/**
* Creates a new GPG engine
*
* Available options are:
*
* - <kbd>string homedir</kbd> - the directory where the GPG
* keyring files are stored. If not
* specified, Crypt_GPG uses the
* default of <kbd>~/.gnupg</kbd>.
* - <kbd>string publicKeyring</kbd> - the file path of the public
* keyring. Use this if the public
* keyring is not in the homedir, or
* if the keyring is in a directory
* not writable by the process
* invoking GPG (like Apache). Then
* you can specify the path to the
* keyring with this option
* (/foo/bar/pubring.gpg), and specify
* a writable directory (like /tmp)
* using the <i>homedir</i> option.
* - <kbd>string privateKeyring</kbd> - the file path of the private
* keyring. Use this if the private
* keyring is not in the homedir, or
* if the keyring is in a directory
* not writable by the process
* invoking GPG (like Apache). Then
* you can specify the path to the
* keyring with this option
* (/foo/bar/secring.gpg), and specify
* a writable directory (like /tmp)
* using the <i>homedir</i> option.
* - <kbd>string trustDb</kbd> - the file path of the web-of-trust
* database. Use this if the trust
* database is not in the homedir, or
* if the database is in a directory
* not writable by the process
* invoking GPG (like Apache). Then
* you can specify the path to the
* trust database with this option
* (/foo/bar/trustdb.gpg), and specify
* a writable directory (like /tmp)
* using the <i>homedir</i> option.
* - <kbd>string binary</kbd> - the location of the GPG binary. If
* not specified, the driver attempts
* to auto-detect the GPG binary
* location using a list of known
* default locations for the current
* operating system. The option
* <kbd>gpgBinary</kbd> is a
* deprecated alias for this option.
* - <kbd>boolean debug</kbd> - whether or not to use debug mode.
* When debug mode is on, all
* communication to and from the GPG
* subprocess is logged. This can be
* useful to diagnose errors when
* using Crypt_GPG.
*
* @param array $options optional. An array of options used to create the
* GPG object. All options are optional and are
* represented as key-value pairs.
*
* @throws Crypt_GPG_FileException if the <kbd>homedir</kbd> does not exist
* and cannot be created. This can happen if <kbd>homedir</kbd> is
* not specified, Crypt_GPG is run as the web user, and the web
* user has no home directory. This exception is also thrown if any
* of the options <kbd>publicKeyring</kbd>,
* <kbd>privateKeyring</kbd> or <kbd>trustDb</kbd> options are
* specified but the files do not exist or are are not readable.
* This can happen if the user running the Crypt_GPG process (for
* example, the Apache user) does not have permission to read the
* files.
*
* @throws PEAR_Exception if the provided <kbd>binary</kbd> is invalid, or
* if no <kbd>binary</kbd> is provided and no suitable binary could
* be found.
*/
public function __construct(array $options = array())
{
$this->_isDarwin = strncmp(strtoupper(PHP_OS), 'DARWIN', 6) === 0;
// populate mbstring overloading cache if not set
if (self::$_mbStringOverload === null) {
self::$_mbStringOverload = extension_loaded('mbstring') && (ini_get('mbstring.func_overload') & 0x2) === 0x2;
}
// get homedir
if (array_key_exists('homedir', $options)) {
$this->_homedir = (string) $options['homedir'];
} else {
// note: this requires the package OS dep exclude 'windows'
$info = posix_getpwuid(posix_getuid());
$this->_homedir = $info['dir'] . '/.gnupg';
}
// attempt to create homedir if it does not exist
if (!is_dir($this->_homedir)) {
if (@mkdir($this->_homedir, 0777, true)) {
// Set permissions on homedir. Parent directories are created
// with 0777, homedir is set to 0700.
chmod($this->_homedir, 0700);
} else {
throw new Crypt_GPG_FileException('The \'homedir\' "' . $this->_homedir . '" is not readable or does not exist ' . 'and cannot be created. This can happen if \'homedir\' ' . 'is not specified in the Crypt_GPG options, Crypt_GPG is ' . 'run as the web user, and the web user has no home ' . 'directory.', 0, $this->_homedir);
}
}
// get binary
if (array_key_exists('binary', $options)) {
$this->_binary = (string) $options['binary'];
} elseif (array_key_exists('gpgBinary', $options)) {
// deprecated alias
$this->_binary = (string) $options['gpgBinary'];
} else {
$this->_binary = $this->_getBinary();
}
if ($this->_binary == '' || !is_executable($this->_binary)) {
throw new PEAR_Exception('GPG binary not found. If you are sure ' . 'the GPG binary is installed, please specify the location of ' . 'the GPG binary using the \'binary\' driver option.');
}
/*
* Note:
*
* Normally, GnuPG expects keyrings to be in the homedir and expects
* to be able to write temporary files in the homedir. Sometimes,
* keyrings are not in the homedir, or location of the keyrings does
* not allow writing temporary files. In this case, the <i>homedir</i>
* option by itself is not enough to specify the keyrings because GnuPG
* can not write required temporary files. Additional options are
* provided so you can specify the location of the keyrings separately
* from the homedir.
*/
// get public keyring
if (array_key_exists('publicKeyring', $options)) {
$this->_publicKeyring = (string) $options['publicKeyring'];
if (!is_readable($this->_publicKeyring)) {
throw new Crypt_GPG_FileException('The \'publicKeyring\' "' . $this->_publicKeyring . '" does not exist or is ' . 'not readable. Check the location and ensure the file ' . 'permissions are correct.', 0, $this->_publicKeyring);
}
}
// get private keyring
if (array_key_exists('privateKeyring', $options)) {
$this->_privateKeyring = (string) $options['privateKeyring'];
if (!is_readable($this->_privateKeyring)) {
throw new Crypt_GPG_FileException('The \'privateKeyring\' "' . $this->_privateKeyring . '" does not exist or is ' . 'not readable. Check the location and ensure the file ' . 'permissions are correct.', 0, $this->_privateKeyring);
}
}
// get trust database
if (array_key_exists('trustDb', $options)) {
$this->_trustDb = (string) $options['trustDb'];
if (!is_readable($this->_trustDb)) {
throw new Crypt_GPG_FileException('The \'trustDb\' "' . $this->_trustDb . '" does not exist or is not readable. ' . 'Check the location and ensure the file permissions are ' . 'correct.', 0, $this->_trustDb);
}
}
if (array_key_exists('debug', $options)) {
$this->_debug = (bool) $options['debug'];
}
}
