andre/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init III

Browse Source
This commit is contained in:
Andre Geißler
2024-10-14 00:08:40 +02:00
parent dbfba56f66
commit 1462d52e13
4572 changed files with 2658864 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

625
Perl OTRS/Kernel/Output/HTML/ArticleCompose/Crypt.pm Normal file
View File

@@ -0,0 +1,625 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::Output::HTML::ArticleCompose::Crypt;
use parent 'Kernel::Output::HTML::Base';
use strict;
use warnings;
use Mail::Address;
use Kernel::Language qw(Translatable);
use Kernel::System::VariableCheck qw(:all);
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::Crypt::PGP',
'Kernel::System::Crypt::SMIME',
'Kernel::Output::HTML::Layout',
);
sub Option {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled.
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
return ('CryptKeyID');
}
sub Run {
my ( $Self, %Param ) = @_;
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
# Check if PGP and SMIME are disabled.
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
my %KeyList = $Self->Data(%Param);
# Recipients with unique public keys won't be displayed in the selection
my $UniqueEncryptKeyIDsToRemove = $Self->_GetUniqueEncryptKeyIDsToRemove(%Param);
my @ExpiredIdentifiers;
my @RevokedIdentifiers;
my $InvalidMessage = '';
my $Class = '';
if ( IsArrayRefWithData($UniqueEncryptKeyIDsToRemove) ) {
UNIQUEKEY:
for my $UniqueEncryptKeyIDToRemove ( @{$UniqueEncryptKeyIDsToRemove} ) {
next UNIQUEKEY if !defined $KeyList{$UniqueEncryptKeyIDToRemove};
if ( $KeyList{$UniqueEncryptKeyIDToRemove} =~ m/WARNING: EXPIRED KEY/ ) {
my ( $Type, $Key, $Identifier ) = split /::/, $UniqueEncryptKeyIDToRemove;
push @ExpiredIdentifiers, $Identifier;
}
if ( $KeyList{$UniqueEncryptKeyIDToRemove} =~ m/WARNING: REVOKED KEY/ ) {
my ( $Type, $Key, $Identifier ) = split /::/, $UniqueEncryptKeyIDToRemove;
push @RevokedIdentifiers, $Identifier;
}
delete $KeyList{$UniqueEncryptKeyIDToRemove};
}
}
# Find recipient list.
my $Recipient = '';
for (qw(To Cc Bcc)) {
if ( $Param{$_} ) {
$Recipient .= ', ' . $Param{$_};
}
}
my @SearchAddress = ();
if ($Recipient) {
@SearchAddress = Mail::Address->parse($Recipient);
}
if (
!IsArrayRefWithData( $Param{CryptKeyID} )
|| ( $Param{ExpandCustomerName} && $Param{ExpandCustomerName} == 3 )
)
{
$Param{CryptKeyID} = $Self->_PickEncryptKeyIDs(%Param);
}
# Check if all recipients have at least a key selected
if (
$Param{StoreNew}
&& $Param{EmailSecurityOptions}
&& $Param{EmailSecurityOptions} =~ m{Encrypt}msxi
)
{
my $CheckSuccess = $Self->_CheckRecipient(%Param);
if ( !$CheckSuccess ) {
if ( IsArrayRefWithData( $Self->{MissingKeys} ) ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"There are no encryption keys available for the addresses: '%s'. ",
join ', ', @{ $Self->{MissingKeys} }
);
}
if ( IsArrayRefWithData( $Self->{MissingSelectedKey} ) ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"There are no selected encryption keys for the addresses: '%s'. ",
join ', ', @{ $Self->{MissingSelectedKey} }
);
}
$Self->{Error}->{EncryptMissingKey} = 1;
$Class .= ' ServerError';
}
}
# Check if selected encryption keys are expired.
if (
IsArrayRefWithData( $Param{CryptKeyID} )
&& !IsArrayRefWithData( \@ExpiredIdentifiers )
&& !IsArrayRefWithData( \@RevokedIdentifiers )
)
{
ENCRYPTKEYID:
for my $EncryptKey ( @{ $Param{CryptKeyID} } ) {
my ( $Type, $Key, $Identifier ) = split /::/, $EncryptKey;
next ENCRYPTKEYID if !defined $KeyList{$EncryptKey};
if ( $KeyList{$EncryptKey} =~ m/WARNING: EXPIRED KEY/ ) {
push @ExpiredIdentifiers, $Identifier;
}
if ( $KeyList{$EncryptKey} =~ m/WARNING: REVOKED KEY/ ) {
push @RevokedIdentifiers, $Identifier;
}
}
}
if ( IsArrayRefWithData( \@ExpiredIdentifiers ) ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"Cannot use expired encryption keys for the addresses: '%s'. ",
join ', ', @ExpiredIdentifiers
);
$Self->{Error}->{ExpiredKey} = 1;
$Class .= ' ServerError';
}
if ( IsArrayRefWithData( \@RevokedIdentifiers ) ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"Cannot use revoked encryption keys for the addresses: '%s'. ",
join ', ', @RevokedIdentifiers
);
$Self->{Error}->{ExpiredKey} = 1;
$Class .= ' ServerError';
}
# Add encrypt options.
my $List = $LayoutObject->BuildSelection(
Data => \%KeyList,
Name => 'CryptKeyID',
SelectedID => $Param{CryptKeyID} || '',
Class => "$Class Modernize",
Max => 150,
Multiple => 1,
PossibleNone => 1.
);
$LayoutObject->Block(
Name => 'Option',
Data => {
Name => 'CryptKeyID',
Key => Translatable('Encrypt'),
Value => $List,
Invalid => $InvalidMessage,
FieldExplanation => Translatable(
'Keys/certificates will only be shown for recipients with more than one key/certificate. The first found key/certificate will be pre-selected. Please make sure to select the correct one.'
),
},
);
return;
}
sub Data {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP or SMIME is disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
# Find recipient list.
my $Recipient = '';
for (qw(To Cc Bcc)) {
if ( $Param{$_} ) {
$Recipient .= ', ' . $Param{$_};
}
}
my @SearchAddress = ();
if ($Recipient) {
@SearchAddress = Mail::Address->parse($Recipient);
}
# Generate key list.
my %KeyList;
return %KeyList if !@SearchAddress;
return %KeyList if !$Param{EmailSecurityOptions};
# Get email security options.
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
return %KeyList if !$Backend;
return %KeyList if !$Encrypt;
return %KeyList if $Encrypt ne 'Encrypt';
# Check PGP backend.
if ( $Backend eq 'PGP' ) {
my $PGPObject = $Kernel::OM->Get('Kernel::System::Crypt::PGP');
return %KeyList if !$PGPObject;
# Get PGP method (Detached or In-line).
my $PGPMethod = $ConfigObject->Get('PGP::Method') || 'Detached';
# For PGP In-line Rich-text editor needs to be disabled.
if (
$PGPMethod eq 'Detached'
|| ( $PGPMethod eq 'Inline' && !$Kernel::OM->Get('Kernel::Output::HTML::Layout')->{BrowserRichText} )
)
{
for my $SearchAddress (@SearchAddress) {
my @PublicKeys = $PGPObject->PublicKeySearch(
Search => $SearchAddress->address(),
);
for my $DataRef (@PublicKeys) {
my $Expires = '';
if ( $DataRef->{Expires} ) {
$Expires = "[$DataRef->{Expires}]";
}
my $Status = '[' . $DataRef->{Status} . ']';
if ( $DataRef->{Status} eq 'expired' ) {
$Status = '[WARNING: EXPIRED KEY]';
}
elsif ( $DataRef->{Status} eq 'revoked' ) {
$Status = '[WARNING: REVOKED KEY]';
}
$KeyList{"PGP::$DataRef->{Key}::$DataRef->{Identifier}"}
= "PGP: $Status $DataRef->{Key} $Expires $DataRef->{Identifier}";
}
}
}
}
# Check SMIME backend.
elsif ( $Backend eq 'SMIME' ) {
my $SMIMEObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
return %KeyList if !$SMIMEObject;
for my $SearchAddress (@SearchAddress) {
my @PublicKeys = $SMIMEObject->CertificateSearch(
Search => $SearchAddress->address(),
);
for my $DataRef (@PublicKeys) {
my $Expired = '';
my $EndDate = ( defined $DataRef->{EndDate} ) ? "[$DataRef->{EndDate}]" : '';
if ( defined $DataRef->{EndDate} && $SMIMEObject->KeyExpiredCheck( EndDate => $DataRef->{EndDate} ) ) {
$Expired = ' [WARNING: EXPIRED KEY]';
}
$KeyList{"SMIME::$DataRef->{Filename}::$DataRef->{Email}"}
= "SMIME:$Expired $DataRef->{Filename} $EndDate $DataRef->{Email}";
}
}
}
return %KeyList;
}
sub ArticleOption {
my ( $Self, %Param ) = @_;
if ( IsArrayRefWithData( $Param{CryptKeyID} ) ) {
my @Keys;
for my $EncryptKey ( @{ $Param{CryptKeyID} } ) {
my ( $Type, $Key ) = split /::/, $EncryptKey;
push @Keys, $Key;
}
$Param{EmailSecurity}->{EncryptKeys} = \@Keys;
return (
EmailSecurity => $Param{EmailSecurity},
);
}
return;
}
sub GetParamAJAX {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
return (
CryptKeyID => $Self->_PickEncryptKeyIDs(%Param),
);
}
sub Error {
my ( $Self, %Param ) = @_;
if ( $Self->{Error} ) {
return %{ $Self->{Error} };
}
return;
}
sub _CheckRecipient {
my ( $Self, %Param ) = @_;
# Get email security options.
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
# Stop checking if no backed was selected.
return 1 if !$Backend;
return 1 if $Encrypt ne 'Encrypt';
# Get encrypt object.
my $EncryptObject = $Kernel::OM->Get("Kernel::System::Crypt::$Backend");
# Return error if encrypt object could not be created.
return 0 if !$EncryptObject;
# Create a selected encryption keys lookup table
my %SelectedEncryptKeyIDs = map { $_ => 1 } @{ $Param{CryptKeyID} };
# Recipients with unique public keys aren't part of the selection so add them manually
my $UniqueEncryptKeyIDsToRemove = $Self->_GetUniqueEncryptKeyIDsToRemove(%Param);
if ( IsArrayRefWithData($UniqueEncryptKeyIDsToRemove) ) {
for my $UniqueEncryptKeyIDToRemove ( @{$UniqueEncryptKeyIDsToRemove} ) {
$SelectedEncryptKeyIDs{$UniqueEncryptKeyIDToRemove} = 1;
}
}
my $MissingSelectedKeyFlag;
my $MissingKeysFlag;
# Check each recipient type.
RECIPIENTTYPE:
for my $RecipientType (qw(To Cc Bcc)) {
# Get all addresses for each recipient type.
my @SearchAddress;
if ( $Param{$RecipientType} ) {
@SearchAddress = Mail::Address->parse( $Param{$RecipientType} );
}
# Get all certificates/public keys for each address.
ADDRESS:
for my $Address (@SearchAddress) {
my $EmailAddress = $Address->address();
my @PublicKeys;
if ( $Backend eq 'PGP' ) {
@PublicKeys = $EncryptObject->PublicKeySearch(
Search => $EmailAddress,
);
}
else {
@PublicKeys = $EncryptObject->CertificateSearch(
Search => $EmailAddress,
);
}
# Remember addresses with no encryption keys available
if ( !@PublicKeys ) {
push @{ $Self->{MissingKeys} }, $EmailAddress;
$MissingKeysFlag = 1;
next ADDRESS;
}
$MissingSelectedKeyFlag = 1;
PUBLICKEY:
for my $PublicKey (@PublicKeys) {
my $EncryptKeyID;
if ( $Backend eq 'PGP' ) {
$EncryptKeyID = "PGP::$PublicKey->{Key}::$PublicKey->{Identifier}";
}
else {
$EncryptKeyID = "SMIME::$PublicKey->{Filename}::$PublicKey->{Email}";
}
# If this key is selected everything is fine, remove missing key flag and check next
# address.
if ( $SelectedEncryptKeyIDs{$EncryptKeyID} ) {
$MissingSelectedKeyFlag = 0;
next ADDRESS;
}
}
push @{ $Self->{MissingSelectedKey} }, $EmailAddress;
}
}
# Return error if there was no encryption keys available for an email address.
return if $MissingKeysFlag;
# Return error if there was no selected key for an email address.
return if $MissingSelectedKeyFlag;
# Otherwise return success
return 1;
}
sub _PickEncryptKeyIDs {
my ( $Self, %Param ) = @_;
# Get the list of keys for the current backend.
my %KeyList = $Self->Data(%Param);
# Return nothing if there are no possible encrypt keys;
return [] if !%KeyList;
my %SelectedEncryptKeyIDs;
# Check if encryption keys are still valid for the selected backend, otherwise remove them.
ENCRYPTKEYID:
for my $EncryptKeyID ( @{ $Param{CryptKeyID} } ) {
next ENCRYPTKEYID if !$EncryptKeyID;
next ENCRYPTKEYID if !$KeyList{$EncryptKeyID};
next ENCRYPTKEYID if $KeyList{$EncryptKeyID} =~ m/WARNING: EXPIRED KEY/;
next ENCRYPTKEYID if $KeyList{$EncryptKeyID} =~ m/WARNING: REVOKED KEY/;
$SelectedEncryptKeyIDs{$EncryptKeyID} = 1;
}
# Return nothing if there are no security options.
return [] if !defined $Param{EmailSecurityOptions};
# Get email security options.
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
# Return nothing if Backend is not present.
return [] if !$Backend;
# Get encrypt object.
my $EncryptObject = $Kernel::OM->Get("Kernel::System::Crypt::$Backend");
# Return nothing if encrypt object was not created
return [] if !$EncryptObject;
# Check each recipient type.
for my $RecipientType (qw(To Cc Bcc)) {
# Get all addresses for each recipient type.
my @SearchAddress;
if ( $Param{$RecipientType} ) {
@SearchAddress = Mail::Address->parse( $Param{$RecipientType} );
}
ADDRESS:
for my $Address (@SearchAddress) {
my @PublicKeys;
if ( $Backend eq 'PGP' ) {
@PublicKeys = $EncryptObject->PublicKeySearch(
Search => $Address->address(),
);
}
else {
@PublicKeys = $EncryptObject->CertificateSearch(
Search => $Address->address(),
Valid => 1,
);
}
# If there are no public keys for this recipient, do nothing and check the next one.
next ADDRESS if !@PublicKeys;
my @EncryptKeyIDs;
# Check / store all keys.
PUBLICKEY:
for my $PublicKey (@PublicKeys) {
my $EncryptKeyID;
if ( $Backend eq 'PGP' ) {
$EncryptKeyID = "PGP::$PublicKey->{Key}::$PublicKey->{Identifier}";
}
else {
$EncryptKeyID = "SMIME::$PublicKey->{Filename}::$PublicKey->{Email}";
}
# Do nothing if key is already selected, check next address.
next ADDRESS if $SelectedEncryptKeyIDs{$EncryptKeyID};
# Add key to possible encryption keys
push @EncryptKeyIDs, $EncryptKeyID;
}
for my $EncryptKeyID (@EncryptKeyIDs) {
# Select the first key and check the next address.
$SelectedEncryptKeyIDs{$EncryptKeyID} = 1;
next ADDRESS;
}
}
}
my @EncryptKeyIDs = sort keys %SelectedEncryptKeyIDs;
return \@EncryptKeyIDs;
}
sub GetOptionsToRemoveAJAX {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
my $OptionsToRemove = $Self->_GetUniqueEncryptKeyIDsToRemove(%Param);
return if !IsArrayRefWithData($OptionsToRemove);
return @{$OptionsToRemove};
}
sub _GetUniqueEncryptKeyIDsToRemove {
my ( $Self, %Param ) = @_;
# Get the list of keys for the current backend.
my %KeyList = $Self->Data(%Param);
# Return nothing if there are no possible encrypt keys;
return if !%KeyList;
# Return nothing if there are no security options.
return if !defined $Param{EmailSecurityOptions};
# Get email security options.
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
return if !$Backend;
return if !$Encrypt || $Encrypt ne 'Encrypt';
# Get encrypt object.
my $EncryptObject = $Kernel::OM->Get("Kernel::System::Crypt::$Backend");
# Return nothing if encrypt object was not created
return if !$EncryptObject;
my %UniqueEncryptKeyIDsToRemove;
# Check each recipient type.
for my $RecipientType (qw(To Cc Bcc)) {
# Get all addresses for each recipient type.
my @SearchAddress;
if ( $Param{$RecipientType} ) {
@SearchAddress = Mail::Address->parse( $Param{$RecipientType} );
}
ADDRESS:
for my $Address (@SearchAddress) {
my @PublicKeys;
if ( $Backend eq 'PGP' ) {
@PublicKeys = $EncryptObject->PublicKeySearch(
Search => $Address->address(),
);
}
else {
@PublicKeys = $EncryptObject->CertificateSearch(
Search => $Address->address(),
);
}
# Only unique public keys will be removed, so skip to next address if there
# is not exactly one public key
next ADDRESS if @PublicKeys != 1;
my $PublicKey = shift @PublicKeys;
my $EncryptKeyID;
if ( $Backend eq 'PGP' ) {
$EncryptKeyID = "PGP::$PublicKey->{Key}::$PublicKey->{Identifier}";
}
else {
$EncryptKeyID = "SMIME::$PublicKey->{Filename}::$PublicKey->{Email}";
}
$UniqueEncryptKeyIDsToRemove{$EncryptKeyID} = 1;
}
}
my @UniqueEncryptKeyIDsToRemove = sort keys %UniqueEncryptKeyIDsToRemove;
return \@UniqueEncryptKeyIDsToRemove;
}
1;

218
Perl OTRS/Kernel/Output/HTML/ArticleCompose/Security.pm Normal file
View File

@@ -0,0 +1,218 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::Output::HTML::ArticleCompose::Security;
use parent 'Kernel::Output::HTML::Base';
use strict;
use warnings;
use Mail::Address;
use Kernel::Language qw(Translatable);
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::Crypt::PGP',
'Kernel::System::Crypt::SMIME',
'Kernel::System::Queue',
'Kernel::Output::HTML::Layout',
);
sub Option {
my ( $Self, %Param ) = @_;
# Get config object
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
return ('EmailSecurityOptions');
}
sub Run {
my ( $Self, %Param ) = @_;
# Get config object
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
my %OptionsList = $Self->Data(%Param);
if ( !$Param{EmailSecurityOptions} && $Param{QueueID} ) {
# Get default signing key from queue data.
my %Queue = $Kernel::OM->Get('Kernel::System::Queue')->QueueGet( ID => $Param{QueueID} );
# Check if queue has a default signature, in such case check its backend and preselect
# email signing security option.
if ( $Queue{DefaultSignKey} && $Queue{DefaultSignKey} =~ m{\A SMIME}msxi ) {
$Param{EmailSecurityOptions} = 'SMIME::Sign::-';
}
elsif ( $Queue{DefaultSignKey} && $Queue{DefaultSignKey} =~ m{\A PGP}msxi ) {
$Param{EmailSecurityOptions} = 'PGP::Sign::-';
}
}
# get layout object
my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
# add crypt options
my $List = $LayoutObject->BuildSelection(
Data => \%OptionsList,
Name => 'EmailSecurityOptions',
SelectedID => $Param{EmailSecurityOptions},
Class => "Modernize",
PossibleNone => 1,
Sort => 'AlphanumericValue',
Translation => 0,
);
$LayoutObject->Block(
Name => 'Option',
Data => {
Name => 'EmailSecurityOptions',
Key => Translatable('Email security'),
Value => $List,
Invalid => '',
},
);
$LayoutObject->AddJSData(
Key => 'ArticleComposeOptions.EmailSecurityOptions',
Value => {
Name => 'EmailSecurityOptions',
Fields => [ 'SignKeyID', 'CryptKeyID' ],
},
);
# Normal return if no EmailSecurityOptions was set.
return if !$Param{EmailSecurityOptions};
# Return EmailSecurityOptions to cascade into other ArticleCompose modules.
return $Param{EmailSecurityOptions};
}
sub Data {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP AND SMIME are disabled
my $PGPEnabled = $ConfigObject->Get('PGP');
my $SMIMEEnabled = $ConfigObject->Get('SMIME');
return if !$PGPEnabled && !$SMIMEEnabled;
# Generate options list
my %OptionsList;
if ($PGPEnabled) {
my $PGPObject = $Kernel::OM->Get('Kernel::System::Crypt::PGP');
# Get PGP method (Detached or In-line).
my $PGPMethod = $ConfigObject->Get('PGP::Method') || 'Detached';
if (
$PGPObject
&& (
$PGPMethod eq 'Detached'
|| ( $PGPMethod eq 'Inline' && !$Kernel::OM->Get('Kernel::Output::HTML::Layout')->{BrowserRichText} )
)
)
{
$OptionsList{'PGP::Sign::-'} = Translatable('PGP sign');
$OptionsList{'PGP::Sign::Encrypt'} = Translatable('PGP sign and encrypt');
$OptionsList{'PGP::-::Encrypt'} = Translatable('PGP encrypt');
}
}
if ($SMIMEEnabled) {
my $SMIMEObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
if ($SMIMEObject) {
$OptionsList{'SMIME::Sign::-'} = Translatable('SMIME sign');
$OptionsList{'SMIME::Sign::Encrypt'} = Translatable('SMIME sign and encrypt');
$OptionsList{'SMIME::-::Encrypt'} = Translatable('SMIME encrypt');
}
}
return %OptionsList;
}
sub ArticleOption {
my ( $Self, %Param ) = @_;
if ( $Param{EmailSecurityOptions} ) {
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
my $Method = 'Detached';
if ( $Backend eq 'PGP' ) {
$Method = $Kernel::OM->Get('Kernel::Config')->Get('PGP::Method') || 'Detached';
}
return (
EmailSecurity => {
Backend => $Backend,
Method => $Method,
},
);
}
return;
}
sub GetParamAJAX {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
return if !$Param{QueueID};
my $EmailSecurityOptions = $Param{EmailSecurityOptions} || '';
# Get default signing key from queue data.
my %Queue = $Kernel::OM->Get('Kernel::System::Queue')->QueueGet( ID => $Param{QueueID} );
if ( !$Queue{DefaultSignKey} || $EmailSecurityOptions ) {
return (
EmailSecurityOptions => $EmailSecurityOptions,
);
}
# Check if queue has a default signature, in such case check its backend and preselect
# email signing security option.
if ( $Queue{DefaultSignKey} =~ m{\A SMIME}msxi ) {
$EmailSecurityOptions = 'SMIME::Sign::-';
}
elsif ( $Queue{DefaultSignKey} =~ m{\A PGP}msxi ) {
$EmailSecurityOptions = 'PGP::Sign::-';
}
return (
EmailSecurityOptions => $EmailSecurityOptions,
);
}
sub Error {
my ( $Self, %Param ) = @_;
if ( $Self->{Error} ) {
return %{ $Self->{Error} };
}
return;
}
1;

555
Perl OTRS/Kernel/Output/HTML/ArticleCompose/Sign.pm Normal file
View File

@@ -0,0 +1,555 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::Output::HTML::ArticleCompose::Sign;
use parent 'Kernel::Output::HTML::Base';
use strict;
use warnings;
use Mail::Address;
use Kernel::Language qw(Translatable);
use Kernel::System::VariableCheck qw(:all);
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::Crypt::PGP',
'Kernel::System::Crypt::SMIME',
'Kernel::Output::HTML::Layout',
'Kernel::System::Queue',
);
sub Option {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled.
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
return ('SignKeyID');
}
sub Run {
my ( $Self, %Param ) = @_;
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
# Check if PGP and SMIME are disabled.
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
my %KeyList = $Self->Data(%Param);
# Sender with unique key won't be displayed in the selection
my $UniqueSignKeyIDsToRemove = $Self->_GetUniqueSignKeyIDsToRemove(%Param);
my $InvalidMessage = '';
my $Class = '';
if ( IsArrayRefWithData($UniqueSignKeyIDsToRemove) ) {
UNIQUEKEY:
for my $UniqueSignKeyIDToRemove ( @{$UniqueSignKeyIDsToRemove} ) {
next UNIQUEKEY if !defined $KeyList{$UniqueSignKeyIDToRemove};
if ( $KeyList{$UniqueSignKeyIDToRemove} =~ m/WARNING: EXPIRED KEY].*\] (.*)/ ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"Cannot use expired signing key: '%s'. ", $1
);
$Self->{Error}->{InvalidKey} = 1;
$Class .= ' ServerError';
}
elsif ( $KeyList{$UniqueSignKeyIDToRemove} =~ m/WARNING: REVOKED KEY].*\] (.*)/ ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"Cannot use revoked signing key: '%s'. ", $1
);
$Self->{Error}->{InvalidKey} = 1;
$Class .= ' ServerError';
}
delete $KeyList{$UniqueSignKeyIDToRemove};
}
}
# Add signing options.
if (
!defined $Param{SignKeyID}
|| ( $Param{ExpandCustomerName} && $Param{ExpandCustomerName} == 3 )
)
{
# Get default signing key from the queue (if apply) or any other key from queue system
# address that fits.
if ( $Param{QueueID} ) {
$Param{SignKeyID} = $Self->_PickSignKeyID(%Param) || '';
}
}
if (
$Param{StoreNew}
&& $Param{EmailSecurityOptions}
&& $Param{EmailSecurityOptions} =~ m{Sign}msxi
)
{
my $CheckSuccess = $Self->_CheckSender(%Param);
if ( !$CheckSuccess ) {
if ( IsArrayRefWithData( $Self->{MissingKeys} ) ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"There are no signing keys available for the addresses '%s'.",
join ', ', @{ $Self->{MissingKeys} }
);
}
if ( IsArrayRefWithData( $Self->{MissingSelectedKey} ) ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"There are no selected signing keys for the addresses '%s'.",
join ', ', @{ $Self->{MissingSelectedKey} }
);
}
$Self->{Error}->{SignMissingKey} = 1;
$Class .= ' ServerError';
}
}
# Check if selected signing keys are expired.
if ( defined $Param{SignKeyID} && defined $KeyList{ $Param{SignKeyID} } && !$Self->{Error}->{InvalidKey} ) {
if ( $KeyList{ $Param{SignKeyID} } =~ m/WARNING: EXPIRED KEY].*] (.*)/ ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"Cannot use expired signing key: '%s'. ",
join ', ', $1
);
$Self->{Error}->{InvalidKey} = 1;
$Class .= ' ServerError';
}
elsif ( $KeyList{ $Param{SignKeyID} } =~ m/WARNING: REVOKED KEY].*\] (.*)/ ) {
$InvalidMessage .= $LayoutObject->{LanguageObject}->Translate(
"Cannot use revoked signing key: '%s'. ", $1
);
$Self->{Error}->{InvalidKey} = 1;
$Class .= ' ServerError';
}
}
my $List = $LayoutObject->BuildSelection(
Data => \%KeyList,
Name => 'SignKeyID',
SelectedID => $Param{SignKeyID},
Class => "$Class Modernize",
PossibleNone => 1,
);
$LayoutObject->Block(
Name => 'Option',
Data => {
Name => 'SignKeyID',
Key => Translatable('Sign'),
Value => $List,
Invalid => $InvalidMessage,
FieldExplanation => Translatable(
'Keys/certificates will only be shown for a sender with more than one key/certificate. The first found key/certificate will be pre-selected. Please make sure to select the correct one.'
),
},
);
return;
}
sub Data {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
# generate key list
my %KeyList;
return %KeyList if !$Param{From};
my @SearchAddress = Mail::Address->parse( $Param{From} );
return %KeyList if !$Param{EmailSecurityOptions};
# Get email security options.
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
return %KeyList if !$Backend;
return %KeyList if !$Sign;
return %KeyList if $Sign ne 'Sign';
# check PGP backend
if ( $Backend eq 'PGP' ) {
my $PGPObject = $Kernel::OM->Get('Kernel::System::Crypt::PGP');
return %KeyList if !$PGPObject;
# Get PGP method (Detached or In-line).
my $PGPMethod = $ConfigObject->Get('PGP::Method') || 'Detached';
if (
$PGPMethod eq 'Detached'
|| ( $PGPMethod eq 'Inline' && !$Kernel::OM->Get('Kernel::Output::HTML::Layout')->{BrowserRichText} )
)
{
my @PrivateKeys = $PGPObject->PrivateKeySearch(
Search => $SearchAddress[0]->address(),
);
for my $DataRef (@PrivateKeys) {
my $Expires = '';
if ( $DataRef->{Expires} ) {
$Expires = "[$DataRef->{Expires}]";
}
my $Status = '[' . $DataRef->{Status} . ']';
if ( $DataRef->{Status} eq 'expired' ) {
$Status = '[WARNING: EXPIRED KEY]';
}
elsif ( $DataRef->{Status} eq 'revoked' ) {
$Status = '[WARNING: REVOKED KEY]';
}
$KeyList{"PGP::$DataRef->{Key}"} = "PGP: $Status $DataRef->{Key} $Expires $DataRef->{Identifier}";
}
}
}
# Check SMIME backend.
elsif ( $Backend eq 'SMIME' ) {
my $SMIMEObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
return %KeyList if !$SMIMEObject;
my @PrivateKeys = $SMIMEObject->PrivateSearch(
Search => $SearchAddress[0]->address(),
);
for my $DataRef (@PrivateKeys) {
my $Expired = '';
my $EndDate = ( defined $DataRef->{EndDate} ) ? "[$DataRef->{EndDate}]" : '';
if ( defined $DataRef->{EndDate} && $SMIMEObject->KeyExpiredCheck( EndDate => $DataRef->{EndDate} ) ) {
$Expired = ' [WARNING: EXPIRED KEY]';
}
$KeyList{"SMIME::$DataRef->{Filename}"} = "SMIME:$Expired $DataRef->{Filename} $EndDate $DataRef->{Email}";
}
}
return %KeyList;
}
sub ArticleOption {
my ( $Self, %Param ) = @_;
if ( $Param{SignKeyID} ) {
my ( $Type, $Key ) = split /::/, $Param{SignKeyID};
$Param{EmailSecurity}->{SignKey} = $Key;
return (
EmailSecurity => $Param{EmailSecurity},
);
}
return;
}
sub GetParamAJAX {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
return if !$Param{QueueID} && !$Param{From};
return (
SignKeyID => $Self->_PickSignKeyID(%Param) || '',
);
}
sub Error {
my ( $Self, %Param ) = @_;
if ( $Self->{Error} ) {
return %{ $Self->{Error} };
}
return;
}
sub _CheckSender {
my ( $Self, %Param ) = @_;
# Get email security options.
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
# Stop checking if no backed was selected.
return 1 if !$Backend;
return 1 if $Sign ne 'Sign';
# Get encrypt object.
my $EncryptObject = $Kernel::OM->Get("Kernel::System::Crypt::$Backend");
# Return error if encrypt object could not be created.
return 0 if !$EncryptObject;
# Create a selected sign keys lookup table
my %SelectedSignKeyIDs = (
$Param{SignKeyID} => 1,
);
# Sender with unique key isn't part of the selection so add it manually
my $UniqueSignKeyIDsToRemove = $Self->_GetUniqueSignKeyIDsToRemove(%Param);
if ( IsArrayRefWithData($UniqueSignKeyIDsToRemove) ) {
for my $UniqueSignKeyIDToRemove ( @{$UniqueSignKeyIDsToRemove} ) {
$SelectedSignKeyIDs{$UniqueSignKeyIDToRemove} = 1;
}
}
my $MissingSelectedKeyFlag;
my $MissingKeysFlag;
my @SearchAddress = Mail::Address->parse( $Param{From} );
ADDRESS:
for my $Address (@SearchAddress) {
my $EmailAddress = $Address->address();
my @PrivateKeys;
if ( $Backend eq 'PGP' ) {
@PrivateKeys = $EncryptObject->PrivateKeySearch(
Search => $EmailAddress,
);
}
else {
@PrivateKeys = $EncryptObject->PrivateSearch(
Search => $EmailAddress,
);
}
# Remember addresses with no sign keys available
if ( !@PrivateKeys ) {
push @{ $Self->{MissingKeys} }, $EmailAddress;
$MissingKeysFlag = 1;
next ADDRESS;
}
$MissingSelectedKeyFlag = 1;
PRIVATEKEY:
for my $PrivateKey (@PrivateKeys) {
my $SignKeyID;
if ( $Backend eq 'PGP' ) {
$SignKeyID = "PGP::$PrivateKey->{Key}";
}
else {
$SignKeyID = "SMIME::$PrivateKey->{Filename}";
}
# If this key is selected everything is fine, remove missing key flag and check next
# address.
if ( $SelectedSignKeyIDs{$SignKeyID} ) {
$MissingSelectedKeyFlag = 0;
next ADDRESS;
}
}
push @{ $Self->{MissingSelectedKey} }, $EmailAddress;
}
# Return error if there was no sign key available for an email address.
return if $MissingKeysFlag;
# Return error if there was no selected key for an email address.
return if $MissingSelectedKeyFlag;
# Otherwise return success
return 1;
}
sub _PickSignKeyID {
my ( $Self, %Param ) = @_;
# Get the list of keys for the current backend.
my %KeyList = $Self->Data(%Param);
# Return nothing if there are no possible encrypt keys;
return if !%KeyList;
# Check if signing key is still valid for the selected backend.
if (
$Param{SignKeyID}
&& $KeyList{ $Param{SignKeyID} } && $KeyList{ $Param{SignKeyID} } !~ m/WARNING: EXPIRED KEY/
)
{
return $Param{SignKeyID};
}
my $SignKeyID = '';
if ( $Param{QueueID} ) {
# Get default signing key from queue data.
my %Queue = $Kernel::OM->Get('Kernel::System::Queue')->QueueGet( ID => $Param{QueueID} );
$SignKeyID = $Queue{DefaultSignKey} || '';
}
# Convert legacy stored default sign keys.
if ( $SignKeyID =~ m{ (?: Inline|Detached ) }msx ) {
my ( $Type, $SubType, $Key ) = split /::/, $SignKeyID;
$SignKeyID = "$Type::$Key";
}
# if there is a preselected key from the queue, use it.
if ( $SignKeyID && $KeyList{$SignKeyID} && $KeyList{$SignKeyID} !~ m/WARNING: EXPIRED KEY/ ) {
return $SignKeyID;
}
# Get email security options.
return if !$Param{EmailSecurityOptions};
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
# Return nothing if Backend is not present.
return if !$Backend;
# Get encrypt object.
my $EncryptObject = $Kernel::OM->Get("Kernel::System::Crypt::$Backend");
# Return nothing if encrypt object was not created
return if !$EncryptObject;
my @SearchAddress = Mail::Address->parse( $Param{From} );
# Search for privates keys for queue system address.
my @PrivateKeys;
if ( $Backend eq 'PGP' ) {
@PrivateKeys = $EncryptObject->PrivateKeySearch(
Search => $SearchAddress[0]->address(),
);
@PrivateKeys = grep { $_->{Status} eq 'good' } @PrivateKeys;
}
else {
@PrivateKeys = $EncryptObject->PrivateSearch(
Search => $SearchAddress[0]->address(),
Valid => 1,
);
}
# If there are no private keys for this queue, return nothing.
return if !@PrivateKeys;
# Use first key for the selected backend.
PRIVATEKEY:
for my $PrivateKey (@PrivateKeys) {
my $SignKeyID;
if ( $Backend eq 'PGP' ) {
$SignKeyID = "PGP::$PrivateKey->{Key}";
}
else {
$SignKeyID = "SMIME::$PrivateKey->{Filename}";
}
return $SignKeyID;
}
return;
}
sub GetOptionsToRemoveAJAX {
my ( $Self, %Param ) = @_;
# Get config object.
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
# Check if PGP and SMIME are disabled
return if !$ConfigObject->Get('PGP') && !$ConfigObject->Get('SMIME');
my $OptionsToRemove = $Self->_GetUniqueSignKeyIDsToRemove(%Param);
return if !IsArrayRefWithData($OptionsToRemove);
return @{$OptionsToRemove};
}
sub _GetUniqueSignKeyIDsToRemove {
my ( $Self, %Param ) = @_;
# Get the list of keys for the current backend.
my %KeyList = $Self->Data(%Param);
# Return nothing if there are no possible sign keys;
return if !%KeyList;
# Return nothing if there are no security options.
return if !defined $Param{EmailSecurityOptions};
# Get email security options.
my ( $Backend, $Sign, $Encrypt ) = split /::/, $Param{EmailSecurityOptions};
return if !$Backend;
return if !$Sign || $Sign ne 'Sign';
# Get encrypt object.
my $EncryptObject = $Kernel::OM->Get("Kernel::System::Crypt::$Backend");
# Return nothing if encrypt object was not created
return if !$EncryptObject;
my %UniqueSignKeyIDsToRemove;
my @SearchAddress = Mail::Address->parse( $Param{From} );
ADDRESS:
for my $Address (@SearchAddress) {
my @PrivateKeys;
if ( $Backend eq 'PGP' ) {
@PrivateKeys = $EncryptObject->PrivateKeySearch(
Search => $Address->address(),
);
}
else {
@PrivateKeys = $EncryptObject->PrivateSearch(
Search => $Address->address(),
);
}
# Only unique keys will be removed, so skip to next address if there
# is not exactly one key
next ADDRESS if @PrivateKeys != 1;
my $PrivateKey = shift @PrivateKeys;
my $SignKeyID;
if ( $Backend eq 'PGP' ) {
$SignKeyID = "PGP::$PrivateKey->{Key}";
}
else {
$SignKeyID = "SMIME::$PrivateKey->{Filename}";
}
$UniqueSignKeyIDsToRemove{$SignKeyID} = 1;
}
my @UniqueSignKeyIDsToRemove = sort keys %UniqueSignKeyIDsToRemove;
return \@UniqueSignKeyIDsToRemove;
}
1;