diff --git a/cmd/draft.go b/cmd/draft.go index ebf0b30..75dd324 100644 --- a/cmd/draft.go +++ b/cmd/draft.go @@ -260,7 +260,7 @@ func draftSendCmd() *cobra.Command { client.SetAuthHeader(session.AccessToken) mailClient := mail.NewClient(client) - if err := mailClient.SendDraft(messageID); err != nil { + if err := mailClient.SendDraft(messageID, session.AccessToken); err != nil { return fmt.Errorf("failed to send draft: %w", err) } diff --git a/cmd/mail.go b/cmd/mail.go index 4e3886f..6113d8a 100644 --- a/cmd/mail.go +++ b/cmd/mail.go @@ -171,7 +171,7 @@ func mailReadCmd() *cobra.Command { } func mailSendCmd() *cobra.Command { - var to, cc, bcc, subject, bodyFile string + var to, cc, bcc, subject, body, bodyFile string var html bool cmd := &cobra.Command{ @@ -186,14 +186,16 @@ func mailSendCmd() *cobra.Command { return fmt.Errorf("subject is required (--subject)") } - body := "" - if bodyFile != "" { - data, err := os.ReadFile(bodyFile) - if err != nil { - return fmt.Errorf("failed to read body file: %w", err) - } - body = string(data) + var bodyContent string + if body != "" { + bodyContent = body + } else if bodyFile != "" { + data, err := os.ReadFile(bodyFile) + if err != nil { + return fmt.Errorf("failed to read body file: %w", err) } + bodyContent = string(data) + } recipients := parseRecipients(to) var ccRecipients, bccRecipients []mail.Recipient @@ -223,15 +225,15 @@ func mailSendCmd() *cobra.Command { client.SetAuthHeader(session.AccessToken) mailClient := mail.NewClient(client) - req := mail.SendRequest{ - To: recipients, - CC: ccRecipients, - BCC: bccRecipients, - Subject: subject, - Body: body, - HTML: html, - Passphrase: session.AccessToken, - } + req := mail.SendRequest{ + To: recipients, + CC: ccRecipients, + BCC: bccRecipients, + Subject: subject, + Body: bodyContent, + HTML: html, + Passphrase: session.AccessToken, + } if err := mailClient.Send(req); err != nil { return fmt.Errorf("failed to send message: %w", err) @@ -248,7 +250,7 @@ func mailSendCmd() *cobra.Command { cmd.Flags().StringVarP(&subject, "subject", "s", "", "Message subject") cmd.Flags().StringVarP(&bodyFile, "body-file", "f", "", "File containing message body") cmd.Flags().BoolVar(&html, "html", false, "Send body as HTML") - cmd.Flags().StringVar(&bodyFile, "body", "", "Inline message body") + cmd.Flags().StringVar(&body, "body", "", "Inline message body") _ = cmd.MarkFlagRequired("to") return cmd @@ -322,7 +324,7 @@ func mailTrashCmd() *cobra.Command { client.SetAuthHeader(session.AccessToken) mailClient := mail.NewClient(client) - if err := mailClient.MoveToTrash(messageID); err != nil { + if err := mailClient.MoveToTrash(messageID, session.AccessToken); err != nil { return fmt.Errorf("failed to move to trash: %w", err) } diff --git a/internal/mail/client.go b/internal/mail/client.go index 0f4a85e..eae16e3 100644 --- a/internal/mail/client.go +++ b/internal/mail/client.go @@ -12,8 +12,9 @@ import ( ) type Client struct { - apiClient *api.ProtonMailClient - baseURL string + apiClient *api.ProtonMailClient + baseURL string + pgpService *PGPService } func NewClient(apiClient *api.ProtonMailClient) *Client { @@ -23,6 +24,10 @@ func NewClient(apiClient *api.ProtonMailClient) *Client { } } +func (c *Client) SetPGPService(svc *PGPService) { + c.pgpService = svc +} + func (c *Client) ListMessages(req ListMessagesRequest) (*ListMessagesResponse, error) { body := map[string]interface{}{ "Page": req.Page, @@ -116,24 +121,35 @@ func (c *Client) GetMessage(messageID string, passphrase string) (*Message, erro } func (c *Client) Send(req SendRequest) error { - body := map[string]interface{}{ + payload := map[string]interface{}{ "Type": "0", "Passphrase": req.Passphrase, "Subject": req.Subject, "HTML": req.HTML, "To": req.To, - "Body": req.Body, + } + + if req.Body != "" { + if c.pgpService != nil { + encrypted, err := c.pgpService.EncryptBody(req.Body, req.Passphrase) + if err != nil { + return fmt.Errorf("failed to encrypt message body: %w", err) + } + payload["BodyEnc"] = encrypted + } else { + payload["Body"] = req.Body + } } if len(req.CC) > 0 { - body["CC"] = req.CC + payload["CC"] = req.CC } if len(req.BCC) > 0 { - body["BCC"] = req.BCC + payload["BCC"] = req.BCC } - jsonBody, err := json.Marshal(body) + jsonBody, err := json.Marshal(payload) if err != nil { return fmt.Errorf("failed to marshal request: %w", err) } @@ -159,8 +175,9 @@ func (c *Client) Send(req SendRequest) error { return nil } -func (c *Client) MoveToTrash(messageID string) error { +func (c *Client) MoveToTrash(messageID string, passphrase string) error { formData := url.Values{} + formData.Set("Passphrase", passphrase) reqURL := fmt.Sprintf("%s/api/messages/%s/movetotrash", c.baseURL, url.QueryEscape(messageID)) httpReq, err := http.NewRequest("POST", reqURL, bytes.NewBufferString(formData.Encode())) if err != nil { @@ -293,8 +310,9 @@ func (c *Client) UpdateDraft(messageID string, draft Draft, passphrase string) e return nil } -func (c *Client) SendDraft(messageID string) error { +func (c *Client) SendDraft(messageID string, passphrase string) error { formData := url.Values{} + formData.Set("Passphrase", passphrase) reqURL := fmt.Sprintf("%s/api/messages/%s/send", c.baseURL, url.QueryEscape(messageID)) httpReq, err := http.NewRequest("POST", reqURL, bytes.NewBufferString(formData.Encode())) if err != nil { diff --git a/internal/mail/pgp.go b/internal/mail/pgp.go index 80c9dad..08047f8 100644 --- a/internal/mail/pgp.go +++ b/internal/mail/pgp.go @@ -8,8 +8,9 @@ import ( ) type PGPKeyRing struct { - PrivateKey *crypto.Key - PublicKey []byte + PrivateKey *crypto.Key + PublicKey []byte + PrivateKeyData string } type PGPService struct { @@ -29,8 +30,9 @@ func NewPGPService(privateKeyArmored string) (*PGPService, error) { return &PGPService{ keyRing: &PGPKeyRing{ - PrivateKey: privateKey, - PublicKey: publicKey, + PrivateKey: privateKey, + PublicKey: publicKey, + PrivateKeyData: privateKeyArmored, }, }, nil } @@ -56,6 +58,42 @@ func (s *PGPService) Encrypt(plaintext string, recipientPublicKey *crypto.Key) ( return armored, nil } +func (s *PGPService) EncryptBody(plaintext string, passphrase string) (string, error) { + pgpMessage := crypto.NewPlainMessage([]byte(plaintext)) + + pubKeyBytes, err := s.keyRing.PrivateKey.GetPublicKey() + if err != nil { + return "", fmt.Errorf("failed to get public key: %w", err) + } + + pubKey, err := crypto.NewKeyFromArmored(string(pubKeyBytes)) + if err != nil { + return "", fmt.Errorf("failed to parse public key: %w", err) + } + + recipientKeyRing, err := crypto.NewKeyRing(pubKey) + if err != nil { + return "", fmt.Errorf("failed to create encryption key ring: %w", err) + } + + signingKeyRing, err := s.getUnlockedKeyRing(passphrase) + if err != nil { + return "", fmt.Errorf("failed to create signing key ring: %w", err) + } + + encrypted, err := recipientKeyRing.Encrypt(pgpMessage, signingKeyRing) + if err != nil { + return "", fmt.Errorf("failed to encrypt body: %w", err) + } + + armored, err := encrypted.GetArmored() + if err != nil { + return "", fmt.Errorf("failed to armor encrypted body: %w", err) + } + + return armored, nil +} + func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto.Key, passphrase string) (string, error) { pgpMessage := crypto.NewPlainMessage([]byte(plaintext)) @@ -64,7 +102,7 @@ func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto return "", fmt.Errorf("failed to create recipient key ring: %w", err) } - signingKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey) + signingKeyRing, err := s.getUnlockedKeyRing(passphrase) if err != nil { return "", fmt.Errorf("failed to create signing key ring: %w", err) } @@ -82,13 +120,30 @@ func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto return armored, nil } +func (s *PGPService) getUnlockedKeyRing(passphrase string) (*crypto.KeyRing, error) { + key, err := crypto.NewKeyFromArmored(s.keyRing.PrivateKeyData) + if err != nil { + return nil, fmt.Errorf("failed to parse private key: %w", err) + } + + if passphrase != "" { + unlockedKey, err := key.Unlock([]byte(passphrase)) + if err != nil { + return nil, fmt.Errorf("failed to unlock private key: %w", err) + } + key = unlockedKey + } + + return crypto.NewKeyRing(key) +} + func (s *PGPService) Decrypt(encrypted string, passphrase string) (string, error) { pgpMessage, err := crypto.NewPGPMessageFromArmored(encrypted) if err != nil { return "", fmt.Errorf("failed to parse encrypted message: %w", err) } - decryptionKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey) + decryptionKeyRing, err := s.getUnlockedKeyRing(passphrase) if err != nil { return "", fmt.Errorf("failed to create decryption key ring: %w", err) } @@ -133,7 +188,7 @@ func (s *PGPService) GetFingerprint() (string, error) { func (s *PGPService) SignData(data []byte, passphrase string) (string, error) { pgpMessage := crypto.NewPlainMessage(data) - signingKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey) + signingKeyRing, err := s.getUnlockedKeyRing(passphrase) if err != nil { return "", fmt.Errorf("failed to create signing key ring: %w", err) } @@ -190,7 +245,7 @@ func (s *PGPService) DecryptAttachment(attachment *Attachment, passphrase string return nil, fmt.Errorf("no keys available for attachment decryption") } - decryptionKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey) + decryptionKeyRing, err := s.getUnlockedKeyRing(passphrase) if err != nil { return nil, fmt.Errorf("failed to create decryption key ring: %w", err) }