From 181566bafb77f93a6af0d63422f6634ba70ee57d Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 22 Dec 2015 16:27:08 +0100 Subject: [PATCH] More graceful handling of pgp errors in the emailer - until now the encryption of emails happened in a try catch block - however, crypt_gpg throws a fatal error instead of an exception, killing the background worker - added an extra checking algorithm that will test the key for a valid encryption key (encryption enabled + not expired) - if it's not there, it will just log an error message and continue execution of the other e-mails --- app/Model/User.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/app/Model/User.php b/app/Model/User.php index 1c83ae0c7..b21c1062a 100755 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -548,8 +548,21 @@ class User extends AppModel { if (!$failed && $canEncrypt) { $keyImportOutput = $gpg->importKey($user['User']['gpgkey']); try { - $gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import - $body = $gpg->encrypt($body, true); + $key = $gpg->getKeys($keyImportOutput['fingerprint']); + $subKeys = $key[0]->getSubKeys(); + $canEncrypt = false; + $currentTimestamp = time(); + foreach ($subKeys as $subKey) { + $expiration = $subKey->getExpirationDate(); + if (($expiration == 0 || $currentTimestamp < $expiration) && $subKey->canEncrypt()) $canEncrypt = true; + } + if ($canEncrypt) { + $gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import + $body = $gpg->encrypt($body, true); + } else { + $failed = true; + $failureReason = " the message could not be encrypted because the provided key is either expired or cannot be used for encryption."; + } } catch (Exception $e){ // despite the user having a PGP key and the signing already succeeding earlier, we get an exception. This must mean that there is an issue with the user's key. $failureReason = " the message could not be encrypted because there was an issue with the user's PGP key. The following error message was returned by gpg: " . $e->getMessage();