AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix various compatibility issues with PHP 8

Browse Source
This commit is contained in:
Frédéric Guillot
2022-02-08 21:44:00 -08:00
committed by Frédéric Guillot
parent f5bb55bdb8
commit 4bf3b0d459
411 changed files with 99 additions and 26046 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
libs/swiftmailer/classes/Swift/Signers/BodySigner.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
/*
* This file is part of SwiftMailer.
* (c) 2004-2009 Chris Corbyn
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* Body Signer Interface used to apply Body-Based Signature to a message.
*
* @author Xavier De Cock <xdecock@gmail.com>
*/
interface Swift_Signers_BodySigner extends Swift_Signer
{
/**
* Change the Swift_Signed_Message to apply the singing.
*
* @param Swift_Message $message
*
* @return self
*/
public function signMessage(Swift_Message $message);
/**
* Return the list of header a signer might tamper.
*
* @return array
*/
public function getAlteredHeaders();
}

712
libs/swiftmailer/classes/Swift/Signers/DKIMSigner.php Normal file
View File

@@ -0,0 +1,712 @@
<?php
/*
* This file is part of SwiftMailer.
* (c) 2004-2009 Chris Corbyn
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* DKIM Signer used to apply DKIM Signature to a message.
*
* @author Xavier De Cock <xdecock@gmail.com>
*/
class Swift_Signers_DKIMSigner implements Swift_Signers_HeaderSigner
{
/**
* PrivateKey.
*
* @var string
*/
protected $_privateKey;
/**
* DomainName.
*
* @var string
*/
protected $_domainName;
/**
* Selector.
*
* @var string
*/
protected $_selector;
/**
* Hash algorithm used.
*
* @see RFC6376 3.3: Signers MUST implement and SHOULD sign using rsa-sha256.
*
* @var string
*/
protected $_hashAlgorithm = 'rsa-sha256';
/**
* Body canon method.
*
* @var string
*/
protected $_bodyCanon = 'simple';
/**
* Header canon method.
*
* @var string
*/
protected $_headerCanon = 'simple';
/**
* Headers not being signed.
*
* @var array
*/
protected $_ignoredHeaders = array('return-path' => true);
/**
* Signer identity.
*
* @var string
*/
protected $_signerIdentity;
/**
* BodyLength.
*
* @var int
*/
protected $_bodyLen = 0;
/**
* Maximum signedLen.
*
* @var int
*/
protected $_maxLen = PHP_INT_MAX;
/**
* Embbed bodyLen in signature.
*
* @var bool
*/
protected $_showLen = false;
/**
* When the signature has been applied (true means time()), false means not embedded.
*
* @var mixed
*/
protected $_signatureTimestamp = true;
/**
* When will the signature expires false means not embedded, if sigTimestamp is auto
* Expiration is relative, otherwise it's absolute.
*
* @var int
*/
protected $_signatureExpiration = false;
/**
* Must we embed signed headers?
*
* @var bool
*/
protected $_debugHeaders = false;
// work variables
/**
* Headers used to generate hash.
*
* @var array
*/
protected $_signedHeaders = array();
/**
* If debugHeaders is set store debugData here.
*
* @var string
*/
private $_debugHeadersData = '';
/**
* Stores the bodyHash.
*
* @var string
*/
private $_bodyHash = '';
/**
* Stores the signature header.
*
* @var Swift_Mime_Headers_ParameterizedHeader
*/
protected $_dkimHeader;
private $_bodyHashHandler;
private $_headerHash;
private $_headerCanonData = '';
private $_bodyCanonEmptyCounter = 0;
private $_bodyCanonIgnoreStart = 2;
private $_bodyCanonSpace = false;
private $_bodyCanonLastChar = null;
private $_bodyCanonLine = '';
private $_bound = array();
/**
* Constructor.
*
* @param string $privateKey
* @param string $domainName
* @param string $selector
*/
public function __construct($privateKey, $domainName, $selector)
{
$this->_privateKey = $privateKey;
$this->_domainName = $domainName;
$this->_signerIdentity = '@'.$domainName;
$this->_selector = $selector;
// keep fallback hash algorithm sha1 if php version is lower than 5.4.8
if (PHP_VERSION_ID < 50408) {
$this->_hashAlgorithm = 'rsa-sha1';
}
}
/**
* Instanciate DKIMSigner.
*
* @param string $privateKey
* @param string $domainName
* @param string $selector
*
* @return self
*/
public static function newInstance($privateKey, $domainName, $selector)
{
return new static($privateKey, $domainName, $selector);
}
/**
* Reset the Signer.
*
* @see Swift_Signer::reset()
*/
public function reset()
{
$this->_headerHash = null;
$this->_signedHeaders = array();
$this->_bodyHash = null;
$this->_bodyHashHandler = null;
$this->_bodyCanonIgnoreStart = 2;
$this->_bodyCanonEmptyCounter = 0;
$this->_bodyCanonLastChar = null;
$this->_bodyCanonSpace = false;
}
/**
* Writes $bytes to the end of the stream.
*
* Writing may not happen immediately if the stream chooses to buffer. If
* you want to write these bytes with immediate effect, call {@link commit()}
* after calling write().
*
* This method returns the sequence ID of the write (i.e. 1 for first, 2 for
* second, etc etc).
*
* @param string $bytes
*
* @throws Swift_IoException
*
* @return int
*/
// TODO fix return
public function write($bytes)
{
$this->_canonicalizeBody($bytes);
foreach ($this->_bound as $is) {
$is->write($bytes);
}
}
/**
* For any bytes that are currently buffered inside the stream, force them
* off the buffer.
*/
public function commit()
{
// Nothing to do
return;
}
/**
* Attach $is to this stream.
* The stream acts as an observer, receiving all data that is written.
* All {@link write()} and {@link flushBuffers()} operations will be mirrored.
*
* @param Swift_InputByteStream $is
*/
public function bind(Swift_InputByteStream $is)
{
// Don't have to mirror anything
$this->_bound[] = $is;
return;
}
/**
* Remove an already bound stream.
* If $is is not bound, no errors will be raised.
* If the stream currently has any buffered data it will be written to $is
* before unbinding occurs.
*
* @param Swift_InputByteStream $is
*/
public function unbind(Swift_InputByteStream $is)
{
// Don't have to mirror anything
foreach ($this->_bound as $k => $stream) {
if ($stream === $is) {
unset($this->_bound[$k]);
return;
}
}
}
/**
* Flush the contents of the stream (empty it) and set the internal pointer
* to the beginning.
*
* @throws Swift_IoException
*/
public function flushBuffers()
{
$this->reset();
}
/**
* Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1.
*
* @param string $hash 'rsa-sha1' or 'rsa-sha256'
*
* @throws Swift_SwiftException
*
* @return $this
*/
public function setHashAlgorithm($hash)
{
switch ($hash) {
case 'rsa-sha1':
$this->_hashAlgorithm = 'rsa-sha1';
break;
case 'rsa-sha256':
$this->_hashAlgorithm = 'rsa-sha256';
if (!defined('OPENSSL_ALGO_SHA256')) {
throw new Swift_SwiftException('Unable to set sha256 as it is not supported by OpenSSL.');
}
break;
default:
throw new Swift_SwiftException('Unable to set the hash algorithm, must be one of rsa-sha1 or rsa-sha256 (%s given).', $hash);
}
return $this;
}
/**
* Set the body canonicalization algorithm.
*
* @param string $canon
*
* @return $this
*/
public function setBodyCanon($canon)
{
if ($canon == 'relaxed') {
$this->_bodyCanon = 'relaxed';
} else {
$this->_bodyCanon = 'simple';
}
return $this;
}
/**
* Set the header canonicalization algorithm.
*
* @param string $canon
*
* @return $this
*/
public function setHeaderCanon($canon)
{
if ($canon == 'relaxed') {
$this->_headerCanon = 'relaxed';
} else {
$this->_headerCanon = 'simple';
}
return $this;
}
/**
* Set the signer identity.
*
* @param string $identity
*
* @return $this
*/
public function setSignerIdentity($identity)
{
$this->_signerIdentity = $identity;
return $this;
}
/**
* Set the length of the body to sign.
*
* @param mixed $len (bool or int)
*
* @return $this
*/
public function setBodySignedLen($len)
{
if ($len === true) {
$this->_showLen = true;
$this->_maxLen = PHP_INT_MAX;
} elseif ($len === false) {
$this->_showLen = false;
$this->_maxLen = PHP_INT_MAX;
} else {
$this->_showLen = true;
$this->_maxLen = (int) $len;
}
return $this;
}
/**
* Set the signature timestamp.
*
* @param int $time A timestamp
*
* @return $this
*/
public function setSignatureTimestamp($time)
{
$this->_signatureTimestamp = $time;
return $this;
}
/**
* Set the signature expiration timestamp.
*
* @param int $time A timestamp
*
* @return $this
*/
public function setSignatureExpiration($time)
{
$this->_signatureExpiration = $time;
return $this;
}
/**
* Enable / disable the DebugHeaders.
*
* @param bool $debug
*
* @return Swift_Signers_DKIMSigner
*/
public function setDebugHeaders($debug)
{
$this->_debugHeaders = (bool) $debug;
return $this;
}
/**
* Start Body.
*/
public function startBody()
{
// Init
switch ($this->_hashAlgorithm) {
case 'rsa-sha256':
$this->_bodyHashHandler = hash_init('sha256');
break;
case 'rsa-sha1':
$this->_bodyHashHandler = hash_init('sha1');
break;
}
$this->_bodyCanonLine = '';
}
/**
* End Body.
*/
public function endBody()
{
$this->_endOfBody();
}
/**
* Returns the list of Headers Tampered by this plugin.
*
* @return array
*/
public function getAlteredHeaders()
{
if ($this->_debugHeaders) {
return array('DKIM-Signature', 'X-DebugHash');
} else {
return array('DKIM-Signature');
}
}
/**
* Adds an ignored Header.
*
* @param string $header_name
*
* @return Swift_Signers_DKIMSigner
*/
public function ignoreHeader($header_name)
{
$this->_ignoredHeaders[strtolower($header_name)] = true;
return $this;
}
/**
* Set the headers to sign.
*
* @param Swift_Mime_HeaderSet $headers
*
* @return Swift_Signers_DKIMSigner
*/
public function setHeaders(Swift_Mime_HeaderSet $headers)
{
$this->_headerCanonData = '';
// Loop through Headers
$listHeaders = $headers->listAll();
foreach ($listHeaders as $hName) {
// Check if we need to ignore Header
if (!isset($this->_ignoredHeaders[strtolower($hName)])) {
if ($headers->has($hName)) {
$tmp = $headers->getAll($hName);
foreach ($tmp as $header) {
if ($header->getFieldBody() != '') {
$this->_addHeader($header->toString());
$this->_signedHeaders[] = $header->getFieldName();
}
}
}
}
}
return $this;
}
/**
* Add the signature to the given Headers.
*
* @param Swift_Mime_HeaderSet $headers
*
* @return Swift_Signers_DKIMSigner
*/
public function addSignature(Swift_Mime_HeaderSet $headers)
{
// Prepare the DKIM-Signature
$params = array('v' => '1', 'a' => $this->_hashAlgorithm, 'bh' => base64_encode($this->_bodyHash), 'd' => $this->_domainName, 'h' => implode(': ', $this->_signedHeaders), 'i' => $this->_signerIdentity, 's' => $this->_selector);
if ($this->_bodyCanon != 'simple') {
$params['c'] = $this->_headerCanon.'/'.$this->_bodyCanon;
} elseif ($this->_headerCanon != 'simple') {
$params['c'] = $this->_headerCanon;
}
if ($this->_showLen) {
$params['l'] = $this->_bodyLen;
}
if ($this->_signatureTimestamp === true) {
$params['t'] = time();
if ($this->_signatureExpiration !== false) {
$params['x'] = $params['t'] + $this->_signatureExpiration;
}
} else {
if ($this->_signatureTimestamp !== false) {
$params['t'] = $this->_signatureTimestamp;
}
if ($this->_signatureExpiration !== false) {
$params['x'] = $this->_signatureExpiration;
}
}
if ($this->_debugHeaders) {
$params['z'] = implode('|', $this->_debugHeadersData);
}
$string = '';
foreach ($params as $k => $v) {
$string .= $k.'='.$v.'; ';
}
$string = trim($string);
$headers->addTextHeader('DKIM-Signature', $string);
// Add the last DKIM-Signature
$tmp = $headers->getAll('DKIM-Signature');
$this->_dkimHeader = end($tmp);
$this->_addHeader(trim($this->_dkimHeader->toString())."\r\n b=", true);
$this->_endOfHeaders();
if ($this->_debugHeaders) {
$headers->addTextHeader('X-DebugHash', base64_encode($this->_headerHash));
}
$this->_dkimHeader->setValue($string.' b='.trim(chunk_split(base64_encode($this->_getEncryptedHash()), 73, ' ')));
return $this;
}
/* Private helpers */
protected function _addHeader($header, $is_sig = false)
{
switch ($this->_headerCanon) {
case 'relaxed':
// Prepare Header and cascade
$exploded = explode(':', $header, 2);
$name = strtolower(trim($exploded[0]));
$value = str_replace("\r\n", '', $exploded[1]);
$value = preg_replace("/[ \t][ \t]+/", ' ', $value);
$header = $name.':'.trim($value).($is_sig ? '' : "\r\n");
case 'simple':
// Nothing to do
}
$this->_addToHeaderHash($header);
}
/**
* @deprecated This method is currently useless in this class but it must be
* kept for BC reasons due to its "protected" scope. This method
* might be overridden by custom client code.
*/
protected function _endOfHeaders()
{
}
protected function _canonicalizeBody($string)
{
$len = strlen($string);
$canon = '';
$method = ($this->_bodyCanon == 'relaxed');
for ($i = 0; $i < $len; ++$i) {
if ($this->_bodyCanonIgnoreStart > 0) {
--$this->_bodyCanonIgnoreStart;
continue;
}
switch ($string[$i]) {
case "\r":
$this->_bodyCanonLastChar = "\r";
break;
case "\n":
if ($this->_bodyCanonLastChar == "\r") {
if ($method) {
$this->_bodyCanonSpace = false;
}
if ($this->_bodyCanonLine == '') {
++$this->_bodyCanonEmptyCounter;
} else {
$this->_bodyCanonLine = '';
$canon .= "\r\n";
}
} else {
// Wooops Error
// todo handle it but should never happen
}
break;
case ' ':
case "\t":
if ($method) {
$this->_bodyCanonSpace = true;
break;
}
default:
if ($this->_bodyCanonEmptyCounter > 0) {
$canon .= str_repeat("\r\n", $this->_bodyCanonEmptyCounter);
$this->_bodyCanonEmptyCounter = 0;
}
if ($this->_bodyCanonSpace) {
$this->_bodyCanonLine .= ' ';
$canon .= ' ';
$this->_bodyCanonSpace = false;
}
$this->_bodyCanonLine .= $string[$i];
$canon .= $string[$i];
}
}
$this->_addToBodyHash($canon);
}
protected function _endOfBody()
{
// Add trailing Line return if last line is non empty
if (strlen($this->_bodyCanonLine) > 0) {
$this->_addToBodyHash("\r\n");
}
$this->_bodyHash = hash_final($this->_bodyHashHandler, true);
}
private function _addToBodyHash($string)
{
$len = strlen($string);
if ($len > ($new_len = ($this->_maxLen - $this->_bodyLen))) {
$string = substr($string, 0, $new_len);
$len = $new_len;
}
hash_update($this->_bodyHashHandler, $string);
$this->_bodyLen += $len;
}
private function _addToHeaderHash($header)
{
if ($this->_debugHeaders) {
$this->_debugHeadersData[] = trim($header);
}
$this->_headerCanonData .= $header;
}
/**
* @throws Swift_SwiftException
*
* @return string
*/
private function _getEncryptedHash()
{
$signature = '';
switch ($this->_hashAlgorithm) {
case 'rsa-sha1':
$algorithm = OPENSSL_ALGO_SHA1;
break;
case 'rsa-sha256':
$algorithm = OPENSSL_ALGO_SHA256;
break;
}
$pkeyId = openssl_get_privatekey($this->_privateKey);
if (!$pkeyId) {
throw new Swift_SwiftException('Unable to load DKIM Private Key ['.openssl_error_string().']');
}
if (openssl_sign($this->_headerCanonData, $signature, $pkeyId, $algorithm)) {
return $signature;
}
throw new Swift_SwiftException('Unable to sign DKIM Hash ['.openssl_error_string().']');
}
}

524
libs/swiftmailer/classes/Swift/Signers/DomainKeySigner.php Normal file
View File

@@ -0,0 +1,524 @@
<?php
/*
* This file is part of SwiftMailer.
* (c) 2004-2009 Chris Corbyn
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* DomainKey Signer used to apply DomainKeys Signature to a message.
*
* @author Xavier De Cock <xdecock@gmail.com>
*/
class Swift_Signers_DomainKeySigner implements Swift_Signers_HeaderSigner
{
/**
* PrivateKey.
*
* @var string
*/
protected $_privateKey;
/**
* DomainName.
*
* @var string
*/
protected $_domainName;
/**
* Selector.
*
* @var string
*/
protected $_selector;
/**
* Hash algorithm used.
*
* @var string
*/
protected $_hashAlgorithm = 'rsa-sha1';
/**
* Canonisation method.
*
* @var string
*/
protected $_canon = 'simple';
/**
* Headers not being signed.
*
* @var array
*/
protected $_ignoredHeaders = array();
/**
* Signer identity.
*
* @var string
*/
protected $_signerIdentity;
/**
* Must we embed signed headers?
*
* @var bool
*/
protected $_debugHeaders = false;
// work variables
/**
* Headers used to generate hash.
*
* @var array
*/
private $_signedHeaders = array();
/**
* Stores the signature header.
*
* @var Swift_Mime_Headers_ParameterizedHeader
*/
protected $_domainKeyHeader;
/**
* Hash Handler.
*
* @var resource|null
*/
private $_hashHandler;
private $_hash;
private $_canonData = '';
private $_bodyCanonEmptyCounter = 0;
private $_bodyCanonIgnoreStart = 2;
private $_bodyCanonSpace = false;
private $_bodyCanonLastChar = null;
private $_bodyCanonLine = '';
private $_bound = array();
/**
* Constructor.
*
* @param string $privateKey
* @param string $domainName
* @param string $selector
*/
public function __construct($privateKey, $domainName, $selector)
{
$this->_privateKey = $privateKey;
$this->_domainName = $domainName;
$this->_signerIdentity = '@'.$domainName;
$this->_selector = $selector;
}
/**
* Instanciate DomainKeySigner.
*
* @param string $privateKey
* @param string $domainName
* @param string $selector
*
* @return self
*/
public static function newInstance($privateKey, $domainName, $selector)
{
return new static($privateKey, $domainName, $selector);
}
/**
* Resets internal states.
*
* @return $this
*/
public function reset()
{
$this->_hash = null;
$this->_hashHandler = null;
$this->_bodyCanonIgnoreStart = 2;
$this->_bodyCanonEmptyCounter = 0;
$this->_bodyCanonLastChar = null;
$this->_bodyCanonSpace = false;
return $this;
}
/**
* Writes $bytes to the end of the stream.
*
* Writing may not happen immediately if the stream chooses to buffer. If
* you want to write these bytes with immediate effect, call {@link commit()}
* after calling write().
*
* This method returns the sequence ID of the write (i.e. 1 for first, 2 for
* second, etc etc).
*
* @param string $bytes
*
* @throws Swift_IoException
*
* @return $this
*/
public function write($bytes)
{
$this->_canonicalizeBody($bytes);
foreach ($this->_bound as $is) {
$is->write($bytes);
}
return $this;
}
/**
* For any bytes that are currently buffered inside the stream, force them
* off the buffer.
*
* @throws Swift_IoException
*
* @return $this
*/
public function commit()
{
// Nothing to do
return $this;
}
/**
* Attach $is to this stream.
* The stream acts as an observer, receiving all data that is written.
* All {@link write()} and {@link flushBuffers()} operations will be mirrored.
*
* @param Swift_InputByteStream $is
*
* @return $this
*/
public function bind(Swift_InputByteStream $is)
{
// Don't have to mirror anything
$this->_bound[] = $is;
return $this;
}
/**
* Remove an already bound stream.
* If $is is not bound, no errors will be raised.
* If the stream currently has any buffered data it will be written to $is
* before unbinding occurs.
*
* @param Swift_InputByteStream $is
*
* @return $this
*/
public function unbind(Swift_InputByteStream $is)
{
// Don't have to mirror anything
foreach ($this->_bound as $k => $stream) {
if ($stream === $is) {
unset($this->_bound[$k]);
break;
}
}
return $this;
}
/**
* Flush the contents of the stream (empty it) and set the internal pointer
* to the beginning.
*
* @throws Swift_IoException
*
* @return $this
*/
public function flushBuffers()
{
$this->reset();
return $this;
}
/**
* Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1 defaults to rsa-sha256.
*
* @param string $hash
*
* @return $this
*/
public function setHashAlgorithm($hash)
{
$this->_hashAlgorithm = 'rsa-sha1';
return $this;
}
/**
* Set the canonicalization algorithm.
*
* @param string $canon simple | nofws defaults to simple
*
* @return $this
*/
public function setCanon($canon)
{
if ($canon == 'nofws') {
$this->_canon = 'nofws';
} else {
$this->_canon = 'simple';
}
return $this;
}
/**
* Set the signer identity.
*
* @param string $identity
*
* @return $this
*/
public function setSignerIdentity($identity)
{
$this->_signerIdentity = $identity;
return $this;
}
/**
* Enable / disable the DebugHeaders.
*
* @param bool $debug
*
* @return $this
*/
public function setDebugHeaders($debug)
{
$this->_debugHeaders = (bool) $debug;
return $this;
}
/**
* Start Body.
*/
public function startBody()
{
}
/**
* End Body.
*/
public function endBody()
{
$this->_endOfBody();
}
/**
* Returns the list of Headers Tampered by this plugin.
*
* @return array
*/
public function getAlteredHeaders()
{
if ($this->_debugHeaders) {
return array('DomainKey-Signature', 'X-DebugHash');
}
return array('DomainKey-Signature');
}
/**
* Adds an ignored Header.
*
* @param string $header_name
*
* @return $this
*/
public function ignoreHeader($header_name)
{
$this->_ignoredHeaders[strtolower($header_name)] = true;
return $this;
}
/**
* Set the headers to sign.
*
* @param Swift_Mime_HeaderSet $headers
*
* @return $this
*/
public function setHeaders(Swift_Mime_HeaderSet $headers)
{
$this->_startHash();
$this->_canonData = '';
// Loop through Headers
$listHeaders = $headers->listAll();
foreach ($listHeaders as $hName) {
// Check if we need to ignore Header
if (!isset($this->_ignoredHeaders[strtolower($hName)])) {
if ($headers->has($hName)) {
$tmp = $headers->getAll($hName);
foreach ($tmp as $header) {
if ($header->getFieldBody() != '') {
$this->_addHeader($header->toString());
$this->_signedHeaders[] = $header->getFieldName();
}
}
}
}
}
$this->_endOfHeaders();
return $this;
}
/**
* Add the signature to the given Headers.
*
* @param Swift_Mime_HeaderSet $headers
*
* @return $this
*/
public function addSignature(Swift_Mime_HeaderSet $headers)
{
// Prepare the DomainKey-Signature Header
$params = array('a' => $this->_hashAlgorithm, 'b' => chunk_split(base64_encode($this->_getEncryptedHash()), 73, ' '), 'c' => $this->_canon, 'd' => $this->_domainName, 'h' => implode(': ', $this->_signedHeaders), 'q' => 'dns', 's' => $this->_selector);
$string = '';
foreach ($params as $k => $v) {
$string .= $k.'='.$v.'; ';
}
$string = trim($string);
$headers->addTextHeader('DomainKey-Signature', $string);
return $this;
}
/* Private helpers */
protected function _addHeader($header)
{
switch ($this->_canon) {
case 'nofws':
// Prepare Header and cascade
$exploded = explode(':', $header, 2);
$name = strtolower(trim($exploded[0]));
$value = str_replace("\r\n", '', $exploded[1]);
$value = preg_replace("/[ \t][ \t]+/", ' ', $value);
$header = $name.':'.trim($value)."\r\n";
case 'simple':
// Nothing to do
}
$this->_addToHash($header);
}
protected function _endOfHeaders()
{
$this->_bodyCanonEmptyCounter = 1;
}
protected function _canonicalizeBody($string)
{
$len = strlen($string);
$canon = '';
$nofws = ($this->_canon == 'nofws');
for ($i = 0; $i < $len; ++$i) {
if ($this->_bodyCanonIgnoreStart > 0) {
--$this->_bodyCanonIgnoreStart;
continue;
}
switch ($string[$i]) {
case "\r":
$this->_bodyCanonLastChar = "\r";
break;
case "\n":
if ($this->_bodyCanonLastChar == "\r") {
if ($nofws) {
$this->_bodyCanonSpace = false;
}
if ($this->_bodyCanonLine == '') {
++$this->_bodyCanonEmptyCounter;
} else {
$this->_bodyCanonLine = '';
$canon .= "\r\n";
}
} else {
// Wooops Error
throw new Swift_SwiftException('Invalid new line sequence in mail found \n without preceding \r');
}
break;
case ' ':
case "\t":
case "\x09": //HTAB
if ($nofws) {
$this->_bodyCanonSpace = true;
break;
}
default:
if ($this->_bodyCanonEmptyCounter > 0) {
$canon .= str_repeat("\r\n", $this->_bodyCanonEmptyCounter);
$this->_bodyCanonEmptyCounter = 0;
}
$this->_bodyCanonLine .= $string[$i];
$canon .= $string[$i];
}
}
$this->_addToHash($canon);
}
protected function _endOfBody()
{
if (strlen($this->_bodyCanonLine) > 0) {
$this->_addToHash("\r\n");
}
$this->_hash = hash_final($this->_hashHandler, true);
}
private function _addToHash($string)
{
$this->_canonData .= $string;
hash_update($this->_hashHandler, $string);
}
private function _startHash()
{
// Init
switch ($this->_hashAlgorithm) {
case 'rsa-sha1':
$this->_hashHandler = hash_init('sha1');
break;
}
$this->_bodyCanonLine = '';
}
/**
* @throws Swift_SwiftException
*
* @return string
*/
private function _getEncryptedHash()
{
$signature = '';
$pkeyId = openssl_get_privatekey($this->_privateKey);
if (!$pkeyId) {
throw new Swift_SwiftException('Unable to load DomainKey Private Key ['.openssl_error_string().']');
}
if (openssl_sign($this->_canonData, $signature, $pkeyId, OPENSSL_ALGO_SHA1)) {
return $signature;
}
throw new Swift_SwiftException('Unable to sign DomainKey Hash ['.openssl_error_string().']');
}
}

65
libs/swiftmailer/classes/Swift/Signers/HeaderSigner.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
/*
* This file is part of SwiftMailer.
* (c) 2004-2009 Chris Corbyn
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* Header Signer Interface used to apply Header-Based Signature to a message.
*
* @author Xavier De Cock <xdecock@gmail.com>
*/
interface Swift_Signers_HeaderSigner extends Swift_Signer, Swift_InputByteStream
{
/**
* Exclude an header from the signed headers.
*
* @param string $header_name
*
* @return self
*/
public function ignoreHeader($header_name);
/**
* Prepare the Signer to get a new Body.
*
* @return self
*/
public function startBody();
/**
* Give the signal that the body has finished streaming.
*
* @return self
*/
public function endBody();
/**
* Give the headers already given.
*
* @param Swift_Mime_SimpleHeaderSet $headers
*
* @return self
*/
public function setHeaders(Swift_Mime_HeaderSet $headers);
/**
* Add the header(s) to the headerSet.
*
* @param Swift_Mime_HeaderSet $headers
*
* @return self
*/
public function addSignature(Swift_Mime_HeaderSet $headers);
/**
* Return the list of header a signer might tamper.
*
* @return array
*/
public function getAlteredHeaders();
}

190
libs/swiftmailer/classes/Swift/Signers/OpenDKIMSigner.php Normal file
View File

@@ -0,0 +1,190 @@
<?php
/*
* This file is part of SwiftMailer.
* (c) 2004-2009 Chris Corbyn
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* DKIM Signer used to apply DKIM Signature to a message
* Takes advantage of pecl extension.
*
* @author Xavier De Cock <xdecock@gmail.com>
*/
class Swift_Signers_OpenDKIMSigner extends Swift_Signers_DKIMSigner
{
private $_peclLoaded = false;
private $_dkimHandler = null;
private $dropFirstLF = true;
const CANON_RELAXED = 1;
const CANON_SIMPLE = 2;
const SIG_RSA_SHA1 = 3;
const SIG_RSA_SHA256 = 4;
public function __construct($privateKey, $domainName, $selector)
{
if (!extension_loaded('opendkim')) {
throw new Swift_SwiftException('php-opendkim extension not found');
}
$this->_peclLoaded = true;
parent::__construct($privateKey, $domainName, $selector);
}
public static function newInstance($privateKey, $domainName, $selector)
{
return new static($privateKey, $domainName, $selector);
}
public function addSignature(Swift_Mime_HeaderSet $headers)
{
$header = new Swift_Mime_Headers_OpenDKIMHeader('DKIM-Signature');
$headerVal = $this->_dkimHandler->getSignatureHeader();
if (!$headerVal) {
throw new Swift_SwiftException('OpenDKIM Error: '.$this->_dkimHandler->getError());
}
$header->setValue($headerVal);
$headers->set($header);
return $this;
}
public function setHeaders(Swift_Mime_HeaderSet $headers)
{
$bodyLen = $this->_bodyLen;
if (is_bool($bodyLen)) {
$bodyLen = -1;
}
$hash = $this->_hashAlgorithm == 'rsa-sha1' ? OpenDKIMSign::ALG_RSASHA1 : OpenDKIMSign::ALG_RSASHA256;
$bodyCanon = $this->_bodyCanon == 'simple' ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
$headerCanon = $this->_headerCanon == 'simple' ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
$this->_dkimHandler = new OpenDKIMSign($this->_privateKey, $this->_selector, $this->_domainName, $headerCanon, $bodyCanon, $hash, $bodyLen);
// Hardcode signature Margin for now
$this->_dkimHandler->setMargin(78);
if (!is_numeric($this->_signatureTimestamp)) {
OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, time());
} else {
if (!OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, $this->_signatureTimestamp)) {
throw new Swift_SwiftException('Unable to force signature timestamp ['.openssl_error_string().']');
}
}
if (isset($this->_signerIdentity)) {
$this->_dkimHandler->setSigner($this->_signerIdentity);
}
$listHeaders = $headers->listAll();
foreach ($listHeaders as $hName) {
// Check if we need to ignore Header
if (!isset($this->_ignoredHeaders[strtolower($hName)])) {
$tmp = $headers->getAll($hName);
if ($headers->has($hName)) {
foreach ($tmp as $header) {
if ($header->getFieldBody() != '') {
$htosign = $header->toString();
$this->_dkimHandler->header($htosign);
$this->_signedHeaders[] = $header->getFieldName();
}
}
}
}
}
return $this;
}
public function startBody()
{
if (!$this->_peclLoaded) {
return parent::startBody();
}
$this->dropFirstLF = true;
$this->_dkimHandler->eoh();
return $this;
}
public function endBody()
{
if (!$this->_peclLoaded) {
return parent::endBody();
}
$this->_dkimHandler->eom();
return $this;
}
public function reset()
{
$this->_dkimHandler = null;
parent::reset();
return $this;
}
/**
* Set the signature timestamp.
*
* @param int $time
*
* @return $this
*/
public function setSignatureTimestamp($time)
{
$this->_signatureTimestamp = $time;
return $this;
}
/**
* Set the signature expiration timestamp.
*
* @param int $time
*
* @return $this
*/
public function setSignatureExpiration($time)
{
$this->_signatureExpiration = $time;
return $this;
}
/**
* Enable / disable the DebugHeaders.
*
* @param bool $debug
*
* @return $this
*/
public function setDebugHeaders($debug)
{
$this->_debugHeaders = (bool) $debug;
return $this;
}
// Protected
protected function _canonicalizeBody($string)
{
if (!$this->_peclLoaded) {
return parent::_canonicalizeBody($string);
}
if (false && $this->dropFirstLF === true) {
if ($string[0] == "\r" && $string[1] == "\n") {
$string = substr($string, 2);
}
}
$this->dropFirstLF = false;
if (strlen($string)) {
$this->_dkimHandler->body($string);
}
}
}

436
libs/swiftmailer/classes/Swift/Signers/SMimeSigner.php Normal file
View File

@@ -0,0 +1,436 @@
<?php
/*
* This file is part of SwiftMailer.
* (c) 2004-2009 Chris Corbyn
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* MIME Message Signer used to apply S/MIME Signature/Encryption to a message.
*
*
* @author Romain-Geissler
* @author Sebastiaan Stok <s.stok@rollerscapes.net>
*/
class Swift_Signers_SMimeSigner implements Swift_Signers_BodySigner
{
protected $signCertificate;
protected $signPrivateKey;
protected $encryptCert;
protected $signThenEncrypt = true;
protected $signLevel;
protected $encryptLevel;
protected $signOptions;
protected $encryptOptions;
protected $encryptCipher;
protected $extraCerts = null;
/**
* @var Swift_StreamFilters_StringReplacementFilterFactory
*/
protected $replacementFactory;
/**
* @var Swift_Mime_HeaderFactory
*/
protected $headerFactory;
/**
* Constructor.
*
* @param string|null $signCertificate
* @param string|null $signPrivateKey
* @param string|null $encryptCertificate
*/
public function __construct($signCertificate = null, $signPrivateKey = null, $encryptCertificate = null)
{
if (null !== $signPrivateKey) {
$this->setSignCertificate($signCertificate, $signPrivateKey);
}
if (null !== $encryptCertificate) {
$this->setEncryptCertificate($encryptCertificate);
}
$this->replacementFactory = Swift_DependencyContainer::getInstance()
->lookup('transport.replacementfactory');
$this->signOptions = PKCS7_DETACHED;
// Supported since php5.4
if (defined('OPENSSL_CIPHER_AES_128_CBC')) {
$this->encryptCipher = OPENSSL_CIPHER_AES_128_CBC;
} else {
$this->encryptCipher = OPENSSL_CIPHER_RC2_128;
}
}
/**
* Returns an new Swift_Signers_SMimeSigner instance.
*
* @param string $certificate
* @param string $privateKey
*
* @return self
*/
public static function newInstance($certificate = null, $privateKey = null)
{
return new self($certificate, $privateKey);
}
/**
* Set the certificate location to use for signing.
*
* @see http://www.php.net/manual/en/openssl.pkcs7.flags.php
*
* @param string $certificate
* @param string|array $privateKey If the key needs an passphrase use array('file-location', 'passphrase') instead
* @param int $signOptions Bitwise operator options for openssl_pkcs7_sign()
* @param string $extraCerts A file containing intermediate certificates needed by the signing certificate
*
* @return $this
*/
public function setSignCertificate($certificate, $privateKey = null, $signOptions = PKCS7_DETACHED, $extraCerts = null)
{
$this->signCertificate = 'file://'.str_replace('\\', '/', realpath($certificate));
if (null !== $privateKey) {
if (is_array($privateKey)) {
$this->signPrivateKey = $privateKey;
$this->signPrivateKey[0] = 'file://'.str_replace('\\', '/', realpath($privateKey[0]));
} else {
$this->signPrivateKey = 'file://'.str_replace('\\', '/', realpath($privateKey));
}
}
$this->signOptions = $signOptions;
if (null !== $extraCerts) {
$this->extraCerts = str_replace('\\', '/', realpath($extraCerts));
}
return $this;
}
/**
* Set the certificate location to use for encryption.
*
* @see http://www.php.net/manual/en/openssl.pkcs7.flags.php
* @see http://nl3.php.net/manual/en/openssl.ciphers.php
*
* @param string|array $recipientCerts Either an single X.509 certificate, or an assoc array of X.509 certificates.
* @param int $cipher
*
* @return $this
*/
public function setEncryptCertificate($recipientCerts, $cipher = null)
{
if (is_array($recipientCerts)) {
$this->encryptCert = array();
foreach ($recipientCerts as $cert) {
$this->encryptCert[] = 'file://'.str_replace('\\', '/', realpath($cert));
}
} else {
$this->encryptCert = 'file://'.str_replace('\\', '/', realpath($recipientCerts));
}
if (null !== $cipher) {
$this->encryptCipher = $cipher;
}
return $this;
}
/**
* @return string
*/
public function getSignCertificate()
{
return $this->signCertificate;
}
/**
* @return string
*/
public function getSignPrivateKey()
{
return $this->signPrivateKey;
}
/**
* Set perform signing before encryption.
*
* The default is to first sign the message and then encrypt.
* But some older mail clients, namely Microsoft Outlook 2000 will work when the message first encrypted.
* As this goes against the official specs, its recommended to only use 'encryption -> signing' when specifically targeting these 'broken' clients.
*
* @param bool $signThenEncrypt
*
* @return $this
*/
public function setSignThenEncrypt($signThenEncrypt = true)
{
$this->signThenEncrypt = $signThenEncrypt;
return $this;
}
/**
* @return bool
*/
public function isSignThenEncrypt()
{
return $this->signThenEncrypt;
}
/**
* Resets internal states.
*
* @return $this
*/
public function reset()
{
return $this;
}
/**
* Change the Swift_Message to apply the signing.
*
* @param Swift_Message $message
*
* @return $this
*/
public function signMessage(Swift_Message $message)
{
if (null === $this->signCertificate && null === $this->encryptCert) {
return $this;
}
// Store the message using ByteStream to a file{1}
// Remove all Children
// Sign file{1}, parse the new MIME headers and set them on the primary MimeEntity
// Set the singed-body as the new body (without boundary)
$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
$this->toSMimeByteStream($messageStream, $message);
$message->setEncoder(Swift_DependencyContainer::getInstance()->lookup('mime.rawcontentencoder'));
$message->setChildren(array());
$this->streamToMime($messageStream, $message);
}
/**
* Return the list of header a signer might tamper.
*
* @return array
*/
public function getAlteredHeaders()
{
return array('Content-Type', 'Content-Transfer-Encoding', 'Content-Disposition');
}
/**
* @param Swift_InputByteStream $inputStream
* @param Swift_Message $mimeEntity
*/
protected function toSMimeByteStream(Swift_InputByteStream $inputStream, Swift_Message $message)
{
$mimeEntity = $this->createMessage($message);
$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
$mimeEntity->toByteStream($messageStream);
$messageStream->commit();
if (null !== $this->signCertificate && null !== $this->encryptCert) {
$temporaryStream = new Swift_ByteStream_TemporaryFileByteStream();
if ($this->signThenEncrypt) {
$this->messageStreamToSignedByteStream($messageStream, $temporaryStream);
$this->messageStreamToEncryptedByteStream($temporaryStream, $inputStream);
} else {
$this->messageStreamToEncryptedByteStream($messageStream, $temporaryStream);
$this->messageStreamToSignedByteStream($temporaryStream, $inputStream);
}
} elseif ($this->signCertificate !== null) {
$this->messageStreamToSignedByteStream($messageStream, $inputStream);
} else {
$this->messageStreamToEncryptedByteStream($messageStream, $inputStream);
}
}
/**
* @param Swift_Message $message
*
* @return Swift_Message
*/
protected function createMessage(Swift_Message $message)
{
$mimeEntity = new Swift_Message('', $message->getBody(), $message->getContentType(), $message->getCharset());
$mimeEntity->setChildren($message->getChildren());
$messageHeaders = $mimeEntity->getHeaders();
$messageHeaders->remove('Message-ID');
$messageHeaders->remove('Date');
$messageHeaders->remove('Subject');
$messageHeaders->remove('MIME-Version');
$messageHeaders->remove('To');
$messageHeaders->remove('From');
return $mimeEntity;
}
/**
* @param Swift_FileStream $outputStream
* @param Swift_InputByteStream $inputStream
*
* @throws Swift_IoException
*/
protected function messageStreamToSignedByteStream(Swift_FileStream $outputStream, Swift_InputByteStream $inputStream)
{
$signedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
$args = array($outputStream->getPath(), $signedMessageStream->getPath(), $this->signCertificate, $this->signPrivateKey, array(), $this->signOptions);
if (null !== $this->extraCerts) {
$args[] = $this->extraCerts;
}
if (!call_user_func_array('openssl_pkcs7_sign', $args)) {
throw new Swift_IoException(sprintf('Failed to sign S/Mime message. Error: "%s".', openssl_error_string()));
}
$this->copyFromOpenSSLOutput($signedMessageStream, $inputStream);
}
/**
* @param Swift_FileStream $outputStream
* @param Swift_InputByteStream $is
*
* @throws Swift_IoException
*/
protected function messageStreamToEncryptedByteStream(Swift_FileStream $outputStream, Swift_InputByteStream $is)
{
$encryptedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
if (!openssl_pkcs7_encrypt($outputStream->getPath(), $encryptedMessageStream->getPath(), $this->encryptCert, array(), 0, $this->encryptCipher)) {
throw new Swift_IoException(sprintf('Failed to encrypt S/Mime message. Error: "%s".', openssl_error_string()));
}
$this->copyFromOpenSSLOutput($encryptedMessageStream, $is);
}
/**
* @param Swift_OutputByteStream $fromStream
* @param Swift_InputByteStream $toStream
*/
protected function copyFromOpenSSLOutput(Swift_OutputByteStream $fromStream, Swift_InputByteStream $toStream)
{
$bufferLength = 4096;
$filteredStream = new Swift_ByteStream_TemporaryFileByteStream();
$filteredStream->addFilter($this->replacementFactory->createFilter("\r\n", "\n"), 'CRLF to LF');
$filteredStream->addFilter($this->replacementFactory->createFilter("\n", "\r\n"), 'LF to CRLF');
while (false !== ($buffer = $fromStream->read($bufferLength))) {
$filteredStream->write($buffer);
}
$filteredStream->flushBuffers();
while (false !== ($buffer = $filteredStream->read($bufferLength))) {
$toStream->write($buffer);
}
$toStream->commit();
}
/**
* Merges an OutputByteStream to Swift_Message.
*
* @param Swift_OutputByteStream $fromStream
* @param Swift_Message $message
*/
protected function streamToMime(Swift_OutputByteStream $fromStream, Swift_Message $message)
{
$bufferLength = 78;
$headerData = '';
$fromStream->setReadPointer(0);
while (($buffer = $fromStream->read($bufferLength)) !== false) {
$headerData .= $buffer;
if (false !== strpos($buffer, "\r\n\r\n")) {
break;
}
}
$headersPosEnd = strpos($headerData, "\r\n\r\n");
$headerData = trim($headerData);
$headerData = substr($headerData, 0, $headersPosEnd);
$headerLines = explode("\r\n", $headerData);
unset($headerData);
$headers = array();
$currentHeaderName = '';
foreach ($headerLines as $headerLine) {
// Line separated
if (ctype_space($headerLines[0]) || false === strpos($headerLine, ':')) {
$headers[$currentHeaderName] .= ' '.trim($headerLine);
continue;
}
$header = explode(':', $headerLine, 2);
$currentHeaderName = strtolower($header[0]);
$headers[$currentHeaderName] = trim($header[1]);
}
$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
$messageStream->addFilter($this->replacementFactory->createFilter("\r\n", "\n"), 'CRLF to LF');
$messageStream->addFilter($this->replacementFactory->createFilter("\n", "\r\n"), 'LF to CRLF');
$messageHeaders = $message->getHeaders();
// No need to check for 'application/pkcs7-mime', as this is always base64
if ('multipart/signed;' === substr($headers['content-type'], 0, 17)) {
if (!preg_match('/boundary=("[^"]+"|(?:[^\s]+|$))/is', $headers['content-type'], $contentTypeData)) {
throw new Swift_SwiftException('Failed to find Boundary parameter');
}
$boundary = trim($contentTypeData['1'], '"');
// Skip the header and CRLF CRLF
$fromStream->setReadPointer($headersPosEnd + 4);
while (false !== ($buffer = $fromStream->read($bufferLength))) {
$messageStream->write($buffer);
}
$messageStream->commit();
$messageHeaders->remove('Content-Transfer-Encoding');
$message->setContentType($headers['content-type']);
$message->setBoundary($boundary);
$message->setBody($messageStream);
} else {
$fromStream->setReadPointer($headersPosEnd + 4);
if (null === $this->headerFactory) {
$this->headerFactory = Swift_DependencyContainer::getInstance()->lookup('mime.headerfactory');
}
$message->setContentType($headers['content-type']);
$messageHeaders->set($this->headerFactory->createTextHeader('Content-Transfer-Encoding', $headers['content-transfer-encoding']));
$messageHeaders->set($this->headerFactory->createTextHeader('Content-Disposition', $headers['content-disposition']));
while (false !== ($buffer = $fromStream->read($bufferLength))) {
$messageStream->write($buffer);
}
$messageStream->commit();
$message->setBody($messageStream);
}
}
}