feature #59831 [Mailer][Mime] Refactor S/MIME encryption handling in SMimeEncryptionListener (Spomky)

This PR was merged into the 7.3 branch.

Discussion
----------

[Mailer][Mime] Refactor S/MIME encryption handling in `SMimeEncryptionListener`

| Q             | A
| ------------- | ---
| Branch?       | 7.3
| Bug fix?      | yes
| New feature?  | yes
| Deprecations? | no
| Issues        |
| License       | MIT

It appears that the smime_encrypter introduced in #58501 is incorrect, as the email is encrypted only for the sender instead of being encrypted per recipient.
This PR introduces a new `SmimeCertificateRepositoryInterface`, responsible for retrieving recipient certificates.

An email is encrypted under the following conditions:
* A certificate is found for all recipients.
* The custom header `X-SMime-Encrypt` is present.
If either of these conditions is not met, the email is sent unencrypted.

Commits
-------

7c76c54633a Refactor S/MIME encrypter to use certificate repository

Author: fabpot

DependencyInjection/Configuration.php

@@ -2348,8 +2348,8 @@ private function addMailerSection(ArrayNodeDefinition $rootNode, callable $enabl
                             ->canBeEnabled()
                             ->info('S/MIME encrypter configuration')
                             ->children()
-                                ->scalarNode('certificate')
-                                    ->info('Path to certificate (in PEM format without the `file://` prefix)')
+                                ->scalarNode('repository')
+                                    ->info('Path to the S/MIME certificate repository. Shall implement the `Symfony\Component\Mailer\EventListener\SmimeCertificateRepositoryInterface`.')
                                     ->defaultValue('')
                                     ->cannotBeEmpty()
                                 ->end()

DependencyInjection/FrameworkExtension.php

@@ -2946,11 +2946,9 @@ private function registerMailerConfiguration(array $config, ContainerBuilder $co
             if (!class_exists(SmimeEncryptedMessageListener::class)) {
                 throw new LogicException('S/MIME encrypted messages support cannot be enabled as this version of the Mailer component does not support it.');
             }
-            $smimeDecrypter = $container->getDefinition('mailer.smime_encrypter');
-            $smimeDecrypter->setArgument(0, $config['smime_encrypter']['certificate']);
-            $smimeDecrypter->setArgument(1, $config['smime_encrypter']['cipher']);
+            $container->setAlias('mailer.smime_encrypter.repository', $config['smime_encrypter']['repository']);
+            $container->setParameter('mailer.smime_encrypter.cipher', $config['smime_encrypter']['cipher']);
         } else {
-            $container->removeDefinition('mailer.smime_encrypter');
             $container->removeDefinition('mailer.smime_encrypter.listener');
         }
 

Resources/config/mailer.php

@@ -26,7 +26,6 @@
 use Symfony\Component\Mailer\Transport\TransportInterface;
 use Symfony\Component\Mailer\Transport\Transports;
 use Symfony\Component\Mime\Crypto\DkimSigner;
-use Symfony\Component\Mime\Crypto\SMimeEncrypter;
 use Symfony\Component\Mime\Crypto\SMimeSigner;
 
 return static function (ContainerConfigurator $container) {
@@ -99,12 +98,6 @@
                 abstract_arg('signOptions'),
             ])
 
-        ->set('mailer.smime_encrypter', SMimeEncrypter::class)
-            ->args([
-                abstract_arg('certificate'),
-                abstract_arg('cipher'),
-            ])
-
         ->set('mailer.dkim_signer.listener', DkimSignedMessageListener::class)
             ->args([
                 service('mailer.dkim_signer'),
@@ -119,7 +112,8 @@
 
         ->set('mailer.smime_encrypter.listener', SmimeEncryptedMessageListener::class)
             ->args([
-                service('mailer.smime_encrypter'),
+                service('mailer.smime_encrypter.repository'),
+                param('mailer.smime_encrypter.cipher'),
             ])
             ->tag('kernel.event_subscriber')
 

Resources/config/schema/symfony-1.0.xsd

@@ -855,7 +855,7 @@
     </xsd:complexType>
 
     <xsd:complexType name="mailer_smime_encrypter">
-        <xsd:attribute name="certificate" type="xsd:string"/>
+        <xsd:attribute name="repository" type="xsd:string" />
         <xsd:attribute name="cipher" type="xsd:integer" />
     </xsd:complexType>
 

Tests/DependencyInjection/ConfigurationTest.php

@@ -959,7 +959,7 @@ class_exists(SemaphoreStore::class) && SemaphoreStore::isSupported() ? 'semaphor
                 ],
                 'smime_encrypter' => [
                     'enabled' => false,
-                    'certificate' => '',
+                    'repository' => '',
                     'cipher' => null,
                 ],
             ],