Inspection of "Daily Inspection: Merge branch 'develop' of git@gi..." - Dolibarr/dolibarr - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — develop (aa6d31)

unknown

created 2025-04-08 16:44 UTC

Status

Indentation +57 added lines, -57 removed lines patch added patch discarded remove patch

@@ -19,69 +19,69 @@
 block discarded – undo
  */
 interface Swift_CharacterStream
 {
-    /**
-     * Set the character set used in this CharacterStream.
-     *
-     * @param string $charset
-     */
-    public function setCharacterSet($charset);
+	/**
+	 * Set the character set used in this CharacterStream.
+	 *
+	 * @param string $charset
+	 */
+	public function setCharacterSet($charset);
 
-    /**
-     * Set the CharacterReaderFactory for multi charset support.
-     */
-    public function setCharacterReaderFactory(Swift_CharacterReaderFactory $factory);
+	/**
+	 * Set the CharacterReaderFactory for multi charset support.
+	 */
+	public function setCharacterReaderFactory(Swift_CharacterReaderFactory $factory);
 
-    /**
-     * Overwrite this character stream using the byte sequence in the byte stream.
-     *
-     * @param Swift_OutputByteStream $os output stream to read from
-     */
-    public function importByteStream(Swift_OutputByteStream $os);
+	/**
+	 * Overwrite this character stream using the byte sequence in the byte stream.
+	 *
+	 * @param Swift_OutputByteStream $os output stream to read from
+	 */
+	public function importByteStream(Swift_OutputByteStream $os);
 
-    /**
-     * Import a string a bytes into this CharacterStream, overwriting any existing
-     * data in the stream.
-     *
-     * @param string $string
-     */
-    public function importString($string);
+	/**
+	 * Import a string a bytes into this CharacterStream, overwriting any existing
+	 * data in the stream.
+	 *
+	 * @param string $string
+	 */
+	public function importString($string);
 
-    /**
-     * Read $length characters from the stream and move the internal pointer
-     * $length further into the stream.
-     *
-     * @param int $length
-     *
-     * @return string
-     */
-    public function read($length);
+	/**
+	 * Read $length characters from the stream and move the internal pointer
+	 * $length further into the stream.
+	 *
+	 * @param int $length
+	 *
+	 * @return string
+	 */
+	public function read($length);
 
-    /**
-     * Read $length characters from the stream and return a 1-dimensional array
-     * containing there octet values.
-     *
-     * @param int $length
-     *
-     * @return int[]
-     */
-    public function readBytes($length);
+	/**
+	 * Read $length characters from the stream and return a 1-dimensional array
+	 * containing there octet values.
+	 *
+	 * @param int $length
+	 *
+	 * @return int[]
+	 */
+	public function readBytes($length);
 
-    /**
-     * Write $chars to the end of the stream.
-     *
-     * @param string $chars
-     */
-    public function write($chars);
+	/**
+	 * Write $chars to the end of the stream.
+	 *
+	 * @param string $chars
+	 */
+	public function write($chars);
 
-    /**
-     * Move the internal pointer to $charOffset in the stream.
-     *
-     * @param int $charOffset
-     */
-    public function setPointer($charOffset);
+	/**
+	 * Move the internal pointer to $charOffset in the stream.
+	 *
+	 * @param int $charOffset
+	 */
+	public function setPointer($charOffset);
 
-    /**
-     * Empty the stream and reset the internal pointer.
-     */
-    public function flushContents();
+	/**
+	 * Empty the stream and reset the internal pointer.
+	 */
+	public function flushContents();
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/TransportException.php 1 patch

Indentation +10 added lines, -10 removed lines patch added patch discarded remove patch

@@ -15,14 +15,14 @@
 block discarded – undo
  */
 class Swift_TransportException extends Swift_IoException
 {
-    /**
-     * Create a new TransportException with $message.
-     *
-     * @param string $message
-     * @param int    $code
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+	/**
+	 * Create a new TransportException with $message.
+	 *
+	 * @param string $message
+	 * @param int    $code
+	 */
+	public function __construct($message, $code = 0, Exception $previous = null)
+	{
+		parent::__construct($message, $code, $previous);
+	}
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/Image.php 1 patch

Indentation +24 added lines, -24 removed lines patch added patch discarded remove patch

@@ -15,29 +15,29 @@
 block discarded – undo
  */
 class Swift_Image extends Swift_EmbeddedFile
 {
-    /**
-     * Create a new EmbeddedFile.
-     *
-     * Details may be optionally provided to the constructor.
-     *
-     * @param string|Swift_OutputByteStream $data
-     * @param string                        $filename
-     * @param string                        $contentType
-     */
-    public function __construct($data = null, $filename = null, $contentType = null)
-    {
-        parent::__construct($data, $filename, $contentType);
-    }
+	/**
+	 * Create a new EmbeddedFile.
+	 *
+	 * Details may be optionally provided to the constructor.
+	 *
+	 * @param string|Swift_OutputByteStream $data
+	 * @param string                        $filename
+	 * @param string                        $contentType
+	 */
+	public function __construct($data = null, $filename = null, $contentType = null)
+	{
+		parent::__construct($data, $filename, $contentType);
+	}
 
-    /**
-     * Create a new Image from a filesystem path.
-     *
-     * @param string $path
-     *
-     * @return self
-     */
-    public static function fromPath($path)
-    {
-        return (new self())->setFile(new Swift_ByteStream_FileByteStream($path));
-    }
+	/**
+	 * Create a new Image from a filesystem path.
+	 *
+	 * @param string $path
+	 *
+	 * @return self
+	 */
+	public static function fromPath($path)
+	{
+		return (new self())->setFile(new Swift_ByteStream_FileByteStream($path));
+	}
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/Signers/SMimeSigner.php 1 patch

Indentation +522 added lines, -522 removed lines patch added patch discarded remove patch

@@ -17,526 +17,526 @@
 block discarded – undo
  */
 class Swift_Signers_SMimeSigner implements Swift_Signers_BodySigner
 {
-    protected $signCertificate;
-    protected $signPrivateKey;
-    protected $encryptCert;
-    protected $signThenEncrypt = true;
-    protected $signLevel;
-    protected $encryptLevel;
-    protected $signOptions;
-    protected $encryptOptions;
-    protected $encryptCipher;
-    protected $extraCerts = null;
-    protected $wrapFullMessage = false;
-
-    /**
-     * @var Swift_StreamFilters_StringReplacementFilterFactory
-     */
-    protected $replacementFactory;
-
-    /**
-     * @var Swift_Mime_SimpleHeaderFactory
-     */
-    protected $headerFactory;
-
-    /**
-     * Constructor.
-     *
-     * @param string|null $signCertificate
-     * @param string|null $signPrivateKey
-     * @param string|null $encryptCertificate
-     */
-    public function __construct($signCertificate = null, $signPrivateKey = null, $encryptCertificate = null)
-    {
-        if (null !== $signPrivateKey) {
-            $this->setSignCertificate($signCertificate, $signPrivateKey);
-        }
-
-        if (null !== $encryptCertificate) {
-            $this->setEncryptCertificate($encryptCertificate);
-        }
-
-        $this->replacementFactory = Swift_DependencyContainer::getInstance()
-            ->lookup('transport.replacementfactory');
-
-        $this->signOptions = PKCS7_DETACHED;
-        $this->encryptCipher = OPENSSL_CIPHER_AES_128_CBC;
-    }
-
-    /**
-     * Set the certificate location to use for signing.
-     *
-     * @see https://secure.php.net/manual/en/openssl.pkcs7.flags.php
-     *
-     * @param string       $certificate
-     * @param string|array $privateKey  If the key needs an passphrase use array('file-location', 'passphrase') instead
-     * @param int          $signOptions Bitwise operator options for openssl_pkcs7_sign()
-     * @param string       $extraCerts  A file containing intermediate certificates needed by the signing certificate
-     *
-     * @return $this
-     */
-    public function setSignCertificate($certificate, $privateKey = null, $signOptions = PKCS7_DETACHED, $extraCerts = null)
-    {
-        $this->signCertificate = 'file://'.str_replace('\\', '/', realpath($certificate));
-
-        if (null !== $privateKey) {
-            if (\is_array($privateKey)) {
-                $this->signPrivateKey = $privateKey;
-                $this->signPrivateKey[0] = 'file://'.str_replace('\\', '/', realpath($privateKey[0]));
-            } else {
-                $this->signPrivateKey = 'file://'.str_replace('\\', '/', realpath($privateKey));
-            }
-        }
-
-        $this->signOptions = $signOptions;
-        $this->extraCerts = $extraCerts ? realpath($extraCerts) : null;
-
-        return $this;
-    }
-
-    /**
-     * Set the certificate location to use for encryption.
-     *
-     * @see https://secure.php.net/manual/en/openssl.pkcs7.flags.php
-     * @see https://secure.php.net/manual/en/openssl.ciphers.php
-     *
-     * @param string|array $recipientCerts Either an single X.509 certificate, or an assoc array of X.509 certificates.
-     * @param int          $cipher
-     *
-     * @return $this
-     */
-    public function setEncryptCertificate($recipientCerts, $cipher = null)
-    {
-        if (\is_array($recipientCerts)) {
-            $this->encryptCert = [];
-
-            foreach ($recipientCerts as $cert) {
-                $this->encryptCert[] = 'file://'.str_replace('\\', '/', realpath($cert));
-            }
-        } else {
-            $this->encryptCert = 'file://'.str_replace('\\', '/', realpath($recipientCerts));
-        }
-
-        if (null !== $cipher) {
-            $this->encryptCipher = $cipher;
-        }
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getSignCertificate()
-    {
-        return $this->signCertificate;
-    }
-
-    /**
-     * @return string
-     */
-    public function getSignPrivateKey()
-    {
-        return $this->signPrivateKey;
-    }
-
-    /**
-     * Set perform signing before encryption.
-     *
-     * The default is to first sign the message and then encrypt.
-     * But some older mail clients, namely Microsoft Outlook 2000 will work when the message first encrypted.
-     * As this goes against the official specs, its recommended to only use 'encryption -> signing' when specifically targeting these 'broken' clients.
-     *
-     * @param bool $signThenEncrypt
-     *
-     * @return $this
-     */
-    public function setSignThenEncrypt($signThenEncrypt = true)
-    {
-        $this->signThenEncrypt = $signThenEncrypt;
-
-        return $this;
-    }
-
-    /**
-     * @return bool
-     */
-    public function isSignThenEncrypt()
-    {
-        return $this->signThenEncrypt;
-    }
-
-    /**
-     * Resets internal states.
-     *
-     * @return $this
-     */
-    public function reset()
-    {
-        return $this;
-    }
-
-    /**
-     * Specify whether to wrap the entire MIME message in the S/MIME message.
-     *
-     * According to RFC5751 section 3.1:
-     * In order to protect outer, non-content-related message header fields
-     * (for instance, the "Subject", "To", "From", and "Cc" fields), the
-     * sending client MAY wrap a full MIME message in a message/rfc822
-     * wrapper in order to apply S/MIME security services to these header
-     * fields.  It is up to the receiving client to decide how to present
-     * this "inner" header along with the unprotected "outer" header.
-     *
-     * @param bool $wrap
-     *
-     * @return $this
-     */
-    public function setWrapFullMessage($wrap)
-    {
-        $this->wrapFullMessage = $wrap;
-    }
-
-    /**
-     * Change the Swift_Message to apply the signing.
-     *
-     * @return $this
-     */
-    public function signMessage(Swift_Message $message)
-    {
-        if (null === $this->signCertificate && null === $this->encryptCert) {
-            return $this;
-        }
-
-        if ($this->signThenEncrypt) {
-            $this->smimeSignMessage($message);
-            $this->smimeEncryptMessage($message);
-        } else {
-            $this->smimeEncryptMessage($message);
-            $this->smimeSignMessage($message);
-        }
-    }
-
-    /**
-     * Return the list of header a signer might tamper.
-     *
-     * @return array
-     */
-    public function getAlteredHeaders()
-    {
-        return ['Content-Type', 'Content-Transfer-Encoding', 'Content-Disposition'];
-    }
-
-    /**
-     * Sign a Swift message.
-     */
-    protected function smimeSignMessage(Swift_Message $message)
-    {
-        // If we don't have a certificate we can't sign the message
-        if (null === $this->signCertificate) {
-            return;
-        }
-
-        // Work on a clone of the original message
-        $signMessage = clone $message;
-        $signMessage->clearSigners();
-
-        if ($this->wrapFullMessage) {
-            // The original message essentially becomes the body of the new
-            // wrapped message
-            $signMessage = $this->wrapMimeMessage($signMessage);
-        } else {
-            // Only keep header needed to parse the body correctly
-            $this->clearAllHeaders($signMessage);
-            $this->copyHeaders(
-                $message,
-                $signMessage,
-                [
-                    'Content-Type',
-                    'Content-Transfer-Encoding',
-                    'Content-Disposition',
-                ]
-            );
-        }
-
-        // Copy the cloned message into a temporary file stream
-        $messageStream = new Swift_ByteStream_TemporaryFileByteStream();
-        $signMessage->toByteStream($messageStream);
-        $messageStream->commit();
-        $signedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
-
-        // Sign the message using openssl
-        if (!openssl_pkcs7_sign(
-                $messageStream->getPath(),
-                $signedMessageStream->getPath(),
-                $this->signCertificate,
-                $this->signPrivateKey,
-                [],
-                $this->signOptions,
-                $this->extraCerts
-            )
-        ) {
-            throw new Swift_IoException(sprintf('Failed to sign S/Mime message. Error: "%s".', openssl_error_string()));
-        }
-
-        // Parse the resulting signed message content back into the Swift message
-        // preserving the original headers
-        $this->parseSSLOutput($signedMessageStream, $message);
-    }
-
-    /**
-     * Encrypt a Swift message.
-     */
-    protected function smimeEncryptMessage(Swift_Message $message)
-    {
-        // If we don't have a certificate we can't encrypt the message
-        if (null === $this->encryptCert) {
-            return;
-        }
-
-        // Work on a clone of the original message
-        $encryptMessage = clone $message;
-        $encryptMessage->clearSigners();
-
-        if ($this->wrapFullMessage) {
-            // The original message essentially becomes the body of the new
-            // wrapped message
-            $encryptMessage = $this->wrapMimeMessage($encryptMessage);
-        } else {
-            // Only keep header needed to parse the body correctly
-            $this->clearAllHeaders($encryptMessage);
-            $this->copyHeaders(
-                $message,
-                $encryptMessage,
-                [
-                    'Content-Type',
-                    'Content-Transfer-Encoding',
-                    'Content-Disposition',
-                ]
-            );
-        }
-
-        // Convert the message content (including headers) to a string
-        // and place it in a temporary file
-        $messageStream = new Swift_ByteStream_TemporaryFileByteStream();
-        $encryptMessage->toByteStream($messageStream);
-        $messageStream->commit();
-        $encryptedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
-
-        // Encrypt the message
-        if (!openssl_pkcs7_encrypt(
-                $messageStream->getPath(),
-                $encryptedMessageStream->getPath(),
-                $this->encryptCert,
-                [],
-                0,
-                $this->encryptCipher
-            )
-        ) {
-            throw new Swift_IoException(sprintf('Failed to encrypt S/Mime message. Error: "%s".', openssl_error_string()));
-        }
-
-        // Parse the resulting signed message content back into the Swift message
-        // preserving the original headers
-        $this->parseSSLOutput($encryptedMessageStream, $message);
-    }
-
-    /**
-     * Copy named headers from one Swift message to another.
-     */
-    protected function copyHeaders(
-        Swift_Message $fromMessage,
-        Swift_Message $toMessage,
-        array $headers = []
-    ) {
-        foreach ($headers as $header) {
-            $this->copyHeader($fromMessage, $toMessage, $header);
-        }
-    }
-
-    /**
-     * Copy a single header from one Swift message to another.
-     *
-     * @param string $headerName
-     */
-    protected function copyHeader(Swift_Message $fromMessage, Swift_Message $toMessage, $headerName)
-    {
-        $header = $fromMessage->getHeaders()->get($headerName);
-        if (!$header) {
-            return;
-        }
-        $headers = $toMessage->getHeaders();
-        switch ($header->getFieldType()) {
-            case Swift_Mime_Header::TYPE_TEXT:
-                $headers->addTextHeader($header->getFieldName(), $header->getValue());
-                break;
-            case Swift_Mime_Header::TYPE_PARAMETERIZED:
-                $headers->addParameterizedHeader(
-                    $header->getFieldName(),
-                    $header->getValue(),
-                    $header->getParameters()
-                );
-                break;
-        }
-    }
-
-    /**
-     * Remove all headers from a Swift message.
-     */
-    protected function clearAllHeaders(Swift_Message $message)
-    {
-        $headers = $message->getHeaders();
-        foreach ($headers->listAll() as $header) {
-            $headers->removeAll($header);
-        }
-    }
-
-    /**
-     * Wraps a Swift_Message in a message/rfc822 MIME part.
-     *
-     * @return Swift_MimePart
-     */
-    protected function wrapMimeMessage(Swift_Message $message)
-    {
-        // Start by copying the original message into a message stream
-        $messageStream = new Swift_ByteStream_TemporaryFileByteStream();
-        $message->toByteStream($messageStream);
-        $messageStream->commit();
-
-        // Create a new MIME part that wraps the original stream
-        $wrappedMessage = new Swift_MimePart($messageStream, 'message/rfc822');
-        $wrappedMessage->setEncoder(new Swift_Mime_ContentEncoder_PlainContentEncoder('7bit'));
-
-        return $wrappedMessage;
-    }
-
-    protected function parseSSLOutput(Swift_InputByteStream $inputStream, Swift_Message $message)
-    {
-        $messageStream = new Swift_ByteStream_TemporaryFileByteStream();
-        $this->copyFromOpenSSLOutput($inputStream, $messageStream);
-
-        $this->streamToMime($messageStream, $message);
-    }
-
-    /**
-     * Merges an OutputByteStream from OpenSSL to a Swift_Message.
-     */
-    protected function streamToMime(Swift_OutputByteStream $fromStream, Swift_Message $message)
-    {
-        // Parse the stream into headers and body
-        list($headers, $messageStream) = $this->parseStream($fromStream);
-
-        // Get the original message headers
-        $messageHeaders = $message->getHeaders();
-
-        // Let the stream determine the headers describing the body content,
-        // since the body of the original message is overwritten by the body
-        // coming from the stream.
-        // These are all content-* headers.
-
-        // Default transfer encoding is 7bit if not set
-        $encoding = '';
-        // Remove all existing transfer encoding headers
-        $messageHeaders->removeAll('Content-Transfer-Encoding');
-        // See whether the stream sets the transfer encoding
-        if (isset($headers['content-transfer-encoding'])) {
-            $encoding = $headers['content-transfer-encoding'];
-        }
-
-        // We use the null content encoder, since the body is already encoded
-        // according to the transfer encoding specified in the stream
-        $message->setEncoder(new Swift_Mime_ContentEncoder_NullContentEncoder($encoding));
-
-        // Set the disposition, if present
-        if (isset($headers['content-disposition'])) {
-            $messageHeaders->addTextHeader('Content-Disposition', $headers['content-disposition']);
-        }
-
-        // Copy over the body from the stream using the content type dictated
-        // by the stream content
-        $message->setChildren([]);
-        $message->setBody($messageStream, $headers['content-type']);
-    }
-
-    /**
-     * This message will parse the headers of a MIME email byte stream
-     * and return an array that contains the headers as an associative
-     * array and the email body as a string.
-     *
-     * @return array
-     */
-    protected function parseStream(Swift_OutputByteStream $emailStream)
-    {
-        $bufferLength = 78;
-        $headerData = '';
-        $headerBodySeparator = "\r\n\r\n";
-
-        $emailStream->setReadPointer(0);
-
-        // Read out the headers section from the stream to a string
-        while (false !== ($buffer = $emailStream->read($bufferLength))) {
-            $headerData .= $buffer;
-
-            $headersPosEnd = strpos($headerData, $headerBodySeparator);
-
-            // Stop reading if we found the end of the headers
-            if (false !== $headersPosEnd) {
-                break;
-            }
-        }
-
-        // Split the header data into lines
-        $headerData = trim(substr($headerData, 0, $headersPosEnd));
-        $headerLines = explode("\r\n", $headerData);
-        unset($headerData);
-
-        $headers = [];
-        $currentHeaderName = '';
-
-        // Transform header lines into an associative array
-        foreach ($headerLines as $headerLine) {
-            // Handle headers that span multiple lines
-            if (false === strpos($headerLine, ':')) {
-                $headers[$currentHeaderName] .= ' '.trim($headerLine ?? '');
-                continue;
-            }
-
-            $header = explode(':', $headerLine, 2);
-            $currentHeaderName = strtolower($header[0] ?? '');
-            $headers[$currentHeaderName] = trim($header[1] ?? '');
-        }
-
-        // Read the entire email body into a byte stream
-        $bodyStream = new Swift_ByteStream_TemporaryFileByteStream();
-
-        // Skip the header and separator and point to the body
-        $emailStream->setReadPointer($headersPosEnd + \strlen($headerBodySeparator));
-
-        while (false !== ($buffer = $emailStream->read($bufferLength))) {
-            $bodyStream->write($buffer);
-        }
-
-        $bodyStream->commit();
-
-        return [$headers, $bodyStream];
-    }
-
-    protected function copyFromOpenSSLOutput(Swift_OutputByteStream $fromStream, Swift_InputByteStream $toStream)
-    {
-        $bufferLength = 4096;
-        $filteredStream = new Swift_ByteStream_TemporaryFileByteStream();
-        $filteredStream->addFilter($this->replacementFactory->createFilter("\r\n", "\n"), 'CRLF to LF');
-        $filteredStream->addFilter($this->replacementFactory->createFilter("\n", "\r\n"), 'LF to CRLF');
-
-        while (false !== ($buffer = $fromStream->read($bufferLength))) {
-            $filteredStream->write($buffer);
-        }
-
-        $filteredStream->flushBuffers();
-
-        while (false !== ($buffer = $filteredStream->read($bufferLength))) {
-            $toStream->write($buffer);
-        }
-
-        $toStream->commit();
-    }
+	protected $signCertificate;
+	protected $signPrivateKey;
+	protected $encryptCert;
+	protected $signThenEncrypt = true;
+	protected $signLevel;
+	protected $encryptLevel;
+	protected $signOptions;
+	protected $encryptOptions;
+	protected $encryptCipher;
+	protected $extraCerts = null;
+	protected $wrapFullMessage = false;
+
+	/**
+	 * @var Swift_StreamFilters_StringReplacementFilterFactory
+	 */
+	protected $replacementFactory;
+
+	/**
+	 * @var Swift_Mime_SimpleHeaderFactory
+	 */
+	protected $headerFactory;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param string|null $signCertificate
+	 * @param string|null $signPrivateKey
+	 * @param string|null $encryptCertificate
+	 */
+	public function __construct($signCertificate = null, $signPrivateKey = null, $encryptCertificate = null)
+	{
+		if (null !== $signPrivateKey) {
+			$this->setSignCertificate($signCertificate, $signPrivateKey);
+		}
+
+		if (null !== $encryptCertificate) {
+			$this->setEncryptCertificate($encryptCertificate);
+		}
+
+		$this->replacementFactory = Swift_DependencyContainer::getInstance()
+			->lookup('transport.replacementfactory');
+
+		$this->signOptions = PKCS7_DETACHED;
+		$this->encryptCipher = OPENSSL_CIPHER_AES_128_CBC;
+	}
+
+	/**
+	 * Set the certificate location to use for signing.
+	 *
+	 * @see https://secure.php.net/manual/en/openssl.pkcs7.flags.php
+	 *
+	 * @param string       $certificate
+	 * @param string|array $privateKey  If the key needs an passphrase use array('file-location', 'passphrase') instead
+	 * @param int          $signOptions Bitwise operator options for openssl_pkcs7_sign()
+	 * @param string       $extraCerts  A file containing intermediate certificates needed by the signing certificate
+	 *
+	 * @return $this
+	 */
+	public function setSignCertificate($certificate, $privateKey = null, $signOptions = PKCS7_DETACHED, $extraCerts = null)
+	{
+		$this->signCertificate = 'file://'.str_replace('\\', '/', realpath($certificate));
+
+		if (null !== $privateKey) {
+			if (\is_array($privateKey)) {
+				$this->signPrivateKey = $privateKey;
+				$this->signPrivateKey[0] = 'file://'.str_replace('\\', '/', realpath($privateKey[0]));
+			} else {
+				$this->signPrivateKey = 'file://'.str_replace('\\', '/', realpath($privateKey));
+			}
+		}
+
+		$this->signOptions = $signOptions;
+		$this->extraCerts = $extraCerts ? realpath($extraCerts) : null;
+
+		return $this;
+	}
+
+	/**
+	 * Set the certificate location to use for encryption.
+	 *
+	 * @see https://secure.php.net/manual/en/openssl.pkcs7.flags.php
+	 * @see https://secure.php.net/manual/en/openssl.ciphers.php
+	 *
+	 * @param string|array $recipientCerts Either an single X.509 certificate, or an assoc array of X.509 certificates.
+	 * @param int          $cipher
+	 *
+	 * @return $this
+	 */
+	public function setEncryptCertificate($recipientCerts, $cipher = null)
+	{
+		if (\is_array($recipientCerts)) {
+			$this->encryptCert = [];
+
+			foreach ($recipientCerts as $cert) {
+				$this->encryptCert[] = 'file://'.str_replace('\\', '/', realpath($cert));
+			}
+		} else {
+			$this->encryptCert = 'file://'.str_replace('\\', '/', realpath($recipientCerts));
+		}
+
+		if (null !== $cipher) {
+			$this->encryptCipher = $cipher;
+		}
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getSignCertificate()
+	{
+		return $this->signCertificate;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getSignPrivateKey()
+	{
+		return $this->signPrivateKey;
+	}
+
+	/**
+	 * Set perform signing before encryption.
+	 *
+	 * The default is to first sign the message and then encrypt.
+	 * But some older mail clients, namely Microsoft Outlook 2000 will work when the message first encrypted.
+	 * As this goes against the official specs, its recommended to only use 'encryption -> signing' when specifically targeting these 'broken' clients.
+	 *
+	 * @param bool $signThenEncrypt
+	 *
+	 * @return $this
+	 */
+	public function setSignThenEncrypt($signThenEncrypt = true)
+	{
+		$this->signThenEncrypt = $signThenEncrypt;
+
+		return $this;
+	}
+
+	/**
+	 * @return bool
+	 */
+	public function isSignThenEncrypt()
+	{
+		return $this->signThenEncrypt;
+	}
+
+	/**
+	 * Resets internal states.
+	 *
+	 * @return $this
+	 */
+	public function reset()
+	{
+		return $this;
+	}
+
+	/**
+	 * Specify whether to wrap the entire MIME message in the S/MIME message.
+	 *
+	 * According to RFC5751 section 3.1:
+	 * In order to protect outer, non-content-related message header fields
+	 * (for instance, the "Subject", "To", "From", and "Cc" fields), the
+	 * sending client MAY wrap a full MIME message in a message/rfc822
+	 * wrapper in order to apply S/MIME security services to these header
+	 * fields.  It is up to the receiving client to decide how to present
+	 * this "inner" header along with the unprotected "outer" header.
+	 *
+	 * @param bool $wrap
+	 *
+	 * @return $this
+	 */
+	public function setWrapFullMessage($wrap)
+	{
+		$this->wrapFullMessage = $wrap;
+	}
+
+	/**
+	 * Change the Swift_Message to apply the signing.
+	 *
+	 * @return $this
+	 */
+	public function signMessage(Swift_Message $message)
+	{
+		if (null === $this->signCertificate && null === $this->encryptCert) {
+			return $this;
+		}
+
+		if ($this->signThenEncrypt) {
+			$this->smimeSignMessage($message);
+			$this->smimeEncryptMessage($message);
+		} else {
+			$this->smimeEncryptMessage($message);
+			$this->smimeSignMessage($message);
+		}
+	}
+
+	/**
+	 * Return the list of header a signer might tamper.
+	 *
+	 * @return array
+	 */
+	public function getAlteredHeaders()
+	{
+		return ['Content-Type', 'Content-Transfer-Encoding', 'Content-Disposition'];
+	}
+
+	/**
+	 * Sign a Swift message.
+	 */
+	protected function smimeSignMessage(Swift_Message $message)
+	{
+		// If we don't have a certificate we can't sign the message
+		if (null === $this->signCertificate) {
+			return;
+		}
+
+		// Work on a clone of the original message
+		$signMessage = clone $message;
+		$signMessage->clearSigners();
+
+		if ($this->wrapFullMessage) {
+			// The original message essentially becomes the body of the new
+			// wrapped message
+			$signMessage = $this->wrapMimeMessage($signMessage);
+		} else {
+			// Only keep header needed to parse the body correctly
+			$this->clearAllHeaders($signMessage);
+			$this->copyHeaders(
+				$message,
+				$signMessage,
+				[
+					'Content-Type',
+					'Content-Transfer-Encoding',
+					'Content-Disposition',
+				]
+			);
+		}
+
+		// Copy the cloned message into a temporary file stream
+		$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
+		$signMessage->toByteStream($messageStream);
+		$messageStream->commit();
+		$signedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
+
+		// Sign the message using openssl
+		if (!openssl_pkcs7_sign(
+				$messageStream->getPath(),
+				$signedMessageStream->getPath(),
+				$this->signCertificate,
+				$this->signPrivateKey,
+				[],
+				$this->signOptions,
+				$this->extraCerts
+			)
+		) {
+			throw new Swift_IoException(sprintf('Failed to sign S/Mime message. Error: "%s".', openssl_error_string()));
+		}
+
+		// Parse the resulting signed message content back into the Swift message
+		// preserving the original headers
+		$this->parseSSLOutput($signedMessageStream, $message);
+	}
+
+	/**
+	 * Encrypt a Swift message.
+	 */
+	protected function smimeEncryptMessage(Swift_Message $message)
+	{
+		// If we don't have a certificate we can't encrypt the message
+		if (null === $this->encryptCert) {
+			return;
+		}
+
+		// Work on a clone of the original message
+		$encryptMessage = clone $message;
+		$encryptMessage->clearSigners();
+
+		if ($this->wrapFullMessage) {
+			// The original message essentially becomes the body of the new
+			// wrapped message
+			$encryptMessage = $this->wrapMimeMessage($encryptMessage);
+		} else {
+			// Only keep header needed to parse the body correctly
+			$this->clearAllHeaders($encryptMessage);
+			$this->copyHeaders(
+				$message,
+				$encryptMessage,
+				[
+					'Content-Type',
+					'Content-Transfer-Encoding',
+					'Content-Disposition',
+				]
+			);
+		}
+
+		// Convert the message content (including headers) to a string
+		// and place it in a temporary file
+		$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
+		$encryptMessage->toByteStream($messageStream);
+		$messageStream->commit();
+		$encryptedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
+
+		// Encrypt the message
+		if (!openssl_pkcs7_encrypt(
+				$messageStream->getPath(),
+				$encryptedMessageStream->getPath(),
+				$this->encryptCert,
+				[],
+				0,
+				$this->encryptCipher
+			)
+		) {
+			throw new Swift_IoException(sprintf('Failed to encrypt S/Mime message. Error: "%s".', openssl_error_string()));
+		}
+
+		// Parse the resulting signed message content back into the Swift message
+		// preserving the original headers
+		$this->parseSSLOutput($encryptedMessageStream, $message);
+	}
+
+	/**
+	 * Copy named headers from one Swift message to another.
+	 */
+	protected function copyHeaders(
+		Swift_Message $fromMessage,
+		Swift_Message $toMessage,
+		array $headers = []
+	) {
+		foreach ($headers as $header) {
+			$this->copyHeader($fromMessage, $toMessage, $header);
+		}
+	}
+
+	/**
+	 * Copy a single header from one Swift message to another.
+	 *
+	 * @param string $headerName
+	 */
+	protected function copyHeader(Swift_Message $fromMessage, Swift_Message $toMessage, $headerName)
+	{
+		$header = $fromMessage->getHeaders()->get($headerName);
+		if (!$header) {
+			return;
+		}
+		$headers = $toMessage->getHeaders();
+		switch ($header->getFieldType()) {
+			case Swift_Mime_Header::TYPE_TEXT:
+				$headers->addTextHeader($header->getFieldName(), $header->getValue());
+				break;
+			case Swift_Mime_Header::TYPE_PARAMETERIZED:
+				$headers->addParameterizedHeader(
+					$header->getFieldName(),
+					$header->getValue(),
+					$header->getParameters()
+				);
+				break;
+		}
+	}
+
+	/**
+	 * Remove all headers from a Swift message.
+	 */
+	protected function clearAllHeaders(Swift_Message $message)
+	{
+		$headers = $message->getHeaders();
+		foreach ($headers->listAll() as $header) {
+			$headers->removeAll($header);
+		}
+	}
+
+	/**
+	 * Wraps a Swift_Message in a message/rfc822 MIME part.
+	 *
+	 * @return Swift_MimePart
+	 */
+	protected function wrapMimeMessage(Swift_Message $message)
+	{
+		// Start by copying the original message into a message stream
+		$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
+		$message->toByteStream($messageStream);
+		$messageStream->commit();
+
+		// Create a new MIME part that wraps the original stream
+		$wrappedMessage = new Swift_MimePart($messageStream, 'message/rfc822');
+		$wrappedMessage->setEncoder(new Swift_Mime_ContentEncoder_PlainContentEncoder('7bit'));
+
+		return $wrappedMessage;
+	}
+
+	protected function parseSSLOutput(Swift_InputByteStream $inputStream, Swift_Message $message)
+	{
+		$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
+		$this->copyFromOpenSSLOutput($inputStream, $messageStream);
+
+		$this->streamToMime($messageStream, $message);
+	}
+
+	/**
+	 * Merges an OutputByteStream from OpenSSL to a Swift_Message.
+	 */
+	protected function streamToMime(Swift_OutputByteStream $fromStream, Swift_Message $message)
+	{
+		// Parse the stream into headers and body
+		list($headers, $messageStream) = $this->parseStream($fromStream);
+
+		// Get the original message headers
+		$messageHeaders = $message->getHeaders();
+
+		// Let the stream determine the headers describing the body content,
+		// since the body of the original message is overwritten by the body
+		// coming from the stream.
+		// These are all content-* headers.
+
+		// Default transfer encoding is 7bit if not set
+		$encoding = '';
+		// Remove all existing transfer encoding headers
+		$messageHeaders->removeAll('Content-Transfer-Encoding');
+		// See whether the stream sets the transfer encoding
+		if (isset($headers['content-transfer-encoding'])) {
+			$encoding = $headers['content-transfer-encoding'];
+		}
+
+		// We use the null content encoder, since the body is already encoded
+		// according to the transfer encoding specified in the stream
+		$message->setEncoder(new Swift_Mime_ContentEncoder_NullContentEncoder($encoding));
+
+		// Set the disposition, if present
+		if (isset($headers['content-disposition'])) {
+			$messageHeaders->addTextHeader('Content-Disposition', $headers['content-disposition']);
+		}
+
+		// Copy over the body from the stream using the content type dictated
+		// by the stream content
+		$message->setChildren([]);
+		$message->setBody($messageStream, $headers['content-type']);
+	}
+
+	/**
+	 * This message will parse the headers of a MIME email byte stream
+	 * and return an array that contains the headers as an associative
+	 * array and the email body as a string.
+	 *
+	 * @return array
+	 */
+	protected function parseStream(Swift_OutputByteStream $emailStream)
+	{
+		$bufferLength = 78;
+		$headerData = '';
+		$headerBodySeparator = "\r\n\r\n";
+
+		$emailStream->setReadPointer(0);
+
+		// Read out the headers section from the stream to a string
+		while (false !== ($buffer = $emailStream->read($bufferLength))) {
+			$headerData .= $buffer;
+
+			$headersPosEnd = strpos($headerData, $headerBodySeparator);
+
+			// Stop reading if we found the end of the headers
+			if (false !== $headersPosEnd) {
+				break;
+			}
+		}
+
+		// Split the header data into lines
+		$headerData = trim(substr($headerData, 0, $headersPosEnd));
+		$headerLines = explode("\r\n", $headerData);
+		unset($headerData);
+
+		$headers = [];
+		$currentHeaderName = '';
+
+		// Transform header lines into an associative array
+		foreach ($headerLines as $headerLine) {
+			// Handle headers that span multiple lines
+			if (false === strpos($headerLine, ':')) {
+				$headers[$currentHeaderName] .= ' '.trim($headerLine ?? '');
+				continue;
+			}
+
+			$header = explode(':', $headerLine, 2);
+			$currentHeaderName = strtolower($header[0] ?? '');
+			$headers[$currentHeaderName] = trim($header[1] ?? '');
+		}
+
+		// Read the entire email body into a byte stream
+		$bodyStream = new Swift_ByteStream_TemporaryFileByteStream();
+
+		// Skip the header and separator and point to the body
+		$emailStream->setReadPointer($headersPosEnd + \strlen($headerBodySeparator));
+
+		while (false !== ($buffer = $emailStream->read($bufferLength))) {
+			$bodyStream->write($buffer);
+		}
+
+		$bodyStream->commit();
+
+		return [$headers, $bodyStream];
+	}
+
+	protected function copyFromOpenSSLOutput(Swift_OutputByteStream $fromStream, Swift_InputByteStream $toStream)
+	{
+		$bufferLength = 4096;
+		$filteredStream = new Swift_ByteStream_TemporaryFileByteStream();
+		$filteredStream->addFilter($this->replacementFactory->createFilter("\r\n", "\n"), 'CRLF to LF');
+		$filteredStream->addFilter($this->replacementFactory->createFilter("\n", "\r\n"), 'LF to CRLF');
+
+		while (false !== ($buffer = $fromStream->read($bufferLength))) {
+			$filteredStream->write($buffer);
+		}
+
+		$filteredStream->flushBuffers();
+
+		while (false !== ($buffer = $filteredStream->read($bufferLength))) {
+			$toStream->write($buffer);
+		}
+
+		$toStream->commit();
+	}
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/Signers/DKIMSigner.php 1 patch

Indentation +664 added lines, -664 removed lines patch added patch discarded remove patch

@@ -15,668 +15,668 @@
 block discarded – undo
  */
 class Swift_Signers_DKIMSigner implements Swift_Signers_HeaderSigner
 {
-    /**
-     * PrivateKey.
-     *
-     * @var string
-     */
-    protected $privateKey;
-
-    /**
-     * DomainName.
-     *
-     * @var string
-     */
-    protected $domainName;
-
-    /**
-     * Selector.
-     *
-     * @var string
-     */
-    protected $selector;
-
-    private $passphrase = '';
-
-    /**
-     * Hash algorithm used.
-     *
-     * @see RFC6376 3.3: Signers MUST implement and SHOULD sign using rsa-sha256.
-     *
-     * @var string
-     */
-    protected $hashAlgorithm = 'rsa-sha256';
-
-    /**
-     * Body canon method.
-     *
-     * @var string
-     */
-    protected $bodyCanon = 'simple';
-
-    /**
-     * Header canon method.
-     *
-     * @var string
-     */
-    protected $headerCanon = 'simple';
-
-    /**
-     * Headers not being signed.
-     *
-     * @var array
-     */
-    protected $ignoredHeaders = ['return-path' => true];
-
-    /**
-     * Signer identity.
-     *
-     * @var string
-     */
-    protected $signerIdentity;
-
-    /**
-     * BodyLength.
-     *
-     * @var int
-     */
-    protected $bodyLen = 0;
-
-    /**
-     * Maximum signedLen.
-     *
-     * @var int
-     */
-    protected $maxLen = PHP_INT_MAX;
-
-    /**
-     * Embbed bodyLen in signature.
-     *
-     * @var bool
-     */
-    protected $showLen = false;
-
-    /**
-     * When the signature has been applied (true means time()), false means not embedded.
-     *
-     * @var mixed
-     */
-    protected $signatureTimestamp = true;
-
-    /**
-     * When will the signature expires false means not embedded, if sigTimestamp is auto
-     * Expiration is relative, otherwise it's absolute.
-     *
-     * @var int
-     */
-    protected $signatureExpiration = false;
-
-    /**
-     * Must we embed signed headers?
-     *
-     * @var bool
-     */
-    protected $debugHeaders = false;
-
-    // work variables
-    /**
-     * Headers used to generate hash.
-     *
-     * @var array
-     */
-    protected $signedHeaders = [];
-
-    /**
-     * If debugHeaders is set store debugData here.
-     *
-     * @var string[]
-     */
-    private $debugHeadersData = [];
-
-    /**
-     * Stores the bodyHash.
-     *
-     * @var string
-     */
-    private $bodyHash = '';
-
-    /**
-     * Stores the signature header.
-     *
-     * @var Swift_Mime_Headers_ParameterizedHeader
-     */
-    protected $dkimHeader;
-
-    private $bodyHashHandler;
-
-    private $headerHash;
-
-    private $headerCanonData = '';
-
-    private $bodyCanonEmptyCounter = 0;
-
-    private $bodyCanonIgnoreStart = 2;
-
-    private $bodyCanonSpace = false;
-
-    private $bodyCanonLastChar = null;
-
-    private $bodyCanonLine = '';
-
-    private $bound = [];
-
-    /**
-     * Constructor.
-     *
-     * @param string $privateKey
-     * @param string $domainName
-     * @param string $selector
-     * @param string $passphrase
-     */
-    public function __construct($privateKey, $domainName, $selector, $passphrase = '')
-    {
-        $this->privateKey = $privateKey;
-        $this->domainName = $domainName;
-        $this->signerIdentity = '@'.$domainName;
-        $this->selector = $selector;
-        $this->passphrase = $passphrase;
-    }
-
-    /**
-     * Reset the Signer.
-     *
-     * @see Swift_Signer::reset()
-     */
-    public function reset()
-    {
-        $this->headerHash = null;
-        $this->signedHeaders = [];
-        $this->bodyHash = null;
-        $this->bodyHashHandler = null;
-        $this->bodyCanonIgnoreStart = 2;
-        $this->bodyCanonEmptyCounter = 0;
-        $this->bodyCanonLastChar = null;
-        $this->bodyCanonSpace = false;
-    }
-
-    /**
-     * Writes $bytes to the end of the stream.
-     *
-     * Writing may not happen immediately if the stream chooses to buffer.  If
-     * you want to write these bytes with immediate effect, call {@link commit()}
-     * after calling write().
-     *
-     * This method returns the sequence ID of the write (i.e. 1 for first, 2 for
-     * second, etc etc).
-     *
-     * @param string $bytes
-     *
-     * @return int
-     *
-     * @throws Swift_IoException
-     */
-    // TODO fix return
-    public function write($bytes)
-    {
-        $this->canonicalizeBody($bytes);
-        foreach ($this->bound as $is) {
-            $is->write($bytes);
-        }
-    }
-
-    /**
-     * For any bytes that are currently buffered inside the stream, force them
-     * off the buffer.
-     */
-    public function commit()
-    {
-        // Nothing to do
-        return;
-    }
-
-    /**
-     * Attach $is to this stream.
-     *
-     * The stream acts as an observer, receiving all data that is written.
-     * All {@link write()} and {@link flushBuffers()} operations will be mirrored.
-     */
-    public function bind(Swift_InputByteStream $is)
-    {
-        // Don't have to mirror anything
-        $this->bound[] = $is;
-
-        return;
-    }
-
-    /**
-     * Remove an already bound stream.
-     *
-     * If $is is not bound, no errors will be raised.
-     * If the stream currently has any buffered data it will be written to $is
-     * before unbinding occurs.
-     */
-    public function unbind(Swift_InputByteStream $is)
-    {
-        // Don't have to mirror anything
-        foreach ($this->bound as $k => $stream) {
-            if ($stream === $is) {
-                unset($this->bound[$k]);
-
-                return;
-            }
-        }
-    }
-
-    /**
-     * Flush the contents of the stream (empty it) and set the internal pointer
-     * to the beginning.
-     *
-     * @throws Swift_IoException
-     */
-    public function flushBuffers()
-    {
-        $this->reset();
-    }
-
-    /**
-     * Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1.
-     *
-     * @param string $hash 'rsa-sha1' or 'rsa-sha256'
-     *
-     * @throws Swift_SwiftException
-     *
-     * @return $this
-     */
-    public function setHashAlgorithm($hash)
-    {
-        switch ($hash) {
-            case 'rsa-sha1':
-                $this->hashAlgorithm = 'rsa-sha1';
-                break;
-            case 'rsa-sha256':
-                $this->hashAlgorithm = 'rsa-sha256';
-                if (!\defined('OPENSSL_ALGO_SHA256')) {
-                    throw new Swift_SwiftException('Unable to set sha256 as it is not supported by OpenSSL.');
-                }
-                break;
-            default:
-                throw new Swift_SwiftException('Unable to set the hash algorithm, must be one of rsa-sha1 or rsa-sha256 (%s given).', $hash);
-        }
-
-        return $this;
-    }
-
-    /**
-     * Set the body canonicalization algorithm.
-     *
-     * @param string $canon
-     *
-     * @return $this
-     */
-    public function setBodyCanon($canon)
-    {
-        if ('relaxed' == $canon) {
-            $this->bodyCanon = 'relaxed';
-        } else {
-            $this->bodyCanon = 'simple';
-        }
-
-        return $this;
-    }
-
-    /**
-     * Set the header canonicalization algorithm.
-     *
-     * @param string $canon
-     *
-     * @return $this
-     */
-    public function setHeaderCanon($canon)
-    {
-        if ('relaxed' == $canon) {
-            $this->headerCanon = 'relaxed';
-        } else {
-            $this->headerCanon = 'simple';
-        }
-
-        return $this;
-    }
-
-    /**
-     * Set the signer identity.
-     *
-     * @param string $identity
-     *
-     * @return $this
-     */
-    public function setSignerIdentity($identity)
-    {
-        $this->signerIdentity = $identity;
-
-        return $this;
-    }
-
-    /**
-     * Set the length of the body to sign.
-     *
-     * @param mixed $len (bool or int)
-     *
-     * @return $this
-     */
-    public function setBodySignedLen($len)
-    {
-        if (true === $len) {
-            $this->showLen = true;
-            $this->maxLen = PHP_INT_MAX;
-        } elseif (false === $len) {
-            $this->showLen = false;
-            $this->maxLen = PHP_INT_MAX;
-        } else {
-            $this->showLen = true;
-            $this->maxLen = (int) $len;
-        }
-
-        return $this;
-    }
-
-    /**
-     * Set the signature timestamp.
-     *
-     * @param int $time A timestamp
-     *
-     * @return $this
-     */
-    public function setSignatureTimestamp($time)
-    {
-        $this->signatureTimestamp = $time;
-
-        return $this;
-    }
-
-    /**
-     * Set the signature expiration timestamp.
-     *
-     * @param int $time A timestamp
-     *
-     * @return $this
-     */
-    public function setSignatureExpiration($time)
-    {
-        $this->signatureExpiration = $time;
-
-        return $this;
-    }
-
-    /**
-     * Enable / disable the DebugHeaders.
-     *
-     * @param bool $debug
-     *
-     * @return Swift_Signers_DKIMSigner
-     */
-    public function setDebugHeaders($debug)
-    {
-        $this->debugHeaders = (bool) $debug;
-
-        return $this;
-    }
-
-    /**
-     * Start Body.
-     */
-    public function startBody()
-    {
-        // Init
-        switch ($this->hashAlgorithm) {
-            case 'rsa-sha256':
-                $this->bodyHashHandler = hash_init('sha256');
-                break;
-            case 'rsa-sha1':
-                $this->bodyHashHandler = hash_init('sha1');
-                break;
-        }
-        $this->bodyCanonLine = '';
-    }
-
-    /**
-     * End Body.
-     */
-    public function endBody()
-    {
-        $this->endOfBody();
-    }
-
-    /**
-     * Returns the list of Headers Tampered by this plugin.
-     *
-     * @return array
-     */
-    public function getAlteredHeaders()
-    {
-        if ($this->debugHeaders) {
-            return ['DKIM-Signature', 'X-DebugHash'];
-        } else {
-            return ['DKIM-Signature'];
-        }
-    }
-
-    /**
-     * Adds an ignored Header.
-     *
-     * @param string $header_name
-     *
-     * @return Swift_Signers_DKIMSigner
-     */
-    public function ignoreHeader($header_name)
-    {
-        $this->ignoredHeaders[strtolower($header_name ?? '')] = true;
-
-        return $this;
-    }
-
-    /**
-     * Set the headers to sign.
-     *
-     * @return Swift_Signers_DKIMSigner
-     */
-    public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
-    {
-        $this->headerCanonData = '';
-        // Loop through Headers
-        $listHeaders = $headers->listAll();
-        foreach ($listHeaders as $hName) {
-            // Check if we need to ignore Header
-            if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
-                if ($headers->has($hName)) {
-                    $tmp = $headers->getAll($hName);
-                    foreach ($tmp as $header) {
-                        if ('' != $header->getFieldBody()) {
-                            $this->addHeader($header->toString());
-                            $this->signedHeaders[] = $header->getFieldName();
-                        }
-                    }
-                }
-            }
-        }
-
-        return $this;
-    }
-
-    /**
-     * Add the signature to the given Headers.
-     *
-     * @return Swift_Signers_DKIMSigner
-     */
-    public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
-    {
-        // Prepare the DKIM-Signature
-        $params = ['v' => '1', 'a' => $this->hashAlgorithm, 'bh' => base64_encode($this->bodyHash ?? ''), 'd' => $this->domainName, 'h' => implode(': ', $this->signedHeaders), 'i' => $this->signerIdentity, 's' => $this->selector];
-        if ('simple' != $this->bodyCanon) {
-            $params['c'] = $this->headerCanon.'/'.$this->bodyCanon;
-        } elseif ('simple' != $this->headerCanon) {
-            $params['c'] = $this->headerCanon;
-        }
-        if ($this->showLen) {
-            $params['l'] = $this->bodyLen;
-        }
-        if (true === $this->signatureTimestamp) {
-            $params['t'] = time();
-            if (false !== $this->signatureExpiration) {
-                $params['x'] = $params['t'] + $this->signatureExpiration;
-            }
-        } else {
-            if (false !== $this->signatureTimestamp) {
-                $params['t'] = $this->signatureTimestamp;
-            }
-            if (false !== $this->signatureExpiration) {
-                $params['x'] = $this->signatureExpiration;
-            }
-        }
-        if ($this->debugHeaders) {
-            $params['z'] = implode('|', $this->debugHeadersData);
-        }
-        $string = '';
-        foreach ($params as $k => $v) {
-            $string .= $k.'='.$v.'; ';
-        }
-        $string = trim($string);
-        $headers->addTextHeader('DKIM-Signature', $string);
-        // Add the last DKIM-Signature
-        $tmp = $headers->getAll('DKIM-Signature');
-        $this->dkimHeader = end($tmp);
-        $this->addHeader(trim($this->dkimHeader->toString() ?? '')."\r\n b=", true);
-        if ($this->debugHeaders) {
-            $headers->addTextHeader('X-DebugHash', base64_encode($this->headerHash ?? ''));
-        }
-        $this->dkimHeader->setValue($string.' b='.trim(chunk_split(base64_encode($this->getEncryptedHash() ?? ''), 73, ' ')));
-
-        return $this;
-    }
-
-    /* Private helpers */
-
-    protected function addHeader($header, $is_sig = false)
-    {
-        switch ($this->headerCanon) {
-            case 'relaxed':
-                // Prepare Header and cascade
-                $exploded = explode(':', $header, 2);
-                $name = strtolower(trim($exploded[0]));
-                $value = str_replace("\r\n", '', $exploded[1]);
-                $value = preg_replace("/[ \t][ \t]+/", ' ', $value);
-                $header = $name.':'.trim($value).($is_sig ? '' : "\r\n");
-                // no break
-            case 'simple':
-                // Nothing to do
-        }
-        $this->addToHeaderHash($header);
-    }
-
-    protected function canonicalizeBody($string)
-    {
-        $len = \strlen($string);
-        $canon = '';
-        $method = ('relaxed' == $this->bodyCanon);
-        for ($i = 0; $i < $len; ++$i) {
-            if ($this->bodyCanonIgnoreStart > 0) {
-                --$this->bodyCanonIgnoreStart;
-                continue;
-            }
-            switch ($string[$i]) {
-                case "\r":
-                    $this->bodyCanonLastChar = "\r";
-                    break;
-                case "\n":
-                    if ("\r" == $this->bodyCanonLastChar) {
-                        if ($method) {
-                            $this->bodyCanonSpace = false;
-                        }
-                        if ('' == $this->bodyCanonLine) {
-                            ++$this->bodyCanonEmptyCounter;
-                        } else {
-                            $this->bodyCanonLine = '';
-                            $canon .= "\r\n";
-                        }
-                    } else {
-                        // Wooops Error
-                        // todo handle it but should never happen
-                    }
-                    break;
-                case ' ':
-                case "\t":
-                    if ($method) {
-                        $this->bodyCanonSpace = true;
-                        break;
-                    }
-                    // no break
-                default:
-                    if ($this->bodyCanonEmptyCounter > 0) {
-                        $canon .= str_repeat("\r\n", $this->bodyCanonEmptyCounter);
-                        $this->bodyCanonEmptyCounter = 0;
-                    }
-                    if ($this->bodyCanonSpace) {
-                        $this->bodyCanonLine .= ' ';
-                        $canon .= ' ';
-                        $this->bodyCanonSpace = false;
-                    }
-                    $this->bodyCanonLine .= $string[$i];
-                    $canon .= $string[$i];
-            }
-        }
-        $this->addToBodyHash($canon);
-    }
-
-    protected function endOfBody()
-    {
-        // Add trailing Line return if last line is non empty
-        if (\strlen($this->bodyCanonLine) > 0) {
-            $this->addToBodyHash("\r\n");
-        }
-        $this->bodyHash = hash_final($this->bodyHashHandler, true);
-    }
-
-    private function addToBodyHash($string)
-    {
-        $len = \strlen($string);
-        if ($len > ($new_len = ($this->maxLen - $this->bodyLen))) {
-            $string = substr($string, 0, $new_len);
-            $len = $new_len;
-        }
-        hash_update($this->bodyHashHandler, $string);
-        $this->bodyLen += $len;
-    }
-
-    private function addToHeaderHash($header)
-    {
-        if ($this->debugHeaders) {
-            $this->debugHeadersData[] = trim($header ?? '');
-        }
-        $this->headerCanonData .= $header;
-    }
-
-    /**
-     * @throws Swift_SwiftException
-     *
-     * @return string
-     */
-    private function getEncryptedHash()
-    {
-        $signature = '';
-        switch ($this->hashAlgorithm) {
-            case 'rsa-sha1':
-                $algorithm = OPENSSL_ALGO_SHA1;
-                break;
-            case 'rsa-sha256':
-                $algorithm = OPENSSL_ALGO_SHA256;
-                break;
-        }
-        $pkeyId = openssl_get_privatekey($this->privateKey, $this->passphrase);
-        if (!$pkeyId) {
-            throw new Swift_SwiftException('Unable to load DKIM Private Key ['.openssl_error_string().']');
-        }
-        if (openssl_sign($this->headerCanonData, $signature, $pkeyId, $algorithm)) {
-            return $signature;
-        }
-        throw new Swift_SwiftException('Unable to sign DKIM Hash ['.openssl_error_string().']');
-    }
+	/**
+	 * PrivateKey.
+	 *
+	 * @var string
+	 */
+	protected $privateKey;
+
+	/**
+	 * DomainName.
+	 *
+	 * @var string
+	 */
+	protected $domainName;
+
+	/**
+	 * Selector.
+	 *
+	 * @var string
+	 */
+	protected $selector;
+
+	private $passphrase = '';
+
+	/**
+	 * Hash algorithm used.
+	 *
+	 * @see RFC6376 3.3: Signers MUST implement and SHOULD sign using rsa-sha256.
+	 *
+	 * @var string
+	 */
+	protected $hashAlgorithm = 'rsa-sha256';
+
+	/**
+	 * Body canon method.
+	 *
+	 * @var string
+	 */
+	protected $bodyCanon = 'simple';
+
+	/**
+	 * Header canon method.
+	 *
+	 * @var string
+	 */
+	protected $headerCanon = 'simple';
+
+	/**
+	 * Headers not being signed.
+	 *
+	 * @var array
+	 */
+	protected $ignoredHeaders = ['return-path' => true];
+
+	/**
+	 * Signer identity.
+	 *
+	 * @var string
+	 */
+	protected $signerIdentity;
+
+	/**
+	 * BodyLength.
+	 *
+	 * @var int
+	 */
+	protected $bodyLen = 0;
+
+	/**
+	 * Maximum signedLen.
+	 *
+	 * @var int
+	 */
+	protected $maxLen = PHP_INT_MAX;
+
+	/**
+	 * Embbed bodyLen in signature.
+	 *
+	 * @var bool
+	 */
+	protected $showLen = false;
+
+	/**
+	 * When the signature has been applied (true means time()), false means not embedded.
+	 *
+	 * @var mixed
+	 */
+	protected $signatureTimestamp = true;
+
+	/**
+	 * When will the signature expires false means not embedded, if sigTimestamp is auto
+	 * Expiration is relative, otherwise it's absolute.
+	 *
+	 * @var int
+	 */
+	protected $signatureExpiration = false;
+
+	/**
+	 * Must we embed signed headers?
+	 *
+	 * @var bool
+	 */
+	protected $debugHeaders = false;
+
+	// work variables
+	/**
+	 * Headers used to generate hash.
+	 *
+	 * @var array
+	 */
+	protected $signedHeaders = [];
+
+	/**
+	 * If debugHeaders is set store debugData here.
+	 *
+	 * @var string[]
+	 */
+	private $debugHeadersData = [];
+
+	/**
+	 * Stores the bodyHash.
+	 *
+	 * @var string
+	 */
+	private $bodyHash = '';
+
+	/**
+	 * Stores the signature header.
+	 *
+	 * @var Swift_Mime_Headers_ParameterizedHeader
+	 */
+	protected $dkimHeader;
+
+	private $bodyHashHandler;
+
+	private $headerHash;
+
+	private $headerCanonData = '';
+
+	private $bodyCanonEmptyCounter = 0;
+
+	private $bodyCanonIgnoreStart = 2;
+
+	private $bodyCanonSpace = false;
+
+	private $bodyCanonLastChar = null;
+
+	private $bodyCanonLine = '';
+
+	private $bound = [];
+
+	/**
+	 * Constructor.
+	 *
+	 * @param string $privateKey
+	 * @param string $domainName
+	 * @param string $selector
+	 * @param string $passphrase
+	 */
+	public function __construct($privateKey, $domainName, $selector, $passphrase = '')
+	{
+		$this->privateKey = $privateKey;
+		$this->domainName = $domainName;
+		$this->signerIdentity = '@'.$domainName;
+		$this->selector = $selector;
+		$this->passphrase = $passphrase;
+	}
+
+	/**
+	 * Reset the Signer.
+	 *
+	 * @see Swift_Signer::reset()
+	 */
+	public function reset()
+	{
+		$this->headerHash = null;
+		$this->signedHeaders = [];
+		$this->bodyHash = null;
+		$this->bodyHashHandler = null;
+		$this->bodyCanonIgnoreStart = 2;
+		$this->bodyCanonEmptyCounter = 0;
+		$this->bodyCanonLastChar = null;
+		$this->bodyCanonSpace = false;
+	}
+
+	/**
+	 * Writes $bytes to the end of the stream.
+	 *
+	 * Writing may not happen immediately if the stream chooses to buffer.  If
+	 * you want to write these bytes with immediate effect, call {@link commit()}
+	 * after calling write().
+	 *
+	 * This method returns the sequence ID of the write (i.e. 1 for first, 2 for
+	 * second, etc etc).
+	 *
+	 * @param string $bytes
+	 *
+	 * @return int
+	 *
+	 * @throws Swift_IoException
+	 */
+	// TODO fix return
+	public function write($bytes)
+	{
+		$this->canonicalizeBody($bytes);
+		foreach ($this->bound as $is) {
+			$is->write($bytes);
+		}
+	}
+
+	/**
+	 * For any bytes that are currently buffered inside the stream, force them
+	 * off the buffer.
+	 */
+	public function commit()
+	{
+		// Nothing to do
+		return;
+	}
+
+	/**
+	 * Attach $is to this stream.
+	 *
+	 * The stream acts as an observer, receiving all data that is written.
+	 * All {@link write()} and {@link flushBuffers()} operations will be mirrored.
+	 */
+	public function bind(Swift_InputByteStream $is)
+	{
+		// Don't have to mirror anything
+		$this->bound[] = $is;
+
+		return;
+	}
+
+	/**
+	 * Remove an already bound stream.
+	 *
+	 * If $is is not bound, no errors will be raised.
+	 * If the stream currently has any buffered data it will be written to $is
+	 * before unbinding occurs.
+	 */
+	public function unbind(Swift_InputByteStream $is)
+	{
+		// Don't have to mirror anything
+		foreach ($this->bound as $k => $stream) {
+			if ($stream === $is) {
+				unset($this->bound[$k]);
+
+				return;
+			}
+		}
+	}
+
+	/**
+	 * Flush the contents of the stream (empty it) and set the internal pointer
+	 * to the beginning.
+	 *
+	 * @throws Swift_IoException
+	 */
+	public function flushBuffers()
+	{
+		$this->reset();
+	}
+
+	/**
+	 * Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1.
+	 *
+	 * @param string $hash 'rsa-sha1' or 'rsa-sha256'
+	 *
+	 * @throws Swift_SwiftException
+	 *
+	 * @return $this
+	 */
+	public function setHashAlgorithm($hash)
+	{
+		switch ($hash) {
+			case 'rsa-sha1':
+				$this->hashAlgorithm = 'rsa-sha1';
+				break;
+			case 'rsa-sha256':
+				$this->hashAlgorithm = 'rsa-sha256';
+				if (!\defined('OPENSSL_ALGO_SHA256')) {
+					throw new Swift_SwiftException('Unable to set sha256 as it is not supported by OpenSSL.');
+				}
+				break;
+			default:
+				throw new Swift_SwiftException('Unable to set the hash algorithm, must be one of rsa-sha1 or rsa-sha256 (%s given).', $hash);
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Set the body canonicalization algorithm.
+	 *
+	 * @param string $canon
+	 *
+	 * @return $this
+	 */
+	public function setBodyCanon($canon)
+	{
+		if ('relaxed' == $canon) {
+			$this->bodyCanon = 'relaxed';
+		} else {
+			$this->bodyCanon = 'simple';
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Set the header canonicalization algorithm.
+	 *
+	 * @param string $canon
+	 *
+	 * @return $this
+	 */
+	public function setHeaderCanon($canon)
+	{
+		if ('relaxed' == $canon) {
+			$this->headerCanon = 'relaxed';
+		} else {
+			$this->headerCanon = 'simple';
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Set the signer identity.
+	 *
+	 * @param string $identity
+	 *
+	 * @return $this
+	 */
+	public function setSignerIdentity($identity)
+	{
+		$this->signerIdentity = $identity;
+
+		return $this;
+	}
+
+	/**
+	 * Set the length of the body to sign.
+	 *
+	 * @param mixed $len (bool or int)
+	 *
+	 * @return $this
+	 */
+	public function setBodySignedLen($len)
+	{
+		if (true === $len) {
+			$this->showLen = true;
+			$this->maxLen = PHP_INT_MAX;
+		} elseif (false === $len) {
+			$this->showLen = false;
+			$this->maxLen = PHP_INT_MAX;
+		} else {
+			$this->showLen = true;
+			$this->maxLen = (int) $len;
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Set the signature timestamp.
+	 *
+	 * @param int $time A timestamp
+	 *
+	 * @return $this
+	 */
+	public function setSignatureTimestamp($time)
+	{
+		$this->signatureTimestamp = $time;
+
+		return $this;
+	}
+
+	/**
+	 * Set the signature expiration timestamp.
+	 *
+	 * @param int $time A timestamp
+	 *
+	 * @return $this
+	 */
+	public function setSignatureExpiration($time)
+	{
+		$this->signatureExpiration = $time;
+
+		return $this;
+	}
+
+	/**
+	 * Enable / disable the DebugHeaders.
+	 *
+	 * @param bool $debug
+	 *
+	 * @return Swift_Signers_DKIMSigner
+	 */
+	public function setDebugHeaders($debug)
+	{
+		$this->debugHeaders = (bool) $debug;
+
+		return $this;
+	}
+
+	/**
+	 * Start Body.
+	 */
+	public function startBody()
+	{
+		// Init
+		switch ($this->hashAlgorithm) {
+			case 'rsa-sha256':
+				$this->bodyHashHandler = hash_init('sha256');
+				break;
+			case 'rsa-sha1':
+				$this->bodyHashHandler = hash_init('sha1');
+				break;
+		}
+		$this->bodyCanonLine = '';
+	}
+
+	/**
+	 * End Body.
+	 */
+	public function endBody()
+	{
+		$this->endOfBody();
+	}
+
+	/**
+	 * Returns the list of Headers Tampered by this plugin.
+	 *
+	 * @return array
+	 */
+	public function getAlteredHeaders()
+	{
+		if ($this->debugHeaders) {
+			return ['DKIM-Signature', 'X-DebugHash'];
+		} else {
+			return ['DKIM-Signature'];
+		}
+	}
+
+	/**
+	 * Adds an ignored Header.
+	 *
+	 * @param string $header_name
+	 *
+	 * @return Swift_Signers_DKIMSigner
+	 */
+	public function ignoreHeader($header_name)
+	{
+		$this->ignoredHeaders[strtolower($header_name ?? '')] = true;
+
+		return $this;
+	}
+
+	/**
+	 * Set the headers to sign.
+	 *
+	 * @return Swift_Signers_DKIMSigner
+	 */
+	public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
+	{
+		$this->headerCanonData = '';
+		// Loop through Headers
+		$listHeaders = $headers->listAll();
+		foreach ($listHeaders as $hName) {
+			// Check if we need to ignore Header
+			if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
+				if ($headers->has($hName)) {
+					$tmp = $headers->getAll($hName);
+					foreach ($tmp as $header) {
+						if ('' != $header->getFieldBody()) {
+							$this->addHeader($header->toString());
+							$this->signedHeaders[] = $header->getFieldName();
+						}
+					}
+				}
+			}
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Add the signature to the given Headers.
+	 *
+	 * @return Swift_Signers_DKIMSigner
+	 */
+	public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
+	{
+		// Prepare the DKIM-Signature
+		$params = ['v' => '1', 'a' => $this->hashAlgorithm, 'bh' => base64_encode($this->bodyHash ?? ''), 'd' => $this->domainName, 'h' => implode(': ', $this->signedHeaders), 'i' => $this->signerIdentity, 's' => $this->selector];
+		if ('simple' != $this->bodyCanon) {
+			$params['c'] = $this->headerCanon.'/'.$this->bodyCanon;
+		} elseif ('simple' != $this->headerCanon) {
+			$params['c'] = $this->headerCanon;
+		}
+		if ($this->showLen) {
+			$params['l'] = $this->bodyLen;
+		}
+		if (true === $this->signatureTimestamp) {
+			$params['t'] = time();
+			if (false !== $this->signatureExpiration) {
+				$params['x'] = $params['t'] + $this->signatureExpiration;
+			}
+		} else {
+			if (false !== $this->signatureTimestamp) {
+				$params['t'] = $this->signatureTimestamp;
+			}
+			if (false !== $this->signatureExpiration) {
+				$params['x'] = $this->signatureExpiration;
+			}
+		}
+		if ($this->debugHeaders) {
+			$params['z'] = implode('|', $this->debugHeadersData);
+		}
+		$string = '';
+		foreach ($params as $k => $v) {
+			$string .= $k.'='.$v.'; ';
+		}
+		$string = trim($string);
+		$headers->addTextHeader('DKIM-Signature', $string);
+		// Add the last DKIM-Signature
+		$tmp = $headers->getAll('DKIM-Signature');
+		$this->dkimHeader = end($tmp);
+		$this->addHeader(trim($this->dkimHeader->toString() ?? '')."\r\n b=", true);
+		if ($this->debugHeaders) {
+			$headers->addTextHeader('X-DebugHash', base64_encode($this->headerHash ?? ''));
+		}
+		$this->dkimHeader->setValue($string.' b='.trim(chunk_split(base64_encode($this->getEncryptedHash() ?? ''), 73, ' ')));
+
+		return $this;
+	}
+
+	/* Private helpers */
+
+	protected function addHeader($header, $is_sig = false)
+	{
+		switch ($this->headerCanon) {
+			case 'relaxed':
+				// Prepare Header and cascade
+				$exploded = explode(':', $header, 2);
+				$name = strtolower(trim($exploded[0]));
+				$value = str_replace("\r\n", '', $exploded[1]);
+				$value = preg_replace("/[ \t][ \t]+/", ' ', $value);
+				$header = $name.':'.trim($value).($is_sig ? '' : "\r\n");
+				// no break
+			case 'simple':
+				// Nothing to do
+		}
+		$this->addToHeaderHash($header);
+	}
+
+	protected function canonicalizeBody($string)
+	{
+		$len = \strlen($string);
+		$canon = '';
+		$method = ('relaxed' == $this->bodyCanon);
+		for ($i = 0; $i < $len; ++$i) {
+			if ($this->bodyCanonIgnoreStart > 0) {
+				--$this->bodyCanonIgnoreStart;
+				continue;
+			}
+			switch ($string[$i]) {
+				case "\r":
+					$this->bodyCanonLastChar = "\r";
+					break;
+				case "\n":
+					if ("\r" == $this->bodyCanonLastChar) {
+						if ($method) {
+							$this->bodyCanonSpace = false;
+						}
+						if ('' == $this->bodyCanonLine) {
+							++$this->bodyCanonEmptyCounter;
+						} else {
+							$this->bodyCanonLine = '';
+							$canon .= "\r\n";
+						}
+					} else {
+						// Wooops Error
+						// todo handle it but should never happen
+					}
+					break;
+				case ' ':
+				case "\t":
+					if ($method) {
+						$this->bodyCanonSpace = true;
+						break;
+					}
+					// no break
+				default:
+					if ($this->bodyCanonEmptyCounter > 0) {
+						$canon .= str_repeat("\r\n", $this->bodyCanonEmptyCounter);
+						$this->bodyCanonEmptyCounter = 0;
+					}
+					if ($this->bodyCanonSpace) {
+						$this->bodyCanonLine .= ' ';
+						$canon .= ' ';
+						$this->bodyCanonSpace = false;
+					}
+					$this->bodyCanonLine .= $string[$i];
+					$canon .= $string[$i];
+			}
+		}
+		$this->addToBodyHash($canon);
+	}
+
+	protected function endOfBody()
+	{
+		// Add trailing Line return if last line is non empty
+		if (\strlen($this->bodyCanonLine) > 0) {
+			$this->addToBodyHash("\r\n");
+		}
+		$this->bodyHash = hash_final($this->bodyHashHandler, true);
+	}
+
+	private function addToBodyHash($string)
+	{
+		$len = \strlen($string);
+		if ($len > ($new_len = ($this->maxLen - $this->bodyLen))) {
+			$string = substr($string, 0, $new_len);
+			$len = $new_len;
+		}
+		hash_update($this->bodyHashHandler, $string);
+		$this->bodyLen += $len;
+	}
+
+	private function addToHeaderHash($header)
+	{
+		if ($this->debugHeaders) {
+			$this->debugHeadersData[] = trim($header ?? '');
+		}
+		$this->headerCanonData .= $header;
+	}
+
+	/**
+	 * @throws Swift_SwiftException
+	 *
+	 * @return string
+	 */
+	private function getEncryptedHash()
+	{
+		$signature = '';
+		switch ($this->hashAlgorithm) {
+			case 'rsa-sha1':
+				$algorithm = OPENSSL_ALGO_SHA1;
+				break;
+			case 'rsa-sha256':
+				$algorithm = OPENSSL_ALGO_SHA256;
+				break;
+		}
+		$pkeyId = openssl_get_privatekey($this->privateKey, $this->passphrase);
+		if (!$pkeyId) {
+			throw new Swift_SwiftException('Unable to load DKIM Private Key ['.openssl_error_string().']');
+		}
+		if (openssl_sign($this->headerCanonData, $signature, $pkeyId, $algorithm)) {
+			return $signature;
+		}
+		throw new Swift_SwiftException('Unable to sign DKIM Hash ['.openssl_error_string().']');
+	}
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/Signers/OpenDKIMSigner.php 1 patch

Indentation +162 added lines, -162 removed lines patch added patch discarded remove patch

@@ -18,166 +18,166 @@
 block discarded – undo
  */
 class Swift_Signers_OpenDKIMSigner extends Swift_Signers_DKIMSigner
 {
-    private $peclLoaded = false;
-
-    private $dkimHandler = null;
-
-    private $dropFirstLF = true;
-
-    const CANON_RELAXED = 1;
-    const CANON_SIMPLE = 2;
-    const SIG_RSA_SHA1 = 3;
-    const SIG_RSA_SHA256 = 4;
-
-    public function __construct($privateKey, $domainName, $selector)
-    {
-        if (!\extension_loaded('opendkim')) {
-            throw new Swift_SwiftException('php-opendkim extension not found');
-        }
-
-        $this->peclLoaded = true;
-
-        parent::__construct($privateKey, $domainName, $selector);
-    }
-
-    public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
-    {
-        $header = new Swift_Mime_Headers_OpenDKIMHeader('DKIM-Signature');
-        $headerVal = $this->dkimHandler->getSignatureHeader();
-        if (false === $headerVal || \is_int($headerVal)) {
-            throw new Swift_SwiftException('OpenDKIM Error: '.$this->dkimHandler->getError());
-        }
-        $header->setValue($headerVal);
-        $headers->set($header);
-
-        return $this;
-    }
-
-    public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
-    {
-        $hash = 'rsa-sha1' == $this->hashAlgorithm ? OpenDKIMSign::ALG_RSASHA1 : OpenDKIMSign::ALG_RSASHA256;
-        $bodyCanon = 'simple' == $this->bodyCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
-        $headerCanon = 'simple' == $this->headerCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
-        $this->dkimHandler = new OpenDKIMSign($this->privateKey, $this->selector, $this->domainName, $headerCanon, $bodyCanon, $hash, -1);
-        // Hardcode signature Margin for now
-        $this->dkimHandler->setMargin(78);
-
-        if (!is_numeric($this->signatureTimestamp)) {
-            OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, time());
-        } else {
-            if (!OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, $this->signatureTimestamp)) {
-                throw new Swift_SwiftException('Unable to force signature timestamp ['.openssl_error_string().']');
-            }
-        }
-        if (isset($this->signerIdentity)) {
-            $this->dkimHandler->setSigner($this->signerIdentity);
-        }
-        $listHeaders = $headers->listAll();
-        foreach ($listHeaders as $hName) {
-            // Check if we need to ignore Header
-            if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
-                $tmp = $headers->getAll($hName);
-                if ($headers->has($hName)) {
-                    foreach ($tmp as $header) {
-                        if ('' != $header->getFieldBody()) {
-                            $htosign = $header->toString();
-                            $this->dkimHandler->header($htosign);
-                            $this->signedHeaders[] = $header->getFieldName();
-                        }
-                    }
-                }
-            }
-        }
-
-        return $this;
-    }
-
-    public function startBody()
-    {
-        if (!$this->peclLoaded) {
-            return parent::startBody();
-        }
-        $this->dropFirstLF = true;
-        $this->dkimHandler->eoh();
-
-        return $this;
-    }
-
-    public function endBody()
-    {
-        if (!$this->peclLoaded) {
-            return parent::endBody();
-        }
-        $this->dkimHandler->eom();
-
-        return $this;
-    }
-
-    public function reset()
-    {
-        $this->dkimHandler = null;
-        parent::reset();
-
-        return $this;
-    }
-
-    /**
-     * Set the signature timestamp.
-     *
-     * @param int $time
-     *
-     * @return $this
-     */
-    public function setSignatureTimestamp($time)
-    {
-        $this->signatureTimestamp = $time;
-
-        return $this;
-    }
-
-    /**
-     * Set the signature expiration timestamp.
-     *
-     * @param int $time
-     *
-     * @return $this
-     */
-    public function setSignatureExpiration($time)
-    {
-        $this->signatureExpiration = $time;
-
-        return $this;
-    }
-
-    /**
-     * Enable / disable the DebugHeaders.
-     *
-     * @param bool $debug
-     *
-     * @return $this
-     */
-    public function setDebugHeaders($debug)
-    {
-        $this->debugHeaders = (bool) $debug;
-
-        return $this;
-    }
-
-    // Protected
-
-    protected function canonicalizeBody($string)
-    {
-        if (!$this->peclLoaded) {
-            return parent::canonicalizeBody($string);
-        }
-        if (true === $this->dropFirstLF) {
-            if ("\r" == $string[0] && "\n" == $string[1]) {
-                $string = substr($string, 2);
-            }
-        }
-        $this->dropFirstLF = false;
-        if (\strlen($string)) {
-            $this->dkimHandler->body($string);
-        }
-    }
+	private $peclLoaded = false;
+
+	private $dkimHandler = null;
+
+	private $dropFirstLF = true;
+
+	const CANON_RELAXED = 1;
+	const CANON_SIMPLE = 2;
+	const SIG_RSA_SHA1 = 3;
+	const SIG_RSA_SHA256 = 4;
+
+	public function __construct($privateKey, $domainName, $selector)
+	{
+		if (!\extension_loaded('opendkim')) {
+			throw new Swift_SwiftException('php-opendkim extension not found');
+		}
+
+		$this->peclLoaded = true;
+
+		parent::__construct($privateKey, $domainName, $selector);
+	}
+
+	public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
+	{
+		$header = new Swift_Mime_Headers_OpenDKIMHeader('DKIM-Signature');
+		$headerVal = $this->dkimHandler->getSignatureHeader();
+		if (false === $headerVal || \is_int($headerVal)) {
+			throw new Swift_SwiftException('OpenDKIM Error: '.$this->dkimHandler->getError());
+		}
+		$header->setValue($headerVal);
+		$headers->set($header);
+
+		return $this;
+	}
+
+	public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
+	{
+		$hash = 'rsa-sha1' == $this->hashAlgorithm ? OpenDKIMSign::ALG_RSASHA1 : OpenDKIMSign::ALG_RSASHA256;
+		$bodyCanon = 'simple' == $this->bodyCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
+		$headerCanon = 'simple' == $this->headerCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
+		$this->dkimHandler = new OpenDKIMSign($this->privateKey, $this->selector, $this->domainName, $headerCanon, $bodyCanon, $hash, -1);
+		// Hardcode signature Margin for now
+		$this->dkimHandler->setMargin(78);
+
+		if (!is_numeric($this->signatureTimestamp)) {
+			OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, time());
+		} else {
+			if (!OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, $this->signatureTimestamp)) {
+				throw new Swift_SwiftException('Unable to force signature timestamp ['.openssl_error_string().']');
+			}
+		}
+		if (isset($this->signerIdentity)) {
+			$this->dkimHandler->setSigner($this->signerIdentity);
+		}
+		$listHeaders = $headers->listAll();
+		foreach ($listHeaders as $hName) {
+			// Check if we need to ignore Header
+			if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
+				$tmp = $headers->getAll($hName);
+				if ($headers->has($hName)) {
+					foreach ($tmp as $header) {
+						if ('' != $header->getFieldBody()) {
+							$htosign = $header->toString();
+							$this->dkimHandler->header($htosign);
+							$this->signedHeaders[] = $header->getFieldName();
+						}
+					}
+				}
+			}
+		}
+
+		return $this;
+	}
+
+	public function startBody()
+	{
+		if (!$this->peclLoaded) {
+			return parent::startBody();
+		}
+		$this->dropFirstLF = true;
+		$this->dkimHandler->eoh();
+
+		return $this;
+	}
+
+	public function endBody()
+	{
+		if (!$this->peclLoaded) {
+			return parent::endBody();
+		}
+		$this->dkimHandler->eom();
+
+		return $this;
+	}
+
+	public function reset()
+	{
+		$this->dkimHandler = null;
+		parent::reset();
+
+		return $this;
+	}
+
+	/**
+	 * Set the signature timestamp.
+	 *
+	 * @param int $time
+	 *
+	 * @return $this
+	 */
+	public function setSignatureTimestamp($time)
+	{
+		$this->signatureTimestamp = $time;
+
+		return $this;
+	}
+
+	/**
+	 * Set the signature expiration timestamp.
+	 *
+	 * @param int $time
+	 *
+	 * @return $this
+	 */
+	public function setSignatureExpiration($time)
+	{
+		$this->signatureExpiration = $time;
+
+		return $this;
+	}
+
+	/**
+	 * Enable / disable the DebugHeaders.
+	 *
+	 * @param bool $debug
+	 *
+	 * @return $this
+	 */
+	public function setDebugHeaders($debug)
+	{
+		$this->debugHeaders = (bool) $debug;
+
+		return $this;
+	}
+
+	// Protected
+
+	protected function canonicalizeBody($string)
+	{
+		if (!$this->peclLoaded) {
+			return parent::canonicalizeBody($string);
+		}
+		if (true === $this->dropFirstLF) {
+			if ("\r" == $string[0] && "\n" == $string[1]) {
+				$string = substr($string, 2);
+			}
+		}
+		$this->dropFirstLF = false;
+		if (\strlen($string)) {
+			$this->dkimHandler->body($string);
+		}
+	}
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/Signers/DomainKeySigner.php 1 patch

Indentation +486 added lines, -486 removed lines patch added patch discarded remove patch

@@ -15,490 +15,490 @@
 block discarded – undo
  */
 class Swift_Signers_DomainKeySigner implements Swift_Signers_HeaderSigner
 {
-    /**
-     * PrivateKey.
-     *
-     * @var string
-     */
-    protected $privateKey;
-
-    /**
-     * DomainName.
-     *
-     * @var string
-     */
-    protected $domainName;
-
-    /**
-     * Selector.
-     *
-     * @var string
-     */
-    protected $selector;
-
-    /**
-     * Hash algorithm used.
-     *
-     * @var string
-     */
-    protected $hashAlgorithm = 'rsa-sha1';
-
-    /**
-     * Canonisation method.
-     *
-     * @var string
-     */
-    protected $canon = 'simple';
-
-    /**
-     * Headers not being signed.
-     *
-     * @var array
-     */
-    protected $ignoredHeaders = [];
-
-    /**
-     * Signer identity.
-     *
-     * @var string
-     */
-    protected $signerIdentity;
-
-    /**
-     * Must we embed signed headers?
-     *
-     * @var bool
-     */
-    protected $debugHeaders = false;
-
-    // work variables
-    /**
-     * Headers used to generate hash.
-     *
-     * @var array
-     */
-    private $signedHeaders = [];
-
-    /**
-     * Stores the signature header.
-     *
-     * @var Swift_Mime_Headers_ParameterizedHeader
-     */
-    protected $domainKeyHeader;
-
-    /**
-     * Hash Handler.
-     *
-     * @var resource|null
-     */
-    private $hashHandler;
-
-    private $canonData = '';
-
-    private $bodyCanonEmptyCounter = 0;
-
-    private $bodyCanonIgnoreStart = 2;
-
-    private $bodyCanonSpace = false;
-
-    private $bodyCanonLastChar = null;
-
-    private $bodyCanonLine = '';
-
-    private $bound = [];
-
-    /**
-     * Constructor.
-     *
-     * @param string $privateKey
-     * @param string $domainName
-     * @param string $selector
-     */
-    public function __construct($privateKey, $domainName, $selector)
-    {
-        $this->privateKey = $privateKey;
-        $this->domainName = $domainName;
-        $this->signerIdentity = '@'.$domainName;
-        $this->selector = $selector;
-    }
-
-    /**
-     * Resets internal states.
-     *
-     * @return $this
-     */
-    public function reset()
-    {
-        $this->hashHandler = null;
-        $this->bodyCanonIgnoreStart = 2;
-        $this->bodyCanonEmptyCounter = 0;
-        $this->bodyCanonLastChar = null;
-        $this->bodyCanonSpace = false;
-
-        return $this;
-    }
-
-    /**
-     * Writes $bytes to the end of the stream.
-     *
-     * Writing may not happen immediately if the stream chooses to buffer.  If
-     * you want to write these bytes with immediate effect, call {@link commit()}
-     * after calling write().
-     *
-     * This method returns the sequence ID of the write (i.e. 1 for first, 2 for
-     * second, etc etc).
-     *
-     * @param string $bytes
-     *
-     * @return int
-     *
-     * @throws Swift_IoException
-     *
-     * @return $this
-     */
-    public function write($bytes)
-    {
-        $this->canonicalizeBody($bytes);
-        foreach ($this->bound as $is) {
-            $is->write($bytes);
-        }
-
-        return $this;
-    }
-
-    /**
-     * For any bytes that are currently buffered inside the stream, force them
-     * off the buffer.
-     *
-     * @throws Swift_IoException
-     *
-     * @return $this
-     */
-    public function commit()
-    {
-        // Nothing to do
-        return $this;
-    }
-
-    /**
-     * Attach $is to this stream.
-     *
-     * The stream acts as an observer, receiving all data that is written.
-     * All {@link write()} and {@link flushBuffers()} operations will be mirrored.
-     *
-     * @return $this
-     */
-    public function bind(Swift_InputByteStream $is)
-    {
-        // Don't have to mirror anything
-        $this->bound[] = $is;
-
-        return $this;
-    }
-
-    /**
-     * Remove an already bound stream.
-     *
-     * If $is is not bound, no errors will be raised.
-     * If the stream currently has any buffered data it will be written to $is
-     * before unbinding occurs.
-     *
-     * @return $this
-     */
-    public function unbind(Swift_InputByteStream $is)
-    {
-        // Don't have to mirror anything
-        foreach ($this->bound as $k => $stream) {
-            if ($stream === $is) {
-                unset($this->bound[$k]);
-
-                break;
-            }
-        }
-
-        return $this;
-    }
-
-    /**
-     * Flush the contents of the stream (empty it) and set the internal pointer
-     * to the beginning.
-     *
-     * @throws Swift_IoException
-     *
-     * @return $this
-     */
-    public function flushBuffers()
-    {
-        $this->reset();
-
-        return $this;
-    }
-
-    /**
-     * Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1 defaults to rsa-sha256.
-     *
-     * @param string $hash
-     *
-     * @return $this
-     */
-    public function setHashAlgorithm($hash)
-    {
-        $this->hashAlgorithm = 'rsa-sha1';
-
-        return $this;
-    }
-
-    /**
-     * Set the canonicalization algorithm.
-     *
-     * @param string $canon simple | nofws defaults to simple
-     *
-     * @return $this
-     */
-    public function setCanon($canon)
-    {
-        if ('nofws' == $canon) {
-            $this->canon = 'nofws';
-        } else {
-            $this->canon = 'simple';
-        }
-
-        return $this;
-    }
-
-    /**
-     * Set the signer identity.
-     *
-     * @param string $identity
-     *
-     * @return $this
-     */
-    public function setSignerIdentity($identity)
-    {
-        $this->signerIdentity = $identity;
-
-        return $this;
-    }
-
-    /**
-     * Enable / disable the DebugHeaders.
-     *
-     * @param bool $debug
-     *
-     * @return $this
-     */
-    public function setDebugHeaders($debug)
-    {
-        $this->debugHeaders = (bool) $debug;
-
-        return $this;
-    }
-
-    /**
-     * Start Body.
-     */
-    public function startBody()
-    {
-    }
-
-    /**
-     * End Body.
-     */
-    public function endBody()
-    {
-        $this->endOfBody();
-    }
-
-    /**
-     * Returns the list of Headers Tampered by this plugin.
-     *
-     * @return array
-     */
-    public function getAlteredHeaders()
-    {
-        if ($this->debugHeaders) {
-            return ['DomainKey-Signature', 'X-DebugHash'];
-        }
-
-        return ['DomainKey-Signature'];
-    }
-
-    /**
-     * Adds an ignored Header.
-     *
-     * @param string $header_name
-     *
-     * @return $this
-     */
-    public function ignoreHeader($header_name)
-    {
-        $this->ignoredHeaders[strtolower($header_name ?? '')] = true;
-
-        return $this;
-    }
-
-    /**
-     * Set the headers to sign.
-     *
-     * @return $this
-     */
-    public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
-    {
-        $this->startHash();
-        $this->canonData = '';
-        // Loop through Headers
-        $listHeaders = $headers->listAll();
-        foreach ($listHeaders as $hName) {
-            // Check if we need to ignore Header
-            if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
-                if ($headers->has($hName)) {
-                    $tmp = $headers->getAll($hName);
-                    foreach ($tmp as $header) {
-                        if ('' != $header->getFieldBody()) {
-                            $this->addHeader($header->toString());
-                            $this->signedHeaders[] = $header->getFieldName();
-                        }
-                    }
-                }
-            }
-        }
-        $this->endOfHeaders();
-
-        return $this;
-    }
-
-    /**
-     * Add the signature to the given Headers.
-     *
-     * @return $this
-     */
-    public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
-    {
-        // Prepare the DomainKey-Signature Header
-        $params = ['a' => $this->hashAlgorithm, 'b' => chunk_split(base64_encode($this->getEncryptedHash() ?? ''), 73, ' '), 'c' => $this->canon, 'd' => $this->domainName, 'h' => implode(': ', $this->signedHeaders), 'q' => 'dns', 's' => $this->selector];
-        $string = '';
-        foreach ($params as $k => $v) {
-            $string .= $k.'='.$v.'; ';
-        }
-        $string = trim($string);
-        $headers->addTextHeader('DomainKey-Signature', $string);
-
-        return $this;
-    }
-
-    /* Private helpers */
-
-    protected function addHeader($header)
-    {
-        switch ($this->canon) {
-            case 'nofws':
-                // Prepare Header and cascade
-                $exploded = explode(':', $header, 2);
-                $name = strtolower(trim($exploded[0]));
-                $value = str_replace("\r\n", '', $exploded[1]);
-                $value = preg_replace("/[ \t][ \t]+/", ' ', $value);
-                $header = $name.':'.trim($value)."\r\n";
-                // no break
-            case 'simple':
-                // Nothing to do
-        }
-        $this->addToHash($header);
-    }
-
-    protected function endOfHeaders()
-    {
-        $this->bodyCanonEmptyCounter = 1;
-    }
-
-    protected function canonicalizeBody($string)
-    {
-        $len = \strlen($string);
-        $canon = '';
-        $nofws = ('nofws' == $this->canon);
-        for ($i = 0; $i < $len; ++$i) {
-            if ($this->bodyCanonIgnoreStart > 0) {
-                --$this->bodyCanonIgnoreStart;
-                continue;
-            }
-            switch ($string[$i]) {
-                case "\r":
-                    $this->bodyCanonLastChar = "\r";
-                    break;
-                case "\n":
-                    if ("\r" == $this->bodyCanonLastChar) {
-                        if ($nofws) {
-                            $this->bodyCanonSpace = false;
-                        }
-                        if ('' == $this->bodyCanonLine) {
-                            ++$this->bodyCanonEmptyCounter;
-                        } else {
-                            $this->bodyCanonLine = '';
-                            $canon .= "\r\n";
-                        }
-                    } else {
-                        // Wooops Error
-                        throw new Swift_SwiftException('Invalid new line sequence in mail found \n without preceding \r');
-                    }
-                    break;
-                case ' ':
-                case "\t":
-                case "\x09": //HTAB
-                    if ($nofws) {
-                        $this->bodyCanonSpace = true;
-                        break;
-                    }
-                    // no break
-                default:
-                    if ($this->bodyCanonEmptyCounter > 0) {
-                        $canon .= str_repeat("\r\n", $this->bodyCanonEmptyCounter);
-                        $this->bodyCanonEmptyCounter = 0;
-                    }
-                    $this->bodyCanonLine .= $string[$i];
-                    $canon .= $string[$i];
-            }
-        }
-        $this->addToHash($canon);
-    }
-
-    protected function endOfBody()
-    {
-        if (\strlen($this->bodyCanonLine) > 0) {
-            $this->addToHash("\r\n");
-        }
-    }
-
-    private function addToHash($string)
-    {
-        $this->canonData .= $string;
-        hash_update($this->hashHandler, $string);
-    }
-
-    private function startHash()
-    {
-        // Init
-        switch ($this->hashAlgorithm) {
-            case 'rsa-sha1':
-                $this->hashHandler = hash_init('sha1');
-                break;
-        }
-        $this->bodyCanonLine = '';
-    }
-
-    /**
-     * @throws Swift_SwiftException
-     *
-     * @return string
-     */
-    private function getEncryptedHash()
-    {
-        $signature = '';
-        $pkeyId = openssl_get_privatekey($this->privateKey);
-        if (!$pkeyId) {
-            throw new Swift_SwiftException('Unable to load DomainKey Private Key ['.openssl_error_string().']');
-        }
-        if (openssl_sign($this->canonData, $signature, $pkeyId, OPENSSL_ALGO_SHA1)) {
-            return $signature;
-        }
-        throw new Swift_SwiftException('Unable to sign DomainKey Hash  ['.openssl_error_string().']');
-    }
+	/**
+	 * PrivateKey.
+	 *
+	 * @var string
+	 */
+	protected $privateKey;
+
+	/**
+	 * DomainName.
+	 *
+	 * @var string
+	 */
+	protected $domainName;
+
+	/**
+	 * Selector.
+	 *
+	 * @var string
+	 */
+	protected $selector;
+
+	/**
+	 * Hash algorithm used.
+	 *
+	 * @var string
+	 */
+	protected $hashAlgorithm = 'rsa-sha1';
+
+	/**
+	 * Canonisation method.
+	 *
+	 * @var string
+	 */
+	protected $canon = 'simple';
+
+	/**
+	 * Headers not being signed.
+	 *
+	 * @var array
+	 */
+	protected $ignoredHeaders = [];
+
+	/**
+	 * Signer identity.
+	 *
+	 * @var string
+	 */
+	protected $signerIdentity;
+
+	/**
+	 * Must we embed signed headers?
+	 *
+	 * @var bool
+	 */
+	protected $debugHeaders = false;
+
+	// work variables
+	/**
+	 * Headers used to generate hash.
+	 *
+	 * @var array
+	 */
+	private $signedHeaders = [];
+
+	/**
+	 * Stores the signature header.
+	 *
+	 * @var Swift_Mime_Headers_ParameterizedHeader
+	 */
+	protected $domainKeyHeader;
+
+	/**
+	 * Hash Handler.
+	 *
+	 * @var resource|null
+	 */
+	private $hashHandler;
+
+	private $canonData = '';
+
+	private $bodyCanonEmptyCounter = 0;
+
+	private $bodyCanonIgnoreStart = 2;
+
+	private $bodyCanonSpace = false;
+
+	private $bodyCanonLastChar = null;
+
+	private $bodyCanonLine = '';
+
+	private $bound = [];
+
+	/**
+	 * Constructor.
+	 *
+	 * @param string $privateKey
+	 * @param string $domainName
+	 * @param string $selector
+	 */
+	public function __construct($privateKey, $domainName, $selector)
+	{
+		$this->privateKey = $privateKey;
+		$this->domainName = $domainName;
+		$this->signerIdentity = '@'.$domainName;
+		$this->selector = $selector;
+	}
+
+	/**
+	 * Resets internal states.
+	 *
+	 * @return $this
+	 */
+	public function reset()
+	{
+		$this->hashHandler = null;
+		$this->bodyCanonIgnoreStart = 2;
+		$this->bodyCanonEmptyCounter = 0;
+		$this->bodyCanonLastChar = null;
+		$this->bodyCanonSpace = false;
+
+		return $this;
+	}
+
+	/**
+	 * Writes $bytes to the end of the stream.
+	 *
+	 * Writing may not happen immediately if the stream chooses to buffer.  If
+	 * you want to write these bytes with immediate effect, call {@link commit()}
+	 * after calling write().
+	 *
+	 * This method returns the sequence ID of the write (i.e. 1 for first, 2 for
+	 * second, etc etc).
+	 *
+	 * @param string $bytes
+	 *
+	 * @return int
+	 *
+	 * @throws Swift_IoException
+	 *
+	 * @return $this
+	 */
+	public function write($bytes)
+	{
+		$this->canonicalizeBody($bytes);
+		foreach ($this->bound as $is) {
+			$is->write($bytes);
+		}
+
+		return $this;
+	}
+
+	/**
+	 * For any bytes that are currently buffered inside the stream, force them
+	 * off the buffer.
+	 *
+	 * @throws Swift_IoException
+	 *
+	 * @return $this
+	 */
+	public function commit()
+	{
+		// Nothing to do
+		return $this;
+	}
+
+	/**
+	 * Attach $is to this stream.
+	 *
+	 * The stream acts as an observer, receiving all data that is written.
+	 * All {@link write()} and {@link flushBuffers()} operations will be mirrored.
+	 *
+	 * @return $this
+	 */
+	public function bind(Swift_InputByteStream $is)
+	{
+		// Don't have to mirror anything
+		$this->bound[] = $is;
+
+		return $this;
+	}
+
+	/**
+	 * Remove an already bound stream.
+	 *
+	 * If $is is not bound, no errors will be raised.
+	 * If the stream currently has any buffered data it will be written to $is
+	 * before unbinding occurs.
+	 *
+	 * @return $this
+	 */
+	public function unbind(Swift_InputByteStream $is)
+	{
+		// Don't have to mirror anything
+		foreach ($this->bound as $k => $stream) {
+			if ($stream === $is) {
+				unset($this->bound[$k]);
+
+				break;
+			}
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Flush the contents of the stream (empty it) and set the internal pointer
+	 * to the beginning.
+	 *
+	 * @throws Swift_IoException
+	 *
+	 * @return $this
+	 */
+	public function flushBuffers()
+	{
+		$this->reset();
+
+		return $this;
+	}
+
+	/**
+	 * Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1 defaults to rsa-sha256.
+	 *
+	 * @param string $hash
+	 *
+	 * @return $this
+	 */
+	public function setHashAlgorithm($hash)
+	{
+		$this->hashAlgorithm = 'rsa-sha1';
+
+		return $this;
+	}
+
+	/**
+	 * Set the canonicalization algorithm.
+	 *
+	 * @param string $canon simple | nofws defaults to simple
+	 *
+	 * @return $this
+	 */
+	public function setCanon($canon)
+	{
+		if ('nofws' == $canon) {
+			$this->canon = 'nofws';
+		} else {
+			$this->canon = 'simple';
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Set the signer identity.
+	 *
+	 * @param string $identity
+	 *
+	 * @return $this
+	 */
+	public function setSignerIdentity($identity)
+	{
+		$this->signerIdentity = $identity;
+
+		return $this;
+	}
+
+	/**
+	 * Enable / disable the DebugHeaders.
+	 *
+	 * @param bool $debug
+	 *
+	 * @return $this
+	 */
+	public function setDebugHeaders($debug)
+	{
+		$this->debugHeaders = (bool) $debug;
+
+		return $this;
+	}
+
+	/**
+	 * Start Body.
+	 */
+	public function startBody()
+	{
+	}
+
+	/**
+	 * End Body.
+	 */
+	public function endBody()
+	{
+		$this->endOfBody();
+	}
+
+	/**
+	 * Returns the list of Headers Tampered by this plugin.
+	 *
+	 * @return array
+	 */
+	public function getAlteredHeaders()
+	{
+		if ($this->debugHeaders) {
+			return ['DomainKey-Signature', 'X-DebugHash'];
+		}
+
+		return ['DomainKey-Signature'];
+	}
+
+	/**
+	 * Adds an ignored Header.
+	 *
+	 * @param string $header_name
+	 *
+	 * @return $this
+	 */
+	public function ignoreHeader($header_name)
+	{
+		$this->ignoredHeaders[strtolower($header_name ?? '')] = true;
+
+		return $this;
+	}
+
+	/**
+	 * Set the headers to sign.
+	 *
+	 * @return $this
+	 */
+	public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
+	{
+		$this->startHash();
+		$this->canonData = '';
+		// Loop through Headers
+		$listHeaders = $headers->listAll();
+		foreach ($listHeaders as $hName) {
+			// Check if we need to ignore Header
+			if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
+				if ($headers->has($hName)) {
+					$tmp = $headers->getAll($hName);
+					foreach ($tmp as $header) {
+						if ('' != $header->getFieldBody()) {
+							$this->addHeader($header->toString());
+							$this->signedHeaders[] = $header->getFieldName();
+						}
+					}
+				}
+			}
+		}
+		$this->endOfHeaders();
+
+		return $this;
+	}
+
+	/**
+	 * Add the signature to the given Headers.
+	 *
+	 * @return $this
+	 */
+	public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
+	{
+		// Prepare the DomainKey-Signature Header
+		$params = ['a' => $this->hashAlgorithm, 'b' => chunk_split(base64_encode($this->getEncryptedHash() ?? ''), 73, ' '), 'c' => $this->canon, 'd' => $this->domainName, 'h' => implode(': ', $this->signedHeaders), 'q' => 'dns', 's' => $this->selector];
+		$string = '';
+		foreach ($params as $k => $v) {
+			$string .= $k.'='.$v.'; ';
+		}
+		$string = trim($string);
+		$headers->addTextHeader('DomainKey-Signature', $string);
+
+		return $this;
+	}
+
+	/* Private helpers */
+
+	protected function addHeader($header)
+	{
+		switch ($this->canon) {
+			case 'nofws':
+				// Prepare Header and cascade
+				$exploded = explode(':', $header, 2);
+				$name = strtolower(trim($exploded[0]));
+				$value = str_replace("\r\n", '', $exploded[1]);
+				$value = preg_replace("/[ \t][ \t]+/", ' ', $value);
+				$header = $name.':'.trim($value)."\r\n";
+				// no break
+			case 'simple':
+				// Nothing to do
+		}
+		$this->addToHash($header);
+	}
+
+	protected function endOfHeaders()
+	{
+		$this->bodyCanonEmptyCounter = 1;
+	}
+
+	protected function canonicalizeBody($string)
+	{
+		$len = \strlen($string);
+		$canon = '';
+		$nofws = ('nofws' == $this->canon);
+		for ($i = 0; $i < $len; ++$i) {
+			if ($this->bodyCanonIgnoreStart > 0) {
+				--$this->bodyCanonIgnoreStart;
+				continue;
+			}
+			switch ($string[$i]) {
+				case "\r":
+					$this->bodyCanonLastChar = "\r";
+					break;
+				case "\n":
+					if ("\r" == $this->bodyCanonLastChar) {
+						if ($nofws) {
+							$this->bodyCanonSpace = false;
+						}
+						if ('' == $this->bodyCanonLine) {
+							++$this->bodyCanonEmptyCounter;
+						} else {
+							$this->bodyCanonLine = '';
+							$canon .= "\r\n";
+						}
+					} else {
+						// Wooops Error
+						throw new Swift_SwiftException('Invalid new line sequence in mail found \n without preceding \r');
+					}
+					break;
+				case ' ':
+				case "\t":
+				case "\x09": //HTAB
+					if ($nofws) {
+						$this->bodyCanonSpace = true;
+						break;
+					}
+					// no break
+				default:
+					if ($this->bodyCanonEmptyCounter > 0) {
+						$canon .= str_repeat("\r\n", $this->bodyCanonEmptyCounter);
+						$this->bodyCanonEmptyCounter = 0;
+					}
+					$this->bodyCanonLine .= $string[$i];
+					$canon .= $string[$i];
+			}
+		}
+		$this->addToHash($canon);
+	}
+
+	protected function endOfBody()
+	{
+		if (\strlen($this->bodyCanonLine) > 0) {
+			$this->addToHash("\r\n");
+		}
+	}
+
+	private function addToHash($string)
+	{
+		$this->canonData .= $string;
+		hash_update($this->hashHandler, $string);
+	}
+
+	private function startHash()
+	{
+		// Init
+		switch ($this->hashAlgorithm) {
+			case 'rsa-sha1':
+				$this->hashHandler = hash_init('sha1');
+				break;
+		}
+		$this->bodyCanonLine = '';
+	}
+
+	/**
+	 * @throws Swift_SwiftException
+	 *
+	 * @return string
+	 */
+	private function getEncryptedHash()
+	{
+		$signature = '';
+		$pkeyId = openssl_get_privatekey($this->privateKey);
+		if (!$pkeyId) {
+			throw new Swift_SwiftException('Unable to load DomainKey Private Key ['.openssl_error_string().']');
+		}
+		if (openssl_sign($this->canonData, $signature, $pkeyId, OPENSSL_ALGO_SHA1)) {
+			return $signature;
+		}
+		throw new Swift_SwiftException('Unable to sign DomainKey Hash  ['.openssl_error_string().']');
+	}
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/Signers/BodySigner.php 1 patch

Indentation +12 added lines, -12 removed lines patch added patch discarded remove patch

@@ -15,17 +15,17 @@
 block discarded – undo
  */
 interface Swift_Signers_BodySigner extends Swift_Signer
 {
-    /**
-     * Change the Swift_Signed_Message to apply the singing.
-     *
-     * @return self
-     */
-    public function signMessage(Swift_Message $message);
+	/**
+	 * Change the Swift_Signed_Message to apply the singing.
+	 *
+	 * @return self
+	 */
+	public function signMessage(Swift_Message $message);
 
-    /**
-     * Return the list of header a signer might tamper.
-     *
-     * @return array
-     */
-    public function getAlteredHeaders();
+	/**
+	 * Return the list of header a signer might tamper.
+	 *
+	 * @return array
+	 */
+	public function getAlteredHeaders();
 }

Please login to merge, or discard this patch.

htdocs/includes/swiftmailer/lib/classes/Swift/Signers/HeaderSigner.php 1 patch

Indentation +38 added lines, -38 removed lines patch added patch discarded remove patch

@@ -15,47 +15,47 @@
 block discarded – undo
  */
 interface Swift_Signers_HeaderSigner extends Swift_Signer, Swift_InputByteStream
 {
-    /**
-     * Exclude an header from the signed headers.
-     *
-     * @param string $header_name
-     *
-     * @return self
-     */
-    public function ignoreHeader($header_name);
+	/**
+	 * Exclude an header from the signed headers.
+	 *
+	 * @param string $header_name
+	 *
+	 * @return self
+	 */
+	public function ignoreHeader($header_name);
 
-    /**
-     * Prepare the Signer to get a new Body.
-     *
-     * @return self
-     */
-    public function startBody();
+	/**
+	 * Prepare the Signer to get a new Body.
+	 *
+	 * @return self
+	 */
+	public function startBody();
 
-    /**
-     * Give the signal that the body has finished streaming.
-     *
-     * @return self
-     */
-    public function endBody();
+	/**
+	 * Give the signal that the body has finished streaming.
+	 *
+	 * @return self
+	 */
+	public function endBody();
 
-    /**
-     * Give the headers already given.
-     *
-     * @return self
-     */
-    public function setHeaders(Swift_Mime_SimpleHeaderSet $headers);
+	/**
+	 * Give the headers already given.
+	 *
+	 * @return self
+	 */
+	public function setHeaders(Swift_Mime_SimpleHeaderSet $headers);
 
-    /**
-     * Add the header(s) to the headerSet.
-     *
-     * @return self
-     */
-    public function addSignature(Swift_Mime_SimpleHeaderSet $headers);
+	/**
+	 * Add the header(s) to the headerSet.
+	 *
+	 * @return self
+	 */
+	public function addSignature(Swift_Mime_SimpleHeaderSet $headers);
 
-    /**
-     * Return the list of header a signer might tamper.
-     *
-     * @return array
-     */
-    public function getAlteredHeaders();
+	/**
+	 * Return the list of header a signer might tamper.
+	 *
+	 * @return array
+	 */
+	public function getAlteredHeaders();
 }

Please login to merge, or discard this patch.

		@@ -19,69 +19,69 @@
		block discarded – undo
19	19	*/
20	20	interface Swift_CharacterStream
21	21	{
22		- /**
23		- * Set the character set used in this CharacterStream.
24		- *
25		- * @param string $charset
26		- */
27		- public function setCharacterSet($charset);
	22	+ /**
	23	+ * Set the character set used in this CharacterStream.
	24	+ *
	25	+ * @param string $charset
	26	+ */
	27	+ public function setCharacterSet($charset);
28	28
29		- /**
30		- * Set the CharacterReaderFactory for multi charset support.
31		- */
32		- public function setCharacterReaderFactory(Swift_CharacterReaderFactory $factory);
	29	+ /**
	30	+ * Set the CharacterReaderFactory for multi charset support.
	31	+ */
	32	+ public function setCharacterReaderFactory(Swift_CharacterReaderFactory $factory);
33	33
34		- /**
35		- * Overwrite this character stream using the byte sequence in the byte stream.
36		- *
37		- * @param Swift_OutputByteStream $os output stream to read from
38		- */
39		- public function importByteStream(Swift_OutputByteStream $os);
	34	+ /**
	35	+ * Overwrite this character stream using the byte sequence in the byte stream.
	36	+ *
	37	+ * @param Swift_OutputByteStream $os output stream to read from
	38	+ */
	39	+ public function importByteStream(Swift_OutputByteStream $os);
40	40
41		- /**
42		- * Import a string a bytes into this CharacterStream, overwriting any existing
43		- * data in the stream.
44		- *
45		- * @param string $string
46		- */
47		- public function importString($string);
	41	+ /**
	42	+ * Import a string a bytes into this CharacterStream, overwriting any existing
	43	+ * data in the stream.
	44	+ *
	45	+ * @param string $string
	46	+ */
	47	+ public function importString($string);
48	48
49		- /**
50		- * Read $length characters from the stream and move the internal pointer
51		- * $length further into the stream.
52		- *
53		- * @param int $length
54		- *
55		- * @return string
56		- */
57		- public function read($length);
	49	+ /**
	50	+ * Read $length characters from the stream and move the internal pointer
	51	+ * $length further into the stream.
	52	+ *
	53	+ * @param int $length
	54	+ *
	55	+ * @return string
	56	+ */
	57	+ public function read($length);
58	58
59		- /**
60		- * Read $length characters from the stream and return a 1-dimensional array
61		- * containing there octet values.
62		- *
63		- * @param int $length
64		- *
65		- * @return int[]
66		- */
67		- public function readBytes($length);
	59	+ /**
	60	+ * Read $length characters from the stream and return a 1-dimensional array
	61	+ * containing there octet values.
	62	+ *
	63	+ * @param int $length
	64	+ *
	65	+ * @return int[]
	66	+ */
	67	+ public function readBytes($length);
68	68
69		- /**
70		- * Write $chars to the end of the stream.
71		- *
72		- * @param string $chars
73		- */
74		- public function write($chars);
	69	+ /**
	70	+ * Write $chars to the end of the stream.
	71	+ *
	72	+ * @param string $chars
	73	+ */
	74	+ public function write($chars);
75	75
76		- /**
77		- * Move the internal pointer to $charOffset in the stream.
78		- *
79		- * @param int $charOffset
80		- */
81		- public function setPointer($charOffset);
	76	+ /**
	77	+ * Move the internal pointer to $charOffset in the stream.
	78	+ *
	79	+ * @param int $charOffset
	80	+ */
	81	+ public function setPointer($charOffset);
82	82
83		- /**
84		- * Empty the stream and reset the internal pointer.
85		- */
86		- public function flushContents();
	83	+ /**
	84	+ * Empty the stream and reset the internal pointer.
	85	+ */
	86	+ public function flushContents();
87	87	}

		@@ -15,14 +15,14 @@
		block discarded – undo
15	15	*/
16	16	class Swift_TransportException extends Swift_IoException
17	17	{
18		- /**
19		- * Create a new TransportException with $message.
20		- *
21		- * @param string $message
22		- * @param int $code
23		- */
24		- public function __construct($message, $code = 0, Exception $previous = null)
25		- {
26		- parent::__construct($message, $code, $previous);
27		- }
	18	+ /**
	19	+ * Create a new TransportException with $message.
	20	+ *
	21	+ * @param string $message
	22	+ * @param int $code
	23	+ */
	24	+ public function __construct($message, $code = 0, Exception $previous = null)
	25	+ {
	26	+ parent::__construct($message, $code, $previous);
	27	+ }
28	28	}

		@@ -15,29 +15,29 @@
		block discarded – undo
15	15	*/
16	16	class Swift_Image extends Swift_EmbeddedFile
17	17	{
18		- /**
19		- * Create a new EmbeddedFile.
20		- *
21		- * Details may be optionally provided to the constructor.
22		- *
23		- * @param string\|Swift_OutputByteStream $data
24		- * @param string $filename
25		- * @param string $contentType
26		- */
27		- public function __construct($data = null, $filename = null, $contentType = null)
28		- {
29		- parent::__construct($data, $filename, $contentType);
30		- }
	18	+ /**
	19	+ * Create a new EmbeddedFile.
	20	+ *
	21	+ * Details may be optionally provided to the constructor.
	22	+ *
	23	+ * @param string\|Swift_OutputByteStream $data
	24	+ * @param string $filename
	25	+ * @param string $contentType
	26	+ */
	27	+ public function __construct($data = null, $filename = null, $contentType = null)
	28	+ {
	29	+ parent::__construct($data, $filename, $contentType);
	30	+ }
31	31
32		- /**
33		- * Create a new Image from a filesystem path.
34		- *
35		- * @param string $path
36		- *
37		- * @return self
38		- */
39		- public static function fromPath($path)
40		- {
41		- return (new self())->setFile(new Swift_ByteStream_FileByteStream($path));
42		- }
	32	+ /**
	33	+ * Create a new Image from a filesystem path.
	34	+ *
	35	+ * @param string $path
	36	+ *
	37	+ * @return self
	38	+ */
	39	+ public static function fromPath($path)
	40	+ {
	41	+ return (new self())->setFile(new Swift_ByteStream_FileByteStream($path));
	42	+ }
43	43	}

		@@ -18,166 +18,166 @@
		block discarded – undo
18	18	*/
19	19	class Swift_Signers_OpenDKIMSigner extends Swift_Signers_DKIMSigner
20	20	{
21		- private $peclLoaded = false;
22		-
23		- private $dkimHandler = null;
24		-
25		- private $dropFirstLF = true;
26		-
27		- const CANON_RELAXED = 1;
28		- const CANON_SIMPLE = 2;
29		- const SIG_RSA_SHA1 = 3;
30		- const SIG_RSA_SHA256 = 4;
31		-
32		- public function __construct($privateKey, $domainName, $selector)
33		- {
34		- if (!\extension_loaded('opendkim')) {
35		- throw new Swift_SwiftException('php-opendkim extension not found');
36		- }
37		-
38		- $this->peclLoaded = true;
39		-
40		- parent::__construct($privateKey, $domainName, $selector);
41		- }
42		-
43		- public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
44		- {
45		- $header = new Swift_Mime_Headers_OpenDKIMHeader('DKIM-Signature');
46		- $headerVal = $this->dkimHandler->getSignatureHeader();
47		- if (false === $headerVal \|\| \is_int($headerVal)) {
48		- throw new Swift_SwiftException('OpenDKIM Error: '.$this->dkimHandler->getError());
49		- }
50		- $header->setValue($headerVal);
51		- $headers->set($header);
52		-
53		- return $this;
54		- }
55		-
56		- public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
57		- {
58		- $hash = 'rsa-sha1' == $this->hashAlgorithm ? OpenDKIMSign::ALG_RSASHA1 : OpenDKIMSign::ALG_RSASHA256;
59		- $bodyCanon = 'simple' == $this->bodyCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
60		- $headerCanon = 'simple' == $this->headerCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
61		- $this->dkimHandler = new OpenDKIMSign($this->privateKey, $this->selector, $this->domainName, $headerCanon, $bodyCanon, $hash, -1);
62		- // Hardcode signature Margin for now
63		- $this->dkimHandler->setMargin(78);
64		-
65		- if (!is_numeric($this->signatureTimestamp)) {
66		- OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, time());
67		- } else {
68		- if (!OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, $this->signatureTimestamp)) {
69		- throw new Swift_SwiftException('Unable to force signature timestamp ['.openssl_error_string().']');
70		- }
71		- }
72		- if (isset($this->signerIdentity)) {
73		- $this->dkimHandler->setSigner($this->signerIdentity);
74		- }
75		- $listHeaders = $headers->listAll();
76		- foreach ($listHeaders as $hName) {
77		- // Check if we need to ignore Header
78		- if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
79		- $tmp = $headers->getAll($hName);
80		- if ($headers->has($hName)) {
81		- foreach ($tmp as $header) {
82		- if ('' != $header->getFieldBody()) {
83		- $htosign = $header->toString();
84		- $this->dkimHandler->header($htosign);
85		- $this->signedHeaders[] = $header->getFieldName();
86		- }
87		- }
88		- }
89		- }
90		- }
91		-
92		- return $this;
93		- }
94		-
95		- public function startBody()
96		- {
97		- if (!$this->peclLoaded) {
98		- return parent::startBody();
99		- }
100		- $this->dropFirstLF = true;
101		- $this->dkimHandler->eoh();
102		-
103		- return $this;
104		- }
105		-
106		- public function endBody()
107		- {
108		- if (!$this->peclLoaded) {
109		- return parent::endBody();
110		- }
111		- $this->dkimHandler->eom();
112		-
113		- return $this;
114		- }
115		-
116		- public function reset()
117		- {
118		- $this->dkimHandler = null;
119		- parent::reset();
120		-
121		- return $this;
122		- }
123		-
124		- /**
125		- * Set the signature timestamp.
126		- *
127		- * @param int $time
128		- *
129		- * @return $this
130		- */
131		- public function setSignatureTimestamp($time)
132		- {
133		- $this->signatureTimestamp = $time;
134		-
135		- return $this;
136		- }
137		-
138		- /**
139		- * Set the signature expiration timestamp.
140		- *
141		- * @param int $time
142		- *
143		- * @return $this
144		- */
145		- public function setSignatureExpiration($time)
146		- {
147		- $this->signatureExpiration = $time;
148		-
149		- return $this;
150		- }
151		-
152		- /**
153		- * Enable / disable the DebugHeaders.
154		- *
155		- * @param bool $debug
156		- *
157		- * @return $this
158		- */
159		- public function setDebugHeaders($debug)
160		- {
161		- $this->debugHeaders = (bool) $debug;
162		-
163		- return $this;
164		- }
165		-
166		- // Protected
167		-
168		- protected function canonicalizeBody($string)
169		- {
170		- if (!$this->peclLoaded) {
171		- return parent::canonicalizeBody($string);
172		- }
173		- if (true === $this->dropFirstLF) {
174		- if ("\r" == $string[0] && "\n" == $string[1]) {
175		- $string = substr($string, 2);
176		- }
177		- }
178		- $this->dropFirstLF = false;
179		- if (\strlen($string)) {
180		- $this->dkimHandler->body($string);
181		- }
182		- }
	21	+ private $peclLoaded = false;
	22	+
	23	+ private $dkimHandler = null;
	24	+
	25	+ private $dropFirstLF = true;
	26	+
	27	+ const CANON_RELAXED = 1;
	28	+ const CANON_SIMPLE = 2;
	29	+ const SIG_RSA_SHA1 = 3;
	30	+ const SIG_RSA_SHA256 = 4;
	31	+
	32	+ public function __construct($privateKey, $domainName, $selector)
	33	+ {
	34	+ if (!\extension_loaded('opendkim')) {
	35	+ throw new Swift_SwiftException('php-opendkim extension not found');
	36	+ }
	37	+
	38	+ $this->peclLoaded = true;
	39	+
	40	+ parent::__construct($privateKey, $domainName, $selector);
	41	+ }
	42	+
	43	+ public function addSignature(Swift_Mime_SimpleHeaderSet $headers)
	44	+ {
	45	+ $header = new Swift_Mime_Headers_OpenDKIMHeader('DKIM-Signature');
	46	+ $headerVal = $this->dkimHandler->getSignatureHeader();
	47	+ if (false === $headerVal \|\| \is_int($headerVal)) {
	48	+ throw new Swift_SwiftException('OpenDKIM Error: '.$this->dkimHandler->getError());
	49	+ }
	50	+ $header->setValue($headerVal);
	51	+ $headers->set($header);
	52	+
	53	+ return $this;
	54	+ }
	55	+
	56	+ public function setHeaders(Swift_Mime_SimpleHeaderSet $headers)
	57	+ {
	58	+ $hash = 'rsa-sha1' == $this->hashAlgorithm ? OpenDKIMSign::ALG_RSASHA1 : OpenDKIMSign::ALG_RSASHA256;
	59	+ $bodyCanon = 'simple' == $this->bodyCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
	60	+ $headerCanon = 'simple' == $this->headerCanon ? OpenDKIMSign::CANON_SIMPLE : OpenDKIMSign::CANON_RELAXED;
	61	+ $this->dkimHandler = new OpenDKIMSign($this->privateKey, $this->selector, $this->domainName, $headerCanon, $bodyCanon, $hash, -1);
	62	+ // Hardcode signature Margin for now
	63	+ $this->dkimHandler->setMargin(78);
	64	+
	65	+ if (!is_numeric($this->signatureTimestamp)) {
	66	+ OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, time());
	67	+ } else {
	68	+ if (!OpenDKIM::setOption(OpenDKIM::OPTS_FIXEDTIME, $this->signatureTimestamp)) {
	69	+ throw new Swift_SwiftException('Unable to force signature timestamp ['.openssl_error_string().']');
	70	+ }
	71	+ }
	72	+ if (isset($this->signerIdentity)) {
	73	+ $this->dkimHandler->setSigner($this->signerIdentity);
	74	+ }
	75	+ $listHeaders = $headers->listAll();
	76	+ foreach ($listHeaders as $hName) {
	77	+ // Check if we need to ignore Header
	78	+ if (!isset($this->ignoredHeaders[strtolower($hName ?? '')])) {
	79	+ $tmp = $headers->getAll($hName);
	80	+ if ($headers->has($hName)) {
	81	+ foreach ($tmp as $header) {
	82	+ if ('' != $header->getFieldBody()) {
	83	+ $htosign = $header->toString();
	84	+ $this->dkimHandler->header($htosign);
	85	+ $this->signedHeaders[] = $header->getFieldName();
	86	+ }
	87	+ }
	88	+ }
	89	+ }
	90	+ }
	91	+
	92	+ return $this;
	93	+ }
	94	+
	95	+ public function startBody()
	96	+ {
	97	+ if (!$this->peclLoaded) {
	98	+ return parent::startBody();
	99	+ }
	100	+ $this->dropFirstLF = true;
	101	+ $this->dkimHandler->eoh();
	102	+
	103	+ return $this;
	104	+ }
	105	+
	106	+ public function endBody()
	107	+ {
	108	+ if (!$this->peclLoaded) {
	109	+ return parent::endBody();
	110	+ }
	111	+ $this->dkimHandler->eom();
	112	+
	113	+ return $this;
	114	+ }
	115	+
	116	+ public function reset()
	117	+ {
	118	+ $this->dkimHandler = null;
	119	+ parent::reset();
	120	+
	121	+ return $this;
	122	+ }
	123	+
	124	+ /**
	125	+ * Set the signature timestamp.
	126	+ *
	127	+ * @param int $time
	128	+ *
	129	+ * @return $this
	130	+ */
	131	+ public function setSignatureTimestamp($time)
	132	+ {
	133	+ $this->signatureTimestamp = $time;
	134	+
	135	+ return $this;
	136	+ }
	137	+
	138	+ /**
	139	+ * Set the signature expiration timestamp.
	140	+ *
	141	+ * @param int $time
	142	+ *
	143	+ * @return $this
	144	+ */
	145	+ public function setSignatureExpiration($time)
	146	+ {
	147	+ $this->signatureExpiration = $time;
	148	+
	149	+ return $this;
	150	+ }
	151	+
	152	+ /**
	153	+ * Enable / disable the DebugHeaders.
	154	+ *
	155	+ * @param bool $debug
	156	+ *
	157	+ * @return $this
	158	+ */
	159	+ public function setDebugHeaders($debug)
	160	+ {
	161	+ $this->debugHeaders = (bool) $debug;
	162	+
	163	+ return $this;
	164	+ }
	165	+
	166	+ // Protected
	167	+
	168	+ protected function canonicalizeBody($string)
	169	+ {
	170	+ if (!$this->peclLoaded) {
	171	+ return parent::canonicalizeBody($string);
	172	+ }
	173	+ if (true === $this->dropFirstLF) {
	174	+ if ("\r" == $string[0] && "\n" == $string[1]) {
	175	+ $string = substr($string, 2);
	176	+ }
	177	+ }
	178	+ $this->dropFirstLF = false;
	179	+ if (\strlen($string)) {
	180	+ $this->dkimHandler->body($string);
	181	+ }
	182	+ }
183	183	}

		@@ -15,17 +15,17 @@
		block discarded – undo
15	15	*/
16	16	interface Swift_Signers_BodySigner extends Swift_Signer
17	17	{
18		- /**
19		- * Change the Swift_Signed_Message to apply the singing.
20		- *
21		- * @return self
22		- */
23		- public function signMessage(Swift_Message $message);
	18	+ /**
	19	+ * Change the Swift_Signed_Message to apply the singing.
	20	+ *
	21	+ * @return self
	22	+ */
	23	+ public function signMessage(Swift_Message $message);
24	24
25		- /**
26		- * Return the list of header a signer might tamper.
27		- *
28		- * @return array
29		- */
30		- public function getAlteredHeaders();
	25	+ /**
	26	+ * Return the list of header a signer might tamper.
	27	+ *
	28	+ * @return array
	29	+ */
	30	+ public function getAlteredHeaders();
31	31	}

		@@ -15,47 +15,47 @@
		block discarded – undo
15	15	*/
16	16	interface Swift_Signers_HeaderSigner extends Swift_Signer, Swift_InputByteStream
17	17	{
18		- /**
19		- * Exclude an header from the signed headers.
20		- *
21		- * @param string $header_name
22		- *
23		- * @return self
24		- */
25		- public function ignoreHeader($header_name);
	18	+ /**
	19	+ * Exclude an header from the signed headers.
	20	+ *
	21	+ * @param string $header_name
	22	+ *
	23	+ * @return self
	24	+ */
	25	+ public function ignoreHeader($header_name);
26	26
27		- /**
28		- * Prepare the Signer to get a new Body.
29		- *
30		- * @return self
31		- */
32		- public function startBody();
	27	+ /**
	28	+ * Prepare the Signer to get a new Body.
	29	+ *
	30	+ * @return self
	31	+ */
	32	+ public function startBody();
33	33
34		- /**
35		- * Give the signal that the body has finished streaming.
36		- *
37		- * @return self
38		- */
39		- public function endBody();
	34	+ /**
	35	+ * Give the signal that the body has finished streaming.
	36	+ *
	37	+ * @return self
	38	+ */
	39	+ public function endBody();
40	40
41		- /**
42		- * Give the headers already given.
43		- *
44		- * @return self
45		- */
46		- public function setHeaders(Swift_Mime_SimpleHeaderSet $headers);
	41	+ /**
	42	+ * Give the headers already given.
	43	+ *
	44	+ * @return self
	45	+ */
	46	+ public function setHeaders(Swift_Mime_SimpleHeaderSet $headers);
47	47
48		- /**
49		- * Add the header(s) to the headerSet.
50		- *
51		- * @return self
52		- */
53		- public function addSignature(Swift_Mime_SimpleHeaderSet $headers);
	48	+ /**
	49	+ * Add the header(s) to the headerSet.
	50	+ *
	51	+ * @return self
	52	+ */
	53	+ public function addSignature(Swift_Mime_SimpleHeaderSet $headers);
54	54
55		- /**
56		- * Return the list of header a signer might tamper.
57		- *
58		- * @return array
59		- */
60		- public function getAlteredHeaders();
	55	+ /**
	56	+ * Return the list of header a signer might tamper.
	57	+ *
	58	+ * @return array
	59	+ */
	60	+ public function getAlteredHeaders();
61	61	}

Dolibarr / dolibarr

Branch — develop (aa6d31)

Status

Category

Indentation +57 added lines, -57 removed lines patch added patch discarded remove patch

Indentation +10 added lines, -10 removed lines patch added patch discarded remove patch

Indentation +24 added lines, -24 removed lines patch added patch discarded remove patch

Indentation +522 added lines, -522 removed lines patch added patch discarded remove patch

Indentation +664 added lines, -664 removed lines patch added patch discarded remove patch

Indentation +162 added lines, -162 removed lines patch added patch discarded remove patch

Indentation +486 added lines, -486 removed lines patch added patch discarded remove patch

Indentation +12 added lines, -12 removed lines patch added patch discarded remove patch

Indentation +38 added lines, -38 removed lines patch added patch discarded remove patch