CommandLineBackend.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Rsaauth\Backend;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Core\Configuration\ExtensionConfiguration;
use ‪TYPO3\CMS\Core\Core\Environment;
use ‪TYPO3\CMS\Core\Utility\CommandUtility;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
use ‪TYPO3\CMS\Core\Utility\StringUtility;
 
class ‪CommandLineBackend extends ‪AbstractBackend
{
    const ‪DEFAULT_EXPONENT = 65537;
 
    protected ‪$opensslPath;
 
    protected ‪$temporaryDirectory;
 
    public function ‪__construct()
    {
        $this->opensslPath = ‪CommandUtility::getCommand('openssl');
        // Get temporary directory from the configuration
        $path = trim(GeneralUtility::makeInstance(ExtensionConfiguration::class)->get('rsaauth', 'temporaryDirectory'));
        if ($path !== '' && $path[0] === '/' && @is_dir($path) && is_writable($path)) {
            $this->temporaryDirectory = $path;
        } else {
            $this->temporaryDirectory = ‪Environment::getVarPath() . '/transient';
        }
    }
 
    public function ‪__wakeup()
    {
        $this->opensslPath = null;
        $this->temporaryDirectory = null;
 
        throw new \RuntimeException(
            __CLASS__ . ' cannot be unserialized',
            1531336156
        );
    }
 
    public function ‪createNewKeyPair()
    {
        $keyPair = GeneralUtility::makeInstance(\‪TYPO3\CMS\Rsaauth\Keypair::class);
        if ($keyPair->isReady()) {
            return $keyPair;
        }
 
        if ($this->opensslPath === false) {
            return null;
        }
 
        // Create a temporary file. Security: tempnam() sets permissions to 0600
        $privateKeyFile = tempnam($this->temporaryDirectory, ‪StringUtility::getUniqueId());
 
        // Generate the private key.
        //
        // PHP generates 1024 bit key files. We force command line version
        // to do the same and use the F4 (0x10001) exponent. This is the most
        // secure.
        $command = $this->opensslPath . ' genrsa -out ' . escapeshellarg($privateKeyFile) . ' 1024';
        if (‪Environment::isWindows()) {
            $command .= ' 2>NUL';
        } else {
            $command .= ' 2>/dev/null';
        }
        ‪CommandUtility::exec($command);
        // Test that we got a private key
        $privateKey = file_get_contents($privateKeyFile);
        if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
            // Ok, we got the private key. Get the modulus.
            $command = $this->opensslPath . ' rsa -noout -modulus -in ' . escapeshellarg($privateKeyFile);
            $value = ‪CommandUtility::exec($command);
            if (strpos($value, 'Modulus=') === 0) {
                $publicKey = substr($value, 8);
 
                $keyPair->setExponent(self::DEFAULT_EXPONENT);
                $keyPair->setPrivateKey($privateKey);
                $keyPair->setPublicKey($publicKey);
            }
        } else {
            $keyPair = null;
        }
 
        @unlink($privateKeyFile);
        return $keyPair;
    }
 
    public function ‪decrypt($privateKey, $data)
    {
        // Key must be put to the file
        $privateKeyFile = tempnam($this->temporaryDirectory, ‪StringUtility::getUniqueId());
        file_put_contents($privateKeyFile, $privateKey);
        $dataFile = tempnam($this->temporaryDirectory, ‪StringUtility::getUniqueId());
        file_put_contents($dataFile, base64_decode($data));
        // Prepare the command
        $command = $this->opensslPath . ' rsautl -inkey ' . escapeshellarg($privateKeyFile) . ' -in ' . escapeshellarg($dataFile) . ' -decrypt';
        // Execute the command and capture the result
        ‪$output = [];
        ‪CommandUtility::exec($command, ‪$output);
        // Remove the file
        @unlink($privateKeyFile);
        @unlink($dataFile);
        return implode(LF, ‪$output);
    }
 
    public function ‪isAvailable()
    {
        $result = false;
        if ($this->opensslPath) {
            // If path exists, test that command runs and can produce output
            $test = ‪CommandUtility::exec($this->opensslPath . ' version');
            $result = strpos($test, 'OpenSSL ') === 0;
        }
        return $result;
    }
}