From a3c90095a1920b1d39cb1e8ffd892ba407351ca6 Mon Sep 17 00:00:00 2001 From: x2003bruneau Date: Tue, 12 Jun 2007 20:03:09 +0000 Subject: [PATCH] Integrates the PGP support with the web interface. Some bugfixes and improvements Changelog | 4 ++++ banana/banana.inc.php.in | 4 ++++ banana/message.inc.php | 21 +++++++++++++++++++++ banana/mimepart.inc.php | 19 +++++++++++++++---- banana/templates/banana-message.inc.tpl | 27 ++++++++++++++++++++++++++- 5 files changed, 70 insertions(+), 5 deletions(-) git-svn-id: svn+ssh://murphy/home/svn/banana/trunk@266 9869982d-c50d-0410-be91-f2a2ec7c7c7b --- Changelog | 4 ++++ banana/banana.inc.php.in | 4 ++++ banana/message.inc.php | 21 +++++++++++++++++++++ banana/mimepart.inc.php | 19 +++++++++++++++---- banana/templates/banana-message.inc.tpl | 27 ++++++++++++++++++++++++++- img/accept.gif | Bin 0 -> 1321 bytes img/error.gif | Bin 0 -> 1094 bytes img/exclamation.gif | Bin 0 -> 1105 bytes 8 files changed, 70 insertions(+), 5 deletions(-) create mode 100644 img/accept.gif create mode 100644 img/error.gif create mode 100644 img/exclamation.gif diff --git a/Changelog b/Changelog index 15f1094..c2c85ff 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,7 @@ +Tue, 12 Jun 2007 Florent Bruneau + + * PGP signature check + Wed, 30 May 2007 Florent Bruneau * Bugfix: references compliance diff --git a/banana/banana.inc.php.in b/banana/banana.inc.php.in index 34ae838..386e4c1 100644 --- a/banana/banana.inc.php.in +++ b/banana/banana.inc.php.in @@ -56,6 +56,10 @@ class Banana static public $msgshow_withthread = true; static public $msgshow_javascript = true; + static public $msgshow_pgpcheck = true; + static public $msgshow_pgppath = 'gpg'; + static public $msgshow_pgpoptions = ''; + /** Match an url * Should be included in a regexp delimited using /, !, , or @ (eg: "/$url_regexp/ui") * If it matches, return 3 main parts : diff --git a/banana/message.inc.php b/banana/message.inc.php index 5caa802..ed733d1 100644 --- a/banana/message.inc.php +++ b/banana/message.inc.php @@ -310,6 +310,27 @@ final class BananaMessage extends BananaMimePart { return Banana::$protocole->canSend(); } + + public function getSignature() + { + $email = $this->getHeaderValue('from'); + if (preg_match('/]+)>?/', $email, $matches)) { + $email = $matches[1]; + } + $signature = BananaMimePart::getSignature(); + if (empty($signature)) { + return $signature; + } else { + foreach ($signature['identity'] as $ident) { + if (strpos($ident, "<$email>") !== false) { + return $signature; + } + } + $signature['certified'] = false; + $signature['certification_error'] = 'mauvaise identité'; + } + return $signature; + } } // vim:set et sw=4 sts=4 ts=4 enc=utf-8: diff --git a/banana/mimepart.inc.php b/banana/mimepart.inc.php index ef549c6..0446640 100644 --- a/banana/mimepart.inc.php +++ b/banana/mimepart.inc.php @@ -179,7 +179,7 @@ class BananaMimePart if (empty($filename)) { $filename = $this->getHeader('content-type', '/name="?([^"]+)"?/'); } - } + } list($type, $subtype) = explode('/', $content_type); switch ($type) { case 'text': case 'message': @@ -221,7 +221,7 @@ class BananaMimePart $newpart = new BananaMimePart($part); if (!is_null($newpart->content_type)) { if ($signed && $newpart->content_type == $this->signature['protocole']) { - $signature = $newpart->body; + $signature = $newpart->body; } elseif ($signed) { $signed_message = $part; } @@ -643,15 +643,20 @@ class BananaMimePart private function checkPGPSignature($signature, $message = null) { + if (!Banana::$msgshow_pgpcheck) { + return true; + } $signname = tempnam(Banana::$spool_root, 'banana_pgp_'); + $gpg = 'LC_ALL="en_US" ' . Banana::$msgshow_pgppath . ' ' . Banana::$msgshow_pgpoptions . ' --verify ' + . $signname . '.asc '; file_put_contents($signname. '.asc', $signature); $gpg_check = array(); if (!is_null($message)) { file_put_contents($signname, str_replace(array("\r\n", "\n"), array("\n", "\r\n"), $message)); - exec('LC_ALL="en_US" gpg --verify ' . $signname . '.asc ' . $signname . ' 2>&1', $gpg_check, $result); + exec($gpg . $signname . ' 2>&1', $gpg_check, $result); unlink($signname); } else { - exec('LC_ALL="en_US" gpg --verify ' . $signname . '.asc 2&>1', $gpg_check, $result); + exec($gpg . '2&>1', $gpg_check, $result); } unlink("$signname.asc"); if (preg_match('/Signature made (.+) using (.+) key ID (.+)/', array_shift($gpg_check), $matches)) { @@ -665,9 +670,11 @@ class BananaMimePart if (preg_match('/Good signature from "(.+)"/', $signature, $matches)) { $this->signature['verify'] = true; $this->signature['identity'] = array($matches[1]); + $this->signature['certified'] = true; } elseif (preg_match('/BAD signature from "(.+)"/', $signature, $matches)) { $this->signature['verify'] = false; $this->signature['identity'] = array($matches[1]); + $this->signature['certified'] = false; } else { return false; } @@ -675,6 +682,10 @@ class BananaMimePart if (preg_match('/aka "(.+)"/', $aka, $matches)) { $this->signature['identity'][] = $matches[1]; } + if (preg_match('/This key is not certified with a trusted signature!/', $aka)) { + $this->signature['certified'] = false; + $this->signature['certification_error'] = _b_("identité non confirmée"); + } } return true; } diff --git a/banana/templates/banana-message.inc.tpl b/banana/templates/banana-message.inc.tpl index b55bc3e..8a07445 100644 --- a/banana/templates/banana-message.inc.tpl +++ b/banana/templates/banana-message.inc.tpl @@ -43,7 +43,7 @@ {assign var=files value=$message->getAttachments()} {if $files|@count} - Fichiers joints + {"Fichiers joints"|b} {foreach from=$files item=file name=attachs} {imglink img=save alt="Enregistrer"|b group=$group artid=$artid part=$file->getFilename() text=$file->getFilename()}{if !$smarty.foreach.attachs.last}, {/if} @@ -51,6 +51,31 @@ {/if} + {assign var=signature value=$message->getSignature()} + {if $signature|@count} + + {"Signature"|b} + + {if $signature.verify && $signature.certified} + {img img=accept alt="Signature valide par une clé de confiance"|b} + {elseif $signature.verify} + {img img=error alt="Signature valide par une clé non vérifiée"|b} + {else} + {img img=exclamation alt="Signature non valide"|b} + {/if} + + {if $signature.verify}{"Valide"|b}... + {else}{"Non valide"|b}...{/if} +   + {"Message signé par la clé"|b} {$signature.key.format}:{$signature.key.id} + {if $signature.certified} + ({"identité vérifiée"|b}) + {else} + ({"non vérifiée"|b} : {$signature.certification_error}) + {/if} + + + {/if} {assign var=alter value=$message->getAlternatives()} {if $alter|@count} diff --git a/img/accept.gif b/img/accept.gif new file mode 100644 index 0000000000000000000000000000000000000000..95af12361d5ba9694ed491bd60d326997d1816ca GIT binary patch literal 1321 zcmdUvOK1~87=ZsIH8HVGTU*<;58e1kTTScQ`be$TG>Imq9@ZilJta+Jx6r1;X4Un! zq^-?CaEq5!Jj5pvL{<;7$35<$V8B-pkq9C^1_Y_7#M!J;5Q`Tt4*So3|6}Io|7V!c z@NsW{tPbknBj_V6`3Qy(G{h@RSoG!!Sz762)F{HA66KYspfE^|NcoIh%tcg+*BC~o z!!pUsQ9A2GYDCn8Y+mG5#+M_I#t15s3L;WyQ57;OLP|tZ1zwGcT87t1ODiQpAXZjZ2%aDiQ7P;Hm|S0~OaLKpmA?%K0;3^+XfL(57r?v}Luks3 ziueIa;=&5FLLI6`E_BKu! z+^O@J!H0Fe$RQ5L&^pJN*f?e^;9*aV1~7}5of8IUbsjTV*7-twLSL(5rjq6H$s|@v zSn-Z0QgPe>JsB5AEDkc?#N4en0RQpeMgRue0W3?awzDaKhxY-R-K(}vd=oaE22lD| zZJ$n7nqq2NN}cP&jmE=N?FU%*u3Y})2C!WN_%4>qUvHPo-|yfYZvoU~{5*T15{skF z{Q!T{jpB^mjYH7${1n~%8^29f8lZcC0=N|hIPCx!nFqM>9-!k9K*Li2x(47>KbXBA zeu>en%DR?7Y-)0hjd6)_Qok^PnW-5zg<|nU#r^LlF2UnN0SL^XOYGzX!;wSyekE|i zX>^`TupV+a8Sn9sy%e>-lGUTn`hx?u2SO-4J2!thwEL*dwlG`QL|CoFP|L!u!?o=e zOM7kaf%&7?>s#-)*1O5Uxh=K#?CaOt_iuLh%-V>q)+bL62EEP!U%H{gV(;s>?+FH- zo2g^z7VA!nKX~NX4%dd~FT0%fLvMo38(q!YUZlI-+g)w@1~z(XI!tqeZElClFRK^R n!lK_tNSVjcp(_oIRc$S!E~}$)t0O$c-OVgsZ3{RZRWR@a;beiYv^4~CxtB5X}d38w}M&wrh!5(fRxugf@-Q0vZuXk5lJy~Gv zA#fptNWm(IJxJ`y_PD@@J@{}Vs{0^u1Bu()0U=I*Cr(p!3{FZ^>VJG^!+1{ z+yL*pwOmI}kI`*BDF|SwBYt%eot+xb=zK}zI|3&VA4X#~8VnI83tarfxSw#Ea7{$# zjK(uM=QLhsBU)^MFdbJzb8(^|qIg2#1WOvA6%$yFCr-wvguAr{kS7sg4B&DLfN8gE zn@Rv|y#i?LDBGM4fci;*yt`~WxKV0~pM>n4pRVzBuDDnG00K?i_&9pEsns=r>S z>fuXLV~=az&p@1jQI?0FZ}N7MbKsxEEUepsk_Sa`;bxSCciJMU5% z=E=34t)2UA!|u(l*+V6EaoqZI@v)`i_Sf7ag^t?3E$(Nc+yfsQsP}fY_c*HWIXX_! zSDW2U4u`G9YU(-N>TmA8aAqyKZtbkE^__J0t(j_SOeU|b{lq|Tzq@_=P2SyTI7^w$ U=ib_BS6f4+!C<^OGzbHK0Jdu#mH+?% literal 0 HcmV?d00001 diff --git a/img/exclamation.gif b/img/exclamation.gif new file mode 100644 index 0000000000000000000000000000000000000000..289be436b72bfb3bde476e2fd6397c23ee743643 GIT binary patch literal 1105 zcmb`GO-vI(6vtl+(f}J*wiQWM0%66(Y`^GYplr4a){E{% zQ*KMVG|Hir#E^hQFNTAMo(wS`)4To~W^d0B1V^YPPDr@f5(? zLx47G)n_vS7{>rMoK@fMzrd&?-t z4nQFpon_`Ku_#*W2Kbw;ew?bV9)gnR_fXvXcqdsYfU*J@z)}!ktN~!~4#52n06psf zho1uA27nPaXkDNF47FI5eeM46)MSJSv+