summaryrefslogtreecommitdiff
path: root/program/lib/Crypt/GPGAbstract.php
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-12-27 13:14:40 +0100
committerAleksander Machniak <alec@alec.pl>2013-12-27 13:14:40 +0100
commit3e98f8be718578644bb15ee6a992a875f6468e8f (patch)
treea0721e608a9ba04ca23d5535f90e579942581e6e /program/lib/Crypt/GPGAbstract.php
parentc97625e02a95ebd995af8a06c27229581a071ddd (diff)
Add some code for S/MIME signatures verification, update Crypt_GPG package
Diffstat (limited to 'program/lib/Crypt/GPGAbstract.php')
-rw-r--r--program/lib/Crypt/GPGAbstract.php508
1 files changed, 508 insertions, 0 deletions
diff --git a/program/lib/Crypt/GPGAbstract.php b/program/lib/Crypt/GPGAbstract.php
new file mode 100644
index 000000000..214133936
--- /dev/null
+++ b/program/lib/Crypt/GPGAbstract.php
@@ -0,0 +1,508 @@
+<?php
+
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
+
+/**
+ * Crypt_GPG is a package to use GPG from PHP
+ *
+ * This package provides an object oriented interface to GNU Privacy
+ * Guard (GPG). It requires the GPG executable to be on the system.
+ *
+ * Though GPG can support symmetric-key cryptography, this package is intended
+ * only to facilitate public-key cryptography.
+ *
+ * This file contains an abstract implementation of a user of the
+ * {@link Crypt_GPG_Engine} class.
+ *
+ * PHP version 5
+ *
+ * LICENSE:
+ *
+ * This library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of the
+ * License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * @category Encryption
+ * @package Crypt_GPG
+ * @author Nathan Fredrickson <nathan@silverorange.com>
+ * @author Michael Gauthier <mike@silverorange.com>
+ * @copyright 2005-2013 silverorange
+ * @license http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
+ * @version CVS: $Id: GPG.php 305428 2010-11-17 02:47:56Z gauthierm $
+ * @link http://pear.php.net/package/Crypt_GPG
+ * @link http://pear.php.net/manual/en/package.encryption.crypt-gpg.php
+ * @link http://www.gnupg.org/
+ */
+
+/**
+ * GPG key class
+ */
+require_once 'Crypt/GPG/Key.php';
+
+/**
+ * GPG sub-key class
+ */
+require_once 'Crypt/GPG/SubKey.php';
+
+/**
+ * GPG user id class
+ */
+require_once 'Crypt/GPG/UserId.php';
+
+/**
+ * GPG process and I/O engine class
+ */
+require_once 'Crypt/GPG/Engine.php';
+
+/**
+ * GPG exception classes
+ */
+require_once 'Crypt/GPG/Exceptions.php';
+
+// {{{ class Crypt_GPGAbstract
+
+/**
+ * Base class for implementing a user of {@link Crypt_GPG_Engine}
+ *
+ * @category Encryption
+ * @package Crypt_GPG
+ * @author Nathan Fredrickson <nathan@silverorange.com>
+ * @author Michael Gauthier <mike@silverorange.com>
+ * @copyright 2005-2013 silverorange
+ * @license http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
+ * @link http://pear.php.net/package/Crypt_GPG
+ * @link http://www.gnupg.org/
+ */
+abstract class Crypt_GPGAbstract
+{
+ // {{{ class error constants
+
+ /**
+ * Error code returned when there is no error.
+ */
+ const ERROR_NONE = 0;
+
+ /**
+ * Error code returned when an unknown or unhandled error occurs.
+ */
+ const ERROR_UNKNOWN = 1;
+
+ /**
+ * Error code returned when a bad passphrase is used.
+ */
+ const ERROR_BAD_PASSPHRASE = 2;
+
+ /**
+ * Error code returned when a required passphrase is missing.
+ */
+ const ERROR_MISSING_PASSPHRASE = 3;
+
+ /**
+ * Error code returned when a key that is already in the keyring is
+ * imported.
+ */
+ const ERROR_DUPLICATE_KEY = 4;
+
+ /**
+ * Error code returned the required data is missing for an operation.
+ *
+ * This could be missing key data, missing encrypted data or missing
+ * signature data.
+ */
+ const ERROR_NO_DATA = 5;
+
+ /**
+ * Error code returned when an unsigned key is used.
+ */
+ const ERROR_UNSIGNED_KEY = 6;
+
+ /**
+ * Error code returned when a key that is not self-signed is used.
+ */
+ const ERROR_NOT_SELF_SIGNED = 7;
+
+ /**
+ * Error code returned when a public or private key that is not in the
+ * keyring is used.
+ */
+ const ERROR_KEY_NOT_FOUND = 8;
+
+ /**
+ * Error code returned when an attempt to delete public key having a
+ * private key is made.
+ */
+ const ERROR_DELETE_PRIVATE_KEY = 9;
+
+ /**
+ * Error code returned when one or more bad signatures are detected.
+ */
+ const ERROR_BAD_SIGNATURE = 10;
+
+ /**
+ * Error code returned when there is a problem reading GnuPG data files.
+ */
+ const ERROR_FILE_PERMISSIONS = 11;
+
+ /**
+ * Error code returned when a key could not be created.
+ */
+ const ERROR_KEY_NOT_CREATED = 12;
+
+ /**
+ * Error code returned when bad key parameters are used during key
+ * generation.
+ */
+ const ERROR_BAD_KEY_PARAMS = 13;
+
+ // }}}
+ // {{{ other class constants
+
+ /**
+ * URI at which package bugs may be reported.
+ */
+ const BUG_URI = 'http://pear.php.net/bugs/report.php?package=Crypt_GPG';
+
+ // }}}
+ // {{{ protected class properties
+
+ /**
+ * Engine used to control the GPG subprocess
+ *
+ * @var Crypt_GPG_Engine
+ *
+ * @see Crypt_GPGAbstract::setEngine()
+ */
+ protected $engine = null;
+
+ // }}}
+ // {{{ __construct()
+
+ /**
+ * Creates a new GPG object
+ *
+ * Available options are:
+ *
+ * - <kbd>string homedir</kbd> - the directory where the GPG
+ * keyring files are stored. If not
+ * specified, Crypt_GPG uses the
+ * default of <kbd>~/.gnupg</kbd>.
+ * - <kbd>string publicKeyring</kbd> - the file path of the public
+ * keyring. Use this if the public
+ * keyring is not in the homedir, or
+ * if the keyring is in a directory
+ * not writable by the process
+ * invoking GPG (like Apache). Then
+ * you can specify the path to the
+ * keyring with this option
+ * (/foo/bar/pubring.gpg), and specify
+ * a writable directory (like /tmp)
+ * using the <i>homedir</i> option.
+ * - <kbd>string privateKeyring</kbd> - the file path of the private
+ * keyring. Use this if the private
+ * keyring is not in the homedir, or
+ * if the keyring is in a directory
+ * not writable by the process
+ * invoking GPG (like Apache). Then
+ * you can specify the path to the
+ * keyring with this option
+ * (/foo/bar/secring.gpg), and specify
+ * a writable directory (like /tmp)
+ * using the <i>homedir</i> option.
+ * - <kbd>string trustDb</kbd> - the file path of the web-of-trust
+ * database. Use this if the trust
+ * database is not in the homedir, or
+ * if the database is in a directory
+ * not writable by the process
+ * invoking GPG (like Apache). Then
+ * you can specify the path to the
+ * trust database with this option
+ * (/foo/bar/trustdb.gpg), and specify
+ * a writable directory (like /tmp)
+ * using the <i>homedir</i> option.
+ * - <kbd>string binary</kbd> - the location of the GPG binary. If
+ * not specified, the driver attempts
+ * to auto-detect the GPG binary
+ * location using a list of known
+ * default locations for the current
+ * operating system. The option
+ * <kbd>gpgBinary</kbd> is a
+ * deprecated alias for this option.
+ * - <kbd>string agent</kbd> - the location of the GnuPG agent
+ * binary. The gpg-agent is only
+ * used for GnuPG 2.x. If not
+ * specified, the engine attempts
+ * to auto-detect the gpg-agent
+ * binary location using a list of
+ * know default locations for the
+ * current operating system.
+ * - <kbd>boolean debug</kbd> - whether or not to use debug mode.
+ * When debug mode is on, all
+ * communication to and from the GPG
+ * subprocess is logged. This can be
+ *
+ * @param array $options optional. An array of options used to create the
+ * GPG object. All options are optional and are
+ * represented as key-value pairs.
+ *
+ * @throws Crypt_GPG_FileException if the <kbd>homedir</kbd> does not exist
+ * and cannot be created. This can happen if <kbd>homedir</kbd> is
+ * not specified, Crypt_GPG is run as the web user, and the web
+ * user has no home directory. This exception is also thrown if any
+ * of the options <kbd>publicKeyring</kbd>,
+ * <kbd>privateKeyring</kbd> or <kbd>trustDb</kbd> options are
+ * specified but the files do not exist or are are not readable.
+ * This can happen if the user running the Crypt_GPG process (for
+ * example, the Apache user) does not have permission to read the
+ * files.
+ *
+ * @throws PEAR_Exception if the provided <kbd>binary</kbd> is invalid, or
+ * if no <kbd>binary</kbd> is provided and no suitable binary could
+ * be found.
+ *
+ * @throws PEAR_Exception if the provided <kbd>agent</kbd> is invalid, or
+ * if no <kbd>agent</kbd> is provided and no suitable gpg-agent
+ * cound be found.
+ */
+ public function __construct(array $options = array())
+ {
+ $this->setEngine(new Crypt_GPG_Engine($options));
+ }
+
+ // }}}
+ // {{{ setEngine()
+
+ /**
+ * Sets the I/O engine to use for GnuPG operations
+ *
+ * Normally this method does not need to be used. It provides a means for
+ * dependency injection.
+ *
+ * @param Crypt_GPG_Engine $engine the engine to use.
+ *
+ * @return Crypt_GPGAbstract the current object, for fluent interface.
+ */
+ public function setEngine(Crypt_GPG_Engine $engine)
+ {
+ $this->engine = $engine;
+ return $this;
+ }
+
+ // }}}
+ // {{{ _getKeys()
+
+ /**
+ * Gets the available keys in the keyring
+ *
+ * Calls GPG with the <kbd>--list-keys</kbd> command and grabs keys. See
+ * the first section of <b>doc/DETAILS</b> in the
+ * {@link http://www.gnupg.org/download/ GPG package} for a detailed
+ * description of how the GPG command output is parsed.
+ *
+ * @param string $keyId optional. Only keys with that match the specified
+ * pattern are returned. The pattern may be part of
+ * a user id, a key id or a key fingerprint. If not
+ * specified, all keys are returned.
+ *
+ * @return array an array of {@link Crypt_GPG_Key} objects. If no keys
+ * match the specified <kbd>$keyId</kbd> an empty array is
+ * returned.
+ *
+ * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
+ * Use the <kbd>debug</kbd> option and file a bug report if these
+ * exceptions occur.
+ *
+ * @see Crypt_GPG_Key
+ */
+ protected function _getKeys($keyId = '')
+ {
+ // get private key fingerprints
+ if ($keyId == '') {
+ $operation = '--list-secret-keys';
+ } else {
+ $operation = '--list-secret-keys ' . escapeshellarg($keyId);
+ }
+
+ // According to The file 'doc/DETAILS' in the GnuPG distribution, using
+ // double '--with-fingerprint' also prints the fingerprint for subkeys.
+ $arguments = array(
+ '--with-colons',
+ '--with-fingerprint',
+ '--with-fingerprint',
+ '--fixed-list-mode'
+ );
+
+ $output = '';
+
+ $this->engine->reset();
+ $this->engine->setOutput($output);
+ $this->engine->setOperation($operation, $arguments);
+ $this->engine->run();
+
+ $code = $this->engine->getErrorCode();
+
+ switch ($code) {
+ case self::ERROR_NONE:
+ case self::ERROR_KEY_NOT_FOUND:
+ // ignore not found key errors
+ break;
+ case self::ERROR_FILE_PERMISSIONS:
+ $filename = $this->engine->getErrorFilename();
+ if ($filename) {
+ throw new Crypt_GPG_FileException(
+ sprintf(
+ 'Error reading GnuPG data file \'%s\'. Check to make ' .
+ 'sure it is readable by the current user.',
+ $filename
+ ),
+ $code,
+ $filename
+ );
+ }
+ throw new Crypt_GPG_FileException(
+ 'Error reading GnuPG data file. Check to make GnuPG data ' .
+ 'files are readable by the current user.',
+ $code
+ );
+ default:
+ throw new Crypt_GPG_Exception(
+ 'Unknown error getting keys. Please use the \'debug\' option ' .
+ 'when creating the Crypt_GPG object, and file a bug report ' .
+ 'at ' . self::BUG_URI,
+ $code
+ );
+ }
+
+ $privateKeyFingerprints = array();
+
+ $lines = explode(PHP_EOL, $output);
+ foreach ($lines as $line) {
+ $lineExp = explode(':', $line);
+ if ($lineExp[0] == 'fpr') {
+ $privateKeyFingerprints[] = $lineExp[9];
+ }
+ }
+
+ // get public keys
+ if ($keyId == '') {
+ $operation = '--list-public-keys';
+ } else {
+ $operation = '--list-public-keys ' . escapeshellarg($keyId);
+ }
+
+ $output = '';
+
+ $this->engine->reset();
+ $this->engine->setOutput($output);
+ $this->engine->setOperation($operation, $arguments);
+ $this->engine->run();
+
+ $code = $this->engine->getErrorCode();
+
+ switch ($code) {
+ case self::ERROR_NONE:
+ case self::ERROR_KEY_NOT_FOUND:
+ // ignore not found key errors
+ break;
+ case self::ERROR_FILE_PERMISSIONS:
+ $filename = $this->engine->getErrorFilename();
+ if ($filename) {
+ throw new Crypt_GPG_FileException(
+ sprintf(
+ 'Error reading GnuPG data file \'%s\'. Check to make ' .
+ 'sure it is readable by the current user.',
+ $filename
+ ),
+ $code,
+ $filename
+ );
+ }
+ throw new Crypt_GPG_FileException(
+ 'Error reading GnuPG data file. Check to make GnuPG data ' .
+ 'files are readable by the current user.',
+ $code
+ );
+ default:
+ throw new Crypt_GPG_Exception(
+ 'Unknown error getting keys. Please use the \'debug\' option ' .
+ 'when creating the Crypt_GPG object, and file a bug report ' .
+ 'at ' . self::BUG_URI,
+ $code
+ );
+ }
+
+ $keys = array();
+
+ $key = null; // current key
+ $subKey = null; // current sub-key
+
+ $lines = explode(PHP_EOL, $output);
+ foreach ($lines as $line) {
+ $lineExp = explode(':', $line);
+
+ if ($lineExp[0] == 'pub') {
+
+ // new primary key means last key should be added to the array
+ if ($key !== null) {
+ $keys[] = $key;
+ }
+
+ $key = new Crypt_GPG_Key();
+
+ $subKey = Crypt_GPG_SubKey::parse($line);
+ $key->addSubKey($subKey);
+
+ } elseif ($lineExp[0] == 'sub') {
+
+ $subKey = Crypt_GPG_SubKey::parse($line);
+ $key->addSubKey($subKey);
+
+ } elseif ($lineExp[0] == 'fpr') {
+
+ $fingerprint = $lineExp[9];
+
+ // set current sub-key fingerprint
+ $subKey->setFingerprint($fingerprint);
+
+ // if private key exists, set has private to true
+ if (in_array($fingerprint, $privateKeyFingerprints)) {
+ $subKey->setHasPrivate(true);
+ }
+
+ } elseif ($lineExp[0] == 'uid') {
+
+ $string = stripcslashes($lineExp[9]); // as per documentation
+ $userId = new Crypt_GPG_UserId($string);
+
+ if ($lineExp[1] == 'r') {
+ $userId->setRevoked(true);
+ }
+
+ $key->addUserId($userId);
+
+ }
+ }
+
+ // add last key
+ if ($key !== null) {
+ $keys[] = $key;
+ }
+
+ return $keys;
+ }
+
+ // }}}
+}
+
+// }}}
+
+?>