rsaauth.patch
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_abstract_backend.php (working copy) | ||
---|---|---|
62 | 62 |
protected $error = ''; |
63 | 63 | |
64 | 64 |
/** |
65 |
* Creates a new key pair for the encryption. |
|
65 |
* Creates a new key pair for the encryption (if necessary). |
|
66 | 66 |
* |
67 | 67 |
* @return tx_rsaauth_keypair A new key pair or null in case of error |
68 |
* @deprecated use getKeyPair instead! Reason1: there is no need to create more than one key pare. Reason2: the second private key overwrites the first private key, so the form with the first public key will never work |
|
68 | 69 |
*/ |
69 |
abstract public function createNewKeyPair(); |
|
70 |
public function createNewKeyPair() { |
|
71 |
t3lib_div::logDeprecatedFunction(); |
|
72 |
return $this->getKeyPair(); |
|
73 |
} |
|
70 | 74 | |
71 | 75 |
/** |
76 |
* Get a key pair for the encryption. |
|
77 |
* |
|
78 |
* @return tx_rsaauth_keypair A key pair or null in case of error |
|
79 |
*/ |
|
80 |
abstract public function getKeyPair(); |
|
81 | ||
82 |
/** |
|
72 | 83 |
* Decripts the data using the private key. |
73 | 84 |
* |
74 | 85 |
* @param string $privateKey The private key (obtained from a call to createNewKeyPair()) |
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_cmdline_backend.php (working copy) | ||
---|---|---|
78 | 78 |
} |
79 | 79 | |
80 | 80 |
/** |
81 |
* Creates a new or get an existing public/private key pair or null in case of error |
|
81 | 82 |
* |
82 | 83 |
* @return tx_rsaauth_keypair A new key pair or null in case of error |
83 | 84 |
* @see tx_rsaauth_abstract_backend::createNewKeyPair() |
84 | 85 |
*/ |
85 |
public function createNewKeyPair() { |
|
86 |
$result = null; |
|
86 |
public function getKeyPair() { |
|
87 |
// Create result object |
|
88 |
$result = t3lib_div::makeInstance('tx_rsaauth_keypair'); |
|
87 | 89 | |
88 |
// Create a temporary file. Security: tempnam() sets permissions to 0600 |
|
89 |
$privateKeyFile = tempnam($this->temporaryDirectory, uniqid()); |
|
90 | ||
91 |
// Generate the private key. |
|
92 |
// |
|
93 |
// PHP generates 1024 bit key files. We force command line version |
|
94 |
// to do the same and use the F4 (0x10001) exponent. This is the most |
|
95 |
// secure. |
|
96 |
$command = $this->opensslPath . ' genrsa -out ' . |
|
97 |
escapeshellarg($privateKeyFile) . ' 1024'; |
|
98 |
t3lib_utility_Command::exec($command); |
|
99 | ||
100 |
// Test that we got a private key |
|
101 |
$privateKey = file_get_contents($privateKeyFile); |
|
102 |
if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) { |
|
103 |
// Ok, we got the private key. Get the modulus. |
|
104 |
$command = $this->opensslPath . ' rsa -noout -modulus -in ' . |
|
105 |
escapeshellarg($privateKeyFile); |
|
106 |
$value = t3lib_utility_Command::exec($command); |
|
107 |
if (substr($value, 0, 8) === 'Modulus=') { |
|
108 |
$publicKey = substr($value, 8); |
|
109 | ||
110 |
// Create a result object |
|
111 |
$result = t3lib_div::makeInstance('tx_rsaauth_keypair'); |
|
112 |
/* @var $result tx_rsa_keypair */ |
|
113 |
$result->setExponent(0x10001); |
|
114 |
$result->setPrivateKey($privateKey); |
|
115 |
$result->setPublicKey($publicKey); |
|
116 |
} |
|
90 |
if(!$result->isReady()){ |
|
91 |
// Create a temporary file. Security: tempnam() sets permissions to 0600 |
|
92 |
$privateKeyFile = tempnam($this->temporaryDirectory, uniqid()); |
|
93 |
|
|
94 |
// Generate the private key. |
|
95 |
// |
|
96 |
// PHP generates 1024 bit key files. We force command line version |
|
97 |
// to do the same and use the F4 (0x10001) exponent. This is the most |
|
98 |
// secure. |
|
99 |
$command = $this->opensslPath . ' genrsa -out ' . |
|
100 |
escapeshellarg($privateKeyFile) . ' 1024'; |
|
101 |
t3lib_utility_Command::exec($command); |
|
102 |
|
|
103 |
// Test that we got a private key |
|
104 |
$privateKey = file_get_contents($privateKeyFile); |
|
105 |
if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) { |
|
106 |
// Ok, we got the private key. Get the modulus. |
|
107 |
$command = $this->opensslPath . ' rsa -noout -modulus -in ' . |
|
108 |
escapeshellarg($privateKeyFile); |
|
109 |
$value = t3lib_utility_Command::exec($command); |
|
110 |
if (substr($value, 0, 8) === 'Modulus=') { |
|
111 |
$publicKey = substr($value, 8); |
|
112 |
|
|
113 |
/* @var $result tx_rsa_keypair */ |
|
114 |
$result->setExponent(0x10001); |
|
115 |
$result->setPrivateKey($privateKey); |
|
116 |
$result->setPublicKey($publicKey); |
|
117 |
} |
|
118 |
} |
|
119 |
|
|
120 |
@unlink($privateKeyFile); |
|
117 | 121 |
} |
118 | 122 | |
119 |
@unlink($privateKeyFile); |
|
120 | ||
121 | 123 |
return $result; |
122 | 124 |
} |
123 | 125 |
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_keypair.php (working copy) | ||
---|---|---|
37 | 37 |
* @package TYPO3 |
38 | 38 |
* @subpackage tx_rsaauth |
39 | 39 |
*/ |
40 |
final class tx_rsaauth_keypair { |
|
40 |
final class tx_rsaauth_keypair implements t3lib_Singleton { |
|
41 | 41 | |
42 | 42 |
/** |
43 | 43 |
* RSA public exponent (3 or 0x10001) |
44 | 44 |
* |
45 | 45 |
* @var int |
46 | 46 |
*/ |
47 |
protected $exponent = 0x10001; |
|
47 |
protected $exponent; |
|
48 | 48 | |
49 | 49 |
/** |
50 | 50 |
* The private key |
51 | 51 |
* |
52 | 52 |
* @var string |
53 | 53 |
*/ |
54 |
protected $privateKey = ''; |
|
54 |
protected $privateKey; |
|
55 | 55 | |
56 | 56 |
/** |
57 | 57 |
* The public key modulus |
58 | 58 |
* |
59 | 59 |
* @var string |
60 | 60 |
*/ |
61 |
protected $publicKeyModulus = ''; |
|
61 |
protected $publicKeyModulus; |
|
62 | 62 | |
63 | 63 |
/** |
64 |
* Check, if there is already a key pair |
|
65 |
* |
|
66 |
* @return bool |
|
67 |
*/ |
|
68 |
public function isReady(){ |
|
69 |
return (isset($this->exponent) && (isset($this->privateKey) && isset($this->publicKeyModulus)); |
|
70 |
} |
|
71 | ||
72 |
/** |
|
64 | 73 |
* Retrieves the exponent. |
65 | 74 |
* |
66 | 75 |
* @return string The exponent |
... | ... | |
70 | 79 |
} |
71 | 80 | |
72 | 81 |
/** |
73 |
* Sets the private key |
|
82 |
* Sets the exponent if not already set |
|
74 | 83 |
* |
75 |
* @param string $privateKey The new private key |
|
84 |
* @param string $privateKey The new exponent |
|
76 | 85 |
* @return void |
77 | 86 |
*/ |
78 | 87 |
public function setExponent($exponent) { |
79 |
$this->exponent = $exponent; |
|
88 |
if(!$this->isReady()) { |
|
89 |
$this->exponent = $exponent; |
|
90 |
} else { |
|
91 |
throw new Exception( |
|
92 |
'TYPO3 Fatal Error: tx_rsaauth_keypair::setExponent() don\'t set the exponent two times!', |
|
93 |
1296062838 |
|
94 |
); |
|
95 |
} |
|
80 | 96 |
} |
81 | 97 | |
82 | 98 |
/** |
... | ... | |
89 | 105 |
} |
90 | 106 | |
91 | 107 |
/** |
92 |
* Sets the private key |
|
108 |
* Sets the private key if not already set |
|
93 | 109 |
* |
94 | 110 |
* @param string $privateKey The new private key |
95 | 111 |
* @return void |
96 | 112 |
*/ |
97 | 113 |
public function setPrivateKey($privateKey) { |
98 |
$this->privateKey = $privateKey; |
|
114 |
if(!$this->isReady()) { |
|
115 |
$this->privateKey = $privateKey; |
|
116 |
} else { |
|
117 |
throw new Exception( |
|
118 |
'TYPO3 Fatal Error: tx_rsaauth_keypair::setPrivateKey() don\'t set the private key two times!', |
|
119 |
1296062838 |
|
120 |
); |
|
121 |
} |
|
99 | 122 |
} |
100 | 123 | |
101 | 124 |
/** |
... | ... | |
108 | 131 |
} |
109 | 132 | |
110 | 133 |
/** |
111 |
* Sets the public key modulus |
|
134 |
* Sets the public key modulus if not already set |
|
112 | 135 |
* |
113 | 136 |
* @param string $publicKeyModulus The new public key modulus |
114 | 137 |
* @return void |
115 | 138 |
*/ |
116 | 139 |
public function setPublicKey($publicKeyModulus) { |
117 |
$this->publicKeyModulus = $publicKeyModulus; |
|
140 |
if(!$this->isReady()) { |
|
141 |
$this->publicKeyModulus = $publicKeyModulus; |
|
142 |
} else { |
|
143 |
throw new Exception( |
|
144 |
'TYPO3 Fatal Error: tx_rsaauth_keypair::setPublicKey() don\'t set the public key two times!', |
|
145 |
1296062838 |
|
146 |
); |
|
147 |
} |
|
118 | 148 |
} |
119 | 149 |
} |
120 | 150 |
typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_php_backend.php (working copy) | ||
---|---|---|
42 | 42 |
class tx_rsaauth_php_backend extends tx_rsaauth_abstract_backend { |
43 | 43 | |
44 | 44 |
/** |
45 |
* Creates a new public/private key pair using PHP OpenSSL extension. |
|
45 |
* Creates a new or get an existing public/private key pair using PHP OpenSSL extension. |
|
46 | 46 |
* |
47 | 47 |
* @return tx_rsaauth_keypair A new key pair or null in case of error |
48 | 48 |
* @see tx_rsaauth_abstract_backend::createNewKeyPair() |
49 | 49 |
*/ |
50 |
public function createNewKeyPair() { |
|
51 |
$result = null; |
|
52 |
$privateKey = @openssl_pkey_new(); |
|
53 |
if ($privateKey) { |
|
54 |
// Create private key as string |
|
55 |
$privateKeyStr = ''; |
|
56 |
openssl_pkey_export($privateKey, $privateKeyStr); |
|
57 | ||
58 |
// Prepare public key information |
|
59 |
$exportedData = ''; |
|
60 |
$csr = openssl_csr_new(array(), $privateKey); |
|
61 |
openssl_csr_export($csr, $exportedData, false); |
|
62 | ||
63 |
// Get public key (in fact modulus) and exponent |
|
64 |
$publicKey = $this->extractPublicKeyModulus($exportedData); |
|
65 |
$exponent = $this->extractExponent($exportedData); |
|
66 | ||
67 |
// Create result object |
|
68 |
$result = t3lib_div::makeInstance('tx_rsaauth_keypair'); |
|
69 |
/* @var $result tx_rsaauth_keypair */ |
|
70 |
$result->setExponent($exponent); |
|
71 |
$result->setPrivateKey($privateKeyStr); |
|
72 |
$result->setPublicKey($publicKey); |
|
73 | ||
74 |
// Clean up all resources |
|
75 |
openssl_free_key($privateKey); |
|
50 |
public function getKeyPair() { |
|
51 |
// Create result object |
|
52 |
$result = t3lib_div::makeInstance('tx_rsaauth_keypair'); |
|
53 |
if(!$result->isReady()){ |
|
54 |
$privateKey = @openssl_pkey_new(); |
|
55 |
if ($privateKey) { |
|
56 |
// Create private key as string |
|
57 |
$privateKeyStr = ''; |
|
58 |
openssl_pkey_export($privateKey, $privateKeyStr); |
|
59 |
|
|
60 |
// Prepare public key information |
|
61 |
$exportedData = ''; |
|
62 |
$csr = openssl_csr_new(array(), $privateKey); |
|
63 |
openssl_csr_export($csr, $exportedData, false); |
|
64 |
|
|
65 |
// Get public key (in fact modulus) and exponent |
|
66 |
$publicKey = $this->extractPublicKeyModulus($exportedData); |
|
67 |
$exponent = $this->extractExponent($exportedData); |
|
68 |
|
|
69 |
/* @var $result tx_rsaauth_keypair */ |
|
70 |
$result->setExponent($exponent); |
|
71 |
$result->setPrivateKey($privateKeyStr); |
|
72 |
$result->setPublicKey($publicKey); |
|
73 |
|
|
74 |
// Clean up all resources |
|
75 |
openssl_free_key($privateKey); |
|
76 |
} |
|
76 | 77 |
} |
77 | 78 |
return $result; |
78 | 79 |
} |