/**
* {@inheritdoc }
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$privateKeyPath = $input->getOption('privateKey');
$keyBundlePath = $input->getOption('certificate');
$path = $input->getOption('path');
if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) {
$output->writeln('--privateKey, --certificate and --path are required.');
return null;
}
$privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
$keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
if ($privateKey === false) {
$output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
return null;
}
if ($keyBundle === false) {
$output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
return null;
}
$rsa = new RSA();
$rsa->loadKey($privateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$x509->setPrivateKey($rsa);
$this->checker->writeCoreSignature($x509, $rsa, $path);
$output->writeln('Successfully signed "core"');
}
/**
* {@inheritdoc }
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$path = $input->getOption('path');
$privateKeyPath = $input->getOption('privateKey');
$keyBundlePath = $input->getOption('certificate');
if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) {
$documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity');
$output->writeln('This command requires the --path, --privateKey and --certificate.');
$output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"');
$output->writeln('For more information please consult the documentation: ' . $documentationUrl);
return null;
}
$privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
$keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
if ($privateKey === false) {
$output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
return null;
}
if ($keyBundle === false) {
$output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
return null;
}
$rsa = new RSA();
$rsa->loadKey($privateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$x509->setPrivateKey($rsa);
$this->checker->writeAppSignature($path, $x509, $rsa);
$output->writeln('Successfully signed "' . $path . '"');
}
public function testReadAndWrite()
{
$tempManager = \OC::$server->getTempManager();
$filePath = $tempManager->getTemporaryFile();
$data = 'SomeDataGeneratedByIntegrityCheck';
$this->fileAccessHelper->file_put_contents($filePath, $data);
$this->assertSame($data, $this->fileAccessHelper->file_get_contents($filePath));
}
public function testExecute()
{
$inputInterface = $this->getMock('\\Symfony\\Component\\Console\\Input\\InputInterface');
$outputInterface = $this->getMock('\\Symfony\\Component\\Console\\Output\\OutputInterface');
$inputInterface->expects($this->at(0))->method('getOption')->with('privateKey')->will($this->returnValue('privateKey'));
$inputInterface->expects($this->at(1))->method('getOption')->with('certificate')->will($this->returnValue('certificate'));
$this->fileAccessHelper->expects($this->at(0))->method('file_get_contents')->with('privateKey')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/core.key'));
$this->fileAccessHelper->expects($this->at(1))->method('file_get_contents')->with('certificate')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/core.crt'));
$this->checker->expects($this->once())->method('writeCoreSignature');
$outputInterface->expects($this->at(0))->method('writeln')->with('Successfully signed "core"');
$this->invokePrivate($this->signCore, 'execute', [$inputInterface, $outputInterface]);
}
public function testRunInstanceVerification()
{
$this->checker = $this->getMockBuilder('\\OC\\IntegrityCheck\\Checker')->setConstructorArgs([$this->environmentHelper, $this->fileAccessHelper, $this->appLocator, $this->config, $this->cacheFactory, $this->appManager])->setMethods(['verifyCoreSignature', 'verifyAppSignature'])->getMock();
$this->checker->expects($this->at(0))->method('verifyCoreSignature');
$this->appLocator->expects($this->at(0))->Method('getAllApps')->will($this->returnValue(['files', 'calendar', 'contacts', 'dav']));
$this->appManager->expects($this->at(0))->method('isShipped')->with('files')->will($this->returnValue(true));
$this->checker->expects($this->at(1))->method('verifyAppSignature')->with('files');
$this->appManager->expects($this->at(1))->method('isShipped')->with('calendar')->will($this->returnValue(false));
$this->appLocator->expects($this->at(1))->method('getAppPath')->with('calendar')->will($this->returnValue('/apps/calendar'));
$this->fileAccessHelper->expects($this->at(0))->method('file_exists')->with('/apps/calendar/appinfo/signature.json')->will($this->returnValue(true));
$this->checker->expects($this->at(2))->method('verifyAppSignature')->with('calendar');
$this->appManager->expects($this->at(2))->method('isShipped')->with('contacts')->will($this->returnValue(false));
$this->appLocator->expects($this->at(2))->method('getAppPath')->with('contacts')->will($this->returnValue('/apps/contacts'));
$this->fileAccessHelper->expects($this->at(1))->method('file_exists')->with('/apps/contacts/appinfo/signature.json')->will($this->returnValue(false));
$this->appManager->expects($this->at(3))->method('isShipped')->with('dav')->will($this->returnValue(true));
$this->checker->expects($this->at(3))->method('verifyAppSignature')->with('dav');
$this->checker->runInstanceVerification();
}
/**
* Verify the core code of the instance as well as all applicable applications
* and store the results.
*/
public function runInstanceVerification()
{
$this->verifyCoreSignature();
$appIds = $this->appLocator->getAllApps();
foreach ($appIds as $appId) {
// If an application is shipped a valid signature is required
$isShipped = $this->appManager->isShipped($appId);
$appNeedsToBeChecked = false;
if ($isShipped) {
$appNeedsToBeChecked = true;
} elseif ($this->fileAccessHelper->file_exists($this->appLocator->getAppPath($appId) . '/appinfo/signature.json')) {
// Otherwise only if the application explicitly ships a signature.json file
$appNeedsToBeChecked = true;
}
if ($appNeedsToBeChecked) {
$this->verifyAppSignature($appId);
}
}
}
