andre/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init III

Browse Source
This commit is contained in:
Andre Geißler
2024-10-14 00:08:40 +02:00
parent dbfba56f66
commit 1462d52e13
4572 changed files with 2658864 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

204
Perl OTRS/Kernel/System/Console/Command/Maint/SMIME/CustomerCertificate/Fetch.pm Normal file
View File

@@ -0,0 +1,204 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::Console::Command::Maint::SMIME::CustomerCertificate::Fetch;
use strict;
use warnings;
use parent qw(Kernel::System::Console::BaseCommand);
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::CheckItem',
'Kernel::System::Crypt::SMIME',
'Kernel::System::CustomerUser',
);
sub Configure {
my ( $Self, %Param ) = @_;
$Self->Description('Fetch S/MIME certificates from customer backends.');
$Self->AddOption(
Name => 'add-all',
Description =>
"Add all found certificates from the customer backend into the system within the predefined search limit in customer backed (This operation might take some time).",
Required => 0,
HasValue => 0,
ValueRegex => qr/.*/smx,
);
$Self->AddOption(
Name => 'email',
Description => "Only get a certificate for the specified email address.",
Required => 0,
HasValue => 1,
ValueRegex => qr/.*/smx,
);
return;
}
sub Run {
my ( $Self, %Param ) = @_;
$Self->Print("<yellow>Fetching customer S/MIME certificates...</yellow>\n");
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
my $StopExecution;
if ( !$ConfigObject->Get('SMIME') ) {
$Self->Print("'S/MIME' is not activated in SysConfig, can't continue!\n");
$StopExecution = 1;
}
elsif ( !$ConfigObject->Get('SMIME::FetchFromCustomer') ) {
$Self->Print("'SMIME::FetchFromCustomer' is not activated in SysConfig, can't continue!\n");
$StopExecution = 1;
}
if ($StopExecution) {
$Self->Print("\n<green>Done.</green>\n");
return $Self->ExitCodeOk();
}
my $CryptObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
if ( !$CryptObject ) {
$Self->PrintError("S/MIME environment is not working!\n");
$Self->Print("<red>Fail.</red>\n");
return $Self->ExitCodeError();
}
# Get certificate for just one customer.
if ( $Self->GetOption('email') ) {
my $EmailAddress = $Self->GetOption('email');
my $ValidEmail = $Kernel::OM->Get('Kernel::System::CheckItem')->CheckEmail(
Address => $EmailAddress,
);
if ( !$ValidEmail ) {
$Self->PrintError(" $EmailAddress NOT valid ($ValidEmail)\n");
return $Self->ExitCodeError();
}
my @Files = $CryptObject->FetchFromCustomer(
Search => $EmailAddress,
);
if ( !@Files ) {
$Self->Print(" No new certificates found.\n");
}
for my $Filename (@Files) {
my $Certificate = $CryptObject->CertificateGet(
Filename => $Filename,
);
my %CertificateAttributes = $CryptObject->CertificateAttributes(
Certificate => $Certificate,
Filename => $Filename,
);
$Self->Print(" Added certificate $CertificateAttributes{Fingerprint} (<yellow>$Filename</yellow>)\n");
}
$Self->Print("\n<green>Done.</green>\n");
return $Self->ExitCodeOk();
}
my ( $ListOfCertificates, $EmailsFromCertificates ) = $Self->_GetCurrentData();
my $CustomerUserObject = $Kernel::OM->Get('Kernel::System::CustomerUser');
# Check customer user for UserSMIMECertificate property (Limit = CustomerUserSearchListLimit from customer backend)
my %CustomerUsers = $CustomerUserObject->CustomerSearch(
PostMasterSearch => '*',
);
LOGIN:
for my $Login ( sort keys %CustomerUsers ) {
my %CustomerUser = $CustomerUserObject->CustomerUserDataGet(
User => $Login,
);
next LOGIN if !$CustomerUser{UserSMIMECertificate};
$Self->Print(" Searching S/MIME certificates for <yellow>$Login</yellow>...");
if ( $ListOfCertificates->{ $CustomerUser{UserSMIMECertificate} } ) {
$Self->Print(" Already added\n");
next LOGIN;
}
else {
my @Files = $CryptObject->FetchFromCustomer(
Search => $CustomerUser{UserEmail},
);
for my $Filename (@Files) {
my $Certificate = $CryptObject->CertificateGet(
Filename => $Filename,
);
my %CertificateAttributes = $CryptObject->CertificateAttributes(
Certificate => $Certificate,
Filename => $Filename,
);
$Self->Print(
"\n Added certificate $CertificateAttributes{Fingerprint} (<yellow>$Filename</yellow>)\n"
);
}
}
}
$Self->Print("\n<green>Done.</green>\n");
return $Self->ExitCodeOk();
}
sub _GetCurrentData {
my ( $Self, %Param ) = @_;
my $CryptObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
# Get all existing certificates.
my @CertList = $CryptObject->CertificateList();
my %ListOfCertificates;
my %EmailsFromCertificates;
# Check all existing certificates for emails.
CERTIFICATE:
for my $Certname (@CertList) {
my $CertificateString = $CryptObject->CertificateGet(
Filename => $Certname,
);
my %CertificateAttributes = $CryptObject->CertificateAttributes(
Certificate => $CertificateString,
Filename => $Certname,
);
# all SMIME certificates must have an Email Attribute
next CERTIFICATE if !$CertificateAttributes{Email};
my $ValidEmail = $Kernel::OM->Get('Kernel::System::CheckItem')->CheckEmail(
Address => $CertificateAttributes{Email},
);
next CERTIFICATE if !$ValidEmail;
# Remember certificate (don't need to be added again).
$ListOfCertificates{$CertificateString} = $CertificateString;
# Save email for checking for new certificate.
$EmailsFromCertificates{ $CertificateAttributes{Email} } = 1;
}
return ( \%ListOfCertificates, \%EmailsFromCertificates );
}
1;

150
Perl OTRS/Kernel/System/Console/Command/Maint/SMIME/CustomerCertificate/Renew.pm Normal file
View File

@@ -0,0 +1,150 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::Console::Command::Maint::SMIME::CustomerCertificate::Renew;
use strict;
use warnings;
use parent qw(Kernel::System::Console::BaseCommand);
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::CheckItem',
'Kernel::System::Crypt::SMIME',
'Kernel::System::CustomerUser',
);
sub Configure {
my ( $Self, %Param ) = @_;
$Self->Description('Renew existing S/MIME certificates from customer backends.');
return;
}
sub Run {
my ( $Self, %Param ) = @_;
$Self->Print("<yellow>Renewing existing customer S/MIME certificates...</yellow>\n");
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
my $StopExecution;
if ( !$ConfigObject->Get('SMIME') ) {
$Self->Print("'S/MIME' is not activated in SysConfig, can't continue!\n");
$StopExecution = 1;
}
elsif ( !$ConfigObject->Get('SMIME::FetchFromCustomer') ) {
$Self->Print("'SMIME::FetchFromCustomer' is not activated in SysConfig, can't continue!\n");
$StopExecution = 1;
}
if ($StopExecution) {
$Self->Print("\n<green>Done.</green>\n");
return $Self->ExitCodeOk();
}
my $CryptObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
if ( !$CryptObject ) {
$Self->PrintError("S/MIME environment is not working!\n");
$Self->Print("<red>Fail.</red>\n");
return $Self->ExitCodeError();
}
my ( $ListOfCertificates, $EmailsFromCertificates ) = $Self->_GetCurrentData();
my $CustomerUserObject = $Kernel::OM->Get('Kernel::System::CustomerUser');
EMAIL:
for my $Email ( sort keys %{$EmailsFromCertificates} ) {
my %UserList = $CustomerUserObject->CustomerSearch(
PostMasterSearch => $Email,
Limit => 1,
);
next EMAIL if !%UserList;
my @UserLogins = sort keys %UserList;
my %CustomerUser = $CustomerUserObject->CustomerUserDataGet(
User => $UserLogins[0],
);
next EMAIL if !%CustomerUser;
next EMAIL if !$CustomerUser{UserSMIMECertificate};
next EMAIL if $ListOfCertificates->{ $CustomerUser{UserSMIMECertificate} };
my @Files = $CryptObject->FetchFromCustomer(
Search => $Email,
);
for my $Filename (@Files) {
my $Certificate = $CryptObject->CertificateGet(
Filename => $Filename,
);
my %CertificateAttributes = $CryptObject->CertificateAttributes(
Certificate => $Certificate,
Filename => $Filename,
);
$Self->Print(" Found new S/MIME certificates for <yellow>$UserLogins[0]</yellow> ...\n");
$Self->Print(" Added certificate $CertificateAttributes{Fingerprint} (<yellow>$Filename</yellow>)\n");
}
}
$Self->Print("\n<green>Done.</green>\n");
return $Self->ExitCodeOk();
}
sub _GetCurrentData {
my ( $Self, %Param ) = @_;
my $CryptObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
# Get all existing certificates.
my @CertList = $CryptObject->CertificateList();
my %ListOfCertificates;
my %EmailsFromCertificates;
# Check all existing certificates for emails.
CERTIFICATE:
for my $Certname (@CertList) {
my $CertificateString = $CryptObject->CertificateGet(
Filename => $Certname,
);
my %CertificateAttributes = $CryptObject->CertificateAttributes(
Certificate => $CertificateString,
Filename => $Certname,
);
# all SMIME certificates must have an Email Attribute
next CERTIFICATE if !$CertificateAttributes{Email};
my $ValidEmail = $Kernel::OM->Get('Kernel::System::CheckItem')->CheckEmail(
Address => $CertificateAttributes{Email},
);
next CERTIFICATE if !$ValidEmail;
# Remember certificate (don't need to be added again).
$ListOfCertificates{$CertificateString} = $CertificateString;
# Save email for checking for new certificate.
$EmailsFromCertificates{ $CertificateAttributes{Email} } = 1;
}
return ( \%ListOfCertificates, \%EmailsFromCertificates );
}
1;

303
Perl OTRS/Kernel/System/Console/Command/Maint/SMIME/FetchFromCustomer.pm Normal file
View File

@@ -0,0 +1,303 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::Console::Command::Maint::SMIME::FetchFromCustomer;
use strict;
use warnings;
use parent qw(Kernel::System::Console::BaseCommand);
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::Crypt::SMIME',
'Kernel::System::User',
'Kernel::System::CustomerUser',
'Kernel::System::CheckItem',
);
sub Configure {
my ( $Self, %Param ) = @_;
$Self->Description('Refresh existing keys for new ones from the LDAP.');
$Self->AddOption(
Name => 'verbose',
Description => "Print detailed command output.",
Required => 0,
HasValue => 0,
);
$Self->AddOption(
Name => 'force',
Description => "Execute even if S/MIME is not enabled in SysConfig.",
Required => 0,
HasValue => 0,
ValueRegex => qr/.*/smx,
);
$Self->AddOption(
Name => 'renew',
Description => "Only renew existing certificates from customer-users.",
Required => 0,
HasValue => 0,
ValueRegex => qr/.*/smx,
);
$Self->AddOption(
Name => 'add-all',
Description =>
"Add all found certificates from the LDAP into the system within the predefined search limit in customer backed (this operation might take some time).",
Required => 0,
HasValue => 0,
ValueRegex => qr/.*/smx,
);
$Self->AddOption(
Name => 'email',
Description => "Only get a certificate for the specified email address.",
Required => 0,
HasValue => 1,
ValueRegex => qr/.*/smx,
);
return;
}
sub PreRun {
my ( $Self, %Param ) = @_;
# get config object
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
if ( $Self->GetOption('force') ) {
$ConfigObject->Set(
Key => 'SMIME',
Value => 1,
);
}
my $SMIMEActivated = $ConfigObject->Get('SMIME');
if ( !$SMIMEActivated ) {
die "S/MIME is not activated in SysConfig!\n";
}
my $Message = $Kernel::OM->Get('Kernel::System::Crypt::SMIME')->Check();
die $Message if $Message;
my $SMIMESyncActivated = $ConfigObject->Get('SMIME::FetchFromCustomer');
if ( !$SMIMESyncActivated ) {
die "'S/MIME from LDAP' synchronization is not activated in SysConfig!\n";
}
my $CryptObject;
eval {
$CryptObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
};
if ( !$CryptObject ) {
die "No S/MIME support!.\n";
}
return;
}
sub Run {
my ( $Self, %Param ) = @_;
my $Count = 1;
my $CertCount = 0;
my $DetailLevel = $Self->GetOption('verbose') ? 'Details' : 'ShortDetails';
if ( $DetailLevel ne 'Details' ) {
$Self->Print("<yellow>$Count) Refreshing S/MIME keys...</yellow>\n");
$Count++;
}
my $CryptObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
# Get all existing certificates.
my @CertList = $CryptObject->CertificateList();
# only when Email specified
if ( $Self->GetOption('email') ) {
my $Emailaddress = $Self->GetOption('email');
my $ValidEmail = $Kernel::OM->Get('Kernel::System::CheckItem')->CheckEmail(
Address => $Emailaddress,
);
if ( !$ValidEmail ) {
$Self->Print("<red>$Count) $Emailaddress NOT valid ($ValidEmail)</red>\n");
return 1;
}
if ( $DetailLevel ne 'Details' ) {
$Self->Print("<yellow>$Count) '$Emailaddress' is a valid email ($ValidEmail)</yellow>\n");
$Count++;
}
my @Files = $CryptObject->FetchFromCustomer(
Search => $Emailaddress
);
$CertCount += @Files;
if ( $CertCount > 0 ) {
if ( $DetailLevel ne 'Details' ) {
$Self->Print("$CertCount added\n");
}
}
@CertList = @Files;
}
my %ListOfEmailCertificates;
my @ActiveCustomerUserCertificates;
# Check all existing certificates for emails.
CERTIFICATE:
for my $Certname (@CertList) {
if ( $DetailLevel ne 'Details' ) {
$Self->Print( 'CN: ' . $Certname . "\n" );
}
my $CertificateString = $CryptObject->CertificateGet(
Filename => $Certname,
);
my %CertificateAttributes = $CryptObject->CertificateAttributes(
Certificate => $CertificateString,
Filename => $Certname,
);
# all SMIME certificates must have an Email Attribute
next CERTIFICATE if !$CertificateAttributes{Email};
my $ValidEmail = $Kernel::OM->Get('Kernel::System::CheckItem')->CheckEmail(
Address => $CertificateAttributes{Email},
);
next CERTIFICATE if !$ValidEmail;
# Remember certificate (don't need to be added again).
$ListOfEmailCertificates{$CertificateString} = $CertificateString;
# Save email for checking for new certificate.
push @ActiveCustomerUserCertificates, $CertificateAttributes{Email};
}
if ( $DetailLevel ne 'Details' ) {
$Self->Print(
"<yellow>$Count) Found " . @ActiveCustomerUserCertificates . " Customer-Certificate...</yellow>\n"
);
$Count++;
}
my $CustomerUserObject = $Kernel::OM->Get('Kernel::System::CustomerUser');
# Check saved CustomerUser-emails for userSMIMECertificate
if ( $Self->GetOption('renew') && @ActiveCustomerUserCertificates ) {
if ( $DetailLevel ne 'Details' ) {
$Self->Print("<yellow>$Count) Only renew existing Customer-Certificates...</yellow>\n");
$Count++;
}
my %CustomerUsers = $CustomerUserObject->CustomerSearch(
PostMasterSearch => @ActiveCustomerUserCertificates,
);
# if not AddAll
CUSTOMERUSER:
for my $Login ( sort keys %CustomerUsers ) {
if ( $DetailLevel ne 'Details' ) {
$Self->Print( 'CU: ' . $Login . "\n" );
}
my %CustomerUser = $CustomerUserObject->CustomerUserDataGet(
User => $Login,
);
# Add Certificate if available
if ( $CustomerUser{SMIMECertificate} ) {
# Certificate already existing
next CUSTOMERUSER if $ListOfEmailCertificates{ $CustomerUser{SMIMECertificate} };
my $ConvertedCertificate = $CryptObject->ConvertCertFormat(
String => $CustomerUser{SMIMECertificate},
);
my %Result = $CryptObject->CertificateAdd(
Certificate => $ConvertedCertificate,
);
if ( $Result{Successful} && $Result{Successful} == 1 ) {
if ( $DetailLevel ne 'Details' ) {
$Self->Print("$Result{Filename} added\n");
}
$CertCount++;
}
}
}
}
if ( $Self->GetOption('add-all') ) {
#check LDAP-Users for userSMIMECertificate (Limit = CustomerUserSearchListLimit from LDAP-Config)
my %CustomerUsers = $CustomerUserObject->CustomerSearch(
Search => '*',
);
%CustomerUsers = (
%CustomerUsers,
$CustomerUserObject->CustomerSearch(
PostMasterSearch => '*',
)
);
if ( $DetailLevel ne 'Details' ) {
$Self->Print("<yellow>$Count) Get all users to check them...</yellow>\n");
}
for my $Login ( sort keys %CustomerUsers ) {
my %CustomerUser = $CustomerUserObject->CustomerUserDataGet(
User => $Login,
);
if ( $DetailLevel ne 'Details' ) {
$Self->Print("CU: $Login\n");
}
# only add, if CustomerUser has Certificate, and Certificate not already in List available
if ( $CustomerUser{SMIMECertificate} && !$ListOfEmailCertificates{ $CustomerUser{SMIMECertificate} } ) {
if ( $DetailLevel ne 'Details' ) {
$Self->Print("Add? - ");
}
my $ConvertedCertificate = $CryptObject->ConvertCertFormat(
String => $CustomerUser{SMIMECertificate}
);
my %Result = $CryptObject->CertificateAdd(
Certificate => $ConvertedCertificate,
);
if ( $Result{Successful} && $Result{Successful} == 1 ) {
if ( $DetailLevel ne 'Details' ) {
$Self->Print("$Result{Filename} added");
}
$CertCount++;
}
if ( $DetailLevel ne 'Details' ) {
$Self->Print("\n");
}
}
}
}
my $CheckCertPathResult = $CryptObject->CheckCertPath();
if ( $CheckCertPathResult->{$DetailLevel} ) {
$Self->Print( $CheckCertPathResult->{$DetailLevel} );
}
if ( !$CheckCertPathResult->{Success} ) {
return $Self->ExitCodeError();
}
$Self->Print("<green>Done. ($CertCount)</green>\n");
return $Self->ExitCodeOk();
}
1;

123
Perl OTRS/Kernel/System/Console/Command/Maint/SMIME/KeysRefresh.pm Normal file
View File

@@ -0,0 +1,123 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::Console::Command::Maint::SMIME::KeysRefresh;
use strict;
use warnings;
use parent qw(Kernel::System::Console::BaseCommand);
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::Crypt::SMIME',
);
sub Configure {
my ( $Self, %Param ) = @_;
$Self->Description('Normalize S/MIME private secrets and rename all certificates to the correct hash.');
$Self->AddOption(
Name => 'verbose',
Description => "Print detailed command output.",
Required => 0,
HasValue => 0,
);
$Self->AddOption(
Name => 'force',
Description => "Execute even if S/MIME is not enabled in SysConfig.",
Required => 0,
HasValue => 0,
ValueRegex => qr/.*/smx,
);
return;
}
sub PreRun {
my ( $Self, %Param ) = @_;
# get config object
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
if ( $Self->GetOption('force') ) {
$ConfigObject->Set(
Key => 'SMIME',
Value => 1,
);
}
my $SMIMEActivated = $ConfigObject->Get('SMIME');
if ( !$SMIMEActivated ) {
die "S/MIME is not activated in SysConfig!\n";
}
my $OpenSSLBin = $ConfigObject->Get('SMIME::Bin') || '/usr/bin/openssl';
if ( !-e $OpenSSLBin ) {
die "OpenSSL binary $OpenSSLBin does not exists!\n";
}
elsif ( !-x $OpenSSLBin ) {
die "OpenSSL binary $OpenSSLBin is not executable!\n";
}
my $CertPath = $ConfigObject->Get('SMIME::CertPath');
if ( !-e $CertPath ) {
die "Certificates directory $CertPath does not exist!\n";
}
elsif ( !-d $CertPath ) {
die "Certificates directory $CertPath is not really a directory!\n";
}
elsif ( !-w $CertPath ) {
die "Certificates directory $CertPath is not writable!\n";
}
my $PrivatePath = $ConfigObject->Get('SMIME::PrivatePath');
if ( !-e $PrivatePath ) {
die "Private keys directory $PrivatePath does not exist!\n";
}
elsif ( !-d $PrivatePath ) {
die "Private keys directory $PrivatePath is not really a directory!\n";
}
elsif ( !-w $PrivatePath ) {
die "Private keys directory $PrivatePath is not writable!\n";
}
my $CryptObject;
eval {
$CryptObject = $Kernel::OM->Get('Kernel::System::Crypt::SMIME');
};
if ( !$CryptObject ) {
die "No S/MIME support!\n";
}
return;
}
sub Run {
my ( $Self, %Param ) = @_;
my $DetailLevel = $Self->GetOption('verbose') ? 'Details' : 'ShortDetails';
if ( $DetailLevel ne 'Details' ) {
$Self->Print("<yellow>Refreshing S/MIME keys...</yellow>\n");
}
my $CheckCertPathResult = $Kernel::OM->Get('Kernel::System::Crypt::SMIME')->CheckCertPath();
if ( $CheckCertPathResult->{$DetailLevel} ) {
$Self->Print( $CheckCertPathResult->{$DetailLevel} );
}
if ( !$CheckCertPathResult->{Success} ) {
return $Self->ExitCodeError();
}
$Self->Print("<green>Done.</green>\n");
return $Self->ExitCodeOk();
}
1;