robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
2 Branches
Tree: v1.4.0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'v1.4.0'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/vendor/pear/crypt_gpg/Crypt/GPGAbstract.php

GPGAbstract.php 17KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464 
  1. <?php

  2. 

  3. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */

  4. 

  5. /**

  6.  * Crypt_GPG is a package to use GPG from PHP

  7.  *

  8.  * This package provides an object oriented interface to GNU Privacy

  9.  * Guard (GPG). It requires the GPG executable to be on the system.

  10.  *

  11.  * Though GPG can support symmetric-key cryptography, this package is intended

  12.  * only to facilitate public-key cryptography.

  13.  *

  14.  * This file contains an abstract implementation of a user of the

  15.  * {@link Crypt_GPG_Engine} class.

  16.  *

  17.  * PHP version 5

  18.  *

  19.  * LICENSE:

  20.  *

  21.  * This library is free software; you can redistribute it and/or modify

  22.  * it under the terms of the GNU Lesser General Public License as

  23.  * published by the Free Software Foundation; either version 2.1 of the

  24.  * License, or (at your option) any later version.

  25.  *

  26.  * This library is distributed in the hope that it will be useful,

  27.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  28.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

  29.  * Lesser General Public License for more details.

  30.  *

  31.  * You should have received a copy of the GNU Lesser General Public

  32.  * License along with this library; if not, see

  33.  * <http://www.gnu.org/licenses/>

  34.  *

  35.  * @category  Encryption

  36.  * @package   Crypt_GPG

  37.  * @author    Nathan Fredrickson <nathan@silverorange.com>

  38.  * @author    Michael Gauthier <mike@silverorange.com>

  39.  * @copyright 2005-2013 silverorange

  40.  * @license   http://www.gnu.org/copyleft/lesser.html LGPL License 2.1

  41.  * @link      http://pear.php.net/package/Crypt_GPG

  42.  * @link      http://pear.php.net/manual/en/package.encryption.crypt-gpg.php

  43.  * @link      http://www.gnupg.org/

  44.  */

  45. 

  46. /**

  47.  * GPG key class

  48.  */

  49. require_once 'Crypt/GPG/Key.php';

  50. 

  51. /**

  52.  * GPG sub-key class

  53.  */

  54. require_once 'Crypt/GPG/SubKey.php';

  55. 

  56. /**

  57.  * GPG user id class

  58.  */

  59. require_once 'Crypt/GPG/UserId.php';

  60. 

  61. /**

  62.  * GPG process and I/O engine class

  63.  */

  64. require_once 'Crypt/GPG/Engine.php';

  65. 

  66. // {{{ class Crypt_GPGAbstract

  67. 

  68. /**

  69.  * Base class for implementing a user of {@link Crypt_GPG_Engine}

  70.  *

  71.  * @category  Encryption

  72.  * @package   Crypt_GPG

  73.  * @author    Nathan Fredrickson <nathan@silverorange.com>

  74.  * @author    Michael Gauthier <mike@silverorange.com>

  75.  * @copyright 2005-2013 silverorange

  76.  * @license   http://www.gnu.org/copyleft/lesser.html LGPL License 2.1

  77.  * @link      http://pear.php.net/package/Crypt_GPG

  78.  * @link      http://www.gnupg.org/

  79.  */

  80. abstract class Crypt_GPGAbstract

  81. {

  82.     // {{{ class error constants

  83. 

  84.     /**

  85.      * Error code returned when there is no error.

  86.      */

  87.     const ERROR_NONE = 0;

  88. 

  89.     /**

  90.      * Error code returned when an unknown or unhandled error occurs.

  91.      */

  92.     const ERROR_UNKNOWN = 1;

  93. 

  94.     /**

  95.      * Error code returned when a bad passphrase is used.

  96.      */

  97.     const ERROR_BAD_PASSPHRASE = 2;

  98. 

  99.     /**

  100.      * Error code returned when a required passphrase is missing.

  101.      */

  102.     const ERROR_MISSING_PASSPHRASE = 3;

  103. 

  104.     /**

  105.      * Error code returned when a key that is already in the keyring is

  106.      * imported.

  107.      */

  108.     const ERROR_DUPLICATE_KEY = 4;

  109. 

  110.     /**

  111.      * Error code returned the required data is missing for an operation.

  112.      *

  113.      * This could be missing key data, missing encrypted data or missing

  114.      * signature data.

  115.      */

  116.     const ERROR_NO_DATA = 5;

  117. 

  118.     /**

  119.      * Error code returned when an unsigned key is used.

  120.      */

  121.     const ERROR_UNSIGNED_KEY = 6;

  122. 

  123.     /**

  124.      * Error code returned when a key that is not self-signed is used.

  125.      */

  126.     const ERROR_NOT_SELF_SIGNED = 7;

  127. 

  128.     /**

  129.      * Error code returned when a public or private key that is not in the

  130.      * keyring is used.

  131.      */

  132.     const ERROR_KEY_NOT_FOUND = 8;

  133. 

  134.     /**

  135.      * Error code returned when an attempt to delete public key having a

  136.      * private key is made.

  137.      */

  138.     const ERROR_DELETE_PRIVATE_KEY = 9;

  139. 

  140.     /**

  141.      * Error code returned when one or more bad signatures are detected.

  142.      */

  143.     const ERROR_BAD_SIGNATURE = 10;

  144. 

  145.     /**

  146.      * Error code returned when there is a problem reading GnuPG data files.

  147.      */

  148.     const ERROR_FILE_PERMISSIONS = 11;

  149. 

  150.     /**

  151.      * Error code returned when a key could not be created.

  152.      */

  153.     const ERROR_KEY_NOT_CREATED = 12;

  154. 

  155.     /**

  156.      * Error code returned when bad key parameters are used during key

  157.      * generation.

  158.      */

  159.     const ERROR_BAD_KEY_PARAMS = 13;

  160. 

  161.     // }}}

  162.     // {{{ other class constants

  163. 

  164.     /**

  165.      * URI at which package bugs may be reported.

  166.      */

  167.     const BUG_URI = 'http://pear.php.net/bugs/report.php?package=Crypt_GPG';

  168. 

  169.     // }}}

  170.     // {{{ protected class properties

  171. 

  172.     /**

  173.      * Engine used to control the GPG subprocess

  174.      *

  175.      * @var Crypt_GPG_Engine

  176.      *

  177.      * @see Crypt_GPGAbstract::setEngine()

  178.      */

  179.     protected $engine = null;

  180. 

  181.     // }}}

  182.     // {{{ __construct()

  183. 

  184.     /**

  185.      * Creates a new GPG object

  186.      *

  187.      * Available options are:

  188.      *

  189.      * - <kbd>string  homedir</kbd>        - the directory where the GPG

  190.      *                                       keyring files are stored. If not

  191.      *                                       specified, Crypt_GPG uses the

  192.      *                                       default of <kbd>~/.gnupg</kbd>.

  193.      * - <kbd>string  publicKeyring</kbd>  - the file path of the public

  194.      *                                       keyring. Use this if the public

  195.      *                                       keyring is not in the homedir, or

  196.      *                                       if the keyring is in a directory

  197.      *                                       not writable by the process

  198.      *                                       invoking GPG (like Apache). Then

  199.      *                                       you can specify the path to the

  200.      *                                       keyring with this option

  201.      *                                       (/foo/bar/pubring.gpg), and specify

  202.      *                                       a writable directory (like /tmp)

  203.      *                                       using the <i>homedir</i> option.

  204.      * - <kbd>string  privateKeyring</kbd> - the file path of the private

  205.      *                                       keyring. Use this if the private

  206.      *                                       keyring is not in the homedir, or

  207.      *                                       if the keyring is in a directory

  208.      *                                       not writable by the process

  209.      *                                       invoking GPG (like Apache). Then

  210.      *                                       you can specify the path to the

  211.      *                                       keyring with this option

  212.      *                                       (/foo/bar/secring.gpg), and specify

  213.      *                                       a writable directory (like /tmp)

  214.      *                                       using the <i>homedir</i> option.

  215.      * - <kbd>string  trustDb</kbd>        - the file path of the web-of-trust

  216.      *                                       database. Use this if the trust

  217.      *                                       database is not in the homedir, or

  218.      *                                       if the database is in a directory

  219.      *                                       not writable by the process

  220.      *                                       invoking GPG (like Apache). Then

  221.      *                                       you can specify the path to the

  222.      *                                       trust database with this option

  223.      *                                       (/foo/bar/trustdb.gpg), and specify

  224.      *                                       a writable directory (like /tmp)

  225.      *                                       using the <i>homedir</i> option.

  226.      * - <kbd>string  binary</kbd>         - the location of the GPG binary. If

  227.      *                                       not specified, the driver attempts

  228.      *                                       to auto-detect the GPG binary

  229.      *                                       location using a list of known

  230.      *                                       default locations for the current

  231.      *                                       operating system. The option

  232.      *                                       <kbd>gpgBinary</kbd> is a

  233.      *                                       deprecated alias for this option.

  234.      * - <kbd>string  agent</kbd>          - the location of the GnuPG agent

  235.      *                                       binary. The gpg-agent is only

  236.      *                                       used for GnuPG 2.x. If not

  237.      *                                       specified, the engine attempts

  238.      *                                       to auto-detect the gpg-agent

  239.      *                                       binary location using a list of

  240.      *                                       know default locations for the

  241.      *                                       current operating system.

  242.      * - <kbd>string|false gpgconf</kbd>   - the location of the GnuPG conf

  243.      *                                       binary. The gpgconf is only

  244.      *                                       used for GnuPG >= 2.1. If not

  245.      *                                       specified, the engine attempts

  246.      *                                       to auto-detect the location using

  247.      *                                       a list of know default locations.

  248.      *                                       When set to FALSE `gpgconf --kill`

  249.      *                                       will not be executed via destructor.

  250.      * - <kbd>string digest-algo</kbd>     - Sets the message digest algorithm.

  251.      * - <kbd>string cipher-algo</kbd>     - Sets the symmetric cipher.

  252.      * - <kbd>boolean strict</kbd>         - In strict mode clock problems on

  253.      *                                       subkeys and signatures are not ignored

  254.      *                                       (--ignore-time-conflict

  255.      *                                       and --ignore-valid-from options)

  256.      * - <kbd>mixed debug</kbd>            - whether or not to use debug mode.

  257.      *                                       When debug mode is on, all

  258.      *                                       communication to and from the GPG

  259.      *                                       subprocess is logged. This can be

  260.      *                                       useful to diagnose errors when

  261.      *                                       using Crypt_GPG.

  262.      *

  263.      * @param array $options optional. An array of options used to create the

  264.      *                       GPG object. All options are optional and are

  265.      *                       represented as key-value pairs.

  266.      *

  267.      * @throws Crypt_GPG_FileException if the <kbd>homedir</kbd> does not exist

  268.      *         and cannot be created. This can happen if <kbd>homedir</kbd> is

  269.      *         not specified, Crypt_GPG is run as the web user, and the web

  270.      *         user has no home directory. This exception is also thrown if any

  271.      *         of the options <kbd>publicKeyring</kbd>,

  272.      *         <kbd>privateKeyring</kbd> or <kbd>trustDb</kbd> options are

  273.      *         specified but the files do not exist or are are not readable.

  274.      *         This can happen if the user running the Crypt_GPG process (for

  275.      *         example, the Apache user) does not have permission to read the

  276.      *         files.

  277.      *

  278.      * @throws PEAR_Exception if the provided <kbd>binary</kbd> is invalid, or

  279.      *         if no <kbd>binary</kbd> is provided and no suitable binary could

  280.      *         be found.

  281.      *

  282.      * @throws PEAR_Exception if the provided <kbd>agent</kbd> is invalid, or

  283.      *         if no <kbd>agent</kbd> is provided and no suitable gpg-agent

  284.      *         cound be found.

  285.      */

  286.     public function __construct(array $options = array())

  287.     {

  288.         $this->setEngine(new Crypt_GPG_Engine($options));

  289.     }

  290. 

  291.     // }}}

  292.     // {{{ setEngine()

  293. 

  294.     /**

  295.      * Sets the I/O engine to use for GnuPG operations

  296.      *

  297.      * Normally this method does not need to be used. It provides a means for

  298.      * dependency injection.

  299.      *

  300.      * @param Crypt_GPG_Engine $engine the engine to use.

  301.      *

  302.      * @return Crypt_GPGAbstract the current object, for fluent interface.

  303.      */

  304.     public function setEngine(Crypt_GPG_Engine $engine)

  305.     {

  306.         $this->engine = $engine;

  307.         return $this;

  308.     }

  309. 

  310.     // }}}

  311.     // {{{ getVersion()

  312. 

  313.     /**

  314.      * Returns version of the engine (GnuPG) used for operation.

  315.      *

  316.      * @return string GnuPG version.

  317.      *

  318.      * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.

  319.      *         Use the <kbd>debug</kbd> option and file a bug report if these

  320.      *         exceptions occur.

  321.      */

  322.     public function getVersion()

  323.     {

  324.         return $this->engine->getVersion();

  325.     }

  326. 

  327.     // }}}

  328.     // {{{ _getKeys()

  329. 

  330.     /**

  331.      * Gets the available keys in the keyring

  332.      *

  333.      * Calls GPG with the <kbd>--list-keys</kbd> command and grabs keys. See

  334.      * the first section of <b>doc/DETAILS</b> in the

  335.      * {@link http://www.gnupg.org/download/ GPG package} for a detailed

  336.      * description of how the GPG command output is parsed.

  337.      *

  338.      * @param string $keyId optional. Only keys with that match the specified

  339.      *                      pattern are returned. The pattern may be part of

  340.      *                      a user id, a key id or a key fingerprint. If not

  341.      *                      specified, all keys are returned.

  342.      *

  343.      * @return array an array of {@link Crypt_GPG_Key} objects. If no keys

  344.      *               match the specified <kbd>$keyId</kbd> an empty array is

  345.      *               returned.

  346.      *

  347.      * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.

  348.      *         Use the <kbd>debug</kbd> option and file a bug report if these

  349.      *         exceptions occur.

  350.      *

  351.      * @see Crypt_GPG_Key

  352.      */

  353.     protected function _getKeys($keyId = '')

  354.     {

  355.         // get private key fingerprints

  356.         if ($keyId == '') {

  357.             $operation = '--list-secret-keys';

  358.         } else {

  359.             $operation = '--utf8-strings --list-secret-keys ' . escapeshellarg($keyId);

  360.         }

  361. 

  362.         // According to The file 'doc/DETAILS' in the GnuPG distribution, using

  363.         // double '--with-fingerprint' also prints the fingerprint for subkeys.

  364.         $arguments = array(

  365.             '--with-colons',

  366.             '--with-fingerprint',

  367.             '--with-fingerprint',

  368.             '--fixed-list-mode'

  369.         );

  370. 

  371.         $output = '';

  372. 

  373.         $this->engine->reset();

  374.         $this->engine->setOutput($output);

  375.         $this->engine->setOperation($operation, $arguments);

  376.         $this->engine->run();

  377. 

  378.         $privateKeyFingerprints = array();

  379. 

  380.         foreach (explode(PHP_EOL, $output) as $line) {

  381.             $lineExp = explode(':', $line);

  382.             if ($lineExp[0] == 'fpr') {

  383.                 $privateKeyFingerprints[] = $lineExp[9];

  384.             }

  385.         }

  386. 

  387.         // get public keys

  388.         if ($keyId == '') {

  389.             $operation = '--list-public-keys';

  390.         } else {

  391.             $operation = '--utf8-strings --list-public-keys ' . escapeshellarg($keyId);

  392.         }

  393. 

  394.         $output = '';

  395. 

  396.         $this->engine->reset();

  397.         $this->engine->setOutput($output);

  398.         $this->engine->setOperation($operation, $arguments);

  399.         $this->engine->run();

  400. 

  401.         $keys   = array();

  402.         $key    = null; // current key

  403.         $subKey = null; // current sub-key

  404. 

  405.         foreach (explode(PHP_EOL, $output) as $line) {

  406.             $lineExp = explode(':', $line);

  407. 

  408.             if ($lineExp[0] == 'pub') {

  409. 

  410.                 // new primary key means last key should be added to the array

  411.                 if ($key !== null) {

  412.                     $keys[] = $key;

  413.                 }

  414. 

  415.                 $key = new Crypt_GPG_Key();

  416. 

  417.                 $subKey = Crypt_GPG_SubKey::parse($line);

  418.                 $key->addSubKey($subKey);

  419. 

  420.             } elseif ($lineExp[0] == 'sub') {

  421. 

  422.                 $subKey = Crypt_GPG_SubKey::parse($line);

  423.                 $key->addSubKey($subKey);

  424. 

  425.             } elseif ($lineExp[0] == 'fpr') {

  426. 

  427.                 $fingerprint = $lineExp[9];

  428. 

  429.                 // set current sub-key fingerprint

  430.                 $subKey->setFingerprint($fingerprint);

  431. 

  432.                 // if private key exists, set has private to true

  433.                 if (in_array($fingerprint, $privateKeyFingerprints)) {

  434.                     $subKey->setHasPrivate(true);

  435.                 }

  436. 

  437.             } elseif ($lineExp[0] == 'uid') {

  438. 

  439.                 $string = stripcslashes($lineExp[9]); // as per documentation

  440.                 $userId = new Crypt_GPG_UserId($string);

  441. 

  442.                 if ($lineExp[1] == 'r') {

  443.                     $userId->setRevoked(true);

  444.                 }

  445. 

  446.                 $key->addUserId($userId);

  447. 

  448.             }

  449.         }

  450. 

  451.         // add last key

  452.         if ($key !== null) {

  453.             $keys[] = $key;

  454.         }

  455. 

  456.         return $keys;

  457.     }

  458. 

  459.     // }}}

  460. }

  461. 

  462. // }}}

  463. 

  464. ?>