diff options
Diffstat (limited to 'extensions/SecureMail')
11 files changed, 1031 insertions, 0 deletions
diff --git a/extensions/SecureMail/Config.pm b/extensions/SecureMail/Config.pm new file mode 100644 index 000000000..f1975c1c1 --- /dev/null +++ b/extensions/SecureMail/Config.pm @@ -0,0 +1,49 @@ +# -*- Mode: perl; indent-tabs-mode: nil -*- +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Bugzilla SecureMail Extension +# +# The Initial Developer of the Original Code is Mozilla. +# Portions created by Mozilla are Copyright (C) 2008 Mozilla Corporation. +# All Rights Reserved. +# +# Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> +# Gervase Markham <gerv@gerv.net> + +package Bugzilla::Extension::SecureMail; +use strict; + +use constant NAME => 'SecureMail'; + +use constant REQUIRED_MODULES => [ + { + package => 'Crypt-OpenPGP', + module => 'Crypt::OpenPGP', + # 1.02 added the ability for new() to take KeyRing objects for the + # PubRing argument. + version => '1.02', + # 1.04 hangs - https://rt.cpan.org/Public/Bug/Display.html?id=68018 + # blacklist => [ '1.04' ], + }, + { + package => 'Crypt-SMIME', + module => 'Crypt::SMIME', + version => 0, + }, + { + package => 'HTML-Tree', + module => 'HTML::Tree', + version => 0, + } +]; + +__PACKAGE__->NAME; diff --git a/extensions/SecureMail/Extension.pm b/extensions/SecureMail/Extension.pm new file mode 100644 index 000000000..687112955 --- /dev/null +++ b/extensions/SecureMail/Extension.pm @@ -0,0 +1,659 @@ +# -*- Mode: perl; indent-tabs-mode: nil -*- +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Bugzilla SecureMail Extension +# +# The Initial Developer of the Original Code is the Mozilla Foundation. +# Portions created by Mozilla are Copyright (C) 2008 Mozilla Foundation. +# All Rights Reserved. +# +# Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> +# Gervase Markham <gerv@gerv.net> + +package Bugzilla::Extension::SecureMail; +use strict; +use base qw(Bugzilla::Extension); + +use Bugzilla::Attachment; +use Bugzilla::Comment; +use Bugzilla::Group; +use Bugzilla::Object; +use Bugzilla::User; +use Bugzilla::Util qw(correct_urlbase trim trick_taint is_7bit_clean); +use Bugzilla::Error; +use Bugzilla::Mailer; + +use Crypt::OpenPGP::Armour; +use Crypt::OpenPGP::KeyRing; +use Crypt::OpenPGP; +use Crypt::SMIME; +use Encode; +use HTML::Tree; + +our $VERSION = '0.5'; + +use constant SECURE_NONE => 0; +use constant SECURE_BODY => 1; +use constant SECURE_ALL => 2; + +############################################################################## +# Creating new columns +# +# secure_mail boolean in the 'groups' table - whether to send secure mail +# public_key text in the 'profiles' table - stores public key +############################################################################## +sub install_update_db { + my ($self, $args) = @_; + + my $dbh = Bugzilla->dbh; + $dbh->bz_add_column('groups', 'secure_mail', + {TYPE => 'BOOLEAN', NOTNULL => 1, DEFAULT => 0}); + $dbh->bz_add_column('profiles', 'public_key', { TYPE => 'LONGTEXT' }); +} + +############################################################################## +# Maintaining new columns +############################################################################## + +BEGIN { + *Bugzilla::Group::secure_mail = \&_group_secure_mail; + *Bugzilla::User::public_key = \&_user_public_key; +} + +sub _group_secure_mail { return $_[0]->{'secure_mail'}; } + +# We want to lazy-load the public_key. +sub _user_public_key { + my $self = shift; + if (!exists $self->{public_key}) { + ($self->{public_key}) = Bugzilla->dbh->selectrow_array( + "SELECT public_key FROM profiles WHERE userid = ?", + undef, + $self->id + ); + } + return $self->{public_key}; +} + +# Make sure generic functions know about the additional fields in the user +# and group objects. +sub object_columns { + my ($self, $args) = @_; + my $class = $args->{'class'}; + my $columns = $args->{'columns'}; + + if ($class->isa('Bugzilla::Group')) { + push(@$columns, 'secure_mail'); + } +} + +# Plug appropriate validators so we can check the validity of the two +# fields created by this extension, when new values are submitted. +sub object_validators { + my ($self, $args) = @_; + my %args = %{ $args }; + my ($invocant, $validators) = @args{qw(class validators)}; + + if ($invocant->isa('Bugzilla::Group')) { + $validators->{'secure_mail'} = \&Bugzilla::Object::check_boolean; + } + elsif ($invocant->isa('Bugzilla::User')) { + $validators->{'public_key'} = sub { + my ($self, $value) = @_; + $value = trim($value) || ''; + + return $value if $value eq ''; + + if ($value =~ /PUBLIC KEY/) { + # PGP keys must be ASCII-armoured. + if (!Crypt::OpenPGP::Armour->unarmour($value)) { + ThrowUserError('securemail_invalid_key', + { errstr => Crypt::OpenPGP::Armour->errstr }); + } + } + elsif ($value =~ /BEGIN CERTIFICATE/) { + # S/MIME Keys must be in PEM format (Base64-encoded X.509) + # + # Crypt::SMIME seems not to like tainted values - it claims + # they aren't scalars! + trick_taint($value); + + my $smime = Crypt::SMIME->new(); + eval { + $smime->setPublicKey([$value]); + }; + if ($@) { + ThrowUserError('securemail_invalid_key', + { errstr => $@ }); + } + } + else { + ThrowUserError('securemail_invalid_key'); + } + + return $value; + }; + } +} + +# When creating a 'group' object, set up the secure_mail field appropriately. +sub object_before_create { + my ($self, $args) = @_; + my $class = $args->{'class'}; + my $params = $args->{'params'}; + + if ($class->isa('Bugzilla::Group')) { + $params->{secure_mail} = Bugzilla->cgi->param('secure_mail'); + } +} + +# On update, make sure the updating process knows about our new columns. +sub object_update_columns { + my ($self, $args) = @_; + my $object = $args->{'object'}; + my $columns = $args->{'columns'}; + + if ($object->isa('Bugzilla::Group')) { + # This seems like a convenient moment to extract this value... + $object->set('secure_mail', Bugzilla->cgi->param('secure_mail')); + + push(@$columns, 'secure_mail'); + } + elsif ($object->isa('Bugzilla::User')) { + push(@$columns, 'public_key'); + } +} + +# Handle the setting and changing of the public key. +sub user_preferences { + my ($self, $args) = @_; + my $tab = $args->{'current_tab'}; + my $save = $args->{'save_changes'}; + my $handled = $args->{'handled'}; + my $vars = $args->{'vars'}; + my $params = Bugzilla->input_params; + + return unless $tab eq 'securemail'; + + # Create a new user object so we don't mess with the main one, as we + # don't know where it's been... + my $user = new Bugzilla::User(Bugzilla->user->id); + + if ($save) { + $user->set('public_key', $params->{'public_key'}); + $user->update(); + + # Send user a test email + if ($user->public_key) { + _send_test_email($user); + $vars->{'test_email_sent'} = 1; + } + } + + $vars->{'public_key'} = $user->public_key; + + # Set the 'handled' scalar reference to true so that the caller + # knows the panel name is valid and that an extension took care of it. + $$handled = 1; +} + +sub template_before_process { + my ($self, $args) = @_; + my $file = $args->{'file'}; + my $vars = $args->{'vars'}; + + # Bug dependency emails contain the subject of the dependent bug + # right before the diffs when a status has gone from open/closed + # or closed/open. We need to sanitize the subject of change.blocker + # similar to how we do referenced bugs + return unless + $file eq 'email/bugmail.html.tmpl' + || $file eq 'email/bugmail.txt.tmpl'; + + if (defined $vars->{diffs}) { + foreach my $change (@{ $vars->{diffs} }) { + next if !defined $change->{blocker}; + if (grep($_->secure_mail, @{ $change->{blocker}->groups_in })) { + $change->{blocker}->{short_desc} = "(Secure bug)"; + } + } + } +} + +sub _send_test_email { + my ($user) = @_; + my $template = Bugzilla->template_inner($user->settings->{'lang'}->{'value'}); + + my $vars = { + to_user => $user->email, + }; + + my $msg = ""; + $template->process("account/email/securemail-test.txt.tmpl", $vars, \$msg) + || ThrowTemplateError($template->error()); + + MessageToMTA($msg); +} + +############################################################################## +# Encrypting the email +############################################################################## +sub mailer_before_send { + my ($self, $args) = @_; + + my $email = $args->{'email'}; + my $body = $email->body; + + # Decide whether to make secure. + # This is a bit of a hack; it would be nice if it were more clear + # what sort a particular email is. + my $is_bugmail = $email->header('X-Bugzilla-Status') || + $email->header('X-Bugzilla-Type') eq 'request'; + my $is_passwordmail = !$is_bugmail && ($body =~ /cfmpw.*cxlpw/s); + my $is_test_email = $email->header('X-Bugzilla-Type') =~ /securemail-test/ ? 1 : 0; + my $is_whine_email = $email->header('X-Bugzilla-Type') eq 'whine' ? 1 : 0; + my $encrypt_header = $email->header('X-Bugzilla-Encrypt') ? 1 : 0; + + if ($is_bugmail + || $is_passwordmail + || $is_test_email + || $is_whine_email + || $encrypt_header + ) { + # Convert the email's To address into a User object + my $login = $email->header('To'); + my $emailsuffix = Bugzilla->params->{'emailsuffix'}; + $login =~ s/$emailsuffix$//; + my $user = new Bugzilla::User({ name => $login }); + + # Default to secure. (Of course, this means if this extension has a + # bug, lots of people are going to get bugmail falsely claiming their + # bugs are secure and they need to add a key...) + my $make_secure = SECURE_ALL; + + if ($is_bugmail) { + # This is also a bit of a hack, but there's no header with the + # bug ID in. So we take the first number in the subject. + my ($bug_id) = ($email->header('Subject') =~ /\[\D+(\d+)\]/); + my $bug = new Bugzilla::Bug($bug_id); + if (!_should_secure_bug($bug)) { + $make_secure = SECURE_NONE; + } + # If the insider group has securemail enabled.. + my $insider_group = Bugzilla::Group->new({ name => Bugzilla->params->{'insidergroup'} }); + if ($insider_group + && $insider_group->secure_mail + && $make_secure == SECURE_NONE) + { + my $comment_is_private = Bugzilla->dbh->selectcol_arrayref( + "SELECT isprivate FROM longdescs WHERE bug_id=? ORDER BY bug_when", + undef, $bug_id); + # Encrypt if there are private comments on an otherwise public bug + while ($body =~ /[\r\n]--- Comment #(\d+)/g) { + my $comment_number = $1; + if ($comment_number && $comment_is_private->[$comment_number]) { + $make_secure = SECURE_BODY; + last; + } + } + # Encrypt if updating a private attachment without a comment + if ($email->header('X-Bugzilla-Changed-Fields') + && $email->header('X-Bugzilla-Changed-Fields') =~ /Attachment #(\d+)/) + { + my $attachment = Bugzilla::Attachment->new($1); + if ($attachment && $attachment->isprivate) { + $make_secure = SECURE_BODY; + } + } + } + } + elsif ($is_passwordmail) { + # Mail is made unsecure only if the user does not have a public + # key and is not in any security groups. So specifying a public + # key OR being in a security group means the mail is kept secure + # (but, as noted above, the check is the other way around because + # we default to secure). + if ($user && + !$user->public_key && + !grep($_->secure_mail, @{ $user->groups })) + { + $make_secure = SECURE_NONE; + } + } + elsif ($is_whine_email) { + # When a whine email has one or more secure bugs in the body, then + # encrypt the entire email body. Subject can be left alone as it + # comes from the whine settings. + $make_secure = _should_secure_whine($email) ? SECURE_BODY : SECURE_NONE; + } + elsif ($encrypt_header) { + # Templates or code may set the X-Bugzilla-Encrypt header to + # trigger encryption of emails. Remove that header from the email. + $email->header_set('X-Bugzilla-Encrypt'); + } + + # If finding the user fails for some reason, but we determine we + # should be encrypting, we want to make the mail safe. An empty key + # does that. + my $public_key = $user ? $user->public_key : ''; + + # Check if the new bugmail prefix should be added to the subject. + my $add_new = ($email->header('X-Bugzilla-Type') eq 'new' && + $user && + $user->settings->{'bugmail_new_prefix'}->{'value'} eq 'on') ? 1 : 0; + + if ($make_secure == SECURE_NONE) { + # Filter the bug_links in HTML email in case the bugs the links + # point are "secured" bugs and the user may not be able to see + # the summaries. + _filter_bug_links($email); + } + else { + _make_secure($email, $public_key, $is_bugmail && $make_secure == SECURE_ALL, $add_new); + } + } +} + +# Custom hook for bugzilla.mozilla.org (see bug 752400) +sub bugmail_referenced_bugs { + my ($self, $args) = @_; + # Sanitise subjects of referenced bugs. + my $referenced_bugs = $args->{'referenced_bugs'}; + # No need to sanitise subjects if the entire email will be secured. + return if _should_secure_bug($args->{'updated_bug'}); + # Replace the subject if required + foreach my $ref (@$referenced_bugs) { + if (grep($_->secure_mail, @{ $ref->{'bug'}->groups_in })) { + $ref->{'short_desc'} = "(Secure bug)"; + } + } +} + +sub _should_secure_bug { + my ($bug) = @_; + # If there's a problem with the bug, err on the side of caution and mark it + # as secure. + return + !$bug + || $bug->{'error'} + || grep($_->secure_mail, @{ $bug->groups_in }); +} + +sub _should_secure_whine { + my ($email) = @_; + my $should_secure = 0; + $email->walk_parts(sub { + my $part = shift; + my $content_type = $part->content_type; + return if !$content_type || $content_type !~ /^text\/plain/; + my $body = $part->body; + my @bugids = $body =~ /Bug (\d+):/g; + foreach my $id (@bugids) { + $id = trim($id); + next if !$id; + my $bug = new Bugzilla::Bug($id); + if ($bug && _should_secure_bug($bug)) { + $should_secure = 1; + last; + } + } + }); + return $should_secure ? 1 : 0; +} + +sub _make_secure { + my ($email, $key, $sanitise_subject, $add_new) = @_; + + # Add header showing this email has been secured + $email->header_set('X-Bugzilla-Secure-Email', 'Yes'); + + my $subject = $email->header('Subject'); + my ($bug_id) = $subject =~ /\[\D+(\d+)\]/; + + my $key_type = 0; + if ($key && $key =~ /PUBLIC KEY/) { + $key_type = 'PGP'; + } + elsif ($key && $key =~ /BEGIN CERTIFICATE/) { + $key_type = 'S/MIME'; + } + + if ($key_type eq 'PGP') { + ################## + # PGP Encryption # + ################## + + my $pubring = new Crypt::OpenPGP::KeyRing(Data => $key); + my $pgp = new Crypt::OpenPGP(PubRing => $pubring); + + if (scalar $email->parts > 1) { + my $old_boundary = $email->{ct}{attributes}{boundary}; + my $to_encrypt = "Content-Type: " . $email->content_type . "\n\n"; + + # We need to do some fix up of each part for proper encoding and then + # stringify all parts for encrypting. We have to retain the old + # boundaries as well so that the email client can reconstruct the + # original message properly. + $email->walk_parts(\&_fix_part); + + $email->walk_parts(sub { + my ($part) = @_; + if ($sanitise_subject) { + _insert_subject($part, $subject); + } + return if $part->parts > 1; # Top-level + $to_encrypt .= "--$old_boundary\n" . $part->as_string . "\n"; + }); + $to_encrypt .= "--$old_boundary--"; + + # Now create the new properly formatted PGP parts containing the + # encrypted original message + my @new_parts = ( + Email::MIME->create( + attributes => { + content_type => 'application/pgp-encrypted', + encoding => '7bit', + }, + body => "Version: 1\n", + ), + Email::MIME->create( + attributes => { + content_type => 'application/octet-stream', + filename => 'encrypted.asc', + disposition => 'inline', + encoding => '7bit', + }, + body => _pgp_encrypt($pgp, $to_encrypt) + ), + ); + $email->parts_set(\@new_parts); + my $new_boundary = $email->{ct}{attributes}{boundary}; + # Redo the old content type header with the new boundaries + # and other information needed for PGP + $email->header_set("Content-Type", + "multipart/encrypted; " . + "protocol=\"application/pgp-encrypted\"; " . + "boundary=\"$new_boundary\""); + } + else { + _fix_part($email); + if ($sanitise_subject) { + _insert_subject($email, $subject); + } + $email->body_set(_pgp_encrypt($pgp, $email->body)); + } + } + + elsif ($key_type eq 'S/MIME') { + ##################### + # S/MIME Encryption # + ##################### + + $email->walk_parts(\&_fix_part); + + if ($sanitise_subject) { + $email->walk_parts(sub { _insert_subject($_[0], $subject) }); + } + + my $smime = Crypt::SMIME->new(); + my $encrypted; + + eval { + $smime->setPublicKey([$key]); + $encrypted = $smime->encrypt($email->as_string()); + }; + + if (!$@) { + # We can't replace the Email::MIME object, so we have to swap + # out its component parts. + my $enc_obj = new Email::MIME($encrypted); + $email->header_obj_set($enc_obj->header_obj()); + $email->parts_set([]); + $email->body_set($enc_obj->body()); + $email->content_type_set('application/pkcs7-mime'); + $email->charset_set('UTF-8') if Bugzilla->params->{'utf8'}; + } + else { + $email->body_set('Error during Encryption: ' . $@); + } + } + else { + # No encryption key provided; send a generic, safe email. + my $template = Bugzilla->template; + my $message; + my $vars = { + 'urlbase' => correct_urlbase(), + 'bug_id' => $bug_id, + 'maintainer' => Bugzilla->params->{'maintainer'} + }; + + $template->process('account/email/encryption-required.txt.tmpl', + $vars, \$message) + || ThrowTemplateError($template->error()); + + $email->parts_set([]); + $email->content_type_set('text/plain'); + $email->body_set($message); + } + + if ($sanitise_subject) { + # This is designed to still work if the admin changes the word + # 'bug' to something else. However, it could break if they change + # the format of the subject line in another way. + my $new = $add_new ? ' New:' : ''; + my $product = $email->header('X-Bugzilla-Product'); + my $component = $email->header('X-Bugzilla-Component'); + # Note: the $bug_id is required within the parentheses in order to keep + # gmail's threading algorithm happy. + $subject =~ s/($bug_id\])\s+(.*)$/$1$new (Secure bug $bug_id in $product :: $component)/; + $email->header_set('Subject', $subject); + } +} + +sub _pgp_encrypt { + my ($pgp, $text) = @_; + # "@" matches every key in the public key ring, which is fine, + # because there's only one key in our keyring. + # + # We use the CAST5 cipher because the Rijndael (AES) module doesn't + # like us for some reason I don't have time to debug fully. + # ("key must be an untainted string scalar") + my $encrypted = $pgp->encrypt(Data => $text, + Recipients => "@", + Cipher => 'CAST5', + Armour => 1); + if (!defined $encrypted) { + return 'Error during Encryption: ' . $pgp->errstr; + } + return $encrypted; +} + +# Insert the subject into the part's body, as the subject of the message will +# be sanitised. +# XXX this incorrectly assumes all parts of the message are the body +# we should only alter parts who's parent is multipart/alternative +sub _insert_subject { + my ($part, $subject) = @_; + my $content_type = $part->content_type or return; + if ($content_type =~ /^text\/plain/) { + if (!is_7bit_clean($subject)) { + $part->encoding_set('quoted-printable'); + } + $part->body_str_set("Subject: $subject\015\012\015\012" . $part->body_str); + } + elsif ($content_type =~ /^text\/html/) { + my $tree = HTML::Tree->new->parse_content($part->body_str); + my $body = $tree->look_down(qw(_tag body)); + $body->unshift_content(['div', "Subject: $subject"], ['br']); + _set_body_from_tree($part, $tree); + } +} + +# Copied from Bugzilla/Mailer as this extension runs before +# this code there and Mailer.pm will no longer see the original +# message. +sub _fix_part { + my ($part) = @_; + return if $part->parts > 1; # Top-level + my $content_type = $part->content_type || ''; + $content_type =~ /charset=['"](.+)['"]/; + # If no charset is defined or is the default us-ascii, + # then we encode the email to UTF-8 if Bugzilla has utf8 enabled. + # XXX - This is a hack to workaround bug 723944. + if (!$1 || $1 eq 'us-ascii') { + my $body = $part->body; + if (Bugzilla->params->{'utf8'}) { + $part->charset_set('UTF-8'); + # encoding_set works only with bytes, not with utf8 strings. + my $raw = $part->body_raw; + if (utf8::is_utf8($raw)) { + utf8::encode($raw); + $part->body_set($raw); + } + } + $part->encoding_set('quoted-printable') if !is_7bit_clean($body); + } +} + +sub _filter_bug_links { + my ($email) = @_; + $email->walk_parts(sub { + my $part = shift; + my $content_type = $part->content_type; + return if !$content_type || $content_type !~ /text\/html/; + my $tree = HTML::Tree->new->parse_content($part->body); + my @links = $tree->look_down( _tag => q{a}, class => qr/bz_bug_link/ ); + my $updated = 0; + foreach my $link (@links) { + my $href = $link->attr('href'); + my ($bug_id) = $href =~ /\Qshow_bug.cgi?id=\E(\d+)/; + my $bug = new Bugzilla::Bug($bug_id); + if ($bug && _should_secure_bug($bug)) { + $link->attr('title', '(secure bug)'); + $link->attr('class', 'bz_bug_link'); + $updated = 1; + } + } + if ($updated) { + _set_body_from_tree($part, $tree); + } + }); +} + +sub _set_body_from_tree { + my ($part, $tree) = @_; + $part->body_set($tree->as_HTML); + $part->charset_set('UTF-8') if Bugzilla->params->{'utf8'}; + $part->encoding_set('quoted-printable'); +} + +__PACKAGE__->NAME; diff --git a/extensions/SecureMail/README b/extensions/SecureMail/README new file mode 100644 index 000000000..ac3484291 --- /dev/null +++ b/extensions/SecureMail/README @@ -0,0 +1,8 @@ +This extension should be placed in a directory called "SecureMail" in the +Bugzilla extensions/ directory. After installing it, remove the file +"disabled" (if present) and then run checksetup.pl. + +Instructions for user key formats: + +S/MIME Keys must be in PEM format - i.e. Base64-encoded text, with BEGIN CERTIFICATE +PGP keys must be ASCII-armoured - i.e. text, with BEGIN PGP PUBLIC KEY. diff --git a/extensions/SecureMail/template/en/default/account/email/encryption-required.txt.tmpl b/extensions/SecureMail/template/en/default/account/email/encryption-required.txt.tmpl new file mode 100644 index 000000000..f3710bb17 --- /dev/null +++ b/extensions/SecureMail/template/en/default/account/email/encryption-required.txt.tmpl @@ -0,0 +1,15 @@ +This email would have contained sensitive information, but you have not set +a PGP/GPG key or SMIME certificate in the "Secure Mail" section of your user +preferences. + +[% IF bug_id %] +In order to receive the full text of similar mails in the future, please +go to: +[%+ urlbase %]userprefs.cgi?tab=securemail +and provide a key or certificate. + +You can see this bug's current state at: +[%+ urlbase %]show_bug.cgi?id=[% bug_id %] +[% ELSE %] +You will have to contact [% maintainer %] to reset your password. +[% END %] diff --git a/extensions/SecureMail/template/en/default/account/email/securemail-test.txt.tmpl b/extensions/SecureMail/template/en/default/account/email/securemail-test.txt.tmpl new file mode 100644 index 000000000..e4f4c9242 --- /dev/null +++ b/extensions/SecureMail/template/en/default/account/email/securemail-test.txt.tmpl @@ -0,0 +1,23 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% PROCESS global/variables.none.tmpl %] + +From: [% Param('mailfrom') %] +To: [% to_user %] +Subject: [% terms.Bugzilla %] SecureMail Test Email +X-Bugzilla-Type: securemail-test + +Congratulations! If you can read this, then your SecureMail encryption +key uploaded to [% terms.Bugzilla %] is working properly. + +To update your SecureMail preferences at any time, please go to: +[%+ urlbase %]userprefs.cgi?tab=securemail + +Sincerely, +Your Friendly [% terms.Bugzilla %] Administrator diff --git a/extensions/SecureMail/template/en/default/account/prefs/securemail.html.tmpl b/extensions/SecureMail/template/en/default/account/prefs/securemail.html.tmpl new file mode 100644 index 000000000..db595a23f --- /dev/null +++ b/extensions/SecureMail/template/en/default/account/prefs/securemail.html.tmpl @@ -0,0 +1,40 @@ +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is the Mozilla Corporation. + # Portions created by the Initial Developer are Copyright (C) 2008 the + # Initial Developer. All Rights Reserved. + # + # Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> + #%] + +[% IF test_email_sent %] + <div id="message"> + An encrypted test email has been sent to your address. + </div> +[% END %] + +<p>Some [% terms.bugs %] in this [% terms.Bugzilla %] are in groups the administrator has +deemed 'secure'. This means emails containing information about those [% terms.bugs %] +will only be sent encrypted. Enter your PGP/GPG public key or +SMIME certificate here to receive full update emails for such [% terms.bugs %].</p> + +<p>If you are a member of a secure group, or if you enter a key here, your password reset email will also be sent to you encrypted. If you are a member of a secure group and do not enter a key, you will not be able to reset your password without the assistance of an administrator.</p> + +<p><a href="page.cgi?id=securemail/help.html">More help is available</a>.</p> + +[% Hook.process('moreinfo') %] + +<textarea id="public_key" name="public_key" cols="72" rows="12"> + [%- public_key FILTER html %]</textarea> + +<p>Submitting valid changes will automatically send an encrypted test email to your address.</p> diff --git a/extensions/SecureMail/template/en/default/hook/account/prefs/prefs-tabs.html.tmpl b/extensions/SecureMail/template/en/default/hook/account/prefs/prefs-tabs.html.tmpl new file mode 100644 index 000000000..70a40e592 --- /dev/null +++ b/extensions/SecureMail/template/en/default/hook/account/prefs/prefs-tabs.html.tmpl @@ -0,0 +1,28 @@ +[%# -*- Mode: perl; indent-tabs-mode: nil -*- + # + # The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla SecureMail Extension + # + # The Initial Developer of the Original Code is Mozilla. + # Portions created by Mozilla are Copyright (C) 2008 Mozilla Corporation. + # All Rights Reserved. + # + # Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> + # Gervase Markham <gerv@gerv.net> + #%] + +[% tabs = tabs.import([{ + name => "securemail", + label => "Secure Mail", + link => "userprefs.cgi?tab=securemail", + saveable => 1 + }]) %] diff --git a/extensions/SecureMail/template/en/default/hook/admin/groups/create-field.html.tmpl b/extensions/SecureMail/template/en/default/hook/admin/groups/create-field.html.tmpl new file mode 100644 index 000000000..27c644d02 --- /dev/null +++ b/extensions/SecureMail/template/en/default/hook/admin/groups/create-field.html.tmpl @@ -0,0 +1,25 @@ +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is the Mozilla Corporation. + # Portions created by the Initial Developer are Copyright (C) 2008 the + # Initial Developer. All Rights Reserved. + # + # Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> + #%] +<tr> + <th>Secure Bugmail:</th> + <td colspan="3"> + <input type="checkbox" id="secure_mail" name="secure_mail" + [% ' checked="checked"' IF group.secure_mail %]> + </td> +</tr> diff --git a/extensions/SecureMail/template/en/default/hook/admin/groups/edit-field.html.tmpl b/extensions/SecureMail/template/en/default/hook/admin/groups/edit-field.html.tmpl new file mode 100644 index 000000000..253fed29e --- /dev/null +++ b/extensions/SecureMail/template/en/default/hook/admin/groups/edit-field.html.tmpl @@ -0,0 +1,27 @@ +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is the Mozilla Corporation. + # Portions created by the Initial Developer are Copyright (C) 2008 the + # Initial Developer. All Rights Reserved. + # + # Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> + #%] +[% IF group.is_bug_group || group.name == Param('insidergroup') %] + <tr> + <th>Secure Bugmail:</th> + <td> + <input type="checkbox" id="secure_mail" name="secure_mail" + [% ' checked="checked"' IF group.secure_mail %]> + </td> + </tr> +[% END %] diff --git a/extensions/SecureMail/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/SecureMail/template/en/default/hook/global/user-error-errors.html.tmpl new file mode 100644 index 000000000..46b093674 --- /dev/null +++ b/extensions/SecureMail/template/en/default/hook/global/user-error-errors.html.tmpl @@ -0,0 +1,27 @@ +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is the Mozilla Corporation. + # Portions created by the Initial Developer are Copyright (C) 2008 the + # Initial Developer. All Rights Reserved. + # + # Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> + #%] + +[% IF error == "securemail_invalid_key" %] + [% title = "Invalid Public Key" %] + We were unable to read the public key that you entered. Make sure + that you are entering either an ASCII-armored PGP/GPG public key, + including the "BEGIN PGP PUBLIC KEY BLOCK" and "END PGP PUBLIC KEY BLOCK" + lines, or a PEM format (Base64-encoded X.509) S/MIME key, including the + BEGIN CERTIFICATE and END CERTIFICATE lines.<br><br>[% errstr FILTER html %] +[% END %] diff --git a/extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl b/extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl new file mode 100644 index 000000000..e6ef02927 --- /dev/null +++ b/extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl @@ -0,0 +1,130 @@ +[%# + # The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla SecureMail Extension. + # + # The Initial Developer of the Original Code is the Mozilla Foundation. + # Portions created by Mozilla are Copyright (C) 2008 Mozilla Foundation. + # All Rights Reserved. + # + # Contributor(s): Max Kanat-Alexander <mkanat@bugzilla.org> + # Gervase Markham <gerv@gerv.net> + # Dave Lawrence <dkl@mozilla.com> + #%] + +[% PROCESS global/header.html.tmpl + title = "SecureMail Help" +%] + +[% terms.Bugzilla %] considers certain groups as "secure". If a [% terms.bug %] is in one of those groups, [% terms.Bugzilla %] will not send unencrypted +email about it. To receive encrypted email rather than just a "something changed" placeholder, you must provide either +a S/MIME or a GPG/PGP key on the <a href="[% urlbase FILTER none %]userprefs.cgi?tab=securemail">SecureMail preferences tab</a>.<br> +<br> +In addition, if you have uploaded a S/MIME or GPG/PGP key using the <a href="[% urlbase FILTER none %]userprefs.cgi?tab=securemail"> +SecureMail preferences tab</a>, if you request your password to be reset, [% terms.Bugzilla %] will send the reset email encrypted and you will +be required to decrypt it to view the reset instructions. + +<h2>S/MIME</h2> + +<b>S/MIME Keys must be in PEM format - i.e. Base64-encoded text, with the first line containing BEGIN CERTIFICATE.</b></p> + +<p> +S/MIME certificates can be obtained from a number of providers. You can get a free one from <a href="https://www.startssl.com/?app=12">StartCom</a>. +Once you have it, <a href="https://www.startssl.com/?app=25#52">export it from your browser as a .p12 file and import it into your mail client</a>. +You'll need to provide a password when you export - pick a strong one, and then back up the .p12 file somewhere safe.</p> + +<p>Import on Thunderbird as follows:</p> + +<ul> +<li>Open Preferences in Thunderbird.</li> +<li>Activate the Advanced pane.</li> +<li>Activate the Certificates tab.</li> +<li>Press the button View Certificates.</li> +<li>Press the Import button.</li> +<li>Open your .p12 file.</li> +<li>Enter the password for unlocking the .p12 if asked.</li> +</ul> + +<p> +Then, you need to convert it to a .pem file. Here are two possible ways to do this.</p> + +<h3>Thunderbird</h3> + +<ul> +<li>Open Preferences in Thunderbird.</li> +<li>Activate the Advanced pane.</li> +<li>Activate the Certificates tab.</li> +<li>Press the button View Certificates.</li> +<li>Select the line in the tree widget that represents the certificate you imported.</li> +<li>Press the View button.</li> +<li>Activate the Details tab.</li> +<li>Press the Export button.</li> +<li>Choose where to save the .pem file.</li> +</ul> + +<p>Paste the contents of the .pem file into the SecureMail text field in [% terms.Bugzilla %].</p> + +<h3>OpenSSL</h3> + +<p>Or, if you have OpenSSL installed, do the following:</p> + +<p> +<code>openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes -nokeys</code></p> + +<p> +Open the .pem file in a text editor. You can recognise the public key because +it starts "BEGIN CERTIFICATE" and ends "END CERTIFICATE" and +has an appropriate friendly name (e.g. "StartCom Free Certificate Member's StartCom Ltd. ID").</p> + +<p>Paste the contents of the .pem file into the SecureMail text field in [% terms.Bugzilla %].</p> + +<h2>PGP</h2> + +<b>PGP keys must be ASCII-armoured - i.e. text, with the first line containing BEGIN PGP PUBLIC KEY.</b></p> + +<p> +If you already have your own PGP key in a keyring, skip straight to step 3. Otherwise:</p> + +<ol> + +<li>Install the GPG suite of utilities for your operating system, either using your package manager or downloaded from <a href="http://www.gnupg.org/download/index.en.html">gnupg.org</a>.</p> + +<li><p>Generate a private key.</p> + +<p><code>gpg --gen-key</code></p> + +<p> +You’ll have to answer several questions:</p> + +<p> +<ul> + <li>What kind and size of key you want; the defaults are probably good enough.</li> + <li>How long the key should be valid; you can safely choose a non-expiring key.</li> + <li>Your real name and e-mail address; these are necessary for identifying your key in a larger set of keys.</li> + <li>A comment for your key; the comment can be empty.</li> + <li>A passphrase. Whatever you do, don’t forget it! Your key, and all your encrypted files, will be useless if you do.</li> +</ul> + +<li><p>Generate an ASCII version of your public key.</p> + +<p><code>gpg --armor --output pubkey.txt --export 'Your Name'</code></p> + +<p>Paste the contents of pubkey.txt into the SecureMail text field in [% terms.Bugzilla %]. + +<li>Configure your email client to use your associated private key to decrypt the encrypted emails. For Thunderbird, you need the <a href="https://addons.mozilla.org/en-us/thunderbird/addon/enigmail/">Enigmail</a> extension.</p> +</ol> + +<p> +Further reading: <a href="http://www.madboa.com/geek/gpg-quickstart">GPG Quickstart</a>. + +[% PROCESS global/footer.html.tmpl %] + + |