smime_spec.rb 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724
  1. # Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe SecureMailing::SMIME do
  4. before do
  5. Setting.set('smime_integration', true)
  6. end
  7. let(:raw_body) { 'Some text' }
  8. let(:system_email_address) { 'smime1@example.com' }
  9. let(:customer_email_address) { 'smime2@example.com' }
  10. let(:sender_certificate_subject) { "/emailAddress=#{sender_email_address}/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com" }
  11. let(:recipient_certificate_subject) { "/emailAddress=#{recipient_email_address}/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com" }
  12. let(:expired_email_address) { 'expiredsmime1@example.com' }
  13. let(:ca_certificate_subject) { '/emailAddress=RootCA@example.com/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com' }
  14. let(:content_type) { 'text/plain' }
  15. def build_mail
  16. Channel::EmailBuild.build(
  17. from: sender_email_address,
  18. to: recipient_email_address,
  19. body: raw_body,
  20. content_type: content_type,
  21. security: security_preferences
  22. )
  23. end
  24. describe '.outgoing' do
  25. shared_examples 'HttpLog writer' do |status|
  26. it "logs #{status}" do
  27. expect do
  28. build_mail
  29. rescue
  30. # allow failures
  31. end.to change(HttpLog, :count).by(1)
  32. expect(HttpLog.last.attributes).to include('direction' => 'out', 'status' => status)
  33. end
  34. end
  35. let(:sender_email_address) { system_email_address }
  36. let(:recipient_email_address) { customer_email_address }
  37. context 'without security' do
  38. let(:security_preferences) do
  39. nil
  40. end
  41. it 'builds mail' do
  42. expect(build_mail.body).not_to match(SecureMailing::SMIME::Incoming::EXPRESSION_SIGNATURE)
  43. expect(build_mail.body).not_to match(SecureMailing::SMIME::Incoming::EXPRESSION_MIME)
  44. expect(build_mail.body).to eq(raw_body)
  45. end
  46. end
  47. context 'signing' do
  48. let(:security_preferences) do
  49. {
  50. type: 'S/MIME',
  51. sign: {
  52. success: true,
  53. },
  54. encryption: {
  55. success: false,
  56. },
  57. }
  58. end
  59. context 'private key present' do
  60. let!(:sender_certificate) do
  61. create(:smime_certificate, :with_private, fixture: system_email_address)
  62. end
  63. it 'builds mail' do
  64. expect(build_mail.body).to match(SecureMailing::SMIME::Incoming::EXPRESSION_SIGNATURE)
  65. end
  66. it_behaves_like 'HttpLog writer', 'success'
  67. context 'expired certificate' do
  68. let(:system_email_address) { expired_email_address }
  69. it 'raises exception' do
  70. expect { build_mail }.to raise_error RuntimeError
  71. end
  72. it_behaves_like 'HttpLog writer', 'failed'
  73. end
  74. context 'when message is 7bit or 8bit encoded' do
  75. let(:mail) do
  76. smime_mail = build_mail
  77. mail = Channel::EmailParser.new.parse(smime_mail.to_s)
  78. SecureMailing.incoming(mail)
  79. mail
  80. end
  81. context 'when Content-Type is text/plain' do
  82. let(:raw_body) { "\r\n\r\n@john.doe, now known as John Dóe has accepted your invitation to join the Administrator / htmltest project.\r\n\r\nhttp://169.254.169.254:3000/root/htmltest\r\n\r\n-- \r\nYou're receiving this email because of your account on 169.254.169.254.\r\n\r\n\r\n\r\n" }
  83. it 'verifies' do
  84. expect(mail['x-zammad-article-preferences']['security']['sign']['success']).to be true
  85. end
  86. end
  87. context 'when Content-Type is text/html' do
  88. let(:content_type) { 'text/html' }
  89. let(:raw_body) { "<div><ul><li><p>an \nexample „Text“ with ümläütß. </p></li></ul></div>" }
  90. it 'verifies' do
  91. expect(mail['x-zammad-article-preferences']['security']['sign']['success']).to be true
  92. end
  93. end
  94. end
  95. context 'when certificate chain is present' do
  96. let(:system_email_address) { 'chain@example.com' }
  97. let!(:chain) do
  98. [
  99. sender_certificate,
  100. create(:smime_certificate, fixture: 'ChainCA'),
  101. create(:smime_certificate, fixture: 'IntermediateCA'),
  102. create(:smime_certificate, fixture: 'RootCA'),
  103. ]
  104. end
  105. let(:p7enc) do
  106. mail = Channel::EmailParser.new.parse(build_mail.to_s)
  107. OpenSSL::PKCS7.read_smime(mail[:raw])
  108. end
  109. it 'is included in the generated mail' do
  110. expect(p7enc.certificates).to eq(chain.map(&:parsed))
  111. end
  112. end
  113. end
  114. context 'no private key present' do
  115. before do
  116. create(:smime_certificate, fixture: system_email_address)
  117. end
  118. it 'raises exception' do
  119. expect { build_mail }.to raise_error RuntimeError
  120. end
  121. it_behaves_like 'HttpLog writer', 'failed'
  122. end
  123. end
  124. context 'encryption' do
  125. let(:security_preferences) do
  126. {
  127. type: 'S/MIME',
  128. sign: {
  129. success: false,
  130. },
  131. encryption: {
  132. success: true,
  133. },
  134. }
  135. end
  136. context 'public key present' do
  137. before do
  138. create(:smime_certificate, fixture: recipient_email_address)
  139. end
  140. it 'builds mail' do
  141. mail = build_mail
  142. expect(mail['Content-Type'].value).to match(SecureMailing::SMIME::Incoming::EXPRESSION_MIME)
  143. expect(mail.body).not_to include(raw_body)
  144. end
  145. it_behaves_like 'HttpLog writer', 'success'
  146. context 'expired certificate' do
  147. let(:recipient_email_address) { expired_email_address }
  148. it 'raises exception' do
  149. expect { build_mail }.to raise_error RuntimeError
  150. end
  151. it_behaves_like 'HttpLog writer', 'failed'
  152. end
  153. end
  154. context 'no public key present' do
  155. it 'raises exception' do
  156. expect { build_mail }.to raise_error ActiveRecord::RecordNotFound
  157. end
  158. it_behaves_like 'HttpLog writer', 'failed'
  159. end
  160. end
  161. end
  162. describe '.incoming' do
  163. shared_examples 'HttpLog writer' do |status|
  164. it "logs #{status}" do
  165. expect do
  166. mail
  167. rescue
  168. # allow failures
  169. end.to change(HttpLog, :count).by(2)
  170. expect(HttpLog.last.attributes).to include('direction' => 'in', 'status' => status)
  171. end
  172. end
  173. let(:sender_email_address) { customer_email_address }
  174. let(:recipient_email_address) { system_email_address }
  175. context 'signature verification' do
  176. let(:allow_expired) { false }
  177. let(:security_preferences) do
  178. {
  179. type: 'S/MIME',
  180. sign: {
  181. success: true,
  182. allow_expired: allow_expired,
  183. },
  184. encryption: {
  185. success: false,
  186. },
  187. }
  188. end
  189. context 'sender certificate present' do
  190. before do
  191. create(:smime_certificate, :with_private, fixture: sender_email_address)
  192. end
  193. let(:mail) do
  194. smime_mail = build_mail
  195. mail = Channel::EmailParser.new.parse(smime_mail.to_s)
  196. SecureMailing.incoming(mail)
  197. mail
  198. end
  199. it 'verifies' do
  200. expect(mail[:body]).to include(raw_body)
  201. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be true
  202. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq(sender_certificate_subject)
  203. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  204. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  205. end
  206. it_behaves_like 'HttpLog writer', 'success'
  207. context 'expired' do
  208. # required to build mail with expired certificate
  209. let(:allow_expired) { true }
  210. let(:sender_email_address) { expired_email_address }
  211. it 'verifies with comment' do
  212. expect(mail[:body]).to include(raw_body)
  213. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be true
  214. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to include(expired_email_address).and include('expired')
  215. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  216. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  217. end
  218. it_behaves_like 'HttpLog writer', 'success'
  219. end
  220. context 'with wrapped mime-type S/MIME signature (e.g. for Microsoft Outlook)' do
  221. before do
  222. # We need to disable the open ssl detached flag, to force the smime-type with 'signed-data'.
  223. stub_const('OpenSSL::PKCS7::DETACHED', nil)
  224. end
  225. it 'check that mail was verified' do
  226. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be true
  227. end
  228. it 'check that signe comment exists' do
  229. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq(sender_certificate_subject)
  230. end
  231. it 'check that body was verified' do
  232. expect(mail[:body]).to include(raw_body)
  233. end
  234. end
  235. end
  236. context 'no sender certificate' do
  237. let!(:sender_certificate) { create(:smime_certificate, :with_private, fixture: sender_email_address) }
  238. let(:mail) do
  239. smime_mail = build_mail
  240. mail = Channel::EmailParser.new.parse(smime_mail.to_s)
  241. sender_certificate.destroy!
  242. SecureMailing.incoming(mail)
  243. mail
  244. end
  245. it 'fails' do
  246. expect(mail[:body]).to include(raw_body)
  247. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  248. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq('Certificate for verification could not be found.')
  249. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  250. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  251. end
  252. context 'public key present in signature' do
  253. let(:not_related_fixture) { 'smime3@example.com' }
  254. let!(:not_related_certificate) { create(:smime_certificate, fixture: not_related_fixture) }
  255. context 'not related certificate present' do
  256. it 'fails' do
  257. expect(mail[:body]).to include(raw_body)
  258. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  259. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq('Certificate for verification could not be found.')
  260. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  261. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  262. end
  263. it_behaves_like 'HttpLog writer', 'failed'
  264. context 'CA' do
  265. let(:not_related_fixture) { 'ExpiredCA' }
  266. it 'fails' do
  267. expect(mail[:body]).to include(raw_body)
  268. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  269. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq('Certificate for verification could not be found.')
  270. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  271. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  272. end
  273. it_behaves_like 'HttpLog writer', 'failed'
  274. end
  275. end
  276. context 'usage not prevented' do
  277. before do
  278. # remove OpenSSL::PKCS7::NOINTERN
  279. stub_const('SecureMailing::SMIME::Incoming::OPENSSL_PKCS7_VERIFY_FLAGS', OpenSSL::PKCS7::NOVERIFY)
  280. end
  281. it "won't perform verification" do
  282. expect(mail[:body]).to include(raw_body)
  283. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  284. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq('Certificate for verification could not be found.')
  285. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  286. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  287. end
  288. end
  289. end
  290. context 'root CA present' do
  291. before do
  292. create(:smime_certificate, fixture: ca_fixture)
  293. end
  294. let(:ca_fixture) { 'RootCA' }
  295. it 'verifies' do
  296. expect(mail[:body]).to include(raw_body)
  297. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be true
  298. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq(ca_certificate_subject)
  299. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  300. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  301. end
  302. it_behaves_like 'HttpLog writer', 'success'
  303. context 'expired' do
  304. let(:ca_fixture) { 'ExpiredCA' }
  305. it 'fails' do
  306. expect(mail[:body]).to include(raw_body)
  307. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  308. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq('Certificate for verification could not be found.')
  309. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  310. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  311. end
  312. it_behaves_like 'HttpLog writer', 'failed'
  313. context 'allowed' do
  314. let(:allow_expired) { true }
  315. # ATTENTION: expired CA is a special case where `allow_expired` does not count
  316. it 'fails' do
  317. expect(mail[:body]).to include(raw_body)
  318. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  319. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq('Certificate for verification could not be found.')
  320. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  321. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  322. end
  323. it_behaves_like 'HttpLog writer', 'failed'
  324. end
  325. end
  326. end
  327. context 'certificate chain' do
  328. let(:sender_email_address) { 'chain@example.com' }
  329. let(:ca_subject_chain) { ca_chain.reverse.map(&:subject).join(', ') }
  330. context 'incomplete certificate chain present' do
  331. before do
  332. create(:smime_certificate, fixture: 'RootCA')
  333. create(:smime_certificate, fixture: 'IntermediateCA')
  334. end
  335. it 'fails' do
  336. expect(mail[:body]).to include(raw_body)
  337. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  338. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq('Certificate for verification could not be found.')
  339. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  340. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  341. end
  342. end
  343. context 'certificate chain only partly present' do
  344. let(:ca_certificate_subject) { subject_chain }
  345. let!(:ca_chain) do
  346. [
  347. create(:smime_certificate, fixture: 'IntermediateCA'),
  348. create(:smime_certificate, fixture: 'ChainCA'),
  349. ]
  350. end
  351. it 'verifies' do
  352. expect(mail[:body]).to include(raw_body)
  353. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be true
  354. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq(ca_subject_chain)
  355. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  356. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  357. end
  358. end
  359. context 'complete certificate chain present' do
  360. let!(:ca_chain) do
  361. [
  362. create(:smime_certificate, fixture: 'RootCA'),
  363. create(:smime_certificate, fixture: 'IntermediateCA'),
  364. create(:smime_certificate, fixture: 'ChainCA'),
  365. ]
  366. end
  367. it 'verifies' do
  368. allow(Rails.logger).to receive(:warn)
  369. expect(mail[:body]).to include(raw_body)
  370. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be true
  371. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq(ca_subject_chain)
  372. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  373. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to be_nil
  374. expect(Rails.logger).not_to have_received(:warn).with(%r{#{Regexp.escape(ca_certificate_subject)}})
  375. end
  376. end
  377. end
  378. end
  379. end
  380. context 'decryption' do
  381. let(:allow_expired) { false }
  382. let(:security_preferences) do
  383. {
  384. type: 'S/MIME',
  385. sign: {
  386. success: false,
  387. },
  388. encryption: {
  389. success: true,
  390. allow_expired: allow_expired,
  391. },
  392. }
  393. end
  394. let!(:sender_certificate) { create(:smime_certificate, :with_private, fixture: sender_email_address) }
  395. let!(:recipient_certificate) { create(:smime_certificate, :with_private, fixture: recipient_email_address) }
  396. context 'private key present' do
  397. let(:mail) do
  398. smime_mail = build_mail
  399. mail = Channel::EmailParser.new.parse(smime_mail.to_s)
  400. SecureMailing.incoming(mail)
  401. mail
  402. end
  403. it 'decrypts' do
  404. expect(mail[:body]).to include(raw_body)
  405. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  406. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to be_nil
  407. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be true
  408. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to eq(recipient_certificate_subject)
  409. end
  410. it_behaves_like 'HttpLog writer', 'success'
  411. context 'expired allowed' do
  412. let(:allow_expired) { true }
  413. let(:system_email_address) { expired_email_address }
  414. it 'decrypts with comment' do
  415. expect(mail[:body]).to include(raw_body)
  416. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  417. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to be_nil
  418. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be true
  419. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to include(expired_email_address).and include('expired')
  420. end
  421. it_behaves_like 'HttpLog writer', 'success'
  422. end
  423. end
  424. context 'no private key present' do
  425. let(:mail) do
  426. smime_mail = build_mail
  427. mail = Channel::EmailParser.new.parse(smime_mail.to_s)
  428. sender_certificate.destroy!
  429. recipient_certificate.destroy!
  430. SecureMailing.incoming(mail)
  431. mail
  432. end
  433. it 'fails' do
  434. expect(mail[:body]).to include('no visible content')
  435. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be false
  436. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to be_nil
  437. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be false
  438. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to eq('Private key for decryption could not be found.')
  439. end
  440. it_behaves_like 'HttpLog writer', 'failed'
  441. end
  442. end
  443. context 'with signature verification and decryption' do
  444. let!(:sender_certificate) { create(:smime_certificate, :with_private, fixture: sender_email_address) }
  445. let!(:recipient_certificate) { create(:smime_certificate, :with_private, fixture: recipient_email_address) }
  446. let(:security_preferences) do
  447. {
  448. type: 'S/MIME',
  449. sign: {
  450. success: true,
  451. },
  452. encryption: {
  453. success: true,
  454. },
  455. }
  456. end
  457. let(:mail) do
  458. smime_mail = build_mail
  459. mail = Channel::EmailParser.new.parse(smime_mail.to_s)
  460. SecureMailing.incoming(mail)
  461. mail
  462. end
  463. context 'with wrapped mime-type S/MIME signature (e.g. for Microsoft Outlook)' do
  464. before do
  465. # We need to disable the open ssl detached flag, to force the smime-type with 'signed-data'.
  466. stub_const('OpenSSL::PKCS7::DETACHED', nil)
  467. end
  468. it 'check that mail was decrypted' do
  469. expect(mail['x-zammad-article-preferences'][:security][:encryption][:success]).to be true
  470. end
  471. it 'check that encryption comment exists' do
  472. expect(mail['x-zammad-article-preferences'][:security][:encryption][:comment]).to eq(recipient_certificate_subject)
  473. end
  474. it 'check that mail was verified' do
  475. expect(mail['x-zammad-article-preferences'][:security][:sign][:success]).to be true
  476. end
  477. it 'check that signe comment exists' do
  478. expect(mail['x-zammad-article-preferences'][:security][:sign][:comment]).to eq(sender_certificate_subject)
  479. end
  480. it 'check that body was endcrypted and verified' do
  481. expect(mail[:body]).to include(raw_body)
  482. end
  483. end
  484. end
  485. end
  486. describe '.retry' do
  487. let(:sender_email_address) { customer_email_address }
  488. let(:recipient_email_address) { system_email_address }
  489. let(:security_preferences) do
  490. {
  491. type: 'S/MIME',
  492. sign: {
  493. success: true,
  494. },
  495. encryption: {
  496. success: true,
  497. },
  498. }
  499. end
  500. let(:mail) do
  501. sender_certificate = create(:smime_certificate, :with_private, fixture: sender_email_address)
  502. recipient_certificate = create(:smime_certificate, :with_private, fixture: system_email_address)
  503. smime_mail = Channel::EmailBuild.build(
  504. from: sender_email_address,
  505. to: recipient_email_address,
  506. body: raw_body,
  507. content_type: 'text/plain',
  508. security: security_preferences,
  509. attachments: [
  510. {
  511. content_type: 'text/plain',
  512. content: 'blub',
  513. filename: 'test-file1.txt',
  514. },
  515. ],
  516. )
  517. mail = Channel::EmailParser.new.parse(smime_mail.to_s)
  518. sender_certificate.destroy
  519. recipient_certificate.destroy
  520. mail
  521. end
  522. let!(:article) do
  523. _ticket, article, _user, _mail = Channel::EmailParser.new.process({}, mail['raw'])
  524. article
  525. end
  526. context 'private key added' do
  527. before do
  528. create(:smime_certificate, :with_private, fixture: recipient_email_address)
  529. create(:smime_certificate, fixture: sender_email_address)
  530. end
  531. it 'succeeds' do
  532. SecureMailing.retry(article)
  533. expect(article.preferences[:security][:sign][:success]).to be true
  534. expect(article.preferences[:security][:sign][:comment]).to eq(sender_certificate_subject)
  535. expect(article.preferences[:security][:encryption][:success]).to be true
  536. expect(article.preferences[:security][:encryption][:comment]).to eq(recipient_certificate_subject)
  537. expect(article.body).to include(raw_body)
  538. expect(article.attachments.count).to eq(1)
  539. expect(article.attachments.first.filename).to eq('test-file1.txt')
  540. end
  541. context 'S/MIME activated' do
  542. before do
  543. Setting.set('smime_integration', false)
  544. end
  545. it 'succeeds' do
  546. Setting.set('smime_integration', true)
  547. SecureMailing.retry(article)
  548. expect(article.preferences[:security][:sign][:success]).to be true
  549. expect(article.preferences[:security][:sign][:comment]).to eq(sender_certificate_subject)
  550. expect(article.preferences[:security][:encryption][:success]).to be true
  551. expect(article.preferences[:security][:encryption][:comment]).to eq(recipient_certificate_subject)
  552. expect(article.body).to include(raw_body)
  553. expect(article.attachments.count).to eq(1)
  554. expect(article.attachments.first.filename).to eq('test-file1.txt')
  555. end
  556. end
  557. end
  558. end
  559. end