diff options
| author | Aleksander Machniak <alec@alec.pl> | 2015-03-08 10:54:28 +0100 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2015-03-08 10:54:28 +0100 |
| commit | 0878c846bc2c1030ed01c8db34e20796c31ccd2d (patch) | |
| tree | d044028b2d657b25dc222997b42f56ff864d92c8 /plugins/enigma/lib | |
| parent | 9af8e22b8ea3bd4fe9e05860058d7fce29019455 (diff) | |
Enigma: Larry support, finished PGP decryption, other fixes and improvements
Diffstat (limited to 'plugins/enigma/lib')
| -rw-r--r-- | plugins/enigma/lib/enigma_driver.php | 11 | ||||
| -rw-r--r-- | plugins/enigma/lib/enigma_driver_gnupg.php | 41 | ||||
| -rw-r--r-- | plugins/enigma/lib/enigma_driver_phpssl.php | 9 | ||||
| -rw-r--r-- | plugins/enigma/lib/enigma_engine.php | 404 | ||||
| -rw-r--r-- | plugins/enigma/lib/enigma_error.php | 11 | ||||
| -rw-r--r-- | plugins/enigma/lib/enigma_key.php | 27 | ||||
| -rw-r--r-- | plugins/enigma/lib/enigma_ui.php | 369 |
7 files changed, 721 insertions, 151 deletions
diff --git a/plugins/enigma/lib/enigma_driver.php b/plugins/enigma/lib/enigma_driver.php index a9a3e4715..c0a91ac27 100644 --- a/plugins/enigma/lib/enigma_driver.php +++ b/plugins/enigma/lib/enigma_driver.php @@ -44,8 +44,11 @@ abstract class enigma_driver /** * Decryption.. + * + * @param string Encrypted message + * @param array List of key-password mapping */ - abstract function decrypt($text, $key, $passwd); + abstract function decrypt($text, $keys = array()); /** * Signing. @@ -80,7 +83,7 @@ abstract class enigma_driver * @return mixed Array of enigma_key objects or enigma_error */ abstract function list_keys($pattern=''); - + /** * Single key information. * @@ -98,9 +101,9 @@ abstract class enigma_driver * @return mixed Key (enigma_key) object or enigma_error */ abstract function gen_key($data); - + /** * Key deletion. */ - abstract function del_key($keyid); + abstract function delete_key($keyid); } diff --git a/plugins/enigma/lib/enigma_driver_gnupg.php b/plugins/enigma/lib/enigma_driver_gnupg.php index c4280a089..09e23d36c 100644 --- a/plugins/enigma/lib/enigma_driver_gnupg.php +++ b/plugins/enigma/lib/enigma_driver_gnupg.php @@ -32,8 +32,7 @@ class enigma_driver_gnupg extends enigma_driver function __construct($user) { - $rcmail = rcmail::get_instance(); - $this->rc = $rcmail; + $this->rc = rcmail::get_instance(); $this->user = $user; } @@ -45,7 +44,7 @@ class enigma_driver_gnupg extends enigma_driver */ function init() { - $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . '/plugins/enigma/home'); + $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home'); if (!$homedir) return new enigma_error(enigma_error::E_INTERNAL, @@ -78,7 +77,8 @@ class enigma_driver_gnupg extends enigma_driver try { $this->gpg = new Crypt_GPG(array( 'homedir' => $this->homedir, -// 'debug' => true, + // 'binary' => '/usr/bin/gpg2', + // 'debug' => true, )); } catch (Exception $e) { @@ -97,9 +97,18 @@ class enigma_driver_gnupg extends enigma_driver */ } - function decrypt($text, $key, $passwd) + /** + * Register private keys and passwords + * + * @param string Encrypted message + * @param array List of key-password mapping + */ + function decrypt($text, $keys = array()) { -// $this->gpg->addDecryptKey($key, $passwd); + foreach ($keys as $key => $password) { + $this->gpg->addDecryptKey($key, $password); + } + try { $dec = $this->gpg->decrypt($text); return $dec; @@ -147,12 +156,12 @@ class enigma_driver_gnupg extends enigma_driver try { $keys = $this->gpg->getKeys($pattern); $result = array(); -//print_r($keys); + foreach ($keys as $idx => $key) { $result[] = $this->parse_key($key); unset($keys[$idx]); } -//print_r($result); + return $result; } catch (Exception $e) { @@ -175,12 +184,20 @@ class enigma_driver_gnupg extends enigma_driver { } - public function del_key($keyid) + public function delete_key($keyid) { -// $this->get_key($keyid); + // delete public key + $result = $this->delete_pubkey($keyid); + + // if not found, delete private key + if ($result !== true && $result->getCode() == enigma_error::E_KEYNOTFOUND) { + $result = $this->delete_privkey($keyid); + } + + return $result; } - public function del_privkey($keyid) + public function delete_privkey($keyid) { try { $this->gpg->deletePrivateKey($keyid); @@ -191,7 +208,7 @@ class enigma_driver_gnupg extends enigma_driver } } - public function del_pubkey($keyid) + public function delete_pubkey($keyid) { try { $this->gpg->deletePublicKey($keyid); diff --git a/plugins/enigma/lib/enigma_driver_phpssl.php b/plugins/enigma/lib/enigma_driver_phpssl.php index fcd15db73..6686d7dfa 100644 --- a/plugins/enigma/lib/enigma_driver_phpssl.php +++ b/plugins/enigma/lib/enigma_driver_phpssl.php @@ -24,7 +24,6 @@ class enigma_driver_phpssl extends enigma_driver { private $rc; - //private $gpg; private $homedir; private $user; @@ -78,7 +77,7 @@ class enigma_driver_phpssl extends enigma_driver { } - function decrypt($text, $key, $passwd) + function decrypt($text, $keys = array()) { } @@ -145,15 +144,15 @@ class enigma_driver_phpssl extends enigma_driver { } - public function del_key($keyid) + public function delete_key($keyid) { } - public function del_privkey($keyid) + public function delete_privkey($keyid) { } - public function del_pubkey($keyid) + public function delete_pubkey($keyid) { } diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php index e4972c6a9..c3a2e503f 100644 --- a/plugins/enigma/lib/enigma_engine.php +++ b/plugins/enigma/lib/enigma_engine.php @@ -35,19 +35,23 @@ class enigma_engine private $pgp_driver; private $smime_driver; - public $decryptions = array(); - public $signatures = array(); + public $decryptions = array(); + public $signatures = array(); public $signed_parts = array(); + const PASSWORD_TIME = 120; + /** * Plugin initialization. */ function __construct($enigma) { - $rcmail = rcmail::get_instance(); - $this->rc = $rcmail; + $this->rc = rcmail::get_instance(); $this->enigma = $enigma; + + // this will remove passwords from session after some time + $this->get_passwords(); } /** @@ -55,10 +59,11 @@ class enigma_engine */ function load_pgp_driver() { - if ($this->pgp_driver) + if ($this->pgp_driver) { return; + } - $driver = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg'); + $driver = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg'); $username = $this->rc->user->get_username(); // Load driver @@ -89,10 +94,11 @@ class enigma_engine */ function load_smime_driver() { - if ($this->smime_driver) + if ($this->smime_driver) { return; + } - $driver = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl'); + $driver = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl'); $username = $this->rc->user->get_username(); // Load driver @@ -119,6 +125,58 @@ class enigma_engine } /** + * Handler for message_part_structure hook. + * Called for every part of the message. + * + * @param array Original parameters + * + * @return array Modified parameters + */ + function part_structure($p) + { + if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') { + $this->parse_plain($p); + } + else if ($p['mimetype'] == 'multipart/signed') { + $this->parse_signed($p); + } + else if ($p['mimetype'] == 'multipart/encrypted') { + $this->parse_encrypted($p); + } + else if ($p['mimetype'] == 'application/pkcs7-mime') { + $this->parse_encrypted($p); + } + + return $p; + } + + /** + * Handler for message_part_body hook. + * + * @param array Original parameters + * + * @return array Modified parameters + */ + function part_body($p) + { + // encrypted attachment, see parse_plain_encrypted() + if ($p['part']->need_decryption && $p['part']->body === null) { + $storage = $this->rc->get_storage(); + $body = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false); + $result = $this->pgp_decrypt($body); + + // @TODO: what to do on error? + if ($result === true) { + $p['part']->body = $body; + $p['part']->size = strlen($body); + $p['part']->body_modified = true; + } + } + + return $p; + } + + /** * Handler for plain/text message. * * @param array Reference to hook's parameters @@ -127,17 +185,22 @@ class enigma_engine { $part = $p['structure']; + // exit, if we're already inside a decrypted message + if ($part->encrypted) { + return; + } + // Get message body from IMAP server - $this->set_part_body($part, $p['object']->uid); + $body = $this->get_part_body($p['object'], $part->mime_id); - // @TODO: big message body can be a file resource + // @TODO: big message body could be a file resource // PGP signed message - if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $part->body)) { - $this->parse_plain_signed($p); + if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $body)) { + $this->parse_plain_signed($p, $body); } // PGP encrypted message - else if (preg_match('/^-----BEGIN PGP MESSAGE-----/', $part->body)) { - $this->parse_plain_encrypted($p); + else if (preg_match('/^-----BEGIN PGP MESSAGE-----/', $body)) { + $this->parse_plain_encrypted($p, $body); } } @@ -154,13 +217,16 @@ class enigma_engine if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pkcs7-signature') { $this->parse_smime_signed($p); } - // PGP/MIME: + // PGP/MIME: RFC3156 // The multipart/signed body MUST consist of exactly two parts. // The first part contains the signed data in MIME canonical format, // including a set of appropriate content headers describing the data. // The second body MUST contain the PGP digital signature. It MUST be // labeled with a content type of "application/pgp-signature". - else if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature') { + else if ($struct->ctype_parameters['protocol'] == 'application/pgp-signature' + && count($struct->parts) == 2 + && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature' + ) { $this->parse_pgp_signed($p); } } @@ -178,14 +244,16 @@ class enigma_engine if ($struct->mimetype == 'application/pkcs7-mime') { $this->parse_smime_encrypted($p); } - // PGP/MIME: - // The multipart/encrypted MUST consist of exactly two parts. The first + // PGP/MIME: RFC3156 + // The multipart/encrypted MUST consist of exactly two parts. The first // MIME body part must have a content type of "application/pgp-encrypted". // This body contains the control information. // The second MIME body part MUST contain the actual encrypted data. It // must be labeled with a content type of "application/octet-stream". - else if ($struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted' && - $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream' + else if ($struct->ctype_parameters['protocol'] == 'application/pgp-encrypted' + && count($struct->parts) == 2 + && $struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted' + && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream' ) { $this->parse_pgp_encrypted($p); } @@ -195,16 +263,17 @@ class enigma_engine * Handler for plain signed message. * Excludes message and signature bodies and verifies signature. * - * @param array Reference to hook's parameters + * @param array Reference to hook's parameters + * @param string Message (part) body */ - private function parse_plain_signed(&$p) + private function parse_plain_signed(&$p, $body) { $this->load_pgp_driver(); $part = $p['structure']; // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { - $sig = $this->pgp_verify($part->body); + $sig = $this->pgp_verify($body); } // @TODO: Handle big bodies using (temp) files @@ -213,10 +282,12 @@ class enigma_engine $fh = fopen('php://memory', 'br+'); // @TODO: fopen/fwrite errors handling if ($fh) { - fwrite($fh, $part->body); + fwrite($fh, $body); rewind($fh); } - $part->body = null; + + $body = $part->body = null; + $part->body_modified = true; // Extract body (and signature?) while (!feof($fh)) { @@ -248,7 +319,7 @@ class enigma_engine * Handler for PGP/MIME signed message. * Verifies signature. * - * @param array Reference to hook's parameters + * @param array Reference to hook's parameters */ private function parse_pgp_signed(&$p) { @@ -261,11 +332,13 @@ class enigma_engine $sig_part = $struct->parts[1]; // Get bodies - $this->set_part_body($msg_part, $p['object']->uid); - $this->set_part_body($sig_part, $p['object']->uid); + // Note: The first part body need to be full part body with headers + // it also cannot be decoded + $msg_body = $this->get_part_body($p['object'], $msg_part->mime_id, true); + $sig_body = $this->get_part_body($p['object'], $sig_part->mime_id); // Verify - $sig = $this->pgp_verify($msg_part->body, $sig_part->body); + $sig = $this->pgp_verify($msg_body, $sig_body); // Store signature data for display $this->signatures[$struct->mime_id] = $sig; @@ -275,10 +348,11 @@ class enigma_engine foreach ($msg_part->parts as $part) $this->signed_parts[$part->mime_id] = $struct->mime_id; } - else + else { $this->signed_parts[$msg_part->mime_id] = $struct->mime_id; + } - // Remove signature file from attachments list + // Remove signature file from attachments list (?) unset($struct->parts[1]); } } @@ -291,6 +365,8 @@ class enigma_engine */ private function parse_smime_signed(&$p) { + return; // @TODO + // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { $this->load_smime_driver(); @@ -321,25 +397,55 @@ class enigma_engine /** * Handler for plain encrypted message. * - * @param array Reference to hook's parameters + * @param array Reference to hook's parameters + * @param string Message (part) body */ - private function parse_plain_encrypted(&$p) + private function parse_plain_encrypted(&$p, $body) { $this->load_pgp_driver(); $part = $p['structure']; - // Get body - $this->set_part_body($part, $p['object']->uid); - // Decrypt - $result = $this->pgp_decrypt($part->body); + $result = $this->pgp_decrypt($body); // Store decryption status $this->decryptions[$part->mime_id] = $result; // Parse decrypted message if ($result === true) { - // @TODO + $part->body = $body; + $part->body_modified = true; + $part->encrypted = true; + + // Encrypted plain message may contain encrypted attachments + // in such case attachments have .pgp extension and application/octet-stream. + // This is what happens when you select "Encrypt each attachment separately + // and send the message using inline PGP" in Thunderbird's Enigmail. + + // find parent part ID + if (strpos($part->mime_id, '.')) { + $items = explode('.', $part->mime_id); + array_pop($items); + $parent = implode('.', $items); + } + else { + $parent = 0; + } + + if ($p['object']->mime_parts[$parent]) { + foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) { + if ($p->disposition == 'attachment' && $p->mimetype == 'application/octet-stream' + && preg_match('/^(.*)\.pgp$/i', $p->filename, $m) + ) { + // modify filename + $p->filename = $m[1]; + // flag the part, it will be decrypted when needed + $p->need_decryption = true; + // disable caching + $p->body_modified = true; + } + } + } } } @@ -351,22 +457,32 @@ class enigma_engine private function parse_pgp_encrypted(&$p) { $this->load_pgp_driver(); + $struct = $p['structure']; - $part = $struct->parts[1]; - + $part = $struct->parts[1]; + // Get body - $this->set_part_body($part, $p['object']->uid); + $body = $this->get_part_body($p['object'], $part->mime_id); // Decrypt - $result = $this->pgp_decrypt($part->body); + $result = $this->pgp_decrypt($body); - $this->decryptions[$part->mime_id] = $result; -//print_r($part); - // Parse decrypted message if ($result === true) { - // @TODO + // Parse decrypted message + $struct = $this->parse_body($body); + + // Modify original message structure + $this->modify_structure($p, $struct); + + // Attach the decryption message to all parts + $this->decryptions[$struct->mime_id] = $result; + foreach ((array) $struct->parts as $sp) { + $this->decryptions[$sp->mime_id] = $result; + } } else { + $this->decryptions[$part->mime_id] = $result; + // Make sure decryption status message will be displayed $part->type = 'content'; $p['object']->parts[] = $part; @@ -418,8 +534,8 @@ class enigma_engine { // @TODO: Handle big bodies using (temp) files // @TODO: caching of verification result - $key = ''; $pass = ''; // @TODO - $result = $this->pgp_driver->decrypt($msg_body, $key, $pass); + $keys = $this->get_passwords(); + $result = $this->pgp_driver->decrypt($msg_body, $keys); if ($result instanceof enigma_error) { $err_code = $result->getCode(); @@ -432,7 +548,8 @@ class enigma_engine return $result; } -// $msg_body = $result; + $msg_body = $result; + return true; } @@ -443,7 +560,7 @@ class enigma_engine * * @return mixed Array of keys or enigma_error */ - function list_keys($pattern='') + function list_keys($pattern = '') { $this->load_pgp_driver(); $result = $this->pgp_driver->list_keys($pattern); @@ -470,7 +587,30 @@ class enigma_engine { $this->load_pgp_driver(); $result = $this->pgp_driver->get_key($keyid); - + + if ($result instanceof enigma_error) { + rcube::raise_error(array( + 'code' => 600, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Enigma plugin: " . $result->getMessage() + ), true, false); + } + + return $result; + } + + /** + * PGP key delete. + * + * @param string Key ID + * + * @return enigma_error|bool True on success + */ + function delete_key($keyid) + { + $this->load_pgp_driver(); + $result = $this->pgp_driver->delete_key($keyid); + if ($result instanceof enigma_error) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', @@ -478,7 +618,7 @@ class enigma_engine 'message' => "Enigma plugin: " . $result->getMessage() ), true, false); } - + return $result; } @@ -535,20 +675,162 @@ class enigma_engine $this->rc->output->send(); } + function password_handler() + { + $keyid = rcube_utils::get_input_value('_keyid', rcube_utils::INPUT_POST); + $passwd = rcube_utils::get_input_value('_passwd', rcube_utils::INPUT_POST, true); + + if ($keyid && $passwd !== null && strlen($passwd)) { + $this->save_password($keyid, $passwd); + } + } + + function save_password($keyid, $password) + { + // we store passwords in session for specified time + if ($config = $_SESSION['enigma_pass']) { + $config = $this->rc->decrypt($config); + $config = @unserialize($config); + } + + $config[$keyid] = array($password, time()); + + $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config)); + } + + function get_passwords() + { + if ($config = $_SESSION['enigma_pass']) { + $config = $this->rc->decrypt($config); + $config = @unserialize($config); + } + + $threshold = time() - self::PASSWORD_TIME; + $keys = array(); + + // delete expired passwords + foreach ((array) $config as $key => $value) { + if ($value[1] < $threshold) { + unset($config[$key]); + $modified = true; + } + else { + $keys[$key] = $value[0]; + } + } + + if ($modified) { + $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config)); + } + + return $keys; + } + /** - * Checks if specified message part contains body data. - * If body is not set it will be fetched from IMAP server. + * Get message part body. * - * @param rcube_message_part Message part object - * @param integer Message UID + * @param rcube_message Message object + * @param string Message part ID + * @param bool Return raw body with headers */ - private function set_part_body($part, $uid) + private function get_part_body($msg, $part_id, $full = false) { - // @TODO: Create such function in core // @TODO: Handle big bodies using file handles - if (!isset($part->body)) { - $part->body = $this->rc->storage->get_message_part( - $uid, $part->mime_id, $part); + if ($full) { + $storage = $this->rc->get_storage(); + $body = $storage->get_raw_headers($msg->uid, $part_id); + $body .= $storage->get_raw_body($msg->uid, null, $part_id); + } + else { + $body = $msg->get_part_body($part_id, false); + } + + return $body; + } + + /** + * Parse decrypted message body into structure + * + * @param string Message body + * + * @return array Message structure + */ + private function parse_body(&$body) + { + // Mail_mimeDecode need \r\n end-line, but gpg may return \n + $body = preg_replace('/\r?\n/', "\r\n", $body); + + // parse the body into structure + $struct = rcube_mime::parse_message($body); + + return $struct; + } + + /** + * Replace message encrypted structure with decrypted message structure + * + * @param array + * @param rcube_message_part + */ + private function modify_structure(&$p, $struct) + { + // modify mime_parts property of the message object + $old_id = $p['structure']->mime_id; + foreach (array_keys($p['object']->mime_parts) as $idx) { + if (!$old_id || $idx == $old_id || strpos($idx, $old_id . '.') === 0) { + unset($p['object']->mime_parts[$idx]); + } } + + // modify the new structure to be correctly handled by Roundcube + $this->modify_structure_part($struct, $p['object'], $old_id); + + // replace old structure with the new one + $p['structure'] = $struct; + $p['mimetype'] = $struct->mimetype; + } + + /** + * Modify decrypted message part + * + * @param rcube_message_part + * @param rcube_message + */ + private function modify_structure_part($part, $msg, $old_id) + { + // never cache the body + $part->body_modified = true; + $part->encoding = 'stream'; + + // Cache the fact it was decrypted + $part->encrypted = true; + + // modify part identifier + if ($old_id) { + $part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id); + } + + $msg->mime_parts[$part->mime_id] = $part; + + // modify sub-parts + foreach ((array) $part->parts as $p) { + $this->modify_structure_part($p, $msg, $old_id); + } + } + + /** + * Checks if specified message part is a PGP-key or S/MIME cert data + * + * @param rcube_message_part Part object + * + * @return boolean True if part is a key/cert + */ + public function is_keys_part($part) + { + // @TODO: S/MIME + return ( + // Content-Type: application/pgp-keys + $part->mimetype == 'application/pgp-keys' + ); } } diff --git a/plugins/enigma/lib/enigma_error.php b/plugins/enigma/lib/enigma_error.php index ab8d01557..7122e8e7b 100644 --- a/plugins/enigma/lib/enigma_error.php +++ b/plugins/enigma/lib/enigma_error.php @@ -37,11 +37,12 @@ class enigma_error const E_EXPIRED = 6; const E_UNVERIFIED = 7; + function __construct($code = null, $message = '', $data = array()) { - $this->code = $code; + $this->code = $code; $this->message = $message; - $this->data = $data; + $this->data = $data; } function getCode() @@ -56,9 +57,11 @@ class enigma_error function getData($name) { - if ($name) + if ($name) { return $this->data[$name]; - else + } + else { return $this->data; + } } } diff --git a/plugins/enigma/lib/enigma_key.php b/plugins/enigma/lib/enigma_key.php index 520c36b0b..66670c5d5 100644 --- a/plugins/enigma/lib/enigma_key.php +++ b/plugins/enigma/lib/enigma_key.php @@ -25,12 +25,12 @@ class enigma_key { public $id; public $name; - public $users = array(); + public $users = array(); public $subkeys = array(); const TYPE_UNKNOWN = 0; const TYPE_KEYPAIR = 1; - const TYPE_PUBLIC = 2; + const TYPE_PUBLIC = 2; /** * Keys list sorting callback for usort() @@ -55,7 +55,7 @@ class enigma_key /** * Returns true if all user IDs are revoked - */ + */ function is_revoked() { foreach ($this->subkeys as $subkey) @@ -67,7 +67,7 @@ class enigma_key /** * Returns true if any user ID is valid - */ + */ function is_valid() { foreach ($this->users as $user) @@ -76,18 +76,18 @@ class enigma_key return false; } - + /** * Returns true if any of subkeys is not expired - */ + */ function is_expired() { $now = time(); - + foreach ($this->subkeys as $subkey) if (!$subkey->expires || $subkey->expires > $now) return true; - + return false; } @@ -101,7 +101,7 @@ class enigma_key static function format_id($id) { // E.g. 04622F2089E037A5 => 89E037A5 - + return substr($id, -8); } @@ -114,15 +114,18 @@ class enigma_key */ static function format_fingerprint($fingerprint) { - if (!$fingerprint) + if (!$fingerprint) { return ''; - + } + $result = ''; for ($i=0; $i<40; $i++) { - if ($i % 4 == 0) + if ($i % 4 == 0) { $result .= ' '; + } $result .= $fingerprint[$i]; } + return $result; } diff --git a/plugins/enigma/lib/enigma_ui.php b/plugins/enigma/lib/enigma_ui.php index 2e95938f2..26396f1dd 100644 --- a/plugins/enigma/lib/enigma_ui.php +++ b/plugins/enigma/lib/enigma_ui.php @@ -26,16 +26,18 @@ class enigma_ui private $rc; private $enigma; private $home; - private $css_added; + private $css_loaded; + private $js_loaded; private $data; + private $keys_parts = array(); + private $keys_bodies = array(); function __construct($enigma_plugin, $home='') { $this->enigma = $enigma_plugin; - $this->rc = $enigma_plugin->rc; - // we cannot use $enigma_plugin->home here - $this->home = $home; + $this->rc = $enigma_plugin->rc; + $this->home = $home; // we cannot use $enigma_plugin->home here } /** @@ -45,58 +47,65 @@ class enigma_ui */ function init($section='') { - $this->enigma->include_script('enigma.js'); + $this->add_js(); - // Enigma actions - if ($this->rc->action == 'plugin.enigma') { - $action = rcube_utils::get_input_value('_a', rcube_utils::INPUT_GPC); + $action = rcube_utils::get_input_value('_a', rcube_utils::INPUT_GPC); + if ($this->rc->action == 'plugin.enigmakeys') { switch ($action) { - case 'keyedit': + case 'delete': + $this->key_delete(); + break; +/* + case 'edit': $this->key_edit(); break; - case 'keyimport': +*/ + case 'import': $this->key_import(); break; - case 'keysearch': - case 'keylist': + + case 'search': + case 'list': $this->key_list(); break; - case 'keyinfo': - default: + + case 'info': $this->key_info(); + break; } + + $this->rc->output->add_handlers(array( + 'keyslist' => array($this, 'tpl_keys_list'), + 'keyframe' => array($this, 'tpl_key_frame'), + 'countdisplay' => array($this, 'tpl_keys_rowcount'), + 'searchform' => array($this->rc->output, 'search_form'), + )); + + $this->rc->output->set_pagetitle($this->enigma->gettext('enigmakeys')); + $this->rc->output->send('enigma.keys'); } +/* + // Preferences UI + else if ($this->rc->action == 'plugin.enigmacerts') { + $this->rc->output->add_handlers(array( + 'keyslist' => array($this, 'tpl_certs_list'), + 'keyframe' => array($this, 'tpl_cert_frame'), + 'countdisplay' => array($this, 'tpl_certs_rowcount'), + 'searchform' => array($this->rc->output, 'search_form'), + )); + + $this->rc->output->set_pagetitle($this->enigma->gettext('enigmacerts')); + $this->rc->output->send('enigma.certs'); + } +*/ // Message composing UI else if ($this->rc->action == 'compose') { $this->compose_ui(); } - // Preferences UI - else { // if ($this->rc->action == 'edit-prefs') { - if ($section == 'enigmacerts') { - $this->rc->output->add_handlers(array( - 'keyslist' => array($this, 'tpl_certs_list'), - 'keyframe' => array($this, 'tpl_cert_frame'), - 'countdisplay' => array($this, 'tpl_certs_rowcount'), - 'searchform' => array($this->rc->output, 'search_form'), - )); - $this->rc->output->set_pagetitle($this->enigma->gettext('enigmacerts')); - $this->rc->output->send('enigma.certs'); - } - else { - $this->rc->output->add_handlers(array( - 'keyslist' => array($this, 'tpl_keys_list'), - 'keyframe' => array($this, 'tpl_key_frame'), - 'countdisplay' => array($this, 'tpl_keys_rowcount'), - 'searchform' => array($this->rc->output, 'search_form'), - )); - $this->rc->output->set_pagetitle($this->enigma->gettext('enigmakeys')); - $this->rc->output->send('enigma.keys'); - } - } } - /** + /** * Adds CSS style file to the page header. */ function add_css() @@ -109,7 +118,46 @@ class enigma_ui $this->enigma->include_stylesheet("$skin_path/enigma.css"); } - $this->css_added = true; + $this->css_loaded = true; + } + + /** + * Adds javascript file to the page header. + */ + function add_js() + { + if ($this->js_loaded) { + return; + } + + $this->enigma->include_script('enigma.js'); + + $this->js_loaded = true; + } + + /** + * Initializes key password prompt + * + * @param enigma_error Error object with key info + */ + function password_prompt($status) + { + $data = $status->getData('missing'); + + if (empty($data)) { + $data = $status->getData('bad'); + } + + $data = array('keyid' => key($data), 'user' => $data[key($data)]); + + $this->rc->output->set_env('enigma_password_request', $data); + + // add some labels to client + $this->rc->output->add_label('enigma.enterkeypasstitle', 'enigma.enterkeypass', + 'save', 'cancel'); + + $this->add_css(); + $this->add_js(); } /** @@ -159,7 +207,7 @@ class enigma_ui $this->rc->output->include_script('list.js'); // add some labels to client - $this->rc->output->add_label('enigma.keyconfirmdelete'); + $this->rc->output->add_label('enigma.keyremoveconfirm', 'enigma.keyremoving'); return $out; } @@ -260,13 +308,14 @@ class enigma_ui */ private function key_info() { - $id = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GET); - $this->enigma->load_engine(); + + $id = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GET); $res = $this->enigma->engine->get_key($id); - if ($res instanceof enigma_key) + if ($res instanceof enigma_key) { $this->data = $res; + } else { // error $this->rc->output->show_message('enigma.keyopenerror', 'error'); $this->rc->output->command('parent.enigma_loadframe'); @@ -319,7 +368,7 @@ class enigma_ui $out .= html::tag('fieldset', null, html::tag('legend', null, $this->enigma->gettext('basicinfo')) . $table->show($attrib)); - +/* // Subkeys $table = new html_table(array('cols' => 6)); // Columns: Type, ID, Algorithm, Size, Created, Expires @@ -335,7 +384,7 @@ class enigma_ui $out .= html::tag('fieldset', null, html::tag('legend', null, $this->enigma->gettext('userids')) . $table->show($attrib)); - +*/ return $out; } @@ -362,8 +411,9 @@ class enigma_ui $this->rc->output->send('iframe'); } - else + else { $this->rc->output->show_message('enigma.keysimportfailed', 'error'); + } } else if ($err = $_FILES['_file']['error']) { if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) { @@ -401,7 +451,7 @@ class enigma_ui $this->rc->output->add_gui_object('importform', $attrib['id']); $out = $this->rc->output->form_tag(array( - 'action' => $this->rc->url(array('action' => 'plugin.enigma', 'a' => 'keyimport')), + 'action' => $this->rc->url(array('action' => $this->rc->action, 'a' => 'import')), 'method' => 'post', 'enctype' => 'multipart/form-data') + $attrib, $form); @@ -409,21 +459,52 @@ class enigma_ui return $out; } + /** + * Key deleting + */ + private function key_delete() + { + $keys = rcube_utils::get_input_value('_keys', rcube_utils::INPUT_POST); + + $this->enigma->load_engine(); + + foreach ((array)$keys as $key) { + $res = $this->enigma->engine->delete_key($key); + + if ($res !== true) { + $this->rc->output->show_message('enigma.keyremoveerror', 'error'); + $this->rc->output->command('enigma_list'); + $this->rc->output->send(); + } + } + + $this->rc->output->command('enigma_list'); + $this->rc->output->show_message('enigma.keyremovesuccess', 'confirmation'); + $this->rc->output->send(); + } + private function compose_ui() { +/* + $this->add_css(); + // Options menu button // @TODO: make this work with non-default skins $this->enigma->add_button(array( - 'name' => 'enigmamenu', - 'imagepas' => 'skins/classic/enigma.png', - 'imageact' => 'skins/classic/enigma.png', - 'onclick' => "rcmail_ui.show_popup('enigmamenu', true); return false", - 'title' => 'securityoptions', - 'domain' => 'enigma', + 'type' => 'link', + 'command' => 'plugin.enigma', + 'onclick' => "rcmail.command('menu-open', 'enigmamenu', event.target, event)", + 'class' => 'button enigma', + 'title' => 'securityoptions', + 'label' => 'securityoptions', + 'domain' => $this->enigma->ID, + 'width' => 32, + 'height' => 32 ), 'toolbar'); // Options menu contents $this->enigma->add_hook('render_page', array($this, 'compose_menu')); +*/ } function compose_menu($p) @@ -449,7 +530,189 @@ class enigma_ui $p['content'] = preg_replace('/(<form name="form"[^>]+>)/i', '\\1'."\n$menu", $p['content']); return $p; + } + + /** + * Handler for message_body_prefix hook. + * Called for every displayed (content) part of the message. + * Adds infobox about signature verification and/or decryption + * status above the body. + * + * @param array Original parameters + * + * @return array Modified parameters + */ + function status_message($p) + { + // skip: not a message part + if ($p['part'] instanceof rcube_message) { + return $p; + } + // skip: message has no signed/encoded content + if (!$this->enigma->engine) { + return $p; + } + + $engine = $this->enigma->engine; + $part_id = $p['part']->mime_id; + + // Decryption status + if (isset($engine->decryptions[$part_id])) { + $attach_scripts = true; + + // get decryption status + $status = $engine->decryptions[$part_id]; + + // display status info + $attrib['id'] = 'enigma-message'; + + if ($status instanceof enigma_error) { + $attrib['class'] = 'enigmaerror'; + $code = $status->getCode(); + + if ($code == enigma_error::E_KEYNOTFOUND) { + $msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($status->getData('id')), + $this->enigma->gettext('decryptnokey'))); + } + else if ($code == enigma_error::E_BADPASS) { + $msg = rcube::Q($this->enigma->gettext('decryptbadpass')); + $this->password_prompt($status); + } + else { + $msg = rcube::Q($this->enigma->gettext('decrypterror')); + } + } + else { + $attrib['class'] = 'enigmanotice'; + $msg = rcube::Q($this->enigma->gettext('decryptok')); + } + + $p['prefix'] .= html::div($attrib, $msg); + } + + // Signature verification status + if (isset($engine->signed_parts[$part_id]) + && ($sig = $engine->signatures[$engine->signed_parts[$part_id]]) + ) { + $attach_scripts = true; + + // display status info + $attrib['id'] = 'enigma-message'; + + if ($sig instanceof enigma_signature) { + $sender = ($sig->name ? $sig->name . ' ' : '') . '<' . $sig->email . '>'; + + if ($sig->valid === enigma_error::E_UNVERIFIED) { + $attrib['class'] = 'enigmawarning'; + $msg = str_replace('$sender', $sender, $this->enigma->gettext('sigunverified')); + $msg = str_replace('$keyid', $sig->id, $msg); + $msg = rcube::Q($msg); + } + else if ($sig->valid) { + $attrib['class'] = 'enigmanotice'; + $msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('sigvalid'))); + } + else { + $attrib['class'] = 'enigmawarning'; + $msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('siginvalid'))); + } + } + else if ($sig && $sig->getCode() == enigma_error::E_KEYNOTFOUND) { + $attrib['class'] = 'enigmawarning'; + $msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($sig->getData('id')), + $this->enigma->gettext('signokey'))); + } + else { + $attrib['class'] = 'enigmaerror'; + $msg = rcube::Q($this->enigma->gettext('sigerror')); + } +/* + $msg .= ' ' . html::a(array('href' => "#sigdetails", + 'onclick' => rcmail_output::JS_OBJECT_NAME.".command('enigma-sig-details')"), + rcube::Q($this->enigma->gettext('showdetails'))); +*/ + // test +// $msg .= '<br /><pre>'.$sig->body.'</pre>'; + + $p['prefix'] .= html::div($attrib, $msg); + + // Display each signature message only once + unset($engine->signatures[$engine->signed_parts[$part_id]]); + } + + if ($attach_scripts) { + // add css and js script + $this->add_css(); + $this->add_js(); + } + + return $p; + } + + /** + * Handler for message_load hook. + * Check message bodies and attachments for keys/certs. + */ + function message_load($p) + { + $engine = $this->enigma->load_engine(); + + // handle attachments vcard attachments + foreach ((array) $p['object']->attachments as $attachment) { + if ($engine->is_keys_part($attachment)) { + $this->keys_parts[] = $attachment->mime_id; + } + } + + // the same with message bodies + foreach ((array) $p['object']->parts as $part) { + if ($engine->is_keys_part($part)) { + $this->keys_parts[] = $part->mime_id; + $this->keys_bodies[] = $part->mime_id; + } + } + + // @TODO: inline PGP keys + + if ($this->keys_parts) { + $this->enigma->add_texts('localization'); + } + + return $p; + } + + /** + * Handler for template_object_messagebody hook. + * This callback function adds a box below the message content + * if there is a key/cert attachment available + */ + function message_output($p) + { + foreach ($this->keys_parts as $part) { + // remove part's body + if (in_array($part, $this->keys_bodies)) { + $p['content'] = ''; + } + + // add box below message body + $p['content'] .= html::p(array('class' => 'enigmaattachment'), + html::a(array( + 'href' => "#", + 'onclick' => "return ".rcmail_output::JS_OBJECT_NAME.".enigma_import_attachment('".rcube::JQ($part)."')", + 'title' => $this->enigma->gettext('keyattimport')), + html::span(null, $this->enigma->gettext('keyattfound')))); + + $attach_scripts = true; + } + + if ($attach_scripts) { + // add css and js script + $this->add_css(); + $this->add_js(); + } + + return $p; } } |