CommandLineBackend.php

Go to the documentation of this file.

<?php
namespace TYPO3\CMS\Rsaauth\Backend;

use TYPO3\CMS\Core\Utility\GeneralUtility;

class CommandLineBackend extends \TYPO3\CMS\Rsaauth\Backend\AbstractBackend {
    const DEFAULT_EXPONENT = 65537;

    protected $opensslPath;

    protected $temporaryDirectory;

    public function __construct() {
        $this->opensslPath = \TYPO3\CMS\Core\Utility\CommandUtility::getCommand('openssl');
        $this->temporaryDirectory = PATH_site . 'typo3temp';
        // Get temporary directory from the configuration
        $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth']);
        if ($extconf['temporaryDirectory'] != '' && $extconf['temporaryDirectory'][0] == '/' && @is_dir($extconf['temporaryDirectory']) && is_writable($extconf['temporaryDirectory'])) {
            $this->temporaryDirectory = $extconf['temporaryDirectory'];
        }
    }

    public function createNewKeyPair() {
        $keyPair = GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Keypair');
        if ($keyPair->isReady()) {
            return $keyPair;
        }

        if ($this->opensslPath === FALSE) {
            return NULL;
        }

        // Create a temporary file. Security: tempnam() sets permissions to 0600
        $privateKeyFile = tempnam($this->temporaryDirectory, uniqid('', TRUE));

        // Generate the private key.
        //
        // PHP generates 1024 bit key files. We force command line version
        // to do the same and use the F4 (0x10001) exponent. This is the most
        // secure.
        $command = $this->opensslPath . ' genrsa -out ' . escapeshellarg($privateKeyFile) . ' 1024';
        if (TYPO3_OS === 'WIN') {
            $command .= ' 2>NUL';
        } else {
            $command .= ' 2>/dev/null';
        }
        \TYPO3\CMS\Core\Utility\CommandUtility::exec($command);
        // Test that we got a private key
        $privateKey = file_get_contents($privateKeyFile);
        if (FALSE !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
            // Ok, we got the private key. Get the modulus.
            $command = $this->opensslPath . ' rsa -noout -modulus -in ' . escapeshellarg($privateKeyFile);
            $value = \TYPO3\CMS\Core\Utility\CommandUtility::exec($command);
            if (substr($value, 0, 8) === 'Modulus=') {
                $publicKey = substr($value, 8);

                $keyPair->setExponent(self::DEFAULT_EXPONENT);
                $keyPair->setPrivateKey($privateKey);
                $keyPair->setPublicKey($publicKey);
            }
        } else {
            $keyPair = NULL;
        }

        @unlink($privateKeyFile);
        return $keyPair;
    }

    public function decrypt($privateKey, $data) {
        // Key must be put to the file
        $privateKeyFile = tempnam($this->temporaryDirectory, uniqid('', TRUE));
        file_put_contents($privateKeyFile, $privateKey);
        $dataFile = tempnam($this->temporaryDirectory, uniqid('', TRUE));
        file_put_contents($dataFile, base64_decode($data));
        // Prepare the command
        $command = $this->opensslPath . ' rsautl -inkey ' . escapeshellarg($privateKeyFile) . ' -in ' . escapeshellarg($dataFile) . ' -decrypt';
        // Execute the command and capture the result
        $output = array();
        \TYPO3\CMS\Core\Utility\CommandUtility::exec($command, $output);
        // Remove the file
        @unlink($privateKeyFile);
        @unlink($dataFile);
        return implode(LF, $output);
    }

    public function isAvailable() {
        $result = FALSE;
        if ($this->opensslPath) {
            // If path exists, test that command runs and can produce output
            $test = \TYPO3\CMS\Core\Utility\CommandUtility::exec($this->opensslPath . ' version');
            $result = substr($test, 0, 8) == 'OpenSSL ';
        }
        return $result;
    }

}