summaryrefslogtreecommitdiff
path: root/plugins/enigma/lib
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/enigma/lib')
-rw-r--r--plugins/enigma/lib/enigma_driver.php11
-rw-r--r--plugins/enigma/lib/enigma_driver_gnupg.php41
-rw-r--r--plugins/enigma/lib/enigma_driver_phpssl.php9
-rw-r--r--plugins/enigma/lib/enigma_engine.php404
-rw-r--r--plugins/enigma/lib/enigma_error.php11
-rw-r--r--plugins/enigma/lib/enigma_key.php27
-rw-r--r--plugins/enigma/lib/enigma_ui.php369
7 files changed, 721 insertions, 151 deletions
diff --git a/plugins/enigma/lib/enigma_driver.php b/plugins/enigma/lib/enigma_driver.php
index a9a3e4715..c0a91ac27 100644
--- a/plugins/enigma/lib/enigma_driver.php
+++ b/plugins/enigma/lib/enigma_driver.php
@@ -44,8 +44,11 @@ abstract class enigma_driver
/**
* Decryption..
+ *
+ * @param string Encrypted message
+ * @param array List of key-password mapping
*/
- abstract function decrypt($text, $key, $passwd);
+ abstract function decrypt($text, $keys = array());
/**
* Signing.
@@ -80,7 +83,7 @@ abstract class enigma_driver
* @return mixed Array of enigma_key objects or enigma_error
*/
abstract function list_keys($pattern='');
-
+
/**
* Single key information.
*
@@ -98,9 +101,9 @@ abstract class enigma_driver
* @return mixed Key (enigma_key) object or enigma_error
*/
abstract function gen_key($data);
-
+
/**
* Key deletion.
*/
- abstract function del_key($keyid);
+ abstract function delete_key($keyid);
}
diff --git a/plugins/enigma/lib/enigma_driver_gnupg.php b/plugins/enigma/lib/enigma_driver_gnupg.php
index c4280a089..09e23d36c 100644
--- a/plugins/enigma/lib/enigma_driver_gnupg.php
+++ b/plugins/enigma/lib/enigma_driver_gnupg.php
@@ -32,8 +32,7 @@ class enigma_driver_gnupg extends enigma_driver
function __construct($user)
{
- $rcmail = rcmail::get_instance();
- $this->rc = $rcmail;
+ $this->rc = rcmail::get_instance();
$this->user = $user;
}
@@ -45,7 +44,7 @@ class enigma_driver_gnupg extends enigma_driver
*/
function init()
{
- $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . '/plugins/enigma/home');
+ $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home');
if (!$homedir)
return new enigma_error(enigma_error::E_INTERNAL,
@@ -78,7 +77,8 @@ class enigma_driver_gnupg extends enigma_driver
try {
$this->gpg = new Crypt_GPG(array(
'homedir' => $this->homedir,
-// 'debug' => true,
+ // 'binary' => '/usr/bin/gpg2',
+ // 'debug' => true,
));
}
catch (Exception $e) {
@@ -97,9 +97,18 @@ class enigma_driver_gnupg extends enigma_driver
*/
}
- function decrypt($text, $key, $passwd)
+ /**
+ * Register private keys and passwords
+ *
+ * @param string Encrypted message
+ * @param array List of key-password mapping
+ */
+ function decrypt($text, $keys = array())
{
-// $this->gpg->addDecryptKey($key, $passwd);
+ foreach ($keys as $key => $password) {
+ $this->gpg->addDecryptKey($key, $password);
+ }
+
try {
$dec = $this->gpg->decrypt($text);
return $dec;
@@ -147,12 +156,12 @@ class enigma_driver_gnupg extends enigma_driver
try {
$keys = $this->gpg->getKeys($pattern);
$result = array();
-//print_r($keys);
+
foreach ($keys as $idx => $key) {
$result[] = $this->parse_key($key);
unset($keys[$idx]);
}
-//print_r($result);
+
return $result;
}
catch (Exception $e) {
@@ -175,12 +184,20 @@ class enigma_driver_gnupg extends enigma_driver
{
}
- public function del_key($keyid)
+ public function delete_key($keyid)
{
-// $this->get_key($keyid);
+ // delete public key
+ $result = $this->delete_pubkey($keyid);
+
+ // if not found, delete private key
+ if ($result !== true && $result->getCode() == enigma_error::E_KEYNOTFOUND) {
+ $result = $this->delete_privkey($keyid);
+ }
+
+ return $result;
}
- public function del_privkey($keyid)
+ public function delete_privkey($keyid)
{
try {
$this->gpg->deletePrivateKey($keyid);
@@ -191,7 +208,7 @@ class enigma_driver_gnupg extends enigma_driver
}
}
- public function del_pubkey($keyid)
+ public function delete_pubkey($keyid)
{
try {
$this->gpg->deletePublicKey($keyid);
diff --git a/plugins/enigma/lib/enigma_driver_phpssl.php b/plugins/enigma/lib/enigma_driver_phpssl.php
index fcd15db73..6686d7dfa 100644
--- a/plugins/enigma/lib/enigma_driver_phpssl.php
+++ b/plugins/enigma/lib/enigma_driver_phpssl.php
@@ -24,7 +24,6 @@
class enigma_driver_phpssl extends enigma_driver
{
private $rc;
- //private $gpg;
private $homedir;
private $user;
@@ -78,7 +77,7 @@ class enigma_driver_phpssl extends enigma_driver
{
}
- function decrypt($text, $key, $passwd)
+ function decrypt($text, $keys = array())
{
}
@@ -145,15 +144,15 @@ class enigma_driver_phpssl extends enigma_driver
{
}
- public function del_key($keyid)
+ public function delete_key($keyid)
{
}
- public function del_privkey($keyid)
+ public function delete_privkey($keyid)
{
}
- public function del_pubkey($keyid)
+ public function delete_pubkey($keyid)
{
}
diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php
index e4972c6a9..c3a2e503f 100644
--- a/plugins/enigma/lib/enigma_engine.php
+++ b/plugins/enigma/lib/enigma_engine.php
@@ -35,19 +35,23 @@ class enigma_engine
private $pgp_driver;
private $smime_driver;
- public $decryptions = array();
- public $signatures = array();
+ public $decryptions = array();
+ public $signatures = array();
public $signed_parts = array();
+ const PASSWORD_TIME = 120;
+
/**
* Plugin initialization.
*/
function __construct($enigma)
{
- $rcmail = rcmail::get_instance();
- $this->rc = $rcmail;
+ $this->rc = rcmail::get_instance();
$this->enigma = $enigma;
+
+ // this will remove passwords from session after some time
+ $this->get_passwords();
}
/**
@@ -55,10 +59,11 @@ class enigma_engine
*/
function load_pgp_driver()
{
- if ($this->pgp_driver)
+ if ($this->pgp_driver) {
return;
+ }
- $driver = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg');
+ $driver = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg');
$username = $this->rc->user->get_username();
// Load driver
@@ -89,10 +94,11 @@ class enigma_engine
*/
function load_smime_driver()
{
- if ($this->smime_driver)
+ if ($this->smime_driver) {
return;
+ }
- $driver = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl');
+ $driver = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl');
$username = $this->rc->user->get_username();
// Load driver
@@ -119,6 +125,58 @@ class enigma_engine
}
/**
+ * Handler for message_part_structure hook.
+ * Called for every part of the message.
+ *
+ * @param array Original parameters
+ *
+ * @return array Modified parameters
+ */
+ function part_structure($p)
+ {
+ if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') {
+ $this->parse_plain($p);
+ }
+ else if ($p['mimetype'] == 'multipart/signed') {
+ $this->parse_signed($p);
+ }
+ else if ($p['mimetype'] == 'multipart/encrypted') {
+ $this->parse_encrypted($p);
+ }
+ else if ($p['mimetype'] == 'application/pkcs7-mime') {
+ $this->parse_encrypted($p);
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handler for message_part_body hook.
+ *
+ * @param array Original parameters
+ *
+ * @return array Modified parameters
+ */
+ function part_body($p)
+ {
+ // encrypted attachment, see parse_plain_encrypted()
+ if ($p['part']->need_decryption && $p['part']->body === null) {
+ $storage = $this->rc->get_storage();
+ $body = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false);
+ $result = $this->pgp_decrypt($body);
+
+ // @TODO: what to do on error?
+ if ($result === true) {
+ $p['part']->body = $body;
+ $p['part']->size = strlen($body);
+ $p['part']->body_modified = true;
+ }
+ }
+
+ return $p;
+ }
+
+ /**
* Handler for plain/text message.
*
* @param array Reference to hook's parameters
@@ -127,17 +185,22 @@ class enigma_engine
{
$part = $p['structure'];
+ // exit, if we're already inside a decrypted message
+ if ($part->encrypted) {
+ return;
+ }
+
// Get message body from IMAP server
- $this->set_part_body($part, $p['object']->uid);
+ $body = $this->get_part_body($p['object'], $part->mime_id);
- // @TODO: big message body can be a file resource
+ // @TODO: big message body could be a file resource
// PGP signed message
- if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $part->body)) {
- $this->parse_plain_signed($p);
+ if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $body)) {
+ $this->parse_plain_signed($p, $body);
}
// PGP encrypted message
- else if (preg_match('/^-----BEGIN PGP MESSAGE-----/', $part->body)) {
- $this->parse_plain_encrypted($p);
+ else if (preg_match('/^-----BEGIN PGP MESSAGE-----/', $body)) {
+ $this->parse_plain_encrypted($p, $body);
}
}
@@ -154,13 +217,16 @@ class enigma_engine
if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pkcs7-signature') {
$this->parse_smime_signed($p);
}
- // PGP/MIME:
+ // PGP/MIME: RFC3156
// The multipart/signed body MUST consist of exactly two parts.
// The first part contains the signed data in MIME canonical format,
// including a set of appropriate content headers describing the data.
// The second body MUST contain the PGP digital signature. It MUST be
// labeled with a content type of "application/pgp-signature".
- else if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature') {
+ else if ($struct->ctype_parameters['protocol'] == 'application/pgp-signature'
+ && count($struct->parts) == 2
+ && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature'
+ ) {
$this->parse_pgp_signed($p);
}
}
@@ -178,14 +244,16 @@ class enigma_engine
if ($struct->mimetype == 'application/pkcs7-mime') {
$this->parse_smime_encrypted($p);
}
- // PGP/MIME:
- // The multipart/encrypted MUST consist of exactly two parts. The first
+ // PGP/MIME: RFC3156
+ // The multipart/encrypted MUST consist of exactly two parts. The first
// MIME body part must have a content type of "application/pgp-encrypted".
// This body contains the control information.
// The second MIME body part MUST contain the actual encrypted data. It
// must be labeled with a content type of "application/octet-stream".
- else if ($struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted' &&
- $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream'
+ else if ($struct->ctype_parameters['protocol'] == 'application/pgp-encrypted'
+ && count($struct->parts) == 2
+ && $struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted'
+ && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream'
) {
$this->parse_pgp_encrypted($p);
}
@@ -195,16 +263,17 @@ class enigma_engine
* Handler for plain signed message.
* Excludes message and signature bodies and verifies signature.
*
- * @param array Reference to hook's parameters
+ * @param array Reference to hook's parameters
+ * @param string Message (part) body
*/
- private function parse_plain_signed(&$p)
+ private function parse_plain_signed(&$p, $body)
{
$this->load_pgp_driver();
$part = $p['structure'];
// Verify signature
if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
- $sig = $this->pgp_verify($part->body);
+ $sig = $this->pgp_verify($body);
}
// @TODO: Handle big bodies using (temp) files
@@ -213,10 +282,12 @@ class enigma_engine
$fh = fopen('php://memory', 'br+');
// @TODO: fopen/fwrite errors handling
if ($fh) {
- fwrite($fh, $part->body);
+ fwrite($fh, $body);
rewind($fh);
}
- $part->body = null;
+
+ $body = $part->body = null;
+ $part->body_modified = true;
// Extract body (and signature?)
while (!feof($fh)) {
@@ -248,7 +319,7 @@ class enigma_engine
* Handler for PGP/MIME signed message.
* Verifies signature.
*
- * @param array Reference to hook's parameters
+ * @param array Reference to hook's parameters
*/
private function parse_pgp_signed(&$p)
{
@@ -261,11 +332,13 @@ class enigma_engine
$sig_part = $struct->parts[1];
// Get bodies
- $this->set_part_body($msg_part, $p['object']->uid);
- $this->set_part_body($sig_part, $p['object']->uid);
+ // Note: The first part body need to be full part body with headers
+ // it also cannot be decoded
+ $msg_body = $this->get_part_body($p['object'], $msg_part->mime_id, true);
+ $sig_body = $this->get_part_body($p['object'], $sig_part->mime_id);
// Verify
- $sig = $this->pgp_verify($msg_part->body, $sig_part->body);
+ $sig = $this->pgp_verify($msg_body, $sig_body);
// Store signature data for display
$this->signatures[$struct->mime_id] = $sig;
@@ -275,10 +348,11 @@ class enigma_engine
foreach ($msg_part->parts as $part)
$this->signed_parts[$part->mime_id] = $struct->mime_id;
}
- else
+ else {
$this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
+ }
- // Remove signature file from attachments list
+ // Remove signature file from attachments list (?)
unset($struct->parts[1]);
}
}
@@ -291,6 +365,8 @@ class enigma_engine
*/
private function parse_smime_signed(&$p)
{
+ return; // @TODO
+
// Verify signature
if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
$this->load_smime_driver();
@@ -321,25 +397,55 @@ class enigma_engine
/**
* Handler for plain encrypted message.
*
- * @param array Reference to hook's parameters
+ * @param array Reference to hook's parameters
+ * @param string Message (part) body
*/
- private function parse_plain_encrypted(&$p)
+ private function parse_plain_encrypted(&$p, $body)
{
$this->load_pgp_driver();
$part = $p['structure'];
- // Get body
- $this->set_part_body($part, $p['object']->uid);
-
// Decrypt
- $result = $this->pgp_decrypt($part->body);
+ $result = $this->pgp_decrypt($body);
// Store decryption status
$this->decryptions[$part->mime_id] = $result;
// Parse decrypted message
if ($result === true) {
- // @TODO
+ $part->body = $body;
+ $part->body_modified = true;
+ $part->encrypted = true;
+
+ // Encrypted plain message may contain encrypted attachments
+ // in such case attachments have .pgp extension and application/octet-stream.
+ // This is what happens when you select "Encrypt each attachment separately
+ // and send the message using inline PGP" in Thunderbird's Enigmail.
+
+ // find parent part ID
+ if (strpos($part->mime_id, '.')) {
+ $items = explode('.', $part->mime_id);
+ array_pop($items);
+ $parent = implode('.', $items);
+ }
+ else {
+ $parent = 0;
+ }
+
+ if ($p['object']->mime_parts[$parent]) {
+ foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {
+ if ($p->disposition == 'attachment' && $p->mimetype == 'application/octet-stream'
+ && preg_match('/^(.*)\.pgp$/i', $p->filename, $m)
+ ) {
+ // modify filename
+ $p->filename = $m[1];
+ // flag the part, it will be decrypted when needed
+ $p->need_decryption = true;
+ // disable caching
+ $p->body_modified = true;
+ }
+ }
+ }
}
}
@@ -351,22 +457,32 @@ class enigma_engine
private function parse_pgp_encrypted(&$p)
{
$this->load_pgp_driver();
+
$struct = $p['structure'];
- $part = $struct->parts[1];
-
+ $part = $struct->parts[1];
+
// Get body
- $this->set_part_body($part, $p['object']->uid);
+ $body = $this->get_part_body($p['object'], $part->mime_id);
// Decrypt
- $result = $this->pgp_decrypt($part->body);
+ $result = $this->pgp_decrypt($body);
- $this->decryptions[$part->mime_id] = $result;
-//print_r($part);
- // Parse decrypted message
if ($result === true) {
- // @TODO
+ // Parse decrypted message
+ $struct = $this->parse_body($body);
+
+ // Modify original message structure
+ $this->modify_structure($p, $struct);
+
+ // Attach the decryption message to all parts
+ $this->decryptions[$struct->mime_id] = $result;
+ foreach ((array) $struct->parts as $sp) {
+ $this->decryptions[$sp->mime_id] = $result;
+ }
}
else {
+ $this->decryptions[$part->mime_id] = $result;
+
// Make sure decryption status message will be displayed
$part->type = 'content';
$p['object']->parts[] = $part;
@@ -418,8 +534,8 @@ class enigma_engine
{
// @TODO: Handle big bodies using (temp) files
// @TODO: caching of verification result
- $key = ''; $pass = ''; // @TODO
- $result = $this->pgp_driver->decrypt($msg_body, $key, $pass);
+ $keys = $this->get_passwords();
+ $result = $this->pgp_driver->decrypt($msg_body, $keys);
if ($result instanceof enigma_error) {
$err_code = $result->getCode();
@@ -432,7 +548,8 @@ class enigma_engine
return $result;
}
-// $msg_body = $result;
+ $msg_body = $result;
+
return true;
}
@@ -443,7 +560,7 @@ class enigma_engine
*
* @return mixed Array of keys or enigma_error
*/
- function list_keys($pattern='')
+ function list_keys($pattern = '')
{
$this->load_pgp_driver();
$result = $this->pgp_driver->list_keys($pattern);
@@ -470,7 +587,30 @@ class enigma_engine
{
$this->load_pgp_driver();
$result = $this->pgp_driver->get_key($keyid);
-
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ }
+
+ return $result;
+ }
+
+ /**
+ * PGP key delete.
+ *
+ * @param string Key ID
+ *
+ * @return enigma_error|bool True on success
+ */
+ function delete_key($keyid)
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->delete_key($keyid);
+
if ($result instanceof enigma_error) {
rcube::raise_error(array(
'code' => 600, 'type' => 'php',
@@ -478,7 +618,7 @@ class enigma_engine
'message' => "Enigma plugin: " . $result->getMessage()
), true, false);
}
-
+
return $result;
}
@@ -535,20 +675,162 @@ class enigma_engine
$this->rc->output->send();
}
+ function password_handler()
+ {
+ $keyid = rcube_utils::get_input_value('_keyid', rcube_utils::INPUT_POST);
+ $passwd = rcube_utils::get_input_value('_passwd', rcube_utils::INPUT_POST, true);
+
+ if ($keyid && $passwd !== null && strlen($passwd)) {
+ $this->save_password($keyid, $passwd);
+ }
+ }
+
+ function save_password($keyid, $password)
+ {
+ // we store passwords in session for specified time
+ if ($config = $_SESSION['enigma_pass']) {
+ $config = $this->rc->decrypt($config);
+ $config = @unserialize($config);
+ }
+
+ $config[$keyid] = array($password, time());
+
+ $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));
+ }
+
+ function get_passwords()
+ {
+ if ($config = $_SESSION['enigma_pass']) {
+ $config = $this->rc->decrypt($config);
+ $config = @unserialize($config);
+ }
+
+ $threshold = time() - self::PASSWORD_TIME;
+ $keys = array();
+
+ // delete expired passwords
+ foreach ((array) $config as $key => $value) {
+ if ($value[1] < $threshold) {
+ unset($config[$key]);
+ $modified = true;
+ }
+ else {
+ $keys[$key] = $value[0];
+ }
+ }
+
+ if ($modified) {
+ $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));
+ }
+
+ return $keys;
+ }
+
/**
- * Checks if specified message part contains body data.
- * If body is not set it will be fetched from IMAP server.
+ * Get message part body.
*
- * @param rcube_message_part Message part object
- * @param integer Message UID
+ * @param rcube_message Message object
+ * @param string Message part ID
+ * @param bool Return raw body with headers
*/
- private function set_part_body($part, $uid)
+ private function get_part_body($msg, $part_id, $full = false)
{
- // @TODO: Create such function in core
// @TODO: Handle big bodies using file handles
- if (!isset($part->body)) {
- $part->body = $this->rc->storage->get_message_part(
- $uid, $part->mime_id, $part);
+ if ($full) {
+ $storage = $this->rc->get_storage();
+ $body = $storage->get_raw_headers($msg->uid, $part_id);
+ $body .= $storage->get_raw_body($msg->uid, null, $part_id);
+ }
+ else {
+ $body = $msg->get_part_body($part_id, false);
+ }
+
+ return $body;
+ }
+
+ /**
+ * Parse decrypted message body into structure
+ *
+ * @param string Message body
+ *
+ * @return array Message structure
+ */
+ private function parse_body(&$body)
+ {
+ // Mail_mimeDecode need \r\n end-line, but gpg may return \n
+ $body = preg_replace('/\r?\n/', "\r\n", $body);
+
+ // parse the body into structure
+ $struct = rcube_mime::parse_message($body);
+
+ return $struct;
+ }
+
+ /**
+ * Replace message encrypted structure with decrypted message structure
+ *
+ * @param array
+ * @param rcube_message_part
+ */
+ private function modify_structure(&$p, $struct)
+ {
+ // modify mime_parts property of the message object
+ $old_id = $p['structure']->mime_id;
+ foreach (array_keys($p['object']->mime_parts) as $idx) {
+ if (!$old_id || $idx == $old_id || strpos($idx, $old_id . '.') === 0) {
+ unset($p['object']->mime_parts[$idx]);
+ }
}
+
+ // modify the new structure to be correctly handled by Roundcube
+ $this->modify_structure_part($struct, $p['object'], $old_id);
+
+ // replace old structure with the new one
+ $p['structure'] = $struct;
+ $p['mimetype'] = $struct->mimetype;
+ }
+
+ /**
+ * Modify decrypted message part
+ *
+ * @param rcube_message_part
+ * @param rcube_message
+ */
+ private function modify_structure_part($part, $msg, $old_id)
+ {
+ // never cache the body
+ $part->body_modified = true;
+ $part->encoding = 'stream';
+
+ // Cache the fact it was decrypted
+ $part->encrypted = true;
+
+ // modify part identifier
+ if ($old_id) {
+ $part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id);
+ }
+
+ $msg->mime_parts[$part->mime_id] = $part;
+
+ // modify sub-parts
+ foreach ((array) $part->parts as $p) {
+ $this->modify_structure_part($p, $msg, $old_id);
+ }
+ }
+
+ /**
+ * Checks if specified message part is a PGP-key or S/MIME cert data
+ *
+ * @param rcube_message_part Part object
+ *
+ * @return boolean True if part is a key/cert
+ */
+ public function is_keys_part($part)
+ {
+ // @TODO: S/MIME
+ return (
+ // Content-Type: application/pgp-keys
+ $part->mimetype == 'application/pgp-keys'
+ );
}
}
diff --git a/plugins/enigma/lib/enigma_error.php b/plugins/enigma/lib/enigma_error.php
index ab8d01557..7122e8e7b 100644
--- a/plugins/enigma/lib/enigma_error.php
+++ b/plugins/enigma/lib/enigma_error.php
@@ -37,11 +37,12 @@ class enigma_error
const E_EXPIRED = 6;
const E_UNVERIFIED = 7;
+
function __construct($code = null, $message = '', $data = array())
{
- $this->code = $code;
+ $this->code = $code;
$this->message = $message;
- $this->data = $data;
+ $this->data = $data;
}
function getCode()
@@ -56,9 +57,11 @@ class enigma_error
function getData($name)
{
- if ($name)
+ if ($name) {
return $this->data[$name];
- else
+ }
+ else {
return $this->data;
+ }
}
}
diff --git a/plugins/enigma/lib/enigma_key.php b/plugins/enigma/lib/enigma_key.php
index 520c36b0b..66670c5d5 100644
--- a/plugins/enigma/lib/enigma_key.php
+++ b/plugins/enigma/lib/enigma_key.php
@@ -25,12 +25,12 @@ class enigma_key
{
public $id;
public $name;
- public $users = array();
+ public $users = array();
public $subkeys = array();
const TYPE_UNKNOWN = 0;
const TYPE_KEYPAIR = 1;
- const TYPE_PUBLIC = 2;
+ const TYPE_PUBLIC = 2;
/**
* Keys list sorting callback for usort()
@@ -55,7 +55,7 @@ class enigma_key
/**
* Returns true if all user IDs are revoked
- */
+ */
function is_revoked()
{
foreach ($this->subkeys as $subkey)
@@ -67,7 +67,7 @@ class enigma_key
/**
* Returns true if any user ID is valid
- */
+ */
function is_valid()
{
foreach ($this->users as $user)
@@ -76,18 +76,18 @@ class enigma_key
return false;
}
-
+
/**
* Returns true if any of subkeys is not expired
- */
+ */
function is_expired()
{
$now = time();
-
+
foreach ($this->subkeys as $subkey)
if (!$subkey->expires || $subkey->expires > $now)
return true;
-
+
return false;
}
@@ -101,7 +101,7 @@ class enigma_key
static function format_id($id)
{
// E.g. 04622F2089E037A5 => 89E037A5
-
+
return substr($id, -8);
}
@@ -114,15 +114,18 @@ class enigma_key
*/
static function format_fingerprint($fingerprint)
{
- if (!$fingerprint)
+ if (!$fingerprint) {
return '';
-
+ }
+
$result = '';
for ($i=0; $i<40; $i++) {
- if ($i % 4 == 0)
+ if ($i % 4 == 0) {
$result .= ' ';
+ }
$result .= $fingerprint[$i];
}
+
return $result;
}
diff --git a/plugins/enigma/lib/enigma_ui.php b/plugins/enigma/lib/enigma_ui.php
index 2e95938f2..26396f1dd 100644
--- a/plugins/enigma/lib/enigma_ui.php
+++ b/plugins/enigma/lib/enigma_ui.php
@@ -26,16 +26,18 @@ class enigma_ui
private $rc;
private $enigma;
private $home;
- private $css_added;
+ private $css_loaded;
+ private $js_loaded;
private $data;
+ private $keys_parts = array();
+ private $keys_bodies = array();
function __construct($enigma_plugin, $home='')
{
$this->enigma = $enigma_plugin;
- $this->rc = $enigma_plugin->rc;
- // we cannot use $enigma_plugin->home here
- $this->home = $home;
+ $this->rc = $enigma_plugin->rc;
+ $this->home = $home; // we cannot use $enigma_plugin->home here
}
/**
@@ -45,58 +47,65 @@ class enigma_ui
*/
function init($section='')
{
- $this->enigma->include_script('enigma.js');
+ $this->add_js();
- // Enigma actions
- if ($this->rc->action == 'plugin.enigma') {
- $action = rcube_utils::get_input_value('_a', rcube_utils::INPUT_GPC);
+ $action = rcube_utils::get_input_value('_a', rcube_utils::INPUT_GPC);
+ if ($this->rc->action == 'plugin.enigmakeys') {
switch ($action) {
- case 'keyedit':
+ case 'delete':
+ $this->key_delete();
+ break;
+/*
+ case 'edit':
$this->key_edit();
break;
- case 'keyimport':
+*/
+ case 'import':
$this->key_import();
break;
- case 'keysearch':
- case 'keylist':
+
+ case 'search':
+ case 'list':
$this->key_list();
break;
- case 'keyinfo':
- default:
+
+ case 'info':
$this->key_info();
+ break;
}
+
+ $this->rc->output->add_handlers(array(
+ 'keyslist' => array($this, 'tpl_keys_list'),
+ 'keyframe' => array($this, 'tpl_key_frame'),
+ 'countdisplay' => array($this, 'tpl_keys_rowcount'),
+ 'searchform' => array($this->rc->output, 'search_form'),
+ ));
+
+ $this->rc->output->set_pagetitle($this->enigma->gettext('enigmakeys'));
+ $this->rc->output->send('enigma.keys');
}
+/*
+ // Preferences UI
+ else if ($this->rc->action == 'plugin.enigmacerts') {
+ $this->rc->output->add_handlers(array(
+ 'keyslist' => array($this, 'tpl_certs_list'),
+ 'keyframe' => array($this, 'tpl_cert_frame'),
+ 'countdisplay' => array($this, 'tpl_certs_rowcount'),
+ 'searchform' => array($this->rc->output, 'search_form'),
+ ));
+
+ $this->rc->output->set_pagetitle($this->enigma->gettext('enigmacerts'));
+ $this->rc->output->send('enigma.certs');
+ }
+*/
// Message composing UI
else if ($this->rc->action == 'compose') {
$this->compose_ui();
}
- // Preferences UI
- else { // if ($this->rc->action == 'edit-prefs') {
- if ($section == 'enigmacerts') {
- $this->rc->output->add_handlers(array(
- 'keyslist' => array($this, 'tpl_certs_list'),
- 'keyframe' => array($this, 'tpl_cert_frame'),
- 'countdisplay' => array($this, 'tpl_certs_rowcount'),
- 'searchform' => array($this->rc->output, 'search_form'),
- ));
- $this->rc->output->set_pagetitle($this->enigma->gettext('enigmacerts'));
- $this->rc->output->send('enigma.certs');
- }
- else {
- $this->rc->output->add_handlers(array(
- 'keyslist' => array($this, 'tpl_keys_list'),
- 'keyframe' => array($this, 'tpl_key_frame'),
- 'countdisplay' => array($this, 'tpl_keys_rowcount'),
- 'searchform' => array($this->rc->output, 'search_form'),
- ));
- $this->rc->output->set_pagetitle($this->enigma->gettext('enigmakeys'));
- $this->rc->output->send('enigma.keys');
- }
- }
}
- /**
+ /**
* Adds CSS style file to the page header.
*/
function add_css()
@@ -109,7 +118,46 @@ class enigma_ui
$this->enigma->include_stylesheet("$skin_path/enigma.css");
}
- $this->css_added = true;
+ $this->css_loaded = true;
+ }
+
+ /**
+ * Adds javascript file to the page header.
+ */
+ function add_js()
+ {
+ if ($this->js_loaded) {
+ return;
+ }
+
+ $this->enigma->include_script('enigma.js');
+
+ $this->js_loaded = true;
+ }
+
+ /**
+ * Initializes key password prompt
+ *
+ * @param enigma_error Error object with key info
+ */
+ function password_prompt($status)
+ {
+ $data = $status->getData('missing');
+
+ if (empty($data)) {
+ $data = $status->getData('bad');
+ }
+
+ $data = array('keyid' => key($data), 'user' => $data[key($data)]);
+
+ $this->rc->output->set_env('enigma_password_request', $data);
+
+ // add some labels to client
+ $this->rc->output->add_label('enigma.enterkeypasstitle', 'enigma.enterkeypass',
+ 'save', 'cancel');
+
+ $this->add_css();
+ $this->add_js();
}
/**
@@ -159,7 +207,7 @@ class enigma_ui
$this->rc->output->include_script('list.js');
// add some labels to client
- $this->rc->output->add_label('enigma.keyconfirmdelete');
+ $this->rc->output->add_label('enigma.keyremoveconfirm', 'enigma.keyremoving');
return $out;
}
@@ -260,13 +308,14 @@ class enigma_ui
*/
private function key_info()
{
- $id = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GET);
-
$this->enigma->load_engine();
+
+ $id = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GET);
$res = $this->enigma->engine->get_key($id);
- if ($res instanceof enigma_key)
+ if ($res instanceof enigma_key) {
$this->data = $res;
+ }
else { // error
$this->rc->output->show_message('enigma.keyopenerror', 'error');
$this->rc->output->command('parent.enigma_loadframe');
@@ -319,7 +368,7 @@ class enigma_ui
$out .= html::tag('fieldset', null,
html::tag('legend', null,
$this->enigma->gettext('basicinfo')) . $table->show($attrib));
-
+/*
// Subkeys
$table = new html_table(array('cols' => 6));
// Columns: Type, ID, Algorithm, Size, Created, Expires
@@ -335,7 +384,7 @@ class enigma_ui
$out .= html::tag('fieldset', null,
html::tag('legend', null,
$this->enigma->gettext('userids')) . $table->show($attrib));
-
+*/
return $out;
}
@@ -362,8 +411,9 @@ class enigma_ui
$this->rc->output->send('iframe');
}
- else
+ else {
$this->rc->output->show_message('enigma.keysimportfailed', 'error');
+ }
}
else if ($err = $_FILES['_file']['error']) {
if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
@@ -401,7 +451,7 @@ class enigma_ui
$this->rc->output->add_gui_object('importform', $attrib['id']);
$out = $this->rc->output->form_tag(array(
- 'action' => $this->rc->url(array('action' => 'plugin.enigma', 'a' => 'keyimport')),
+ 'action' => $this->rc->url(array('action' => $this->rc->action, 'a' => 'import')),
'method' => 'post',
'enctype' => 'multipart/form-data') + $attrib,
$form);
@@ -409,21 +459,52 @@ class enigma_ui
return $out;
}
+ /**
+ * Key deleting
+ */
+ private function key_delete()
+ {
+ $keys = rcube_utils::get_input_value('_keys', rcube_utils::INPUT_POST);
+
+ $this->enigma->load_engine();
+
+ foreach ((array)$keys as $key) {
+ $res = $this->enigma->engine->delete_key($key);
+
+ if ($res !== true) {
+ $this->rc->output->show_message('enigma.keyremoveerror', 'error');
+ $this->rc->output->command('enigma_list');
+ $this->rc->output->send();
+ }
+ }
+
+ $this->rc->output->command('enigma_list');
+ $this->rc->output->show_message('enigma.keyremovesuccess', 'confirmation');
+ $this->rc->output->send();
+ }
+
private function compose_ui()
{
+/*
+ $this->add_css();
+
// Options menu button
// @TODO: make this work with non-default skins
$this->enigma->add_button(array(
- 'name' => 'enigmamenu',
- 'imagepas' => 'skins/classic/enigma.png',
- 'imageact' => 'skins/classic/enigma.png',
- 'onclick' => "rcmail_ui.show_popup('enigmamenu', true); return false",
- 'title' => 'securityoptions',
- 'domain' => 'enigma',
+ 'type' => 'link',
+ 'command' => 'plugin.enigma',
+ 'onclick' => "rcmail.command('menu-open', 'enigmamenu', event.target, event)",
+ 'class' => 'button enigma',
+ 'title' => 'securityoptions',
+ 'label' => 'securityoptions',
+ 'domain' => $this->enigma->ID,
+ 'width' => 32,
+ 'height' => 32
), 'toolbar');
// Options menu contents
$this->enigma->add_hook('render_page', array($this, 'compose_menu'));
+*/
}
function compose_menu($p)
@@ -449,7 +530,189 @@ class enigma_ui
$p['content'] = preg_replace('/(<form name="form"[^>]+>)/i', '\\1'."\n$menu", $p['content']);
return $p;
+ }
+
+ /**
+ * Handler for message_body_prefix hook.
+ * Called for every displayed (content) part of the message.
+ * Adds infobox about signature verification and/or decryption
+ * status above the body.
+ *
+ * @param array Original parameters
+ *
+ * @return array Modified parameters
+ */
+ function status_message($p)
+ {
+ // skip: not a message part
+ if ($p['part'] instanceof rcube_message) {
+ return $p;
+ }
+ // skip: message has no signed/encoded content
+ if (!$this->enigma->engine) {
+ return $p;
+ }
+
+ $engine = $this->enigma->engine;
+ $part_id = $p['part']->mime_id;
+
+ // Decryption status
+ if (isset($engine->decryptions[$part_id])) {
+ $attach_scripts = true;
+
+ // get decryption status
+ $status = $engine->decryptions[$part_id];
+
+ // display status info
+ $attrib['id'] = 'enigma-message';
+
+ if ($status instanceof enigma_error) {
+ $attrib['class'] = 'enigmaerror';
+ $code = $status->getCode();
+
+ if ($code == enigma_error::E_KEYNOTFOUND) {
+ $msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($status->getData('id')),
+ $this->enigma->gettext('decryptnokey')));
+ }
+ else if ($code == enigma_error::E_BADPASS) {
+ $msg = rcube::Q($this->enigma->gettext('decryptbadpass'));
+ $this->password_prompt($status);
+ }
+ else {
+ $msg = rcube::Q($this->enigma->gettext('decrypterror'));
+ }
+ }
+ else {
+ $attrib['class'] = 'enigmanotice';
+ $msg = rcube::Q($this->enigma->gettext('decryptok'));
+ }
+
+ $p['prefix'] .= html::div($attrib, $msg);
+ }
+
+ // Signature verification status
+ if (isset($engine->signed_parts[$part_id])
+ && ($sig = $engine->signatures[$engine->signed_parts[$part_id]])
+ ) {
+ $attach_scripts = true;
+
+ // display status info
+ $attrib['id'] = 'enigma-message';
+
+ if ($sig instanceof enigma_signature) {
+ $sender = ($sig->name ? $sig->name . ' ' : '') . '<' . $sig->email . '>';
+
+ if ($sig->valid === enigma_error::E_UNVERIFIED) {
+ $attrib['class'] = 'enigmawarning';
+ $msg = str_replace('$sender', $sender, $this->enigma->gettext('sigunverified'));
+ $msg = str_replace('$keyid', $sig->id, $msg);
+ $msg = rcube::Q($msg);
+ }
+ else if ($sig->valid) {
+ $attrib['class'] = 'enigmanotice';
+ $msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('sigvalid')));
+ }
+ else {
+ $attrib['class'] = 'enigmawarning';
+ $msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('siginvalid')));
+ }
+ }
+ else if ($sig && $sig->getCode() == enigma_error::E_KEYNOTFOUND) {
+ $attrib['class'] = 'enigmawarning';
+ $msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($sig->getData('id')),
+ $this->enigma->gettext('signokey')));
+ }
+ else {
+ $attrib['class'] = 'enigmaerror';
+ $msg = rcube::Q($this->enigma->gettext('sigerror'));
+ }
+/*
+ $msg .= '&nbsp;' . html::a(array('href' => "#sigdetails",
+ 'onclick' => rcmail_output::JS_OBJECT_NAME.".command('enigma-sig-details')"),
+ rcube::Q($this->enigma->gettext('showdetails')));
+*/
+ // test
+// $msg .= '<br /><pre>'.$sig->body.'</pre>';
+
+ $p['prefix'] .= html::div($attrib, $msg);
+
+ // Display each signature message only once
+ unset($engine->signatures[$engine->signed_parts[$part_id]]);
+ }
+
+ if ($attach_scripts) {
+ // add css and js script
+ $this->add_css();
+ $this->add_js();
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handler for message_load hook.
+ * Check message bodies and attachments for keys/certs.
+ */
+ function message_load($p)
+ {
+ $engine = $this->enigma->load_engine();
+
+ // handle attachments vcard attachments
+ foreach ((array) $p['object']->attachments as $attachment) {
+ if ($engine->is_keys_part($attachment)) {
+ $this->keys_parts[] = $attachment->mime_id;
+ }
+ }
+
+ // the same with message bodies
+ foreach ((array) $p['object']->parts as $part) {
+ if ($engine->is_keys_part($part)) {
+ $this->keys_parts[] = $part->mime_id;
+ $this->keys_bodies[] = $part->mime_id;
+ }
+ }
+
+ // @TODO: inline PGP keys
+
+ if ($this->keys_parts) {
+ $this->enigma->add_texts('localization');
+ }
+
+ return $p;
+ }
+
+ /**
+ * Handler for template_object_messagebody hook.
+ * This callback function adds a box below the message content
+ * if there is a key/cert attachment available
+ */
+ function message_output($p)
+ {
+ foreach ($this->keys_parts as $part) {
+ // remove part's body
+ if (in_array($part, $this->keys_bodies)) {
+ $p['content'] = '';
+ }
+
+ // add box below message body
+ $p['content'] .= html::p(array('class' => 'enigmaattachment'),
+ html::a(array(
+ 'href' => "#",
+ 'onclick' => "return ".rcmail_output::JS_OBJECT_NAME.".enigma_import_attachment('".rcube::JQ($part)."')",
+ 'title' => $this->enigma->gettext('keyattimport')),
+ html::span(null, $this->enigma->gettext('keyattfound'))));
+
+ $attach_scripts = true;
+ }
+
+ if ($attach_scripts) {
+ // add css and js script
+ $this->add_css();
+ $this->add_js();
+ }
+
+ return $p;
}
}