Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Request Tracker: Commit

rt branch, 4.2/smime-v2, updated. rt-4.0.4-513-g81521f5

  

 
Request Tracker commit RSS feed   Index | Next | Previous | View Threaded


ruz at bestpractical

Apr 30, 2012, 12:07 PM

Post #1 of 1 (94 views)
Permalink
rt branch, 4.2/smime-v2, updated. rt-4.0.4-513-g81521f5
The branch, 4.2/smime-v2 has been updated
via 81521f5eae00c0beb518a19f6591459f59360e8a (commit)
via 9e56f97e18a5f6eb78d5bf84c07fa41c4c82b774 (commit)
via 94b972a6ba43339a64d007f94a7d0700ada7d0e8 (commit)
via 9ded926e928ea595fbe8dc08abcf55be4c828974 (commit)
via fb5ae1d2754565576c8fa3c42f4105e98d73bbcd (commit)
via 59a702f666b6a9942aed5eabf229e59e36124186 (commit)
via e7c0d0d1a65f2861f996122720b2d04756ebb4d1 (commit)
via 78ff1d33f74bf8c2430237145b7e27a2b79b237c (commit)
via 386cd724b7ff7139ce291726673893974f6f8726 (commit)
from b48dafb0098d98a0d3ef789d4e65093cb4837a3e (commit)

Summary of changes:
lib/RT/Config.pm | 9 ++++
lib/RT/Crypt.pm | 3 -
lib/RT/Crypt/SMIME.pm | 48 ++++++++++++++-----
share/html/Ticket/Elements/ShowCryptStatus | 2 +-
.../Ticket/Elements/ShowTransactionAttachments | 2 +-
5 files changed, 46 insertions(+), 18 deletions(-)

- Log -----------------------------------------------------------------
commit 59a702f666b6a9942aed5eabf229e59e36124186
Author: Ruslan Zakirov <ruz [at] bestpractical>
Date: Fri Apr 20 23:29:02 2012 +0400

don't load crypt implementations right away

loading GnuPG module fails if you don't have required
modules

diff --git a/lib/RT/Crypt.pm b/lib/RT/Crypt.pm
index c19bdee..8f348d1 100644
--- a/lib/RT/Crypt.pm
+++ b/lib/RT/Crypt.pm
@@ -4,9 +4,6 @@ use warnings;

package RT::Crypt;

-require RT::Crypt::GnuPG;
-require RT::Crypt::SMIME;
-
=head1 NAME

RT::Crypt - encrypt/decrypt and sign/verify subsystem for RT

commit fb5ae1d2754565576c8fa3c42f4105e98d73bbcd
Author: Ruslan Zakirov <ruz [at] bestpractical>
Date: Fri Apr 20 23:29:52 2012 +0400

more protection, make sure crypt modules are laoded

diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index d4d4be7..ba11a12 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -619,6 +619,15 @@ our %META = (
require RT::Crypt;
my @enabled = RT::Crypt->EnabledProtocols;

+ foreach my $proto (splice @enabled) {
+ local $@;
+ eval "require RT::Crypt::$proto; 1" or do {
+ $RT::Logger->error("You enabled $proto cryptography, but we couldn't load module RT::Crypt::$proto: $@");
+ next;
+ };
+ push @enabled, $proto;
+ }
+
my $opt = $self->Get('Crypt');
$opt->{'Enable'} = scalar @enabled;;
unless ( $opt->{'Incoming'} && @{ $opt->{'Incoming'} } ) {

commit 9ded926e928ea595fbe8dc08abcf55be4c828974
Author: Ruslan Zakirov <ruz [at] bestpractical>
Date: Mon Apr 30 22:28:38 2012 +0400

drop shift() call, shouldn't be there

it was a typo, sometimes harmless, sometimes can shift
defined value from @ARGV. Depends on web server environment.

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 2a26166..45c4eef 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -92,7 +92,7 @@ and passphrase pairs for keys in the keyring.

=cut

-{ my $cache = shift;
+{ my $cache = '';
sub OpenSSLPath {
return $cache ||= RT->Config->Get('SMIME')->{'OpenSSL'};
} }

commit 94b972a6ba43339a64d007f94a7d0700ada7d0e8
Author: Ruslan Zakirov <ruz [at] bestpractical>
Date: Mon Apr 30 22:31:48 2012 +0400

be double sure openssl path is set to something

we do it in a few places, it's ok do it here as well

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 45c4eef..b875b8f 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -94,7 +94,7 @@ and passphrase pairs for keys in the keyring.

{ my $cache = '';
sub OpenSSLPath {
- return $cache ||= RT->Config->Get('SMIME')->{'OpenSSL'};
+ return $cache ||= RT->Config->Get('SMIME')->{'OpenSSL'} || 'openssl';
} }

sub SignEncrypt {

commit 9e56f97e18a5f6eb78d5bf84c07fa41c4c82b774
Author: Ruslan Zakirov <ruz [at] bestpractical>
Date: Mon Apr 30 22:34:19 2012 +0400

special case of how openssl prints SMIME certs

It's possible to have the following structure:

<key><separator>
<value with separator>

Fix is sort of workaround

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index b875b8f..e4d1291 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -830,7 +830,9 @@ sub ParseCertificateInfo {
# Validity # no trailing ':'
# Not After : XXXXXX # space before ':'
# countryName=RU # '=' as separator
- my ($prefix, $key, $value) = ($line =~ /^(\s*)(.*?)\s*(?:[:=]\s*(.*?)|)\s*$/);
+ # Serial Number:
+ # he:xv:al:ue
+ my ($prefix, $key, $value) = ($line =~ /^(\s*)(.*?)\s*(?:(?:=\s*|:\s+)(\S.*?)|:|)\s*$/);
if ( $first_line ) {
$prefix{$prefix} = \%res;
$first_line = 0;
@@ -854,6 +856,26 @@ sub ParseCertificateInfo {
($prev_prefix, $prev_key) = ($prefix, $key);
}

+ my ($filter_out, $wfilter_out);
+ $filter_out = $wfilter_out = sub {
+ my $h = shift;
+ foreach my $e ( keys %$h ) {
+ next unless ref $h->{$e};
+ if ( 1 == keys %{$h->{$e}} ) {
+ my $sube = (keys %{$h->{$e}})[0];
+ if ( ref $h->{$e}{$sube} && !keys %{ $h->{$e}{$sube} } ) {
+ $h->{$e} = $sube;
+ next;
+ }
+ }
+
+ $filter_out->( $h->{$e} );
+ }
+ };
+ Scalar::Util::weaken($wfilter_out);
+
+ $filter_out->(\%res);
+
return %res;
}


commit 81521f5eae00c0beb518a19f6591459f59360e8a
Author: Ruslan Zakirov <ruz [at] bestpractical>
Date: Mon Apr 30 22:37:43 2012 +0400

special case of how openssl prints SMIME certs

openssl 0.9.8 and openssl 1.0.1 print the same cert
very differently. 1.0.1 prints the following thing:

<key>:
... nested structure ...
<otherkey>: <value>
... nested structure continues ...

Example:

Data:
...
Serial Number: 9974010075738841110 (0x8a6acd51be94a016)
Signature Algorithm: sha1WithRSAEncryption
Issuer: ...
...

So it's hard to say where Issuer belongs.

Now "<key>: <value>" strings don't delete pointers to existing
placeholders for nested structures. Hope output wouldn't get
more messier.

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index e4d1291..7375594 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -848,12 +848,12 @@ sub ParseCertificateInfo {
}
else {
$put_into->{$key} = {};
- }
- delete $prefix{$_} foreach
- grep length($_) > length($prefix),
- keys %prefix;
+ delete $prefix{$_} foreach
+ grep length($_) > length($prefix),
+ keys %prefix;

- ($prev_prefix, $prev_key) = ($prefix, $key);
+ ($prev_prefix, $prev_key) = ($prefix, $key);
+ }
}

my ($filter_out, $wfilter_out);

-----------------------------------------------------------------------
_______________________________________________
Rt-commit mailing list
Rt-commit [at] lists
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-commit

Request Tracker commit RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.