123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508 |
- <?php
-
- /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
-
- /**
- * Crypt_GPG is a package to use GPG from PHP
- *
- * This package provides an object oriented interface to GNU Privacy
- * Guard (GPG). It requires the GPG executable to be on the system.
- *
- * Though GPG can support symmetric-key cryptography, this package is intended
- * only to facilitate public-key cryptography.
- *
- * This file contains an abstract implementation of a user of the
- * {@link Crypt_GPG_Engine} class.
- *
- * PHP version 5
- *
- * LICENSE:
- *
- * This library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of the
- * License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see
- * <http://www.gnu.org/licenses/>
- *
- * @category Encryption
- * @package Crypt_GPG
- * @author Nathan Fredrickson <nathan@silverorange.com>
- * @author Michael Gauthier <mike@silverorange.com>
- * @copyright 2005-2013 silverorange
- * @license http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
- * @version CVS: $Id: GPG.php 305428 2010-11-17 02:47:56Z gauthierm $
- * @link http://pear.php.net/package/Crypt_GPG
- * @link http://pear.php.net/manual/en/package.encryption.crypt-gpg.php
- * @link http://www.gnupg.org/
- */
-
- /**
- * GPG key class
- */
- require_once 'Crypt/GPG/Key.php';
-
- /**
- * GPG sub-key class
- */
- require_once 'Crypt/GPG/SubKey.php';
-
- /**
- * GPG user id class
- */
- require_once 'Crypt/GPG/UserId.php';
-
- /**
- * GPG process and I/O engine class
- */
- require_once 'Crypt/GPG/Engine.php';
-
- /**
- * GPG exception classes
- */
- require_once 'Crypt/GPG/Exceptions.php';
-
- // {{{ class Crypt_GPGAbstract
-
- /**
- * Base class for implementing a user of {@link Crypt_GPG_Engine}
- *
- * @category Encryption
- * @package Crypt_GPG
- * @author Nathan Fredrickson <nathan@silverorange.com>
- * @author Michael Gauthier <mike@silverorange.com>
- * @copyright 2005-2013 silverorange
- * @license http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
- * @link http://pear.php.net/package/Crypt_GPG
- * @link http://www.gnupg.org/
- */
- abstract class Crypt_GPGAbstract
- {
- // {{{ class error constants
-
- /**
- * Error code returned when there is no error.
- */
- const ERROR_NONE = 0;
-
- /**
- * Error code returned when an unknown or unhandled error occurs.
- */
- const ERROR_UNKNOWN = 1;
-
- /**
- * Error code returned when a bad passphrase is used.
- */
- const ERROR_BAD_PASSPHRASE = 2;
-
- /**
- * Error code returned when a required passphrase is missing.
- */
- const ERROR_MISSING_PASSPHRASE = 3;
-
- /**
- * Error code returned when a key that is already in the keyring is
- * imported.
- */
- const ERROR_DUPLICATE_KEY = 4;
-
- /**
- * Error code returned the required data is missing for an operation.
- *
- * This could be missing key data, missing encrypted data or missing
- * signature data.
- */
- const ERROR_NO_DATA = 5;
-
- /**
- * Error code returned when an unsigned key is used.
- */
- const ERROR_UNSIGNED_KEY = 6;
-
- /**
- * Error code returned when a key that is not self-signed is used.
- */
- const ERROR_NOT_SELF_SIGNED = 7;
-
- /**
- * Error code returned when a public or private key that is not in the
- * keyring is used.
- */
- const ERROR_KEY_NOT_FOUND = 8;
-
- /**
- * Error code returned when an attempt to delete public key having a
- * private key is made.
- */
- const ERROR_DELETE_PRIVATE_KEY = 9;
-
- /**
- * Error code returned when one or more bad signatures are detected.
- */
- const ERROR_BAD_SIGNATURE = 10;
-
- /**
- * Error code returned when there is a problem reading GnuPG data files.
- */
- const ERROR_FILE_PERMISSIONS = 11;
-
- /**
- * Error code returned when a key could not be created.
- */
- const ERROR_KEY_NOT_CREATED = 12;
-
- /**
- * Error code returned when bad key parameters are used during key
- * generation.
- */
- const ERROR_BAD_KEY_PARAMS = 13;
-
- // }}}
- // {{{ other class constants
-
- /**
- * URI at which package bugs may be reported.
- */
- const BUG_URI = 'http://pear.php.net/bugs/report.php?package=Crypt_GPG';
-
- // }}}
- // {{{ protected class properties
-
- /**
- * Engine used to control the GPG subprocess
- *
- * @var Crypt_GPG_Engine
- *
- * @see Crypt_GPGAbstract::setEngine()
- */
- protected $engine = null;
-
- // }}}
- // {{{ __construct()
-
- /**
- * Creates a new GPG object
- *
- * Available options are:
- *
- * - <kbd>string homedir</kbd> - the directory where the GPG
- * keyring files are stored. If not
- * specified, Crypt_GPG uses the
- * default of <kbd>~/.gnupg</kbd>.
- * - <kbd>string publicKeyring</kbd> - the file path of the public
- * keyring. Use this if the public
- * keyring is not in the homedir, or
- * if the keyring is in a directory
- * not writable by the process
- * invoking GPG (like Apache). Then
- * you can specify the path to the
- * keyring with this option
- * (/foo/bar/pubring.gpg), and specify
- * a writable directory (like /tmp)
- * using the <i>homedir</i> option.
- * - <kbd>string privateKeyring</kbd> - the file path of the private
- * keyring. Use this if the private
- * keyring is not in the homedir, or
- * if the keyring is in a directory
- * not writable by the process
- * invoking GPG (like Apache). Then
- * you can specify the path to the
- * keyring with this option
- * (/foo/bar/secring.gpg), and specify
- * a writable directory (like /tmp)
- * using the <i>homedir</i> option.
- * - <kbd>string trustDb</kbd> - the file path of the web-of-trust
- * database. Use this if the trust
- * database is not in the homedir, or
- * if the database is in a directory
- * not writable by the process
- * invoking GPG (like Apache). Then
- * you can specify the path to the
- * trust database with this option
- * (/foo/bar/trustdb.gpg), and specify
- * a writable directory (like /tmp)
- * using the <i>homedir</i> option.
- * - <kbd>string binary</kbd> - the location of the GPG binary. If
- * not specified, the driver attempts
- * to auto-detect the GPG binary
- * location using a list of known
- * default locations for the current
- * operating system. The option
- * <kbd>gpgBinary</kbd> is a
- * deprecated alias for this option.
- * - <kbd>string agent</kbd> - the location of the GnuPG agent
- * binary. The gpg-agent is only
- * used for GnuPG 2.x. If not
- * specified, the engine attempts
- * to auto-detect the gpg-agent
- * binary location using a list of
- * know default locations for the
- * current operating system.
- * - <kbd>boolean debug</kbd> - whether or not to use debug mode.
- * When debug mode is on, all
- * communication to and from the GPG
- * subprocess is logged. This can be
- *
- * @param array $options optional. An array of options used to create the
- * GPG object. All options are optional and are
- * represented as key-value pairs.
- *
- * @throws Crypt_GPG_FileException if the <kbd>homedir</kbd> does not exist
- * and cannot be created. This can happen if <kbd>homedir</kbd> is
- * not specified, Crypt_GPG is run as the web user, and the web
- * user has no home directory. This exception is also thrown if any
- * of the options <kbd>publicKeyring</kbd>,
- * <kbd>privateKeyring</kbd> or <kbd>trustDb</kbd> options are
- * specified but the files do not exist or are are not readable.
- * This can happen if the user running the Crypt_GPG process (for
- * example, the Apache user) does not have permission to read the
- * files.
- *
- * @throws PEAR_Exception if the provided <kbd>binary</kbd> is invalid, or
- * if no <kbd>binary</kbd> is provided and no suitable binary could
- * be found.
- *
- * @throws PEAR_Exception if the provided <kbd>agent</kbd> is invalid, or
- * if no <kbd>agent</kbd> is provided and no suitable gpg-agent
- * cound be found.
- */
- public function __construct(array $options = array())
- {
- $this->setEngine(new Crypt_GPG_Engine($options));
- }
-
- // }}}
- // {{{ setEngine()
-
- /**
- * Sets the I/O engine to use for GnuPG operations
- *
- * Normally this method does not need to be used. It provides a means for
- * dependency injection.
- *
- * @param Crypt_GPG_Engine $engine the engine to use.
- *
- * @return Crypt_GPGAbstract the current object, for fluent interface.
- */
- public function setEngine(Crypt_GPG_Engine $engine)
- {
- $this->engine = $engine;
- return $this;
- }
-
- // }}}
- // {{{ _getKeys()
-
- /**
- * Gets the available keys in the keyring
- *
- * Calls GPG with the <kbd>--list-keys</kbd> command and grabs keys. See
- * the first section of <b>doc/DETAILS</b> in the
- * {@link http://www.gnupg.org/download/ GPG package} for a detailed
- * description of how the GPG command output is parsed.
- *
- * @param string $keyId optional. Only keys with that match the specified
- * pattern are returned. The pattern may be part of
- * a user id, a key id or a key fingerprint. If not
- * specified, all keys are returned.
- *
- * @return array an array of {@link Crypt_GPG_Key} objects. If no keys
- * match the specified <kbd>$keyId</kbd> an empty array is
- * returned.
- *
- * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
- * Use the <kbd>debug</kbd> option and file a bug report if these
- * exceptions occur.
- *
- * @see Crypt_GPG_Key
- */
- protected function _getKeys($keyId = '')
- {
- // get private key fingerprints
- if ($keyId == '') {
- $operation = '--list-secret-keys';
- } else {
- $operation = '--list-secret-keys ' . escapeshellarg($keyId);
- }
-
- // According to The file 'doc/DETAILS' in the GnuPG distribution, using
- // double '--with-fingerprint' also prints the fingerprint for subkeys.
- $arguments = array(
- '--with-colons',
- '--with-fingerprint',
- '--with-fingerprint',
- '--fixed-list-mode'
- );
-
- $output = '';
-
- $this->engine->reset();
- $this->engine->setOutput($output);
- $this->engine->setOperation($operation, $arguments);
- $this->engine->run();
-
- $code = $this->engine->getErrorCode();
-
- switch ($code) {
- case self::ERROR_NONE:
- case self::ERROR_KEY_NOT_FOUND:
- // ignore not found key errors
- break;
- case self::ERROR_FILE_PERMISSIONS:
- $filename = $this->engine->getErrorFilename();
- if ($filename) {
- throw new Crypt_GPG_FileException(
- sprintf(
- 'Error reading GnuPG data file \'%s\'. Check to make ' .
- 'sure it is readable by the current user.',
- $filename
- ),
- $code,
- $filename
- );
- }
- throw new Crypt_GPG_FileException(
- 'Error reading GnuPG data file. Check to make GnuPG data ' .
- 'files are readable by the current user.',
- $code
- );
- default:
- throw new Crypt_GPG_Exception(
- 'Unknown error getting keys. Please use the \'debug\' option ' .
- 'when creating the Crypt_GPG object, and file a bug report ' .
- 'at ' . self::BUG_URI,
- $code
- );
- }
-
- $privateKeyFingerprints = array();
-
- $lines = explode(PHP_EOL, $output);
- foreach ($lines as $line) {
- $lineExp = explode(':', $line);
- if ($lineExp[0] == 'fpr') {
- $privateKeyFingerprints[] = $lineExp[9];
- }
- }
-
- // get public keys
- if ($keyId == '') {
- $operation = '--list-public-keys';
- } else {
- $operation = '--list-public-keys ' . escapeshellarg($keyId);
- }
-
- $output = '';
-
- $this->engine->reset();
- $this->engine->setOutput($output);
- $this->engine->setOperation($operation, $arguments);
- $this->engine->run();
-
- $code = $this->engine->getErrorCode();
-
- switch ($code) {
- case self::ERROR_NONE:
- case self::ERROR_KEY_NOT_FOUND:
- // ignore not found key errors
- break;
- case self::ERROR_FILE_PERMISSIONS:
- $filename = $this->engine->getErrorFilename();
- if ($filename) {
- throw new Crypt_GPG_FileException(
- sprintf(
- 'Error reading GnuPG data file \'%s\'. Check to make ' .
- 'sure it is readable by the current user.',
- $filename
- ),
- $code,
- $filename
- );
- }
- throw new Crypt_GPG_FileException(
- 'Error reading GnuPG data file. Check to make GnuPG data ' .
- 'files are readable by the current user.',
- $code
- );
- default:
- throw new Crypt_GPG_Exception(
- 'Unknown error getting keys. Please use the \'debug\' option ' .
- 'when creating the Crypt_GPG object, and file a bug report ' .
- 'at ' . self::BUG_URI,
- $code
- );
- }
-
- $keys = array();
-
- $key = null; // current key
- $subKey = null; // current sub-key
-
- $lines = explode(PHP_EOL, $output);
- foreach ($lines as $line) {
- $lineExp = explode(':', $line);
-
- if ($lineExp[0] == 'pub') {
-
- // new primary key means last key should be added to the array
- if ($key !== null) {
- $keys[] = $key;
- }
-
- $key = new Crypt_GPG_Key();
-
- $subKey = Crypt_GPG_SubKey::parse($line);
- $key->addSubKey($subKey);
-
- } elseif ($lineExp[0] == 'sub') {
-
- $subKey = Crypt_GPG_SubKey::parse($line);
- $key->addSubKey($subKey);
-
- } elseif ($lineExp[0] == 'fpr') {
-
- $fingerprint = $lineExp[9];
-
- // set current sub-key fingerprint
- $subKey->setFingerprint($fingerprint);
-
- // if private key exists, set has private to true
- if (in_array($fingerprint, $privateKeyFingerprints)) {
- $subKey->setHasPrivate(true);
- }
-
- } elseif ($lineExp[0] == 'uid') {
-
- $string = stripcslashes($lineExp[9]); // as per documentation
- $userId = new Crypt_GPG_UserId($string);
-
- if ($lineExp[1] == 'r') {
- $userId->setRevoked(true);
- }
-
- $key->addUserId($userId);
-
- }
- }
-
- // add last key
- if ($key !== null) {
- $keys[] = $key;
- }
-
- return $keys;
- }
-
- // }}}
- }
-
- // }}}
-
- ?>
|