Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closes SourceForge #85 LDAP userCertificate #98

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Closes SourceForge #85 LDAP userCertificate #98

wants to merge 3 commits into from

Conversation

krutelp
Copy link

@krutelp krutelp commented Apr 6, 2020

Implemented user certificate retrieval from GAL

@krutelp
mguessan#85 LDAP userCertificate
91265a0 
Implemented user certificate retrieval from GAL
@krutelp krutelp changed the title #85 LDAP userCertificate Closes #85 LDAP userCertificate Apr 7, 2020
@krutelp krutelp changed the title Closes #85 LDAP userCertificate Closes SourceForge #85 LDAP userCertificate Apr 7, 2020
@krutelp
Improve formatting
6e93319 
Formatting improved in order to see diff better
@mguessan
Copy link
Owner

mguessan commented May 4, 2020

First, thank you for your contribution.

I have a few questions:

  • I noticed you forced ContactDataShape to AllProperties with retrieves all properties instead of only the supported list, are you sure there is no other way to retrieve just certificate fields in addition to current list ?
  • Can you please confirm that msexchangecertificate value comes back as a single line value ?
    For photo support I had to take into account multiple lines
  • Did you check both Carddav and LDAP support ?
  • Can you please provide additional test cases ?

Regards,

@krutelp
Read user certificate as coalesced content
029f964 
Added support for multiline user certificate value
@krutelp
Copy link
Author

krutelp commented May 5, 2020
edited
Loading

Hello,

  1. If I understand the process of user certificate retrieval correctly, from GAL are contact data retrieved via ResolveNames method. (EwsExchangeSession.galFind(...), https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/resolvenames-operation)
    ResolveNames method does not support in request additional attributes as e.g. FindItem method does. I've enhanced current method.

  2. Code updated - MSExchangeCertificate read via getElementText() to retrieve coalesced content. In my test cases MSExchangeCertificate is always one line.

  3. I have tested LDAP only

  4. My Test Case:
    Setup: thunderbird -> davmail -> Exchange
    Precondition: User certificate not stored in thunderbird
    Test Case: Write encrypted mail to user (choose Security -> Encrypt This Message), then View -> View Security Info
    Expected Result: Result window shows valid user certificate

Do you expect to write new tests in src/test?

@krutelp
Copy link
Author

krutelp commented Nov 22, 2020

I've experimented with FindPeople method, which has similar attributes as FindItem.
Result: I did not find the way, how to retrieve user certificate. Also Field URIs are different than in FindItem.
FindItem cannot be used to retrieve data from GAL, because FindItem does not support parameter <t:DistinguishedFolderId Id="directory"/>
Method GetPersona did not return user certificate too.

So it looks like, that method ResolveNames with ContactDataShape="AllProperties" is the only way how to retrieve user certificate from GAL via EWS.

@mguessan
Copy link
Owner

mguessan commented May 6, 2021

Sorry for the delay, should be able to look into this again soon.

I will probably make it an optional feature first as I faced regressions during my initial tests

@hbiyik
Copy link

hbiyik commented Aug 12, 2022
edited
Loading

I can confirm that this patch fixes the certificate retrieval issue over LDAP for my exchange server which works over office365. Thanks @krutelp now i can send Mime encrypted mails easily

@singe
Copy link

singe commented May 13, 2024
edited
Loading

I can confirm this patch partially works when rebased against 3b79fdb

It misses the UserSMIMECertificate entry, which is easy to add.

I first want to see if I can do it without ContactDataShape.AllProperties, if not I'll submit a new PR against HEAD with the extra parts giving credit to @krutelp.

Is there anything else needed since this PR has been on hold for very long?

singe added a commit to singe/davmail that referenced this pull request May 13, 2024
@singe
Add support for retrieving user certificates
c08d243 
It's possible to add a public S/MIME certificate for a user to the GAL. These
are used when a user wants to encrypt a mail to another user, or validate their
signature. The public certificate of the recipient is required. Being able to
look them up rather than engage in a manual or offline synchornisation process
makes this easier, as well as fetching updated certificates when they're
changed.

The bulk of this work was done by @krutelp in
mguessan#98 I merely extended it to support the
UserSMIMECertificate field in addition to the MSExchangeCertificate field.

These are both part of the EWS Contact:
https://learn.microsoft.com/en-us/dotnet/api/microsoft.exchange.webservices.data.contact?view=exchange-ews-api

I tried to do it without using ContactDataShape.AllProperties but like @krutelp
couldn't find a method that would return the certificates.

I extended the ignored tags based on what was returned by our Microsoft365
instance, but not all of the fields listed under the Contact type above.

I slightly modified the original PR to use Dos line endings in
ResolveNamesMethod.java so exact changes could be observed instead of the
entire file being changed.

I also added the keys to the contact in ExchangeSession.java as KEY1 and KEY2.

Finally, I undid the small changes in LdapConnection.java to the isMatch()
methods to have them take an ExchangeSession.Contact and put them back to
Map<String, String>. This was mostly done to limit the changes in the patch to
those necessary.
@singe singe mentioned this pull request May 13, 2024
Open
@singe
Copy link

singe commented May 13, 2024

Done and submitted as #353

singe added a commit to singe/davmail that referenced this pull request May 13, 2024
@singe
Add support for retrieving user certificates
40bd483 
It's possible to add a public S/MIME certificate for a user to the GAL. These
are used when a user wants to encrypt a mail to another user, or validate their
signature. The public certificate of the recipient is required. Being able to
look them up rather than engage in a manual or offline synchornisation process
makes this easier, as well as fetching updated certificates when they're
changed.

The bulk of this work was done by @krutelp in
mguessan#98 I merely extended it to support the
UserSMIMECertificate field in addition to the MSExchangeCertificate field.

These are both part of the EWS Contact:
https://learn.microsoft.com/en-us/dotnet/api/microsoft.exchange.webservices.data.contact?view=exchange-ews-api

I tried to do it without using ContactDataShape.AllProperties but like @krutelp
couldn't find a method that would return the certificates.

I extended the ignored tags based on what was returned by our Microsoft365
instance, but not all of the fields listed under the Contact type above.

I slightly modified the original PR to use Dos line endings in
ResolveNamesMethod.java so exact changes could be observed instead of the
entire file being changed.

I also added the keys to the contact in ExchangeSession.java as KEY1 and KEY2.

Finally, I undid the small changes in LdapConnection.java to the isMatch()
methods to have them take an ExchangeSession.Contact and put them back to
Map<String, String>. This was mostly done to limit the changes in the patch to
those necessary.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@krutelp @mguessan @hbiyik @singe