Project

General

Profile

Download (9.6 KB)

Bug #24877 » rsaauth_trunk2.patch

Administrator Admin, 2011-01-28 14:43

View differences:

typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_abstract_backend.php (working copy)
protected $error = '';
/**
* Creates a new key pair for the encryption.
* Creates a new key pair for the encryption (if necessary).
*
* @return tx_rsaauth_keypair A new key pair or null in case of error
* @deprecated use getKeyPair instead! Reason1: there is no need to create more than one key pare. Reason2: the second private key overwrites the first private key, so the form with the first public key will never work
*/
abstract public function createNewKeyPair();
public function createNewKeyPair() {
t3lib_div::logDeprecatedFunction();
return $this->getKeyPair();
}
/**
* Get a key pair for the encryption.
*
* @return tx_rsaauth_keypair A key pair or null in case of error
*/
abstract public function getKeyPair();
/**
* Decripts the data using the private key.
*
* @param string $privateKey The private key (obtained from a call to createNewKeyPair())
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_cmdline_backend.php (working copy)
}
/**
* Creates a new or get an existing public/private key pair or null in case of error
*
* @return tx_rsaauth_keypair A new key pair or null in case of error
* @see tx_rsaauth_abstract_backend::createNewKeyPair()
*/
public function createNewKeyPair() {
$result = null;
public function getKeyPair() {
// Create result object
$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
// Create a temporary file. Security: tempnam() sets permissions to 0600
$privateKeyFile = tempnam($this->temporaryDirectory, uniqid());
// Generate the private key.
//
// PHP generates 1024 bit key files. We force command line version
// to do the same and use the F4 (0x10001) exponent. This is the most
// secure.
$command = $this->opensslPath . ' genrsa -out ' .
escapeshellarg($privateKeyFile) . ' 1024';
t3lib_utility_Command::exec($command);
// Test that we got a private key
$privateKey = file_get_contents($privateKeyFile);
if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
// Ok, we got the private key. Get the modulus.
$command = $this->opensslPath . ' rsa -noout -modulus -in ' .
escapeshellarg($privateKeyFile);
$value = t3lib_utility_Command::exec($command);
if (substr($value, 0, 8) === 'Modulus=') {
$publicKey = substr($value, 8);
// Create a result object
$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
/* @var $result tx_rsa_keypair */
$result->setExponent(0x10001);
$result->setPrivateKey($privateKey);
$result->setPublicKey($publicKey);
}
if(!$result->isReady()){
// Create a temporary file. Security: tempnam() sets permissions to 0600
$privateKeyFile = tempnam($this->temporaryDirectory, uniqid());
// Generate the private key.
//
// PHP generates 1024 bit key files. We force command line version
// to do the same and use the F4 (0x10001) exponent. This is the most
// secure.
$command = $this->opensslPath . ' genrsa -out ' .
escapeshellarg($privateKeyFile) . ' 1024';
t3lib_utility_Command::exec($command);
// Test that we got a private key
$privateKey = file_get_contents($privateKeyFile);
if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
// Ok, we got the private key. Get the modulus.
$command = $this->opensslPath . ' rsa -noout -modulus -in ' .
escapeshellarg($privateKeyFile);
$value = t3lib_utility_Command::exec($command);
if (substr($value, 0, 8) === 'Modulus=') {
$publicKey = substr($value, 8);
/* @var $result tx_rsa_keypair */
$result->setExponent(0x10001);
$result->setPrivateKey($privateKey);
$result->setPublicKey($publicKey);
}
}
@unlink($privateKeyFile);
}
@unlink($privateKeyFile);
return $result;
}
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_keypair.php (working copy)
* @package TYPO3
* @subpackage tx_rsaauth
*/
final class tx_rsaauth_keypair {
final class tx_rsaauth_keypair implements t3lib_Singleton {
/**
* RSA public exponent (3 or 0x10001)
*
* @var int
*/
protected $exponent = 0x10001;
protected $exponent;
/**
* The private key
*
* @var string
*/
protected $privateKey = '';
protected $privateKey;
/**
* The public key modulus
*
* @var string
*/
protected $publicKeyModulus = '';
protected $publicKeyModulus;
/**
* Check, if there is already a key pair
*
* @return bool
*/
public function isReady(){
return (isset($this->exponent) && (isset($this->privateKey) && isset($this->publicKeyModulus));
}
/**
* Retrieves the exponent.
*
* @return string The exponent
......
}
/**
* Sets the private key
* Sets the exponent if not already set
*
* @param string $privateKey The new private key
* @param string $privateKey The new exponent
* @return void
*/
public function setExponent($exponent) {
$this->exponent = $exponent;
if(!$this->isReady()) {
$this->exponent = $exponent;
} else {
throw new Exception(
'TYPO3 Fatal Error: tx_rsaauth_keypair::setExponent() don\'t set the exponent two times!',
1296062838
);
}
}
/**
......
}
/**
* Sets the private key
* Sets the private key if not already set
*
* @param string $privateKey The new private key
* @return void
*/
public function setPrivateKey($privateKey) {
$this->privateKey = $privateKey;
if(!$this->isReady()) {
$this->privateKey = $privateKey;
} else {
throw new Exception(
'TYPO3 Fatal Error: tx_rsaauth_keypair::setPrivateKey() don\'t set the private key two times!',
1296062838
);
}
}
/**
......
}
/**
* Sets the public key modulus
* Sets the public key modulus if not already set
*
* @param string $publicKeyModulus The new public key modulus
* @return void
*/
public function setPublicKey($publicKeyModulus) {
$this->publicKeyModulus = $publicKeyModulus;
if(!$this->isReady()) {
$this->publicKeyModulus = $publicKeyModulus;
} else {
throw new Exception(
'TYPO3 Fatal Error: tx_rsaauth_keypair::setPublicKey() don\'t set the public key two times!',
1296062838
);
}
}
}
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_php_backend.php (working copy)
class tx_rsaauth_php_backend extends tx_rsaauth_abstract_backend {
/**
* Creates a new public/private key pair using PHP OpenSSL extension.
* Creates a new or get an existing public/private key pair using PHP OpenSSL extension.
*
* @return tx_rsaauth_keypair A new key pair or null in case of error
* @see tx_rsaauth_abstract_backend::createNewKeyPair()
*/
public function createNewKeyPair() {
$result = null;
$privateKey = @openssl_pkey_new();
if ($privateKey) {
// Create private key as string
$privateKeyStr = '';
openssl_pkey_export($privateKey, $privateKeyStr);
// Prepare public key information
$exportedData = '';
$csr = openssl_csr_new(array(), $privateKey);
openssl_csr_export($csr, $exportedData, false);
// Get public key (in fact modulus) and exponent
$publicKey = $this->extractPublicKeyModulus($exportedData);
$exponent = $this->extractExponent($exportedData);
// Create result object
$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
/* @var $result tx_rsaauth_keypair */
$result->setExponent($exponent);
$result->setPrivateKey($privateKeyStr);
$result->setPublicKey($publicKey);
// Clean up all resources
openssl_free_key($privateKey);
public function getKeyPair() {
// Create result object
$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
if(!$result->isReady()){
$privateKey = @openssl_pkey_new();
if ($privateKey) {
// Create private key as string
$privateKeyStr = '';
openssl_pkey_export($privateKey, $privateKeyStr);
// Prepare public key information
$exportedData = '';
$csr = openssl_csr_new(array(), $privateKey);
openssl_csr_export($csr, $exportedData, false);
// Get public key (in fact modulus) and exponent
$publicKey = $this->extractPublicKeyModulus($exportedData);
$exponent = $this->extractExponent($exportedData);
/* @var $result tx_rsaauth_keypair */
$result->setExponent($exponent);
$result->setPrivateKey($privateKeyStr);
$result->setPublicKey($publicKey);
// Clean up all resources
openssl_free_key($privateKey);
}
}
return $result;
}
(3-3/4)