summaryrefslogtreecommitdiff
path: root/plugins/enigma/lib
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/enigma/lib')
-rw-r--r--plugins/enigma/lib/enigma_driver.php103
-rw-r--r--plugins/enigma/lib/enigma_driver_gnupg.php326
-rw-r--r--plugins/enigma/lib/enigma_driver_phpssl.php230
-rw-r--r--plugins/enigma/lib/enigma_engine.php1137
-rw-r--r--plugins/enigma/lib/enigma_error.php60
-rw-r--r--plugins/enigma/lib/enigma_key.php150
-rw-r--r--plugins/enigma/lib/enigma_mime_message.php299
-rw-r--r--plugins/enigma/lib/enigma_signature.php27
-rw-r--r--plugins/enigma/lib/enigma_subkey.php50
-rw-r--r--plugins/enigma/lib/enigma_ui.php749
-rw-r--r--plugins/enigma/lib/enigma_userid.php24
11 files changed, 3155 insertions, 0 deletions
diff --git a/plugins/enigma/lib/enigma_driver.php b/plugins/enigma/lib/enigma_driver.php
new file mode 100644
index 000000000..49208b39d
--- /dev/null
+++ b/plugins/enigma/lib/enigma_driver.php
@@ -0,0 +1,103 @@
+<?php
+
+/*
+ +-------------------------------------------------------------------------+
+ | Abstract driver for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+abstract class enigma_driver
+{
+ /**
+ * Class constructor.
+ *
+ * @param string User name (email address)
+ */
+ abstract function __construct($user);
+
+ /**
+ * Driver initialization.
+ *
+ * @return mixed NULL on success, enigma_error on failure
+ */
+ abstract function init();
+
+ /**
+ * Encryption.
+ */
+ abstract function encrypt($text, $keys);
+
+ /**
+ * Decryption..
+ *
+ * @param string Encrypted message
+ * @param array List of key-password mapping
+ */
+ abstract function decrypt($text, $keys = array());
+
+ /**
+ * Signing.
+ */
+ abstract function sign($text, $key, $passwd, $mode = null);
+
+ /**
+ * Signature verification.
+ *
+ * @param string Message body
+ * @param string Signature, if message is of type PGP/MIME and body doesn't contain it
+ *
+ * @return mixed Signature information (enigma_signature) or enigma_error
+ */
+ abstract function verify($text, $signature);
+
+ /**
+ * Key/Cert file import.
+ *
+ * @param string File name or file content
+ * @param bollean True if first argument is a filename
+ *
+ * @return mixed Import status array or enigma_error
+ */
+ abstract function import($content, $isfile=false);
+
+ /**
+ * Keys listing.
+ *
+ * @param string Optional pattern for key ID, user ID or fingerprint
+ *
+ * @return mixed Array of enigma_key objects or enigma_error
+ */
+ abstract function list_keys($pattern='');
+
+ /**
+ * Single key information.
+ *
+ * @param string Key ID, user ID or fingerprint
+ *
+ * @return mixed Key (enigma_key) object or enigma_error
+ */
+ abstract function get_key($keyid);
+
+ /**
+ * Key pair generation.
+ *
+ * @param array Key/User data
+ *
+ * @return mixed Key (enigma_key) object or enigma_error
+ */
+ abstract function gen_key($data);
+
+ /**
+ * Key deletion.
+ */
+ abstract function delete_key($keyid);
+}
diff --git a/plugins/enigma/lib/enigma_driver_gnupg.php b/plugins/enigma/lib/enigma_driver_gnupg.php
new file mode 100644
index 000000000..52a0ad66c
--- /dev/null
+++ b/plugins/enigma/lib/enigma_driver_gnupg.php
@@ -0,0 +1,326 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | GnuPG (PGP) driver for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+require_once 'Crypt/GPG.php';
+
+class enigma_driver_gnupg extends enigma_driver
+{
+ private $rc;
+ private $gpg;
+ private $homedir;
+ private $user;
+
+
+ function __construct($user)
+ {
+ $this->rc = rcmail::get_instance();
+ $this->user = $user;
+ }
+
+ /**
+ * Driver initialization and environment checking.
+ * Should only return critical errors.
+ *
+ * @return mixed NULL on success, enigma_error on failure
+ */
+ function init()
+ {
+ $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home');
+
+ if (!$homedir)
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Option 'enigma_pgp_homedir' not specified");
+
+ // check if homedir exists (create it if not) and is readable
+ if (!file_exists($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Keys directory doesn't exists: $homedir");
+ if (!is_writable($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Keys directory isn't writeable: $homedir");
+
+ $homedir = $homedir . '/' . $this->user;
+
+ // check if user's homedir exists (create it if not) and is readable
+ if (!file_exists($homedir))
+ mkdir($homedir, 0700);
+
+ if (!file_exists($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Unable to create keys directory: $homedir");
+ if (!is_writable($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Unable to write to keys directory: $homedir");
+
+ $this->homedir = $homedir;
+
+ // Create Crypt_GPG object
+ try {
+ $this->gpg = new Crypt_GPG(array(
+ 'homedir' => $this->homedir,
+ // 'binary' => '/usr/bin/gpg2',
+ // 'debug' => true,
+ ));
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ /**
+ * Encrypt a message
+ *
+ * @param string The message
+ * @param array List of keys
+ */
+ function encrypt($text, $keys)
+ {
+ try {
+ foreach ($keys as $key) {
+ $this->gpg->addEncryptKey($key);
+ }
+
+ $dec = $this->gpg->encrypt($text, true);
+ return $dec;
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ /**
+ * Decrypt a message
+ *
+ * @param string Encrypted message
+ * @param array List of key-password mapping
+ */
+ function decrypt($text, $keys = array())
+ {
+ try {
+ foreach ($keys as $key => $password) {
+ $this->gpg->addDecryptKey($key, $password);
+ }
+
+ $dec = $this->gpg->decrypt($text);
+ return $dec;
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ function sign($text, $key, $passwd, $mode = null)
+ {
+ try {
+ $this->gpg->addSignKey($key, $passwd);
+ return $this->gpg->sign($text, $mode, CRYPT_GPG::ARMOR_ASCII, true);
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ function verify($text, $signature)
+ {
+ try {
+ $verified = $this->gpg->verify($text, $signature);
+ return $this->parse_signature($verified[0]);
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ public function import($content, $isfile=false)
+ {
+ try {
+ if ($isfile)
+ return $this->gpg->importKeyFile($content);
+ else
+ return $this->gpg->importKey($content);
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ public function list_keys($pattern='')
+ {
+ try {
+ $keys = $this->gpg->getKeys($pattern);
+ $result = array();
+
+ foreach ($keys as $idx => $key) {
+ $result[] = $this->parse_key($key);
+ unset($keys[$idx]);
+ }
+
+ return $result;
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ public function get_key($keyid)
+ {
+ $list = $this->list_keys($keyid);
+
+ if (is_array($list))
+ return array_shift($list);
+
+ // error
+ return $list;
+ }
+
+ public function gen_key($data)
+ {
+ }
+
+ public function delete_key($keyid)
+ {
+ // delete public key
+ $result = $this->delete_pubkey($keyid);
+
+ // if not found, delete private key
+ if ($result !== true && $result->getCode() == enigma_error::E_KEYNOTFOUND) {
+ $result = $this->delete_privkey($keyid);
+ }
+
+ return $result;
+ }
+
+ public function delete_privkey($keyid)
+ {
+ try {
+ $this->gpg->deletePrivateKey($keyid);
+ return true;
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ public function delete_pubkey($keyid)
+ {
+ try {
+ $this->gpg->deletePublicKey($keyid);
+ return true;
+ }
+ catch (Exception $e) {
+ return $this->get_error_from_exception($e);
+ }
+ }
+
+ /**
+ * Converts Crypt_GPG exception into Enigma's error object
+ *
+ * @param mixed Exception object
+ *
+ * @return enigma_error Error object
+ */
+ private function get_error_from_exception($e)
+ {
+ $data = array();
+
+ if ($e instanceof Crypt_GPG_KeyNotFoundException) {
+ $error = enigma_error::E_KEYNOTFOUND;
+ $data['id'] = $e->getKeyId();
+ }
+ else if ($e instanceof Crypt_GPG_BadPassphraseException) {
+ $error = enigma_error::E_BADPASS;
+ $data['bad'] = $e->getBadPassphrases();
+ $data['missing'] = $e->getMissingPassphrases();
+ }
+ else if ($e instanceof Crypt_GPG_NoDataException)
+ $error = enigma_error::E_NODATA;
+ else if ($e instanceof Crypt_GPG_DeletePrivateKeyException)
+ $error = enigma_error::E_DELKEY;
+ else
+ $error = enigma_error::E_INTERNAL;
+
+ $msg = $e->getMessage();
+
+ return new enigma_error($error, $msg, $data);
+ }
+
+ /**
+ * Converts Crypt_GPG_Signature object into Enigma's signature object
+ *
+ * @param Crypt_GPG_Signature Signature object
+ *
+ * @return enigma_signature Signature object
+ */
+ private function parse_signature($sig)
+ {
+ $user = $sig->getUserId();
+
+ $data = new enigma_signature();
+ $data->id = $sig->getId();
+ $data->valid = $sig->isValid();
+ $data->fingerprint = $sig->getKeyFingerprint();
+ $data->created = $sig->getCreationDate();
+ $data->expires = $sig->getExpirationDate();
+ $data->name = $user->getName();
+ $data->comment = $user->getComment();
+ $data->email = $user->getEmail();
+
+ return $data;
+ }
+
+ /**
+ * Converts Crypt_GPG_Key object into Enigma's key object
+ *
+ * @param Crypt_GPG_Key Key object
+ *
+ * @return enigma_key Key object
+ */
+ private function parse_key($key)
+ {
+ $ekey = new enigma_key();
+
+ foreach ($key->getUserIds() as $idx => $user) {
+ $id = new enigma_userid();
+ $id->name = $user->getName();
+ $id->comment = $user->getComment();
+ $id->email = $user->getEmail();
+ $id->valid = $user->isValid();
+ $id->revoked = $user->isRevoked();
+
+ $ekey->users[$idx] = $id;
+ }
+
+ $ekey->name = trim($ekey->users[0]->name . ' <' . $ekey->users[0]->email . '>');
+
+ foreach ($key->getSubKeys() as $idx => $subkey) {
+ $skey = new enigma_subkey();
+ $skey->id = $subkey->getId();
+ $skey->revoked = $subkey->isRevoked();
+ $skey->created = $subkey->getCreationDate();
+ $skey->expires = $subkey->getExpirationDate();
+ $skey->fingerprint = $subkey->getFingerprint();
+ $skey->has_private = $subkey->hasPrivate();
+ $skey->can_sign = $subkey->canSign();
+ $skey->can_encrypt = $subkey->canEncrypt();
+
+ $ekey->subkeys[$idx] = $skey;
+ };
+
+ $ekey->id = $ekey->subkeys[0]->id;
+
+ return $ekey;
+ }
+}
diff --git a/plugins/enigma/lib/enigma_driver_phpssl.php b/plugins/enigma/lib/enigma_driver_phpssl.php
new file mode 100644
index 000000000..0250893d2
--- /dev/null
+++ b/plugins/enigma/lib/enigma_driver_phpssl.php
@@ -0,0 +1,230 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | S/MIME driver for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_driver_phpssl extends enigma_driver
+{
+ private $rc;
+ private $homedir;
+ private $user;
+
+ function __construct($user)
+ {
+ $rcmail = rcmail::get_instance();
+ $this->rc = $rcmail;
+ $this->user = $user;
+ }
+
+ /**
+ * Driver initialization and environment checking.
+ * Should only return critical errors.
+ *
+ * @return mixed NULL on success, enigma_error on failure
+ */
+ function init()
+ {
+ $homedir = $this->rc->config->get('enigma_smime_homedir', INSTALL_PATH . '/plugins/enigma/home');
+
+ if (!$homedir)
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Option 'enigma_smime_homedir' not specified");
+
+ // check if homedir exists (create it if not) and is readable
+ if (!file_exists($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Keys directory doesn't exists: $homedir");
+ if (!is_writable($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Keys directory isn't writeable: $homedir");
+
+ $homedir = $homedir . '/' . $this->user;
+
+ // check if user's homedir exists (create it if not) and is readable
+ if (!file_exists($homedir))
+ mkdir($homedir, 0700);
+
+ if (!file_exists($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Unable to create keys directory: $homedir");
+ if (!is_writable($homedir))
+ return new enigma_error(enigma_error::E_INTERNAL,
+ "Unable to write to keys directory: $homedir");
+
+ $this->homedir = $homedir;
+
+ }
+
+ function encrypt($text, $keys)
+ {
+ }
+
+ function decrypt($text, $keys = array())
+ {
+ }
+
+ function sign($text, $key, $passwd, $mode = null)
+ {
+ }
+
+ function verify($struct, $message)
+ {
+ // use common temp dir
+ $temp_dir = $this->rc->config->get('temp_dir');
+ $msg_file = tempnam($temp_dir, 'rcmMsg');
+ $cert_file = tempnam($temp_dir, 'rcmCert');
+
+ $fh = fopen($msg_file, "w");
+ if ($struct->mime_id) {
+ $message->get_part_body($struct->mime_id, false, 0, $fh);
+ }
+ else {
+ $this->rc->storage->get_raw_body($message->uid, $fh);
+ }
+ fclose($fh);
+
+ // @TODO: use stored certificates
+
+ // try with certificate verification
+ $sig = openssl_pkcs7_verify($msg_file, 0, $cert_file);
+ $validity = true;
+
+ if ($sig !== true) {
+ // try without certificate verification
+ $sig = openssl_pkcs7_verify($msg_file, PKCS7_NOVERIFY, $cert_file);
+ $validity = enigma_error::E_UNVERIFIED;
+ }
+
+ if ($sig === true) {
+ $sig = $this->parse_sig_cert($cert_file, $validity);
+ }
+ else {
+ $errorstr = $this->get_openssl_error();
+ $sig = new enigma_error(enigma_error::E_INTERNAL, $errorstr);
+ }
+
+ // remove temp files
+ @unlink($msg_file);
+ @unlink($cert_file);
+
+ return $sig;
+ }
+
+ public function import($content, $isfile=false)
+ {
+ }
+
+ public function list_keys($pattern='')
+ {
+ }
+
+ public function get_key($keyid)
+ {
+ }
+
+ public function gen_key($data)
+ {
+ }
+
+ public function delete_key($keyid)
+ {
+ }
+
+ public function delete_privkey($keyid)
+ {
+ }
+
+ public function delete_pubkey($keyid)
+ {
+ }
+
+ /**
+ * Converts Crypt_GPG_Key object into Enigma's key object
+ *
+ * @param Crypt_GPG_Key Key object
+ *
+ * @return enigma_key Key object
+ */
+ private function parse_key($key)
+ {
+/*
+ $ekey = new enigma_key();
+
+ foreach ($key->getUserIds() as $idx => $user) {
+ $id = new enigma_userid();
+ $id->name = $user->getName();
+ $id->comment = $user->getComment();
+ $id->email = $user->getEmail();
+ $id->valid = $user->isValid();
+ $id->revoked = $user->isRevoked();
+
+ $ekey->users[$idx] = $id;
+ }
+
+ $ekey->name = trim($ekey->users[0]->name . ' <' . $ekey->users[0]->email . '>');
+
+ foreach ($key->getSubKeys() as $idx => $subkey) {
+ $skey = new enigma_subkey();
+ $skey->id = $subkey->getId();
+ $skey->revoked = $subkey->isRevoked();
+ $skey->created = $subkey->getCreationDate();
+ $skey->expires = $subkey->getExpirationDate();
+ $skey->fingerprint = $subkey->getFingerprint();
+ $skey->has_private = $subkey->hasPrivate();
+ $skey->can_sign = $subkey->canSign();
+ $skey->can_encrypt = $subkey->canEncrypt();
+
+ $ekey->subkeys[$idx] = $skey;
+ };
+
+ $ekey->id = $ekey->subkeys[0]->id;
+
+ return $ekey;
+*/
+ }
+
+ private function get_openssl_error()
+ {
+ $tmp = array();
+ while ($errorstr = openssl_error_string()) {
+ $tmp[] = $errorstr;
+ }
+
+ return join("\n", array_values($tmp));
+ }
+
+ private function parse_sig_cert($file, $validity)
+ {
+ $cert = openssl_x509_parse(file_get_contents($file));
+
+ if (empty($cert) || empty($cert['subject'])) {
+ $errorstr = $this->get_openssl_error();
+ return new enigma_error(enigm_error::E_INTERNAL, $errorstr);
+ }
+
+ $data = new enigma_signature();
+
+ $data->id = $cert['hash']; //?
+ $data->valid = $validity;
+ $data->fingerprint = $cert['serialNumber'];
+ $data->created = $cert['validFrom_time_t'];
+ $data->expires = $cert['validTo_time_t'];
+ $data->name = $cert['subject']['CN'];
+// $data->comment = '';
+ $data->email = $cert['subject']['emailAddress'];
+
+ return $data;
+ }
+
+}
diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php
new file mode 100644
index 000000000..0111d9388
--- /dev/null
+++ b/plugins/enigma/lib/enigma_engine.php
@@ -0,0 +1,1137 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Engine of the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ RFC2440: OpenPGP Message Format
+ RFC3156: MIME Security with OpenPGP
+ RFC3851: S/MIME
+*/
+
+class enigma_engine
+{
+ private $rc;
+ private $enigma;
+ private $pgp_driver;
+ private $smime_driver;
+ private $password_time;
+
+ public $decryptions = array();
+ public $signatures = array();
+ public $signed_parts = array();
+ public $encrypted_parts = array();
+
+ const SIGN_MODE_BODY = 1;
+ const SIGN_MODE_SEPARATE = 2;
+ const SIGN_MODE_MIME = 3;
+
+ const ENCRYPT_MODE_BODY = 1;
+ const ENCRYPT_MODE_MIME = 2;
+
+
+ /**
+ * Plugin initialization.
+ */
+ function __construct($enigma)
+ {
+ $this->rc = rcmail::get_instance();
+ $this->enigma = $enigma;
+
+ $this->password_time = $this->rc->config->get('enigma_password_time');
+
+ // this will remove passwords from session after some time
+ if ($this->password_time) {
+ $this->get_passwords();
+ }
+ }
+
+ /**
+ * PGP driver initialization.
+ */
+ function load_pgp_driver()
+ {
+ if ($this->pgp_driver) {
+ return;
+ }
+
+ $driver = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg');
+ $username = $this->rc->user->get_username();
+
+ // Load driver
+ $this->pgp_driver = new $driver($username);
+
+ if (!$this->pgp_driver) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: Unable to load PGP driver: $driver"
+ ), true, true);
+ }
+
+ // Initialise driver
+ $result = $this->pgp_driver->init();
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: ".$result->getMessage()
+ ), true, true);
+ }
+ }
+
+ /**
+ * S/MIME driver initialization.
+ */
+ function load_smime_driver()
+ {
+ if ($this->smime_driver) {
+ return;
+ }
+
+ $driver = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl');
+ $username = $this->rc->user->get_username();
+
+ // Load driver
+ $this->smime_driver = new $driver($username);
+
+ if (!$this->smime_driver) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: Unable to load S/MIME driver: $driver"
+ ), true, true);
+ }
+
+ // Initialise driver
+ $result = $this->smime_driver->init();
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: ".$result->getMessage()
+ ), true, true);
+ }
+ }
+
+ /**
+ * Handler for message signing
+ *
+ * @param Mail_mime Original message
+ * @param int Encryption mode
+ *
+ * @return enigma_error On error returns error object
+ */
+ function sign_message(&$message, $mode = null)
+ {
+ $mime = new enigma_mime_message($message, enigma_mime_message::PGP_SIGNED);
+ $from = $mime->getFromAddress();
+
+ // find private key
+ $key = $this->find_key($from, true);
+
+ if (empty($key)) {
+ return new enigma_error(enigma_error::E_KEYNOTFOUND);
+ }
+
+ // check if we have password for this key
+ $passwords = $this->get_passwords();
+ $pass = $passwords[$key->id];
+
+ if ($pass === null) {
+ // ask for password
+ $error = array('missing' => array($key->id => $key->name));
+ return new enigma_error(enigma_error::E_BADPASS, '', $error);
+ }
+
+ // select mode
+ switch ($mode) {
+ case self::SIGN_MODE_BODY:
+ $pgp_mode = Crypt_GPG::SIGN_MODE_CLEAR;
+ break;
+
+ case self::SIGN_MODE_MIME:
+ $pgp_mode = Crypt_GPG::SIGN_MODE_DETACHED;
+ break;
+/*
+ case self::SIGN_MODE_SEPARATE:
+ $pgp_mode = Crypt_GPG::SIGN_MODE_NORMAL;
+ break;
+*/
+ default:
+ if ($mime->isMultipart()) {
+ $pgp_mode = Crypt_GPG::SIGN_MODE_DETACHED;
+ }
+ else {
+ $pgp_mode = Crypt_GPG::SIGN_MODE_CLEAR;
+ }
+ }
+
+ // get message body
+ if ($pgp_mode == Crypt_GPG::SIGN_MODE_CLEAR) {
+ // in this mode we'll replace text part
+ // with the one containing signature
+ $body = $message->getTXTBody();
+ }
+ else {
+ // here we'll build PGP/MIME message
+ $body = $mime->getOrigBody();
+ }
+
+ // sign the body
+ $result = $this->pgp_sign($body, $key->id, $pass, $pgp_mode);
+
+ if ($result !== true) {
+ if ($result->getCode() == enigma_error::E_BADPASS) {
+ // ask for password
+ $error = array('missing' => array($key->id => $key->name));
+ return new enigma_error(enigma_error::E_BADPASS, '', $error);
+ }
+
+ return $result;
+ }
+
+ // replace message body
+ if ($pgp_mode == Crypt_GPG::SIGN_MODE_CLEAR) {
+ $message->setTXTBody($body);
+ }
+ else {
+ $mime->addPGPSignature($body);
+ $message = $mime;
+ }
+ }
+
+ /**
+ * Handler for message encryption
+ *
+ * @param Mail_mime Original message
+ * @param int Encryption mode
+ * @param bool Is draft-save action - use only sender's key for encryption
+ *
+ * @return enigma_error On error returns error object
+ */
+ function encrypt_message(&$message, $mode = null, $is_draft = false)
+ {
+ $mime = new enigma_mime_message($message, enigma_mime_message::PGP_ENCRYPTED);
+
+ // always use sender's key
+ $recipients = array($mime->getFromAddress());
+
+ // if it's not a draft we add all recipients' keys
+ if (!$is_draft) {
+ $recipients = array_merge($recipients, $mime->getRecipients());
+ }
+
+ if (empty($recipients)) {
+ return new enigma_error(enigma_error::E_KEYNOTFOUND);
+ }
+
+ $recipients = array_unique($recipients);
+
+ // find recipient public keys
+ foreach ((array) $recipients as $email) {
+ $key = $this->find_key($email);
+
+ if (empty($key)) {
+ return new enigma_error(enigma_error::E_KEYNOTFOUND, '', array(
+ 'missing' => $email
+ ));
+ }
+
+ $keys[] = $key->id;
+ }
+
+ // select mode
+ switch ($mode) {
+ case self::ENCRYPT_MODE_BODY:
+ $encrypt_mode = $mode;
+ break;
+
+ case self::ENCRYPT_MODE_MIME:
+ $encrypt_mode = $mode;
+ break;
+
+ default:
+ $encrypt_mode = $mime->isMultipart() ? self::ENCRYPT_MODE_MIME : self::ENCRYPT_MODE_BODY;
+ }
+
+ // get message body
+ if ($encrypt_mode == self::ENCRYPT_MODE_BODY) {
+ // in this mode we'll replace text part
+ // with the one containing encrypted message
+ $body = $message->getTXTBody();
+ }
+ else {
+ // here we'll build PGP/MIME message
+ $body = $mime->getOrigBody();
+ }
+
+ // sign the body
+ $result = $this->pgp_encrypt($body, $keys);
+
+ if ($result !== true) {
+ return $result;
+ }
+
+ // replace message body
+ if ($encrypt_mode == self::ENCRYPT_MODE_BODY) {
+ $message->setTXTBody($body);
+ }
+ else {
+ $mime->setPGPEncryptedBody($body);
+ $message = $mime;
+ }
+ }
+
+ /**
+ * Handler for message_part_structure hook.
+ * Called for every part of the message.
+ *
+ * @param array Original parameters
+ *
+ * @return array Modified parameters
+ */
+ function part_structure($p)
+ {
+ if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') {
+ $this->parse_plain($p);
+ }
+ else if ($p['mimetype'] == 'multipart/signed') {
+ $this->parse_signed($p);
+ }
+ else if ($p['mimetype'] == 'multipart/encrypted') {
+ $this->parse_encrypted($p);
+ }
+ else if ($p['mimetype'] == 'application/pkcs7-mime') {
+ $this->parse_encrypted($p);
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handler for message_part_body hook.
+ *
+ * @param array Original parameters
+ *
+ * @return array Modified parameters
+ */
+ function part_body($p)
+ {
+ // encrypted attachment, see parse_plain_encrypted()
+ if ($p['part']->need_decryption && $p['part']->body === null) {
+ $this->load_pgp_driver();
+
+ $storage = $this->rc->get_storage();
+ $body = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false);
+ $result = $this->pgp_decrypt($body);
+
+ // @TODO: what to do on error?
+ if ($result === true) {
+ $p['part']->body = $body;
+ $p['part']->size = strlen($body);
+ $p['part']->body_modified = true;
+ }
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handler for plain/text message.
+ *
+ * @param array Reference to hook's parameters
+ */
+ function parse_plain(&$p)
+ {
+ $part = $p['structure'];
+
+ // exit, if we're already inside a decrypted message
+ if (in_array($part->mime_id, $this->encrypted_parts)) {
+ return;
+ }
+
+ // Get message body from IMAP server
+ $body = $this->get_part_body($p['object'], $part->mime_id);
+
+ // @TODO: big message body could be a file resource
+ // PGP signed message
+ if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $body)) {
+ $this->parse_plain_signed($p, $body);
+ }
+ // PGP encrypted message
+ else if (preg_match('/^-----BEGIN PGP MESSAGE-----/', $body)) {
+ $this->parse_plain_encrypted($p, $body);
+ }
+ }
+
+ /**
+ * Handler for multipart/signed message.
+ *
+ * @param array Reference to hook's parameters
+ */
+ function parse_signed(&$p)
+ {
+ $struct = $p['structure'];
+
+ // S/MIME
+ if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pkcs7-signature') {
+ $this->parse_smime_signed($p);
+ }
+ // PGP/MIME: RFC3156
+ // The multipart/signed body MUST consist of exactly two parts.
+ // The first part contains the signed data in MIME canonical format,
+ // including a set of appropriate content headers describing the data.
+ // The second body MUST contain the PGP digital signature. It MUST be
+ // labeled with a content type of "application/pgp-signature".
+ else if ($struct->ctype_parameters['protocol'] == 'application/pgp-signature'
+ && count($struct->parts) == 2
+ && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature'
+ ) {
+ $this->parse_pgp_signed($p);
+ }
+ }
+
+ /**
+ * Handler for multipart/encrypted message.
+ *
+ * @param array Reference to hook's parameters
+ */
+ function parse_encrypted(&$p)
+ {
+ $struct = $p['structure'];
+
+ // S/MIME
+ if ($struct->mimetype == 'application/pkcs7-mime') {
+ $this->parse_smime_encrypted($p);
+ }
+ // PGP/MIME: RFC3156
+ // The multipart/encrypted MUST consist of exactly two parts. The first
+ // MIME body part must have a content type of "application/pgp-encrypted".
+ // This body contains the control information.
+ // The second MIME body part MUST contain the actual encrypted data. It
+ // must be labeled with a content type of "application/octet-stream".
+ else if ($struct->ctype_parameters['protocol'] == 'application/pgp-encrypted'
+ && count($struct->parts) == 2
+ && $struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted'
+ && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream'
+ ) {
+ $this->parse_pgp_encrypted($p);
+ }
+ }
+
+ /**
+ * Handler for plain signed message.
+ * Excludes message and signature bodies and verifies signature.
+ *
+ * @param array Reference to hook's parameters
+ * @param string Message (part) body
+ */
+ private function parse_plain_signed(&$p, $body)
+ {
+ $this->load_pgp_driver();
+ $part = $p['structure'];
+
+ // Verify signature
+ if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
+ if ($this->rc->config->get('enigma_signatures', true)) {
+ $sig = $this->pgp_verify($body);
+ }
+ }
+
+ // @TODO: Handle big bodies using (temp) files
+
+ // In this way we can use fgets on string as on file handle
+ $fh = fopen('php://memory', 'br+');
+ // @TODO: fopen/fwrite errors handling
+ if ($fh) {
+ fwrite($fh, $body);
+ rewind($fh);
+ }
+
+ $body = $part->body = null;
+ $part->body_modified = true;
+
+ // Extract body (and signature?)
+ while (!feof($fh)) {
+ $line = fgets($fh, 1024);
+
+ if ($part->body === null)
+ $part->body = '';
+ else if (preg_match('/^-----BEGIN PGP SIGNATURE-----/', $line))
+ break;
+ else
+ $part->body .= $line;
+ }
+
+ // Remove "Hash" Armor Headers
+ $part->body = preg_replace('/^.*\r*\n\r*\n/', '', $part->body);
+ // de-Dash-Escape (RFC2440)
+ $part->body = preg_replace('/(^|\n)- -/', '\\1-', $part->body);
+
+ // Store signature data for display
+ if (!empty($sig)) {
+ $this->signed_parts[$part->mime_id] = $part->mime_id;
+ $this->signatures[$part->mime_id] = $sig;
+ }
+
+ fclose($fh);
+ }
+
+ /**
+ * Handler for PGP/MIME signed message.
+ * Verifies signature.
+ *
+ * @param array Reference to hook's parameters
+ */
+ private function parse_pgp_signed(&$p)
+ {
+ if (!$this->rc->config->get('enigma_signatures', true)) {
+ return;
+ }
+
+ // Verify signature
+ if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
+ $this->load_pgp_driver();
+ $struct = $p['structure'];
+
+ $msg_part = $struct->parts[0];
+ $sig_part = $struct->parts[1];
+
+ // Get bodies
+ // Note: The first part body need to be full part body with headers
+ // it also cannot be decoded
+ $msg_body = $this->get_part_body($p['object'], $msg_part->mime_id, true);
+ $sig_body = $this->get_part_body($p['object'], $sig_part->mime_id);
+
+ // Verify
+ $sig = $this->pgp_verify($msg_body, $sig_body);
+
+ // Store signature data for display
+ $this->signatures[$struct->mime_id] = $sig;
+
+ // Message can be multipart (assign signature to each subpart)
+ if (!empty($msg_part->parts)) {
+ foreach ($msg_part->parts as $part)
+ $this->signed_parts[$part->mime_id] = $struct->mime_id;
+ }
+ else {
+ $this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
+ }
+ }
+ }
+
+ /**
+ * Handler for S/MIME signed message.
+ * Verifies signature.
+ *
+ * @param array Reference to hook's parameters
+ */
+ private function parse_smime_signed(&$p)
+ {
+ return; // @TODO
+
+ if (!$this->rc->config->get('enigma_signatures', true)) {
+ return;
+ }
+
+ // Verify signature
+ if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
+ $this->load_smime_driver();
+
+ $struct = $p['structure'];
+ $msg_part = $struct->parts[0];
+
+ // Verify
+ $sig = $this->smime_driver->verify($struct, $p['object']);
+
+ // Store signature data for display
+ $this->signatures[$struct->mime_id] = $sig;
+
+ // Message can be multipart (assign signature to each subpart)
+ if (!empty($msg_part->parts)) {
+ foreach ($msg_part->parts as $part)
+ $this->signed_parts[$part->mime_id] = $struct->mime_id;
+ }
+ else {
+ $this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
+ }
+ }
+ }
+
+ /**
+ * Handler for plain encrypted message.
+ *
+ * @param array Reference to hook's parameters
+ * @param string Message (part) body
+ */
+ private function parse_plain_encrypted(&$p, $body)
+ {
+ if (!$this->rc->config->get('enigma_decryption', true)) {
+ return;
+ }
+
+ $this->load_pgp_driver();
+ $part = $p['structure'];
+
+ // Decrypt
+ $result = $this->pgp_decrypt($body);
+
+ // Store decryption status
+ $this->decryptions[$part->mime_id] = $result;
+
+ // find parent part ID
+ if (strpos($part->mime_id, '.')) {
+ $items = explode('.', $part->mime_id);
+ array_pop($items);
+ $parent = implode('.', $items);
+ }
+ else {
+ $parent = 0;
+ }
+
+ // Parse decrypted message
+ if ($result === true) {
+ $part->body = $body;
+ $part->body_modified = true;
+
+ // Remember it was decrypted
+ $this->encrypted_parts[] = $part->mime_id;
+
+ // PGP signed inside? verify signature
+ if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $body)) {
+ $this->parse_plain_signed($p, $body);
+ }
+
+ // Encrypted plain message may contain encrypted attachments
+ // in such case attachments have .pgp extension and type application/octet-stream.
+ // This is what happens when you select "Encrypt each attachment separately
+ // and send the message using inline PGP" in Thunderbird's Enigmail.
+
+ if ($p['object']->mime_parts[$parent]) {
+ foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {
+ if ($p->disposition == 'attachment' && $p->mimetype == 'application/octet-stream'
+ && preg_match('/^(.*)\.pgp$/i', $p->filename, $m)
+ ) {
+ // modify filename
+ $p->filename = $m[1];
+ // flag the part, it will be decrypted when needed
+ $p->need_decryption = true;
+ // disable caching
+ $p->body_modified = true;
+ }
+ }
+ }
+ }
+ // decryption failed, but the message may have already
+ // been cached with the modified parts (see above),
+ // let's bring the original state back
+ else if ($p['object']->mime_parts[$parent]) {
+ foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {
+ if ($p->need_decryption && !preg_match('/^(.*)\.pgp$/i', $p->filename, $m)) {
+ // modify filename
+ $p->filename .= '.pgp';
+ // flag the part, it will be decrypted when needed
+ unset($p->need_decryption);
+ }
+ }
+ }
+ }
+
+ /**
+ * Handler for PGP/MIME encrypted message.
+ *
+ * @param array Reference to hook's parameters
+ */
+ private function parse_pgp_encrypted(&$p)
+ {
+ if (!$this->rc->config->get('enigma_decryption', true)) {
+ return;
+ }
+
+ $this->load_pgp_driver();
+
+ $struct = $p['structure'];
+ $part = $struct->parts[1];
+
+ // Get body
+ $body = $this->get_part_body($p['object'], $part->mime_id);
+
+ // Decrypt
+ $result = $this->pgp_decrypt($body);
+
+ if ($result === true) {
+ // Parse decrypted message
+ $struct = $this->parse_body($body);
+
+ // Modify original message structure
+ $this->modify_structure($p, $struct);
+
+ // Attach the decryption message to all parts
+ $this->decryptions[$struct->mime_id] = $result;
+ foreach ((array) $struct->parts as $sp) {
+ $this->decryptions[$sp->mime_id] = $result;
+ }
+ }
+ else {
+ $this->decryptions[$part->mime_id] = $result;
+
+ // Make sure decryption status message will be displayed
+ $part->type = 'content';
+ $p['object']->parts[] = $part;
+ }
+ }
+
+ /**
+ * Handler for S/MIME encrypted message.
+ *
+ * @param array Reference to hook's parameters
+ */
+ private function parse_smime_encrypted(&$p)
+ {
+ if (!$this->rc->config->get('enigma_decryption', true)) {
+ return;
+ }
+
+// $this->load_smime_driver();
+ }
+
+ /**
+ * PGP signature verification.
+ *
+ * @param mixed Message body
+ * @param mixed Signature body (for MIME messages)
+ *
+ * @return mixed enigma_signature or enigma_error
+ */
+ private function pgp_verify(&$msg_body, $sig_body=null)
+ {
+ // @TODO: Handle big bodies using (temp) files
+ $sig = $this->pgp_driver->verify($msg_body, $sig_body);
+
+ if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::E_KEYNOTFOUND)
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $sig->getMessage()
+ ), true, false);
+
+ return $sig;
+ }
+
+ /**
+ * PGP message decryption.
+ *
+ * @param mixed Message body
+ *
+ * @return mixed True or enigma_error
+ */
+ private function pgp_decrypt(&$msg_body)
+ {
+ // @TODO: Handle big bodies using (temp) files
+ $keys = $this->get_passwords();
+ $result = $this->pgp_driver->decrypt($msg_body, $keys);
+
+ if ($result instanceof enigma_error) {
+ $err_code = $result->getCode();
+ if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ return $result;
+ }
+
+ $msg_body = $result;
+
+ return true;
+ }
+
+ /**
+ * PGP message signing
+ *
+ * @param mixed Message body
+ * @param string Key ID
+ * @param string Key passphrase
+ * @param int Signing mode
+ *
+ * @return mixed True or enigma_error
+ */
+ private function pgp_sign(&$msg_body, $keyid, $password, $mode = null)
+ {
+ // @TODO: Handle big bodies using (temp) files
+ $result = $this->pgp_driver->sign($msg_body, $keyid, $password, $mode);
+
+ if ($result instanceof enigma_error) {
+ $err_code = $result->getCode();
+ if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ return $result;
+ }
+
+ $msg_body = $result;
+
+ return true;
+ }
+
+ /**
+ * PGP message encrypting
+ *
+ * @param mixed Message body
+ * @param array Keys
+ *
+ * @return mixed True or enigma_error
+ */
+ private function pgp_encrypt(&$msg_body, $keys)
+ {
+ // @TODO: Handle big bodies using (temp) files
+ $result = $this->pgp_driver->encrypt($msg_body, $keys);
+
+ if ($result instanceof enigma_error) {
+ $err_code = $result->getCode();
+ if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ return $result;
+ }
+
+ $msg_body = $result;
+
+ return true;
+ }
+
+ /**
+ * PGP keys listing.
+ *
+ * @param mixed Key ID/Name pattern
+ *
+ * @return mixed Array of keys or enigma_error
+ */
+ function list_keys($pattern = '')
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->list_keys($pattern);
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ }
+
+ return $result;
+ }
+
+ /**
+ * Find PGP private/public key
+ *
+ * @param string E-mail address
+ * @param bool Need a key for signing?
+ *
+ * @return enigma_key The key
+ */
+ function find_key($email, $can_sign = false)
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->list_keys($email);
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+
+ return;
+ }
+
+ $mode = $can_sign ? enigma_key::CAN_SIGN : enigma_key::CAN_ENCRYPT;
+
+ // check key validity and type
+ foreach ($result as $key) {
+ if ($keyid = $key->find_subkey($email, $mode)) {
+ return $key;
+ }
+ }
+ }
+
+ /**
+ * PGP key details.
+ *
+ * @param mixed Key ID
+ *
+ * @return mixed enigma_key or enigma_error
+ */
+ function get_key($keyid)
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->get_key($keyid);
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ }
+
+ return $result;
+ }
+
+ /**
+ * PGP key delete.
+ *
+ * @param string Key ID
+ *
+ * @return enigma_error|bool True on success
+ */
+ function delete_key($keyid)
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->delete_key($keyid);
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ }
+
+ return $result;
+ }
+
+ /**
+ * PGP keys/certs importing.
+ *
+ * @param mixed Import file name or content
+ * @param boolean True if first argument is a filename
+ *
+ * @return mixed Import status data array or enigma_error
+ */
+ function import_key($content, $isfile=false)
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->import($content, $isfile);
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ }
+ else {
+ $result['imported'] = $result['public_imported'] + $result['private_imported'];
+ $result['unchanged'] = $result['public_unchanged'] + $result['private_unchanged'];
+ }
+
+ return $result;
+ }
+
+ /**
+ * Handler for keys/certs import request action
+ */
+ function import_file()
+ {
+ $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST);
+ $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
+ $mime_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_POST);
+ $storage = $this->rc->get_storage();
+
+ if ($uid && $mime_id) {
+ $storage->set_folder($mbox);
+ $part = $storage->get_message_part($uid, $mime_id);
+ }
+
+ if ($part && is_array($result = $this->import_key($part))) {
+ $this->rc->output->show_message('enigma.keysimportsuccess', 'confirmation',
+ array('new' => $result['imported'], 'old' => $result['unchanged']));
+ }
+ else
+ $this->rc->output->show_message('enigma.keysimportfailed', 'error');
+
+ $this->rc->output->send();
+ }
+
+ function password_handler()
+ {
+ $keyid = rcube_utils::get_input_value('_keyid', rcube_utils::INPUT_POST);
+ $passwd = rcube_utils::get_input_value('_passwd', rcube_utils::INPUT_POST, true);
+
+ if ($keyid && $passwd !== null && strlen($passwd)) {
+ $this->save_password($keyid, $passwd);
+ }
+ }
+
+ function save_password($keyid, $password)
+ {
+ // we store passwords in session for specified time
+ if ($config = $_SESSION['enigma_pass']) {
+ $config = $this->rc->decrypt($config);
+ $config = @unserialize($config);
+ }
+
+ $config[$keyid] = array($password, time());
+
+ $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));
+ }
+
+ function get_passwords()
+ {
+ if ($config = $_SESSION['enigma_pass']) {
+ $config = $this->rc->decrypt($config);
+ $config = @unserialize($config);
+ }
+
+ $threshold = time() - $this->password_time;
+ $keys = array();
+
+ // delete expired passwords
+ foreach ((array) $config as $key => $value) {
+ if ($pass_time && $value[1] < $threshold) {
+ unset($config[$key]);
+ $modified = true;
+ }
+ else {
+ $keys[$key] = $value[0];
+ }
+ }
+
+ if ($modified) {
+ $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));
+ }
+
+ return $keys;
+ }
+
+ /**
+ * Get message part body.
+ *
+ * @param rcube_message Message object
+ * @param string Message part ID
+ * @param bool Return raw body with headers
+ */
+ private function get_part_body($msg, $part_id, $full = false)
+ {
+ // @TODO: Handle big bodies using file handles
+ if ($full) {
+ $storage = $this->rc->get_storage();
+ $body = $storage->get_raw_headers($msg->uid, $part_id);
+ $body .= $storage->get_raw_body($msg->uid, null, $part_id);
+ }
+ else {
+ $body = $msg->get_part_body($part_id, false);
+ }
+
+ return $body;
+ }
+
+ /**
+ * Parse decrypted message body into structure
+ *
+ * @param string Message body
+ *
+ * @return array Message structure
+ */
+ private function parse_body(&$body)
+ {
+ // Mail_mimeDecode need \r\n end-line, but gpg may return \n
+ $body = preg_replace('/\r?\n/', "\r\n", $body);
+
+ // parse the body into structure
+ $struct = rcube_mime::parse_message($body);
+
+ return $struct;
+ }
+
+ /**
+ * Replace message encrypted structure with decrypted message structure
+ *
+ * @param array
+ * @param rcube_message_part
+ */
+ private function modify_structure(&$p, $struct)
+ {
+ // modify mime_parts property of the message object
+ $old_id = $p['structure']->mime_id;
+ foreach (array_keys($p['object']->mime_parts) as $idx) {
+ if (!$old_id || $idx == $old_id || strpos($idx, $old_id . '.') === 0) {
+ unset($p['object']->mime_parts[$idx]);
+ }
+ }
+
+ // modify the new structure to be correctly handled by Roundcube
+ $this->modify_structure_part($struct, $p['object'], $old_id);
+
+ // replace old structure with the new one
+ $p['structure'] = $struct;
+ $p['mimetype'] = $struct->mimetype;
+ }
+
+ /**
+ * Modify decrypted message part
+ *
+ * @param rcube_message_part
+ * @param rcube_message
+ */
+ private function modify_structure_part($part, $msg, $old_id)
+ {
+ // never cache the body
+ $part->body_modified = true;
+ $part->encoding = 'stream';
+
+ // modify part identifier
+ if ($old_id) {
+ $part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id);
+ }
+
+ // Cache the fact it was decrypted
+ $this->encrypted_parts[] = $part->mime_id;
+
+ $msg->mime_parts[$part->mime_id] = $part;
+
+ // modify sub-parts
+ foreach ((array) $part->parts as $p) {
+ $this->modify_structure_part($p, $msg, $old_id);
+ }
+ }
+
+ /**
+ * Checks if specified message part is a PGP-key or S/MIME cert data
+ *
+ * @param rcube_message_part Part object
+ *
+ * @return boolean True if part is a key/cert
+ */
+ public function is_keys_part($part)
+ {
+ // @TODO: S/MIME
+ return (
+ // Content-Type: application/pgp-keys
+ $part->mimetype == 'application/pgp-keys'
+ );
+ }
+}
diff --git a/plugins/enigma/lib/enigma_error.php b/plugins/enigma/lib/enigma_error.php
new file mode 100644
index 000000000..1717a7c46
--- /dev/null
+++ b/plugins/enigma/lib/enigma_error.php
@@ -0,0 +1,60 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Error class for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_error
+{
+ private $code;
+ private $message;
+ private $data = array();
+
+ // error codes
+ const E_OK = 0;
+ const E_INTERNAL = 1;
+ const E_NODATA = 2;
+ const E_KEYNOTFOUND = 3;
+ const E_DELKEY = 4;
+ const E_BADPASS = 5;
+ const E_EXPIRED = 6;
+ const E_UNVERIFIED = 7;
+
+
+ function __construct($code = null, $message = '', $data = array())
+ {
+ $this->code = $code;
+ $this->message = $message;
+ $this->data = $data;
+ }
+
+ function getCode()
+ {
+ return $this->code;
+ }
+
+ function getMessage()
+ {
+ return $this->message;
+ }
+
+ function getData($name)
+ {
+ if ($name) {
+ return $this->data[$name];
+ }
+ else {
+ return $this->data;
+ }
+ }
+}
diff --git a/plugins/enigma/lib/enigma_key.php b/plugins/enigma/lib/enigma_key.php
new file mode 100644
index 000000000..8c61cbd99
--- /dev/null
+++ b/plugins/enigma/lib/enigma_key.php
@@ -0,0 +1,150 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Key class for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_key
+{
+ public $id;
+ public $name;
+ public $users = array();
+ public $subkeys = array();
+
+ const TYPE_UNKNOWN = 0;
+ const TYPE_KEYPAIR = 1;
+ const TYPE_PUBLIC = 2;
+
+ const CAN_SIGN = 1;
+ const CAN_ENCRYPT = 2;
+
+ /**
+ * Keys list sorting callback for usort()
+ */
+ static function cmp($a, $b)
+ {
+ return strcmp($a->name, $b->name);
+ }
+
+ /**
+ * Returns key type
+ */
+ function get_type()
+ {
+ if ($this->subkeys[0]->has_private)
+ return enigma_key::TYPE_KEYPAIR;
+ else if (!empty($this->subkeys[0]))
+ return enigma_key::TYPE_PUBLIC;
+
+ return enigma_key::TYPE_UNKNOWN;
+ }
+
+ /**
+ * Returns true if all user IDs are revoked
+ */
+ function is_revoked()
+ {
+ foreach ($this->subkeys as $subkey)
+ if (!$subkey->revoked)
+ return false;
+
+ return true;
+ }
+
+ /**
+ * Returns true if any user ID is valid
+ */
+ function is_valid()
+ {
+ foreach ($this->users as $user)
+ if ($user->valid)
+ return true;
+
+ return false;
+ }
+
+ /**
+ * Returns true if any of subkeys is not expired
+ */
+ function is_expired()
+ {
+ $now = time();
+
+ foreach ($this->subkeys as $subkey)
+ if (!$subkey->expires || $subkey->expires > $now)
+ return true;
+
+ return false;
+ }
+
+ /**
+ * Get key ID by user email
+ */
+ function find_subkey($email, $mode)
+ {
+ $now = time();
+
+ foreach ($this->users as $user) {
+ if ($user->email === $email && $user->valid && !$user->revoked) {
+ foreach ($this->subkeys as $subkey) {
+ if (!$subkey->revoked && (!$subkey->expires || $subkey->expires > $now)) {
+ if (($mode == self::CAN_ENCRYPT && $subkey->can_encrypt)
+ || ($mode == self::CAN_SIGN && $subkey->has_private)
+ ) {
+ return $subkey;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Converts long ID or Fingerprint to short ID
+ * Crypt_GPG uses internal, but e.g. Thunderbird's Enigmail displays short ID
+ *
+ * @param string Key ID or fingerprint
+ * @return string Key short ID
+ */
+ static function format_id($id)
+ {
+ // E.g. 04622F2089E037A5 => 89E037A5
+
+ return substr($id, -8);
+ }
+
+ /**
+ * Formats fingerprint string
+ *
+ * @param string Key fingerprint
+ *
+ * @return string Formatted fingerprint (with spaces)
+ */
+ static function format_fingerprint($fingerprint)
+ {
+ if (!$fingerprint) {
+ return '';
+ }
+
+ $result = '';
+ for ($i=0; $i<40; $i++) {
+ if ($i % 4 == 0) {
+ $result .= ' ';
+ }
+ $result .= $fingerprint[$i];
+ }
+
+ return $result;
+ }
+
+}
diff --git a/plugins/enigma/lib/enigma_mime_message.php b/plugins/enigma/lib/enigma_mime_message.php
new file mode 100644
index 000000000..feed78e03
--- /dev/null
+++ b/plugins/enigma/lib/enigma_mime_message.php
@@ -0,0 +1,299 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Mail_mime wrapper for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_mime_message extends Mail_mime
+{
+ const PGP_SIGNED = 1;
+ const PGP_ENCRYPTED = 2;
+
+ protected $_type;
+ protected $_message;
+ protected $_body;
+ protected $_signature;
+ protected $_encrypted;
+
+
+ /**
+ * Object constructor
+ *
+ * @param Mail_mime Original message
+ * @param int Output message type
+ */
+ function __construct($message, $type)
+ {
+ $this->_message = $message;
+ $this->_type = $type;
+
+ // clone parameters
+ foreach (array_keys($this->_build_params) as $param) {
+ $this->_build_params[$param] = $message->getParam($param);
+ }
+
+ // clone headers
+ $this->_headers = $message->_headers;
+
+/*
+ if ($message->getParam('delay_file_io')) {
+ // use common temp dir
+ $temp_dir = $this->config->get('temp_dir');
+ $body_file = tempnam($temp_dir, 'rcmMsg');
+ $mime_result = $message->saveMessageBody($body_file);
+
+ if (is_a($mime_result, 'PEAR_Error')) {
+ self::raise_error(array('code' => 650, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Could not create message: ".$mime_result->getMessage()),
+ true, false);
+ return false;
+ }
+
+ $msg_body = fopen($body_file, 'r');
+ }
+ else {
+*/
+ // \r\n is must-have here
+ $this->_body = $message->get() . "\r\n";
+/*
+ }
+*/
+ }
+
+ /**
+ * Check if the message is multipart (requires PGP/MIME)
+ *
+ * @return bool True if it is multipart, otherwise False
+ */
+ function isMultipart()
+ {
+ return $this->_message instanceof enigma_mime_message
+ || !empty($this->_message->_parts) || $this->_message->getHTMLBody();
+ }
+
+ /**
+ * Get e-mail address of message sender
+ *
+ * @return string Sender address
+ */
+ function getFromAddress()
+ {
+ // get sender address
+ $headers = $this->_message->headers();
+ $from = rcube_mime::decode_address_list($headers['From'], 1, false, null, true);
+ $from = $from[1];
+
+ return $from;
+ }
+
+ /**
+ * Get recipients' e-mail addresses
+ *
+ * @return array Recipients' addresses
+ */
+ function getRecipients()
+ {
+ // get sender address
+ $headers = $this->_message->headers();
+ $to = rcube_mime::decode_address_list($headers['To'], null, false, null, true);
+ $cc = rcube_mime::decode_address_list($headers['Cc'], null, false, null, true);
+ $bcc = rcube_mime::decode_address_list($headers['Bcc'], null, false, null, true);
+
+ $recipients = array_unique(array_merge($to, $cc, $bcc));
+ $recipients = array_diff($recipients, array('undisclosed-recipients:'));
+
+ return $recipients;
+ }
+
+ /**
+ * Get original message body, to be encrypted/signed
+ *
+ * @return string Message body
+ */
+ function getOrigBody()
+ {
+ $_headers = $this->_message->headers();
+ $headers = array();
+
+ if ($_headers['Content-Transfer-Encoding']) {
+ $headers[] = 'Content-Transfer-Encoding: ' . $_headers['Content-Transfer-Encoding'];
+ }
+ $headers[] = 'Content-Type: ' . $_headers['Content-Type'];
+
+ return implode("\r\n", $headers) . "\r\n\r\n" . $this->_body;
+ }
+
+ /**
+ * Register signature attachment
+ *
+ * @param string Signature body
+ */
+ function addPGPSignature($body)
+ {
+ $this->_signature = $body;
+ }
+
+ /**
+ * Register encrypted body
+ *
+ * @param string Encrypted body
+ */
+ function setPGPEncryptedBody($body)
+ {
+ $this->_encrypted = $body;
+ }
+
+ /**
+ * Builds the multipart message.
+ *
+ * @param array $params Build parameters that change the way the email
+ * is built. Should be associative. See $_build_params.
+ * @param resource $filename Output file where to save the message instead of
+ * returning it
+ * @param boolean $skip_head True if you want to return/save only the message
+ * without headers
+ *
+ * @return mixed The MIME message content string, null or PEAR error object
+ * @access public
+ */
+ function get($params = null, $filename = null, $skip_head = false)
+ {
+ if (isset($params)) {
+ while (list($key, $value) = each($params)) {
+ $this->_build_params[$key] = $value;
+ }
+ }
+
+ $this->_checkParams();
+
+ if ($this->_type == self::PGP_SIGNED) {
+ $body = "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)";
+ $params = array(
+ 'content_type' => "multipart/signed; micalg=pgp-sha1; protocol=\"application/pgp-signature\"",
+ 'eol' => $this->_build_params['eol'],
+ );
+
+ $message = new Mail_mimePart($body, $params);
+
+ if (!empty($this->_body)) {
+ $headers = $this->_message->headers();
+ $params = array('content_type' => $headers['Content-Type']);
+
+ if ($headers['Content-Transfer-Encoding']) {
+ $params['encoding'] = $headers['Content-Transfer-Encoding'];
+ }
+
+ $message->addSubpart($this->_body, $params);
+ }
+
+ if (!empty($this->_signature)) {
+ $message->addSubpart($this->_signature, array(
+ 'filename' => 'signature.asc',
+ 'content_type' => 'application/pgp-signature',
+ 'disposition' => 'attachment',
+ 'description' => 'OpenPGP digital signature',
+ ));
+ }
+ }
+ else if ($this->_type == self::PGP_ENCRYPTED) {
+ $body = "This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)";
+ $params = array(
+ 'content_type' => "multipart/encrypted; protocol=\"application/pgp-encrypted\"",
+ 'eol' => $this->_build_params['eol'],
+ );
+
+ $message = new Mail_mimePart($body, $params);
+
+ $message->addSubpart('Version: 1', array(
+ 'content_type' => 'application/pgp-encrypted',
+ 'description' => 'PGP/MIME version identification',
+ ));
+
+ $message->addSubpart($this->_encrypted, array(
+ 'content_type' => 'application/octet-stream',
+ 'description' => 'PGP/MIME encrypted message',
+ 'disposition' => 'inline',
+ 'filename' => 'encrypted.asc',
+ ));
+ }
+
+ // Use saved boundary
+ if (!empty($this->_build_params['boundary'])) {
+ $boundary = $this->_build_params['boundary'];
+ }
+ else {
+ $boundary = null;
+ }
+
+ // Write output to file
+ if ($filename) {
+ // Append mimePart message headers and body into file
+ $headers = $message->encodeToFile($filename, $boundary, $skip_head);
+ if ($this->_isError($headers)) {
+ return $headers;
+ }
+ $this->_headers = array_merge($this->_headers, $headers);
+ return null;
+ }
+ else {
+ $output = $message->encode($boundary, $skip_head);
+ if ($this->_isError($output)) {
+ return $output;
+ }
+ $this->_headers = array_merge($this->_headers, $output['headers']);
+ return $output['body'];
+ }
+ }
+
+ /**
+ * Get Content-Type and Content-Transfer-Encoding headers of the message
+ *
+ * @return array Headers array
+ * @access private
+ */
+ function _contentHeaders()
+ {
+ $this->_checkParams();
+
+ $eol = !empty($this->_build_params['eol']) ? $this->_build_params['eol'] : "\r\n";
+
+ // multipart message: and boundary
+ if (!empty($this->_build_params['boundary'])) {
+ $boundary = $this->_build_params['boundary'];
+ }
+ else if (!empty($this->_headers['Content-Type'])
+ && preg_match('/boundary="([^"]+)"/', $this->_headers['Content-Type'], $m)
+ ) {
+ $boundary = $m[1];
+ }
+ else {
+ $boundary = '=_' . md5(rand() . microtime());
+ }
+
+ $this->_build_params['boundary'] = $boundary;
+
+ if ($this->_type == self::PGP_SIGNED) {
+ $headers['Content-Type'] = "multipart/signed; micalg=pgp-sha1;$eol"
+ ." protocol=\"application/pgp-signature\";$eol"
+ ." boundary=\"$boundary\"";
+ }
+ else if ($this->_type == self::PGP_ENCRYPTED) {
+ $headers['Content-Type'] = "multipart/encrypted;$eol"
+ ." protocol=\"application/pgp-encrypted\";$eol"
+ ." boundary=\"$boundary\"";
+ }
+
+ return $headers;
+ }
+}
diff --git a/plugins/enigma/lib/enigma_signature.php b/plugins/enigma/lib/enigma_signature.php
new file mode 100644
index 000000000..2e63a80f4
--- /dev/null
+++ b/plugins/enigma/lib/enigma_signature.php
@@ -0,0 +1,27 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Signature class for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_signature
+{
+ public $id;
+ public $valid;
+ public $fingerprint;
+ public $created;
+ public $expires;
+ public $name;
+ public $comment;
+ public $email;
+}
diff --git a/plugins/enigma/lib/enigma_subkey.php b/plugins/enigma/lib/enigma_subkey.php
new file mode 100644
index 000000000..cd57611c0
--- /dev/null
+++ b/plugins/enigma/lib/enigma_subkey.php
@@ -0,0 +1,50 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | SubKey class for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_subkey
+{
+ public $id;
+ public $fingerprint;
+ public $expires;
+ public $created;
+ public $revoked;
+ public $has_private;
+ public $can_sign;
+ public $can_encrypt;
+
+ /**
+ * Converts internal ID to short ID
+ * Crypt_GPG uses internal, but e.g. Thunderbird's Enigmail displays short ID
+ *
+ * @return string Key ID
+ */
+ function get_short_id()
+ {
+ // E.g. 04622F2089E037A5 => 89E037A5
+ return enigma_key::format_id($this->id);
+ }
+
+ /**
+ * Getter for formatted fingerprint
+ *
+ * @return string Formatted fingerprint
+ */
+ function get_fingerprint()
+ {
+ return enigma_key::format_fingerprint($this->fingerprint);
+ }
+
+}
diff --git a/plugins/enigma/lib/enigma_ui.php b/plugins/enigma/lib/enigma_ui.php
new file mode 100644
index 000000000..e866ba335
--- /dev/null
+++ b/plugins/enigma/lib/enigma_ui.php
@@ -0,0 +1,749 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | User Interface for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_ui
+{
+ private $rc;
+ private $enigma;
+ private $home;
+ private $css_loaded;
+ private $js_loaded;
+ private $data;
+ private $keys_parts = array();
+ private $keys_bodies = array();
+
+
+ function __construct($enigma_plugin, $home='')
+ {
+ $this->enigma = $enigma_plugin;
+ $this->rc = $enigma_plugin->rc;
+ $this->home = $home; // we cannot use $enigma_plugin->home here
+ }
+
+ /**
+ * UI initialization and requests handlers.
+ *
+ * @param string Preferences section
+ */
+ function init()
+ {
+ $this->add_js();
+
+ $action = rcube_utils::get_input_value('_a', rcube_utils::INPUT_GPC);
+
+ if ($this->rc->action == 'plugin.enigmakeys') {
+ switch ($action) {
+ case 'delete':
+ $this->key_delete();
+ break;
+/*
+ case 'edit':
+ $this->key_edit();
+ break;
+*/
+ case 'import':
+ $this->key_import();
+ break;
+
+ case 'search':
+ case 'list':
+ $this->key_list();
+ break;
+
+ case 'info':
+ $this->key_info();
+ break;
+ }
+
+ $this->rc->output->add_handlers(array(
+ 'keyslist' => array($this, 'tpl_keys_list'),
+ 'keyframe' => array($this, 'tpl_key_frame'),
+ 'countdisplay' => array($this, 'tpl_keys_rowcount'),
+ 'searchform' => array($this->rc->output, 'search_form'),
+ ));
+
+ $this->rc->output->set_pagetitle($this->enigma->gettext('enigmakeys'));
+ $this->rc->output->send('enigma.keys');
+ }
+/*
+ // Preferences UI
+ else if ($this->rc->action == 'plugin.enigmacerts') {
+ $this->rc->output->add_handlers(array(
+ 'keyslist' => array($this, 'tpl_certs_list'),
+ 'keyframe' => array($this, 'tpl_cert_frame'),
+ 'countdisplay' => array($this, 'tpl_certs_rowcount'),
+ 'searchform' => array($this->rc->output, 'search_form'),
+ ));
+
+ $this->rc->output->set_pagetitle($this->enigma->gettext('enigmacerts'));
+ $this->rc->output->send('enigma.certs');
+ }
+*/
+ // Message composing UI
+ else if ($this->rc->action == 'compose') {
+ $this->compose_ui();
+ }
+ }
+
+ /**
+ * Adds CSS style file to the page header.
+ */
+ function add_css()
+ {
+ if ($this->css_loaded)
+ return;
+
+ $skin_path = $this->enigma->local_skin_path();
+ if (is_file($this->home . "/$skin_path/enigma.css")) {
+ $this->enigma->include_stylesheet("$skin_path/enigma.css");
+ }
+
+ $this->css_loaded = true;
+ }
+
+ /**
+ * Adds javascript file to the page header.
+ */
+ function add_js()
+ {
+ if ($this->js_loaded) {
+ return;
+ }
+
+ $this->enigma->include_script('enigma.js');
+
+ $this->js_loaded = true;
+ }
+
+ /**
+ * Initializes key password prompt
+ *
+ * @param enigma_error Error object with key info
+ */
+ function password_prompt($status)
+ {
+ $data = $status->getData('missing');
+
+ if (empty($data)) {
+ $data = $status->getData('bad');
+ }
+
+ $data = array('keyid' => key($data), 'user' => $data[key($data)]);
+
+ if ($this->rc->action == 'send') {
+ $this->rc->output->command('enigma_password_request', $data);
+ }
+ else {
+ $this->rc->output->set_env('enigma_password_request', $data);
+ }
+
+ // add some labels to client
+ $this->rc->output->add_label('enigma.enterkeypasstitle', 'enigma.enterkeypass',
+ 'save', 'cancel');
+
+ $this->add_css();
+ $this->add_js();
+ }
+
+ /**
+ * Template object for key info/edit frame.
+ *
+ * @param array Object attributes
+ *
+ * @return string HTML output
+ */
+ function tpl_key_frame($attrib)
+ {
+ if (!$attrib['id']) {
+ $attrib['id'] = 'rcmkeysframe';
+ }
+
+ $attrib['name'] = $attrib['id'];
+
+ $this->rc->output->set_env('contentframe', $attrib['name']);
+ $this->rc->output->set_env('blankpage', $attrib['src'] ?
+ $this->rc->output->abs_url($attrib['src']) : 'program/resources/blank.gif');
+
+ return $this->rc->output->frame($attrib);
+ }
+
+ /**
+ * Template object for list of keys.
+ *
+ * @param array Object attributes
+ *
+ * @return string HTML content
+ */
+ function tpl_keys_list($attrib)
+ {
+ // add id to message list table if not specified
+ if (!strlen($attrib['id'])) {
+ $attrib['id'] = 'rcmenigmakeyslist';
+ }
+
+ // define list of cols to be displayed
+ $a_show_cols = array('name');
+
+ // create XHTML table
+ $out = $this->rc->table_output($attrib, array(), $a_show_cols, 'id');
+
+ // set client env
+ $this->rc->output->add_gui_object('keyslist', $attrib['id']);
+ $this->rc->output->include_script('list.js');
+
+ // add some labels to client
+ $this->rc->output->add_label('enigma.keyremoveconfirm', 'enigma.keyremoving');
+
+ return $out;
+ }
+
+ /**
+ * Key listing (and searching) request handler
+ */
+ private function key_list()
+ {
+ $this->enigma->load_engine();
+
+ $pagesize = $this->rc->config->get('pagesize', 100);
+ $page = max(intval(rcube_utils::get_input_value('_p', rcube_utils::INPUT_GPC)), 1);
+ $search = rcube_utils::get_input_value('_q', rcube_utils::INPUT_GPC);
+
+ // Get the list
+ $list = $this->enigma->engine->list_keys($search);
+
+ if ($list && ($list instanceof enigma_error))
+ $this->rc->output->show_message('enigma.keylisterror', 'error');
+ else if (empty($list))
+ $this->rc->output->show_message('enigma.nokeysfound', 'notice');
+ else if (is_array($list)) {
+ // Save the size
+ $listsize = count($list);
+
+ // Sort the list by key (user) name
+ usort($list, array('enigma_key', 'cmp'));
+
+ // Slice current page
+ $list = array_slice($list, ($page - 1) * $pagesize, $pagesize);
+ $size = count($list);
+
+ // Add rows
+ foreach ($list as $key) {
+ $this->rc->output->command('enigma_add_list_row',
+ array('name' => rcube::Q($key->name), 'id' => $key->id));
+ }
+ }
+
+ $this->rc->output->set_env('search_request', $search);
+ $this->rc->output->set_env('pagecount', ceil($listsize/$pagesize));
+ $this->rc->output->set_env('current_page', $page);
+ $this->rc->output->command('set_rowcount',
+ $this->get_rowcount_text($listsize, $size, $page));
+
+ $this->rc->output->send();
+ }
+
+ /**
+ * Template object for list records counter.
+ *
+ * @param array Object attributes
+ *
+ * @return string HTML output
+ */
+ function tpl_keys_rowcount($attrib)
+ {
+ if (!$attrib['id'])
+ $attrib['id'] = 'rcmcountdisplay';
+
+ $this->rc->output->add_gui_object('countdisplay', $attrib['id']);
+
+ return html::span($attrib, $this->get_rowcount_text());
+ }
+
+ /**
+ * Returns text representation of list records counter
+ */
+ private function get_rowcount_text($all=0, $curr_count=0, $page=1)
+ {
+ if (!$curr_count) {
+ $out = $this->enigma->gettext('nokeysfound');
+ }
+ else {
+ $pagesize = $this->rc->config->get('pagesize', 100);
+ $first = ($page - 1) * $pagesize;
+
+ $out = $this->enigma->gettext(array(
+ 'name' => 'keysfromto',
+ 'vars' => array(
+ 'from' => $first + 1,
+ 'to' => $first + $curr_count,
+ 'count' => $all)
+ ));
+ }
+
+ return $out;
+ }
+
+ /**
+ * Key information page handler
+ */
+ private function key_info()
+ {
+ $this->enigma->load_engine();
+
+ $id = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GET);
+ $res = $this->enigma->engine->get_key($id);
+
+ if ($res instanceof enigma_key) {
+ $this->data = $res;
+ }
+ else { // error
+ $this->rc->output->show_message('enigma.keyopenerror', 'error');
+ $this->rc->output->command('parent.enigma_loadframe');
+ $this->rc->output->send('iframe');
+ }
+
+ $this->rc->output->add_handlers(array(
+ 'keyname' => array($this, 'tpl_key_name'),
+ 'keydata' => array($this, 'tpl_key_data'),
+ ));
+
+ $this->rc->output->set_pagetitle($this->enigma->gettext('keyinfo'));
+ $this->rc->output->send('enigma.keyinfo');
+ }
+
+ /**
+ * Template object for key name
+ */
+ function tpl_key_name($attrib)
+ {
+ return rcube::Q($this->data->name);
+ }
+
+ /**
+ * Template object for key information page content
+ */
+ function tpl_key_data($attrib)
+ {
+ $out = '';
+ $table = new html_table(array('cols' => 2));
+
+ // Key user ID
+ $table->add('title', $this->enigma->gettext('keyuserid'));
+ $table->add(null, rcube::Q($this->data->name));
+ // Key ID
+ $table->add('title', $this->enigma->gettext('keyid'));
+ $table->add(null, $this->data->subkeys[0]->get_short_id());
+ // Key type
+ $keytype = $this->data->get_type();
+ if ($keytype == enigma_key::TYPE_KEYPAIR)
+ $type = $this->enigma->gettext('typekeypair');
+ else if ($keytype == enigma_key::TYPE_PUBLIC)
+ $type = $this->enigma->gettext('typepublickey');
+ $table->add('title', $this->enigma->gettext('keytype'));
+ $table->add(null, $type);
+ // Key fingerprint
+ $table->add('title', $this->enigma->gettext('fingerprint'));
+ $table->add(null, $this->data->subkeys[0]->get_fingerprint());
+
+ $out .= html::tag('fieldset', null,
+ html::tag('legend', null,
+ $this->enigma->gettext('basicinfo')) . $table->show($attrib));
+/*
+ // Subkeys
+ $table = new html_table(array('cols' => 6));
+ // Columns: Type, ID, Algorithm, Size, Created, Expires
+
+ $out .= html::tag('fieldset', null,
+ html::tag('legend', null,
+ $this->enigma->gettext('subkeys')) . $table->show($attrib));
+
+ // Additional user IDs
+ $table = new html_table(array('cols' => 2));
+ // Columns: User ID, Validity
+
+ $out .= html::tag('fieldset', null,
+ html::tag('legend', null,
+ $this->enigma->gettext('userids')) . $table->show($attrib));
+*/
+ return $out;
+ }
+
+ /**
+ * Key import page handler
+ */
+ private function key_import()
+ {
+ // Import process
+ if ($_FILES['_file']['tmp_name'] && is_uploaded_file($_FILES['_file']['tmp_name'])) {
+ $this->enigma->load_engine();
+ $result = $this->enigma->engine->import_key($_FILES['_file']['tmp_name'], true);
+
+ if (is_array($result)) {
+ // reload list if any keys has been added
+ if ($result['imported']) {
+ $this->rc->output->command('parent.enigma_list', 1);
+ }
+ else
+ $this->rc->output->command('parent.enigma_loadframe');
+
+ $this->rc->output->show_message('enigma.keysimportsuccess', 'confirmation',
+ array('new' => $result['imported'], 'old' => $result['unchanged']));
+
+ $this->rc->output->send('iframe');
+ }
+ else {
+ $this->rc->output->show_message('enigma.keysimportfailed', 'error');
+ }
+ }
+ else if ($err = $_FILES['_file']['error']) {
+ if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
+ $this->rc->output->show_message('filesizeerror', 'error',
+ array('size' => $this->rc->show_bytes(parse_bytes(ini_get('upload_max_filesize')))));
+ } else {
+ $this->rc->output->show_message('fileuploaderror', 'error');
+ }
+ }
+
+ $this->rc->output->add_handlers(array(
+ 'importform' => array($this, 'tpl_key_import_form'),
+ ));
+
+ $this->rc->output->set_pagetitle($this->enigma->gettext('keyimport'));
+ $this->rc->output->send('enigma.keyimport');
+ }
+
+ /**
+ * Template object for key import (upload) form
+ */
+ function tpl_key_import_form($attrib)
+ {
+ $attrib += array('id' => 'rcmKeyImportForm');
+
+ $upload = new html_inputfield(array('type' => 'file', 'name' => '_file',
+ 'id' => 'rcmimportfile', 'size' => 30));
+
+ $form = html::p(null,
+ rcube::Q($this->enigma->gettext('keyimporttext'), 'show')
+ . html::br() . html::br() . $upload->show()
+ );
+
+ $this->rc->output->add_label('selectimportfile', 'importwait');
+ $this->rc->output->add_gui_object('importform', $attrib['id']);
+
+ $out = $this->rc->output->form_tag(array(
+ 'action' => $this->rc->url(array('action' => $this->rc->action, 'a' => 'import')),
+ 'method' => 'post',
+ 'enctype' => 'multipart/form-data') + $attrib,
+ $form);
+
+ return $out;
+ }
+
+ /**
+ * Key deleting
+ */
+ private function key_delete()
+ {
+ $keys = rcube_utils::get_input_value('_keys', rcube_utils::INPUT_POST);
+
+ $this->enigma->load_engine();
+
+ foreach ((array)$keys as $key) {
+ $res = $this->enigma->engine->delete_key($key);
+
+ if ($res !== true) {
+ $this->rc->output->show_message('enigma.keyremoveerror', 'error');
+ $this->rc->output->command('enigma_list');
+ $this->rc->output->send();
+ }
+ }
+
+ $this->rc->output->command('enigma_list');
+ $this->rc->output->show_message('enigma.keyremovesuccess', 'confirmation');
+ $this->rc->output->send();
+ }
+
+ private function compose_ui()
+ {
+ $this->add_css();
+
+ // Options menu button
+ $this->enigma->add_button(array(
+ 'type' => 'link',
+ 'command' => 'plugin.enigma',
+ 'onclick' => "rcmail.command('menu-open', 'enigmamenu', event.target, event)",
+ 'class' => 'button enigma',
+ 'title' => 'encryptionoptions',
+ 'label' => 'encryption',
+ 'domain' => $this->enigma->ID,
+ 'width' => 32,
+ 'height' => 32
+ ), 'toolbar');
+
+ // Options menu contents
+ $this->enigma->add_hook('render_page', array($this, 'compose_menu'));
+ }
+
+ function compose_menu($p)
+ {
+ $menu = new html_table(array('cols' => 2));
+ $chbox = new html_checkbox(array('value' => 1));
+
+ $menu->add(null, html::label(array('for' => 'enigmasignopt'),
+ rcube::Q($this->enigma->gettext('signmsg'))));
+ $menu->add(null, $chbox->show($this->rc->config->get('enigma_sign_all') ? 1 : 0,
+ array('name' => '_enigma_sign', 'id' => 'enigmasignopt')));
+
+ $menu->add(null, html::label(array('for' => 'enigmaencryptopt'),
+ rcube::Q($this->enigma->gettext('encryptmsg'))));
+ $menu->add(null, $chbox->show($this->rc->config->get('enigma_encrypt_all') ? 1 : 0,
+ array('name' => '_enigma_encrypt', 'id' => 'enigmaencryptopt')));
+
+ $menu = html::div(array('id' => 'enigmamenu', 'class' => 'popupmenu'),
+ $menu->show());
+
+ $p['content'] .= $menu;
+
+ return $p;
+ }
+
+ /**
+ * Handler for message_body_prefix hook.
+ * Called for every displayed (content) part of the message.
+ * Adds infobox about signature verification and/or decryption
+ * status above the body.
+ *
+ * @param array Original parameters
+ *
+ * @return array Modified parameters
+ */
+ function status_message($p)
+ {
+ // skip: not a message part
+ if ($p['part'] instanceof rcube_message) {
+ return $p;
+ }
+
+ // skip: message has no signed/encoded content
+ if (!$this->enigma->engine) {
+ return $p;
+ }
+
+ $engine = $this->enigma->engine;
+ $part_id = $p['part']->mime_id;
+
+ // Decryption status
+ if (isset($engine->decryptions[$part_id])) {
+ $attach_scripts = true;
+
+ // get decryption status
+ $status = $engine->decryptions[$part_id];
+
+ // display status info
+ $attrib['id'] = 'enigma-message';
+
+ if ($status instanceof enigma_error) {
+ $attrib['class'] = 'enigmaerror';
+ $code = $status->getCode();
+
+ if ($code == enigma_error::E_KEYNOTFOUND) {
+ $msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($status->getData('id')),
+ $this->enigma->gettext('decryptnokey')));
+ }
+ else if ($code == enigma_error::E_BADPASS) {
+ $msg = rcube::Q($this->enigma->gettext('decryptbadpass'));
+ $this->password_prompt($status);
+ }
+ else {
+ $msg = rcube::Q($this->enigma->gettext('decrypterror'));
+ }
+ }
+ else {
+ $attrib['class'] = 'enigmanotice';
+ $msg = rcube::Q($this->enigma->gettext('decryptok'));
+ }
+
+ $p['prefix'] .= html::div($attrib, $msg);
+ }
+
+ // Signature verification status
+ if (isset($engine->signed_parts[$part_id])
+ && ($sig = $engine->signatures[$engine->signed_parts[$part_id]])
+ ) {
+ $attach_scripts = true;
+
+ // display status info
+ $attrib['id'] = 'enigma-message';
+
+ if ($sig instanceof enigma_signature) {
+ $sender = ($sig->name ? $sig->name . ' ' : '') . '<' . $sig->email . '>';
+
+ if ($sig->valid === enigma_error::E_UNVERIFIED) {
+ $attrib['class'] = 'enigmawarning';
+ $msg = str_replace('$sender', $sender, $this->enigma->gettext('sigunverified'));
+ $msg = str_replace('$keyid', $sig->id, $msg);
+ $msg = rcube::Q($msg);
+ }
+ else if ($sig->valid) {
+ $attrib['class'] = 'enigmanotice';
+ $msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('sigvalid')));
+ }
+ else {
+ $attrib['class'] = 'enigmawarning';
+ $msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('siginvalid')));
+ }
+ }
+ else if ($sig && $sig->getCode() == enigma_error::E_KEYNOTFOUND) {
+ $attrib['class'] = 'enigmawarning';
+ $msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($sig->getData('id')),
+ $this->enigma->gettext('signokey')));
+ }
+ else {
+ $attrib['class'] = 'enigmaerror';
+ $msg = rcube::Q($this->enigma->gettext('sigerror'));
+ }
+/*
+ $msg .= '&nbsp;' . html::a(array('href' => "#sigdetails",
+ 'onclick' => rcmail_output::JS_OBJECT_NAME.".command('enigma-sig-details')"),
+ rcube::Q($this->enigma->gettext('showdetails')));
+*/
+ // test
+// $msg .= '<br /><pre>'.$sig->body.'</pre>';
+
+ $p['prefix'] .= html::div($attrib, $msg);
+
+ // Display each signature message only once
+ unset($engine->signatures[$engine->signed_parts[$part_id]]);
+ }
+
+ if ($attach_scripts) {
+ // add css and js script
+ $this->add_css();
+ $this->add_js();
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handler for message_load hook.
+ * Check message bodies and attachments for keys/certs.
+ */
+ function message_load($p)
+ {
+ $engine = $this->enigma->load_engine();
+
+ // handle attachments vcard attachments
+ foreach ((array) $p['object']->attachments as $attachment) {
+ if ($engine->is_keys_part($attachment)) {
+ $this->keys_parts[] = $attachment->mime_id;
+ }
+ }
+
+ // the same with message bodies
+ foreach ((array) $p['object']->parts as $part) {
+ if ($engine->is_keys_part($part)) {
+ $this->keys_parts[] = $part->mime_id;
+ $this->keys_bodies[] = $part->mime_id;
+ }
+ }
+
+ // @TODO: inline PGP keys
+
+ if ($this->keys_parts) {
+ $this->enigma->add_texts('localization');
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handler for template_object_messagebody hook.
+ * This callback function adds a box below the message content
+ * if there is a key/cert attachment available
+ */
+ function message_output($p)
+ {
+ foreach ($this->keys_parts as $part) {
+ // remove part's body
+ if (in_array($part, $this->keys_bodies)) {
+ $p['content'] = '';
+ }
+
+ // add box below message body
+ $p['content'] .= html::p(array('class' => 'enigmaattachment'),
+ html::a(array(
+ 'href' => "#",
+ 'onclick' => "return ".rcmail_output::JS_OBJECT_NAME.".enigma_import_attachment('".rcube::JQ($part)."')",
+ 'title' => $this->enigma->gettext('keyattimport')),
+ html::span(null, $this->enigma->gettext('keyattfound'))));
+
+ $attach_scripts = true;
+ }
+
+ if ($attach_scripts) {
+ // add css and js script
+ $this->add_css();
+ $this->add_js();
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handle message_ready hook (encryption/signing)
+ */
+ function message_ready($p)
+ {
+ $savedraft = !empty($_POST['_draft']) && empty($_GET['_saveonly']);
+
+ if (!$savedraft && rcube_utils::get_input_value('_enigma_sign', rcube_utils::INPUT_POST)) {
+ $this->enigma->load_engine();
+ $status = $this->enigma->engine->sign_message($p['message']);
+ $mode = 'sign';
+ }
+
+ if ((!$status instanceof enigma_error) && rcube_utils::get_input_value('_enigma_encrypt', rcube_utils::INPUT_POST)) {
+ $this->enigma->load_engine();
+ $status = $this->enigma->engine->encrypt_message($p['message'], null, $savedraft);
+ $mode = 'encrypt';
+ }
+
+ if ($mode && ($status instanceof enigma_error)) {
+ $code = $status->getCode();
+
+ if ($code == enigma_error::E_KEYNOTFOUND) {
+ $vars = array('email' => $status->getData('missing'));
+ $msg = 'enigma.' . $mode . 'nokey';
+ }
+ else if ($code == enigma_error::E_BADPASS) {
+ $msg = 'enigma.' . $mode . 'badpass';
+ $type = 'warning';
+
+ $this->password_prompt($status);
+ }
+ else {
+ $msg = 'enigma.' . $mode . 'error';
+ }
+
+ $this->rc->output->show_message($msg, $type ?: 'error', $vars);
+ $this->rc->output->send('iframe');
+ }
+
+ return $p;
+ }
+
+}
diff --git a/plugins/enigma/lib/enigma_userid.php b/plugins/enigma/lib/enigma_userid.php
new file mode 100644
index 000000000..da0358445
--- /dev/null
+++ b/plugins/enigma/lib/enigma_userid.php
@@ -0,0 +1,24 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | User ID class for the Enigma Plugin |
+ | |
+ | Copyright (C) 2010-2015 The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl> |
+ +-------------------------------------------------------------------------+
+*/
+
+class enigma_userid
+{
+ public $revoked;
+ public $valid;
+ public $name;
+ public $comment;
+ public $email;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 22:10:25 +0000