/**
* Tries to decrypt an S/MIME message using a private key
*
* @param array &$info The array of information about a message
* @param array $structure The structure of this part
* @param array $smime_pair An associative array containing an S/MIME certificate, private key and password
* @return boolean If the message was decrypted
*/
private static function handleSMIMEDecryption(&$info, $structure, $smime_pair)
{
$plaintext_file = tempnam('', '__fMailbox_');
$ciphertext_file = tempnam('', '__fMailbox_');
$headers = array();
$headers[] = "Content-Type: " . $structure['type'] . '/' . $structure['subtype'];
$headers[] = "Content-Transfer-Encoding: " . $structure['encoding'];
$header = "Content-Disposition: " . $structure['disposition'];
foreach ($structure['disposition_fields'] as $field => $value) {
$header .= '; ' . $field . '="' . $value . '"';
}
$headers[] = $header;
file_put_contents($ciphertext_file, join("\r\n", $headers) . "\r\n\r\n" . $structure['data']);
$private_key = openssl_pkey_get_private($smime_pair['private_key']->read(), $smime_pair['password']);
$certificate = $smime_pair['certificate']->read();
$result = openssl_pkcs7_decrypt($ciphertext_file, $plaintext_file, $certificate, $private_key);
unlink($ciphertext_file);
if (!$result) {
unlink($plaintext_file);
return FALSE;
}
$contents = file_get_contents($plaintext_file);
$info['raw_message'] = $contents;
$info = self::handlePart($info, self::parseStructure($contents));
$info['decrypted'] = TRUE;
unlink($plaintext_file);
return TRUE;
}
<?php
function myErrorHandler($errno, $errstr, $errfile, $errline)
{
var_dump($errstr);
}
set_error_handler("myErrorHandler");
$a = 1;
$b = 1;
$c = new stdclass();
$d = new stdclass();
var_dump(openssl_pkcs7_decrypt($a, $b, $c, $d));
var_dump($c);
var_dump(openssl_pkcs7_decrypt($b, $b, $b, $b));
var_dump(openssl_pkcs7_decrypt($a, $b, "", ""));
var_dump(openssl_pkcs7_decrypt($a, $b, true, false));
var_dump(openssl_pkcs7_decrypt($a, $b, 0, 0));
echo "Done\n";
/**
* Decrypt an S/MIME encrypted message using a private/public keypair
* and a passhprase.
*
* @param string $text The text to be decrypted.
* @param array $params The parameters needed for decryption.
* <pre>
* Parameters:
* ===========
* 'type' => 'message' (REQUIRED)
* 'pubkey' => public key. (REQUIRED)
* 'privkey' => private key. (REQUIRED)
* 'passphrase' => Passphrase for Key. (REQUIRED)
* </pre>
*
* @return string The decrypted message.
* @throws Horde_Crypt_Exception
*/
protected function _decryptMessage($text, $params)
{
/* Check for required parameters. */
if (!isset($params['pubkey']) || !isset($params['privkey']) || !array_key_exists('passphrase', $params)) {
throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("A public S/MIME key, private S/MIME key, and passphrase are required to decrypt a message."));
}
/* Create temp files for input/output. */
$input = $this->_createTempFile('horde-smime');
$output = $this->_createTempFile('horde-smime');
/* Store message in file. */
file_put_contents($input, $text);
unset($text);
$privkey = is_null($params['passphrase']) ? $params['privkey'] : array($params['privkey'], $params['passphrase']);
if (openssl_pkcs7_decrypt($input, $output, $params['pubkey'], $privkey)) {
return file_get_contents($output);
}
throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("Could not decrypt S/MIME data."));
}
public function testEncryptThenSignMessage()
{
$message = Swift_SignedMessage::newInstance('Wonderful Subject')->setFrom(array('*****@*****.**' => 'John Doe'))->setTo(array('*****@*****.**', '*****@*****.**' => 'A name'))->setBody('Here is the message itself');
$originalMessage = $this->cleanMessage($message->toString());
$signer = Swift_Signers_SMimeSigner::newInstance();
$signer->setSignCertificate($this->samplesDir . 'smime/sign.crt', $this->samplesDir . 'smime/sign.key');
$signer->setEncryptCertificate($this->samplesDir . 'smime/encrypt.crt');
$signer->setSignThenEncrypt(false);
$message->attachSigner($signer);
$messageStream = $this->newFilteredStream();
$message->toByteStream($messageStream);
$messageStream->commit();
$entityString = $messageStream->getContent();
$headers = self::getHeadersOfMessage($entityString);
if (!($boundary = $this->getBoundary($headers['content-type']))) {
return false;
}
$expectedBody = <<<OEL
This is an S/MIME signed message
--{$boundary}
(?P<encrypted_message>MIME-Version: 1\\.0
Content-Disposition: attachment; filename="smime\\.p7m"
Content-Type: application/(x\\-)?pkcs7-mime; smime-type=enveloped-data; name="smime\\.p7m"
Content-Transfer-Encoding: base64
(?:^[a-zA-Z0-9\\/\\r\\n+]*={0,2})
)--{$boundary}
Content-Type: application/(x\\-)?pkcs7-signature; name="smime\\.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime\\.p7s"
(?:^[a-zA-Z0-9\\/\\r\\n+]*={0,2})
--{$boundary}--
OEL;
if (!$this->assertValidVerify($expectedBody, $messageStream)) {
return false;
}
$expectedBody = str_replace("\n", "\r\n", $expectedBody);
if (!preg_match('%' . $expectedBody . '*%m', $entityString, $entities)) {
$this->fail('Failed regex match.');
return false;
}
$messageStreamClean = new Swift_ByteStream_TemporaryFileByteStream();
$messageStreamClean->write($entities['encrypted_message']);
$decryptedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
if (!openssl_pkcs7_decrypt($messageStreamClean->getPath(), $decryptedMessageStream->getPath(), 'file://' . $this->samplesDir . 'smime/encrypt.crt', array('file://' . $this->samplesDir . 'smime/encrypt.key', 'swift'))) {
$this->fail(sprintf('Decrypt of the message failed. Internal error "%s".', openssl_error_string()));
}
$this->assertEquals($originalMessage, $decryptedMessageStream->getContent());
unset($messageStreamClean, $messageStream, $decryptedMessageStream);
}
public static function toOutputArray(array &$response, \GO\Email\Model\ImapMessage $imapMessage)
{
if ($imapMessage->content_type == 'application/x-pkcs7-mime') {
$imapMessage->content_type = 'application/pkcs7-mime';
}
if ($imapMessage->content_type == 'application/pkcs7-mime' && isset($imapMessage->content_type_attributes['smime-type']) && $imapMessage->content_type_attributes['smime-type'] == 'signed-data') {
//signed data but not in clear text. Outlook has this option.
$outfile = \GO\Base\Fs\File::tempFile();
$imapMessage->getImapConnection()->save_to_file($imapMessage->uid, $outfile->path());
$verifyOutfile = \GO\Base\Fs\File::tempFile();
// $cmd = '/usr/bin/openssl smime -verify -in ' . $outfile->path() . ' -out ' . $verifyOutfile->path();
// exec($cmd);
//
//PHP can't output the verified data without the signature without
//suppling the extracerts option. We generated a dummy certificate for
//this.
openssl_pkcs7_verify($outfile->path(), null, "/dev/null", array(), GO::config()->root_path . "modules/smime/dummycert.pem", $verifyOutfile->path());
$message = \GO\Email\Model\SavedMessage::model()->createFromMimeData($verifyOutfile->getContents());
//remove temp files
$outfile->delete();
$verifyOutfile->delete();
$newResponse = $message->toOutputArray(true);
unset($newResponse['to']);
unset($newResponse['cc']);
foreach ($newResponse as $key => $value) {
if (!empty($value) || $key == 'attachments') {
$response[$key] = $value;
}
}
// $response['path'] = $outfile->stripTempPath();
return;
}
if ($imapMessage->content_type == 'application/pkcs7-mime') {
$encrypted = !isset($imapMessage->content_type_attributes['smime-type']) || $imapMessage->content_type_attributes['smime-type'] != 'signed-data';
if ($encrypted) {
GO::debug("Message is encrypted");
$cert = Model\Certificate::model()->findByPk($imapMessage->account->id);
if (!$cert || empty($cert->cert)) {
GO::debug('SMIME: No private key at all found for this account');
$response['htmlbody'] = GO::t('noPrivateKeyForDecrypt', 'smime');
return false;
}
if (isset($_REQUEST['password'])) {
GO::session()->values['smime']['passwords'][$imapMessage->account->id] = $_REQUEST['password'];
}
if (!isset(GO::session()->values['smime']['passwords'][$imapMessage->account->id])) {
$response['askPassword'] = true;
GO::debug("Need to ask for password");
return false;
}
}
$attachments = $imapMessage->getAttachments();
$att = array_shift($attachments);
// array (
// 'type' => 'application',
// 'subtype' => 'pkcs7-mime',
// 'smime-type' => 'enveloped-data',
// 'name' => 'smime.p7m',
// 'id' => false,
// 'encoding' => 'base64',
// 'size' => '2302',
// 'md5' => false,
// 'disposition' => false,
// 'language' => false,
// 'location' => false,
// 'charset' => false,
// 'lines' => false,
// 'number' => 1,
// 'extension' => 'p7m',
// 'human_size' => '2,2 KB',
// 'tmp_file' => false,
// )
$infile = \GO\Base\Fs\File::tempFile();
$outfile = \GO\Base\Fs\File::tempFile();
//$outfilerel = $reldir . 'unencrypted.txt';
if ($encrypted) {
GO::debug('Message is encrypted');
// $imapMessage->getImapConnection()->save_to_file($imapMessage->uid, $infile->path(), 'TEXT', 'base64');
// throw new \Exception($infile->path());
if (!$imapMessage->saveToFile($infile->path())) {
throw new \Exception("Could not save IMAP message to file for decryption");
}
$password = GO::session()->values['smime']['passwords'][$imapMessage->account->id];
openssl_pkcs12_read($cert->cert, $certs, $password);
if (empty($certs)) {
//password invalid
$response['askPassword'] = true;
GO::debug("Invalid password");
return false;
}
$return = openssl_pkcs7_decrypt($infile->path(), $outfile->path(), $certs['cert'], array($certs['pkey'], $password));
$infile->delete();
if (!$return || !$outfile->exists() || !$outfile->size()) {
$response['htmlbody'] = GO::t('decryptionFailed', 'smime') . '<br />';
while ($str = openssl_error_string()) {
$response['htmlbody'] .= '<br />' . $str;
}
GO::debug("Decryption failed");
return false;
} else {
//check if also signed
$data = $outfile->getContents();
if (strpos($data, 'signed-data')) {
$verifyOutfile = \GO\Base\Fs\File::tempFile();
openssl_pkcs7_verify($outfile->path(), null, "/dev/null", array(), GO::config()->root_path . "modules/smime/dummycert.pem", $verifyOutfile->path());
$outfile = $verifyOutfile;
}
$message = \GO\Email\Model\SavedMessage::model()->createFromMimeData($outfile->getContents());
$newResponse = $message->toOutputArray(true);
unset($newResponse['to']);
unset($newResponse['to_string']);
unset($newResponse['cc']);
foreach ($newResponse as $key => $value) {
if (!empty($value) || $key == 'attachments') {
$response[$key] = $value;
}
}
$response['smime_encrypted'] = true;
//$response['path']=$outfile->stripTempPath();
$outfile->delete();
}
} else {
GO::debug('Message is NOT encrypted');
}
}
}
die("failed to get a temporary filename!");
}
$outfile2 = tempnam("/tmp", "ssl");
if ($outfile2 === false) {
die("failed to get a temporary filename!");
}
$single_cert = "file://" . dirname(__FILE__) . "/cert.crt";
$privkey = "file://" . dirname(__FILE__) . "/private.key";
$multi_certs = array($single_cert, $single_cert);
$assoc_headers = array("To" => "test@test", "Subject" => "testing openssl_pkcs7_encrypt()");
$headers = array("test@test", "testing openssl_pkcs7_encrypt()");
$empty_headers = array();
$wrong = "wrong";
$empty = "";
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers));
var_dump(openssl_pkcs7_decrypt($outfile, $outfile2, $single_cert, $privkey));
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers));
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers));
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $wrong));
var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers));
var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers));
var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers));
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers));
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers));
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty));
var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers));
if (file_exists($outfile)) {
echo "true\n";
unlink($outfile);
}
if (file_exists($outfile2)) {
public function decrypt($encMsg)
{
$invoice = time();
$filehash = $invoice . '_' . time();
$respfile = $this->decryptPath . 'resp_' . $filehash;
$decfile = $this->decryptPath . 'dec_' . $filehash;
$msgfile = $this->decryptPath . 'msg_' . $filehash;
file_put_contents($respfile, $encMsg);
$strOri = "MIME-Version: 1.0\nContent-Disposition: attachment; filename=\"smime.p7m\"\nContent-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name=\"smime.p7m\"\nContent-Transfer-Encoding: base64\n\n";
$enc = file_get_contents($respfile);
$enc = wordwrap($enc, 64, "\n", true);
if ($fp = fopen($decfile, "w")) {
fwrite($fp, $strOri . $enc);
fclose($fp);
} else {
error_log("Can't write file " . $decfile);
return false;
}
$key = file_get_contents($this->merchantPublicKey);
$key_private = array(file_get_contents($this->merchantPrivateKey), $this->merchantPassword);
if (openssl_pkcs7_decrypt($decfile, $msgfile, $key, $key_private)) {
return file_get_contents($msgfile);
} else {
error_log("Can't decrypt on Twoc2pPayment Library =>" . $decfile);
return false;
}
}
$encrypted = tempnam("/tmp", "ssl");
if ($encrypted === false) {
die("failed to get a temporary filename!");
}
$outfile = tempnam("/tmp", "ssl");
if ($outfile === false) {
unlink($outfile);
die("failed to get a temporary filename!");
}
$single_cert = "file://" . dirname(__FILE__) . "/cert.crt";
$headers = array("test@test", "testing openssl_pkcs7_encrypt()");
$wrong = "wrong";
$empty = "";
openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers);
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $privkey));
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $wrong));
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $wrong, $privkey));
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, null, $privkey));
var_dump(openssl_pkcs7_decrypt($wrong, $outfile, $single_cert, $privkey));
var_dump(openssl_pkcs7_decrypt($empty, $outfile, $single_cert, $privkey));
var_dump(openssl_pkcs7_decrypt($encrypted, $empty, $single_cert, $privkey));
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $empty, $privkey));
var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $empty));
if (file_exists($encrypted)) {
echo "true\n";
unlink($encrypted);
}
if (file_exists($outfile)) {
echo "true\n";
unlink($outfile);
}
private function _decryptFile(\GO\Base\Fs\File $srcFile, \GO\Email\Model\Account $account)
{
$data = $srcFile->getContents();
if (strpos($data, "enveloped-data") || strpos($data, 'Encrypted Message')) {
$cert = \GO\Smime\Model\Certificate::model()->findByPk($account->id);
$password = \GO::session()->values['smime']['passwords'][$_REQUEST['account_id']];
openssl_pkcs12_read($cert->cert, $certs, $password);
$decryptedFile = \GO\Base\Fs\File::tempFile();
$ret = openssl_pkcs7_decrypt($srcFile->path(), $decryptedFile->path(), $certs['cert'], array($certs['pkey'], $password));
if (!$decryptedFile->exists()) {
throw new \Exception("Could not decrypt message: " . openssl_error_string());
}
$decryptedFile->move($srcFile->parent(), $srcFile->name());
}
}
function decrypt($encText, $key, $key_private)
{
$msgfile = "msg.txt";
$encfile = "enc.txt";
$decfile = "dec.txt";
file_put_contents($encfile, $encText);
// ¹Óä¿Åìŧä»ã¹ msg.txt Merchant's private key
$strOri = "MIME-Version: 1.0\nContent-Disposition: attachment; filename=\"smime.p7m\"\nContent-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name=\"smime.p7m\"\nContent-Transfer-Encoding: base64\n\n";
$enc = file_get_contents($encfile);
$enc = wordwrap($enc, 64, "\n", true);
$fp = fopen($encfile, "w");
fwrite($fp, $strOri . $enc);
fclose($fp);
if (openssl_pkcs7_decrypt($encfile, $decfile, $key, $key_private)) {
// echo "<br><b>Successfully decrypted: </b>";
return file_get_contents($decfile);
} else {
echo "Cannot Decrypt";
return "Cannot Decrypt";
}
}
function decrypt($encFile, $decFile, $key, $key_private)
{
$strOri = "MIME-Version: 1.0\nContent-Disposition: attachment; filename=\"smime.p7m\"\nContent-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name=\"smime.p7m\"\nContent-Transfer-Encoding: base64\n\n";
$enc = file_get_contents($encFile);
$enc = wordwrap($enc, 64, "\n", true);
$fp = fopen($encFile, "w");
fwrite($fp, $strOri . $enc);
fclose($fp);
if (openssl_pkcs7_decrypt($encFile, $decFile, $key, $key_private)) {
echo "<br><b>Successfully decrypted: </b>";
echo file_get_contents($decFile);
} else {
echo "Cannot Decrypt";
}
}
