TYPO3 CMS  TYPO3_7-6
CommandLineBackend.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Rsaauth\Backend;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Core\Utility\CommandUtility;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Core\Utility\StringUtility;
20 
26 class CommandLineBackend extends AbstractBackend
27 {
31  const DEFAULT_EXPONENT = 65537;
32 
38  protected $opensslPath;
39 
47  protected $temporaryDirectory;
48 
53  public function __construct()
54  {
55  $this->opensslPath = CommandUtility::getCommand('openssl');
56  $this->temporaryDirectory = PATH_site . 'typo3temp';
57  // Get temporary directory from the configuration
58  $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth']);
59  if (
60  $extconf['temporaryDirectory'] !== ''
61  && $extconf['temporaryDirectory'][0] === '/'
62  && @is_dir($extconf['temporaryDirectory'])
63  && is_writable($extconf['temporaryDirectory'])
64  ) {
65  $this->temporaryDirectory = $extconf['temporaryDirectory'];
66  }
67  }
68 
72  public function __wakeup()
73  {
74  $this->opensslPath = null;
75  $this->temporaryDirectory = null;
76 
77  throw new \RuntimeException(
78  __CLASS__ . ' cannot be unserialized',
79  1531336156
80  );
81  }
82 
91  public function createNewKeyPair()
92  {
94  $keyPair = GeneralUtility::makeInstance(\TYPO3\CMS\Rsaauth\Keypair::class);
95  if ($keyPair->isReady()) {
96  return $keyPair;
97  }
98 
99  if ($this->opensslPath === false) {
100  return null;
101  }
102 
103  // Create a temporary file. Security: tempnam() sets permissions to 0600
104  $privateKeyFile = tempnam($this->temporaryDirectory, StringUtility::getUniqueId());
105 
106  // Generate the private key.
107  //
108  // PHP generates 1024 bit key files. We force command line version
109  // to do the same and use the F4 (0x10001) exponent. This is the most
110  // secure.
111  $command = $this->opensslPath . ' genrsa -out ' . escapeshellarg($privateKeyFile) . ' 1024';
112  if (TYPO3_OS === 'WIN') {
113  $command .= ' 2>NUL';
114  } else {
115  $command .= ' 2>/dev/null';
116  }
117  CommandUtility::exec($command);
118  // Test that we got a private key
119  $privateKey = file_get_contents($privateKeyFile);
120  if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
121  // Ok, we got the private key. Get the modulus.
122  $command = $this->opensslPath . ' rsa -noout -modulus -in ' . escapeshellarg($privateKeyFile);
123  $value = CommandUtility::exec($command);
124  if (substr($value, 0, 8) === 'Modulus=') {
125  $publicKey = substr($value, 8);
126 
127  $keyPair->setExponent(self::DEFAULT_EXPONENT);
128  $keyPair->setPrivateKey($privateKey);
129  $keyPair->setPublicKey($publicKey);
130  }
131  } else {
132  $keyPair = null;
133  }
134 
135  @unlink($privateKeyFile);
136  return $keyPair;
137  }
138 
145  public function decrypt($privateKey, $data)
146  {
147  // Key must be put to the file
148  $privateKeyFile = tempnam($this->temporaryDirectory, StringUtility::getUniqueId());
149  file_put_contents($privateKeyFile, $privateKey);
150  $dataFile = tempnam($this->temporaryDirectory, StringUtility::getUniqueId());
151  file_put_contents($dataFile, base64_decode($data));
152  // Prepare the command
153  $command = $this->opensslPath . ' rsautl -inkey ' . escapeshellarg($privateKeyFile) . ' -in ' . escapeshellarg($dataFile) . ' -decrypt';
154  // Execute the command and capture the result
155  $output = [];
156  CommandUtility::exec($command, $output);
157  // Remove the file
158  @unlink($privateKeyFile);
159  @unlink($dataFile);
160  return implode(LF, $output);
161  }
162 
170  public function isAvailable()
171  {
172  $result = false;
173  if ($this->opensslPath) {
174  // If path exists, test that command runs and can produce output
175  $test = CommandUtility::exec($this->opensslPath . ' version');
176  $result = substr($test, 0, 8) === 'OpenSSL ';
177  }
178  return $result;
179  }
180 }
TYPO3\CMS\Core\Utility\CommandUtility\getCommand
static getCommand($cmd, $handler='', $handlerOpt='')
Definition: CommandUtility.php:227
TYPO3\CMS\Core\Utility\CommandUtility\exec
static exec($command, &$output=null, &$returnValue=0)
Definition: CommandUtility.php:82
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:31