SignCore.php 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OC\Core\Command\Integrity;
  26. use OC\IntegrityCheck\Checker;
  27. use OC\IntegrityCheck\Helpers\FileAccessHelper;
  28. use phpseclib\Crypt\RSA;
  29. use phpseclib\File\X509;
  30. use Symfony\Component\Console\Command\Command;
  31. use Symfony\Component\Console\Input\InputInterface;
  32. use Symfony\Component\Console\Input\InputOption;
  33. use Symfony\Component\Console\Output\OutputInterface;
  34. /**
  35. * Class SignCore
  36. *
  37. * @package OC\Core\Command\Integrity
  38. */
  39. class SignCore extends Command {
  40. private Checker $checker;
  41. private FileAccessHelper $fileAccessHelper;
  42. public function __construct(Checker $checker,
  43. FileAccessHelper $fileAccessHelper) {
  44. parent::__construct(null);
  45. $this->checker = $checker;
  46. $this->fileAccessHelper = $fileAccessHelper;
  47. }
  48. protected function configure() {
  49. $this
  50. ->setName('integrity:sign-core')
  51. ->setDescription('Sign core using a private key.')
  52. ->addOption('privateKey', null, InputOption::VALUE_REQUIRED, 'Path to private key to use for signing')
  53. ->addOption('certificate', null, InputOption::VALUE_REQUIRED, 'Path to certificate to use for signing')
  54. ->addOption('path', null, InputOption::VALUE_REQUIRED, 'Path of core to sign');
  55. }
  56. /**
  57. * {@inheritdoc }
  58. */
  59. protected function execute(InputInterface $input, OutputInterface $output): int {
  60. $privateKeyPath = $input->getOption('privateKey');
  61. $keyBundlePath = $input->getOption('certificate');
  62. $path = $input->getOption('path');
  63. if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) {
  64. $output->writeln('--privateKey, --certificate and --path are required.');
  65. return 1;
  66. }
  67. $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
  68. $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
  69. if ($privateKey === false) {
  70. $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
  71. return 1;
  72. }
  73. if ($keyBundle === false) {
  74. $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
  75. return 1;
  76. }
  77. $rsa = new RSA();
  78. $rsa->loadKey($privateKey);
  79. $x509 = new X509();
  80. $x509->loadX509($keyBundle);
  81. $x509->setPrivateKey($rsa);
  82. try {
  83. $this->checker->writeCoreSignature($x509, $rsa, $path);
  84. $output->writeln('Successfully signed "core"');
  85. } catch (\Exception $e) {
  86. $output->writeln('Error: ' . $e->getMessage());
  87. return 1;
  88. }
  89. return 0;
  90. }
  91. }