githubFork/roundcubemail.git

			@@ -1,5 +1,6 @@
			<?php
			/*

			/**
			+-------------------------------------------------------------------------+
			\| Engine of the Enigma Plugin \|
			\| \|
			@@ -14,24 +15,25 @@
			+-------------------------------------------------------------------------+
			*/

			/*
			RFC2440: OpenPGP Message Format
			RFC3156: MIME Security with OpenPGP
			RFC3851: S/MIME
			*/

			/**
			* Enigma plugin engine.
			*
			* RFC2440: OpenPGP Message Format
			* RFC3156: MIME Security with OpenPGP
			* RFC3851: S/MIME
			*/
			class enigma_engine
			{
			private $rc;
			private $enigma;
			private $pgp_driver;
			private $smime_driver;
			private $password_time;

			public $decryptions = array();
			public $signatures = array();
			public $signed_parts = array();

			const PASSWORD_TIME = 120;
			public $decryptions = array();
			public $signatures = array();
			public $signed_parts = array();
			public $encrypted_parts = array();

			const SIGN_MODE_BODY = 1;
			const SIGN_MODE_SEPARATE = 2;
			@@ -49,8 +51,12 @@
			$this->rc = rcmail::get_instance();
			$this->enigma = $enigma;

			$this->password_time = $this->rc->config->get('enigma_password_time') * 60;

			// this will remove passwords from session after some time
			$this->get_passwords();
			if ($this->password_time) {
			$this->get_passwords();
			}
			}

			/**
			@@ -140,7 +146,7 @@
			$key = $this->find_key($from, true);

			if (empty($key)) {
			return new enigma_error(enigma_error::E_KEYNOTFOUND);
			return new enigma_error(enigma_error::KEYNOTFOUND);
			}

			// check if we have password for this key
			@@ -150,7 +156,7 @@
			if ($pass === null) {
			// ask for password
			$error = array('missing' => array($key->id => $key->name));
			return new enigma_error(enigma_error::E_BADPASS, '', $error);
			return new enigma_error(enigma_error::BADPASS, '', $error);
			}

			// select mode
			@@ -191,10 +197,10 @@
			$result = $this->pgp_sign($body, $key->id, $pass, $pgp_mode);

			if ($result !== true) {
			if ($result->getCode() == enigma_error::E_BADPASS) {
			if ($result->getCode() == enigma_error::BADPASS) {
			// ask for password
			$error = array('missing' => array($key->id => $key->name));
			return new enigma_error(enigma_error::E_BADPASS, '', $error);
			return new enigma_error(enigma_error::BADPASS, '', $error);
			}

			return $result;
			@@ -232,7 +238,7 @@
			}

			if (empty($recipients)) {
			return new enigma_error(enigma_error::E_KEYNOTFOUND);
			return new enigma_error(enigma_error::KEYNOTFOUND);
			}

			$recipients = array_unique($recipients);
			@@ -242,7 +248,7 @@
			$key = $this->find_key($email);

			if (empty($key)) {
			return new enigma_error(enigma_error::E_KEYNOTFOUND, '', array(
			return new enigma_error(enigma_error::KEYNOTFOUND, '', array(
			'missing' => $email
			));
			}
			@@ -329,6 +335,8 @@
			{
			// encrypted attachment, see parse_plain_encrypted()
			if ($p['part']->need_decryption && $p['part']->body === null) {
			$this->load_pgp_driver();

			$storage = $this->rc->get_storage();
			$body = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false);
			$result = $this->pgp_decrypt($body);
			@@ -354,7 +362,7 @@
			$part = $p['structure'];

			// exit, if we're already inside a decrypted message
			if ($part->encrypted) {
			if (in_array($part->mime_id, $this->encrypted_parts)) {
			return;
			}

			@@ -441,7 +449,9 @@

			// Verify signature
			if ($this->rc->action == 'show' \|\| $this->rc->action == 'preview') {
			$sig = $this->pgp_verify($body);
			if ($this->rc->config->get('enigma_signatures', true)) {
			$sig = $this->pgp_verify($body);
			}
			}

			// @TODO: Handle big bodies using (temp) files
			@@ -477,7 +487,7 @@
			// Store signature data for display
			if (!empty($sig)) {
			$this->signed_parts[$part->mime_id] = $part->mime_id;
			$this->signatures[$part->mime_id] = $sig;
			$this->signatures[$part->mime_id] = $sig;
			}

			fclose($fh);
			@@ -487,41 +497,43 @@
			* Handler for PGP/MIME signed message.
			* Verifies signature.
			*
			* @param array Reference to hook's parameters
			* @param array Reference to hook's parameters
			*/
			private function parse_pgp_signed(&$p)
			{
			// Verify signature
			if ($this->rc->action == 'show' \|\| $this->rc->action == 'preview') {
			$this->load_pgp_driver();
			$struct = $p['structure'];
			if (!$this->rc->config->get('enigma_signatures', true)) {
			return;
			}

			$msg_part = $struct->parts[0];
			$sig_part = $struct->parts[1];
			if ($this->rc->action != 'show' && $this->rc->action != 'preview') {
			return;
			}

			// Get bodies
			// Note: The first part body need to be full part body with headers
			// it also cannot be decoded
			$msg_body = $this->get_part_body($p['object'], $msg_part->mime_id, true);
			$sig_body = $this->get_part_body($p['object'], $sig_part->mime_id);
			$this->load_pgp_driver();
			$struct = $p['structure'];

			// Verify
			$sig = $this->pgp_verify($msg_body, $sig_body);
			$msg_part = $struct->parts[0];
			$sig_part = $struct->parts[1];

			// Store signature data for display
			$this->signatures[$struct->mime_id] = $sig;
			// Get bodies
			// Note: The first part body need to be full part body with headers
			// it also cannot be decoded
			$msg_body = $this->get_part_body($p['object'], $msg_part->mime_id, true);
			$sig_body = $this->get_part_body($p['object'], $sig_part->mime_id);

			// Message can be multipart (assign signature to each subpart)
			if (!empty($msg_part->parts)) {
			foreach ($msg_part->parts as $part)
			$this->signed_parts[$part->mime_id] = $struct->mime_id;
			}
			else {
			$this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
			}
			// Verify
			$sig = $this->pgp_verify($msg_body, $sig_body);

			// Remove signature file from attachments list (?)
			unset($struct->parts[1]);
			// Store signature data for display
			$this->signatures[$struct->mime_id] = $sig;

			// Message can be multipart (assign signature to each subpart)
			if (!empty($msg_part->parts)) {
			foreach ($msg_part->parts as $part)
			$this->signed_parts[$part->mime_id] = $struct->mime_id;
			}
			else {
			$this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
			}
			}

			@@ -534,6 +546,10 @@
			private function parse_smime_signed(&$p)
			{
			return; // @TODO

			if (!$this->rc->config->get('enigma_signatures', true)) {
			return;
			}

			// Verify signature
			if ($this->rc->action == 'show' \|\| $this->rc->action == 'preview') {
			@@ -556,9 +572,6 @@
			else {
			$this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
			}

			// Remove signature file from attachments list
			unset($struct->parts[1]);
			}
			}

			@@ -570,6 +583,10 @@
			*/
			private function parse_plain_encrypted(&$p, $body)
			{
			if (!$this->rc->config->get('enigma_decryption', true)) {
			return;
			}

			$this->load_pgp_driver();
			$part = $p['structure'];

			@@ -579,11 +596,23 @@
			// Store decryption status
			$this->decryptions[$part->mime_id] = $result;

			// find parent part ID
			if (strpos($part->mime_id, '.')) {
			$items = explode('.', $part->mime_id);
			array_pop($items);
			$parent = implode('.', $items);
			}
			else {
			$parent = 0;
			}

			// Parse decrypted message
			if ($result === true) {
			$part->body = $body;
			$part->body_modified = true;
			$part->encrypted = true;

			// Remember it was decrypted
			$this->encrypted_parts[] = $part->mime_id;

			// PGP signed inside? verify signature
			if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $body)) {
			@@ -591,19 +620,9 @@
			}

			// Encrypted plain message may contain encrypted attachments
			// in such case attachments have .pgp extension and application/octet-stream.
			// in such case attachments have .pgp extension and type application/octet-stream.
			// This is what happens when you select "Encrypt each attachment separately
			// and send the message using inline PGP" in Thunderbird's Enigmail.

			// find parent part ID
			if (strpos($part->mime_id, '.')) {
			$items = explode('.', $part->mime_id);
			array_pop($items);
			$parent = implode('.', $items);
			}
			else {
			$parent = 0;
			}

			if ($p['object']->mime_parts[$parent]) {
			foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {
			@@ -620,6 +639,19 @@
			}
			}
			}
			// decryption failed, but the message may have already
			// been cached with the modified parts (see above),
			// let's bring the original state back
			else if ($p['object']->mime_parts[$parent]) {
			foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {
			if ($p->need_decryption && !preg_match('/^(.*)\.pgp$/i', $p->filename, $m)) {
			// modify filename
			$p->filename .= '.pgp';
			// flag the part, it will be decrypted when needed
			unset($p->need_decryption);
			}
			}
			}
			}

			/**
			@@ -629,6 +661,10 @@
			*/
			private function parse_pgp_encrypted(&$p)
			{
			if (!$this->rc->config->get('enigma_decryption', true)) {
			return;
			}

			$this->load_pgp_driver();

			$struct = $p['structure'];
			@@ -659,6 +695,10 @@
			// Make sure decryption status message will be displayed
			$part->type = 'content';
			$p['object']->parts[] = $part;

			// don't show encrypted part on attachments list
			// don't show "cannot display encrypted message" text
			$p['abort'] = true;
			}
			}

			@@ -669,6 +709,10 @@
			*/
			private function parse_smime_encrypted(&$p)
			{
			if (!$this->rc->config->get('enigma_decryption', true)) {
			return;
			}

			// $this->load_smime_driver();
			}

			@@ -685,7 +729,7 @@
			// @TODO: Handle big bodies using (temp) files
			$sig = $this->pgp_driver->verify($msg_body, $sig_body);

			if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::E_KEYNOTFOUND)
			if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::KEYNOTFOUND)
			rcube::raise_error(array(
			'code' => 600, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			@@ -710,7 +754,7 @@

			if ($result instanceof enigma_error) {
			$err_code = $result->getCode();
			if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
			if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
			rcube::raise_error(array(
			'code' => 600, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			@@ -741,7 +785,7 @@

			if ($result instanceof enigma_error) {
			$err_code = $result->getCode();
			if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
			if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
			rcube::raise_error(array(
			'code' => 600, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			@@ -770,7 +814,7 @@

			if ($result instanceof enigma_error) {
			$err_code = $result->getCode();
			if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
			if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
			rcube::raise_error(array(
			'code' => 600, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			@@ -887,6 +931,29 @@
			}

			/**
			* PGP keys pair generation.
			*
			* @param array Key pair parameters
			*
			* @return mixed enigma_key or enigma_error
			*/
			function generate_key($data)
			{
			$this->load_pgp_driver();
			$result = $this->pgp_driver->gen_key($data);

			if ($result instanceof enigma_error) {
			rcube::raise_error(array(
			'code' => 600, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			'message' => "Enigma plugin: " . $result->getMessage()
			), true, false);
			}

			return $result;
			}

			/**
			* PGP keys/certs importing.
			*
			* @param mixed Import file name or content
			@@ -939,6 +1006,40 @@
			$this->rc->output->send();
			}

			/**
			* PGP keys/certs export..
			*
			* @param string Key ID
			* @param resource Optional output stream
			*
			* @return mixed Key content or enigma_error
			*/
			function export_key($key, $fp = null)
			{
			$this->load_pgp_driver();
			$result = $this->pgp_driver->export($key, $fp);

			if ($result instanceof enigma_error) {
			rcube::raise_error(array(
			'code' => 600, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			'message' => "Enigma plugin: " . $result->getMessage()
			), true, false);

			return $result;
			}

			if ($fp) {
			fwrite($fp, $result);
			}
			else {
			return $result;
			}
			}

			/**
			* Registers password for specified key/cert sent by the password prompt.
			*/
			function password_handler()
			{
			$keyid = rcube_utils::get_input_value('_keyid', rcube_utils::INPUT_POST);
			@@ -949,6 +1050,9 @@
			}
			}

			/**
			* Saves key/cert password in user session
			*/
			function save_password($keyid, $password)
			{
			// we store passwords in session for specified time
			@@ -962,6 +1066,9 @@
			$_SESSION['enigma_pass'] = $this->rc->encrypt(serialize($config));
			}

			/**
			* Returns currently stored passwords
			*/
			function get_passwords()
			{
			if ($config = $_SESSION['enigma_pass']) {
			@@ -969,12 +1076,12 @@
			$config = @unserialize($config);
			}

			$threshold = time() - self::PASSWORD_TIME;
			$threshold = $this->password_time ? time() - $this->password_time : 0;
			$keys = array();

			// delete expired passwords
			foreach ((array) $config as $key => $value) {
			if ($value[1] < $threshold) {
			if ($threshold && $value[1] < $threshold) {
			unset($config[$key]);
			$modified = true;
			}
			@@ -1066,14 +1173,14 @@
			$part->body_modified = true;
			$part->encoding = 'stream';

			// Cache the fact it was decrypted
			$part->encrypted = true;

			// modify part identifier
			if ($old_id) {
			$part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id);
			}

			// Cache the fact it was decrypted
			$this->encrypted_parts[] = $part->mime_id;

			$msg->mime_parts[$part->mime_id] = $part;

			// modify sub-parts