Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: a85d811dbb
Branches Tags
zammad
/
lib
/
secure_mailing
/
smime
/
security_options.rb

security_options.rb 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. class SecureMailing::SMIME::SecurityOptions < SecureMailing::Backend::HandlerSecurityOptions
    4. 

  4. 

  5.   def type
    6. 

  6.     'S/MIME'
    7. 

  7.   end
    8. 

  8. 

  9.   private
    10. 

  10. 

  11.   def sign_security_options_status_default_message
    12. 

  12.     __('There was no certificate found.')
    13. 

  13.   end
    14. 

  14. 

  15.   def config
    16. 

  16.     Setting.get('smime_config')
    17. 

  17.   end
    18. 

  18. 

  19.   def group_has_valid_secure_objects?(signing_result, group_email)
    20. 

  20.     begin
    21. 

  21.       cert = SMIMECertificate.find_by_email_address(from(group_email), filter: { key: 'private', usage: :signature, ignore_usable: true }).first
    22. 

  22.       return certificate_valid?(signing_result, cert, group_email)
    23. 

  23.     rescue => e
    24. 

  24.       signing_result.message = e.message
    25. 

  25.     end
    26. 

  26. 

  27.     false
    28. 

  28.   end
    29. 

  29. 

  30.   def certificate_valid?(signing_result, cert, email)
    31. 

  31.     result = false
    32. 

  32. 

  33.     if cert
    34. 

  34.       result = cert.parsed.usable?
    35. 

  35. 

  36.       signing_result.message = if cert.parsed.usable?
    37. 

  37.                                  __('The certificate for %s was found.')
    38. 

  38.                                else
    39. 

  39.                                  __('The certificate for %s was found, but it is not valid yet or has expired.')
    40. 

  40.                                end
    41. 

  41.     else
    42. 

  42.       signing_result.message = __('The certificate for %s was not found.')
    43. 

  43.     end
    44. 

  44. 

  45.     signing_result.message_placeholders = [email]
    46. 

  46. 

  47.     result
    48. 

  48.   end
    49. 

  49. 

  50.   def recipients_have_valid_secure_objects?(encryption_result, recipients)
    51. 

  51.     certs = SMIMECertificate.find_for_multiple_email_addresses!(recipients, filter: { key: 'public', usage: :encryption, ignore_usable: true }, blame: true)
    52. 

  52. 

  53.     certificates_valid?(encryption_result, certs, recipients)
    54. 

  54.   rescue => e
    55. 

  55.     encryption_result.message = e.message
    56. 

  56.     false
    57. 

  57.   end
    58. 

  58. 

  59.   def certificates_valid?(encryption_result, certs, recipients) # rubocop:disable Metrics/AbcSize
    60. 

  60.     result = false
    61. 

  61. 

  62.     if certs
    63. 

  63.       result = certs.none? { |cert| !cert.parsed.usable? }
    64. 

  64. 

  65.       encryption_result.message = if certs.any? { |cert| !cert.parsed.usable? }
    66. 

  66.                                     __('There were certificates found for %s, but at least one of them is not valid yet or has expired.')
    67. 

  67.                                   else
    68. 

  68.                                     __('The certificates for %s were found.')
    69. 

  69.                                   end
    70. 

  70.       encryption_result.message_placeholders = [recipients.join(', ')]
    71. 

  71.     else
    72. 

  72.       encryption_result.message = __('The certificates for %s were not found.')
    73. 

  73.     end
    74. 

  74. 

  75.     result
    76. 

  76.   end
    77. 

  77. end
    78.