robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 Commits
2 Branches
Tree: ad3f0fe5b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ad3f0fe5b1'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/plugins/enigma/lib/enigma_engine.php

enigma_engine.php 42KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408 
  1. <?php

  2. 

  3. /**

  4.  +-------------------------------------------------------------------------+

  5.  | Engine of the Enigma Plugin                                             |

  6.  |                                                                         |

  7.  | Copyright (C) 2010-2016 The Roundcube Dev Team                          |

  8.  |                                                                         |

  9.  | Licensed under the GNU General Public License version 3 or              |

  10.  | any later version with exceptions for skins & plugins.                  |

  11.  | See the README file for a full license statement.                       |

  12.  |                                                                         |

  13.  +-------------------------------------------------------------------------+

  14.  | Author: Aleksander Machniak <alec@alec.pl>                              |

  15.  +-------------------------------------------------------------------------+

  16. */

  17. 

  18. /**

  19.  * Enigma plugin engine.

  20.  *

  21.  * RFC2440: OpenPGP Message Format

  22.  * RFC3156: MIME Security with OpenPGP

  23.  * RFC3851: S/MIME

  24.  */

  25. class enigma_engine

  26. {

  27.     private $rc;

  28.     private $enigma;

  29.     private $pgp_driver;

  30.     private $smime_driver;

  31.     private $password_time;

  32.     private $cache = array();

  33. 

  34.     public $decryptions     = array();

  35.     public $signatures      = array();

  36.     public $encrypted_parts = array();

  37. 

  38.     const ENCRYPTED_PARTIALLY = 100;

  39. 

  40.     const SIGN_MODE_BODY     = 1;

  41.     const SIGN_MODE_SEPARATE = 2;

  42.     const SIGN_MODE_MIME     = 4;

  43. 

  44.     const ENCRYPT_MODE_BODY = 1;

  45.     const ENCRYPT_MODE_MIME = 2;

  46.     const ENCRYPT_MODE_SIGN = 4;

  47. 

  48. 

  49.     /**

  50.      * Plugin initialization.

  51.      */

  52.     function __construct($enigma)

  53.     {

  54.         $this->rc     = rcmail::get_instance();

  55.         $this->enigma = $enigma;

  56. 

  57.         $this->password_time = $this->rc->config->get('enigma_password_time') * 60;

  58. 

  59.         // this will remove passwords from session after some time

  60.         if ($this->password_time) {

  61.             $this->get_passwords();

  62.         }

  63.     }

  64. 

  65.     /**

  66.      * PGP driver initialization.

  67.      */

  68.     function load_pgp_driver()

  69.     {

  70.         if ($this->pgp_driver) {

  71.             return;

  72.         }

  73. 

  74.         $driver   = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg');

  75.         $username = $this->rc->user->get_username();

  76. 

  77.         // Load driver

  78.         $this->pgp_driver = new $driver($username);

  79. 

  80.         if (!$this->pgp_driver) {

  81.             rcube::raise_error(array(

  82.                 'code' => 600, 'type' => 'php',

  83.                 'file' => __FILE__, 'line' => __LINE__,

  84.                 'message' => "Enigma plugin: Unable to load PGP driver: $driver"

  85.             ), true, true);

  86.         }

  87. 

  88.         // Initialise driver

  89.         $result = $this->pgp_driver->init();

  90. 

  91.         if ($result instanceof enigma_error) {

  92.             self::raise_error($result, __LINE__, true);

  93.         }

  94.     }

  95. 

  96.     /**

  97.      * S/MIME driver initialization.

  98.      */

  99.     function load_smime_driver()

  100.     {

  101.         if ($this->smime_driver) {

  102.             return;

  103.         }

  104. 

  105.         $driver   = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl');

  106.         $username = $this->rc->user->get_username();

  107. 

  108.         // Load driver

  109.         $this->smime_driver = new $driver($username);

  110. 

  111.         if (!$this->smime_driver) {

  112.             rcube::raise_error(array(

  113.                 'code' => 600, 'type' => 'php',

  114.                 'file' => __FILE__, 'line' => __LINE__,

  115.                 'message' => "Enigma plugin: Unable to load S/MIME driver: $driver"

  116.             ), true, true);

  117.         }

  118. 

  119.         // Initialise driver

  120.         $result = $this->smime_driver->init();

  121. 

  122.         if ($result instanceof enigma_error) {

  123.             self::raise_error($result, __LINE__, true);

  124.         }

  125.     }

  126. 

  127.     /**

  128.      * Handler for message signing

  129.      *

  130.      * @param Mail_mime Original message

  131.      * @param int       Encryption mode

  132.      *

  133.      * @return enigma_error On error returns error object

  134.      */

  135.     function sign_message(&$message, $mode = null)

  136.     {

  137.         $mime = new enigma_mime_message($message, enigma_mime_message::PGP_SIGNED);

  138.         $from = $mime->getFromAddress();

  139. 

  140.         // find private key

  141.         $key = $this->find_key($from, true);

  142. 

  143.         if (empty($key)) {

  144.             return new enigma_error(enigma_error::KEYNOTFOUND);

  145.         }

  146. 

  147.         // check if we have password for this key

  148.         $passwords = $this->get_passwords();

  149.         $pass      = $passwords[$key->id];

  150. 

  151.         if ($pass === null) {

  152.             // ask for password

  153.             $error = array('missing' => array($key->id => $key->name));

  154.             return new enigma_error(enigma_error::BADPASS, '', $error);

  155.         }

  156. 

  157.         $key->password = $pass;

  158. 

  159.         // select mode

  160.         switch ($mode) {

  161.         case self::SIGN_MODE_BODY:

  162.             $pgp_mode = Crypt_GPG::SIGN_MODE_CLEAR;

  163.             break;

  164. 

  165.         case self::SIGN_MODE_MIME:

  166.             $pgp_mode = Crypt_GPG::SIGN_MODE_DETACHED;

  167.             break;

  168. 

  169.         default:

  170.             if ($mime->isMultipart()) {

  171.                 $pgp_mode = Crypt_GPG::SIGN_MODE_DETACHED;

  172.             }

  173.             else {

  174.                 $pgp_mode = Crypt_GPG::SIGN_MODE_CLEAR;

  175.             }

  176.         }

  177. 

  178.         // get message body

  179.         if ($pgp_mode == Crypt_GPG::SIGN_MODE_CLEAR) {

  180.             // in this mode we'll replace text part

  181.             // with the one containing signature

  182.             $body = $message->getTXTBody();

  183. 

  184.             $text_charset = $message->getParam('text_charset');

  185.             $line_length  = $this->rc->config->get('line_length', 72);

  186. 

  187.             // We can't use format=flowed for signed messages

  188.             if (strpos($text_charset, 'format=flowed')) {

  189.                 list($charset, $params) = explode(';', $text_charset);

  190.                 $body = rcube_mime::unfold_flowed($body);

  191.                 $body = rcube_mime::wordwrap($body, $line_length, "\r\n", false, $charset);

  192. 

  193.                 $text_charset = str_replace(";\r\n format=flowed", '', $text_charset);

  194.             }

  195.         }

  196.         else {

  197.             // here we'll build PGP/MIME message

  198.             $body = $mime->getOrigBody();

  199.         }

  200. 

  201.         // sign the body

  202.         $result = $this->pgp_sign($body, $key, $pgp_mode);

  203. 

  204.         if ($result !== true) {

  205.             if ($result->getCode() == enigma_error::BADPASS) {

  206.                 // ask for password

  207.                 $error = array('bad' => array($key->id => $key->name));

  208.                 return new enigma_error(enigma_error::BADPASS, '', $error);

  209.             }

  210. 

  211.             return $result;

  212.         }

  213. 

  214.         // replace message body

  215.         if ($pgp_mode == Crypt_GPG::SIGN_MODE_CLEAR) {

  216.             $message->setTXTBody($body);

  217.             $message->setParam('text_charset', $text_charset);

  218.         }

  219.         else {

  220.             $mime->addPGPSignature($body, $this->pgp_driver->signature_algorithm());

  221.             $message = $mime;

  222.         }

  223.     }

  224. 

  225.     /**

  226.      * Handler for message encryption

  227.      *

  228.      * @param Mail_mime Original message

  229.      * @param int       Encryption mode

  230.      * @param bool      Is draft-save action - use only sender's key for encryption

  231.      *

  232.      * @return enigma_error On error returns error object

  233.      */

  234.     function encrypt_message(&$message, $mode = null, $is_draft = false)

  235.     {

  236.         $mime = new enigma_mime_message($message, enigma_mime_message::PGP_ENCRYPTED);

  237. 

  238.         // always use sender's key

  239.         $from = $mime->getFromAddress();

  240. 

  241.         // check senders key for signing

  242.         if ($mode & self::ENCRYPT_MODE_SIGN) {

  243.             $sign_key = $this->find_key($from, true);

  244. 

  245.             if (empty($sign_key)) {

  246.                 return new enigma_error(enigma_error::KEYNOTFOUND);

  247.             }

  248. 

  249.             // check if we have password for this key

  250.             $passwords = $this->get_passwords();

  251.             $sign_pass = $passwords[$sign_key->id];

  252. 

  253.             if ($sign_pass === null) {

  254.                 // ask for password

  255.                 $error = array('missing' => array($sign_key->id => $sign_key->name));

  256.                 return new enigma_error(enigma_error::BADPASS, '', $error);

  257.             }

  258. 

  259.             $sign_key->password = $sign_pass;

  260.         }

  261. 

  262.         $recipients = array($from);

  263. 

  264.         // if it's not a draft we add all recipients' keys

  265.         if (!$is_draft) {

  266.             $recipients = array_merge($recipients, $mime->getRecipients());

  267.         }

  268. 

  269.         if (empty($recipients)) {

  270.             return new enigma_error(enigma_error::KEYNOTFOUND);

  271.         }

  272. 

  273.         $recipients = array_unique($recipients);

  274. 

  275.         // find recipient public keys

  276.         foreach ((array) $recipients as $email) {

  277.             if ($email == $from && $sign_key) {

  278.                 $key = $sign_key;

  279.             }

  280.             else {

  281.                 $key = $this->find_key($email);

  282.             }

  283. 

  284.             if (empty($key)) {

  285.                 return new enigma_error(enigma_error::KEYNOTFOUND, '', array(

  286.                     'missing' => $email

  287.                 ));

  288.             }

  289. 

  290.             $keys[] = $key;

  291.         }

  292. 

  293.         // select mode

  294.         if ($mode & self::ENCRYPT_MODE_BODY) {

  295.             $encrypt_mode = $mode;

  296.         }

  297.         else if ($mode & self::ENCRYPT_MODE_MIME) {

  298.             $encrypt_mode = $mode;

  299.         }

  300.         else {

  301.             $encrypt_mode = $mime->isMultipart() ? self::ENCRYPT_MODE_MIME : self::ENCRYPT_MODE_BODY;

  302.         }

  303. 

  304.         // get message body

  305.         if ($encrypt_mode == self::ENCRYPT_MODE_BODY) {

  306.             // in this mode we'll replace text part

  307.             // with the one containing encrypted message

  308.             $body = $message->getTXTBody();

  309.         }

  310.         else {

  311.             // here we'll build PGP/MIME message

  312.             $body = $mime->getOrigBody();

  313.         }

  314. 

  315.         // sign the body

  316.         $result = $this->pgp_encrypt($body, $keys, $sign_key);

  317. 

  318.         if ($result !== true) {

  319.             if ($result->getCode() == enigma_error::BADPASS) {

  320.                 // ask for password

  321.                 $error = array('bad' => array($sign_key->id => $sign_key->name));

  322.                 return new enigma_error(enigma_error::BADPASS, '', $error);

  323.             }

  324. 

  325.             return $result;

  326.         }

  327. 

  328.         // replace message body

  329.         if ($encrypt_mode == self::ENCRYPT_MODE_BODY) {

  330.             $message->setTXTBody($body);

  331.         }

  332.         else {

  333.             $mime->setPGPEncryptedBody($body);

  334.             $message = $mime;

  335.         }

  336.     }

  337. 

  338.     /**

  339.      * Handler for attaching public key to a message

  340.      *

  341.      * @param Mail_mime Original message

  342.      *

  343.      * @return bool True on success, False on failure

  344.      */

  345.     function attach_public_key(&$message)

  346.     {

  347.         $headers = $message->headers();

  348.         $from    = rcube_mime::decode_address_list($headers['From'], 1, false, null, true);

  349.         $from    = $from[1];

  350. 

  351.         // find my key

  352.         if ($from && ($key = $this->find_key($from, true))) {

  353.             $pubkey_armor = $this->export_key($key->id);

  354. 

  355.             if (!$pubkey_armor instanceof enigma_error) {

  356.                 $pubkey_name = '0x' . enigma_key::format_id($key->id) . '.asc';

  357.                 $message->addAttachment($pubkey_armor, 'application/pgp-keys', $pubkey_name, false, '7bit');

  358.                 return true;

  359.             }

  360.         }

  361. 

  362.         return false;

  363.     }

  364. 

  365.     /**

  366.      * Handler for message_part_structure hook.

  367.      * Called for every part of the message.

  368.      *

  369.      * @param array  Original parameters

  370.      * @param string Part body (will be set if used internally)

  371.      *

  372.      * @return array Modified parameters

  373.      */

  374.     function part_structure($p, $body = null)

  375.     {

  376.         if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') {

  377.             $this->parse_plain($p, $body);

  378.         }

  379.         else if ($p['mimetype'] == 'multipart/signed') {

  380.             $this->parse_signed($p, $body);

  381.         }

  382.         else if ($p['mimetype'] == 'multipart/encrypted') {

  383.             $this->parse_encrypted($p);

  384.         }

  385.         else if ($p['mimetype'] == 'application/pkcs7-mime') {

  386.             $this->parse_encrypted($p);

  387.         }

  388. 

  389.         return $p;

  390.     }

  391. 

  392.     /**

  393.      * Handler for message_part_body hook.

  394.      *

  395.      * @param array Original parameters

  396.      *

  397.      * @return array Modified parameters

  398.      */

  399.     function part_body($p)

  400.     {

  401.         // encrypted attachment, see parse_plain_encrypted()

  402.         if ($p['part']->need_decryption && $p['part']->body === null) {

  403.             $this->load_pgp_driver();

  404. 

  405.             $storage = $this->rc->get_storage();

  406.             $body    = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false);

  407.             $result  = $this->pgp_decrypt($body);

  408. 

  409.             // @TODO: what to do on error?

  410.             if ($result === true) {

  411.                 $p['part']->body = $body;

  412.                 $p['part']->size = strlen($body);

  413.                 $p['part']->body_modified = true;

  414.             }

  415.         }

  416. 

  417.         return $p;

  418.     }

  419. 

  420.     /**

  421.      * Handler for plain/text message.

  422.      *

  423.      * @param array  Reference to hook's parameters

  424.      * @param string Part body (will be set if used internally)

  425.      */

  426.     function parse_plain(&$p, $body = null)

  427.     {

  428.         $part = $p['structure'];

  429. 

  430.         // Get message body from IMAP server

  431.         if ($body === null) {

  432.             $body = $this->get_part_body($p['object'], $part);

  433.         }

  434. 

  435.         // In this way we can use fgets on string as on file handle

  436.         // Don't use php://temp for security (body may come from an encrypted part)

  437.         $fd = fopen('php://memory', 'r+');

  438.         if (!$fd) {

  439.             return;

  440.         }

  441. 

  442.         fwrite($fd, $body);

  443.         rewind($fd);

  444. 

  445.         $body   = '';

  446.         $prefix = '';

  447.         $mode   = '';

  448.         $tokens = array(

  449.             'BEGIN PGP SIGNED MESSAGE' => 'signed-start',

  450.             'END PGP SIGNATURE'        => 'signed-end',

  451.             'BEGIN PGP MESSAGE'        => 'encrypted-start',

  452.             'END PGP MESSAGE'          => 'encrypted-end',

  453.         );

  454.         $regexp = '/^-----(' . implode('|', array_keys($tokens)) . ')-----[\r\n]*/';

  455. 

  456.         while (($line = fgets($fd)) !== false) {

  457.             if ($line[0] === '-' && $line[4] === '-' && preg_match($regexp, $line, $m)) {

  458.                 switch ($tokens[$m[1]]) {

  459.                 case 'signed-start':

  460.                     $body = $line;

  461.                     $mode = 'signed';

  462.                     break;

  463. 

  464.                 case 'signed-end':

  465.                     if ($mode === 'signed') {

  466.                         $body .= $line;

  467.                     }

  468.                     break 2; // ignore anything after this line

  469. 

  470.                 case 'encrypted-start':

  471.                     $body = $line;

  472.                     $mode = 'encrypted';

  473.                     break;

  474. 

  475.                 case 'encrypted-end':

  476.                     if ($mode === 'encrypted') {

  477.                         $body .= $line;

  478.                     }

  479.                     break 2; // ignore anything after this line

  480.                 }

  481. 

  482.                 continue;

  483.             }

  484. 

  485.             if ($mode === 'signed') {

  486.                 $body .= $line;

  487.             }

  488.             else if ($mode === 'encrypted') {

  489.                 $body .= $line;

  490.             }

  491.             else {

  492.                 $prefix .= $line;

  493.             }

  494.         }

  495. 

  496.         fclose($fd);

  497. 

  498.         if ($mode === 'signed') {

  499.             $this->parse_plain_signed($p, $body, $prefix);

  500.         }

  501.         else if ($mode === 'encrypted') {

  502.             $this->parse_plain_encrypted($p, $body, $prefix);

  503.         }

  504.     }

  505. 

  506.     /**

  507.      * Handler for multipart/signed message.

  508.      *

  509.      * @param array  Reference to hook's parameters

  510.      * @param string Part body (will be set if used internally)

  511.      */

  512.     function parse_signed(&$p, $body = null)

  513.     {

  514.         $struct = $p['structure'];

  515. 

  516.         // S/MIME

  517.         if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pkcs7-signature') {

  518.             $this->parse_smime_signed($p, $body);

  519.         }

  520.         // PGP/MIME: RFC3156

  521.         // The multipart/signed body MUST consist of exactly two parts.

  522.         // The first part contains the signed data in MIME canonical format,

  523.         // including a set of appropriate content headers describing the data.

  524.         // The second body MUST contain the PGP digital signature.  It MUST be

  525.         // labeled with a content type of "application/pgp-signature".

  526.         else if (count($struct->parts) == 2

  527.             && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature'

  528.         ) {

  529.             $this->parse_pgp_signed($p, $body);

  530.         }

  531.     }

  532. 

  533.     /**

  534.      * Handler for multipart/encrypted message.

  535.      *

  536.      * @param array Reference to hook's parameters

  537.      */

  538.     function parse_encrypted(&$p)

  539.     {

  540.         $struct = $p['structure'];

  541. 

  542.         // S/MIME

  543.         if ($p['mimetype'] == 'application/pkcs7-mime') {

  544.             $this->parse_smime_encrypted($p);

  545.         }

  546.         // PGP/MIME: RFC3156

  547.         // The multipart/encrypted MUST consist of exactly two parts. The first

  548.         // MIME body part must have a content type of "application/pgp-encrypted".

  549.         // This body contains the control information.

  550.         // The second MIME body part MUST contain the actual encrypted data.  It

  551.         // must be labeled with a content type of "application/octet-stream".

  552.         else if (count($struct->parts) == 2

  553.             && $struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted'

  554.             && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream'

  555.         ) {

  556.             $this->parse_pgp_encrypted($p);

  557.         }

  558.     }

  559. 

  560.     /**

  561.      * Handler for plain signed message.

  562.      * Excludes message and signature bodies and verifies signature.

  563.      *

  564.      * @param array  Reference to hook's parameters

  565.      * @param string Message (part) body

  566.      * @param string Body prefix (additional text before the encrypted block)

  567.      */

  568.     private function parse_plain_signed(&$p, $body, $prefix = '')

  569.     {

  570.         if (!$this->rc->config->get('enigma_signatures', true)) {

  571.             return;

  572.         }

  573. 

  574.         $this->load_pgp_driver();

  575.         $part = $p['structure'];

  576. 

  577.         // Verify signature

  578.         if ($this->rc->action == 'show' || $this->rc->action == 'preview' || $this->rc->action == 'print') {

  579.             $sig = $this->pgp_verify($body);

  580.         }

  581. 

  582.         // In this way we can use fgets on string as on file handle

  583.         // Don't use php://temp for security (body may come from an encrypted part)

  584.         $fd = fopen('php://memory', 'r+');

  585.         if (!$fd) {

  586.             return;

  587.         }

  588. 

  589.         fwrite($fd, $body);

  590.         rewind($fd);

  591. 

  592.         $body = $part->body = null;

  593.         $part->body_modified = true;

  594. 

  595.         // Extract body (and signature?)

  596.         while (($line = fgets($fd, 1024)) !== false) {

  597.             if ($part->body === null)

  598.                 $part->body = '';

  599.             else if (preg_match('/^-----BEGIN PGP SIGNATURE-----/', $line))

  600.                 break;

  601.             else

  602.                 $part->body .= $line;

  603.         }

  604. 

  605.         fclose($fd);

  606. 

  607.         // Remove "Hash" Armor Headers

  608.         $part->body = preg_replace('/^.*\r*\n\r*\n/', '', $part->body);

  609.         // de-Dash-Escape (RFC2440)

  610.         $part->body = preg_replace('/(^|\n)- -/', '\\1-', $part->body);

  611. 

  612.         if ($prefix) {

  613.             $part->body = $prefix . $part->body;

  614.         }

  615. 

  616.         // Store signature data for display

  617.         if (!empty($sig)) {

  618.             $sig->partial = !empty($prefix);

  619.             $this->signatures[$part->mime_id] = $sig;

  620.         }

  621.     }

  622. 

  623.     /**

  624.      * Handler for PGP/MIME signed message.

  625.      * Verifies signature.

  626.      *

  627.      * @param array  Reference to hook's parameters

  628.      * @param string Part body (will be set if used internally)

  629.      */

  630.     private function parse_pgp_signed(&$p, $body = null)

  631.     {

  632.         if (!$this->rc->config->get('enigma_signatures', true)) {

  633.             return;

  634.         }

  635. 

  636.         if ($this->rc->action != 'show' && $this->rc->action != 'preview' && $this->rc->action != 'print') {

  637.             return;

  638.         }

  639. 

  640.         $this->load_pgp_driver();

  641.         $struct = $p['structure'];

  642. 

  643.         $msg_part = $struct->parts[0];

  644.         $sig_part = $struct->parts[1];

  645. 

  646.         // Get bodies

  647.         if ($body === null) {

  648.             if (!$struct->body_modified) {

  649.                 $body = $this->get_part_body($p['object'], $struct);

  650.             }

  651.         }

  652. 

  653.         $boundary = $struct->ctype_parameters['boundary'];

  654. 

  655.         // when it is a signed message forwarded as attachment

  656.         // ctype_parameters property will not be set

  657.         if (!$boundary && $struct->headers['content-type']

  658.             && preg_match('/boundary="?([a-zA-Z0-9\'()+_,-.\/:=?]+)"?/', $struct->headers['content-type'], $m)

  659.         ) {

  660.             $boundary = $m[1];

  661.         }

  662. 

  663.         // set signed part body

  664.         list($msg_body, $sig_body) = $this->explode_signed_body($body, $boundary);

  665. 

  666.         // Verify

  667.         if ($sig_body && $msg_body) {

  668.             $sig = $this->pgp_verify($msg_body, $sig_body);

  669. 

  670.             // Store signature data for display

  671.             $this->signatures[$struct->mime_id] = $sig;

  672.             $this->signatures[$msg_part->mime_id] = $sig;

  673.         }

  674.     }

  675. 

  676.     /**

  677.      * Handler for S/MIME signed message.

  678.      * Verifies signature.

  679.      *

  680.      * @param array  Reference to hook's parameters

  681.      * @param string Part body (will be set if used internally)

  682.      */

  683.     private function parse_smime_signed(&$p, $body = null)

  684.     {

  685.         if (!$this->rc->config->get('enigma_signatures', true)) {

  686.             return;

  687.         }

  688. 

  689.         // @TODO

  690.     }

  691. 

  692.     /**

  693.      * Handler for plain encrypted message.

  694.      *

  695.      * @param array  Reference to hook's parameters

  696.      * @param string Message (part) body

  697.      * @param string Body prefix (additional text before the encrypted block)

  698.      */

  699.     private function parse_plain_encrypted(&$p, $body, $prefix = '')

  700.     {

  701.         if (!$this->rc->config->get('enigma_decryption', true)) {

  702.             return;

  703.         }

  704. 

  705.         $this->load_pgp_driver();

  706.         $part = $p['structure'];

  707. 

  708.         // Decrypt

  709.         $result = $this->pgp_decrypt($body, $signature);

  710. 

  711.         // Store decryption status

  712.         $this->decryptions[$part->mime_id] = $result;

  713. 

  714.         // Store signature data for display

  715.         if ($signature) {

  716.             $this->signatures[$part->mime_id] = $signature;

  717.         }

  718. 

  719.         // find parent part ID

  720.         if (strpos($part->mime_id, '.')) {

  721.             $items = explode('.', $part->mime_id);

  722.             array_pop($items);

  723.             $parent = implode('.', $items);

  724.         }

  725.         else {

  726.             $parent = 0;

  727.         }

  728. 

  729.         // Parse decrypted message

  730.         if ($result === true) {

  731.             $part->body          = $prefix . $body;

  732.             $part->body_modified = true;

  733. 

  734.             // it maybe PGP signed inside, verify signature

  735.             $this->parse_plain($p, $body);

  736. 

  737.             // Remember it was decrypted

  738.             $this->encrypted_parts[] = $part->mime_id;

  739. 

  740.             // Inform the user that only a part of the body was encrypted

  741.             if ($prefix) {

  742.                 $this->decryptions[$part->mime_id] = self::ENCRYPTED_PARTIALLY;

  743.             }

  744. 

  745.             // Encrypted plain message may contain encrypted attachments

  746.             // in such case attachments have .pgp extension and type application/octet-stream.

  747.             // This is what happens when you select "Encrypt each attachment separately

  748.             // and send the message using inline PGP" in Thunderbird's Enigmail.

  749. 

  750.             if ($p['object']->mime_parts[$parent]) {

  751.                 foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {

  752.                     if ($p->disposition == 'attachment' && $p->mimetype == 'application/octet-stream'

  753.                         && preg_match('/^(.*)\.pgp$/i', $p->filename, $m)

  754.                     ) {

  755.                         // modify filename

  756.                         $p->filename = $m[1];

  757.                         // flag the part, it will be decrypted when needed

  758.                         $p->need_decryption = true;

  759.                         // disable caching

  760.                         $p->body_modified = true;

  761.                     }

  762.                 }

  763.             }

  764.         }

  765.         // decryption failed, but the message may have already

  766.         // been cached with the modified parts (see above),

  767.         // let's bring the original state back

  768.         else if ($p['object']->mime_parts[$parent]) {

  769.             foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {

  770.                 if ($p->need_decryption && !preg_match('/^(.*)\.pgp$/i', $p->filename, $m)) {

  771.                     // modify filename

  772.                     $p->filename .= '.pgp';

  773.                     // flag the part, it will be decrypted when needed

  774.                     unset($p->need_decryption);

  775.                 }

  776.             }

  777.         }

  778.     }

  779. 

  780.     /**

  781.      * Handler for PGP/MIME encrypted message.

  782.      *

  783.      * @param array Reference to hook's parameters

  784.      */

  785.     private function parse_pgp_encrypted(&$p)

  786.     {

  787.         if (!$this->rc->config->get('enigma_decryption', true)) {

  788.             return;

  789.         }

  790. 

  791.         $this->load_pgp_driver();

  792. 

  793.         $struct = $p['structure'];

  794.         $part   = $struct->parts[1];

  795. 

  796.         // Get body

  797.         $body = $this->get_part_body($p['object'], $part);

  798. 

  799.         // Decrypt

  800.         $result = $this->pgp_decrypt($body, $signature);

  801. 

  802.         if ($result === true) {

  803.             // Parse decrypted message

  804.             $struct = $this->parse_body($body);

  805. 

  806.             // Modify original message structure

  807.             $this->modify_structure($p, $struct, strlen($body));

  808. 

  809.             // Parse the structure (there may be encrypted/signed parts inside

  810.             $this->part_structure(array(

  811.                     'object'    => $p['object'],

  812.                     'structure' => $struct,

  813.                     'mimetype'  => $struct->mimetype

  814.                 ), $body);

  815. 

  816.             // Attach the decryption message to all parts

  817.             $this->decryptions[$struct->mime_id] = $result;

  818.             foreach ((array) $struct->parts as $sp) {

  819.                 $this->decryptions[$sp->mime_id] = $result;

  820.                 if ($signature) {

  821.                     $this->signatures[$sp->mime_id] = $signature;

  822.                 }

  823.             }

  824.         }

  825.         else {

  826.             $this->decryptions[$part->mime_id] = $result;

  827. 

  828.             // Make sure decryption status message will be displayed

  829.             $part->type = 'content';

  830.             $p['object']->parts[] = $part;

  831. 

  832.             // don't show encrypted part on attachments list

  833.             // don't show "cannot display encrypted message" text

  834.             $p['abort'] = true;

  835.         }

  836.     }

  837. 

  838.     /**

  839.      * Handler for S/MIME encrypted message.

  840.      *

  841.      * @param array Reference to hook's parameters

  842.      */

  843.     private function parse_smime_encrypted(&$p)

  844.     {

  845.         if (!$this->rc->config->get('enigma_decryption', true)) {

  846.             return;

  847.         }

  848. 

  849.         // @TODO

  850.     }

  851. 

  852.     /**

  853.      * PGP signature verification.

  854.      *

  855.      * @param mixed Message body

  856.      * @param mixed Signature body (for MIME messages)

  857.      *

  858.      * @return mixed enigma_signature or enigma_error

  859.      */

  860.     private function pgp_verify(&$msg_body, $sig_body = null)

  861.     {

  862.         // @TODO: Handle big bodies using (temp) files

  863.         $sig = $this->pgp_driver->verify($msg_body, $sig_body);

  864. 

  865.         if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::KEYNOTFOUND) {

  866.             self::raise_error($sig, __LINE__);

  867.         }

  868. 

  869.         return $sig;

  870.     }

  871. 

  872.     /**

  873.      * PGP message decryption.

  874.      *

  875.      * @param mixed            &$msg_body  Message body

  876.      * @param enigma_signature &$signature Signature verification result

  877.      *

  878.      * @return mixed True or enigma_error

  879.      */

  880.     private function pgp_decrypt(&$msg_body, &$signature = null)

  881.     {

  882.         // @TODO: Handle big bodies using (temp) files

  883.         $keys   = $this->get_passwords();

  884.         $result = $this->pgp_driver->decrypt($msg_body, $keys, $signature);

  885. 

  886.         if ($result instanceof enigma_error) {

  887.             if ($result->getCode() != enigma_error::KEYNOTFOUND) {

  888.                 self::raise_error($result, __LINE__);

  889.             }

  890. 

  891.             return $result;

  892.         }

  893. 

  894.         $msg_body = $result;

  895. 

  896.         return true;

  897.     }

  898. 

  899.     /**

  900.      * PGP message signing

  901.      *

  902.      * @param mixed      Message body

  903.      * @param enigma_key The key (with passphrase)

  904.      * @param int        Signing mode

  905.      *

  906.      * @return mixed True or enigma_error

  907.      */

  908.     private function pgp_sign(&$msg_body, $key, $mode = null)

  909.     {

  910.         // @TODO: Handle big bodies using (temp) files

  911.         $result = $this->pgp_driver->sign($msg_body, $key, $mode);

  912. 

  913.         if ($result instanceof enigma_error) {

  914.             if ($result->getCode() != enigma_error::KEYNOTFOUND) {

  915.                 self::raise_error($result, __LINE__);

  916.             }

  917. 

  918.             return $result;

  919.         }

  920. 

  921.         $msg_body = $result;

  922. 

  923.         return true;

  924.     }

  925. 

  926.     /**

  927.      * PGP message encrypting

  928.      *

  929.      * @param mixed  Message body

  930.      * @param array  Keys (array of enigma_key objects)

  931.      * @param string Optional signing Key ID

  932.      * @param string Optional signing Key password

  933.      *

  934.      * @return mixed True or enigma_error

  935.      */

  936.     private function pgp_encrypt(&$msg_body, $keys, $sign_key = null, $sign_pass = null)

  937.     {

  938.         // @TODO: Handle big bodies using (temp) files

  939.         $result = $this->pgp_driver->encrypt($msg_body, $keys, $sign_key, $sign_pass);

  940. 

  941.         if ($result instanceof enigma_error) {

  942.             if ($result->getCode() != enigma_error::KEYNOTFOUND) {

  943.                 self::raise_error($result, __LINE__);

  944.             }

  945. 

  946.             return $result;

  947.         }

  948. 

  949.         $msg_body = $result;

  950. 

  951.         return true;

  952.     }

  953. 

  954.     /**

  955.      * PGP keys listing.

  956.      *

  957.      * @param mixed Key ID/Name pattern

  958.      *

  959.      * @return mixed Array of keys or enigma_error

  960.      */

  961.     function list_keys($pattern = '')

  962.     {

  963.         $this->load_pgp_driver();

  964.         $result = $this->pgp_driver->list_keys($pattern);

  965. 

  966.         if ($result instanceof enigma_error) {

  967.             self::raise_error($result, __LINE__);

  968.         }

  969. 

  970.         return $result;

  971.     }

  972. 

  973.     /**

  974.      * Find PGP private/public key

  975.      *

  976.      * @param string E-mail address

  977.      * @param bool   Need a key for signing?

  978.      *

  979.      * @return enigma_key The key

  980.      */

  981.     function find_key($email, $can_sign = false)

  982.     {

  983.         if ($can_sign && array_key_exists($email, $this->cache)) {

  984.             return $this->cache[$email];

  985.         }

  986. 

  987.         $this->load_pgp_driver();

  988.         $result = $this->pgp_driver->list_keys($email);

  989. 

  990.         if ($result instanceof enigma_error) {

  991.             self::raise_error($result, __LINE__);

  992.             return;

  993.         }

  994. 

  995.         $mode = $can_sign ? enigma_key::CAN_SIGN : enigma_key::CAN_ENCRYPT;

  996.         $ret  = null;

  997. 

  998.         // check key validity and type

  999.         foreach ($result as $key) {

  1000.             if (($subkey = $key->find_subkey($email, $mode))

  1001.                 && (!$can_sign || $key->get_type() == enigma_key::TYPE_KEYPAIR)

  1002.             ) {

  1003.                 $ret = $key;

  1004.                 break;

  1005.             }

  1006.         }

  1007. 

  1008.         // cache private key info for better performance

  1009.         // we can skip one list_keys() call when signing and attaching a key

  1010.         if ($can_sign) {

  1011.             $this->cache[$email] = $ret;

  1012.         }

  1013. 

  1014.         return $ret;

  1015.     }

  1016. 

  1017.     /**

  1018.      * PGP key details.

  1019.      *

  1020.      * @param mixed Key ID

  1021.      *

  1022.      * @return mixed enigma_key or enigma_error

  1023.      */

  1024.     function get_key($keyid)

  1025.     {

  1026.         $this->load_pgp_driver();

  1027.         $result = $this->pgp_driver->get_key($keyid);

  1028. 

  1029.         if ($result instanceof enigma_error) {

  1030.             self::raise_error($result, __LINE__);

  1031.         }

  1032. 

  1033.         return $result;

  1034.     }

  1035. 

  1036.     /**

  1037.      * PGP key delete.

  1038.      *

  1039.      * @param string Key ID

  1040.      *

  1041.      * @return enigma_error|bool True on success

  1042.      */

  1043.     function delete_key($keyid)

  1044.     {

  1045.         $this->load_pgp_driver();

  1046.         $result = $this->pgp_driver->delete_key($keyid);

  1047. 

  1048.         if ($result instanceof enigma_error) {

  1049.             self::raise_error($result, __LINE__);

  1050.         }

  1051. 

  1052.         return $result;

  1053.     }

  1054. 

  1055.     /**

  1056.      * PGP keys pair generation.

  1057.      *

  1058.      * @param array Key pair parameters

  1059.      *

  1060.      * @return mixed enigma_key or enigma_error

  1061.      */

  1062.     function generate_key($data)

  1063.     {

  1064.         $this->load_pgp_driver();

  1065.         $result = $this->pgp_driver->gen_key($data);

  1066. 

  1067.         if ($result instanceof enigma_error) {

  1068.             self::raise_error($result, __LINE__);

  1069.         }

  1070. 

  1071.         return $result;

  1072.     }

  1073. 

  1074.     /**

  1075.      * PGP keys/certs import.

  1076.      *

  1077.      * @param mixed   Import file name or content

  1078.      * @param boolean True if first argument is a filename

  1079.      *

  1080.      * @return mixed Import status data array or enigma_error

  1081.      */

  1082.     function import_key($content, $isfile = false)

  1083.     {

  1084.         $this->load_pgp_driver();

  1085.         $result = $this->pgp_driver->import($content, $isfile, $this->get_passwords());

  1086. 

  1087.         if ($result instanceof enigma_error) {

  1088.             self::raise_error($result, __LINE__);

  1089.         }

  1090.         else {

  1091.             $result['imported']  = $result['public_imported'] + $result['private_imported'];

  1092.             $result['unchanged'] = $result['public_unchanged'] + $result['private_unchanged'];

  1093.         }

  1094. 

  1095.         return $result;

  1096.     }

  1097. 

  1098.     /**

  1099.      * PGP keys/certs export.

  1100.      *

  1101.      * @param string   Key ID

  1102.      * @param resource Optional output stream

  1103.      * @param bool     Include private key

  1104.      *

  1105.      * @return mixed Key content or enigma_error

  1106.      */

  1107.     function export_key($key, $fp = null, $include_private = false)

  1108.     {

  1109.         $this->load_pgp_driver();

  1110.         $result = $this->pgp_driver->export($key, $include_private, $this->get_passwords());

  1111. 

  1112.         if ($result instanceof enigma_error) {

  1113.             self::raise_error($result, __LINE__);

  1114.             return $result;

  1115.         }

  1116. 

  1117.         if ($fp) {

  1118.             fwrite($fp, $result);

  1119.         }

  1120.         else {

  1121.             return $result;

  1122.         }

  1123.     }

  1124. 

  1125.     /**

  1126.      * Registers password for specified key/cert sent by the password prompt.

  1127.      */

  1128.     function password_handler()

  1129.     {

  1130.         $keyid  = rcube_utils::get_input_value('_keyid', rcube_utils::INPUT_POST);

  1131.         $passwd = rcube_utils::get_input_value('_passwd', rcube_utils::INPUT_POST, true);

  1132. 

  1133.         if ($keyid && $passwd !== null && strlen($passwd)) {

  1134.             $this->save_password(strtoupper($keyid), $passwd);

  1135.         }

  1136.     }

  1137. 

  1138.     /**

  1139.      * Saves key/cert password in user session

  1140.      */

  1141.     function save_password($keyid, $password)

  1142.     {

  1143.         // we store passwords in session for specified time

  1144.         if ($config = $_SESSION['enigma_pass']) {

  1145.             $config = $this->rc->decrypt($config);

  1146.             $config = @unserialize($config);

  1147.         }

  1148. 

  1149.         $config[$keyid] = array($password, time());

  1150. 

  1151.         $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));

  1152.     }

  1153. 

  1154.     /**

  1155.      * Returns currently stored passwords

  1156.      */

  1157.     function get_passwords()

  1158.     {

  1159.         if ($config = $_SESSION['enigma_pass']) {

  1160.             $config = $this->rc->decrypt($config);

  1161.             $config = @unserialize($config);

  1162.         }

  1163. 

  1164.         $threshold = $this->password_time ? time() - $this->password_time : 0;

  1165.         $keys      = array();

  1166. 

  1167.         // delete expired passwords

  1168.         foreach ((array) $config as $key => $value) {

  1169.             if ($threshold && $value[1] < $threshold) {

  1170.                 unset($config[$key]);

  1171.                 $modified = true;

  1172.             }

  1173.             else {

  1174.                 $keys[$key] = $value[0];

  1175.             }

  1176.         }

  1177. 

  1178.         if ($modified) {

  1179.             $_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));

  1180.         }

  1181. 

  1182.         return $keys;

  1183.     }

  1184. 

  1185.     /**

  1186.      * Get message part body.

  1187.      *

  1188.      * @param rcube_message      Message object

  1189.      * @param rcube_message_part Message part

  1190.      */

  1191.     private function get_part_body($msg, $part)

  1192.     {

  1193.         // @TODO: Handle big bodies using file handles

  1194. 

  1195.         // This is a special case when we want to get the whole body

  1196.         // using direct IMAP access, in other cases we prefer

  1197.         // rcube_message::get_part_body() as the body may be already in memory

  1198.         if (!$part->mime_id) {

  1199.             // fake the size which may be empty for multipart/* parts

  1200.             // otherwise get_message_part() below will fail

  1201.             if (!$part->size) {

  1202.                 $reset = true;

  1203.                 $part->size = 1;

  1204.             }

  1205. 

  1206.             $storage = $this->rc->get_storage();

  1207.             $body    = $storage->get_message_part($msg->uid, $part->mime_id, $part,

  1208.                 null, null, true, 0, false);

  1209. 

  1210.             if ($reset) {

  1211.                 $part->size = 0;

  1212.             }

  1213.         }

  1214.         else {

  1215.             $body = $msg->get_part_body($part->mime_id, false);

  1216. 

  1217.             // Convert charset to get rid of possible non-ascii characters (#5962)

  1218.             if ($part->charset && stripos($part->charset, 'ASCII') === false) {

  1219.                 $body = rcube_charset::convert($body, $part->charset, 'US-ASCII');

  1220.             }

  1221.         }

  1222. 

  1223.         return $body;

  1224.     }

  1225. 

  1226.     /**

  1227.      * Parse decrypted message body into structure

  1228.      *

  1229.      * @param string Message body

  1230.      *

  1231.      * @return array Message structure

  1232.      */

  1233.     private function parse_body(&$body)

  1234.     {

  1235.         // Mail_mimeDecode need \r\n end-line, but gpg may return \n

  1236.         $body = preg_replace('/\r?\n/', "\r\n", $body);

  1237. 

  1238.         // parse the body into structure

  1239.         $struct = rcube_mime::parse_message($body);

  1240. 

  1241.         return $struct;

  1242.     }

  1243. 

  1244.     /**

  1245.      * Replace message encrypted structure with decrypted message structure

  1246.      *

  1247.      * @param array              Hook arguments

  1248.      * @param rcube_message_part Part structure

  1249.      * @param int                Part size

  1250.      */

  1251.     private function modify_structure(&$p, $struct, $size = 0)

  1252.     {

  1253.         // modify mime_parts property of the message object

  1254.         $old_id = $p['structure']->mime_id;

  1255. 

  1256.         foreach (array_keys($p['object']->mime_parts) as $idx) {

  1257.             if (!$old_id || $idx == $old_id || strpos($idx, $old_id . '.') === 0) {

  1258.                 unset($p['object']->mime_parts[$idx]);

  1259.             }

  1260.         }

  1261. 

  1262.         // set some part params used by Roundcube core

  1263.         $struct->headers  = array_merge($p['structure']->headers, $struct->headers);

  1264.         $struct->size     = $size;

  1265.         $struct->filename = $p['structure']->filename;

  1266. 

  1267.         // modify the new structure to be correctly handled by Roundcube

  1268.         $this->modify_structure_part($struct, $p['object'], $old_id);

  1269. 

  1270.         // replace old structure with the new one

  1271.         $p['structure'] = $struct;

  1272.         $p['mimetype']  = $struct->mimetype;

  1273.     }

  1274. 

  1275.     /**

  1276.      * Modify decrypted message part

  1277.      *

  1278.      * @param rcube_message_part

  1279.      * @param rcube_message

  1280.      */

  1281.     private function modify_structure_part($part, $msg, $old_id)

  1282.     {

  1283.         // never cache the body

  1284.         $part->body_modified = true;

  1285.         $part->encoding      = 'stream';

  1286. 

  1287.         // modify part identifier

  1288.         if ($old_id) {

  1289.             $part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id);

  1290.         }

  1291. 

  1292.         // Cache the fact it was decrypted

  1293.         $this->encrypted_parts[] = $part->mime_id;

  1294.         $msg->mime_parts[$part->mime_id] = $part;

  1295. 

  1296.         // modify sub-parts

  1297.         foreach ((array) $part->parts as $p) {

  1298.             $this->modify_structure_part($p, $msg, $old_id);

  1299.         }

  1300.     }

  1301. 

  1302.     /**

  1303.      * Extracts body and signature of multipart/signed message body

  1304.      */

  1305.     private function explode_signed_body($body, $boundary)

  1306.     {

  1307.         if (!$body) {

  1308.             return array();

  1309.         }

  1310. 

  1311.         $boundary     = '--' . $boundary;

  1312.         $boundary_len = strlen($boundary) + 2;

  1313. 

  1314.         // Find boundaries

  1315.         $start = strpos($body, $boundary) + $boundary_len;

  1316.         $end   = strpos($body, $boundary, $start);

  1317. 

  1318.         // Get signed body and signature

  1319.         $sig  = substr($body, $end + $boundary_len);

  1320.         $body = substr($body, $start, $end - $start - 2);

  1321. 

  1322.         // Cleanup signature

  1323.         $sig = substr($sig, strpos($sig, "\r\n\r\n") + 4);

  1324.         $sig = substr($sig, 0, strpos($sig, $boundary));

  1325. 

  1326.         return array($body, $sig);

  1327.     }

  1328. 

  1329.     /**

  1330.      * Checks if specified message part is a PGP-key or S/MIME cert data

  1331.      *

  1332.      * @param rcube_message_part Part object

  1333.      *

  1334.      * @return boolean True if part is a key/cert

  1335.      */

  1336.     public function is_keys_part($part)

  1337.     {

  1338.         // @TODO: S/MIME

  1339.         return (

  1340.             // Content-Type: application/pgp-keys

  1341.             $part->mimetype == 'application/pgp-keys'

  1342.         );

  1343.     }

  1344. 

  1345.     /**

  1346.      * Removes all user keys and assigned data

  1347.      *

  1348.      * @param string Username

  1349.      *

  1350.      * @return bool True on success, False on failure

  1351.      */

  1352.     public function delete_user_data($username)

  1353.     {

  1354.         $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home');

  1355.         $homedir .= DIRECTORY_SEPARATOR . $username;

  1356. 

  1357.         return file_exists($homedir) ? self::delete_dir($homedir) : true;

  1358.     }

  1359. 

  1360.     /**

  1361.      * Recursive method to remove directory with its content

  1362.      *

  1363.      * @param string Directory

  1364.      */

  1365.     public static function delete_dir($dir)

  1366.     {

  1367.         // This code can be executed from command line, make sure

  1368.         // we have permissions to delete keys directory

  1369.         if (!is_writable($dir)) {

  1370.             rcube::raise_error("Unable to delete $dir", false, true);

  1371.             return false;

  1372.         }

  1373. 

  1374.         if ($content = scandir($dir)) {

  1375.             foreach ($content as $filename) {

  1376.                 if ($filename != '.' && $filename != '..') {

  1377.                     $filename = $dir . DIRECTORY_SEPARATOR . $filename;

  1378. 

  1379.                     if (is_dir($filename)) {

  1380.                         self::delete_dir($filename);

  1381.                     }

  1382.                     else {

  1383.                         unlink($filename);

  1384.                     }

  1385.                 }

  1386.             }

  1387. 

  1388.             rmdir($dir);

  1389.         }

  1390. 

  1391.         return true;

  1392.     }

  1393. 

  1394.     /**

  1395.      * Raise/log (relevant) errors

  1396.      */

  1397.     protected static function raise_error($result, $line, $abort = false)

  1398.     {

  1399.         if ($result->getCode() != enigma_error::BADPASS) {

  1400.             rcube::raise_error(array(

  1401.                     'code'    => 600,

  1402.                     'file'    => __FILE__,

  1403.                     'line'    => $line,

  1404.                     'message' => "Enigma plugin: " . $result->getMessage()

  1405.                 ), true, $abort);

  1406.         }

  1407.     }

  1408. }