[Mime] S/MIME Support #30981
[Mime] S/MIME Support #30981
Conversation
|
Any suggestions to clean-up the Header parsing is welcome btw. I found https://github.com/zbateson/mail-mime-parser but we can't use it as-is, it depends on Guzzle streams and PSR-7. But maybe we can use it's code logic (not this actual library) for the Mime component (in the long run) to parse Mime messages. |
|
Good news, due to the way the Mime component handles messages this will be actually easier than I expected 😄
|
e1b3613 to
09b5341
Compare
09b5341 to
86cc9dc
Compare
86cc9dc to
770a9f8
Compare
src/Symfony/Component/Mime/Tests/Security/SMimeEncryptorTest.php
Outdated
Show resolved
Hide resolved
|
What would be safest way to remove these temp files? When you remove them to soon the application will crash, at least for the final message. The intermediate files can be safely removed after processing as they are no longer needed. |
|
in case of tmpfile(), those are removed automatically when there is no longer any reference to it |
c994fdf to
37033a3
Compare
|
Using |
|
Status: Needs review |
| protected function normalizeFilePath(string $path): string | ||
| { | ||
| if (!file_exists($path)) { | ||
| throw new RuntimeException(sprintf('File does not exist: %s', $path)); |
There was a problem hiding this comment.
Could be File "%s" does not exist. (notice the dot at the end of the exception message)
| */ | ||
| public function __serialize(): array | ||
| { | ||
| $this->toString(); |
There was a problem hiding this comment.
The SMIME signer/encryptor uses a generator that cannot be serialized. In fact, tmpfile() removes the file after a successful shutdown. Keeping theses files for a longer period would mean extensive growth of temp files.
Alternatively we can store the S/MIME as string, but this will require more memory.
|
There seem to be some changes in the way the Now, given we don't keep the original message it should (as I have said to many times) be possible to use a
When you sign and then encrypt (or vice-versa), take the Body ( swiftmailer/swiftmailer#1023 introduced "Support for full MIME message wrapping (message/rfc822) as described in RFC5751 section 3.1."
Edit. OK, the I'm going to experiment a little more with this 10 headed monster, should be done before the feature freeze of Symfony 4.4 right? 🙃 Edit2. |
|
Right, this would be part of 4.4 :) |
147d1b7 to
cbdd2c6
Compare
|
I finally managed to make this work! I tested it manually with Thunderbird and checked the contents by hand. Everything seems to be good. In this implementation only the message body is signed/encrypted, the headers are ignored for the S/MIME process itself. The new message has all the "previous" envelope headers and has the S/MIME entity as it's body content (in a raw string format). To use a fully wrapped message ( Status: Needs review |
|
Looks great now. Apart from the small comments I've just made, I think it's ready. Thank you @sstok for your work on this. Can you take the comments into account? I will merge then. |
961a68b to
271cf77
Compare
271cf77 to
6e70d12
Compare
|
Should be good now 👍 |
|
Thank you @sstok. |
This PR was merged into the 4.4 branch. Discussion ---------- [Mime] S/MIME Support | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files --> | BC breaks? | no | Deprecations? | no | Tests pass? | no | Fixed tickets | #30875 | License | MIT | Doc PR | TODO ~~This is a heavy work in progress and far from working, I tried to finish this before the end of FOSSA but due to the large complexity of working with raw Mime data it will properly take a week or so (at least I hope so..) to completely finish this. I'm sharing it here for the statistics.~~ This adds the S/MIME Signer and Encryptor, unlike the Swiftmailer implementation both these functionalities have been separated. When a transporter doesn't support the Raw MIME entity information it will fallback to the original message (without signing/encryption). In any case using a secure connection is always the best guarantee against modification or information disclosure. Commits ------- 6e70d12 [Mime] Added SMimeSigner and Encryptor
|
It looks like tests on Windows could need some love ( |
This PR was squashed before being merged into the 4.4 branch (closes #32317). Discussion ---------- [Mime] Updated some PHPDoc contents | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | no | New feature? | no <!-- please update src/**/CHANGELOG.md files --> | BC breaks? | no <!-- see https://symfony.com/bc --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Tests pass? | yes <!-- please add some, will be required by reviewers --> | Fixed tickets | - | License | MIT | Doc PR | not needed While documenting #30981 I found some PHPDoc info not clear enough. This "improves" it, but if you don't like it, it's OK to close this. Thanks. Commits ------- 9432f1f [Mime] Updated some PHPDoc contents
This PR was merged into the 5.4 branch. Discussion ---------- [Mime] regenerate test certificates | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Linked to #30981. They will now expire in 2423. Commits ------- 0e5e875 [Mime] regenerate test certificates
This is a heavy work in progress and far from working, I tried to finish this before the end of FOSSA but due to the large complexity of working with raw Mime data it will properly take a week or so (at least I hope so..) to completely finish this. I'm sharing it here for the statistics.This adds the S/MIME Signer and Encryptor, unlike the Swiftmailer implementation both these functionalities have been separated. When a transporter doesn't support the Raw MIME entity information it will fallback to the original message (without signing/encryption). In any case using a secure connection is always the best guarantee against modification or information disclosure.