SignCore.php 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Lukas Reschke <lukas@statuscode.ch>
  6. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  7. *
  8. * @license AGPL-3.0
  9. *
  10. * This code is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License, version 3,
  12. * as published by the Free Software Foundation.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License, version 3,
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>
  21. *
  22. */
  23. namespace OC\Core\Command\Integrity;
  24. use OC\IntegrityCheck\Checker;
  25. use OC\IntegrityCheck\Helpers\FileAccessHelper;
  26. use phpseclib\Crypt\RSA;
  27. use phpseclib\File\X509;
  28. use Symfony\Component\Console\Command\Command;
  29. use Symfony\Component\Console\Input\InputInterface;
  30. use Symfony\Component\Console\Input\InputOption;
  31. use Symfony\Component\Console\Output\OutputInterface;
  32. /**
  33. * Class SignCore
  34. *
  35. * @package OC\Core\Command\Integrity
  36. */
  37. class SignCore extends Command {
  38. /** @var Checker */
  39. private $checker;
  40. /** @var FileAccessHelper */
  41. private $fileAccessHelper;
  42. /**
  43. * @param Checker $checker
  44. * @param FileAccessHelper $fileAccessHelper
  45. */
  46. public function __construct(Checker $checker,
  47. FileAccessHelper $fileAccessHelper) {
  48. parent::__construct(null);
  49. $this->checker = $checker;
  50. $this->fileAccessHelper = $fileAccessHelper;
  51. }
  52. protected function configure() {
  53. $this
  54. ->setName('integrity:sign-core')
  55. ->setDescription('Sign core using a private key.')
  56. ->addOption('privateKey', null, InputOption::VALUE_REQUIRED, 'Path to private key to use for signing')
  57. ->addOption('certificate', null, InputOption::VALUE_REQUIRED, 'Path to certificate to use for signing')
  58. ->addOption('path', null, InputOption::VALUE_REQUIRED, 'Path of core to sign');
  59. }
  60. /**
  61. * {@inheritdoc }
  62. */
  63. protected function execute(InputInterface $input, OutputInterface $output) {
  64. $privateKeyPath = $input->getOption('privateKey');
  65. $keyBundlePath = $input->getOption('certificate');
  66. $path = $input->getOption('path');
  67. if(is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) {
  68. $output->writeln('--privateKey, --certificate and --path are required.');
  69. return null;
  70. }
  71. $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
  72. $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
  73. if($privateKey === false) {
  74. $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
  75. return null;
  76. }
  77. if($keyBundle === false) {
  78. $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
  79. return null;
  80. }
  81. $rsa = new RSA();
  82. $rsa->loadKey($privateKey);
  83. $x509 = new X509();
  84. $x509->loadX509($keyBundle);
  85. $x509->setPrivateKey($rsa);
  86. try {
  87. $this->checker->writeCoreSignature($x509, $rsa, $path);
  88. $output->writeln('Successfully signed "core"');
  89. } catch (\Exception $e){
  90. $output->writeln('Error: ' . $e->getMessage());
  91. return 1;
  92. }
  93. return 0;
  94. }
  95. }