/**
* {@inheritdoc }
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$privateKeyPath = $input->getOption('privateKey');
$keyBundlePath = $input->getOption('certificate');
$path = $input->getOption('path');
if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) {
$output->writeln('--privateKey, --certificate and --path are required.');
return null;
}
$privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
$keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
if ($privateKey === false) {
$output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
return null;
}
if ($keyBundle === false) {
$output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
return null;
}
$rsa = new RSA();
$rsa->loadKey($privateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$x509->setPrivateKey($rsa);
$this->checker->writeCoreSignature($x509, $rsa, $path);
$output->writeln('Successfully signed "core"');
}
public function testSaveUnsupportedExtension()
{
$x509 = new X509();
$cert = $x509->loadX509('-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x
MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw
FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy
wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B
d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM
BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl
LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF
BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw
Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0
ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF
AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp
ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le
IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==
-----END CERTIFICATE-----');
$asn1 = new ASN1();
$value = $this->encodeOID('1.2.3.4');
$ext = chr(ASN1::TYPE_OBJECT_IDENTIFIER) . $asn1->_encodeLength(strlen($value)) . $value;
$value = 'zzzzzzzzz';
$ext .= chr(ASN1::TYPE_OCTET_STRING) . $asn1->_encodeLength(strlen($value)) . $value;
$ext = chr(ASN1::TYPE_SEQUENCE | 0x20) . $asn1->_encodeLength(strlen($ext)) . $ext;
$cert['tbsCertificate']['extensions'][4] = new Element($ext);
$result = $x509->loadX509($x509->saveX509($cert));
$this->assertCount(5, $result['tbsCertificate']['extensions']);
}
public function __construct($certificate)
{
$x509 = new X509();
$x509result = $x509->loadX509($certificate);
$this->x509 = $x509;
$this->x509result = $x509result;
}
/**
* Check if inputfile is correct.
*
* @param $contents
*
* @throws Exception
*/
protected function guardAgainstInvalidContents($contents)
{
$x509 = new X509();
if (!$x509->loadX509($contents)) {
throw new Exception('Invalid inputfile given.');
}
}
/**
* @group github705
*/
public function testSaveNullRSAParam()
{
$privKey = new RSA();
$privKey->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDMswfEpAgnUDWA74zZw5XcPsWh1ly1Vk99tsqwoFDkLF7jvXy1
dDLHYfuquvfxCgcp8k/4fQhx4ubR8bbGgEq9B05YRnViK0R0iBB5Ui4IaxWYYhKE
8xqAEH2fL+/7nsqqNFKkEN9KeFwc7WbMY49U2adlMrpBdRjk1DqIEW3QTwIDAQAB
AoGBAJ+83cT/1DUJjJcPWLTeweVbPtJp+3Ku5d1OdaGbmURVs764scbP5Ihe2AuF
V9LLZoe/RdS9jYeB72nJ3D3PA4JVYYgqMOnJ8nlUMNQ+p0yGl5TqQk6EKLI8MbX5
kQEazNqFXsiWVQXubAd5wjtb6g0n0KD3zoT/pWLES7dtUFexAkEA89h5+vbIIl2P
H/NnkPie2NWYDZ1YiMGHFYxPDwsd9KCZMSbrLwAhPg9bPgqIeVNfpwxrzeksS6D9
P98tJt335QJBANbnCe+LhDSrkpHMy9aOG2IdbLGG63MSRUCPz8v2gKPq3kYXDxq6
Y1iqF8N5g0k5iirHD2qlWV5Q+nuGvFTafCMCQQC1wQiC0IkyXEw/Q31RqI82Dlcs
5rhEDwQyQof3LZEhcsdcxKaOPOmKSYX4A3/f9w4YBIEiVQfoQ1Ig1qfgDZklAkAT
TQDJcOBY0qgBTEFqbazr7PScJR/0X8m0eLYS/XqkPi3kYaHLpr3RcsVbmwg9hVtx
aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt
-----END RSA PRIVATE KEY-----');
$pubKey = new RSA();
$pubKey->loadKey($privKey->getPublicKey());
$pubKey->setPublicKey();
$subject = new X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
$subject->setPublicKey($pubKey);
$issuer = new X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());
$x509 = new X509();
$result = $x509->sign($issuer, $subject);
$cert = $x509->saveX509($result);
$cert = $x509->loadX509($cert);
$this->assertArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']);
$this->assertArrayHasKey('parameters', $cert['signatureAlgorithm']);
$this->assertArrayHasKey('parameters', $cert['tbsCertificate']['signature']);
}
/**
* Verifies the signature for the specified path.
*
* @param string $signaturePath
* @param string $basePath
* @param string $certificateCN
* @return array
* @throws InvalidSignatureException
* @throws \Exception
*/
private function verify($signaturePath, $basePath, $certificateCN)
{
if (!$this->isCodeCheckEnforced()) {
return [];
}
$signatureData = json_decode($this->fileAccessHelper->file_get_contents($signaturePath), true);
if (!is_array($signatureData)) {
throw new InvalidSignatureException('Signature data not found.');
}
$expectedHashes = $signatureData['hashes'];
ksort($expectedHashes);
$signature = base64_decode($signatureData['signature']);
$certificate = $signatureData['certificate'];
// Check if certificate is signed by ownCloud Root Authority
$x509 = new \phpseclib\File\X509();
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);
$x509->loadX509($certificate);
if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');
}
// Verify if certificate has proper CN. "core" CN is always trusted.
if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
throw new InvalidSignatureException(sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true)));
}
// Check if the signature of the files is valid
$rsa = new \phpseclib\Crypt\RSA();
$rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
$rsa->setMGFHash('sha512');
if (!$rsa->verify(json_encode($expectedHashes), $signature)) {
throw new InvalidSignatureException('Signature could not get verified.');
}
// Compare the list of files which are not identical
$currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
$differencesA = array_diff($expectedHashes, $currentInstanceHashes);
$differencesB = array_diff($currentInstanceHashes, $expectedHashes);
$differences = array_unique(array_merge($differencesA, $differencesB));
$differenceArray = [];
foreach ($differences as $filename => $hash) {
// Check if file should not exist in the new signature table
if (!array_key_exists($filename, $expectedHashes)) {
$differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
$differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
continue;
}
// Check if file is missing
if (!array_key_exists($filename, $currentInstanceHashes)) {
$differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['FILE_MISSING'][$filename]['current'] = '';
continue;
}
// Check if hash does mismatch
if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
$differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
continue;
}
// Should never happen.
throw new \Exception('Invalid behaviour in file hash comparison experienced. Please report this error to the developers.');
}
return $differenceArray;
}
function testVerifyWithGoogleIDToken()
{
$id_token_string = file_get_contents($this->fixture_dir . 'google.jwt');
$cert_string = file_get_contents($this->fixture_dir . 'google.crt');
$x509 = new X509();
$x509->loadX509($cert_string);
$public_key = $x509->getPublicKey()->getPublicKey();
$jwt = JOSE_JWT::decode($id_token_string);
$jws = new JOSE_JWS($jwt);
$this->assertInstanceOf('JOSE_JWS', $jws->verify($public_key));
}
public function testWriteCoreSignatureWithValidModifiedHtaccess()
{
$expectedSignatureFileData = '{
"hashes": {
".htaccess": "a232e6a616c40635d0220e47ebaade40348aadf141a67a331b8870b8fae056584e52fe8b56c49468ee17b58f92cbcd269dc30ae598d6206e97f7d8bb00a766c6",
"subfolder\\/.htaccess": "2c57b1e25050e11dc3ae975832f378c452159f7b69f818e47eeeafadd6ba568517461dcb4d843b90b906cd7c89d161bc1b89dff8e3ae0eb6f5088508c47befd1"
},
"signature": "LNHvrAFg7NJL9h8TanIFmiI3xnmNRz8pltVgRJpnQTqLJCkhZWV5+poHIii\\/\\/dI4NhBijsoN0AAJckf1KFzyeI2rOk3w+niaOEXX7khoJDgbxuz0kwN13Bxa1A6j0cMFqm9IIWet0JK9MKaL8K\\/n3CzNYovXhRBdJsYTQVWvkaY5KMQgTP2roqgaLBABfI8+fuZVnKie1D737UJ3LhxesEtqr9mJEUSdYuN1QpaScdv7bMkX7xTcg02T5Ljs4F0KsKSME43Pzxm33qCQ\\/Gyfsz\\/iNKHYQztg9wPkSanbqvFnDtHhcIhKBsETCbNuBZqBk0AwYCupLIJTjC6SShHc4TtWiv834wtSmc1fYfzrsq7gJalJifFAaeGemzFwkePFlVqjdYc63KSqK8ut0jEcjKPAmJ+5NCUoxc8iASMJCesf31mzUPlw1L9LCBMA0aywDqkZYK4tJHZYMvXc4UkSs19OuAzUbXMoVHsJ03ftfC02gpg4hqZDSiBqYuyKMvt2xuutTA+xQcl3fQGUuNdSmBqUFm0D5cCvT10aZPNUXA2cnS+89u58QSxO1wEZJCYKOrDvX1oqOyJs\\/c8GNip3LwheIF2KB8\\/Zh83h8ZncDxuesAzq89IjV815K3P1G\\/kSVPhvQapw1KMLu9rBDZ3FVvQw8K8fg5a7opBrK2ggGds=",
"certificate": "-----BEGIN CERTIFICATE-----\\r\\nMIIEvjCCAqagAwIBAgIUc\\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\\r\\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\\r\\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\\r\\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\\r\\niOf4RwPXR6SE9bWZEm\\/b72SfWk\\/\\/J6AbrD8WiOzBuT\\/ODy6k5T1arEdHO+Pux0W1\\r\\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\\/xolP3oD+eLbShPcblhdS\\r\\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\\r\\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\\/2riAzIssMFSCarWCx0AKYb54+d\\r\\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\\r\\nH87KFhYW8tKFFvF1V3AHl\\/sFQ9tDHaxM9Y0pZ2jPp\\/ccdiqnmdkBxBDqsiRvHvVB\\r\\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\\/wAtd2vUW8UFiq\\r\\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\\/zrM0\\r\\ni8nfCFwTxWRxp3H9KoECzO\\/zS5R5KIS7s3\\/wq\\/w9T2Ie4rcecgXwDizwnn0C\\/aKc\\r\\nbDIjujpL1s9HO05pcD\\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\\r\\nQ238lC+A\\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\\r\\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\\r\\noNCXUbExC\\/0iCPUqdHZIVb+Lc\\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\\r\\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\\r\\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\\/55\\r\\ncf3Fovj6JJgbb9XFxrdnsOsDOu\\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\\r\\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\\/\\/+TJtXRbyNgsf\\r\\noMRZGi8DLGU2SGEAHcRH\\/QZHq\\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\\r\\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\\/XUxEWOa2F\\r\\nK2EqhErgMK\\/N07U1JJJay5tYZRtvkGq46oP\\/5kQG8hYST0MDK6VihJoPpvCmAm4E\\r\\npEYKQ96x6A4EH9Y9mZlYozH\\/eqmxPbTK8n89\\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\\r\\nV204fGUkJqW5CrKy3P3XvY9X\\r\\n-----END CERTIFICATE-----"
}';
$this->environmentHelper->expects($this->any())->method('getServerRoot')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent'));
$this->fileAccessHelper->expects($this->once())->method('file_put_contents')->with(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json', $expectedSignatureFileData);
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
$rsa = new RSA();
$rsa->loadKey($rsaPrivateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
}
public function testWriteCoreSignature()
{
$expectedSignatureFileData = '{
"hashes": {
"AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
"subfolder\\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
},
"signature": "dYoohBaWIFR\\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\\/Oz8LWFd+BEUQjC2LJgojPnpzaG\\/msw1nBkX16NNVDWWtJ25Bc\\/r\\/mG46rwjWB\\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
"certificate": "-----BEGIN CERTIFICATE-----\\r\\nMIIEvjCCAqagAwIBAgIUc\\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\\r\\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\\r\\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\\r\\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\\r\\niOf4RwPXR6SE9bWZEm\\/b72SfWk\\/\\/J6AbrD8WiOzBuT\\/ODy6k5T1arEdHO+Pux0W1\\r\\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\\/xolP3oD+eLbShPcblhdS\\r\\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\\r\\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\\/2riAzIssMFSCarWCx0AKYb54+d\\r\\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\\r\\nH87KFhYW8tKFFvF1V3AHl\\/sFQ9tDHaxM9Y0pZ2jPp\\/ccdiqnmdkBxBDqsiRvHvVB\\r\\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\\/wAtd2vUW8UFiq\\r\\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\\/zrM0\\r\\ni8nfCFwTxWRxp3H9KoECzO\\/zS5R5KIS7s3\\/wq\\/w9T2Ie4rcecgXwDizwnn0C\\/aKc\\r\\nbDIjujpL1s9HO05pcD\\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\\r\\nQ238lC+A\\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\\r\\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\\r\\noNCXUbExC\\/0iCPUqdHZIVb+Lc\\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\\r\\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\\r\\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\\/55\\r\\ncf3Fovj6JJgbb9XFxrdnsOsDOu\\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\\r\\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\\/\\/+TJtXRbyNgsf\\r\\noMRZGi8DLGU2SGEAHcRH\\/QZHq\\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\\r\\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\\/XUxEWOa2F\\r\\nK2EqhErgMK\\/N07U1JJJay5tYZRtvkGq46oP\\/5kQG8hYST0MDK6VihJoPpvCmAm4E\\r\\npEYKQ96x6A4EH9Y9mZlYozH\\/eqmxPbTK8n89\\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\\r\\nV204fGUkJqW5CrKy3P3XvY9X\\r\\n-----END CERTIFICATE-----"
}';
$this->environmentHelper->expects($this->any())->method('getServerRoot')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/app/'));
$this->fileAccessHelper->expects($this->once())->method('file_put_contents')->with(\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $expectedSignatureFileData);
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
$rsa = new RSA();
$rsa->loadKey($rsaPrivateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa);
}
public function testWriteCoreSignatureWithValidModifiedHtaccessAndUserIni()
{
$expectedSignatureFileData = '{
"hashes": {
".htaccess": "ef34c5f35fffb6e8e3008c2118617b53243cfc5ac2513edba9ebd383169862bc16e4f889316ad65788d6b172fe14713af90908c19838c4ba13b4146e12c7ac62",
".user.ini": "0a557e3cdca4c2e3675deed761d79d109011dcdebbd9c7f6429f1d3476938ec95729543d7384651d1d0c48e26c5024cc5f517445920915a704ea748bdb903c5f",
"subfolder\\/.htaccess": "2c57b1e25050e11dc3ae975832f378c452159f7b69f818e47eeeafadd6ba568517461dcb4d843b90b906cd7c89d161bc1b89dff8e3ae0eb6f5088508c47befd1"
},
"signature": "d6pqYc0pj5hihZK4Pi\\/rM9XguY1xK9LEch+jUcxZWwhzOPL4qVHx5LN4FAhEOnr5ZjuhK\\/umVEUjieamF4z8tP\\/4nnnu2LmRuPMmj6+1tBEwbsKoeg7NiYfYL5h+VSdBePpIZDmjk0tjEpsMtCPhUPAY5vOSSDJ3Xef4KQIpeL6RKIctDcVdO26QWPLFpCo9NK3j91KHuXTcjbAsATDo+oXQzi0CaomBqL6Ft1SU\\/Bdes6usgeVWd6mGygZ6zUCLqB4hSi6335xIkkUO1c3NekWksiqTWqdmVIpsTEsIpapx+nE0UFBGc7ZF2rnamg5813g67M5V\\/UwhBRcHobMFWfbp73QDUsHcuLCOhamgYh7hbVIlDP7LS2V3kIRLgMLBVwLnvb8LAbaGUsdYGtbfmrhcMK\\/jkpGCv0pqUCc4I+1QuVexNEQrdqafwYRnQUsmdFSFaCASYVvgxPrY5jA+y1HwNX5HEc5mMzVORNPhZXUcxWBRUQxUESY5j473DInMQUhq7SLVNAaglxDR1a9M5tQO8engvIJ5eTImLITm0qdefmEvFrxQ0BrrGmPNFYUysrHeNGDhMkGX+JIONj+T4Ht3Z7dr7cfufYDHRaummsTGgRx6206zRSqavsBWL\\/Cbzrfu1HhiRagncVcoL40EommJt8lobaKHs3GZ8k861Wo=",
"certificate": "-----BEGIN CERTIFICATE-----\\r\\nMIIEvjCCAqagAwIBAgIUc\\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\\r\\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\\r\\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\\r\\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\\r\\niOf4RwPXR6SE9bWZEm\\/b72SfWk\\/\\/J6AbrD8WiOzBuT\\/ODy6k5T1arEdHO+Pux0W1\\r\\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\\/xolP3oD+eLbShPcblhdS\\r\\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\\r\\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\\/2riAzIssMFSCarWCx0AKYb54+d\\r\\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\\r\\nH87KFhYW8tKFFvF1V3AHl\\/sFQ9tDHaxM9Y0pZ2jPp\\/ccdiqnmdkBxBDqsiRvHvVB\\r\\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\\/wAtd2vUW8UFiq\\r\\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\\/zrM0\\r\\ni8nfCFwTxWRxp3H9KoECzO\\/zS5R5KIS7s3\\/wq\\/w9T2Ie4rcecgXwDizwnn0C\\/aKc\\r\\nbDIjujpL1s9HO05pcD\\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\\r\\nQ238lC+A\\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\\r\\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\\r\\noNCXUbExC\\/0iCPUqdHZIVb+Lc\\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\\r\\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\\r\\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\\/55\\r\\ncf3Fovj6JJgbb9XFxrdnsOsDOu\\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\\r\\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\\/\\/+TJtXRbyNgsf\\r\\noMRZGi8DLGU2SGEAHcRH\\/QZHq\\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\\r\\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\\/XUxEWOa2F\\r\\nK2EqhErgMK\\/N07U1JJJay5tYZRtvkGq46oP\\/5kQG8hYST0MDK6VihJoPpvCmAm4E\\r\\npEYKQ96x6A4EH9Y9mZlYozH\\/eqmxPbTK8n89\\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\\r\\nV204fGUkJqW5CrKy3P3XvY9X\\r\\n-----END CERTIFICATE-----"
}';
$this->environmentHelper->expects($this->any())->method('getServerRoot')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent'));
$this->fileAccessHelper->expects($this->once())->method('file_put_contents')->with(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json', $expectedSignatureFileData);
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
$rsa = new RSA();
$rsa->loadKey($rsaPrivateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
}
/**
* {@inheritdoc }
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$path = $input->getOption('path');
$privateKeyPath = $input->getOption('privateKey');
$keyBundlePath = $input->getOption('certificate');
if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) {
$documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity');
$output->writeln('This command requires the --path, --privateKey and --certificate.');
$output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"');
$output->writeln('For more information please consult the documentation: ' . $documentationUrl);
return null;
}
$privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
$keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
if ($privateKey === false) {
$output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
return null;
}
if ($keyBundle === false) {
$output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
return null;
}
$rsa = new RSA();
$rsa->loadKey($privateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$x509->setPrivateKey($rsa);
$this->checker->writeAppSignature($path, $x509, $rsa);
$output->writeln('Successfully signed "' . $path . '"');
}
