SignCore.php 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OC\Core\Command\Integrity;
  26. use OC\IntegrityCheck\Checker;
  27. use OC\IntegrityCheck\Helpers\FileAccessHelper;
  28. use phpseclib\Crypt\RSA;
  29. use phpseclib\File\X509;
  30. use Symfony\Component\Console\Command\Command;
  31. use Symfony\Component\Console\Input\InputInterface;
  32. use Symfony\Component\Console\Input\InputOption;
  33. use Symfony\Component\Console\Output\OutputInterface;
  34. /**
  35. * Class SignCore
  36. *
  37. * @package OC\Core\Command\Integrity
  38. */
  39. class SignCore extends Command {
  40. /** @var Checker */
  41. private $checker;
  42. /** @var FileAccessHelper */
  43. private $fileAccessHelper;
  44. /**
  45. * @param Checker $checker
  46. * @param FileAccessHelper $fileAccessHelper
  47. */
  48. public function __construct(Checker $checker,
  49. FileAccessHelper $fileAccessHelper) {
  50. parent::__construct(null);
  51. $this->checker = $checker;
  52. $this->fileAccessHelper = $fileAccessHelper;
  53. }
  54. protected function configure() {
  55. $this
  56. ->setName('integrity:sign-core')
  57. ->setDescription('Sign core using a private key.')
  58. ->addOption('privateKey', null, InputOption::VALUE_REQUIRED, 'Path to private key to use for signing')
  59. ->addOption('certificate', null, InputOption::VALUE_REQUIRED, 'Path to certificate to use for signing')
  60. ->addOption('path', null, InputOption::VALUE_REQUIRED, 'Path of core to sign');
  61. }
  62. /**
  63. * {@inheritdoc }
  64. */
  65. protected function execute(InputInterface $input, OutputInterface $output): int {
  66. $privateKeyPath = $input->getOption('privateKey');
  67. $keyBundlePath = $input->getOption('certificate');
  68. $path = $input->getOption('path');
  69. if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) {
  70. $output->writeln('--privateKey, --certificate and --path are required.');
  71. return 1;
  72. }
  73. $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
  74. $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
  75. if ($privateKey === false) {
  76. $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
  77. return 1;
  78. }
  79. if ($keyBundle === false) {
  80. $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
  81. return 1;
  82. }
  83. $rsa = new RSA();
  84. $rsa->loadKey($privateKey);
  85. $x509 = new X509();
  86. $x509->loadX509($keyBundle);
  87. $x509->setPrivateKey($rsa);
  88. try {
  89. $this->checker->writeCoreSignature($x509, $rsa, $path);
  90. $output->writeln('Successfully signed "core"');
  91. } catch (\Exception $e) {
  92. $output->writeln('Error: ' . $e->getMessage());
  93. return 1;
  94. }
  95. return 0;
  96. }
  97. }