symfony · the-pulli · May 3, 2023 · May 3, 2023 · May 3, 2023 · May 3, 2023
diff --git a/composer.json b/composer.json
@@ -141,6 +141,7 @@
        "monolog/monolog": "^1.25.1|^2",
        "nyholm/psr7": "^1.0",
        "pda/pheanstalk": "^4.0",
+        "pear/crypt_gpg": "^1.6",
        "php-http/discovery": "^1.15",
        "php-http/httplug": "^1.0|^2.0",
        "php-http/message-factory": "^1.0",

diff --git a/src/Symfony/Component/Mime/Crypto/PGPEncrypter.php b/src/Symfony/Component/Mime/Crypto/PGPEncrypter.php
@@ -0,0 +1,194 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Mime\Crypto;
+
+use Symfony\Component\Mime\Header\Headers;
+use Symfony\Component\Mime\Header\MailboxListHeader;
+use Symfony\Component\Mime\Helper\PGPSigningPreparer;
+use Symfony\Component\Mime\Message;
+use Symfony\Component\Mime\Part\Multipart\MixedPart;
+use Symfony\Component\Mime\Part\Multipart\PGPEncryptedPart;
+use Symfony\Component\Mime\Part\Multipart\PGPSignedPart;
+use Symfony\Component\Mime\Part\PGPEncryptedInitializationPart;
+use Symfony\Component\Mime\Part\PGPEncryptedMessagePart;
+use Symfony\Component\Mime\Part\PGPKeyPart;
+use Symfony\Component\Mime\Part\PGPSignaturePart;
+
+/*
+ * @author PuLLi <the@pulli.dev>
+ */
+class PGPEncrypter
+{
+    use PGPSigningPreparer;
+
+    private \Crypt_GPG $gpg;
+
+    private Headers $headers;
+
+    private ?string $signingKey = null;
+
+    public string $signature = '';
+
+    public string $signed = '';
+
+    /**
+     * @throws \Crypt_GPG_FileException
+     * @throws \PEAR_Exception
+     */
+    public function __construct(array $options = [])
+    {
+        $this->gpg = new \Crypt_GPG(
+            array_merge(
+                $options,
+                [
+                    'cipher-algo' => 'AES256',
+                    'digest-algo' => 'SHA512',
+                ]
+            )
+        );
+    }
+
+    public function signingKey(string $keyIdentifier): void
+    {
+        $this->signingKey = $keyIdentifier;
+    }
+
+    /**
+     * @throws \Crypt_GPG_Exception
+     * @throws \Crypt_GPG_KeyNotFoundException
+     */
+    public function encrypt(Message $message, bool $attachKey = false): Message
+    {
+        return $this->encryptWithOrWithoutSigning($message, false, null, $attachKey);
+    }
+
+    /**
+     * @throws \Crypt_GPG_Exception
+     * @throws \Crypt_GPG_KeyNotFoundException
+     * @throws \Crypt_GPG_BadPassphraseException
+     */
+    public function encryptAndSign(Message $message, string $passphrase = null, bool $attachKey = false): Message
+    {
+        return $this->encryptWithOrWithoutSigning($message, true, $passphrase, $attachKey);
+    }
+
+    /**
+     * @throws \Crypt_GPG_Exception
+     * @throws \Crypt_GPG_KeyNotFoundException
+     * @throws \Crypt_GPG_BadPassphraseException
+     */
+    private function encryptWithOrWithoutSigning(Message $message, bool $sign = false, string $passphrase = null, bool $attachKey = false): Message
+    {
+        $this->headers = $message->getHeaders();
+        $body = $message->getBody();
+
+        foreach ($this->getRecipients() as $recipient) {
+            $this->gpg->addEncryptKey($recipient);
+        }
+
+        if ($attachKey) {
+            $body = $this->attachPublicKey($message);
+        }
+
+        if ($sign) {
+            $this->gpg->addSignKey($this->determineSigningKey(), $passphrase);
+            $body = $this->gpg->encryptAndSign($body->toString());
+        } else {
+            $body = $this->gpg->encrypt($body->toString());
+        }
+
+        $part = new PGPEncryptedPart(
+            new PGPEncryptedInitializationPart(),
+            new PGPEncryptedMessagePart($body)
+        );
+
+        return new Message($this->headers, $part);
+    }
+
+    /**
+     * @throws \Crypt_GPG_Exception
+     * @throws \Crypt_GPG_KeyNotFoundException
+     * @throws \Crypt_GPG_BadPassphraseException
+     */
+    public function sign(Message $message, string $passphrase = null, bool $attachKey = false): Message
+    {
+        $this->headers = $message->getHeaders();
+        $body = $message->getBody()->toString();
+        $messagePart = $message->getBody();
+
+        if ($attachKey) {
+            $mixed = $this->attachPublicKey($message);
+            $body = $mixed->toString();
+            $messagePart = $mixed;
+        }
+        // TODO: find a way to normalize Message body and pass it along to PGPSignedPart
+        $body = $this->prepareMessageForSigning($messagePart, $body);
+        $this->signed = $body;
+
+        $this->gpg->addSignKey($this->determineSigningKey(), $passphrase);
+        $signature = $this->gpg->sign($body, \Crypt_GPG::SIGN_MODE_DETACHED);
+        $this->signature = $signature;
+        $part = new PGPSignedPart(
+            $messagePart,
+            new PGPSignaturePart($signature)
+        );
+
+        return new Message($this->headers, $part);
+    }
+
+    /**
+     * @throws \Crypt_GPG_Exception
+     * @throws \Crypt_GPG_KeyNotFoundException
+     */
+    private function attachPublicKey(Message $message): MixedPart
+    {
+        $publicKey = $this->gpg->exportPublicKey($this->determineSigningKey());
+        $key = new PGPKeyPart($publicKey);
+
+        // TODO: find more elegant way than to create another MixedPart, if Message is already a MixedPart
+        return new MixedPart($message->getBody(), $key);
+    }
+
+    private function getRecipients(): array
+    {
+        $recipients = [
+            $this->getAddresses('to'),
+            $this->getAddresses('cc'),
+            $this->getAddresses('bcc'),
+        ];
+
+        return array_merge(...$recipients);
+    }
+
+    private function getFrom(): string
+    {
+        return $this->getAddresses('from')[0];
+    }
+
+    private function getAddresses(string $type): array
+    {
+        $addresses = [];
+        $addressType = $this->headers->get($type);
+        if ($addressType instanceof MailboxListHeader) {
+            foreach ($addressType->getAddresses() as $address) {
+                $addresses[] = $address->getAddress();
+            }
+        }
+
+        return $addresses;
+    }
+
+    private function determineSigningKey(): string
+    {
+        return $this->signingKey ?? $this->getFrom();
+    }
+}
diff --git a/src/Symfony/Component/Mime/Helper/PGPSigningPreparer.php b/src/Symfony/Component/Mime/Helper/PGPSigningPreparer.php
@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Mime\Helper;
+
+use Symfony\Component\Mime\Part\AbstractMultipartPart;
+use Symfony\Component\Mime\Part\AbstractPart;
+
+/*
+ * @author PuLLi <the@pulli.dev>
+ *
+ */
+trait PGPSigningPreparer
+{
+    protected function normalizeLineEnding(string $text): string
+    {
+        return str_replace("\n", "\r\n", str_replace(["\r\n", "\r"], "\n", $text));
+    }
+
+    protected function prepareMessageForSigning(AbstractPart $part, string $msg): string
+    {
+        // Only text part
+        if ('text' === $part->getMediaType()) {
+            $msg = $this->getMessage($part, $msg);
+        } elseif ($part instanceof AbstractMultipartPart) {
+            // Find the text part inside the multipart
+            $msg = $this->findTextPart($part->getParts(), $msg);
+        }
+
+        return $msg;
+    }
+
+    /**
+     * @param AbstractPart[] $parts
+     */
+    protected function findTextPart(array $parts, string $msg): string
+    {
+        foreach ($parts as $part) {
+            $msg = $this->prepareMessageForSigning($part, $msg);
+        }
+
+        return $msg;
+    }
+
+    protected function getMessage(AbstractPart $part, string $msg): string
+    {
+        $textPart = $part->toString();
+        $normalizedText = $this->normalizeLineEnding($textPart);
+
+        // If text part has no extra line endings, add them
+        if (str_contains("\r\n--", $textPart)) {
+            return str_replace("$textPart\r\n--", "$normalizedText\r\n\r\n--", $msg);
+        }
+
+        return str_replace($textPart, "$normalizedText\r\n", $msg);
+    }
+}
diff --git a/src/Symfony/Component/Mime/Part/Multipart/PGPEncryptedPart.php b/src/Symfony/Component/Mime/Part/Multipart/PGPEncryptedPart.php
@@ -0,0 +1,34 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Mime\Part\Multipart;
+
+use Symfony\Component\Mime\Part\AbstractMultipartPart;
+use Symfony\Component\Mime\Part\AbstractPart;
+
+/*
+ * @author PuLLi <the@pulli.dev>
+ */
+class PGPEncryptedPart extends AbstractMultipartPart
+{
+    public function __construct(AbstractPart ...$parts)
+    {
+        parent::__construct(...$parts);
+        $this->getHeaders()->addParameterizedHeader('Content-Type', 'multipart/encrypted', [
+            'protocol' => 'application/pgp-encrypted',
+        ]);
+    }
+
+    public function getMediaSubtype(): string
+    {
+        return 'encrypted';
+    }
+}
diff --git a/src/Symfony/Component/Mime/Part/Multipart/PGPSignedPart.php b/src/Symfony/Component/Mime/Part/Multipart/PGPSignedPart.php
@@ -0,0 +1,61 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Mime\Part\Multipart;
+
+use Symfony\Component\Mime\Helper\PGPSigningPreparer;
+use Symfony\Component\Mime\Part\AbstractMultipartPart;
+use Symfony\Component\Mime\Part\AbstractPart;
+
+/*
+ * @author PuLLi <the@pulli.dev>
+ */
+class PGPSignedPart extends AbstractMultipartPart
+{
+    use PGPSigningPreparer;
+
+    public function __construct(AbstractPart ...$parts)
+    {
+        parent::__construct(...$parts);
+        $this->getHeaders()->addParameterizedHeader('Content-Type', 'multipart/signed', [
+            'micalg' => 'pgp-sha512',
+            'protocol' => 'application/pgp-signature',
+        ]);
+    }
+
+    public function getMediaSubtype(): string
+    {
+        return 'signed';
+    }
+
+    public function toString(): string
+    {
+        // We only have a text/multipart and the signature
+        $parts = $this->getParts();
+
+        return $this->prepareMessageForSigning($parts[0], parent::toString());
+    }
+
+    public function toIterable(): iterable
+    {
+        yield $this->toString();
+    }
+
+    public function bodyToString(): string
+    {
+        return "This is an OpenPGP/MIME signed message (RFC 3156 and 4880).\r\n\r\n".parent::bodyToString();
+    }
+
+    public function bodyToIterable(): iterable
+    {
+        yield $this->bodyToString();
+    }
+}