davmail icon indicating copy to clipboard operation
davmail copied to clipboard

Published 20 hours ago verified publisher icon mguessan

Closes SourceForge #85 LDAP userCertificate

Open krutelp opened this issue 5 years ago • 7 comments

Implemented user certificate retrieval from GAL

krutelp avatar Apr 06 '20 12:04 krutelp

First, thank you for your contribution.

I have a few questions:

  • I noticed you forced ContactDataShape to AllProperties with retrieves all properties instead of only the supported list, are you sure there is no other way to retrieve just certificate fields in addition to current list ?
  • Can you please confirm that msexchangecertificate value comes back as a single line value ? For photo support I had to take into account multiple lines
  • Did you check both Carddav and LDAP support ?
  • Can you please provide additional test cases ?

Regards,

mguessan avatar May 04 '20 19:05 mguessan

Hello,

  1. If I understand the process of user certificate retrieval correctly, from GAL are contact data retrieved via ResolveNames method. (EwsExchangeSession.galFind(...), https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/resolvenames-operation) ResolveNames method does not support in request additional attributes as e.g. FindItem method does. I've enhanced current method.

  2. Code updated - MSExchangeCertificate read via getElementText() to retrieve coalesced content. In my test cases MSExchangeCertificate is always one line.

  3. I have tested LDAP only

  4. My Test Case: Setup: thunderbird -> davmail -> Exchange Precondition: User certificate not stored in thunderbird Test Case: Write encrypted mail to user (choose Security -> Encrypt This Message), then View -> View Security Info Expected Result: Result window shows valid user certificate

Do you expect to write new tests in src/test?

krutelp avatar May 05 '20 00:05 krutelp

I've experimented with FindPeople method, which has similar attributes as FindItem. Result: I did not find the way, how to retrieve user certificate. Also Field URIs are different than in FindItem. FindItem cannot be used to retrieve data from GAL, because FindItem does not support parameter <t:DistinguishedFolderId Id="directory"/> Method GetPersona did not return user certificate too.

So it looks like, that method ResolveNames with ContactDataShape="AllProperties" is the only way how to retrieve user certificate from GAL via EWS.

krutelp avatar Nov 22 '20 16:11 krutelp

Sorry for the delay, should be able to look into this again soon.

I will probably make it an optional feature first as I faced regressions during my initial tests

mguessan avatar May 06 '21 11:05 mguessan

I can confirm that this patch fixes the certificate retrieval issue over LDAP for my exchange server which works over office365. Thanks @krutelp now i can send Mime encrypted mails easily

hbiyik avatar Aug 12 '22 20:08 hbiyik