SignApp.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OC\Core\Command\Integrity;
  26. use OC\IntegrityCheck\Checker;
  27. use OC\IntegrityCheck\Helpers\FileAccessHelper;
  28. use OCP\IURLGenerator;
  29. use phpseclib\Crypt\RSA;
  30. use phpseclib\File\X509;
  31. use Symfony\Component\Console\Command\Command;
  32. use Symfony\Component\Console\Input\InputInterface;
  33. use Symfony\Component\Console\Input\InputOption;
  34. use Symfony\Component\Console\Output\OutputInterface;
  35. /**
  36. * Class SignApp
  37. *
  38. * @package OC\Core\Command\Integrity
  39. */
  40. class SignApp extends Command {
  41. private Checker $checker;
  42. private FileAccessHelper $fileAccessHelper;
  43. private IURLGenerator $urlGenerator;
  44. public function __construct(Checker $checker,
  45. FileAccessHelper $fileAccessHelper,
  46. IURLGenerator $urlGenerator) {
  47. parent::__construct(null);
  48. $this->checker = $checker;
  49. $this->fileAccessHelper = $fileAccessHelper;
  50. $this->urlGenerator = $urlGenerator;
  51. }
  52. protected function configure() {
  53. $this
  54. ->setName('integrity:sign-app')
  55. ->setDescription('Signs an app using a private key.')
  56. ->addOption('path', null, InputOption::VALUE_REQUIRED, 'Application to sign')
  57. ->addOption('privateKey', null, InputOption::VALUE_REQUIRED, 'Path to private key to use for signing')
  58. ->addOption('certificate', null, InputOption::VALUE_REQUIRED, 'Path to certificate to use for signing');
  59. }
  60. /**
  61. * {@inheritdoc }
  62. */
  63. protected function execute(InputInterface $input, OutputInterface $output): int {
  64. $path = $input->getOption('path');
  65. $privateKeyPath = $input->getOption('privateKey');
  66. $keyBundlePath = $input->getOption('certificate');
  67. if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) {
  68. $documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity');
  69. $output->writeln('This command requires the --path, --privateKey and --certificate.');
  70. $output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"');
  71. $output->writeln('For more information please consult the documentation: '. $documentationUrl);
  72. return 1;
  73. }
  74. $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
  75. $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
  76. if ($privateKey === false) {
  77. $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
  78. return 1;
  79. }
  80. if ($keyBundle === false) {
  81. $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
  82. return 1;
  83. }
  84. $rsa = new RSA();
  85. $rsa->loadKey($privateKey);
  86. $x509 = new X509();
  87. $x509->loadX509($keyBundle);
  88. $x509->setPrivateKey($rsa);
  89. try {
  90. $this->checker->writeAppSignature($path, $x509, $rsa);
  91. $output->writeln('Successfully signed "'.$path.'"');
  92. } catch (\Exception $e) {
  93. $output->writeln('Error: ' . $e->getMessage());
  94. return 1;
  95. }
  96. return 0;
  97. }
  98. }