Fixes #4239 - Zammad does not encrypt to recipients in CC

lib/secure_mailing/smime/outgoing.rb

@@ -97,7 +97,6 @@ class SecureMailing::SMIME::Outgoing < SecureMailing::Backend::Handler
   end
 
   def encrypt(data)
-    certificates = SMIMECertificate.for_recipipent_email_addresses!(@mail.to)
     expired_cert = certificates.detect(&:expired?)
     raise "Expired certificates for cert with #{expired_cert.not_before_at} to #{expired_cert.not_after_at}" if !@security[:encryption][:allow_expired] && expired_cert.present?
 
@@ -112,10 +111,11 @@ class SecureMailing::SMIME::Outgoing < SecureMailing::Backend::Handler
   end
 
   def log(action, status, error = nil)
+    recipients = %i[to cc].map { |recipient| @mail[recipient] }.join(' ').strip!
     HttpLog.create(
       direction:     'out',
       facility:      'S/MIME',
-      url:           "#{@mail[:from]} -> #{@mail[:to]}",
+      url:           "#{@mail[:from]} -> #{recipients}",
       status:        status,
       ip:            nil,
       request:       @security,
@@ -125,4 +125,17 @@ class SecureMailing::SMIME::Outgoing < SecureMailing::Backend::Handler
       updated_by_id: 1,
     )
   end
+
+  private
+
+  def certificates
+    certificates = []
+    %w[to cc].each do |recipient|
+      addresses = @mail.send(recipient)
+      next if !addresses
+
+      certificates += SMIMECertificate.for_recipipent_email_addresses!(addresses)
+    end
+    certificates
+  end
 end

spec/lib/secure_mailing/smime_spec.rb

@@ -9,11 +9,13 @@ RSpec.describe SecureMailing::SMIME do
 
   let(:raw_body) { 'Some text' }
 
-  let(:system_email_address) { 'smime1@example.com' }
-  let(:customer_email_address) { 'smime2@example.com' }
+  let(:system_email_address)      { 'smime1@example.com' }
+  let(:customer_email_address)    { 'smime2@example.com' }
+  let(:cc_customer_email_address) { 'smime3@example.com' }
 
-  let(:sender_certificate_subject) { "/emailAddress=#{sender_email_address}/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com" }
-  let(:recipient_certificate_subject) { "/emailAddress=#{recipient_email_address}/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com" }
+  let(:sender_certificate_subject)       { "/emailAddress=#{sender_email_address}/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com" }
+  let(:recipient_certificate_subject)    { "/emailAddress=#{recipient_email_address}/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com" }
+  let(:cc_recipient_certificate_subject) { "/emailAddress=#{cc_recipient_email_address}/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com" }
 
   let(:expired_email_address) { 'expiredsmime1@example.com' }
 
@@ -25,6 +27,7 @@ RSpec.describe SecureMailing::SMIME do
     Channel::EmailBuild.build(
       from:         sender_email_address,
       to:           recipient_email_address,
+      cc:           cc_recipient_email_address,
       body:         raw_body,
       content_type: content_type,
       security:     security_preferences
@@ -45,8 +48,9 @@ RSpec.describe SecureMailing::SMIME do
       end
     end
 
-    let(:sender_email_address)    { system_email_address }
-    let(:recipient_email_address) { customer_email_address }
+    let(:sender_email_address)       { system_email_address }
+    let(:recipient_email_address)    { customer_email_address }
+    let(:cc_recipient_email_address) { cc_customer_email_address }
 
     context 'without security' do
       let(:security_preferences) do
@@ -180,6 +184,7 @@ RSpec.describe SecureMailing::SMIME do
       context 'public key present' do
         before do
           create(:smime_certificate, fixture: recipient_email_address)
+          create(:smime_certificate, fixture: cc_recipient_email_address)
         end
 
         it 'builds mail' do
@@ -228,8 +233,9 @@ RSpec.describe SecureMailing::SMIME do
       end
     end
 
-    let(:sender_email_address) { customer_email_address }
-    let(:recipient_email_address) { system_email_address }
+    let(:sender_email_address)       { customer_email_address }
+    let(:recipient_email_address)    { system_email_address }
+    let(:cc_recipient_email_address) { cc_customer_email_address }
 
     context 'signature verification' do
 
@@ -513,8 +519,9 @@ RSpec.describe SecureMailing::SMIME do
         }
       end
 
-      let!(:sender_certificate) { create(:smime_certificate, :with_private, fixture: sender_email_address) }
-      let!(:recipient_certificate) { create(:smime_certificate, :with_private, fixture: recipient_email_address) }
+      let!(:sender_certificate)       { create(:smime_certificate, :with_private, fixture: sender_email_address) }
+      let!(:recipient_certificate)    { create(:smime_certificate, :with_private, fixture: recipient_email_address) }
+      let!(:cc_recipient_certificate) { create(:smime_certificate, :with_private, fixture: cc_recipient_email_address) }
 
       context 'private key present' do
 
@@ -562,6 +569,7 @@ RSpec.describe SecureMailing::SMIME do
 
           sender_certificate.destroy!
           recipient_certificate.destroy!
+          cc_recipient_certificate.destroy!
 
           SecureMailing.incoming(mail)
 
@@ -581,8 +589,9 @@ RSpec.describe SecureMailing::SMIME do
     end
 
     context 'with signature verification and decryption' do
-      let!(:sender_certificate) { create(:smime_certificate, :with_private, fixture: sender_email_address) }
-      let!(:recipient_certificate) { create(:smime_certificate, :with_private, fixture: recipient_email_address) }
+      let!(:sender_certificate)       { create(:smime_certificate, :with_private, fixture: sender_email_address) }
+      let!(:recipient_certificate)    { create(:smime_certificate, :with_private, fixture: recipient_email_address) }
+      let!(:cc_recipient_certificate) { create(:smime_certificate, :with_private, fixture: cc_recipient_email_address) }
 
       let(:security_preferences) do
         {
@@ -635,8 +644,9 @@ RSpec.describe SecureMailing::SMIME do
   end
 
   describe '.retry' do
-    let(:sender_email_address) { customer_email_address }
-    let(:recipient_email_address) { system_email_address }
+    let(:sender_email_address)       { customer_email_address }
+    let(:recipient_email_address)    { system_email_address }
+    let(:cc_recipient_email_address) { system_email_address }
 
     let(:security_preferences) do
       {