File Mime/Viewer/Smime.php

  1: <?php
  2: /**
  3:  * Copyright 2002-2014 Horde LLC (http://www.horde.org/)
  4:  *
  5:  * See the enclosed file COPYING for license information (GPL). If you
  6:  * did not receive this file, see http://www.horde.org/licenses/gpl.
  7:  *
  8:  * @category  Horde
  9:  * @copyright 2000-2014 Horde LLC
 10:  * @license   http://www.horde.org/licenses/gpl GPL
 11:  * @package   IMP
 12:  */
 13: 
 14: /**
 15:  * Renderer for viewing/decrypting of S/MIME v3.2 messages (RFC 5751).
 16:  *
 17:  * This class handles the following MIME types:
 18:  *   application/pkcs7-mime
 19:  *   application/x-pkcs7-mime
 20:  *   application/pkcs7-signature (in multipart/signed part)
 21:  *   application/x-pkcs7-signature (in multipart/signed part)
 22:  *
 23:  * This class may add the following parameters to the URL:
 24:  *   'smime_verify_msg' - (boolean) Do verification of S/MIME message.
 25:  *   'view_smime_key' - (boolean) Display the S/MIME Key.
 26:  *
 27:  * @author    Mike Cochrane <mike@graftonhall.co.nz>
 28:  * @author    Michael Slusarz <slusarz@horde.org>
 29:  * @category  Horde
 30:  * @copyright 2000-2014 Horde LLC
 31:  * @license   http://www.horde.org/licenses/gpl GPL
 32:  * @package   IMP
 33:  */
 34: class IMP_Mime_Viewer_Smime extends Horde_Mime_Viewer_Base
 35: {
 36:     /**
 37:      * This driver's display capabilities.
 38:      *
 39:      * @var array
 40:      */
 41:     protected $_capability = array(
 42:         'full' => false,
 43:         'info' => false,
 44:         'inline' => true,
 45:         'raw' => false
 46:     );
 47: 
 48:     /**
 49:      * Metadata for the current viewer/data.
 50:      *
 51:      * @var array
 52:      */
 53:     protected $_metadata = array(
 54:         'compressed' => false,
 55:         'embedded' => true,
 56:         'forceinline' => true
 57:     );
 58: 
 59:     /**
 60:      * IMP_Crypt_Smime object.
 61:      *
 62:      * @var IMP_Crypt_Smime
 63:      */
 64:     protected $_impsmime = null;
 65: 
 66:     /**
 67:      * Init the S/MIME Horde_Crypt object.
 68:      */
 69:     protected function _initSmime()
 70:     {
 71:         if (is_null($this->_impsmime) &&
 72:             $GLOBALS['prefs']->getValue('use_smime')) {
 73:             try {
 74:                 $this->_impsmime = $GLOBALS['injector']->getInstance('IMP_Crypt_Smime');
 75:                 $this->_impsmime->checkForOpenSSL();
 76:             } catch (Horde_Exception $e) {
 77:                 $this->_impsmime = null;
 78:             }
 79:         }
 80:     }
 81: 
 82:     /**
 83:      * Return the rendered inline version of the Horde_Mime_Part object.
 84:      *
 85:      * @return array  See parent::render().
 86:      */
 87:     protected function _renderInline()
 88:     {
 89:         /* Check to see if S/MIME support is available. */
 90:         $this->_initSmime();
 91: 
 92:         if ($GLOBALS['injector']->getInstance('Horde_Variables')->view_smime_key) {
 93:             return $this->_outputSmimeKey();
 94:         }
 95: 
 96:         $id = $this->_mimepart->getMimeId();
 97: 
 98:         switch ($this->_mimepart->getType()) {
 99:         case 'multipart/signed':
100:             if (!in_array($this->_mimepart->getContentTypeParameter('protocol'), array('application/pkcs7-signature', 'application/x-pkcs7-signature'))) {
101:                 return array();
102:             }
103:             $this->_parseSignedData(true);
104:             // Fall-through
105: 
106:         case 'application/pkcs7-mime':
107:         case 'application/x-pkcs7-mime':
108:             $cache = $this->getConfigParam('imp_contents')->getViewCache();
109: 
110:             if (isset($cache->smime[$id])) {
111:                 $ret = array(
112:                     $id => array(
113:                         'data' => null,
114:                         'status' => $cache->smime[$id]['status'],
115:                         'type' => 'text/plain; charset=' . $this->getConfigParam('charset'),
116:                         'wrap' => $cache->smime[$id]['wrap']
117:                     )
118:                 );
119:                 if (isset($cache->smime[$id]['sig'])) {
120:                     $ret[$cache->smime[$id]['sig']] = null;
121:                 }
122:                 return $ret;
123:             }
124:             // Fall-through
125: 
126:         default:
127:             return array();
128:         }
129:     }
130: 
131:     /**
132:      * If this MIME part can contain embedded MIME parts, and those embedded
133:      * MIME parts exist, return an altered version of the Horde_Mime_Part that
134:      * contains the embedded MIME part information.
135:      *
136:      * @return mixed  A Horde_Mime_Part with the embedded MIME part information
137:      *                or null if no embedded MIME parts exist.
138:      */
139:     protected function _getEmbeddedMimeParts()
140:     {
141:         if (!in_array($this->_mimepart->getType(), array('application/pkcs7-mime', 'application/x-pkcs7-mime'))) {
142:             return null;
143:         }
144: 
145:         // 'smime-type' must be 'enveloped-data' or 'signed-data'
146:         switch ($this->_mimepart->getContentTypeParameter('smime-type')) {
147:         case 'signed-data':
148:             return $this->_parseSignedData();
149: 
150:         case 'enveloped-data':
151:         default:
152:             /* Thunderbird bug: it doesn't include the smime-type parameter
153:              * for 'enveloped-data'. So do explicit check for enveloped
154:              * data. */
155:             return $this->_parseEnvelopedData();
156:         }
157:     }
158: 
159:     /**
160:      * Parse enveloped (encrypted) data.
161:      *
162:      * @return mixed  See self::_getEmbeddedMimeParts().
163:      */
164:     protected function _parseEnvelopedData()
165:     {
166:         $base_id = $this->_mimepart->getMimeId();
167: 
168:         /* Initialize inline data. */
169:         $status = new IMP_Mime_Status(_("The data in this part has been encrypted via S/MIME."));
170:         $status->icon('mime/encryption.png', 'S/MIME');
171: 
172:         $cache = $this->getConfigParam('imp_contents')->getViewCache();
173:         $cache->smime[$base_id] = array(
174:             'status' => $status,
175:             'wrap' => ''
176:         );
177: 
178:         /* Is PGP active? */
179:         $this->_initSmime();
180:         if (empty($this->_impsmime)) {
181:             $status->addText(_("S/MIME support is not currently enabled so the data is unable to be decrypted."));
182:             return null;
183:         }
184: 
185:         if (!$this->_impsmime->getPersonalPrivateKey()) {
186:             $status->addText(_("No personal private key exists so the data is unable to be decrypted."));
187:             return null;
188:         }
189: 
190:         /* Make sure we have a passphrase. */
191:         $passphrase = $this->_impsmime->getPassphrase();
192:         if ($passphrase === false) {
193:             $imple = $GLOBALS['injector']->getInstance('Horde_Core_Factory_Imple')->create('IMP_Ajax_Imple_PassphraseDialog', array(
194:                 'type' => 'smimePersonal'
195:             ));
196:             $status->addText(Horde::link('#', '', '', '', '', '', '', array('id' => $imple->getDomId())) . _("You must enter the passphrase for your S/MIME private key to view this data.") . '</a>');
197:             return null;
198:         }
199: 
200:         $raw_text = $this->_getPartStream($this->_mimepart->getMimeId());
201: 
202:         try {
203:             $decrypted_data = $this->_impsmime->decryptMessage($this->_mimepart->replaceEOL($raw_text, Horde_Mime_Part::RFC_EOL));
204:         } catch (Horde_Exception $e) {
205:             $status->addText($e->getMessage());
206:             return null;
207:         }
208: 
209:         $cache->smime[$base_id]['wrap'] = 'mimePartWrapValid';
210: 
211:         $new_part = Horde_Mime_Part::parseMessage($decrypted_data, array(
212:             'forcemime' => true
213:         ));
214: 
215:         switch ($new_part->getType()) {
216:         case 'application/pkcs7-mime':
217:         case 'application/x-pkcs7-mime':
218:             $signed_data = (bool)$new_part->getContentTypeParameter('smime-type');
219:             break;
220: 
221:         case 'multipart/signed':
222:             $signed_data = true;
223:             break;
224: 
225:         default:
226:             $signed_data = false;
227:             break;
228:         }
229: 
230:         if ($signed_data) {
231:             $hdrs = $this->getConfigParam('imp_contents')->getHeader();
232: 
233:             $data = new Horde_Stream_Temp();
234:             $data->add(
235:                 'From:' . $hdrs->getValue('from') . "\n" .
236:                 $decrypted_data
237:             );
238: 
239:             $new_part->setMetadata('imp-smime-decrypt', $data);
240:             $new_part->setContents($decrypted_data, array(
241:                 'encoding' => 'binary'
242:             ));
243:         }
244: 
245:         return $new_part;
246:     }
247: 
248:     /**
249:      * Parse signed data.
250:      *
251:      * @param boolean $sig_only  Only do signature checking?
252:      *
253:      * @return mixed  See self::_getEmbeddedMimeParts().
254:      */
255:     protected function _parseSignedData($sig_only = false)
256:     {
257:         $partlist = array_keys($this->_mimepart->contentTypeMap());
258:         $base_id = reset($partlist);
259:         $data_id = next($partlist);
260: 
261:         $id_ob = new Horde_Mime_Id($data_id);
262:         $sig_id = $id_ob->idArithmetic($id_ob::ID_NEXT);
263: 
264:         /* Initialize inline data. */
265:         $status = new IMP_Mime_Status(_("The data in this part has been digitally signed via S/MIME."));
266:         $status->icon('mime/encryption.png', 'S/MIME');
267: 
268:         $cache = $this->getConfigParam('imp_contents')->getViewCache();
269:         $cache->smime[$base_id] = array(
270:             'sig' => $sig_id,
271:             'status' => $status,
272:             'wrap' => 'mimePartWrap'
273:         );
274: 
275:         if (!$GLOBALS['prefs']->getValue('use_smime')) {
276:             $status->addText(_("S/MIME support is not enabled so the digital signature is unable to be verified."));
277:             return null;
278:         }
279: 
280:         /* Sanity checking to make sure MIME structure is correct. */
281:         if (!in_array($sig_id, $partlist)) {
282:             $status->action(IMP_Mime_Status::ERROR);
283:             $cache->smime[$base_id]['wrap'] = 'mimePartWrapInvalid';
284:             $status->addText(_("Invalid S/MIME data."));
285:             /* This will suppress displaying the invalid part. */
286:             $cache->smime[$base_id]['sig'] = $data_id;
287:             return null;
288:         }
289: 
290:         $imp_contents = $this->getConfigParam('imp_contents');
291:         $stream = $imp_contents->isEmbedded($base_id)
292:             ? $this->_mimepart->getMetadata('imp-smime-decrypt')->stream
293:             : $this->_getPartStream($base_id);
294:         $raw_text = $this->_mimepart->replaceEOL($stream, Horde_Mime_Part::RFC_EOL);
295: 
296:         $this->_initSmime();
297:         $sig_result = null;
298: 
299:         if ($GLOBALS['prefs']->getValue('smime_verify') ||
300:             $GLOBALS['injector']->getInstance('Horde_Variables')->smime_verify_msg) {
301:             try {
302:                 $sig_result = $this->_impsmime->verifySignature($raw_text);
303:                 if ($sig_result->verify) {
304:                     $status->action(IMP_Mime_Status::SUCCESS);
305:                 } else {
306:                     $status->action(IMP_Mime_Status::WARNING);
307:                 }
308:                 $cache->smime[$base_id]['wrap'] = 'mimePartWrapValid';
309: 
310:                 $email = is_array($sig_result->email)
311:                     ? implode(', ', $sig_result->email)
312:                     : $sig_result->email;
313: 
314:                 $status->addText($sig_result->msg);
315: 
316:                 if (!empty($sig_result->cert)) {
317:                     $cert = $this->_impsmime->parseCert($sig_result->cert);
318:                     if (isset($cert['certificate']['subject']['CommonName']) &&
319:                         (strcasecmp($email, $cert['certificate']['subject']['CommonName']) !== 0)) {
320:                         $email = $cert['certificate']['subject']['CommonName'] . ' (' . trim($email) . ')';
321:                     }
322:                 }
323: 
324:                 if (!empty($sig_result->cert) &&
325:                     isset($sig_result->email) &&
326:                     $GLOBALS['registry']->hasMethod('contacts/addField') &&
327:                     $GLOBALS['prefs']->getValue('add_source')) {
328:                     $status->addText(sprintf(_("Sender: %s"), $imp_contents->linkViewJS($this->_mimepart, 'view_attach', htmlspecialchars(strlen($email) ? $email : $sig_result->email), array(
329:                         'jstext' => _("View certificate details"),
330:                         'params' => array(
331:                             'mode' => IMP_Contents::RENDER_INLINE,
332:                             'view_smime_key' => 1
333:                         )
334:                     ))));
335: 
336:                     try {
337:                         $this->_impsmime->getPublicKey($sig_result->email);
338:                     } catch (Horde_Exception $e) {
339:                         $imple = $GLOBALS['injector']->getInstance('Horde_Core_Factory_Imple')->create('IMP_Ajax_Imple_ImportEncryptKey', array(
340:                             'mime_id' => $base_id,
341:                             'muid' => strval($imp_contents->getIndicesOb()),
342:                             'type' => 'smime'
343:                         ));
344:                         $status->addText(Horde::link('#', '', '', '', '', '', '', array('id' => $imple->getDomId())) . _("Save the certificate to your Address Book.") . '</a>');
345:                     }
346:                 } elseif (strlen($email)) {
347:                     $status->addText(sprintf(_("Sender: %s"), htmlspecialchars($email)));
348:                 }
349:             } catch (Horde_Exception $e) {
350:                 $status->action(IMP_Mime_Status::ERROR);
351:                 $cache->smime[$base_id]['wrap'] = 'mimePartWrapInvalid';
352:                 $status->addText($e->getMessage());
353:             }
354:         } else {
355:             switch ($GLOBALS['registry']->getView()) {
356:             case Horde_Registry::VIEW_BASIC:
357:                 $status->addText(Horde::link(Horde::selfUrlParams()->add('smime_verify_msg', 1)) . _("Click HERE to verify the data.") . '</a>');
358:                 break;
359: 
360:             case Horde_Registry::VIEW_DYNAMIC:
361:                 $status->addText(Horde::link('#', '', 'smimeVerifyMsg') . _("Click HERE to verify the data.") . '</a>');
362:                 break;
363:             }
364:         }
365: 
366:         if ($sig_only) {
367:             return;
368:         }
369: 
370:         $subpart = $imp_contents->getMIMEPart($sig_id);
371:         if (empty($subpart)) {
372:             try {
373:                 $msg_data = $this->_impsmime->extractSignedContents($raw_text);
374:                 $subpart = Horde_Mime_Part::parseMessage($msg_data, array('forcemime' => true));
375:             } catch (Horde_Exception $e) {
376:                 $status->addText($e->getMessage());
377:                 return null;
378:             }
379:         }
380: 
381:         return $subpart;
382:     }
383: 
384:     /**
385:      * Generates HTML output for the S/MIME key.
386:      *
387:      * @return string  The HTML output.
388:      */
389:     protected function _outputSmimeKey()
390:     {
391:         if (empty($this->_impsmime)) {
392:             return array();
393:         }
394: 
395:         $raw_text = $this->_getPartStream($this->_mimepart->getMimeId());
396: 
397:         try {
398:             $sig_result = $this->_impsmime->verifySignature($this->_mimepart->replaceEOL($raw_text, Horde_Mime_Part::RFC_EOL));
399:         } catch (Horde_Exception $e) {
400:             return array();
401:         }
402: 
403:         return array(
404:             $this->_mimepart->getMimeId() => array(
405:                 'data' => $this->_impsmime->certToHTML($sig_result->cert),
406:                 'type' => 'text/html; charset=' . $this->getConfigParam('charset')
407:             )
408:         );
409:     }
410: 
411:     /**
412:      */
413:     protected function _getPartStream($id)
414:     {
415:         return $id
416:             ? $this->getConfigParam('imp_contents')->getBodyPart($id, array('mimeheaders' => true, 'stream' => true))->data
417:             : $this->getConfigParam('imp_contents')->fullMessageText();
418:     }
419: 
420: }
421:
Packages

Classes

Interfaces
