File Crypt/Smime.php

  1: <?php
  2: /**
  3:  * The IMP_Crypt_Smime:: class contains all functions related to handling
  4:  * S/MIME messages within IMP.
  5:  *
  6:  * Copyright 2002-2012 Horde LLC (http://www.horde.org/)
  7:  *
  8:  * See the enclosed file COPYING for license information (GPL). If you
  9:  * did not receive this file, see http://www.horde.org/licenses/gpl.
 10:  *
 11:  * @author   Mike Cochrane <mike@graftonhall.co.nz>
 12:  * @category Horde
 13:  * @license  http://www.horde.org/licenses/gpl GPL
 14:  * @package  IMP
 15:  */
 16: class IMP_Crypt_Smime extends Horde_Crypt_Smime
 17: {
 18:     /* Name of the S/MIME public key field in addressbook. */
 19:     const PUBKEY_FIELD = 'smimePublicKey';
 20: 
 21:     /* Encryption type constants. */
 22:     const ENCRYPT = 'smime_encrypt';
 23:     const SIGN = 'smime_sign';
 24:     const SIGNENC = 'smime_signenc';
 25: 
 26:     /**
 27:      * Return the list of available encryption options for composing.
 28:      *
 29:      * @return array  Keys are encryption type constants, values are gettext
 30:      *                strings describing the encryption type.
 31:      */
 32:     public function encryptList()
 33:     {
 34:         $ret = array(
 35:             self::ENCRYPT => _("S/MIME Encrypt Message")
 36:         );
 37: 
 38:         if ($this->getPersonalPrivateKey()) {
 39:             $ret += array(
 40:                 self::SIGN => _("S/MIME Sign Message"),
 41:                 self::SIGNENC => _("S/MIME Sign/Encrypt Message")
 42:             );
 43:         }
 44: 
 45:         return $ret;
 46:     }
 47: 
 48:     /**
 49:      * Add the personal public key to the prefs.
 50:      *
 51:      * @param mixed $key  The public key to add (either string or array).
 52:      */
 53:     public function addPersonalPublicKey($key)
 54:     {
 55:         $GLOBALS['prefs']->setValue('smime_public_key', (is_array($key)) ? implode('', $key) : $key);
 56:     }
 57: 
 58:     /**
 59:      * Add the personal private key to the prefs.
 60:      *
 61:      * @param mixed $key  The private key to add (either string or array).
 62:      */
 63:     public function addPersonalPrivateKey($key)
 64:     {
 65:         $GLOBALS['prefs']->setValue('smime_private_key', (is_array($key)) ? implode('', $key) : $key);
 66:     }
 67: 
 68:     /**
 69:      * Add the list of additional certs to the prefs.
 70:      *
 71:      * @param mixed $key  The private key to add (either string or array).
 72:      */
 73:     public function addAdditionalCert($key)
 74:     {
 75:         $GLOBALS['prefs']->setValue('smime_additional_cert', (is_array($key)) ? implode('', $key) : $key);
 76:     }
 77: 
 78:     /**
 79:      * Get the personal public key from the prefs.
 80:      *
 81:      * @return string  The personal S/MIME public key.
 82:      */
 83:     public function getPersonalPublicKey()
 84:     {
 85:         return $GLOBALS['prefs']->getValue('smime_public_key');
 86:     }
 87: 
 88:     /**
 89:      * Get the personal private key from the prefs.
 90:      *
 91:      * @return string  The personal S/MIME private key.
 92:      */
 93:     public function getPersonalPrivateKey()
 94:     {
 95:         return $GLOBALS['prefs']->getValue('smime_private_key');
 96:     }
 97: 
 98:     /**
 99:      * Get any additional certificates from the prefs.
100:      *
101:      * @return string  Additional signing certs for inclusion.
102:      */
103:     public function getAdditionalCert()
104:     {
105:         return $GLOBALS['prefs']->getValue('smime_additional_cert');
106:     }
107: 
108:     /**
109:      * Deletes the specified personal keys from the prefs.
110:      */
111:     public function deletePersonalKeys()
112:     {
113:         $GLOBALS['prefs']->setValue('smime_public_key', '');
114:         $GLOBALS['prefs']->setValue('smime_private_key', '');
115:         $GLOBALS['prefs']->setValue('smime_additional_cert', '');
116:         $this->unsetPassphrase();
117:     }
118: 
119:     /**
120:      * Add a public key to an address book.
121:      *
122:      * @param string $cert  A public certificate to add.
123:      *
124:      * @throws Horde_Exception
125:      */
126:     public function addPublicKey($cert)
127:     {
128:         list($name, $email) = $this->publicKeyInfo($cert);
129: 
130:         $GLOBALS['registry']->call('contacts/addField', array($email, $name, self::PUBKEY_FIELD, $cert, $GLOBALS['prefs']->getValue('add_source')));
131:     }
132: 
133:     /**
134:      * Get information about a public certificate.
135:      *
136:      * @param string $cert  The public certificate.
137:      *
138:      * @return array  Two element array: the name and e-mail for the cert.
139:      * @throws Horde_Crypt_Exception
140:      */
141:     public function publicKeyInfo($cert)
142:     {
143:         /* Make sure the certificate is valid. */
144:         $key_info = openssl_x509_parse($cert);
145:         if (!is_array($key_info) || !isset($key_info['subject'])) {
146:             throw new Horde_Crypt_Exception(_("Not a valid public key."));
147:         }
148: 
149:         /* Add key to the user's address book. */
150:         $email = $this->getEmailFromKey($cert);
151:         if (is_null($email)) {
152:             throw new Horde_Crypt_Exception(_("No email information located in the public key."));
153:         }
154: 
155:         /* Get the name corresponding to this key. */
156:         if (isset($key_info['subject']['CN'])) {
157:             $name = $key_info['subject']['CN'];
158:         } elseif (isset($key_info['subject']['OU'])) {
159:             $name = $key_info['subject']['OU'];
160:         } else {
161:             $name = $email;
162:         }
163: 
164:         return array($name, $email);
165:     }
166: 
167:     /**
168:      * Returns the params needed to encrypt a message being sent to the
169:      * specified email address.
170:      *
171:      * @param string $address  The e-mail address of the recipient.
172:      *
173:      * @return array  The list of parameters needed by encrypt().
174:      * @throws Horde_Crypt_Exception
175:      */
176:     protected function _encryptParameters($address)
177:     {
178:         /* We can only encrypt if we are sending to a single person. */
179:         $addrOb = Horde_Mime_Address::bareAddress($address, $GLOBALS['session']->get('imp', 'maildomain'), true);
180:         $key_addr = array_pop($addrOb);
181: 
182:         $public_key = $this->getPublicKey($key_addr);
183: 
184:         return array(
185:             'pubkey' => $public_key,
186:             'type' => 'message'
187:         );
188:     }
189: 
190:     /**
191:      * Retrieves a public key by e-mail.
192:      * The key will be retrieved from a user's address book(s).
193:      *
194:      * @param string $address  The e-mail address to search for.
195:      *
196:      * @return string  The S/MIME public key requested.
197:      * @throws Horde_Exception
198:      */
199:     public function getPublicKey($address)
200:     {
201:         try {
202:             $key = Horde::callHook('smime_key', array($address), 'imp');
203:             if ($key) {
204:                 return $key;
205:             }
206:         } catch (Horde_Exception_HookNotSet $e) {}
207: 
208:         $params = IMP::getAddressbookSearchParams();
209: 
210:         try {
211:             $key = $GLOBALS['registry']->call('contacts/getField', array($address, self::PUBKEY_FIELD, $params['sources'], true, true));
212:         } catch (Horde_Exception $e) {
213:             /* See if the address points to the user's public key. */
214:             $identity = $GLOBALS['injector']->getInstance('IMP_Identity');
215:             $personal_pubkey = $this->getPersonalPublicKey();
216:             if (!empty($personal_pubkey) && $identity->hasAddress($address)) {
217:                 return $personal_pubkey;
218:             }
219: 
220:             throw $e;
221:         }
222: 
223:         /* If more than one public key is returned, just return the first in
224:          * the array. There is no way of knowing which is the "preferred" key,
225:          * if the keys are different. */
226:         return is_array($key) ? reset($key) : $key;
227:     }
228: 
229:     /**
230:      * Retrieves all public keys from a user's address book(s).
231:      *
232:      * @return array  All S/MIME public keys available.
233:      * @throws Horde_Crypt_Exception
234:      */
235:     public function listPublicKeys()
236:     {
237:         $params = IMP::getAddressbookSearchParams();
238:         if (empty($params['sources'])) {
239:             return array();
240:         }
241:         return $GLOBALS['registry']->call('contacts/getAllAttributeValues', array(self::PUBKEY_FIELD, $params['sources']));
242:     }
243: 
244:     /**
245:      * Deletes a public key from a user's address book(s) by e-mail.
246:      *
247:      * @param string $email  The e-mail address to delete.
248:      *
249:      * @throws Horde_Crypt_Exception
250:      */
251:     public function deletePublicKey($email)
252:     {
253:         $params = IMP::getAddressbookSearchParams();
254:         $GLOBALS['registry']->call('contacts/deleteField', array($email, self::PUBKEY_FIELD, $params['sources']));
255:     }
256: 
257:     /**
258:      * Returns the parameters needed for signing a message.
259:      *
260:      * @return array  The list of parameters needed by encrypt().
261:      */
262:     protected function _signParameters()
263:     {
264:         return array(
265:             'type' => 'signature',
266:             'pubkey' => $this->getPersonalPublicKey(),
267:             'privkey' => $this->getPersonalPrivateKey(),
268:             'passphrase' => $this->getPassphrase(),
269:             'sigtype' => 'detach',
270:             'certs' => $this->getAdditionalCert()
271:         );
272:     }
273: 
274:     /**
275:      * Verifies a signed message with a given public key.
276:      *
277:      * @param string $text  The text to verify.
278:      *
279:      * @return stdClass  See Horde_Crypt_Smime::verify().
280:      * @throws Horde_Crypt_Exception
281:      */
282:     public function verifySignature($text)
283:     {
284:         return $this->verify($text, empty($GLOBALS['conf']['openssl']['cafile']) ? array() : $GLOBALS['conf']['openssl']['cafile']);
285:     }
286: 
287:     /**
288:      * Decrypt a message with user's public/private keypair.
289:      *
290:      * @param string $text  The text to decrypt.
291:      *
292:      * @return string  See Horde_Crypt_Smime::decrypt().
293:      * @throws Horde_Crypt_Exception
294:      */
295:     public function decryptMessage($text)
296:     {
297:         return $this->decrypt($text, array(
298:             'type' => 'message',
299:             'pubkey' => $this->getPersonalPublicKey(),
300:             'privkey' => $this->getPersonalPrivateKey(),
301:             'passphrase' => $this->getPassphrase()
302:         ));
303:     }
304: 
305:     /**
306:      * Gets the user's passphrase from the session cache.
307:      *
308:      * @return mixed  The passphrase, if set.  Returns false if the passphrase
309:      *                has not been loaded yet.  Returns null if no passphrase
310:      *                is needed.
311:      */
312:     public function getPassphrase()
313:     {
314:         global $session;
315: 
316:         $private_key = $GLOBALS['prefs']->getValue('smime_private_key');
317:         if (empty($private_key)) {
318:             return false;
319:         }
320: 
321:         if ($session->exists('imp', 'smime_passphrase')) {
322:             $secret = $GLOBALS['injector']->getInstance('Horde_Secret');
323:             return $secret->read($secret->getKey('imp'), $session->get('imp', 'smime_passphrase'));
324:         } elseif (!$session->exists('imp', 'smime_null_passphrase')) {
325:             $session->set(
326:                 'imp',
327:                 'smime_null_passphrase',
328:                 $this->verifyPassphrase($private_key, null)
329:                     ? null
330:                     : false
331:             );
332:         }
333: 
334:         return $session->get('imp', 'smime_null_passphrase');
335:     }
336: 
337:     /**
338:      * Store's the user's passphrase in the session cache.
339:      *
340:      * @param string $passphrase  The user's passphrase.
341:      *
342:      * @return boolean  Returns true if correct passphrase, false if incorrect.
343:      */
344:     public function storePassphrase($passphrase)
345:     {
346:         if ($this->verifyPassphrase($this->getPersonalPrivateKey(), $passphrase) === false) {
347:             return false;
348:         }
349: 
350:         $secret = $GLOBALS['injector']->getInstance('Horde_Secret');
351:         $GLOBALS['session']->set('imp', 'smime_passphrase', $secret->write($secret->getKey('imp'), $passphrase));
352: 
353:         return true;
354:     }
355: 
356:     /**
357:      * Clear the passphrase from the session cache.
358:      */
359:     public function unsetPassphrase()
360:     {
361:         global $session;
362: 
363:         $session->remove('imp', 'smime_null_passphrase');
364:         $session->remove('imp', 'smime_passphrase');
365:     }
366: 
367:     /**
368:      * Generates the javascript code for saving public keys.
369:      *
370:      * @param string $mailbox  The mailbox of the message.
371:      * @param integer $uid     The UID of the message.
372:      * @param string $id       The MIME ID of the message.
373:      *
374:      * @return string  The URL for saving public keys.
375:      */
376:     public function savePublicKeyURL($mailbox, $uid, $id)
377:     {
378:         $params = array(
379:             'actionID' => 'save_attachment_public_key',
380:             'mailbox' => $mailbox,
381:             'uid' => $uid,
382:             'mime_id' => $id
383:         );
384:         return Horde::popupJs(Horde::url('smime.php'), array('params' => $params, 'height' => 200, 'width' => 450));
385:     }
386: 
387:     /**
388:      * Encrypt a MIME_Part using S/MIME using IMP defaults.
389:      *
390:      * @param MIME_Part $mime_part  The MIME_Part object to encrypt.
391:      * @param mixed $to_address     The e-mail address of the key to use for
392:      *                              encryption.
393:      *
394:      * @return MIME_Part  See Horde_Crypt_Smime::encryptMIMEPart().
395:      * @throws Horde_Crypt_Exception
396:      */
397:     public function IMPencryptMIMEPart($mime_part, $to_address)
398:     {
399:         return $this->encryptMIMEPart($mime_part, $this->_encryptParameters($to_address));
400:     }
401: 
402:     /**
403:      * Sign a MIME_Part using S/MIME using IMP defaults.
404:      *
405:      * @param MIME_Part $mime_part  The MIME_Part object to sign.
406:      *
407:      * @return MIME_Part  See Horde_Crypt_Smime::signMIMEPart().
408:      * @throws Horde_Crypt_Exception
409:      */
410:     public function IMPsignMIMEPart($mime_part)
411:     {
412:         return $this->signMIMEPart($mime_part, $this->_signParameters());
413:     }
414: 
415:     /**
416:      * Sign and encrypt a MIME_Part using S/MIME using IMP defaults.
417:      *
418:      * @param MIME_Part $mime_part  The MIME_Part object to sign and encrypt.
419:      * @param string $to_address    The e-mail address of the key to use for
420:      *                              encryption.
421:      *
422:      * @return MIME_Part  See Horde_Crypt_Smime::signAndencryptMIMEPart().
423:      * @throws Horde_Crypt_Exception
424:      */
425:     public function IMPsignAndEncryptMIMEPart($mime_part, $to_address)
426:     {
427:         return $this->signAndEncryptMIMEPart($mime_part, $this->_signParameters(), $this->_encryptParameters($to_address));
428:     }
429: 
430:     /**
431:      * Store the public/private/additional certificates in the preferences
432:      * from a given PKCS 12 file.
433:      *
434:      * @param string $pkcs12    The PKCS 12 data.
435:      * @param string $password  The password of the PKCS 12 file.
436:      * @param string $pkpass    The password to use to encrypt the private key.
437:      *
438:      * @throws Horde_Crypt_Exception
439:      */
440:     public function addFromPKCS12($pkcs12, $password, $pkpass = null)
441:     {
442:         $sslpath = empty($GLOBALS['conf']['openssl']['path'])
443:             ? null
444:             : $GLOBALS['conf']['openssl']['path'];
445: 
446:         $params = array('sslpath' => $sslpath, 'password' => $password);
447:         if (!empty($pkpass)) {
448:             $params['newpassword'] = $pkpass;
449:         }
450: 
451:         $result = $this->parsePKCS12Data($pkcs12, $params);
452:         $this->addPersonalPrivateKey($result->private);
453:         $this->addPersonalPublicKey($result->public);
454:         $this->addAdditionalCert($result->certs);
455:     }
456: 
457:     /**
458:      * Extract the contents from signed S/MIME data.
459:      *
460:      * @param string $data  The signed S/MIME data.
461:      *
462:      * @return string  The contents embedded in the signed data.
463:      * @throws Horde_Crypt_Exception
464:      */
465:     public function extractSignedContents($data)
466:     {
467:         $sslpath = empty($GLOBALS['conf']['openssl']['path'])
468:             ? null
469:             : $GLOBALS['conf']['openssl']['path'];
470: 
471:         return parent::extractSignedContents($data, $sslpath);
472:     }
473: 
474:     /* UI related functions. */
475: 
476:     /**
477:      * Print certificate information.
478:      *
479:      * @param string $cert  The S/MIME certificate.
480:      */
481:     public function printCertInfo($key = '')
482:     {
483:         $cert_info = $this->certToHTML($key);
484: 
485:         if (empty($cert_info)) {
486:             $this->textWindowOutput('S/MIME Key Information', _("Invalid key"));
487:         } else {
488:             $this->textWindowOutput('S/MIME Key Information', $cert_info, true);
489:         }
490:     }
491: 
492:     /**
493:      * Output text in a window.
494:      *
495:      * @param string $name  The window name.
496:      * @param string $msg   The text contents.
497:      * @param string $html  $msg is HTML format?
498:      */
499:     public function textWindowOutput($name, $msg, $html = false)
500:     {
501:         $GLOBALS['browser']->downloadHeaders($name, $html ? 'text/html' : 'text/plain; charset=' . 'UTF-8', true, strlen($msg));
502:         echo $msg;
503:     }
504: 
505:     /**
506:      * Generate import key dialog.
507:      *
508:      * @param string $target  Action ID for the UI screen.
509:      * @param string $reload  The reload cache value.
510:      */
511:     public function importKeyDialog($target, $reload)
512:     {
513:         $title = _("Import S/MIME Key");
514:         require IMP_TEMPLATES . '/common-header.inc';
515: 
516:         /* Need to use regular status notification - AJAX notifications won't
517:          * show in popup windows. */
518:         if (IMP::getViewMode() == 'dimp') {
519:             $GLOBALS['notification']->detach('status');
520:             $GLOBALS['notification']->attach('status');
521:         }
522:         IMP::status();
523: 
524:         $t = $GLOBALS['injector']->createInstance('Horde_Template');
525:         $t->setOption('gettext', true);
526:         $t->set('selfurl', Horde::url('smime.php'));
527:         $t->set('broken_mp_form', $GLOBALS['browser']->hasQuirk('broken_multipart_form'));
528:         $t->set('reload', htmlspecialchars($reload));
529:         $t->set('target', $target);
530:         $t->set('forminput', Horde_Util::formInput());
531:         $t->set('import_public_key', $target == 'process_import_public_key');
532:         $t->set('import_personal_certs', $target == 'process_import_personal_certs');
533:         echo $t->fetch(IMP_TEMPLATES . '/smime/import_key.html');
534:     }
535: 
536:     /**
537:      * Attempt to import a key from form/uploaded data.
538:      *
539:      * @param string $key  Key string.
540:      *
541:      * @return string  The key contents.
542:      * @throws Horde_Browser_Exception
543:      */
544:     public function getImportKey($key)
545:     {
546:         if (!empty($key)) {
547:             return $key;
548:         }
549: 
550:         $GLOBALS['browser']->wasFileUploaded('upload_key', _("key"));
551:         return file_get_contents($_FILES['upload_key']['tmp_name']);
552:     }
553: 
554:     /**
555:      * Reload the window.
556:      *
557:      * @param string $reload  The reload cache value.
558:      */
559:     public function reloadWindow($reload)
560:     {
561:         global $session;
562: 
563:         $href = $session->retrieve($reload);
564:         $session->purge($reload);
565: 
566:         echo Horde::wrapInlineScript(array(
567:             'opener.focus();',
568:             'opener.location.href="' . $href . '";',
569:             'window.close();'
570:         ));
571:     }
572: 
573: }
574:
Packages

Classes
