Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Mailer][Mime] Refactor S/MIME encryption handling inSMimeEncryptionListener#59831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:7.3fromSpomky:fix-smime-encryption-listener
Mar 26, 2025

Conversation

Spomky
Copy link
Contributor

@SpomkySpomky commentedFeb 21, 2025
edited
Loading

QA
Branch?7.3
Bug fix?yes
New feature?yes
Deprecations?no
Issues
LicenseMIT

It appears that the smime_encrypter introduced in#58501 is incorrect, as the email is encrypted only for the sender instead of being encrypted per recipient.
This PR introduces a newSmimeCertificateRepositoryInterface, responsible for retrieving recipient certificates.

An email is encrypted under the following conditions:

  • A certificate is found for all recipients.
  • The custom headerX-SMime-Encrypt is present.
    If either of these conditions is not met, the email is sent unencrypted.

Example of usage:

<?phpnamespaceApp\Security;useSymfony\Component\DependencyInjection\Attribute\Autowire;useSymfony\Component\Mailer\EventListener\SmimeCertificateRepositoryInterface;class LocalFileCertificateRepositoryimplements SmimeCertificateRepositoryInterface{publicfunction__construct(        #[Autowire(param:'kernel.project_dir')]privatereadonlystring$projectDir    ){}publicfunctionfindCertificatePathFor(string$email): ?string    {$hash =hash('sha256',strtolower(trim($email)));$path =sprintf('%s/storage/%s.crt',$this->projectDir,$hash);returnfile_exists($path) ?$path :null;    }}

@carsonbotcarsonbot added this to the7.3 milestoneFeb 21, 2025
@SpomkySpomkyforce-pushed thefix-smime-encryption-listener branch 2 times, most recently fromc3a8318 toeb8e560CompareFebruary 21, 2025 15:31
@carsonbotcarsonbot changed the titleRefactor S/MIME encryption handling in Mailer SMimeEncryptionListener[Mailer][Mime] Refactor S/MIME encryption handling in Mailer SMimeEncryptionListenerFeb 21, 2025
@SpomkySpomkyforce-pushed thefix-smime-encryption-listener branch 4 times, most recently from204c36f to6499c8aCompareFebruary 21, 2025 16:16
@SpomkySpomky changed the title[Mailer][Mime] Refactor S/MIME encryption handling in Mailer SMimeEncryptionListener[Mailer] Refactor S/MIME encryption handling in Mailer SMimeEncryptionListenerFeb 21, 2025
Replaces direct certificate path usage with a repository interface for managing S/MIME certificates. This improves flexibility by allowing custom certificate retrieval logic through `SmimeCertificateRepositoryInterface`. Adjusted related tests, configuration, and event listener implementation accordingly.
@SpomkySpomkyforce-pushed thefix-smime-encryption-listener branch from6499c8a to7c76c54CompareFebruary 21, 2025 16:40
@Spomky
Copy link
ContributorAuthor

Spomky commentedFeb 22, 2025
edited
Loading

It is important to mention in the documentation that caution should be exercised when sending encrypted emails to multiple recipients. And indeed, all recipients are used here and therefore the main recipients as well as those in BCC. It is therefore possible to know these recipients depending on the encryption method used.

@SpomkySpomky requested a review fromstofMarch 2, 2025 11:06
@@ -2314,8 +2314,8 @@ private function addMailerSection(ArrayNodeDefinition $rootNode, callable $enabl
->canBeEnabled()
->info('S/MIME encrypter configuration')
->children()
->scalarNode('certificate')
->info('Path to certificate (in PEM format without the `file://` prefix)')
->scalarNode('repository')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

For reviewers, this change is fine as this feature has been introduced in 7.3, so not yet released

OskarStark reacted with thumbs up emoji
@OskarStarkOskarStark changed the title[Mailer] Refactor S/MIME encryption handling in Mailer SMimeEncryptionListener[Mailer] Refactor S/MIME encryption handling inSMimeEncryptionListenerMar 3, 2025
@carsonbotcarsonbot changed the title[Mailer] Refactor S/MIME encryption handling inSMimeEncryptionListener[Mailer][Mime] Refactor S/MIME encryption handling inSMimeEncryptionListenerMar 26, 2025
@fabpot
Copy link
Member

Thank you@Spomky.

@fabpotfabpot merged commit7100c7b intosymfony:7.3Mar 26, 2025
10 of 11 checks passed
@fabpotfabpot mentioned this pull requestMay 2, 2025
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@fabpotfabpotfabpot approved these changes

@stofstofAwaiting requested review from stof

Assignees
No one assigned
Projects
None yet
Milestone
7.3
Development

Successfully merging this pull request may close these issues.

5 participants
@Spomky@fabpot@stof@OskarStark@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp