releasing/cbrtools/perl/Crypt/GPG.pm
author marvin shi <marvin.shi@nokia.com>
Wed, 17 Nov 2010 14:41:23 +0800
changeset 692 1dfff72f0961
parent 602 3145852acc89
permissions -rw-r--r--
fix ou1cimx1#651819

# Copyright (c) 2000-2009 Nokia Corporation and/or its subsidiary(-ies).
# All rights reserved.
# This component and the accompanying materials are made available
# under the terms of the License "Eclipse Public License v1.0"
# which accompanies this distribution, and is available
# at the URL "http://www.eclipse.org/legal/epl-v10.html".
# 
# Initial Contributors:
# Nokia Corporation - initial contribution.
# 
# Contributors:
# 
# Description:
# 
#
# Description:
# Crypt::GPG.pm
#

package Crypt::GPG;

use strict;
use File::Basename;
use IPC::Open2;
use IO::Handle;

use Crypt;
use vars qw(@ISA);
@ISA=("Crypt");

# Overidden methods from Crypt.pm

sub Initialize {
  my $self = shift;

  #check to see if the pgp executable exists
  grep {-x "$_/gpg.exe"} split /;/, $ENV{PATH}
    or die "Error: The PGP executable \"gpg.exe\" does not exist in users path\n";

  #call super class method
  $self->SUPER::Initialize();

  #check for existence of keyrings and keys
  $self->CheckKeyRings();
}

#
# Implemented abstract methods from Crypt.pm
#

sub DoEncrypt {
  my $self = shift;
  my $plainText = shift;
  my $cipherText = shift;
  my @recipientKeys = @{$_[0]};

  $self->CheckKeyRings();

  #build options list
  my @options = qw(--batch --no-tty --yes --always-trust);
  push @options, '--status-fd 1';
  push @options, '-o '.$self->Quoted($cipherText);
  if ($self->DefaultPath()) {
    push @options, '--homedir '.$self->Quoted($self->DefaultPath());
  }
  foreach my $key (@recipientKeys) {
    if ($key =~ /^0x([0-9a-fA-F]{8})$/i) {
      push @options, '-r '.$1;
    }
  }
  my @command = '-e '.$self->Quoted($plainText);

  # Do encryption. This occasionally fails due to GPG failing to read
  # the random_seed file when we get a return value of 2. Until we get
  # a later version of gpg checked as compatible, just retry if this happens.
  my $retries = 2;
  my $retval;
  do {
      my $cmd = "gpg @options @command";
      print "Executing command: $cmd\n" if $self->{verbose} > 1;
      open GPG, "$cmd 2>&1 |" or die "Error: Encrypt command failed.\n";
      my $error;
      while (my $line = <GPG>) {
        if ($self->{verbose} > 1) {
          print "\t$line";
        }
      }
      close GPG;
      $retval = $? >> 8;
      $retries = 0 unless( $retval == 2 );  # Only retry if retval is 2.
      if( $retval ) {
        print "WARNING: GPG failure. Error code $retval. ";
        print "Retrying GPG..." if( $retries > 0 );
        print "\n";
      }
  } while( $retries-- > 0 );
  die "ERROR: GPG returned error code $retval.\n" if ($retval > 0);
}

sub DoDecrypt {
  my $self = shift;
  my $cipherText = shift;
  my $plainText = shift;
  my $passPhrase = shift;

  $self->CheckKeyRings();

  #build options list
  my @options = qw(--batch);
  push @options, '--status-fd 1';
  push @options, '--passphrase-fd 0';
  push @options, '-o '.$self->Quoted($plainText);
  if ($self->DefaultPath()) {
    push @options, '--homedir '.$self->Quoted($self->DefaultPath());
  }
  my @command = '-d '.$self->Quoted($cipherText);

  #do decryption reading passphrase from STDIN writing output to log file
  my $gpgOutput = '/gpg_output.log';
  my $cmd = "gpg @options @command";

  # retry 100 times of GPG and opening GPG output
  my $retries = 100;
  while ($retries > 0) {
    print "Executing command: $cmd\n" if $self->{verbose} > 1;
    if (open GPGIN, "| $cmd 2>NUL 1> $gpgOutput") {
      print GPGIN "$passPhrase\n";
      while (my $line  = <GPGIN>) {
      }
      close GPGIN;
	  
      #open output of gpg command from file for parsing
      if (open GPGOUT, "$gpgOutput") {
        #open output of gpg successfully, then jump out and go ahead
        last;
      }
      else {
        print "Warning: Cannot open gpg output file, $!\n";
      }
    }
    else {
      print "Warning: Error: Decrypt command failed, $!\n";
    }
    $retries--;

    # sleep 10 seconds for next try
    sleep(10);
  }
  die "Error: Cannot create or open output log file for $cipherText.\n" if ($retries<=0);
  
  my $badPassPhrase =0;
  my %enc_to;
  my %no_seckey;
  my $keyTally = 0;
  my $useKeyTally = 0; # Fallback for if parsing fails
  while (my $line = <GPGOUT>) {
    if ($self->{verbose} > 1) {
      print "\t$line";
    }
    next if ($line =~ /^\s*$/);
    if ($line =~ /BAD_PASSPHRASE/) {
      $badPassPhrase = 1;
    }
    elsif ($line =~ /GOOD_PASSPHRASE/) {
      $badPassPhrase = 0;
    }
    elsif ($line =~ /ENC_TO/) {
      if ($line =~ /ENC_TO\s+([\dA-F]*)/) {
        $enc_to{$1} = $1; # Value is unimportant
      } else {
        $useKeyTally = 1;
      }
      --$keyTally;
    }
    elsif ($line =~ /NO_SECKEY/) {
      if ($line =~ /NO_SECKEY\s+([\dA-F]*)/) {
        $no_seckey{$1} = $1; # Value is unimportant
      } else {
        $useKeyTally = 1;
      }
      --$keyTally;
    }
  }
  close GPGOUT;
  my $retval = $? >> 8;
  unlink $gpgOutput;

  if (!$useKeyTally) {
    foreach my $key (keys(%no_seckey)) {
      delete $no_seckey{$key};
      if (exists $enc_to{$key}) {
        delete $enc_to{$key};
      } else {
        die "Error: Parsing of GPG output failed. Got a NO_SECKEY for no corresponding ENC_TO.\n";
      }
    }
    $keyTally = scalar(keys(%enc_to)); # Number of private keys
  }

  #handle specific decryption errors
  if ($badPassPhrase and $keyTally != 0) {
    die "Error: Decryption of $cipherText failed. BAD_PASSPHRASE\n";
  }
  elsif ($keyTally == 0) {
    die "Error: Decryption of $cipherText failed. No decrypting key available. NO_SECKEY\n";
  }
  elsif ($keyTally < 0) {
    # Parsing failed, and we got spurious NO_SECKEY messages
    die "Error: Parsing of GPG output failed. Too many NO_SECKEYs\n";
  }
  die "Error code returned by gpg: $retval.\n" if ($retval > 0);
}

sub GetPublicKeyList {
  my $self = shift;

  my @options;
  if ($self->DefaultPath()) {
    push @options, '--homedir '.$self->Quoted($self->DefaultPath());
  }
  my @command = qw(--list-keys);

  #list and extract keyids
  open GPG, "gpg @options @command 2>&1 |" or die "Error: List keys command failed.\n";
  my @keys;
  while (my $line = <GPG>) {
    if ($line =~ /^pub.*?([0-9a-fA-F]{8})\b/i) {
      push @keys, '0x'.$1;
    }
  }
  close GPG;
  return \@keys;
}

sub GetSecretKeyList {
  my $self = shift;

  my @options;
  if ($self->DefaultPath()) {
    push @options, '--homedir '.$self->Quoted($self->DefaultPath());
  }
  my @command = qw(--list-secret-keys);

  #list and extract keyids
  open GPG, "gpg @options @command 2>&1 |" or die "Error: List keys command failed.\n";
  my @keys;
  while (my $line = <GPG>) {
    if ($line =~ /^sec.*?([0-9a-fA-F]{8})\b/i) {
      push @keys, '0x'.$1;
    }
  }
  close GPG;
  return \@keys;
}
#
# Private
#

sub CheckKeyRings {
  my $self = shift;

  if ($self->DefaultPath) {
    unless (-e $self->DefaultPath.'/pubring.gpg') {
      die "Error: PGP Public keyring does not exist\n";
    }
    unless (-e $self->DefaultPath.'/secring.gpg') {
      die "Error: PGP secret keyring does not exist\n";
    }
  }
  unless (@{$self->PublicKeyList}) {
    die "Error: PGP public keyring is empty\n";
  }
  unless (@{$self->SecretKeyList}) {
    die "Error: PGP secret keyring is empty\n";
  }
}

1;

__END__

=head1 NAME

Crypt::GPG.pm - A wrapper over the Gnu Privacy Guard command line PGP tool

=head1 DESCRIPTION

C<Crypt::GPG> is inherited from the abstract base class C<Crypt>, implementing the abstract methods required for PGP encryption, decryption, etc... by calling Gnu Privacy Guard PGP command line tool (tested with version 1.0.6). For this module to work the PGP executable must have the name C<gpg.exe> and exist in one of the directories defined in the users path.

=head1 KNOWN BUGS

None

=head1 COPYRIGHT

 Copyright (c) 2000-2009 Nokia Corporation and/or its subsidiary(-ies).
 All rights reserved.
 This component and the accompanying materials are made available
 under the terms of the License "Eclipse Public License v1.0"
 which accompanies this distribution, and is available
 at the URL "http://www.eclipse.org/legal/epl-v10.html".
 
 Initial Contributors:
 Nokia Corporation - initial contribution.
 
 Contributors:
 
 Description:
 

=cut