robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commits
2 Branches
Tree: v1.4.0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'v1.4.0'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/vendor/pear/crypt_gpg/Crypt/GPG/ProcessHandler.php

ProcessHandler.php 30KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928 
  1. <?php

  2. 

  3. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */

  4. 

  5. /**

  6.  * Crypt_GPG is a package to use GPG from PHP

  7.  *

  8.  * This file contains handler for status and error pipes of GPG process.

  9.  *

  10.  * PHP version 5

  11.  *

  12.  * LICENSE:

  13.  *

  14.  * This library is free software; you can redistribute it and/or modify

  15.  * it under the terms of the GNU Lesser General Public License as

  16.  * published by the Free Software Foundation; either version 2.1 of the

  17.  * License, or (at your option) any later version.

  18.  *

  19.  * This library is distributed in the hope that it will be useful,

  20.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  21.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

  22.  * Lesser General Public License for more details.

  23.  *

  24.  * You should have received a copy of the GNU Lesser General Public

  25.  * License along with this library; if not, see

  26.  * <http://www.gnu.org/licenses/>

  27.  *

  28.  * @category  Encryption

  29.  * @package   Crypt_GPG

  30.  * @author    Nathan Fredrickson <nathan@silverorange.com>

  31.  * @author    Michael Gauthier <mike@silverorange.com>

  32.  * @author    Aleksander Machniak <alec@alec.pl>

  33.  * @copyright 2005-2013 silverorange

  34.  * @license   http://www.gnu.org/copyleft/lesser.html LGPL License 2.1

  35.  * @link      http://pear.php.net/package/Crypt_GPG

  36.  * @link      http://www.gnupg.org/

  37.  */

  38. 

  39. /**

  40.  * GPG exception classes.

  41.  */

  42. require_once 'Crypt/GPG/Exceptions.php';

  43. 

  44. /**

  45.  * Signature object class definition

  46.  */

  47. require_once 'Crypt/GPG/Signature.php';

  48. 

  49. // {{{ class Crypt_GPG_ProcessHandler

  50. 

  51. /**

  52.  * Status/Error handler for GPG process pipes.

  53.  *

  54.  * This class is used internally by Crypt_GPG_Engine and does not need to be used

  55.  * directly. See the {@link Crypt_GPG} class for end-user API.

  56.  *

  57.  * @category  Encryption

  58.  * @package   Crypt_GPG

  59.  * @author    Nathan Fredrickson <nathan@silverorange.com>

  60.  * @author    Michael Gauthier <mike@silverorange.com>

  61.  * @author    Aleksander Machniak <alec@alec.pl>

  62.  * @copyright 2005-2013 silverorange

  63.  * @license   http://www.gnu.org/copyleft/lesser.html LGPL License 2.1

  64.  * @link      http://pear.php.net/package/Crypt_GPG

  65.  * @link      http://www.gnupg.org/

  66.  */

  67. class Crypt_GPG_ProcessHandler

  68. {

  69.     // {{{ protected class properties

  70. 

  71.     /**

  72.      * Engine used to control the GPG subprocess

  73.      *

  74.      * @var Crypt_GPG_Engine

  75.      */

  76.     protected $engine;

  77. 

  78.     /**

  79.      * The error code of the current operation

  80.      *

  81.      * @var integer

  82.      */

  83.     protected $errorCode = Crypt_GPG::ERROR_NONE;

  84. 

  85.     /**

  86.      * The number of currently needed passphrases

  87.      *

  88.      * If this is not zero when the GPG command is completed, the error code is

  89.      * set to {@link Crypt_GPG::ERROR_MISSING_PASSPHRASE}.

  90.      *

  91.      * @var integer

  92.      */

  93.     protected $needPassphrase = 0;

  94. 

  95.     /**

  96.      * Some data collected while processing the operation

  97.      * or set for the operation

  98.      *

  99.      * @var array

  100.      * @see self::setData()

  101.      * @see self::getData()

  102.      */

  103.     protected $data = array();

  104. 

  105.     /**

  106.      * The name of the current operation

  107.      *

  108.      * @var string

  109.      * @see self::setOperation()

  110.      */

  111.     protected $operation = null;

  112. 

  113.     /**

  114.      * The value of the argument of current operation

  115.      *

  116.      * @var string

  117.      * @see self::setOperation()

  118.      */

  119.     protected $operationArg = null;

  120. 

  121.     // }}}

  122.     // {{{ __construct()

  123. 

  124.     /**

  125.      * Creates a new instance

  126.      *

  127.      * @param Crypt_GPG_Engine $engine Engine object

  128.      */

  129.     public function __construct($engine)

  130.     {

  131.         $this->engine = $engine;

  132.     }

  133. 

  134.     // }}}

  135.     // {{{ setOperation()

  136. 

  137.     /**

  138.      * Sets the operation that is being performed by the engine.

  139.      *

  140.      * @param string $operation The GPG operation to perform.

  141.      *

  142.      * @return void

  143.      */

  144.     public function setOperation($operation)

  145.     {

  146.         $op    = null;

  147.         $opArg = null;

  148. 

  149.         // Regexp matching all GPG "operational" arguments

  150.         $regexp = '/--('

  151.             . 'version|import|list-public-keys|list-secret-keys'

  152.             . '|list-keys|delete-key|delete-secret-key|encrypt|sign|clearsign'

  153.             . '|detach-sign|decrypt|verify|export-secret-keys|export|gen-key'

  154.             . ')/';

  155. 

  156.         if (strpos($operation, ' ') === false) {

  157.             $op = trim($operation, '- ');

  158.         } else if (preg_match($regexp, $operation, $matches, PREG_OFFSET_CAPTURE)) {

  159.             $op      = trim($matches[0][0], '-');

  160.             $op_len  = $matches[0][1] + mb_strlen($op, '8bit') + 3;

  161.             $command = mb_substr($operation, $op_len, null, '8bit');

  162. 

  163.             // we really need the argument if it is a key ID/fingerprint or email

  164.             // address se we can use simplified regexp to "revert escapeshellarg()"

  165.             if (preg_match('/^[\'"]([a-zA-Z0-9:@._-]+)[\'"]/', $command, $matches)) {

  166.                 $opArg = $matches[1];

  167.             }

  168.         }

  169. 

  170.         $this->operation    = $op;

  171.         $this->operationArg = $opArg;

  172.     }

  173. 

  174.     // }}}

  175.     // {{{ handleStatus()

  176. 

  177.     /**

  178.      * Handles error values in the status output from GPG

  179.      *

  180.      * This method is responsible for setting the

  181.      * {@link self::$errorCode}. See <b>doc/DETAILS</b> in the

  182.      * {@link http://www.gnupg.org/download/ GPG distribution} for detailed

  183.      * information on GPG's status output.

  184.      *

  185.      * @param string $line the status line to handle.

  186.      *

  187.      * @return void

  188.      */

  189.     public function handleStatus($line)

  190.     {

  191.         $tokens = explode(' ', $line);

  192.         switch ($tokens[0]) {

  193.         case 'NODATA':

  194.             $this->errorCode = Crypt_GPG::ERROR_NO_DATA;

  195.             break;

  196. 

  197.         case 'DECRYPTION_OKAY':

  198.             // If the message is encrypted, this is the all-clear signal.

  199.             $this->data['DecryptionOkay'] = true;

  200.             $this->errorCode = Crypt_GPG::ERROR_NONE;

  201.             break;

  202. 

  203.         case 'DELETE_PROBLEM':

  204.             if ($tokens[1] == '1') {

  205.                 $this->errorCode = Crypt_GPG::ERROR_KEY_NOT_FOUND;

  206.                 break;

  207.             } elseif ($tokens[1] == '2') {

  208.                 $this->errorCode = Crypt_GPG::ERROR_DELETE_PRIVATE_KEY;

  209.                 break;

  210.             }

  211.             break;

  212. 

  213.         case 'IMPORT_OK':

  214.             $this->data['Import']['fingerprint'] = $tokens[2];

  215. 

  216.             if (empty($this->data['Import']['fingerprints'])) {

  217.                 $this->data['Import']['fingerprints'] = array($tokens[2]);

  218.             } else if (!in_array($tokens[2], $this->data['Import']['fingerprints'])) {

  219.                 $this->data['Import']['fingerprints'][] = $tokens[2];

  220.             }

  221. 

  222.             break;

  223. 

  224.         case 'IMPORT_RES':

  225.             $this->data['Import']['public_imported']   = intval($tokens[3]);

  226.             $this->data['Import']['public_unchanged']  = intval($tokens[5]);

  227.             $this->data['Import']['private_imported']  = intval($tokens[11]);

  228.             $this->data['Import']['private_unchanged'] = intval($tokens[12]);

  229.             break;

  230. 

  231.         case 'NO_PUBKEY':

  232.         case 'NO_SECKEY':

  233.             $this->data['ErrorKeyId'] = $tokens[1];

  234. 

  235.             if ($this->errorCode != Crypt_GPG::ERROR_MISSING_PASSPHRASE

  236.                 && $this->errorCode != Crypt_GPG::ERROR_BAD_PASSPHRASE

  237.             ) {

  238.                 $this->errorCode = Crypt_GPG::ERROR_KEY_NOT_FOUND;

  239.             }

  240. 

  241.             // note: this message is also received if there are multiple

  242.             // recipients and a previous key had a correct passphrase.

  243.             $this->data['MissingKeys'][$tokens[1]] = $tokens[1];

  244. 

  245.             // @FIXME: remove missing passphrase registered in ENC_TO handler

  246.             //         This is for GnuPG 2.1

  247.             unset($this->data['MissingPassphrases'][$tokens[1]]);

  248.             break;

  249. 

  250.         case 'KEY_CONSIDERED':

  251.             // In GnuPG 2.1.x exporting/importing a secret key requires passphrase

  252.             // However, no NEED_PASSPRASE is returned, https://bugs.gnupg.org/gnupg/issue2667

  253.             // So, handling KEY_CONSIDERED and GET_HIDDEN is needed.

  254.             if (!array_key_exists('KeyConsidered', $this->data)) {

  255.                 $this->data['KeyConsidered'] = $tokens[1];

  256.             }

  257.             break;

  258. 

  259.         case 'USERID_HINT':

  260.             // remember the user id for pretty exception messages

  261.             // GnuPG 2.1.15 gives me: "USERID_HINT 0000000000000000 [?]"

  262.             $keyId = $tokens[1];

  263.             if (strcspn($keyId, '0')) {

  264.                 $username = implode(' ', array_splice($tokens, 2));

  265.                 $this->data['BadPassphrases'][$keyId] = $username;

  266.             }

  267.             break;

  268. 

  269.         case 'ENC_TO':

  270.             // Now we know the message is encrypted. Set flag to check if

  271.             // decryption succeeded.

  272.             $this->data['DecryptionOkay'] = false;

  273. 

  274.             // this is the new key message

  275.             $this->data['CurrentSubKeyId'] = $keyId = $tokens[1];

  276. 

  277.             // For some reason in GnuPG 2.1.11 I get only ENC_TO and no

  278.             // NEED_PASSPHRASE/MISSING_PASSPHRASE/USERID_HINT

  279.             // This is not needed for GnuPG 2.1.15

  280.             if (!empty($_ENV['PINENTRY_USER_DATA'])) {

  281.                 $passphrases = json_decode($_ENV['PINENTRY_USER_DATA'], true);

  282.             } else {

  283.                 $passphrases = array();

  284.             }

  285. 

  286.             // @TODO: Get user name/email

  287.             $this->data['BadPassphrases'][$keyId] = $keyId;

  288.             if (empty($passphrases) || empty($passphrases[$keyId])) {

  289.                 $this->data['MissingPassphrases'][$keyId] = $keyId;

  290.             }

  291.             break;

  292. 

  293.         case 'GOOD_PASSPHRASE':

  294.             // if we got a good passphrase, remove the key from the list of

  295.             // bad passphrases.

  296.             if (isset($this->data['CurrentSubKeyId'])) {

  297.                 unset($this->data['BadPassphrases'][$this->data['CurrentSubKeyId']]);

  298.                 unset($this->data['MissingPassphrases'][$this->data['CurrentSubKeyId']]);

  299.             }

  300. 

  301.             $this->needPassphrase--;

  302.             break;

  303. 

  304.         case 'BAD_PASSPHRASE':

  305.             $this->errorCode = Crypt_GPG::ERROR_BAD_PASSPHRASE;

  306.             break;

  307. 

  308.         case 'MISSING_PASSPHRASE':

  309.             if (isset($this->data['CurrentSubKeyId'])) {

  310.                 $this->data['MissingPassphrases'][$this->data['CurrentSubKeyId']]

  311.                     = $this->data['CurrentSubKeyId'];

  312.             }

  313. 

  314.             $this->errorCode = Crypt_GPG::ERROR_MISSING_PASSPHRASE;

  315.             break;

  316. 

  317.         case 'GET_HIDDEN':

  318.             if ($tokens[1] == 'passphrase.enter' && isset($this->data['KeyConsidered'])) {

  319.                 $tokens[1] = $this->data['KeyConsidered'];

  320.             } else {

  321.                 break;

  322.             }

  323.             // no break

  324. 

  325.         case 'NEED_PASSPHRASE':

  326.             $passphrase = $this->getPin($tokens[1]);

  327. 

  328.             $this->engine->sendCommand($passphrase);

  329. 

  330.             if ($passphrase === '') {

  331.                 $this->needPassphrase++;

  332.             }

  333.             break;

  334. 

  335.         case 'SIG_CREATED':

  336.             $this->data['SigCreated'] = $line;

  337.             break;

  338. 

  339.         case 'SIG_ID':

  340.             // note: signature id comes before new signature line and may not

  341.             // exist for some signature types

  342.             $this->data['SignatureId'] = $tokens[1];

  343.             break;

  344. 

  345.         case 'EXPSIG':

  346.         case 'EXPKEYSIG':

  347.         case 'REVKEYSIG':

  348.         case 'BADSIG':

  349.         case 'ERRSIG':

  350.             $this->errorCode = Crypt_GPG::ERROR_BAD_SIGNATURE;

  351.             // no break

  352.         case 'GOODSIG':

  353.             $signature = new Crypt_GPG_Signature();

  354. 

  355.             // if there was a signature id, set it on the new signature

  356.             if (!empty($this->data['SignatureId'])) {

  357.                 $signature->setId($this->data['SignatureId']);

  358.                 $this->data['SignatureId'] = '';

  359.             }

  360. 

  361.             // Detect whether fingerprint or key id was returned and set

  362.             // signature values appropriately. Key ids are strings of either

  363.             // 16 or 8 hexadecimal characters. Fingerprints are strings of 40

  364.             // hexadecimal characters. The key id is the last 16 characters of

  365.             // the key fingerprint.

  366.             if (mb_strlen($tokens[1], '8bit') > 16) {

  367.                 $signature->setKeyFingerprint($tokens[1]);

  368.                 $signature->setKeyId(mb_substr($tokens[1], -16, null, '8bit'));

  369.             } else {

  370.                 $signature->setKeyId($tokens[1]);

  371.             }

  372. 

  373.             // get user id string

  374.             if ($tokens[0] != 'ERRSIG') {

  375.                 $string = implode(' ', array_splice($tokens, 2));

  376.                 $string = rawurldecode($string);

  377. 

  378.                 $signature->setUserId(Crypt_GPG_UserId::parse($string));

  379.             }

  380. 

  381.             $this->data['Signatures'][] = $signature;

  382.             break;

  383. 

  384.         case 'VALIDSIG':

  385.             if (empty($this->data['Signatures'])) {

  386.                 break;

  387.             }

  388. 

  389.             $signature = end($this->data['Signatures']);

  390. 

  391.             $signature->setValid(true);

  392.             $signature->setKeyFingerprint($tokens[1]);

  393. 

  394.             if (strpos($tokens[3], 'T') === false) {

  395.                 $signature->setCreationDate($tokens[3]);

  396.             } else {

  397.                 $signature->setCreationDate(strtotime($tokens[3]));

  398.             }

  399. 

  400.             if (array_key_exists(4, $tokens)) {

  401.                 if (strpos($tokens[4], 'T') === false) {

  402.                     $signature->setExpirationDate($tokens[4]);

  403.                 } else {

  404.                     $signature->setExpirationDate(strtotime($tokens[4]));

  405.                 }

  406.             }

  407. 

  408.             break;

  409. 

  410.         case 'KEY_CREATED':

  411.             if (isset($this->data['Handle']) && $tokens[3] == $this->data['Handle']) {

  412.                 $this->data['KeyCreated'] = $tokens[2];

  413.             }

  414.             break;

  415. 

  416.         case 'KEY_NOT_CREATED':

  417.             if (isset($this->data['Handle']) && $tokens[1] == $this->data['Handle']) {

  418.                 $this->errorCode = Crypt_GPG::ERROR_KEY_NOT_CREATED;

  419.             }

  420.             break;

  421. 

  422.         case 'PROGRESS':

  423.             // todo: at some point, support reporting status async

  424.             break;

  425. 

  426.         // GnuPG 2.1 uses FAILURE and ERROR responses

  427.         case 'FAILURE':

  428.         case 'ERROR':

  429.             $errnum  = (int) $tokens[2];

  430.             $source  = $errnum >> 24;

  431.             $errcode = $errnum & 0xFFFFFF;

  432. 

  433.             switch ($errcode) {

  434.             case 11: // bad passphrase

  435.             case 87: // bad PIN

  436.                 $this->errorCode = Crypt_GPG::ERROR_BAD_PASSPHRASE;

  437.                 break;

  438. 

  439.             case 177: // no passphrase

  440.             case 178: // no PIN

  441.                 $this->errorCode = Crypt_GPG::ERROR_MISSING_PASSPHRASE;

  442.                 break;

  443. 

  444.             case 58:

  445.                 $this->errorCode = Crypt_GPG::ERROR_NO_DATA;

  446.                 break;

  447.             }

  448. 

  449.             break;

  450.         }

  451.     }

  452. 

  453.     // }}}

  454.     // {{{ handleError()

  455. 

  456.     /**

  457.      * Handles error values in the error output from GPG

  458.      *

  459.      * This method is responsible for setting the

  460.      * {@link Crypt_GPG_Engine::$_errorCode}.

  461.      *

  462.      * @param string $line the error line to handle.

  463.      *

  464.      * @return void

  465.      */

  466.     public function handleError($line)

  467.     {

  468.         if ($this->errorCode === Crypt_GPG::ERROR_NONE) {

  469.             $pattern = '/no valid OpenPGP data found/';

  470.             if (preg_match($pattern, $line) === 1) {

  471.                 $this->errorCode = Crypt_GPG::ERROR_NO_DATA;

  472.             }

  473.         }

  474. 

  475.         if ($this->errorCode === Crypt_GPG::ERROR_NONE) {

  476.             $pattern = '/No secret key|secret key not available/';

  477.             if (preg_match($pattern, $line) === 1) {

  478.                 $this->errorCode = Crypt_GPG::ERROR_KEY_NOT_FOUND;

  479.             }

  480.         }

  481. 

  482.         if ($this->errorCode === Crypt_GPG::ERROR_NONE) {

  483.             $pattern = '/No public key|public key not found/';

  484.             if (preg_match($pattern, $line) === 1) {

  485.                 $this->errorCode = Crypt_GPG::ERROR_KEY_NOT_FOUND;

  486.             }

  487.         }

  488. 

  489.         if ($this->errorCode === Crypt_GPG::ERROR_NONE) {

  490.             $matches = array();

  491.             $pattern = '/can\'t (?:access|open) `(.*?)\'/';

  492.             if (preg_match($pattern, $line, $matches) === 1) {

  493.                 $this->data['ErrorFilename'] = $matches[1];

  494.                 $this->errorCode = Crypt_GPG::ERROR_FILE_PERMISSIONS;

  495.             }

  496.         }

  497. 

  498.         // GnuPG 2.1: It should return MISSING_PASSPHRASE, but it does not

  499.         // we have to detect it this way. This happens e.g. on private key import

  500.         if ($this->errorCode === Crypt_GPG::ERROR_NONE) {

  501.             $matches = array();

  502.             $pattern = '/key ([0-9A-F]+).* (Bad|No) passphrase/';

  503.             if (preg_match($pattern, $line, $matches) === 1) {

  504.                 $keyId = $matches[1];

  505.                 // @TODO: Get user name/email

  506.                 if (empty($this->data['BadPassphrases'][$keyId])) {

  507.                     $this->data['BadPassphrases'][$keyId] = $keyId;

  508.                 }

  509.                 if ($matches[2] == 'Bad') {

  510.                     $this->errorCode = Crypt_GPG::ERROR_BAD_PASSPHRASE;

  511.                 } else {

  512.                     $this->errorCode = Crypt_GPG::ERROR_MISSING_PASSPHRASE;

  513.                     if (empty($this->data['MissingPassphrases'][$keyId])) {

  514.                         $this->data['MissingPassphrases'][$keyId] = $keyId;

  515.                     }

  516.                 }

  517.             }

  518.         }

  519. 

  520.         if ($this->errorCode === Crypt_GPG::ERROR_NONE && $this->operation == 'gen-key') {

  521.             $pattern = '/:([0-9]+): invalid algorithm$/';

  522.             if (preg_match($pattern, $line, $matches) === 1) {

  523.                 $this->errorCode          = Crypt_GPG::ERROR_BAD_KEY_PARAMS;

  524.                 $this->data['LineNumber'] = intval($matches[1]);

  525.             }

  526.         }

  527.     }

  528. 

  529.     // }}}

  530.     // {{{ throwException()

  531. 

  532.     /**

  533.      * On error throws exception

  534.      *

  535.      * @param int $exitcode GPG process exit code

  536.      *

  537.      * @return void

  538.      * @throws Crypt_GPG_Exception

  539.      */

  540.     public function throwException($exitcode = 0)

  541.     {

  542.         if ($exitcode > 0 && $this->errorCode === Crypt_GPG::ERROR_NONE) {

  543.             $this->errorCode = $this->setErrorCode($exitcode);

  544.         }

  545. 

  546.         if ($this->errorCode === Crypt_GPG::ERROR_NONE) {

  547.             return;

  548.         }

  549. 

  550.         $code = $this->errorCode;

  551.         $note = "Please use the 'debug' option when creating the Crypt_GPG " .

  552.             "object, and file a bug report at " . Crypt_GPG::BUG_URI;

  553. 

  554.         switch ($this->operation) {

  555.         case 'version':

  556.             throw new Crypt_GPG_Exception(

  557.                 'Unknown error getting GnuPG version information. ' . $note,

  558.                 $code

  559.             );

  560. 

  561.         case 'list-secret-keys':

  562.         case 'list-public-keys':

  563.         case 'list-keys':

  564.             switch ($code) {

  565.             case Crypt_GPG::ERROR_KEY_NOT_FOUND:

  566.                 // ignore not found key errors

  567.                 break;

  568. 

  569.             case Crypt_GPG::ERROR_FILE_PERMISSIONS:

  570.                 if (!empty($this->data['ErrorFilename'])) {

  571.                     throw new Crypt_GPG_FileException(

  572.                         sprintf(

  573.                             'Error reading GnuPG data file \'%s\'. Check to make ' .

  574.                             'sure it is readable by the current user.',

  575.                             $this->data['ErrorFilename']

  576.                         ),

  577.                         $code,

  578.                         $this->data['ErrorFilename']

  579.                     );

  580.                 }

  581.                 throw new Crypt_GPG_FileException(

  582.                     'Error reading GnuPG data file. Check to make sure that ' .

  583.                     'GnuPG data files are readable by the current user.',

  584.                     $code

  585.                 );

  586. 

  587.             default:

  588.                 throw new Crypt_GPG_Exception(

  589.                     'Unknown error getting keys. ' . $note, $code

  590.                 );

  591.             }

  592.             break;

  593. 

  594.         case 'delete-key':

  595.         case 'delete-secret-key':

  596.             switch ($code) {

  597.             case Crypt_GPG::ERROR_KEY_NOT_FOUND:

  598.                 throw new Crypt_GPG_KeyNotFoundException(

  599.                     'Key not found: ' . $this->operationArg,

  600.                     $code,

  601.                     $this->operationArg

  602.                 );

  603. 

  604.             case Crypt_GPG::ERROR_DELETE_PRIVATE_KEY:

  605.                 throw new Crypt_GPG_DeletePrivateKeyException(

  606.                     'Private key must be deleted before public key can be ' .

  607.                     'deleted.',

  608.                     $code,

  609.                     $this->operationArg

  610.                 );

  611. 

  612.             default:

  613.                 throw new Crypt_GPG_Exception(

  614.                     'Unknown error deleting key. ' . $note, $code

  615.                 );

  616.             }

  617.             break;

  618. 

  619.         case 'import':

  620.             switch ($code) {

  621.             case Crypt_GPG::ERROR_NO_DATA:

  622.                 throw new Crypt_GPG_NoDataException(

  623.                     'No valid GPG key data found.', $code

  624.                 );

  625. 

  626.             case Crypt_GPG::ERROR_BAD_PASSPHRASE:

  627.             case Crypt_GPG::ERROR_MISSING_PASSPHRASE:

  628.                 throw $this->badPassException($code, 'Cannot import private key.');

  629. 

  630.             default:

  631.                 throw new Crypt_GPG_Exception(

  632.                     'Unknown error importing GPG key. ' . $note, $code

  633.                 );

  634.             }

  635.             break;

  636. 

  637.         case 'export':

  638.         case 'export-secret-keys':

  639.             switch ($code) {

  640.             case Crypt_GPG::ERROR_BAD_PASSPHRASE:

  641.             case Crypt_GPG::ERROR_MISSING_PASSPHRASE:

  642.                 throw $this->badPassException($code, 'Cannot export private key.');

  643. 

  644.             default:

  645.                 throw new Crypt_GPG_Exception(

  646.                     'Unknown error exporting a key. ' . $note, $code

  647.                 );

  648.             }

  649.             break;

  650. 

  651.         case 'encrypt':

  652.         case 'sign':

  653.         case 'clearsign':

  654.         case 'detach-sign':

  655.             switch ($code) {

  656.             case Crypt_GPG::ERROR_KEY_NOT_FOUND:

  657.                 throw new Crypt_GPG_KeyNotFoundException(

  658.                     'Cannot sign data. Private key not found. Import the '.

  659.                     'private key before trying to sign data.',

  660.                     $code,

  661.                     !empty($this->data['ErrorKeyId']) ? $this->data['ErrorKeyId'] : null

  662.                 );

  663. 

  664.             case Crypt_GPG::ERROR_BAD_PASSPHRASE:

  665.                 throw new Crypt_GPG_BadPassphraseException(

  666.                     'Cannot sign data. Incorrect passphrase provided.', $code

  667.                 );

  668. 

  669.             case Crypt_GPG::ERROR_MISSING_PASSPHRASE:

  670.                 throw new Crypt_GPG_BadPassphraseException(

  671.                     'Cannot sign data. No passphrase provided.', $code

  672.                 );

  673. 

  674.             default:

  675.                 throw new Crypt_GPG_Exception(

  676.                     "Unknown error {$this->operation}ing data. $note", $code

  677.                 );

  678.             }

  679.             break;

  680. 

  681.         case 'verify':

  682.             switch ($code) {

  683.             case Crypt_GPG::ERROR_BAD_SIGNATURE:

  684.                 // ignore bad signature errors

  685.                 break;

  686. 

  687.             case Crypt_GPG::ERROR_NO_DATA:

  688.                 throw new Crypt_GPG_NoDataException(

  689.                     'No valid signature data found.', $code

  690.                 );

  691. 

  692.             case Crypt_GPG::ERROR_KEY_NOT_FOUND:

  693.                 throw new Crypt_GPG_KeyNotFoundException(

  694.                     'Public key required for data verification not in keyring.',

  695.                     $code,

  696.                     !empty($this->data['ErrorKeyId']) ? $this->data['ErrorKeyId'] : null

  697.                 );

  698. 

  699.             default:

  700.                 throw new Crypt_GPG_Exception(

  701.                     'Unknown error validating signature details. ' . $note,

  702.                     $code

  703.                 );

  704.             }

  705.             break;

  706. 

  707.         case 'decrypt':

  708.             switch ($code) {

  709.             case Crypt_GPG::ERROR_BAD_SIGNATURE:

  710.                 // ignore bad signature errors

  711.                 break;

  712. 

  713.             case Crypt_GPG::ERROR_KEY_NOT_FOUND:

  714.                 if (!empty($this->data['MissingKeys'])) {

  715.                     $keyId = reset($this->data['MissingKeys']);

  716.                 } else {

  717.                     $keyId = '';

  718.                 }

  719. 

  720.                 throw new Crypt_GPG_KeyNotFoundException(

  721.                     'Cannot decrypt data. No suitable private key is in the ' .

  722.                     'keyring. Import a suitable private key before trying to ' .

  723.                     'decrypt this data.',

  724.                     $code,

  725.                     $keyId

  726.                 );

  727. 

  728.             case Crypt_GPG::ERROR_BAD_PASSPHRASE:

  729.             case Crypt_GPG::ERROR_MISSING_PASSPHRASE:

  730.                 throw $this->badPassException($code, 'Cannot decrypt data.');

  731. 

  732.             case Crypt_GPG::ERROR_NO_DATA:

  733.                 throw new Crypt_GPG_NoDataException(

  734.                     'Cannot decrypt data. No PGP encrypted data was found in '.

  735.                     'the provided data.',

  736.                     $code

  737.                 );

  738. 

  739.             default:

  740.                 throw new Crypt_GPG_Exception(

  741.                     'Unknown error decrypting data.', $code

  742.                 );

  743.             }

  744.             break;

  745. 

  746.         case 'gen-key':

  747.             switch ($code) {

  748.             case Crypt_GPG::ERROR_BAD_KEY_PARAMS:

  749.                 throw new Crypt_GPG_InvalidKeyParamsException(

  750.                     'Invalid key algorithm specified.', $code

  751.                 );

  752. 

  753.             default:

  754.                 throw new Crypt_GPG_Exception(

  755.                     'Unknown error generating key-pair. ' . $note, $code

  756.                 );

  757.             }

  758.         }

  759.     }

  760. 

  761.     // }}}

  762.     // {{{ throwException()

  763. 

  764.     /**

  765.      * Check exit code of the GPG operation.

  766.      *

  767.      * @param int $exitcode GPG process exit code

  768.      *

  769.      * @return int Internal error code

  770.      */

  771.     protected function setErrorCode($exitcode)

  772.     {

  773.         if ($this->needPassphrase > 0) {

  774.             return Crypt_GPG::ERROR_MISSING_PASSPHRASE;

  775.         }

  776. 

  777.         if ($this->operation == 'import') {

  778.             return Crypt_GPG::ERROR_NONE;

  779.         }

  780. 

  781.         if ($this->operation == 'decrypt' && !empty($this->data['DecryptionOkay'])) {

  782.             if (!empty($this->data['IgnoreVerifyErrors'])) {

  783.                 return Crypt_GPG::ERROR_NONE;

  784.             }

  785.             if (!empty($this->data['MissingKeys'])) {

  786.                 return Crypt_GPG::ERROR_KEY_NOT_FOUND;

  787.             }

  788.         }

  789. 

  790.         return Crypt_GPG::ERROR_UNKNOWN;

  791.     }

  792. 

  793.     // }}}

  794.     // {{{ getData()

  795. 

  796.     /**

  797.      * Get data from the last process execution.

  798.      *

  799.      * @param string $name Data element name:

  800.      *               - SigCreated: The last SIG_CREATED status.

  801.      *               - KeyConsidered: The last KEY_CONSIDERED status identifier.

  802.      *               - KeyCreated: The KEY_CREATED status (for specified Handle).

  803.      *               - Signatures: Signatures data from verification process.

  804.      *               - LineNumber: Number of the gen-key error line.

  805.      *               - Import: Result of IMPORT_OK/IMPORT_RES

  806.      *

  807.      * @return mixed

  808.      */

  809.     public function getData($name)

  810.     {

  811.         return isset($this->data[$name]) ? $this->data[$name] : null;

  812.     }

  813. 

  814.     // }}}

  815.     // {{{ setData()

  816. 

  817.     /**

  818.      * Set data for the process execution.

  819.      *

  820.      * @param string $name  Data element name:

  821.      *               - Handle: The unique key handle used by this handler

  822.      *                         The key handle is used to track GPG status output

  823.      *                         for a particular key on --gen-key command before

  824.      *                         the key has its own identifier.

  825.      *               - IgnoreVerifyErrors: Do not throw exceptions

  826.      *                         when signature verification failes because

  827.      *                         of a missing public key.

  828.      * @param mixed  $value Data element value

  829.      *

  830.      * @return void

  831.      */

  832.     public function setData($name, $value)

  833.     {

  834.         switch ($name) {

  835.         case 'Handle':

  836.             $this->data[$name] = strval($value);

  837.             break;

  838. 

  839.         case 'IgnoreVerifyErrors':

  840.             $this->data[$name] = (bool) $value;

  841.             break;

  842.         }

  843.     }

  844. 

  845.     // }}}

  846.     // {{{ setData()

  847. 

  848.     /**

  849.      * Create Crypt_GPG_BadPassphraseException from operation data.

  850.      *

  851.      * @param int    $code    Error code

  852.      * @param string $message Error message

  853.      *

  854.      * @return Crypt_GPG_BadPassphraseException

  855.      */

  856.     protected function badPassException($code, $message)

  857.     {

  858.         $badPassphrases = array_diff_key(

  859.             isset($this->data['BadPassphrases']) ? $this->data['BadPassphrases'] : array(),

  860.             isset($this->data['MissingPassphrases']) ? $this->data['MissingPassphrases'] : array()

  861.         );

  862. 

  863.         $missingPassphrases = array_intersect_key(

  864.             isset($this->data['BadPassphrases']) ? $this->data['BadPassphrases'] : array(),

  865.             isset($this->data['MissingPassphrases']) ? $this->data['MissingPassphrases'] : array()

  866.         );

  867. 

  868.         if (count($badPassphrases) > 0) {

  869.             $message .= ' Incorrect passphrase provided for keys: "' .

  870.                 implode('", "', $badPassphrases) . '".';

  871.         }

  872.         if (count($missingPassphrases) > 0) {

  873.             $message .= ' No passphrase provided for keys: "' .

  874.                 implode('", "', $missingPassphrases) . '".';

  875.         }

  876. 

  877.         return new Crypt_GPG_BadPassphraseException(

  878.             $message,

  879.             $code,

  880.             $badPassphrases,

  881.             $missingPassphrases

  882.         );

  883.     }

  884. 

  885.     // }}}

  886.     // {{{ getPin()

  887. 

  888.     /**

  889.      * Get registered passphrase for specified key.

  890.      *

  891.      * @param string $key Key identifier

  892.      *

  893.      * @return string Passphrase

  894.      */

  895.     protected function getPin($key)

  896.     {

  897.         $passphrase  = '';

  898.         $keyIdLength = mb_strlen($key, '8bit');

  899. 

  900.         if ($keyIdLength && !empty($_ENV['PINENTRY_USER_DATA'])) {

  901.             $passphrases = json_decode($_ENV['PINENTRY_USER_DATA'], true);

  902.             foreach ($passphrases as $_keyId => $pass) {

  903.                 $keyId        = $key;

  904.                 $_keyIdLength = mb_strlen($_keyId, '8bit');

  905. 

  906.                 // Get last X characters of key identifier to compare

  907.                 if ($keyIdLength < $_keyIdLength) {

  908.                     $_keyId = mb_substr($_keyId, -$keyIdLength, null, '8bit');

  909.                 } else if ($keyIdLength > $_keyIdLength) {

  910.                     $keyId = mb_substr($keyId, -$_keyIdLength, null, '8bit');

  911.                 }

  912. 

  913.                 if ($_keyId === $keyId) {

  914.                     $passphrase = $pass;

  915.                     break;

  916.                 }

  917.             }

  918.         }

  919. 

  920.         return $passphrase;

  921.     }

  922. 

  923.     // }}}

  924. }

  925. 

  926. // }}}

  927. 

  928. ?>