Seditio Source
Root |
./othercms/elxis_5.3_atlas_rev2452/includes/libraries/swift/classes/Swift/Signers/DomainKeySigner.php
<?php

/*
 * This file is part of SwiftMailer.
 * (c) 2004-2009 Chris Corbyn
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

/**
 * DomainKey Signer used to apply DomainKeys Signature to a message.
 *
 * @author Xavier De Cock <xdecock@gmail.com>
 */
class Swift_Signers_DomainKeySigner implements Swift_Signers_HeaderSigner
{
   
/**
     * PrivateKey.
     *
     * @var string
     */
   
protected $_privateKey;

   
/**
     * DomainName.
     *
     * @var string
     */
   
protected $_domainName;

   
/**
     * Selector.
     *
     * @var string
     */
   
protected $_selector;

   
/**
     * Hash algorithm used.
     *
     * @var string
     */
   
protected $_hashAlgorithm = 'rsa-sha1';

   
/**
     * Canonisation method.
     *
     * @var string
     */
   
protected $_canon = 'simple';

   
/**
     * Headers not being signed.
     *
     * @var array
     */
   
protected $_ignoredHeaders = array();

   
/**
     * Signer identity.
     *
     * @var string
     */
   
protected $_signerIdentity;

   
/**
     * Must we embed signed headers?
     *
     * @var bool
     */
   
protected $_debugHeaders = false;

   
// work variables
    /**
     * Headers used to generate hash.
     *
     * @var array
     */
   
private $_signedHeaders = array();

   
/**
     * Stores the signature header.
     *
     * @var Swift_Mime_Headers_ParameterizedHeader
     */
   
protected $_domainKeyHeader;

   
/**
     * Hash Handler.
     *
     * @var resource|null
     */
   
private $_hashHandler;

    private
$_hash;

    private
$_canonData = '';

    private
$_bodyCanonEmptyCounter = 0;

    private
$_bodyCanonIgnoreStart = 2;

    private
$_bodyCanonSpace = false;

    private
$_bodyCanonLastChar = null;

    private
$_bodyCanonLine = '';

    private
$_bound = array();

   
/**
     * Constructor.
     *
     * @param string $privateKey
     * @param string $domainName
     * @param string $selector
     */
   
public function __construct($privateKey, $domainName, $selector)
    {
       
$this->_privateKey = $privateKey;
       
$this->_domainName = $domainName;
       
$this->_signerIdentity = '@'.$domainName;
       
$this->_selector = $selector;
    }

   
/**
     * Instanciate DomainKeySigner.
     *
     * @param string $privateKey
     * @param string $domainName
     * @param string $selector
     *
     * @return self
     */
   
public static function newInstance($privateKey, $domainName, $selector)
    {
        return new static(
$privateKey, $domainName, $selector);
    }

   
/**
     * Resets internal states.
     *
     * @return $this
     */
   
public function reset()
    {
       
$this->_hash = null;
       
$this->_hashHandler = null;
       
$this->_bodyCanonIgnoreStart = 2;
       
$this->_bodyCanonEmptyCounter = 0;
       
$this->_bodyCanonLastChar = null;
       
$this->_bodyCanonSpace = false;

        return
$this;
    }

   
/**
     * Writes $bytes to the end of the stream.
     *
     * Writing may not happen immediately if the stream chooses to buffer.  If
     * you want to write these bytes with immediate effect, call {@link commit()}
     * after calling write().
     *
     * This method returns the sequence ID of the write (i.e. 1 for first, 2 for
     * second, etc etc).
     *
     * @param string $bytes
     *
     * @throws Swift_IoException
     *
     * @return $this
     */
   
public function write($bytes)
    {
       
$this->_canonicalizeBody($bytes);
        foreach (
$this->_bound as $is) {
           
$is->write($bytes);
        }

        return
$this;
    }

   
/**
     * For any bytes that are currently buffered inside the stream, force them
     * off the buffer.
     *
     * @throws Swift_IoException
     *
     * @return $this
     */
   
public function commit()
    {
       
// Nothing to do
       
return $this;
    }

   
/**
     * Attach $is to this stream.
     * The stream acts as an observer, receiving all data that is written.
     * All {@link write()} and {@link flushBuffers()} operations will be mirrored.
     *
     * @param Swift_InputByteStream $is
     *
     * @return $this
     */
   
public function bind(Swift_InputByteStream $is)
    {
       
// Don't have to mirror anything
       
$this->_bound[] = $is;

        return
$this;
    }

   
/**
     * Remove an already bound stream.
     * If $is is not bound, no errors will be raised.
     * If the stream currently has any buffered data it will be written to $is
     * before unbinding occurs.
     *
     * @param Swift_InputByteStream $is
     *
     * @return $this
     */
   
public function unbind(Swift_InputByteStream $is)
    {
       
// Don't have to mirror anything
       
foreach ($this->_bound as $k => $stream) {
            if (
$stream === $is) {
                unset(
$this->_bound[$k]);

                break;
            }
        }

        return
$this;
    }

   
/**
     * Flush the contents of the stream (empty it) and set the internal pointer
     * to the beginning.
     *
     * @throws Swift_IoException
     *
     * @return $this
     */
   
public function flushBuffers()
    {
       
$this->reset();

        return
$this;
    }

   
/**
     * Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1 defaults to rsa-sha256.
     *
     * @param string $hash
     *
     * @return $this
     */
   
public function setHashAlgorithm($hash)
    {
       
$this->_hashAlgorithm = 'rsa-sha1';

        return
$this;
    }

   
/**
     * Set the canonicalization algorithm.
     *
     * @param string $canon simple | nofws defaults to simple
     *
     * @return $this
     */
   
public function setCanon($canon)
    {
        if (
$canon == 'nofws') {
           
$this->_canon = 'nofws';
        } else {
           
$this->_canon = 'simple';
        }

        return
$this;
    }

   
/**
     * Set the signer identity.
     *
     * @param string $identity
     *
     * @return $this
     */
   
public function setSignerIdentity($identity)
    {
       
$this->_signerIdentity = $identity;

        return
$this;
    }

   
/**
     * Enable / disable the DebugHeaders.
     *
     * @param bool $debug
     *
     * @return $this
     */
   
public function setDebugHeaders($debug)
    {
       
$this->_debugHeaders = (bool) $debug;

        return
$this;
    }

   
/**
     * Start Body.
     */
   
public function startBody()
    {
    }

   
/**
     * End Body.
     */
   
public function endBody()
    {
       
$this->_endOfBody();
    }

   
/**
     * Returns the list of Headers Tampered by this plugin.
     *
     * @return array
     */
   
public function getAlteredHeaders()
    {
        if (
$this->_debugHeaders) {
            return array(
'DomainKey-Signature', 'X-DebugHash');
        }

        return array(
'DomainKey-Signature');
    }

   
/**
     * Adds an ignored Header.
     *
     * @param string $header_name
     *
     * @return $this
     */
   
public function ignoreHeader($header_name)
    {
       
$this->_ignoredHeaders[strtolower($header_name)] = true;

        return
$this;
    }

   
/**
     * Set the headers to sign.
     *
     * @param Swift_Mime_HeaderSet $headers
     *
     * @return $this
     */
   
public function setHeaders(Swift_Mime_HeaderSet $headers)
    {
       
$this->_startHash();
       
$this->_canonData = '';
       
// Loop through Headers
       
$listHeaders = $headers->listAll();
        foreach (
$listHeaders as $hName) {
           
// Check if we need to ignore Header
           
if (!isset($this->_ignoredHeaders[strtolower($hName)])) {
                if (
$headers->has($hName)) {
                   
$tmp = $headers->getAll($hName);
                    foreach (
$tmp as $header) {
                        if (
$header->getFieldBody() != '') {
                           
$this->_addHeader($header->toString());
                           
$this->_signedHeaders[] = $header->getFieldName();
                        }
                    }
                }
            }
        }
       
$this->_endOfHeaders();

        return
$this;
    }

   
/**
     * Add the signature to the given Headers.
     *
     * @param Swift_Mime_HeaderSet $headers
     *
     * @return $this
     */
   
public function addSignature(Swift_Mime_HeaderSet $headers)
    {
       
// Prepare the DomainKey-Signature Header
       
$params = array('a' => $this->_hashAlgorithm, 'b' => chunk_split(base64_encode($this->_getEncryptedHash()), 73, ' '), 'c' => $this->_canon, 'd' => $this->_domainName, 'h' => implode(': ', $this->_signedHeaders), 'q' => 'dns', 's' => $this->_selector);
       
$string = '';
        foreach (
$params as $k => $v) {
           
$string .= $k.'='.$v.'; ';
        }
       
$string = trim($string);
       
$headers->addTextHeader('DomainKey-Signature', $string);

        return
$this;
    }

   
/* Private helpers */

   
protected function _addHeader($header)
    {
        switch (
$this->_canon) {
            case
'nofws':
               
// Prepare Header and cascade
               
$exploded = explode(':', $header, 2);
               
$name = strtolower(trim($exploded[0]));
               
$value = str_replace("\r\n", '', $exploded[1]);
               
$value = preg_replace("/[ \t][ \t]+/", ' ', $value);
               
$header = $name.':'.trim($value)."\r\n";
            case
'simple':
               
// Nothing to do
       
}
       
$this->_addToHash($header);
    }

    protected function
_endOfHeaders()
    {
       
$this->_bodyCanonEmptyCounter = 1;
    }

    protected function
_canonicalizeBody($string)
    {
       
$len = strlen($string);
       
$canon = '';
       
$nofws = ($this->_canon == 'nofws');
        for (
$i = 0; $i < $len; ++$i) {
            if (
$this->_bodyCanonIgnoreStart > 0) {
                --
$this->_bodyCanonIgnoreStart;
                continue;
            }
            switch (
$string[$i]) {
                case
"\r":
                   
$this->_bodyCanonLastChar = "\r";
                    break;
                case
"\n":
                    if (
$this->_bodyCanonLastChar == "\r") {
                        if (
$nofws) {
                           
$this->_bodyCanonSpace = false;
                        }
                        if (
$this->_bodyCanonLine == '') {
                            ++
$this->_bodyCanonEmptyCounter;
                        } else {
                           
$this->_bodyCanonLine = '';
                           
$canon .= "\r\n";
                        }
                    } else {
                       
// Wooops Error
                       
throw new Swift_SwiftException('Invalid new line sequence in mail found \n without preceding \r');
                    }
                    break;
                case
' ':
                case
"\t":
                case
"\x09": //HTAB
                   
if ($nofws) {
                       
$this->_bodyCanonSpace = true;
                        break;
                    }
                default:
                    if (
$this->_bodyCanonEmptyCounter > 0) {
                       
$canon .= str_repeat("\r\n", $this->_bodyCanonEmptyCounter);
                       
$this->_bodyCanonEmptyCounter = 0;
                    }
                   
$this->_bodyCanonLine .= $string[$i];
                   
$canon .= $string[$i];
            }
        }
       
$this->_addToHash($canon);
    }

    protected function
_endOfBody()
    {
        if (
strlen($this->_bodyCanonLine) > 0) {
           
$this->_addToHash("\r\n");
        }
       
$this->_hash = hash_final($this->_hashHandler, true);
    }

    private function
_addToHash($string)
    {
       
$this->_canonData .= $string;
       
hash_update($this->_hashHandler, $string);
    }

    private function
_startHash()
    {
       
// Init
       
switch ($this->_hashAlgorithm) {
            case
'rsa-sha1':
               
$this->_hashHandler = hash_init('sha1');
                break;
        }
       
$this->_bodyCanonLine = '';
    }

   
/**
     * @throws Swift_SwiftException
     *
     * @return string
     */
   
private function _getEncryptedHash()
    {
       
$signature = '';
       
$pkeyId = openssl_get_privatekey($this->_privateKey);
        if (!
$pkeyId) {
            throw new
Swift_SwiftException('Unable to load DomainKey Private Key ['.openssl_error_string().']');
        }
        if (
openssl_sign($this->_canonData, $signature, $pkeyId, OPENSSL_ALGO_SHA1)) {
            return
$signature;
        }
        throw new
Swift_SwiftException('Unable to sign DomainKey Hash  ['.openssl_error_string().']');
    }
}