mirror of
https://github.com/the-djmaze/snappymail.git
synced 2025-02-24 23:08:08 +08:00
Use SensitiveString at more places
This commit is contained in:
the-djmaze
parent
a473e5e223
commit
d5d47ffed1
3 changed files with 39 additions and 27 deletions
|
|
@ -3,6 +3,7 @@
|
|||
namespace RainLoop\Model;
|
||||
|
||||
use MailSo\Base\Utils;
|
||||
use SnappyMail\SensitiveString;
|
||||
|
||||
class Identity implements \JsonSerializable
|
||||
{
|
||||
|
|
@ -27,8 +28,8 @@ class Identity implements \JsonSerializable
|
|||
private bool $pgpEncrypt = false;
|
||||
private bool $pgpSign = false;
|
||||
|
||||
private string $SMimeKey = '';
|
||||
private string $SMimeCertificate = '';
|
||||
private ?SensitiveString $smimeKey = null;
|
||||
private string $smimeCertificate = '';
|
||||
|
||||
function __construct(string $sId = '', string $sEmail = '')
|
||||
{
|
||||
|
|
@ -100,8 +101,8 @@ class Identity implements \JsonSerializable
|
|||
$this->sSentFolder = isset($aData['sentFolder']) ? $aData['sentFolder'] : '';
|
||||
$this->pgpEncrypt = !empty($aData['pgpEncrypt']);
|
||||
$this->pgpSign = !empty($aData['pgpSign']);
|
||||
$this->SMimeKey = isset($aData['smimeKey']) ? $aData['smimeKey'] : '';
|
||||
$this->SMimeCertificate = isset($aData['smimeCertificate']) ? $aData['smimeCertificate'] : '';
|
||||
$this->smimeKey = new SensitiveString(isset($aData['smimeKey']) ? $aData['smimeKey'] : '');
|
||||
$this->smimeCertificate = isset($aData['smimeCertificate']) ? $aData['smimeCertificate'] : '';
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -123,8 +124,8 @@ class Identity implements \JsonSerializable
|
|||
'sentFolder' => $this->sSentFolder,
|
||||
'pgpEncrypt' => $this->pgpEncrypt,
|
||||
'pgpSign' => $this->pgpSign,
|
||||
'smimeKey' => $this->SMimeKey,
|
||||
'smimeCertificate' => $this->SMimeCertificate
|
||||
'smimeKey' => (string) $this->smimeKey,
|
||||
'smimeCertificate' => $this->smimeCertificate
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -144,8 +145,8 @@ class Identity implements \JsonSerializable
|
|||
'sentFolder' => $this->sSentFolder,
|
||||
'pgpEncrypt' => $this->pgpEncrypt,
|
||||
'pgpSign' => $this->pgpSign,
|
||||
'smimeKey' => $this->SMimeKey,
|
||||
'smimeCertificate' => $this->SMimeCertificate
|
||||
'smimeKey' => (string) $this->smimeKey,
|
||||
'smimeCertificate' => $this->smimeCertificate
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,51 +5,62 @@ namespace RainLoop\Model;
|
|||
use RainLoop\Utils;
|
||||
use RainLoop\Exceptions\ClientException;
|
||||
use RainLoop\Providers\Storage\Enumerations\StorageType;
|
||||
use SnappyMail\SensitiveString;
|
||||
|
||||
class MainAccount extends Account
|
||||
{
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private string $sCryptKey = '';
|
||||
private ?SensitiveString $sCryptKey = null;
|
||||
/*
|
||||
public function resealCryptKey(string $sOldPass, string $sNewPass) : string
|
||||
public function resealCryptKey(
|
||||
#[\SensitiveParameter]
|
||||
string $sOldPass,
|
||||
#[\SensitiveParameter]
|
||||
string $sNewPass
|
||||
) : bool
|
||||
{
|
||||
$oStorage = \RainLoop\Api::Actions()->StorageProvider();
|
||||
$sKey = $oStorage->Get($this, StorageType::ROOT, 'cryptkey');
|
||||
$sKey = $oStorage->Get($this, StorageType::ROOT, '.cryptkey');
|
||||
if ($sKey) {
|
||||
$sKey = \SnappyMail\Crypt::DecryptUrlSafe($sKey, $sOldPass);
|
||||
$sKey = \SnappyMail\Crypt::EncryptUrlSafe($sKey, $sNewPass);
|
||||
$oStorage->Put($this, StorageType::ROOT, 'cryptkey', $sKey);
|
||||
$sKey = \SnappyMail\Crypt::DecryptUrlSafe($sKey, $sNewPass);
|
||||
$this->SetCryptKey($sKey);
|
||||
if ($sKey) {
|
||||
$sKey = \SnappyMail\Crypt::EncryptUrlSafe($sKey, $sNewPass);
|
||||
if ($sKey) {
|
||||
$oStorage->Put($this, StorageType::ROOT, '.cryptkey', $sKey);
|
||||
$sKey = \SnappyMail\Crypt::DecryptUrlSafe($sKey, $sNewPass);
|
||||
$this->SetCryptKey($sKey);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
*/
|
||||
public function CryptKey() : string
|
||||
{
|
||||
if (!$this->sCryptKey) {
|
||||
$sKey = \sha1($this->IncPassword() . APP_SALT, true);
|
||||
/*
|
||||
// Seal the cryptkey so that people who change their login password
|
||||
// can use the old password to re-seal the cryptkey
|
||||
$oStorage = \RainLoop\Api::Actions()->StorageProvider();
|
||||
$sKey = $oStorage->Get($this, StorageType::ROOT, 'cryptkey');
|
||||
$sKey = $oStorage->Get($this, StorageType::ROOT, '.cryptkey');
|
||||
if (!$sKey) {
|
||||
$sKey = $this->IncPassword();
|
||||
// $sKey = \random_bytes(32);
|
||||
$sKey = \sha1($this->IncPassword() . APP_SALT, true);
|
||||
$sKey = \SnappyMail\Crypt::EncryptUrlSafe($sKey, $this->IncPassword());
|
||||
$oStorage->Put($this, StorageType::ROOT, 'cryptkey', $sKey);
|
||||
$oStorage->Put($this, StorageType::ROOT, '.cryptkey', $sKey);
|
||||
}
|
||||
$sKey = \SnappyMail\Crypt::DecryptUrlSafe($sKey, $this->IncPassword());
|
||||
$this->SetCryptKey($sKey);
|
||||
*/
|
||||
$this->SetCryptKey($this->IncPassword());
|
||||
$this->SetCryptKey($sKey);
|
||||
}
|
||||
return $this->sCryptKey;
|
||||
}
|
||||
|
||||
public function SetCryptKey(string $sKey) : void
|
||||
public function SetCryptKey(
|
||||
#[\SensitiveParameter]
|
||||
string $sKey
|
||||
) : void
|
||||
{
|
||||
$this->sCryptKey = \sha1($sKey . APP_SALT, true);
|
||||
$this->sCryptKey = new SensitiveString($sKey);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ class Backup
|
|||
$key = \SnappyMail\Crypt::Encrypt($key, $hash);
|
||||
$key[1] = \base64_encode($key[1]);
|
||||
$key[2] = \base64_encode($key[2]);
|
||||
$key[] = \hash_hmac('sha1', $key[2], $hash);
|
||||
$key[3] = \hash_hmac('sha1', $key[2], $hash);
|
||||
return !!\file_put_contents("{$dir}{$keyId}.key", \json_encode($key));
|
||||
}
|
||||
if (\str_contains($key, 'PGP PUBLIC KEY')) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue