robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
2 Branches
Tree: 8ddc133341
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8ddc133341'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.2.2/plugins/enigma/lib/enigma_engine.php

enigma_engine.php 40KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337 
  1. <?php

  2. 

  3. /**

  4.  +-------------------------------------------------------------------------+

  5.  | Engine of the Enigma Plugin                                             |

  6.  |                                                                         |

  7.  | Copyright (C) 2010-2016 The Roundcube Dev Team                          |

  8.  |                                                                         |

  9.  | Licensed under the GNU General Public License version 3 or              |

  10.  | any later version with exceptions for skins & plugins.                  |

  11.  | See the README file for a full license statement.                       |

  12.  |                                                                         |

  13.  +-------------------------------------------------------------------------+

  14.  | Author: Aleksander Machniak <alec@alec.pl>                              |

  15.  +-------------------------------------------------------------------------+

  16. */

  17. 

  18. /**

  19.  * Enigma plugin engine.

  20.  *

  21.  * RFC2440: OpenPGP Message Format

  22.  * RFC3156: MIME Security with OpenPGP

  23.  * RFC3851: S/MIME

  24.  */

  25. class enigma_engine

  26. {

  27.     private $rc;

  28.     private $enigma;

  29.     private $pgp_driver;

  30.     private $smime_driver;

  31.     private $password_time;

  32. 

  33.     public $decryptions     = array();

  34.     public $signatures      = array();

  35.     public $encrypted_parts = array();

  36. 

  37.     const ENCRYPTED_PARTIALLY = 100;

  38. 

  39.     const SIGN_MODE_BODY     = 1;

  40.     const SIGN_MODE_SEPARATE = 2;

  41.     const SIGN_MODE_MIME     = 3;

  42. 

  43.     const ENCRYPT_MODE_BODY = 1;

  44.     const ENCRYPT_MODE_MIME = 2;

  45. 

  46. 

  47.     /**

  48.      * Plugin initialization.

  49.      */

  50.     function __construct($enigma)

  51.     {

  52.         $this->rc     = rcmail::get_instance();

  53.         $this->enigma = $enigma;

  54. 

  55.         $this->password_time = $this->rc->config->get('enigma_password_time') * 60;

  56. 

  57.         // this will remove passwords from session after some time

  58.         if ($this->password_time) {

  59.             $this->get_passwords();

  60.         }

  61.     }

  62. 

  63.     /**

  64.      * PGP driver initialization.

  65.      */

  66.     function load_pgp_driver()

  67.     {

  68.         if ($this->pgp_driver) {

  69.             return;

  70.         }

  71. 

  72.         $driver   = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg');

  73.         $username = $this->rc->user->get_username();

  74. 

  75.         // Load driver

  76.         $this->pgp_driver = new $driver($username);

  77. 

  78.         if (!$this->pgp_driver) {

  79.             rcube::raise_error(array(

  80.                 'code' => 600, 'type' => 'php',

  81.                 'file' => __FILE__, 'line' => __LINE__,

  82.                 'message' => "Enigma plugin: Unable to load PGP driver: $driver"

  83.             ), true, true);

  84.         }

  85. 

  86.         // Initialise driver

  87.         $result = $this->pgp_driver->init();

  88. 

  89.         if ($result instanceof enigma_error) {

  90.             rcube::raise_error(array(

  91.                 'code' => 600, 'type' => 'php',

  92.                 'file' => __FILE__, 'line' => __LINE__,

  93.                 'message' => "Enigma plugin: ".$result->getMessage()

  94.             ), true, true);

  95.         }

  96.     }

  97. 

  98.     /**

  99.      * S/MIME driver initialization.

  100.      */

  101.     function load_smime_driver()

  102.     {

  103.         if ($this->smime_driver) {

  104.             return;

  105.         }

  106. 

  107.         $driver   = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl');

  108.         $username = $this->rc->user->get_username();

  109. 

  110.         // Load driver

  111.         $this->smime_driver = new $driver($username);

  112. 

  113.         if (!$this->smime_driver) {

  114.             rcube::raise_error(array(

  115.                 'code' => 600, 'type' => 'php',

  116.                 'file' => __FILE__, 'line' => __LINE__,

  117.                 'message' => "Enigma plugin: Unable to load S/MIME driver: $driver"

  118.             ), true, true);

  119.         }

  120. 

  121.         // Initialise driver

  122.         $result = $this->smime_driver->init();

  123. 

  124.         if ($result instanceof enigma_error) {

  125.             rcube::raise_error(array(

  126.                 'code' => 600, 'type' => 'php',

  127.                 'file' => __FILE__, 'line' => __LINE__,

  128.                 'message' => "Enigma plugin: ".$result->getMessage()

  129.             ), true, true);

  130.         }

  131.     }

  132. 

  133.     /**

  134.      * Handler for message signing

  135.      *

  136.      * @param Mail_mime Original message

  137.      * @param int       Encryption mode

  138.      *

  139.      * @return enigma_error On error returns error object

  140.      */

  141.     function sign_message(&$message, $mode = null)

  142.     {

  143.         $mime = new enigma_mime_message($message, enigma_mime_message::PGP_SIGNED);

  144.         $from = $mime->getFromAddress();

  145. 

  146.         // find private key

  147.         $key = $this->find_key($from, true);

  148. 

  149.         if (empty($key)) {

  150.             return new enigma_error(enigma_error::KEYNOTFOUND);

  151.         }

  152. 

  153.         // check if we have password for this key

  154.         $passwords = $this->get_passwords();

  155.         $pass      = $passwords[$key->id];

  156. 

  157.         if ($pass === null) {

  158.             // ask for password

  159.             $error = array('missing' => array($key->id => $key->name));

  160.             return new enigma_error(enigma_error::BADPASS, '', $error);

  161.         }

  162. 

  163.         // select mode

  164.         switch ($mode) {

  165.         case self::SIGN_MODE_BODY:

  166.             $pgp_mode = Crypt_GPG::SIGN_MODE_CLEAR;

  167.             break;

  168. 

  169.         case self::SIGN_MODE_MIME:

  170.             $pgp_mode = Crypt_GPG::SIGN_MODE_DETACHED;

  171.             break;

  172. /*

  173.         case self::SIGN_MODE_SEPARATE:

  174.             $pgp_mode = Crypt_GPG::SIGN_MODE_NORMAL;

  175.             break;

  176. */

  177.         default:

  178.             if ($mime->isMultipart()) {

  179.                 $pgp_mode = Crypt_GPG::SIGN_MODE_DETACHED;

  180.             }

  181.             else {

  182.                 $pgp_mode = Crypt_GPG::SIGN_MODE_CLEAR;

  183.             }

  184.         }

  185. 

  186.         // get message body

  187.         if ($pgp_mode == Crypt_GPG::SIGN_MODE_CLEAR) {

  188.             // in this mode we'll replace text part

  189.             // with the one containing signature

  190.             $body = $message->getTXTBody();

  191. 

  192.             $text_charset = $message->getParam('text_charset');

  193.             $line_length  = $this->rc->config->get('line_length', 72);

  194. 

  195.             // We can't use format=flowed for signed messages

  196.             if (strpos($text_charset, 'format=flowed')) {

  197.                 list($charset, $params) = explode(';', $text_charset);

  198.                 $body = rcube_mime::unfold_flowed($body);

  199.                 $body = rcube_mime::wordwrap($body, $line_length, "\r\n", false, $charset);

  200. 

  201.                 $text_charset = str_replace(";\r\n format=flowed", '', $text_charset);

  202.             }

  203.         }

  204.         else {

  205.             // here we'll build PGP/MIME message

  206.             $body = $mime->getOrigBody();

  207.         }

  208. 

  209.         // sign the body

  210.         $result = $this->pgp_sign($body, $key->id, $pass, $pgp_mode);

  211. 

  212.         if ($result !== true) {

  213.             if ($result->getCode() == enigma_error::BADPASS) {

  214.                 // ask for password

  215.                 $error = array('bad' => array($key->id => $key->name));

  216.                 return new enigma_error(enigma_error::BADPASS, '', $error);

  217.             }

  218. 

  219.             return $result;

  220.         }

  221. 

  222.         // replace message body

  223.         if ($pgp_mode == Crypt_GPG::SIGN_MODE_CLEAR) {

  224.             $message->setTXTBody($body);

  225.             $message->setParam('text_charset', $text_charset);

  226.         }

  227.         else {

  228.             $mime->addPGPSignature($body);

  229.             $message = $mime;

  230.         }

  231.     }

  232. 

  233.     /**

  234.      * Handler for message encryption

  235.      *

  236.      * @param Mail_mime Original message

  237.      * @param int       Encryption mode

  238.      * @param bool      Is draft-save action - use only sender's key for encryption

  239.      *

  240.      * @return enigma_error On error returns error object

  241.      */

  242.     function encrypt_message(&$message, $mode = null, $is_draft = false)

  243.     {

  244.         $mime = new enigma_mime_message($message, enigma_mime_message::PGP_ENCRYPTED);

  245. 

  246.         // always use sender's key

  247.         $recipients = array($mime->getFromAddress());

  248. 

  249.         // if it's not a draft we add all recipients' keys

  250.         if (!$is_draft) {

  251.             $recipients = array_merge($recipients, $mime->getRecipients());

  252.         }

  253. 

  254.         if (empty($recipients)) {

  255.             return new enigma_error(enigma_error::KEYNOTFOUND);

  256.         }

  257. 

  258.         $recipients = array_unique($recipients);

  259. 

  260.         // find recipient public keys

  261.         foreach ((array) $recipients as $email) {

  262.             $key = $this->find_key($email);

  263. 

  264.             if (empty($key)) {

  265.                 return new enigma_error(enigma_error::KEYNOTFOUND, '', array(

  266.                     'missing' => $email

  267.                 ));

  268.             }

  269. 

  270.             $keys[] = $key->id;

  271.         }

  272. 

  273.         // select mode

  274.         switch ($mode) {

  275.         case self::ENCRYPT_MODE_BODY:

  276.             $encrypt_mode = $mode;

  277.             break;

  278. 

  279.         case self::ENCRYPT_MODE_MIME:

  280.             $encrypt_mode = $mode;

  281.             break;

  282. 

  283.         default:

  284.             $encrypt_mode = $mime->isMultipart() ? self::ENCRYPT_MODE_MIME : self::ENCRYPT_MODE_BODY;

  285.         }

  286. 

  287.         // get message body

  288.         if ($encrypt_mode == self::ENCRYPT_MODE_BODY) {

  289.             // in this mode we'll replace text part

  290.             // with the one containing encrypted message

  291.             $body = $message->getTXTBody();

  292.         }

  293.         else {

  294.             // here we'll build PGP/MIME message

  295.             $body = $mime->getOrigBody();

  296.         }

  297. 

  298.         // sign the body

  299.         $result = $this->pgp_encrypt($body, $keys);

  300. 

  301.         if ($result !== true) {

  302.             return $result;

  303.         }

  304. 

  305.         // replace message body

  306.         if ($encrypt_mode == self::ENCRYPT_MODE_BODY) {

  307.             $message->setTXTBody($body);

  308.         }

  309.         else {

  310.             $mime->setPGPEncryptedBody($body);

  311.             $message = $mime;

  312.         }

  313.     }

  314. 

  315.     /**

  316.      * Handler for attaching public key to a message

  317.      *

  318.      * @param Mail_mime Original message

  319.      *

  320.      * @return bool True on success, False on failure

  321.      */

  322.     function attach_public_key(&$message)

  323.     {

  324.         $headers = $message->headers();

  325.         $from    = rcube_mime::decode_address_list($headers['From'], 1, false, null, true);

  326.         $from    = $from[1];

  327. 

  328.         // find my key

  329.         if ($from && ($key = $this->find_key($from))) {

  330.             $pubkey_armor = $this->export_key($key->id);

  331. 

  332.             if (!$pubkey_armor instanceof enigma_error) {

  333.                 $pubkey_name = '0x' . enigma_key::format_id($key->id) . '.asc';

  334.                 $message->addAttachment($pubkey_armor, 'application/pgp-keys', $pubkey_name, false, '7bit');

  335.                 return true;

  336.             }

  337.         }

  338. 

  339.         return false;

  340.     }

  341. 

  342.     /**

  343.      * Handler for message_part_structure hook.

  344.      * Called for every part of the message.

  345.      *

  346.      * @param array  Original parameters

  347.      * @param string Part body (will be set if used internally)

  348.      *

  349.      * @return array Modified parameters

  350.      */

  351.     function part_structure($p, $body = null)

  352.     {

  353.         if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') {

  354.             $this->parse_plain($p, $body);

  355.         }

  356.         else if ($p['mimetype'] == 'multipart/signed') {

  357.             $this->parse_signed($p, $body);

  358.         }

  359.         else if ($p['mimetype'] == 'multipart/encrypted') {

  360.             $this->parse_encrypted($p);

  361.         }

  362.         else if ($p['mimetype'] == 'application/pkcs7-mime') {

  363.             $this->parse_encrypted($p);

  364.         }

  365. 

  366.         return $p;

  367.     }

  368. 

  369.     /**

  370.      * Handler for message_part_body hook.

  371.      *

  372.      * @param array Original parameters

  373.      *

  374.      * @return array Modified parameters

  375.      */

  376.     function part_body($p)

  377.     {

  378.         // encrypted attachment, see parse_plain_encrypted()

  379.         if ($p['part']->need_decryption && $p['part']->body === null) {

  380.             $this->load_pgp_driver();

  381. 

  382.             $storage = $this->rc->get_storage();

  383.             $body    = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false);

  384.             $result  = $this->pgp_decrypt($body);

  385. 

  386.             // @TODO: what to do on error?

  387.             if ($result === true) {

  388.                 $p['part']->body = $body;

  389.                 $p['part']->size = strlen($body);

  390.                 $p['part']->body_modified = true;

  391.             }

  392.         }

  393. 

  394.         return $p;

  395.     }

  396. 

  397.     /**

  398.      * Handler for plain/text message.

  399.      *

  400.      * @param array  Reference to hook's parameters

  401.      * @param string Part body (will be set if used internally)

  402.      */

  403.     function parse_plain(&$p, $body = null)

  404.     {

  405.         $part = $p['structure'];

  406. 

  407.         // exit, if we're already inside a decrypted message

  408.         if (in_array($part->mime_id, $this->encrypted_parts)) {

  409.             return;

  410.         }

  411. 

  412.         // Get message body from IMAP server

  413.         if ($body === null) {

  414.             $body = $this->get_part_body($p['object'], $part);

  415.         }

  416. 

  417.         // In this way we can use fgets on string as on file handle

  418.         // Don't use php://temp for security (body may come from an encrypted part)

  419.         $fd = fopen('php://memory', 'r+');

  420.         if (!$fd) {

  421.             return;

  422.         }

  423. 

  424.         fwrite($fd, $body);

  425.         rewind($fd);

  426. 

  427.         $body   = '';

  428.         $prefix = '';

  429.         $mode   = '';

  430.         $tokens = array(

  431.             'BEGIN PGP SIGNED MESSAGE' => 'signed-start',

  432.             'END PGP SIGNATURE'        => 'signed-end',

  433.             'BEGIN PGP MESSAGE'        => 'encrypted-start',

  434.             'END PGP MESSAGE'          => 'encrypted-end',

  435.         );

  436.         $regexp = '/^-----(' . implode('|', array_keys($tokens)) . ')-----[\r\n]*/';

  437. 

  438.         while (($line = fgets($fd)) !== false) {

  439.             if ($line[0] === '-' && $line[4] === '-' && preg_match($regexp, $line, $m)) {

  440.                 switch ($tokens[$m[1]]) {

  441.                 case 'signed-start':

  442.                     $body = $line;

  443.                     $mode = 'signed';

  444.                     break;

  445. 

  446.                 case 'signed-end':

  447.                     if ($mode === 'signed') {

  448.                         $body .= $line;

  449.                     }

  450.                     break 2; // ignore anything after this line

  451. 

  452.                 case 'encrypted-start':

  453.                     $body = $line;

  454.                     $mode = 'encrypted';

  455.                     break;

  456. 

  457.                 case 'encrypted-end':

  458.                     if ($mode === 'encrypted') {

  459.                         $body .= $line;

  460.                     }

  461.                     break 2; // ignore anything after this line

  462.                 }

  463. 

  464.                 continue;

  465.             }

  466. 

  467.             if ($mode === 'signed') {

  468.                 $body .= $line;

  469.             }

  470.             else if ($mode === 'encrypted') {

  471.                 $body .= $line;

  472.             }

  473.             else {

  474.                 $prefix .= $line;

  475.             }

  476.         }

  477. 

  478.         fclose($fd);

  479. 

  480.         if ($mode === 'signed') {

  481.             $this->parse_plain_signed($p, $body, $prefix);

  482.         }

  483.         else if ($mode === 'encrypted') {

  484.             $this->parse_plain_encrypted($p, $body, $prefix);

  485.         }

  486.     }

  487. 

  488.     /**

  489.      * Handler for multipart/signed message.

  490.      *

  491.      * @param array  Reference to hook's parameters

  492.      * @param string Part body (will be set if used internally)

  493.      */

  494.     function parse_signed(&$p, $body = null)

  495.     {

  496.         $struct = $p['structure'];

  497. 

  498.         // S/MIME

  499.         if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pkcs7-signature') {

  500.             $this->parse_smime_signed($p, $body);

  501.         }

  502.         // PGP/MIME: RFC3156

  503.         // The multipart/signed body MUST consist of exactly two parts.

  504.         // The first part contains the signed data in MIME canonical format,

  505.         // including a set of appropriate content headers describing the data.

  506.         // The second body MUST contain the PGP digital signature.  It MUST be

  507.         // labeled with a content type of "application/pgp-signature".

  508.         else if (count($struct->parts) == 2

  509.             && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature'

  510.         ) {

  511.             $this->parse_pgp_signed($p, $body);

  512.         }

  513.     }

  514. 

  515.     /**

  516.      * Handler for multipart/encrypted message.

  517.      *

  518.      * @param array Reference to hook's parameters

  519.      */

  520.     function parse_encrypted(&$p)

  521.     {

  522.         $struct = $p['structure'];

  523. 

  524.         // S/MIME

  525.         if ($p['mimetype'] == 'application/pkcs7-mime') {

  526.             $this->parse_smime_encrypted($p);

  527.         }

  528.         // PGP/MIME: RFC3156

  529.         // The multipart/encrypted MUST consist of exactly two parts. The first

  530.         // MIME body part must have a content type of "application/pgp-encrypted".

  531.         // This body contains the control information.

  532.         // The second MIME body part MUST contain the actual encrypted data.  It

  533.         // must be labeled with a content type of "application/octet-stream".

  534.         else if (count($struct->parts) == 2

  535.             && $struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted'

  536.             && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream'

  537.         ) {

  538.             $this->parse_pgp_encrypted($p);

  539.         }

  540.     }

  541. 

  542.     /**

  543.      * Handler for plain signed message.

  544.      * Excludes message and signature bodies and verifies signature.

  545.      *

  546.      * @param array  Reference to hook's parameters

  547.      * @param string Message (part) body

  548.      * @param string Body prefix (additional text before the encrypted block)

  549.      */

  550.     private function parse_plain_signed(&$p, $body, $prefix = '')

  551.     {

  552.         if (!$this->rc->config->get('enigma_signatures', true)) {

  553.             return;

  554.         }

  555. 

  556.         $this->load_pgp_driver();

  557.         $part = $p['structure'];

  558. 

  559.         // Verify signature

  560.         if ($this->rc->action == 'show' || $this->rc->action == 'preview' || $this->rc->action == 'print') {

  561.             $sig = $this->pgp_verify($body);

  562.         }

  563. 

  564.         // In this way we can use fgets on string as on file handle

  565.         // Don't use php://temp for security (body may come from an encrypted part)

  566.         $fd = fopen('php://memory', 'r+');

  567.         if (!$fd) {

  568.             return;

  569.         }

  570. 

  571.         fwrite($fd, $body);

  572.         rewind($fd);

  573. 

  574.         $body = $part->body = null;

  575.         $part->body_modified = true;

  576. 

  577.         // Extract body (and signature?)

  578.         while (($line = fgets($fd, 1024)) !== false) {

  579.             if ($part->body === null)

  580.                 $part->body = '';

  581.             else if (preg_match('/^-----BEGIN PGP SIGNATURE-----/', $line))

  582.                 break;

  583.             else

  584.                 $part->body .= $line;

  585.         }

  586. 

  587.         fclose($fd);

  588. 

  589.         // Remove "Hash" Armor Headers

  590.         $part->body = preg_replace('/^.*\r*\n\r*\n/', '', $part->body);

  591.         // de-Dash-Escape (RFC2440)

  592.         $part->body = preg_replace('/(^|\n)- -/', '\\1-', $part->body);

  593. 

  594.         if ($prefix) {

  595.             $part->body = $prefix . $part->body;

  596.         }

  597. 

  598.         // Store signature data for display

  599.         if (!empty($sig)) {

  600.             $sig->partial = !empty($prefix);

  601.             $this->signatures[$part->mime_id] = $sig;

  602.         }

  603.     }

  604. 

  605.     /**

  606.      * Handler for PGP/MIME signed message.

  607.      * Verifies signature.

  608.      *

  609.      * @param array  Reference to hook's parameters

  610.      * @param string Part body (will be set if used internally)

  611.      */

  612.     private function parse_pgp_signed(&$p, $body = null)

  613.     {

  614.         if (!$this->rc->config->get('enigma_signatures', true)) {

  615.             return;

  616.         }

  617. 

  618.         if ($this->rc->action != 'show' && $this->rc->action != 'preview' && $this->rc->action != 'print') {

  619.             return;

  620.         }

  621. 

  622.         $this->load_pgp_driver();

  623.         $struct = $p['structure'];

  624. 

  625.         $msg_part = $struct->parts[0];

  626.         $sig_part = $struct->parts[1];

  627. 

  628.         // Get bodies

  629.         if ($body === null) {

  630.             if (!$struct->body_modified) {

  631.                 $body = $this->get_part_body($p['object'], $struct);

  632.             }

  633.         }

  634. 

  635.         $boundary = $struct->ctype_parameters['boundary'];

  636. 

  637.         // when it is a signed message forwarded as attachment

  638.         // ctype_parameters property will not be set

  639.         if (!$boundary && $struct->headers['content-type']

  640.             && preg_match('/boundary="?([a-zA-Z0-9\'()+_,-.\/:=?]+)"?/', $struct->headers['content-type'], $m)

  641.         ) {

  642.             $boundary = $m[1];

  643.         }

  644. 

  645.         // set signed part body

  646.         list($msg_body, $sig_body) = $this->explode_signed_body($body, $boundary);

  647. 

  648.         // Verify

  649.         if ($sig_body && $msg_body) {

  650.             $sig = $this->pgp_verify($msg_body, $sig_body);

  651. 

  652.             // Store signature data for display

  653.             $this->signatures[$struct->mime_id] = $sig;

  654.             $this->signatures[$msg_part->mime_id] = $sig;

  655.         }

  656.     }

  657. 

  658.     /**

  659.      * Handler for S/MIME signed message.

  660.      * Verifies signature.

  661.      *

  662.      * @param array  Reference to hook's parameters

  663.      * @param string Part body (will be set if used internally)

  664.      */

  665.     private function parse_smime_signed(&$p, $body = null)

  666.     {

  667.         if (!$this->rc->config->get('enigma_signatures', true)) {

  668.             return;

  669.         }

  670. 

  671.         // @TODO

  672.     }

  673. 

  674.     /**

  675.      * Handler for plain encrypted message.

  676.      *

  677.      * @param array  Reference to hook's parameters

  678.      * @param string Message (part) body

  679.      * @param string Body prefix (additional text before the encrypted block)

  680.      */

  681.     private function parse_plain_encrypted(&$p, $body, $prefix = '')

  682.     {

  683.         if (!$this->rc->config->get('enigma_decryption', true)) {

  684.             return;

  685.         }

  686. 

  687.         $this->load_pgp_driver();

  688.         $part = $p['structure'];

  689. 

  690.         // Decrypt

  691.         $result = $this->pgp_decrypt($body);

  692. 

  693.         // Store decryption status

  694.         $this->decryptions[$part->mime_id] = $result;

  695. 

  696.         // find parent part ID

  697.         if (strpos($part->mime_id, '.')) {

  698.             $items = explode('.', $part->mime_id);

  699.             array_pop($items);

  700.             $parent = implode('.', $items);

  701.         }

  702.         else {

  703.             $parent = 0;

  704.         }

  705. 

  706.         // Parse decrypted message

  707.         if ($result === true) {

  708.             $part->body          = $prefix . $body;

  709.             $part->body_modified = true;

  710. 

  711.             // it maybe PGP signed inside, verify signature

  712.             $this->parse_plain($p, $body);

  713. 

  714.             // Remember it was decrypted

  715.             $this->encrypted_parts[] = $part->mime_id;

  716. 

  717.             // Inform the user that only a part of the body was encrypted

  718.             if ($prefix) {

  719.                 $this->decryptions[$part->mime_id] = self::ENCRYPTED_PARTIALLY;

  720.             }

  721. 

  722.             // Encrypted plain message may contain encrypted attachments

  723.             // in such case attachments have .pgp extension and type application/octet-stream.

  724.             // This is what happens when you select "Encrypt each attachment separately

  725.             // and send the message using inline PGP" in Thunderbird's Enigmail.

  726. 

  727.             if ($p['object']->mime_parts[$parent]) {

  728.                 foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {

  729.                     if ($p->disposition == 'attachment' && $p->mimetype == 'application/octet-stream'

  730.                         && preg_match('/^(.*)\.pgp$/i', $p->filename, $m)

  731.                     ) {

  732.                         // modify filename

  733.                         $p->filename = $m[1];

  734.                         // flag the part, it will be decrypted when needed

  735.                         $p->need_decryption = true;

  736.                         // disable caching

  737.                         $p->body_modified = true;

  738.                     }

  739.                 }

  740.             }

  741.         }

  742.         // decryption failed, but the message may have already

  743.         // been cached with the modified parts (see above),

  744.         // let's bring the original state back

  745.         else if ($p['object']->mime_parts[$parent]) {

  746.             foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {

  747.                 if ($p->need_decryption && !preg_match('/^(.*)\.pgp$/i', $p->filename, $m)) {

  748.                     // modify filename

  749.                     $p->filename .= '.pgp';

  750.                     // flag the part, it will be decrypted when needed

  751.                     unset($p->need_decryption);

  752.                 }

  753.             }

  754.         }

  755.     }

  756. 

  757.     /**

  758.      * Handler for PGP/MIME encrypted message.

  759.      *

  760.      * @param array Reference to hook's parameters

  761.      */

  762.     private function parse_pgp_encrypted(&$p)

  763.     {

  764.         if (!$this->rc->config->get('enigma_decryption', true)) {

  765.             return;

  766.         }

  767. 

  768.         $this->load_pgp_driver();

  769. 

  770.         $struct = $p['structure'];

  771.         $part   = $struct->parts[1];

  772. 

  773.         // Get body

  774.         $body = $this->get_part_body($p['object'], $part);

  775. 

  776.         // Decrypt

  777.         $result = $this->pgp_decrypt($body);

  778. 

  779.         if ($result === true) {

  780.             // Parse decrypted message

  781.             $struct = $this->parse_body($body);

  782. 

  783.             // Modify original message structure

  784.             $this->modify_structure($p, $struct, strlen($body));

  785. 

  786.             // Parse the structure (there may be encrypted/signed parts inside

  787.             $this->part_structure(array(

  788.                     'object'    => $p['object'],

  789.                     'structure' => $struct,

  790.                     'mimetype'  => $struct->mimetype

  791.                 ), $body);

  792. 

  793.             // Attach the decryption message to all parts

  794.             $this->decryptions[$struct->mime_id] = $result;

  795.             foreach ((array) $struct->parts as $sp) {

  796.                 $this->decryptions[$sp->mime_id] = $result;

  797.             }

  798.         }

  799.         else {

  800.             $this->decryptions[$part->mime_id] = $result;

  801. 

  802.             // Make sure decryption status message will be displayed

  803.             $part->type = 'content';

  804.             $p['object']->parts[] = $part;

  805. 

  806.             // don't show encrypted part on attachments list

  807.             // don't show "cannot display encrypted message" text

  808.             $p['abort'] = true;

  809.         }

  810.     }

  811. 

  812.     /**

  813.      * Handler for S/MIME encrypted message.

  814.      *

  815.      * @param array Reference to hook's parameters

  816.      */

  817.     private function parse_smime_encrypted(&$p)

  818.     {

  819.         if (!$this->rc->config->get('enigma_decryption', true)) {

  820.             return;

  821.         }

  822. 

  823.         // @TODO

  824.     }

  825. 

  826.     /**

  827.      * PGP signature verification.

  828.      *

  829.      * @param mixed Message body

  830.      * @param mixed Signature body (for MIME messages)

  831.      *

  832.      * @return mixed enigma_signature or enigma_error

  833.      */

  834.     private function pgp_verify(&$msg_body, $sig_body=null)

  835.     {

  836.         // @TODO: Handle big bodies using (temp) files

  837.         $sig = $this->pgp_driver->verify($msg_body, $sig_body);

  838. 

  839.         if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::KEYNOTFOUND)

  840.             rcube::raise_error(array(

  841.                 'code' => 600, 'type' => 'php',

  842.                 'file' => __FILE__, 'line' => __LINE__,

  843.                 'message' => "Enigma plugin: " . $sig->getMessage()

  844.                 ), true, false);

  845. 

  846.         return $sig;

  847.     }

  848. 

  849.     /**

  850.      * PGP message decryption.

  851.      *

  852.      * @param mixed Message body

  853.      *

  854.      * @return mixed True or enigma_error

  855.      */

  856.     private function pgp_decrypt(&$msg_body)

  857.     {

  858.         // @TODO: Handle big bodies using (temp) files

  859.         $keys   = $this->get_passwords();

  860.         $result = $this->pgp_driver->decrypt($msg_body, $keys);

  861. 

  862.         if ($result instanceof enigma_error) {

  863.             $err_code = $result->getCode();

  864.             if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))

  865.                 rcube::raise_error(array(

  866.                     'code' => 600, 'type' => 'php',

  867.                     'file' => __FILE__, 'line' => __LINE__,

  868.                     'message' => "Enigma plugin: " . $result->getMessage()

  869.                     ), true, false);

  870.             return $result;

  871.         }

  872. 

  873.         $msg_body = $result;

  874. 

  875.         return true;

  876.     }

  877. 

  878.     /**

  879.      * PGP message signing

  880.      *

  881.      * @param mixed  Message body

  882.      * @param string Key ID

  883.      * @param string Key passphrase

  884.      * @param int    Signing mode

  885.      *

  886.      * @return mixed True or enigma_error

  887.      */

  888.     private function pgp_sign(&$msg_body, $keyid, $password, $mode = null)

  889.     {

  890.         // @TODO: Handle big bodies using (temp) files

  891.         $result = $this->pgp_driver->sign($msg_body, $keyid, $password, $mode);

  892. 

  893.         if ($result instanceof enigma_error) {

  894.             $err_code = $result->getCode();

  895.             if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))

  896.                 rcube::raise_error(array(

  897.                     'code' => 600, 'type' => 'php',

  898.                     'file' => __FILE__, 'line' => __LINE__,

  899.                     'message' => "Enigma plugin: " . $result->getMessage()

  900.                     ), true, false);

  901.             return $result;

  902.         }

  903. 

  904.         $msg_body = $result;

  905. 

  906.         return true;

  907.     }

  908. 

  909.     /**

  910.      * PGP message encrypting

  911.      *

  912.      * @param mixed Message body

  913.      * @param array Keys

  914.      *

  915.      * @return mixed True or enigma_error

  916.      */

  917.     private function pgp_encrypt(&$msg_body, $keys)

  918.     {

  919.         // @TODO: Handle big bodies using (temp) files

  920.         $result = $this->pgp_driver->encrypt($msg_body, $keys);

  921. 

  922.         if ($result instanceof enigma_error) {

  923.             $err_code = $result->getCode();

  924.             if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))

  925.                 rcube::raise_error(array(

  926.                     'code' => 600, 'type' => 'php',

  927.                     'file' => __FILE__, 'line' => __LINE__,

  928.                     'message' => "Enigma plugin: " . $result->getMessage()

  929.                     ), true, false);

  930.             return $result;

  931.         }

  932. 

  933.         $msg_body = $result;

  934. 

  935.         return true;

  936.     }

  937. 

  938.     /**

  939.      * PGP keys listing.

  940.      *

  941.      * @param mixed Key ID/Name pattern

  942.      *

  943.      * @return mixed Array of keys or enigma_error

  944.      */

  945.     function list_keys($pattern = '')

  946.     {

  947.         $this->load_pgp_driver();

  948.         $result = $this->pgp_driver->list_keys($pattern);

  949. 

  950.         if ($result instanceof enigma_error) {

  951.             rcube::raise_error(array(

  952.                 'code' => 600, 'type' => 'php',

  953.                 'file' => __FILE__, 'line' => __LINE__,

  954.                 'message' => "Enigma plugin: " . $result->getMessage()

  955.                 ), true, false);

  956.         }

  957. 

  958.         return $result;

  959.     }

  960. 

  961.     /**

  962.      * Find PGP private/public key

  963.      *

  964.      * @param string E-mail address

  965.      * @param bool   Need a key for signing?

  966.      *

  967.      * @return enigma_key The key

  968.      */

  969.     function find_key($email, $can_sign = false)

  970.     {

  971.         $this->load_pgp_driver();

  972.         $result = $this->pgp_driver->list_keys($email);

  973. 

  974.         if ($result instanceof enigma_error) {

  975.             rcube::raise_error(array(

  976.                 'code' => 600, 'type' => 'php',

  977.                 'file' => __FILE__, 'line' => __LINE__,

  978.                 'message' => "Enigma plugin: " . $result->getMessage()

  979.                 ), true, false);

  980. 

  981.             return;

  982.         }

  983. 

  984.         $mode = $can_sign ? enigma_key::CAN_SIGN : enigma_key::CAN_ENCRYPT;

  985. 

  986.         // check key validity and type

  987.         foreach ($result as $key) {

  988.             if ($keyid = $key->find_subkey($email, $mode)) {

  989.                 return $key;

  990.             }

  991.         }

  992.     }

  993. 

  994.     /**

  995.      * PGP key details.

  996.      *

  997.      * @param mixed Key ID

  998.      *

  999.      * @return mixed enigma_key or enigma_error

  1000.      */

  1001.     function get_key($keyid)

  1002.     {

  1003.         $this->load_pgp_driver();

  1004.         $result = $this->pgp_driver->get_key($keyid);

  1005. 

  1006.         if ($result instanceof enigma_error) {

  1007.             rcube::raise_error(array(

  1008.                 'code' => 600, 'type' => 'php',

  1009.                 'file' => __FILE__, 'line' => __LINE__,

  1010.                 'message' => "Enigma plugin: " . $result->getMessage()

  1011.                 ), true, false);

  1012.         }

  1013. 

  1014.         return $result;

  1015.     }

  1016. 

  1017.     /**

  1018.      * PGP key delete.

  1019.      *

  1020.      * @param string Key ID

  1021.      *

  1022.      * @return enigma_error|bool True on success

  1023.      */

  1024.     function delete_key($keyid)

  1025.     {

  1026.         $this->load_pgp_driver();

  1027.         $result = $this->pgp_driver->delete_key($keyid);

  1028. 

  1029.         if ($result instanceof enigma_error) {

  1030.             rcube::raise_error(array(

  1031.                 'code' => 600, 'type' => 'php',

  1032.                 'file' => __FILE__, 'line' => __LINE__,

  1033.                 'message' => "Enigma plugin: " . $result->getMessage()

  1034.                 ), true, false);

  1035.         }

  1036. 

  1037.         return $result;

  1038.     }

  1039. 

  1040.     /**

  1041.      * PGP keys pair generation.

  1042.      *

  1043.      * @param array Key pair parameters

  1044.      *

  1045.      * @return mixed enigma_key or enigma_error

  1046.      */

  1047.     function generate_key($data)

  1048.     {

  1049.         $this->load_pgp_driver();

  1050.         $result = $this->pgp_driver->gen_key($data);

  1051. 

  1052.         if ($result instanceof enigma_error) {

  1053.             rcube::raise_error(array(

  1054.                 'code' => 600, 'type' => 'php',

  1055.                 'file' => __FILE__, 'line' => __LINE__,

  1056.                 'message' => "Enigma plugin: " . $result->getMessage()

  1057.                 ), true, false);

  1058.         }

  1059. 

  1060.         return $result;

  1061.     }

  1062. 

  1063.     /**

  1064.      * PGP keys/certs import.

  1065.      *

  1066.      * @param mixed   Import file name or content

  1067.      * @param boolean True if first argument is a filename

  1068.      *

  1069.      * @return mixed Import status data array or enigma_error

  1070.      */

  1071.     function import_key($content, $isfile=false)

  1072.     {

  1073.         $this->load_pgp_driver();

  1074.         $result = $this->pgp_driver->import($content, $isfile);

  1075. 

  1076.         if ($result instanceof enigma_error) {

  1077.             rcube::raise_error(array(

  1078.                 'code' => 600, 'type' => 'php',

  1079.                 'file' => __FILE__, 'line' => __LINE__,

  1080.                 'message' => "Enigma plugin: " . $result->getMessage()

  1081.                 ), true, false);

  1082.         }

  1083.         else {

  1084.             $result['imported']  = $result['public_imported'] + $result['private_imported'];

  1085.             $result['unchanged'] = $result['public_unchanged'] + $result['private_unchanged'];

  1086.         }

  1087. 

  1088.         return $result;

  1089.     }

  1090. 

  1091.     /**

  1092.      * PGP keys/certs export.

  1093.      *

  1094.      * @param string   Key ID

  1095.      * @param resource Optional output stream

  1096.      * @param bool     Include private key

  1097.      *

  1098.      * @return mixed Key content or enigma_error

  1099.      */

  1100.     function export_key($key, $fp = null, $include_private = false)

  1101.     {

  1102.         $this->load_pgp_driver();

  1103.         $result = $this->pgp_driver->export($key, $include_private);

  1104. 

  1105.         if ($result instanceof enigma_error) {

  1106.             rcube::raise_error(array(

  1107.                 'code' => 600, 'type' => 'php',

  1108.                 'file' => __FILE__, 'line' => __LINE__,

  1109.                 'message' => "Enigma plugin: " . $result->getMessage()

  1110.                 ), true, false);

  1111. 

  1112.             return $result;

  1113.         }

  1114. 

  1115.         if ($fp) {

  1116.             fwrite($fp, $result);

  1117.         }

  1118.         else {

  1119.             return $result;

  1120.         }

  1121.     }

  1122. 

  1123.     /**

  1124.      * Registers password for specified key/cert sent by the password prompt.

  1125.      */

  1126.     function password_handler()

  1127.     {

  1128.         $keyid  = rcube_utils::get_input_value('_keyid', rcube_utils::INPUT_POST);

  1129.         $passwd = rcube_utils::get_input_value('_passwd', rcube_utils::INPUT_POST, true);

  1130. 

  1131.         if ($keyid && $passwd !== null && strlen($passwd)) {

  1132.             $this->save_password($keyid, $passwd);

  1133.         }

  1134.     }

  1135. 

  1136.     /**

  1137.      * Saves key/cert password in user session

  1138.      */

  1139.     function save_password($keyid, $password)

  1140.     {

  1141.         // we store passwords in session for specified time

  1142.         if ($config = $_SESSION['enigma_pass']) {

  1143.             $config = $this->rc->decrypt($config);

  1144.             $config = @unserialize($config);

  1145.         }

  1146. 

  1147.         $config[$keyid] = array($password, time());

  1148. 

  1149.         $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));

  1150.     }

  1151. 

  1152.     /**

  1153.      * Returns currently stored passwords

  1154.      */

  1155.     function get_passwords()

  1156.     {

  1157.         if ($config = $_SESSION['enigma_pass']) {

  1158.             $config = $this->rc->decrypt($config);

  1159.             $config = @unserialize($config);

  1160.         }

  1161. 

  1162.         $threshold = $this->password_time ? time() - $this->password_time : 0;

  1163.         $keys      = array();

  1164. 

  1165.         // delete expired passwords

  1166.         foreach ((array) $config as $key => $value) {

  1167.             if ($threshold && $value[1] < $threshold) {

  1168.                 unset($config[$key]);

  1169.                 $modified = true;

  1170.             }

  1171.             else {

  1172.                 $keys[$key] = $value[0];

  1173.             }

  1174.         }

  1175. 

  1176.         if ($modified) {

  1177.             $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));

  1178.         }

  1179. 

  1180.         return $keys;

  1181.     }

  1182. 

  1183.     /**

  1184.      * Get message part body.

  1185.      *

  1186.      * @param rcube_message      Message object

  1187.      * @param rcube_message_part Message part

  1188.      */

  1189.     private function get_part_body($msg, $part)

  1190.     {

  1191.         // @TODO: Handle big bodies using file handles

  1192. 

  1193.         // This is a special case when we want to get the whole body

  1194.         // using direct IMAP access, in other cases we prefer

  1195.         // rcube_message::get_part_body() as the body may be already in memory

  1196.         if (!$part->mime_id) {

  1197.             // fake the size which may be empty for multipart/* parts

  1198.             // otherwise get_message_part() below will fail

  1199.             if (!$part->size) {

  1200.                 $reset = true;

  1201.                 $part->size = 1;

  1202.             }

  1203. 

  1204.             $storage = $this->rc->get_storage();

  1205.             $body    = $storage->get_message_part($msg->uid, $part->mime_id, $part,

  1206.                 null, null, true, 0, false);

  1207. 

  1208.             if ($reset) {

  1209.                 $part->size = 0;

  1210.             }

  1211.         }

  1212.         else {

  1213.             $body = $msg->get_part_body($part->mime_id, false);

  1214.         }

  1215. 

  1216.         return $body;

  1217.     }

  1218. 

  1219.     /**

  1220.      * Parse decrypted message body into structure

  1221.      *

  1222.      * @param string Message body

  1223.      *

  1224.      * @return array Message structure

  1225.      */

  1226.     private function parse_body(&$body)

  1227.     {

  1228.         // Mail_mimeDecode need \r\n end-line, but gpg may return \n

  1229.         $body = preg_replace('/\r?\n/', "\r\n", $body);

  1230. 

  1231.         // parse the body into structure

  1232.         $struct = rcube_mime::parse_message($body);

  1233. 

  1234.         return $struct;

  1235.     }

  1236. 

  1237.     /**

  1238.      * Replace message encrypted structure with decrypted message structure

  1239.      *

  1240.      * @param array              Hook arguments

  1241.      * @param rcube_message_part Part structure

  1242.      * @param int                Part size

  1243.      */

  1244.     private function modify_structure(&$p, $struct, $size = 0)

  1245.     {

  1246.         // modify mime_parts property of the message object

  1247.         $old_id = $p['structure']->mime_id;

  1248. 

  1249.         foreach (array_keys($p['object']->mime_parts) as $idx) {

  1250.             if (!$old_id || $idx == $old_id || strpos($idx, $old_id . '.') === 0) {

  1251.                 unset($p['object']->mime_parts[$idx]);

  1252.             }

  1253.         }

  1254. 

  1255.         // set some part params used by Roundcube core

  1256.         $struct->headers  = array_merge($p['structure']->headers, $struct->headers);

  1257.         $struct->size     = $size;

  1258.         $struct->filename = $p['structure']->filename;

  1259. 

  1260.         // modify the new structure to be correctly handled by Roundcube

  1261.         $this->modify_structure_part($struct, $p['object'], $old_id);

  1262. 

  1263.         // replace old structure with the new one

  1264.         $p['structure'] = $struct;

  1265.         $p['mimetype']  = $struct->mimetype;

  1266.     }

  1267. 

  1268.     /**

  1269.      * Modify decrypted message part

  1270.      *

  1271.      * @param rcube_message_part

  1272.      * @param rcube_message

  1273.      */

  1274.     private function modify_structure_part($part, $msg, $old_id)

  1275.     {

  1276.         // never cache the body

  1277.         $part->body_modified = true;

  1278.         $part->encoding      = 'stream';

  1279. 

  1280.         // modify part identifier

  1281.         if ($old_id) {

  1282.             $part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id);

  1283.         }

  1284. 

  1285.         // Cache the fact it was decrypted

  1286.         $this->encrypted_parts[] = $part->mime_id;

  1287.         $msg->mime_parts[$part->mime_id] = $part;

  1288. 

  1289.         // modify sub-parts

  1290.         foreach ((array) $part->parts as $p) {

  1291.             $this->modify_structure_part($p, $msg, $old_id);

  1292.         }

  1293.     }

  1294. 

  1295.     /**

  1296.      * Extracts body and signature of multipart/signed message body

  1297.      */

  1298.     private function explode_signed_body($body, $boundary)

  1299.     {

  1300.         if (!$body) {

  1301.             return array();

  1302.         }

  1303. 

  1304.         $boundary     = '--' . $boundary;

  1305.         $boundary_len = strlen($boundary) + 2;

  1306. 

  1307.         // Find boundaries

  1308.         $start = strpos($body, $boundary) + $boundary_len;

  1309.         $end   = strpos($body, $boundary, $start);

  1310. 

  1311.         // Get signed body and signature

  1312.         $sig  = substr($body, $end + $boundary_len);

  1313.         $body = substr($body, $start, $end - $start - 2);

  1314. 

  1315.         // Cleanup signature

  1316.         $sig = substr($sig, strpos($sig, "\r\n\r\n") + 4);

  1317.         $sig = substr($sig, 0, strpos($sig, $boundary));

  1318. 

  1319.         return array($body, $sig);

  1320.     }

  1321. 

  1322.     /**

  1323.      * Checks if specified message part is a PGP-key or S/MIME cert data

  1324.      *

  1325.      * @param rcube_message_part Part object

  1326.      *

  1327.      * @return boolean True if part is a key/cert

  1328.      */

  1329.     public function is_keys_part($part)

  1330.     {

  1331.         // @TODO: S/MIME

  1332.         return (

  1333.             // Content-Type: application/pgp-keys

  1334.             $part->mimetype == 'application/pgp-keys'

  1335.         );

  1336.     }

  1337. }