add_part p
+              else
+                add_part part
+              end
+            end
+            verify_result global_verify_result
+          end
+        else
+          self.new do
+            signed_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            signed_text = signed_mail.body.to_s
+            success, vr = GpgmeHelper.inline_verify(signed_text, options)
+            if success
+              body self.class.strip_inline_signature signed_text
+            else
+              body signed_text
+            end
+            verify_result vr
+          end
+        end
+      end
+
+      END_SIGNED_TEXT = '-----END PGP SIGNED MESSAGE-----'
+      END_SIGNED_TEXT_RE = /^#{END_SIGNED_TEXT}\s*$/
+      INLINE_SIG_RE = Regexp.new('^-----BEGIN PGP SIGNATURE-----\s*$.*^-----END PGP SIGNATURE-----\s*$', Regexp::MULTILINE)
+      BEGIN_SIG_RE = /^(-----BEGIN PGP SIGNATURE-----)\s*$/
+
+
+      # utility method to remove inline signature and related pgp markers
+      def self.strip_inline_signature(signed_text)
+        if signed_text =~ INLINE_SIG_RE
+          signed_text = signed_text.dup
+          if signed_text !~ END_SIGNED_TEXT_RE
+            # insert the 'end of signed text' marker in case it is missing
+            signed_text = signed_text.gsub BEGIN_SIG_RE, "-----END PGP SIGNED MESSAGE-----\n\\1"
+          end
+          signed_text.gsub! INLINE_SIG_RE, ''
+          signed_text.strip!
+        end
+        # Strip possible inline-"headers" (e.g. "Hash: SHA256", or "Comment: something").
+        signed_text.gsub(/(.*^-----BEGIN PGP SIGNED MESSAGE-----\n)(.*?)^$(.+)/m, '\1\3')
+      end
+
+    end
+  end
+end
+
+

data/lib/schleuder/mail/gpg/mime_signed_message.rb

@@ -0,0 +1,28 @@
+require 'schleuder/mail/gpg/verified_part'
+
+module Mail
+  module Gpg
+    class MimeSignedMessage < Mail::Message
+
+      def self.setup(signed_mail, options = {})
+        content_part, signature = signed_mail.parts
+        success, vr = SignPart.verify_signature(content_part, signature, options)
+        self.new do
+          verify_result vr
+          signed_mail.header.fields.each do |field|
+            header[field.name] = field.value
+          end
+          content_part.header.fields.each do |field|
+            header[field.name] = field.value
+          end
+          if content_part.multipart?
+            content_part.parts.each{|part| add_part part}
+          else
+            body content_part.body.raw_source
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/schleuder/mail/gpg/missing_keys_error.rb

@@ -0,0 +1,6 @@
+module Mail
+  module Gpg
+    class MissingKeysError < StandardError
+    end
+  end
+end

data/lib/schleuder/mail/gpg/sign_part.rb

@@ -1,15 +1,26 @@
 module Mail
   module Gpg
     class SignPart < Mail::Part
-      # Copied verbatim from mail-gpg v.0.4.2. This code was changed in
-      # <https://github.com/jkraemer/mail-gpg/commit/5fded41ccee4a58f848a2f8e7bd53d11236f8984>,
-      # which breaks verifying some encapsulated (signed-then-encrypted)
-      # messages. See
-      # <https://github.com/jkraemer/mail-gpg/pull/40#issue-95776382> for
-      # details.
+
+      def initialize(cleartext_mail, options = {})
+        signature = GpgmeHelper.sign(cleartext_mail.encoded, options)
+        super() do
+          body signature.to_s
+          content_type "application/pgp-signature; name=\"signature.asc\""
+          content_disposition 'attachment; filename="signature.asc"'
+          content_description 'OpenPGP digital signature'
+        end
+      end
+
+      # true if all signatures are valid
+      def self.signature_valid?(plain_part, signature_part, options = {})
+        verify_signature(plain_part, signature_part, options)[0]
+      end
+
+      # will return [success(boolean), verify_result(as returned by gpgme)]
       def self.verify_signature(plain_part, signature_part, options = {})
         if !(signature_part.has_content_type? &&
-            ('application/pgp-signature' == signature_part.mime_type))
+             ('application/pgp-signature' == signature_part.mime_type))
           return false
         end
 
@@ -19,7 +30,7 @@ module Mail
           plaintext = [ plain_part.header.raw_source,
                         "\r\n\r\n",
                         plain_part.body.raw_source
-          ].join
+                      ].join
         else
           plaintext = plain_part.encoded
         end
@@ -30,4 +41,3 @@ module Mail
     end
   end
 end
-

data/lib/schleuder/mail/gpg/signed_part.rb

@@ -0,0 +1,37 @@
+require 'mail/part'
+require 'schleuder/mail/gpg/sign_part'
+
+module Mail
+  module Gpg
+
+    class SignedPart < Mail::Part
+
+      def self.build(cleartext_mail)
+        new do
+          if cleartext_mail.body.multipart?
+            if cleartext_mail.content_type =~ /^(multipart[^;]+)/
+              # preserve multipart/alternative etc
+              content_type $1
+            else
+              content_type 'multipart/mixed'
+            end
+            cleartext_mail.body.parts.each do |p|
+              add_part p
+            end
+          else
+            content_type cleartext_mail.content_type
+            body cleartext_mail.body.raw_source
+          end
+        end
+      end
+
+      def sign(options)
+        SignPart.new(self, options)
+      end
+
+
+    end
+
+
+  end
+end

data/lib/schleuder/mail/gpg/verified_part.rb

@@ -0,0 +1,10 @@
+require 'schleuder/mail/gpg/verify_result_attribute'
+
+module Mail
+  module Gpg
+    class VerifiedPart < Mail::Part
+      include VerifyResultAttribute
+    end
+  end
+end
+

data/lib/schleuder/mail/gpg/verify_result_attribute.rb

@@ -0,0 +1,32 @@
+module Mail
+  module Gpg
+    module VerifyResultAttribute
+
+      # the result of signature verification, as provided by GPGME
+      def verify_result(result = nil)
+        if result
+          self.verify_result = result
+        else
+          @verify_result
+        end
+      end
+
+      def verify_result=(result)
+        @verify_result = result
+      end
+
+      # checks validity of signatures (true / false)
+      def signature_valid?
+        sigs = self.signatures
+        sigs.any? && sigs.all?{|s| s.valid?}
+      end
+
+      # list of all signatures from verify_result
+      def signatures
+        [verify_result].flatten.compact.map do |vr|
+          vr.signatures
+        end.flatten.compact
+      end
+    end
+  end
+end

data/lib/schleuder/mail/gpg/version_part.rb

@@ -0,0 +1,22 @@
+require 'mail/part'
+
+module Mail
+  module Gpg
+    class VersionPart < Mail::Part
+      VERSION_1 = 'Version: 1'
+      CONTENT_TYPE = 'application/pgp-encrypted'
+      CONTENT_DESC = 'PGP/MIME Versions Identification'
+    
+      def initialize(*args)
+        super
+        body VERSION_1
+        content_type CONTENT_TYPE
+        content_description CONTENT_DESC
+      end
+      
+      def self.is_version_part?(part)
+        part.mime_type == CONTENT_TYPE && part.body =~ /#{VERSION_1}/
+      end
+    end
+  end
+end

data/lib/schleuder/mail/gpg.rb

@@ -1,15 +1,244 @@
+require 'schleuder/mail/gpg/missing_keys_error'
+require 'schleuder/mail/gpg/version_part'
+require 'schleuder/mail/gpg/decrypted_part'
+require 'schleuder/mail/gpg/encrypted_part'
+require 'schleuder/mail/gpg/inline_decrypted_message'
+require 'schleuder/mail/gpg/gpgme_helper'
+require 'schleuder/mail/gpg/signed_part'
+require 'schleuder/mail/gpg/mime_signed_message'
+require 'schleuder/mail/gpg/inline_signed_message'
+
 module Mail
   module Gpg
-    class << self  
-      alias_method :encrypt_mailgpg, :encrypt
+    BEGIN_PGP_MESSAGE_MARKER = /^-----BEGIN PGP MESSAGE-----/
+    BEGIN_PGP_SIGNED_MESSAGE_MARKER = /^-----BEGIN PGP SIGNED MESSAGE-----/
+
+    # options are:
+    # :sign: sign message using the sender's private key
+    # :sign_as: sign using this key (give the corresponding email address or key fingerprint)
+    # :password: passphrase for the signing key
+    # :keys: A hash mapping recipient email addresses to public keys or public
+    # key ids. Imports any keys given here that are not already part of the
+    # local keychain before sending the mail.
+    # :always_trust: send encrypted mail to untrusted receivers, true by default
+    def self.encrypt(cleartext_mail, options = {})
+      construct_mail(cleartext_mail, options) do
+        receivers = []
+        receivers += cleartext_mail.to if cleartext_mail.to
+        receivers += cleartext_mail.cc if cleartext_mail.cc
+        receivers += cleartext_mail.bcc if cleartext_mail.bcc
+
+        if options[:sign_as]
+          options[:sign] = true
+          options[:signers] = options.delete(:sign_as)
+        elsif options[:sign]
+          options[:signers] = cleartext_mail.from
+        end
+
+        add_part VersionPart.new
+        add_part EncryptedPart.new(cleartext_mail,
+                                   options.merge({recipients: receivers}))
+        content_type "multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=#{boundary}"
+        body.preamble = options[:preamble] || 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)'
 
-      def encrypt(cleartext_mail, options={})
-        encrypted_mail = encrypt_mailgpg(cleartext_mail, options)
         if cleartext_mail.protected_headers_subject
-          encrypted_mail.subject = cleartext_mail.protected_headers_subject
+          subject cleartext_mail.protected_headers_subject
+        end
+      end
+    end
+
+    def self.sign(cleartext_mail, options = {})
+      options[:sign_as] ||= cleartext_mail.from
+      construct_mail(cleartext_mail, options) do
+        to_be_signed = SignedPart.build(cleartext_mail)
+        add_part to_be_signed
+        add_part to_be_signed.sign(options)
+
+        content_type "multipart/signed; micalg=pgp-sha1; protocol=\"application/pgp-signature\"; boundary=#{boundary}"
+        body.preamble = options[:preamble] || 'This is an OpenPGP/MIME signed message (RFC 4880 and 3156)'
+      end
+    end
+
+    # options are:
+    # :verify: decrypt and verify
+    def self.decrypt(encrypted_mail, options = {})
+      if encrypted_mime?(encrypted_mail)
+        decrypt_pgp_mime(encrypted_mail, options)
+      elsif encrypted_inline?(encrypted_mail)
+        decrypt_pgp_inline(encrypted_mail, options)
+      else
+        raise EncodingError.new("Unsupported encryption format '#{encrypted_mail.content_type}'")
+      end
+    end
+
+    def self.signature_valid?(signed_mail, options = {})
+      if signed_mime?(signed_mail)
+        signature_valid_pgp_mime?(signed_mail, options)
+      elsif signed_inline?(signed_mail)
+        signature_valid_inline?(signed_mail, options)
+      else
+        raise EncodingError.new("Unsupported signature format '#{signed_mail.content_type}'")
+      end
+    end
+
+    # true if a mail is encrypted
+    def self.encrypted?(mail)
+      return true if encrypted_mime?(mail)
+      return true if encrypted_inline?(mail)
+      false
+    end
+
+    # true if a mail is signed.
+    #
+    # throws EncodingError if called on an encrypted mail (so only call this method if encrypted? is false)
+    def self.signed?(mail)
+      return true if signed_mime?(mail)
+      return true if signed_inline?(mail)
+      if encrypted?(mail)
+        raise EncodingError.new('Unable to determine signature on an encrypted mail, use :verify option on decrypt()')
+      end
+      false
+    end
+
+    def self.construct_mail(cleartext_mail, options, &block)
+      Mail.new do
+        self.perform_deliveries = cleartext_mail.perform_deliveries
+        Mail::Gpg.copy_headers cleartext_mail, self
+        # necessary?
+        if cleartext_mail.message_id
+          header['Message-ID'] = cleartext_mail['Message-ID'].value
+        end
+        instance_eval &block
+      end
+    end
+
+    # decrypts PGP/MIME (RFC 3156, section 4) encrypted mail
+    def self.decrypt_pgp_mime(encrypted_mail, options)
+      if encrypted_mail.parts.length < 2
+        raise EncodingError.new("RFC 3156 mandates exactly two body parts, found '#{encrypted_mail.parts.length}'")
+      end
+      if !VersionPart.is_version_part? encrypted_mail.parts[0]
+        raise EncodingError.new("RFC 3156 first part not a valid version part '#{encrypted_mail.parts[0]}'")
+      end
+      decrypted = DecryptedPart.new(encrypted_mail.parts[1], options)
+      Mail.new(decrypted.raw_source) do
+        # headers from the encrypted part (set by the initializer above) take
+        # precedence over those from the outer mail.
+        Mail::Gpg.copy_headers encrypted_mail, self, overwrite: false
+        verify_result decrypted.verify_result if options[:verify]
+      end
+    end
+
+    # decrypts inline PGP encrypted mail
+    def self.decrypt_pgp_inline(encrypted_mail, options)
+      InlineDecryptedMessage.setup(encrypted_mail, options)
+    end
+
+    def self.verify(signed_mail, options = {})
+      if signed_mime?(signed_mail)
+        Mail::Gpg::MimeSignedMessage.setup signed_mail, options
+      elsif signed_inline?(signed_mail)
+        Mail::Gpg::InlineSignedMessage.setup signed_mail, options
+      else
+        signed_mail
+      end
+    end
+
+    # check signature for PGP/MIME (RFC 3156, section 5) signed mail
+    def self.signature_valid_pgp_mime?(signed_mail, options)
+      # MUST contain exactly two body parts
+      if signed_mail.parts.length != 2
+        raise EncodingError.new("RFC 3156 mandates exactly two body parts, found '#{signed_mail.parts.length}'")
+      end
+      result, verify_result = SignPart.verify_signature(signed_mail.parts[0], signed_mail.parts[1], options)
+      signed_mail.verify_result = verify_result
+      return result
+    end
+
+    # check signature for inline signed mail
+    def self.signature_valid_inline?(signed_mail, options)
+      result = nil
+      if signed_mail.multipart?
+        signed_mail.parts.each do |part|
+          if signed_inline?(part)
+            if result.nil?
+              result = true
+              signed_mail.verify_result = []
+            end
+            result &= signature_valid_inline?(part, options)
+            signed_mail.verify_result << part.verify_result
+          end
+        end
+      else
+        result, verify_result = GpgmeHelper.inline_verify(signed_mail.body.to_s, options)
+        signed_mail.verify_result = verify_result
+      end
+      return result
+    end
+
+    # copies all header fields from mail in first argument to that given last
+    def self.copy_headers(from, to, overwrite: true)
+      from.header.fields.each do |field|
+        if overwrite || to.header[field.name].nil?
+          to.header[field.name] = field.value
+        end
+      end
+    end
+
+    # check if PGP/MIME encrypted (RFC 3156)
+    def self.encrypted_mime?(mail)
+      mail.has_content_type? &&
+        mail.mime_type == 'multipart/encrypted' &&
+        mail.content_type_parameters[:protocol] == 'application/pgp-encrypted'
+    end
+
+    # check if inline PGP (i.e. if any parts of the mail includes
+    # the PGP MESSAGE marker)
+    def self.encrypted_inline?(mail)
+      begin
+        return true if mail.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER
+      rescue
+      end
+      if mail.multipart?
+        mail.parts.each do |part|
+          begin
+            return true if part.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER
+          rescue
+          end
+          return true if part.has_content_type? &&
+            /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type &&
+            /.*\.(?:pgp|gpg|asc)$/ =~ part.content_type_parameters[:name] &&
+            part.content_type_parameters[:name] != 'signature.asc'
+          # that last condition above prevents false positives in case e.g.
+          # someone forwards a mime signed mail including signature.
+        end
+      end
+      false
+    end
+
+    # check if PGP/MIME signed (RFC 3156)
+    def self.signed_mime?(mail)
+      mail.has_content_type? &&
+        mail.mime_type == 'multipart/signed' &&
+        mail.content_type_parameters[:protocol] == 'application/pgp-signature'
+    end
+
+    # check if inline PGP (i.e. if any parts of the mail includes
+    # the PGP SIGNED marker)
+    def self.signed_inline?(mail)
+      begin
+        return true if mail.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER
+      rescue
+      end
+      if mail.multipart?
+        mail.parts.each do |part|
+          begin
+            return true if part.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER
+          rescue
+          end
         end
-        encrypted_mail
       end
-    end  
+      false
+    end
   end
 end

data/lib/schleuder/mail/message.rb

@@ -1,3 +1,6 @@
+require 'schleuder/mail/gpg/delivery_handler'
+require 'schleuder/mail/gpg/verify_result_attribute'
+
 module Mail
   # creates a Mail::Message likes schleuder
   def self.create_message_to_list(msg, recipient, list)
@@ -13,11 +16,14 @@ module Mail
 
   # TODO: Test if subclassing breaks integration of mail-gpg.
   class Message
+    include Mail::Gpg::VerifyResultAttribute #for Mail::Gpg
+
     attr_accessor :recipient
     attr_accessor :original_message
     attr_accessor :list
     attr_accessor :protected_headers_subject
     attr_writer :dynamic_pseudoheaders
+    attr_accessor :raise_encryption_errors # for Mail::Gpg
 
     # TODO: This should be in initialize(), but I couldn't understand the
     # strange errors about wrong number of arguments when overriding
@@ -154,7 +160,12 @@ module Mail
     def signer
       @signer ||= begin
         if signing_key.present?
-          list.subscriptions.where(fingerprint: signing_key.fingerprint).first
+          # Look for a subscription that matches the sending address, in case
+          # there're multiple subscriptions for the same key. As a fallback use
+          # the first subscription found.
+          sender_email = self.from.to_s.downcase
+          subscriptions = list.subscriptions.where(fingerprint: signing_key.fingerprint)
+          subscriptions.where(email: sender_email).first || subscriptions.first
         end
       end
     end
@@ -436,36 +447,109 @@ module Mail
       true
     end
 
+    # turn on gpg encryption / set gpg options.
+    #
+    # options are:
+    #
+    # encrypt: encrypt the message. defaults to true
+    # sign: also sign the message. false by default
+    # sign_as: UIDs to sign the message with
+    #
+    # See Mail::Gpg methods encrypt and sign for more
+    # possible options
+    #
+    # mail.gpg encrypt: true
+    # mail.gpg encrypt: true, sign: true
+    # mail.gpg encrypt: true, sign_as: "other_address@host.com"
+    #
+    # sign-only mode is also supported:
+    # mail.gpg sign: true
+    # mail.gpg sign_as: 'jane@doe.com'
+    #
+    # To turn off gpg encryption use:
+    # mail.gpg false
+    #
+    def gpg(options = nil)
+      case options
+      when nil
+        @gpg
+      when false
+        @gpg = nil
+        if Mail::Gpg::DeliveryHandler == delivery_handler
+          self.delivery_handler = nil
+        end
+        nil
+      else
+        self.raise_encryption_errors = true if raise_encryption_errors.nil?
+        @gpg = options
+        self.delivery_handler ||= Mail::Gpg::DeliveryHandler
+        nil
+      end
+    end
+
+    # true if this mail is encrypted
+    def encrypted?
+      Mail::Gpg.encrypted?(self)
+    end
+
+    # returns the decrypted mail object.
+    #
+    # pass verify: true to verify signatures as well. The gpgme verification
+    # result will be available via decrypted_mail.verify_result
+    def decrypt(options = {})
+      Mail::Gpg.decrypt(self, options)
+    end
+
+    # true if this mail is signed (but not encrypted)
+    def signed?
+      Mail::Gpg.signed?(self)
+    end
+
+    # verify signatures. returns a new mail object with signatures removed and
+    # populated verify_result.
+    #
+    # verified = signed_mail.verify()
+    # verified.signature_valid?
+    # signers = mail.signatures.map{|sig| sig.from}
+    #
+    # use import_missing_keys: true in order to try to fetch and import
+    # unknown keys for signature validation
+    def verify(options = {})
+      Mail::Gpg.verify(self, options)
+    end
+
+    def repeat_validation!
+      new = self.original_message.dup.setup
+      self.verify_result = new.verify_result
+      @signatures = new.signatures
+      dynamic_pseudoheaders << new.dynamic_pseudoheaders
+    end
+
     private
 
 
     def extract_keywords(content_lines)
       keywords = []
       in_keyword_block = false
-      found_blank_line = false
       content_lines.each_with_index do |line, i|
-        if match = line.match(/^x-([^:\s]*)[:\s]*(.*)/i)
+        if line.blank?
+          # Swallow the line: before the actual content or keywords block begins we want to drop blank lines.
+          content_lines[i] = nil
+          # Stop interpreting the following line as argument to the previous keyword.
+          in_keyword_block = false
+        elsif match = line.match(/^x-([^:\s]*)[:\s]*(.*)/i)
           keyword = match[1].strip.downcase
           arguments = match[2].to_s.strip.downcase.split(/[,; ]{1,}/)
           keywords << [keyword, arguments]
           in_keyword_block = true
-
           # Set this line to nil to have it stripped from the message.
           content_lines[i] = nil
-        elsif line.blank? && keywords.any?
-          # Look for blank lines after the first keyword had been found.
-          # These might mark the end of the keywords-block — unless more keywords follow.
-          found_blank_line = true
-          # Swallow the line: before the actual content begins we want to drop blank lines.
-          content_lines[i] = nil
-          # Stop interpreting the following line as argument to the previous keyword.
-          in_keyword_block = false
         elsif in_keyword_block == true
           # Interpret line as arguments to the previous keyword.
           keywords[-1][-1] += line.downcase.strip.split(/[,; ]{1,}/)
           content_lines[i] = nil
-        elsif found_blank_line
-          # Any line that isn't blank and does not start with "x-" stops the keyword parsing.
+        else
+          # Any other line stops the keyword parsing.
           break
         end
       end

data/lib/schleuder/sks_client.rb

@@ -0,0 +1,18 @@
+module Schleuder
+  class SksClient < Http
+    SKS_PATH = '/pks/lookup?&exact=on&op=get&options=mr&search=SEARCH_ARG'
+
+    class << self
+      def get(input)
+        super(url(input))
+      end
+
+      private
+
+      def url(input)
+        arg = CGI.escape(input.gsub(/\s/, ''))
+        Conf.sks_keyserver + SKS_PATH.gsub('SEARCH_ARG', arg)
+      end
+    end
+  end
+end