TYPO3 CMS  TYPO3_8-7
CommandLineBackend.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
20 
27 {
31  const DEFAULT_EXPONENT = 65537;
32 
38  protected $opensslPath;
39 
48 
53  public function __construct()
54  {
55  $this->opensslPath = CommandUtility::getCommand('openssl');
56  // Get temporary directory from the configuration
57  $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth'], ['allowed_classes' => false]);
58  if (
59  $extconf['temporaryDirectory'] !== ''
60  && $extconf['temporaryDirectory'][0] === '/'
61  && @is_dir($extconf['temporaryDirectory'])
62  && is_writable($extconf['temporaryDirectory'])
63  ) {
64  $this->temporaryDirectory = $extconf['temporaryDirectory'];
65  } else {
66  $this->temporaryDirectory = PATH_site . 'typo3temp/var/transient';
67  }
68  }
69 
73  public function __wakeup()
74  {
75  $this->opensslPath = null;
76  $this->temporaryDirectory = null;
77 
78  throw new \RuntimeException(
79  __CLASS__ . ' cannot be unserialized',
80  1531336156
81  );
82  }
83 
92  public function createNewKeyPair()
93  {
95  $keyPair = GeneralUtility::makeInstance(\TYPO3\CMS\Rsaauth\Keypair::class);
96  if ($keyPair->isReady()) {
97  return $keyPair;
98  }
99 
100  if ($this->opensslPath === false) {
101  return null;
102  }
103 
104  // Create a temporary file. Security: tempnam() sets permissions to 0600
105  $privateKeyFile = tempnam($this->temporaryDirectory, StringUtility::getUniqueId());
106 
107  // Generate the private key.
108  //
109  // PHP generates 1024 bit key files. We force command line version
110  // to do the same and use the F4 (0x10001) exponent. This is the most
111  // secure.
112  $command = $this->opensslPath . ' genrsa -out ' . escapeshellarg($privateKeyFile) . ' 1024';
113  if (TYPO3_OS === 'WIN') {
114  $command .= ' 2>NUL';
115  } else {
116  $command .= ' 2>/dev/null';
117  }
118  CommandUtility::exec($command);
119  // Test that we got a private key
120  $privateKey = file_get_contents($privateKeyFile);
121  if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
122  // Ok, we got the private key. Get the modulus.
123  $command = $this->opensslPath . ' rsa -noout -modulus -in ' . escapeshellarg($privateKeyFile);
124  $value = CommandUtility::exec($command);
125  if (substr($value, 0, 8) === 'Modulus=') {
126  $publicKey = substr($value, 8);
127 
128  $keyPair->setExponent(self::DEFAULT_EXPONENT);
129  $keyPair->setPrivateKey($privateKey);
130  $keyPair->setPublicKey($publicKey);
131  }
132  } else {
133  $keyPair = null;
134  }
135 
136  @unlink($privateKeyFile);
137  return $keyPair;
138  }
139 
146  public function decrypt($privateKey, $data)
147  {
148  // Key must be put to the file
149  $privateKeyFile = tempnam($this->temporaryDirectory, StringUtility::getUniqueId());
150  file_put_contents($privateKeyFile, $privateKey);
151  $dataFile = tempnam($this->temporaryDirectory, StringUtility::getUniqueId());
152  file_put_contents($dataFile, base64_decode($data));
153  // Prepare the command
154  $command = $this->opensslPath . ' rsautl -inkey ' . escapeshellarg($privateKeyFile) . ' -in ' . escapeshellarg($dataFile) . ' -decrypt';
155  // Execute the command and capture the result
156  $output = [];
157  CommandUtility::exec($command, $output);
158  // Remove the file
159  @unlink($privateKeyFile);
160  @unlink($dataFile);
161  return implode(LF, $output);
162  }
163 
171  public function isAvailable()
172  {
173  $result = false;
174  if ($this->opensslPath) {
175  // If path exists, test that command runs and can produce output
176  $test = CommandUtility::exec($this->opensslPath . ' version');
177  $result = substr($test, 0, 8) === 'OpenSSL ';
178  }
179  return $result;
180  }
181 }
static getCommand($cmd, $handler='', $handlerOpt='')
static exec($command, &$output=null, &$returnValue=0)
static makeInstance($className,... $constructorArguments)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']