SignApp.php 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OC\Core\Command\Integrity;
  26. use OC\IntegrityCheck\Checker;
  27. use OC\IntegrityCheck\Helpers\FileAccessHelper;
  28. use OCP\IURLGenerator;
  29. use phpseclib\Crypt\RSA;
  30. use phpseclib\File\X509;
  31. use Symfony\Component\Console\Command\Command;
  32. use Symfony\Component\Console\Input\InputInterface;
  33. use Symfony\Component\Console\Input\InputOption;
  34. use Symfony\Component\Console\Output\OutputInterface;
  35. /**
  36. * Class SignApp
  37. *
  38. * @package OC\Core\Command\Integrity
  39. */
  40. class SignApp extends Command {
  41. /** @var Checker */
  42. private $checker;
  43. /** @var FileAccessHelper */
  44. private $fileAccessHelper;
  45. /** @var IURLGenerator */
  46. private $urlGenerator;
  47. /**
  48. * @param Checker $checker
  49. * @param FileAccessHelper $fileAccessHelper
  50. * @param IURLGenerator $urlGenerator
  51. */
  52. public function __construct(Checker $checker,
  53. FileAccessHelper $fileAccessHelper,
  54. IURLGenerator $urlGenerator) {
  55. parent::__construct(null);
  56. $this->checker = $checker;
  57. $this->fileAccessHelper = $fileAccessHelper;
  58. $this->urlGenerator = $urlGenerator;
  59. }
  60. protected function configure() {
  61. $this
  62. ->setName('integrity:sign-app')
  63. ->setDescription('Signs an app using a private key.')
  64. ->addOption('path', null, InputOption::VALUE_REQUIRED, 'Application to sign')
  65. ->addOption('privateKey', null, InputOption::VALUE_REQUIRED, 'Path to private key to use for signing')
  66. ->addOption('certificate', null, InputOption::VALUE_REQUIRED, 'Path to certificate to use for signing');
  67. }
  68. /**
  69. * {@inheritdoc }
  70. */
  71. protected function execute(InputInterface $input, OutputInterface $output): int {
  72. $path = $input->getOption('path');
  73. $privateKeyPath = $input->getOption('privateKey');
  74. $keyBundlePath = $input->getOption('certificate');
  75. if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) {
  76. $documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity');
  77. $output->writeln('This command requires the --path, --privateKey and --certificate.');
  78. $output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"');
  79. $output->writeln('For more information please consult the documentation: '. $documentationUrl);
  80. return 1;
  81. }
  82. $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
  83. $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
  84. if ($privateKey === false) {
  85. $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
  86. return 1;
  87. }
  88. if ($keyBundle === false) {
  89. $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
  90. return 1;
  91. }
  92. $rsa = new RSA();
  93. $rsa->loadKey($privateKey);
  94. $x509 = new X509();
  95. $x509->loadX509($keyBundle);
  96. $x509->setPrivateKey($rsa);
  97. try {
  98. $this->checker->writeAppSignature($path, $x509, $rsa);
  99. $output->writeln('Successfully signed "'.$path.'"');
  100. } catch (\Exception $e) {
  101. $output->writeln('Error: ' . $e->getMessage());
  102. return 1;
  103. }
  104. return 0;
  105. }
  106. }