rsaauth_446.patch

Administrator Admin, 2011-02-07 08:21

Download (9.22 KB)

View differences:

typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_abstract_backend.php (working copy)
62 62
	protected	$error = '';
63 63

  
64 64
	/**
65
	 * Creates a new key pair for the encryption.
65
	 * Creates a new key pair for the encryption. (if necessary).
66 66
	 *
67 67
	 * @return	tx_rsaauth_keypair	A new key pair or null in case of error
68
	 * @deprecated use getKeyPair instead! Reason1: there is no need to create more than one key pare. Reason2: the second private key overwrites the first private key, so the form with the first public key will never work	 
68 69
	 */
69
	abstract public function createNewKeyPair();
70
	public function createNewKeyPair(){
71
		t3lib_div::logDeprecatedFunction();
72
		return $this->getKeyPair();
73
	}
74
	
75
 	/**
76
	 * Get a key pair for the encryption.
77
	 *
78
	 * @return	tx_rsaauth_keypair	A key pair or null in case of error
79
	 */	
80
	abstract public function getKeyPair();
70 81

  
71 82
	/**
72 83
	 * Decripts the data using the private key.
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_cmdline_backend.php (working copy)
78 78
	}
79 79

  
80 80
	/**
81
	 *
81
	 * Creates a new or get an existing public/private key pair or null in case of error
82
	 * 	 
82 83
	 * @return tx_rsaauth_keypair	A new key pair or null in case of error
83 84
	 * @see tx_rsaauth_abstract_backend::createNewKeyPair()
84 85
	 */
85
	public function createNewKeyPair() {
86
		$result = null;
86
	public function getKeyPair() {
87
		$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
87 88

  
88
		// Create a temporary file. Security: tempnam() sets permissions to 0600
89
		$privateKeyFile = tempnam($this->temporaryDirectory, uniqid());
90

  
91
		// Generate the private key.
92
		//
93
		// PHP generates 1024 bit key files. We force command line version
94
		// to do the same and use the F4 (0x10001) exponent. This is the most
95
		// secure.
96
		$command = $this->opensslPath . ' genrsa -out ' .
97
			escapeshellarg($privateKeyFile) . ' 1024';
98
		exec($command);
99

  
100
		// Test that we got a private key
101
		$privateKey = file_get_contents($privateKeyFile);
102
		if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
103
			// Ok, we got the private key. Get the modulus.
104
			$command = $this->opensslPath . ' rsa -noout -modulus -in ' .
105
				escapeshellarg($privateKeyFile);
106
			$value = exec($command);
107
			if (substr($value, 0, 8) === 'Modulus=') {
108
				$publicKey = substr($value, 8);
109

  
110
				// Create a result object
111
				$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
112
				/* @var $result tx_rsa_keypair */
113
				$result->setExponent(0x10001);
114
				$result->setPrivateKey($privateKey);
115
				$result->setPublicKey($publicKey);
89
		if(!$result->isReady()){
90
			// Create a temporary file. Security: tempnam() sets permissions to 0600
91
			$privateKeyFile = tempnam($this->temporaryDirectory, uniqid());
92
	
93
			// Generate the private key.
94
			//
95
			// PHP generates 1024 bit key files. We force command line version
96
			// to do the same and use the F4 (0x10001) exponent. This is the most
97
			// secure.
98
			$command = $this->opensslPath . ' genrsa -out ' .
99
				escapeshellarg($privateKeyFile) . ' 1024';
100
			exec($command);
101
	
102
			// Test that we got a private key
103
			$privateKey = file_get_contents($privateKeyFile);
104
			if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
105
				// Ok, we got the private key. Get the modulus.
106
				$command = $this->opensslPath . ' rsa -noout -modulus -in ' .
107
					escapeshellarg($privateKeyFile);
108
				$value = exec($command);
109
				if (substr($value, 0, 8) === 'Modulus=') {
110
					$publicKey = substr($value, 8);
111
	
112
					/* @var $result tx_rsa_keypair */
113
					$result->setExponent(0x10001);
114
					$result->setPrivateKey($privateKey);
115
					$result->setPublicKey($publicKey);
116
				}
116 117
			}
118
	
119
			@unlink($privateKeyFile);
117 120
		}
118 121

  
119
		@unlink($privateKeyFile);
120

  
121 122
		return $result;
122 123
	}
123 124

  
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_keypair.php (working copy)
37 37
 * @package	TYPO3
38 38
 * @subpackage	tx_rsaauth
39 39
 */
40
final class tx_rsaauth_keypair {
40
final class tx_rsaauth_keypair implements t3lib_Singleton {
41 41

  
42 42
	/**
43 43
	 * RSA public exponent (3 or 0x10001)
44 44
	 *
45 45
	 * @var	int
46 46
	 */
47
	protected	$exponent = 0x10001;
47
	protected	$exponent;
48 48

  
49 49
	/**
50 50
	 * The private key
51 51
	 *
52 52
	 * @var	string
53 53
	 */
54
	protected	$privateKey = '';
54
	protected	$privateKey;
55 55

  
56 56
	/**
57 57
	 * The public key modulus
58 58
	 *
59 59
	 * @var	string
60 60
	 */
61
	protected	$publicKeyModulus = '';
61
	protected	$publicKeyModulus;
62
	
63
 	/**
64
	 * Check, if there is already a key pair
65
	 *
66
	 * @return bool
67
	 */
68
	public function isReady(){
69
		return (isset($this->exponent) && (isset($this->privateKey) && isset($this->publicKeyModulus));
70
	}
62 71

  
63 72
	/**
64 73
	 * Retrieves the exponent.
......
70 79
	}
71 80

  
72 81
	/**
73
	 * Sets the private key
82
	 * Sets the exponent if not already set
74 83
	 *
75
	 * @param	string	$privateKey	The new private key
84
	 * @param	string	$exponent	The new exponent
76 85
	 * @return	void
77 86
	 */
78 87
	public function setExponent($exponent) {
79
		$this->exponent = $exponent;
88
		if(!$this->isReady()) {
89
			$this->exponent = $exponent;
90
		} else {
91
			throw new Exception(
92
				'TYPO3 Fatal Error: tx_rsaauth_keypair::setExponent() don\'t set the exponent two times!',
93
				1296062838
94
			);
95
		}
80 96
	}
81 97

  
82 98
	/**
......
91 107
	/**
92 108
	 * Sets the private key
93 109
	 *
94
	 * @param	string	$privateKey	The new private key
110
	 * @param	string	$privateKey	The new private key if not already set
95 111
	 * @return	void
96 112
	 */
97 113
	public function setPrivateKey($privateKey) {
98
		$this->privateKey = $privateKey;
114
		if(!$this->isReady()) {
115
			$this->privateKey = $privateKey;
116
		} else {
117
			throw new Exception(
118
				'TYPO3 Fatal Error: tx_rsaauth_keypair::setPrivateKey() don\'t set the private key two times!',
119
				1296062838
120
			);
121
		}
99 122
	}
100 123

  
101 124
	/**
102 125
	 * Retrieves the public key modulus
103 126
	 *
104
	 * @return	string	The public key modulus
127
	 * @return	string	The public key modulus if not already set
105 128
	 */
106 129
	public function getPublicKeyModulus() {
107
		return $this->publicKeyModulus;
130
		if(!$this->isReady()) {
131
			$this->publicKeyModulus = $publicKeyModulus;
132
		} else {
133
			throw new Exception(
134
				'TYPO3 Fatal Error: tx_rsaauth_keypair::setPublicKey() don\'t set the public key two times!',
135
				1296062838
136
			);
137
		}
108 138
	}
109 139

  
110 140
	/**
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_php_backend.php (working copy)
42 42
class tx_rsaauth_php_backend extends tx_rsaauth_abstract_backend {
43 43

  
44 44
	/**
45
	 * Creates a new public/private key pair using PHP OpenSSL extension.
45
	 * Creates a new or get an existing public/private key pair using PHP OpenSSL extension.
46 46
	 *
47 47
	 * @return tx_rsaauth_keypair	A new key pair or null in case of error
48 48
	 * @see tx_rsaauth_abstract_backend::createNewKeyPair()
49 49
	 */
50 50
	public function createNewKeyPair() {
51
		$result = null;
52
		$privateKey = @openssl_pkey_new();
53
		if ($privateKey) {
54
			// Create private key as string
55
			$privateKeyStr = '';
56
			openssl_pkey_export($privateKey, $privateKeyStr);
57

  
58
			// Prepare public key information
59
			$exportedData = '';
60
			$csr = openssl_csr_new(array(), $privateKey);
61
			openssl_csr_export($csr, $exportedData, false);
62

  
63
			// Get public key (in fact modulus) and exponent
64
			$publicKey = $this->extractPublicKeyModulus($exportedData);
65
			$exponent = $this->extractExponent($exportedData);
66

  
67
			// Create result object
68
			$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
69
			/* @var $result tx_rsaauth_keypair */
70
			$result->setExponent($exponent);
71
			$result->setPrivateKey($privateKeyStr);
72
			$result->setPublicKey($publicKey);
73

  
74
			// Clean up all resources
75
			openssl_free_key($privateKey);
51
		$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
52
		if(!$result->isReady()){
53
			$privateKey = @openssl_pkey_new();
54
			if ($privateKey) {
55
				// Create private key as string
56
				$privateKeyStr = '';
57
				openssl_pkey_export($privateKey, $privateKeyStr);
58
	
59
				// Prepare public key information
60
				$exportedData = '';
61
				$csr = openssl_csr_new(array(), $privateKey);
62
				openssl_csr_export($csr, $exportedData, false);
63
	
64
				// Get public key (in fact modulus) and exponent
65
				$publicKey = $this->extractPublicKeyModulus($exportedData);
66
				$exponent = $this->extractExponent($exportedData);
67
	
68
				/* @var $result tx_rsaauth_keypair */
69
				$result->setExponent($exponent);
70
				$result->setPrivateKey($privateKeyStr);
71
				$result->setPublicKey($publicKey);
72
	
73
				// Clean up all resources
74
				openssl_free_key($privateKey);
75
			}
76 76
		}
77 77
		return $result;
78 78
	}