From: x2003bruneau Date: Tue, 12 Jun 2007 20:03:09 +0000 (+0000) Subject: Integrates the PGP support with the web interface. X-Git-Tag: 1.8~44 X-Git-Url: http://git.polytechnique.org/?p=banana.git;a=commitdiff_plain;h=a3c90095a1920b1d39cb1e8ffd892ba407351ca6 Integrates the PGP support with the web interface. Some bugfixes and improvements Changelog | 4 ++++ banana/banana.inc.php.in | 4 ++++ banana/message.inc.php | 21 +++++++++++++++++++++ banana/mimepart.inc.php | 19 +++++++++++++++---- banana/templates/banana-message.inc.tpl | 27 ++++++++++++++++++++++++++- 5 files changed, 70 insertions(+), 5 deletions(-) git-svn-id: svn+ssh://murphy/home/svn/banana/trunk@266 9869982d-c50d-0410-be91-f2a2ec7c7c7b --- diff --git a/Changelog b/Changelog index 15f1094..c2c85ff 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,7 @@ +Tue, 12 Jun 2007 Florent Bruneau + + * PGP signature check + Wed, 30 May 2007 Florent Bruneau * Bugfix: references compliance diff --git a/banana/banana.inc.php.in b/banana/banana.inc.php.in index 34ae838..386e4c1 100644 --- a/banana/banana.inc.php.in +++ b/banana/banana.inc.php.in @@ -56,6 +56,10 @@ class Banana static public $msgshow_withthread = true; static public $msgshow_javascript = true; + static public $msgshow_pgpcheck = true; + static public $msgshow_pgppath = 'gpg'; + static public $msgshow_pgpoptions = ''; + /** Match an url * Should be included in a regexp delimited using /, !, , or @ (eg: "/$url_regexp/ui") * If it matches, return 3 main parts : diff --git a/banana/message.inc.php b/banana/message.inc.php index 5caa802..ed733d1 100644 --- a/banana/message.inc.php +++ b/banana/message.inc.php @@ -310,6 +310,27 @@ final class BananaMessage extends BananaMimePart { return Banana::$protocole->canSend(); } + + public function getSignature() + { + $email = $this->getHeaderValue('from'); + if (preg_match('/]+)>?/', $email, $matches)) { + $email = $matches[1]; + } + $signature = BananaMimePart::getSignature(); + if (empty($signature)) { + return $signature; + } else { + foreach ($signature['identity'] as $ident) { + if (strpos($ident, "<$email>") !== false) { + return $signature; + } + } + $signature['certified'] = false; + $signature['certification_error'] = 'mauvaise identité'; + } + return $signature; + } } // vim:set et sw=4 sts=4 ts=4 enc=utf-8: diff --git a/banana/mimepart.inc.php b/banana/mimepart.inc.php index ef549c6..0446640 100644 --- a/banana/mimepart.inc.php +++ b/banana/mimepart.inc.php @@ -179,7 +179,7 @@ class BananaMimePart if (empty($filename)) { $filename = $this->getHeader('content-type', '/name="?([^"]+)"?/'); } - } + } list($type, $subtype) = explode('/', $content_type); switch ($type) { case 'text': case 'message': @@ -221,7 +221,7 @@ class BananaMimePart $newpart = new BananaMimePart($part); if (!is_null($newpart->content_type)) { if ($signed && $newpart->content_type == $this->signature['protocole']) { - $signature = $newpart->body; + $signature = $newpart->body; } elseif ($signed) { $signed_message = $part; } @@ -643,15 +643,20 @@ class BananaMimePart private function checkPGPSignature($signature, $message = null) { + if (!Banana::$msgshow_pgpcheck) { + return true; + } $signname = tempnam(Banana::$spool_root, 'banana_pgp_'); + $gpg = 'LC_ALL="en_US" ' . Banana::$msgshow_pgppath . ' ' . Banana::$msgshow_pgpoptions . ' --verify ' + . $signname . '.asc '; file_put_contents($signname. '.asc', $signature); $gpg_check = array(); if (!is_null($message)) { file_put_contents($signname, str_replace(array("\r\n", "\n"), array("\n", "\r\n"), $message)); - exec('LC_ALL="en_US" gpg --verify ' . $signname . '.asc ' . $signname . ' 2>&1', $gpg_check, $result); + exec($gpg . $signname . ' 2>&1', $gpg_check, $result); unlink($signname); } else { - exec('LC_ALL="en_US" gpg --verify ' . $signname . '.asc 2&>1', $gpg_check, $result); + exec($gpg . '2&>1', $gpg_check, $result); } unlink("$signname.asc"); if (preg_match('/Signature made (.+) using (.+) key ID (.+)/', array_shift($gpg_check), $matches)) { @@ -665,9 +670,11 @@ class BananaMimePart if (preg_match('/Good signature from "(.+)"/', $signature, $matches)) { $this->signature['verify'] = true; $this->signature['identity'] = array($matches[1]); + $this->signature['certified'] = true; } elseif (preg_match('/BAD signature from "(.+)"/', $signature, $matches)) { $this->signature['verify'] = false; $this->signature['identity'] = array($matches[1]); + $this->signature['certified'] = false; } else { return false; } @@ -675,6 +682,10 @@ class BananaMimePart if (preg_match('/aka "(.+)"/', $aka, $matches)) { $this->signature['identity'][] = $matches[1]; } + if (preg_match('/This key is not certified with a trusted signature!/', $aka)) { + $this->signature['certified'] = false; + $this->signature['certification_error'] = _b_("identité non confirmée"); + } } return true; } diff --git a/banana/templates/banana-message.inc.tpl b/banana/templates/banana-message.inc.tpl index b55bc3e..8a07445 100644 --- a/banana/templates/banana-message.inc.tpl +++ b/banana/templates/banana-message.inc.tpl @@ -43,7 +43,7 @@ {assign var=files value=$message->getAttachments()} {if $files|@count} - Fichiers joints + {"Fichiers joints"|b} {foreach from=$files item=file name=attachs} {imglink img=save alt="Enregistrer"|b group=$group artid=$artid part=$file->getFilename() text=$file->getFilename()}{if !$smarty.foreach.attachs.last}, {/if} @@ -51,6 +51,31 @@ {/if} + {assign var=signature value=$message->getSignature()} + {if $signature|@count} + + {"Signature"|b} + + {if $signature.verify && $signature.certified} + {img img=accept alt="Signature valide par une clé de confiance"|b} + {elseif $signature.verify} + {img img=error alt="Signature valide par une clé non vérifiée"|b} + {else} + {img img=exclamation alt="Signature non valide"|b} + {/if} + + {if $signature.verify}{"Valide"|b}... + {else}{"Non valide"|b}...{/if} +   + {"Message signé par la clé"|b} {$signature.key.format}:{$signature.key.id} + {if $signature.certified} + ({"identité vérifiée"|b}) + {else} + ({"non vérifiée"|b} : {$signature.certification_error}) + {/if} + + + {/if} {assign var=alter value=$message->getAlternatives()} {if $alter|@count} diff --git a/img/accept.gif b/img/accept.gif new file mode 100644 index 0000000..95af123 Binary files /dev/null and b/img/accept.gif differ diff --git a/img/error.gif b/img/error.gif new file mode 100644 index 0000000..ce65ef2 Binary files /dev/null and b/img/error.gif differ diff --git a/img/exclamation.gif b/img/exclamation.gif new file mode 100644 index 0000000..289be43 Binary files /dev/null and b/img/exclamation.gif differ