function decrypting($paramCryptResponse)
 {
     $generatedPrivateKey = '';
     $passPhrase = '';
     $currentDir = dirname(__FILE__) . DIRECTORY_SEPARATOR;
     $currentDirParam = $currentDir . 'params.php';
     $parentDirParam = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'params.php';
     if (file_exists($parentDirParam)) {
         include $parentDirParam;
     } else {
         if (file_exists($currentDirParam)) {
             include $currentDirParam;
         }
     }
     $rsa = new Crypt_RSA();
     $rsa->setPassword($passPhrase);
     $rsa->loadKey($generatedPrivateKey);
     $rsa->setPassword();
     $privatekey = $rsa->getPrivateKey();
     $priv = $rsa->_parseKey($privatekey, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
     require_once 'lib/bi2php/biRSA.php';
     $keyDecrypt = new biRSAKeyPair('0', $priv['privateExponent']->toHex(), $priv['modulus']->toHex());
     $decrypted = $keyDecrypt->biDecryptedString($paramCryptResponse);
     if ($decrypted === false) {
         return array(false, false);
     }
     $nlPos = strpos($decrypted, "\n");
     $nlPos = $nlPos === false ? strlen($decrypted) : $nlPos;
     $password = $keyDecrypt->biDecryptedString(substr($decrypted, 0, $nlPos));
     $password = strlen($password) == 0 ? "f32b309d4759446fc81de858322ed391a0c167a0" : $password;
     $challenge = substr($decrypted, $nlPos + 1);
     return array($password, $challenge);
 }
Exemple #2
0
<?php

header('Content-Type: text/javascript');
require 'biRSA.php';
$keyEncrypt = new biRSAKeyPair("a48a65eb6cc757fb487cd6628a83f0a3748032669171e6aabebddde200eb6d2cb9669336d70e422cfe22c17b6ad2efae71c5df9609ede03babf772f519df07b842e88a257e98e006bb706b9d03ab79f2dc6f38928a1461d4267943b1ba4818603001dbfbf97ddf58a4d04b0c63da9a34a9ddc8888a1b833964cf206bb30573e96820cdde618181b6c2b049ffde63af1773714e9b85cc70000141cd179909c2dbf6a358ef54c09ce00174c67e0a3b6b5576cabdf4fd0e6802fa7a0209c556820a0b1a2a6ef52b9a8531ab92ecc232d596953f3de373e1becab2b36b6554c70206f8dba389e8717850079ef54025524887542b2989724adc03f07fa96b285b679", "0", "222d99fdf0616080ebee15d1ff1469bc79a478ac9a13e9af8bb48b4b208b2deaf40c69f4c201f7a7f294d43b3591ec73f826809b62fbd5d15cabeef7baeed786119ca5cecd956d4795d8da7a12da9719349dbd4ea6d90cdae0ac5b280eb425c5ff46f41de567defbd5240471c8c6920d37e2fdd1bf5fd45d5c26364775055002cea3f3b9624f6d470035f18c451f37c454beda5f1b3cf19a787db43845f5a49faaa7f8f3ccde953a152e2588aff267b680b467f028064d9f370e220b153c1ee0ff71f7e5cc017033509b50c3959e49692db0d2741d586f01963572b1c7d00346e8736821728f342452447aa586cca14ffb175a1fadbb2745c714fd3cd15af66d");
$keyDecrypt = new biRSAKeyPair("0", "1001c99eb5adf6c25948cd453b27518246187a79da122f693fe5275fec00ffe42c1a40bc74586d5b2bb806e399c2cdad2a41deba8a65c2c45c976fe75415cd393d46daa5e41f8099b8ea71eab918ed96fa1bd95f67f94b70d70b6f91cc35aec5e73c469ddbafaf2296fb16935747c6c1d233ce010313868240e1857b2882bc0777889a7ab46ccb225df61347872c0e7f9e71af619f421a05c5e8f3e496e9b33fab51f279b7de5c1182f4f2d20988baddf3562215db04afd998299279396ac11c7bb6d0daae021a47f608e93ebf1dc68f8c8841034beb77cfa1ed9cbda8d9123e006e273d3a61c29441a3dbe78f6ef13c55f5ebb5034fe4fb2eb18d1638ab89c9", "222d99fdf0616080ebee15d1ff1469bc79a478ac9a13e9af8bb48b4b208b2deaf40c69f4c201f7a7f294d43b3591ec73f826809b62fbd5d15cabeef7baeed786119ca5cecd956d4795d8da7a12da9719349dbd4ea6d90cdae0ac5b280eb425c5ff46f41de567defbd5240471c8c6920d37e2fdd1bf5fd45d5c26364775055002cea3f3b9624f6d470035f18c451f37c454beda5f1b3cf19a787db43845f5a49faaa7f8f3ccde953a152e2588aff267b680b467f028064d9f370e220b153c1ee0ff71f7e5cc017033509b50c3959e49692db0d2741d586f01963572b1c7d00346e8736821728f342452447aa586cca14ffb175a1fadbb2745c714fd3cd15af66d");
$keyEncrypt = new biRSAKeyPair("142ab99af88b540da02041f562804665", "0", "30f1b353d5a09313825ca5ef7c87033f");
$keyDecrypt = new biRSAKeyPair("0", "266f58f4654cc23e392c2eb99ec90635", "30f1b353d5a09313825ca5ef7c87033f");
if ($_POST['step'] == 2) {
    $decrypted = str_replace(array("\\", '"', '<', "\n", "\r"), array('\\\\', '\\"', "\\<", "\\n", "\\r"), $keyDecrypt->biDecryptedString($_POST['encrypted'], FALSE));
    echo <<<EOT
document.getElementById("serverDecryptedText").value = "{$decrypted}";
EOT;
}
if ($_POST['step'] == 3) {
    $encrypted = str_replace(array('"', '<', "\n", "\r"), array('\\"', "\\<", "\\n", "\\r"), $keyEncrypt->biEncryptedString($_POST['decrypted'], FALSE));
    echo <<<EOT
document.getElementById("serverEncryptedText").value = "{$encrypted}";
EOT;
}
    public function testDecryptJSGenerated()
    {
        $generatedKey = <<<EOL
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAxH7++yiHJUHEDU3wMw+FDfrlgOHNP+yiCFmYQPI0G7oj5uTy
tPMv3YVrEtb2Y62452C6WZcLSwOBqWlLUGfH0NJx35aaZG2CsUheNJEH+WEIFyel
mJmWDmwfZ6DnO+nsICylGWryDfgF7n4854mxa/SfI5bYAJD6x2D3o/NDwanlsbiU
B/ICKQmhZXvqNRRWdIEALasdLsDQ15MCfBTG1vKZqB9hiCFnZQEvrUKfWLdp6Uqa
j15QdEvTFopramsTkQHlOy/CnQDD7Qng8Qzqm7Ycq3Xz2R/nq5k/GeAnQdxKzW1j
QhktWfYrFQtxhyKcPXa/bchNkzctp3a/QRN2WwIDAQABAoIBAFvXoAZ0ovZfDuvJ
CgRTtLUcGDltUSoXyIRunCN/EawEDNPXHzpEkJLR0YI0x2U/xbUgGPnXB4hAU1KD
zJgAafzI4EDJe9CE/xkt4hpfz4JYQBfSiCwTXXfQQb2GD46Jf7xqIaEHw6uTyfH3
PzBZw3vaEqfn0X4yRYT7ZcRT58+UcAQJqQDU/6ZwNckewzhWzh/27LfstV+nJe5u
GSmRdb2H3x9ISKb+EMysM0n+YrNKC9giObCRm7EbIOE5iJvZnA0SiBP/y90anhsS
gHXaN4/cL5/U/ld9Nuk+MOH6R0qoVuGegDjdqHC+fCMUYbMvWKbnZiHU0/PnFfnu
SKxkmgECgYEA4kQDLLEq9ebk1nS402AWx0XNlJHmVR/PFUbVTOT1xMWFhZA4XMnX
KkMmeYIUMDJJcLbTBUYFeoygOM8TA5BSATxHGt9xrO2dl75HWVYP7Ncedc4iSj6P
dM4EsnFHKCgL2LqEuaQnMIDTZKo0WnlLphChJ3MzXwVzK5lXAiKHnaECgYEA3lF6
/o0mYjWTV0PDDYvUp6mtf2h5/V/wSDA7I4IJ9BpnsOIFCdShn8rDYN9qxJS0t3US
8kNNXgFrq2zjCDMibr1xALnyXnPlc86c2+kfgv+7Biu2foJ3MI4cL9umn/y76ENE
6VaO9bUs1HHKA0SFXNEr3ZFjm+kzx3qZZh1MensCgYBn99yFkrss1vXb3TJ4XjTZ
SCfY1tnBz6X2HuAwPxz3V9OstcJQUKa/0q9BMhZYtyKr2jZIvA4Ua73LnMsd3hjw
XGRH4th3H5BEg7iBQlx69bYXZ6q19t0wTOI3pHmP6CbZZYtLSjR/wxJftR3tXML4
AbgrSnIWfYiYRhOG9ZrfQQKBgFkxTWwUywJ5xhwrlnS31eBSRcYo71BFDkyX9RIA
2OdzNIiVlTnlcdZ+7bXOzLIDiyFTOf+yGrcNUNocvFUM1tKg9FY7Q867JqI4kVv1
Amx3FtyZ6wSEaTc0vIBC2m2zYtwDKQGIdaCESHEPGeIHuo2LadLhwpnJjLmKKUL7
nDRDAoGADIHzuzFTYYgG4heLd2yXGv5+MDX+NmVzTr1j5dVOfzpiBJBjCN8Q9x3v
v9nNeZFIhPbhCTjCdY/NlcIHOZqUQulTu1DpDZ7zFO1Fs4aEDnBvp9i8yJquxhOQ
dBazzmZ3S/t2b6NtqClmn/1BgjgnKYURBn888UzbX6lqCNG3/mI=
-----END RSA PRIVATE KEY-----
EOL;
        $enc = '8c87f3e5ef1021a764e80b92b3cf168130b8cb5c5b72016449bfb812da1718cc' . 'ea125dec512a9c91bfc336f35ea1804aafb2ef6b55c715a2fca2c90491d270bd' . '9a857bee7734bfef3252afac67cb3a6c8dcc9168164a44a9c8f31001289077ef' . '3e493d4581cdb94c7812140d1ebca802636cf16cdc5fe48128f758094ebe64fe' . '4b7fb1fb814c8502e1c52fcd9cbc3431a7fc8f3f8dda146eef15b4d14192f444' . '6b9cff5bd8c3f2c8ba90b00ab93263182ad3ed7ad0d460cc02529826c6048091' . '1c712d6e212ced1a7f5fc18a1574fdceb101f28d13cd106e8d04a24de9ab3570' . '77fee33e168b584a1cbf6ea27de9e88a89e1616b18897cd7288d2a02c62434a7';
        $rsa = new Crypt_RSA();
        $rsa->loadKey($generatedKey);
        $keyComp = $rsa->_parseKey($rsa->getPrivateKey(), CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
        $keyDecrypt = new biRSAKeyPair('0', $keyComp['privateExponent']->toHex(), $keyComp['modulus']->toHex());
        $decrypted = $keyDecrypt->biDecryptedString($enc);
        $this->assertEquals("1234OhmyGOD#", $decrypted, "Decrypt from JavaScript encripted date.");
    }
 /**
  * @param $dbProxyInstance
  * @param $options
  * @param $file
  * @param $isURL
  * @return array
  */
 public function checkForFileMakerMedia($dbProxyInstance, $options, $file, $isURL)
 {
     if (strpos($file, "/fmi/xml/cnt/") === 0) {
         // FileMaker's container field storing an image.
         if (isset($options['authentication']['user'][0]) && $options['authentication']['user'][0] == 'database_native') {
             $passPhrase = '';
             $generatedPrivateKey = '';
             // avoid errors for defined in params.php.
             $currentDir = dirname(__FILE__) . DIRECTORY_SEPARATOR;
             $currentDirParam = $currentDir . 'params.php';
             $parentDirParam = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'params.php';
             if (file_exists($parentDirParam)) {
                 include $parentDirParam;
             } else {
                 if (file_exists($currentDirParam)) {
                     include $currentDirParam;
                 }
             }
             $rsa = new Crypt_RSA();
             $rsa->setPassword($passPhrase);
             $rsa->loadKey($generatedPrivateKey);
             $rsa->setPassword();
             $privatekey = $rsa->getPrivateKey();
             $priv = $rsa->_parseKey($privatekey, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
             require_once 'lib/bi2php/biRSA.php';
             $keyDecrypt = new biRSAKeyPair('0', $priv['privateExponent']->toHex(), $priv['modulus']->toHex());
             $cookieNameUser = '******';
             $cookieNamePassword = '******';
             $credential = isset($_COOKIE[$cookieNameUser]) ? urlencode($_COOKIE[$cookieNameUser]) : '';
             if (isset($_COOKIE[$cookieNamePassword])) {
                 $credential .= ':' . urlencode($keyDecrypt->biDecryptedString($_COOKIE[$cookieNamePassword]));
             }
             $urlHost = $dbProxyInstance->dbSettings->getDbSpecProtocol() . '://' . $credential . '@' . $dbProxyInstance->dbSettings->getDbSpecServer() . ':' . $dbProxyInstance->dbSettings->getDbSpecPort();
         } else {
             $urlHost = $dbProxyInstance->dbSettings->getDbSpecProtocol() . "://" . urlencode($dbProxyInstance->dbSettings->getDbSpecUser()) . ":" . urlencode($dbProxyInstance->dbSettings->getDbSpecPassword()) . "@" . $dbProxyInstance->dbSettings->getDbSpecServer() . ":" . $dbProxyInstance->dbSettings->getDbSpecPort();
         }
         $file = $urlHost . str_replace(" ", "%20", $file);
         foreach ($_GET as $key => $value) {
             if ($key !== 'media' && $key !== 'attach') {
                 $file .= "&" . urlencode($key) . "=" . urlencode($value);
             }
         }
         $isURL = true;
         return array($file, $isURL);
     }
     return array($file, $isURL);
 }
 /**
  * @param $options
  * @param null $access
  * @param bool $bypassAuth
  */
 function processingRequest($options, $access = null, $bypassAuth = false)
 {
     $this->logger->setDebugMessage("[processingRequest]", 2);
     $this->outputOfPrcessing = '';
     $generatedPrivateKey = '';
     $passPhrase = '';
     $currentDir = dirname(__FILE__) . DIRECTORY_SEPARATOR;
     $currentDirParam = $currentDir . 'params.php';
     $parentDirParam = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'params.php';
     if (file_exists($parentDirParam)) {
         include $parentDirParam;
     } else {
         if (file_exists($currentDirParam)) {
             include $currentDirParam;
         }
     }
     $messageClass = null;
     if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) {
         $clientLangArray = explode(',', $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
         foreach ($clientLangArray as $oneLanguage) {
             $langCountry = explode(';', $oneLanguage);
             if (strlen($langCountry[0]) > 0) {
                 $clientLang = explode('-', $langCountry[0]);
                 $messageClass = "MessageStrings_{$clientLang['0']}";
                 if (file_exists("{$currentDir}{$messageClass}.php")) {
                     $messageClass = new $messageClass();
                     break;
                 }
             }
             $messageClass = null;
         }
     }
     if ($messageClass == null) {
         $messageClass = new MessageStrings();
     }
     $tableInfo = $this->dbSettings->getDataSourceTargetArray();
     $access = is_null($access) ? $_POST['access'] : $access;
     $clientId = isset($_POST['clientid']) ? $_POST['clientid'] : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "Non-browser-client");
     $this->paramAuthUser = isset($_POST['authuser']) ? $_POST['authuser'] : "";
     $paramResponse = isset($_POST['response']) ? $_POST['response'] : "";
     $this->dbSettings->setRequireAuthentication(false);
     $this->dbSettings->setRequireAuthorization(false);
     $this->dbSettings->setDBNative(false);
     $keywordAuth = $access == "select" ? "load" : $access;
     if (isset($options['authentication']) || $access == 'challenge' || $access == 'changepassword' || isset($tableInfo['authentication']) && (isset($tableInfo['authentication']['all']) || isset($tableInfo['authentication'][$keywordAuth]))) {
         $this->dbSettings->setRequireAuthorization(true);
         $this->dbSettings->setDBNative(false);
         if (isset($options['authentication']['user']) && $options['authentication']['user'][0] == 'database_native') {
             $this->dbSettings->setDBNative(true);
         }
     }
     //        $this->logger->setDebugMessage("dbNative={$this->dbSettings->isDBNative()}", 2);
     //        $this->logger->setDebugMessage("", 2);
     if (!$bypassAuth && $this->dbSettings->getRequireAuthorization()) {
         // Authentication required
         if (strlen($this->paramAuthUser) == 0 || strlen($paramResponse) == 0) {
             // No username or password
             $access = "do nothing";
             $this->dbSettings->setRequireAuthentication(true);
         }
         // User and Password are suppried but...
         if ($access != 'challenge') {
             // Not accessing getting a challenge.
             if ($this->dbSettings->isDBNative()) {
                 $rsa = new Crypt_RSA();
                 $rsa->setPassword($passPhrase);
                 $rsa->loadKey($generatedPrivateKey);
                 $rsa->setPassword();
                 $privatekey = $rsa->getPrivateKey();
                 $priv = $rsa->_parseKey($privatekey, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
                 require_once 'bi2php/biRSA.php';
                 $keyDecrypt = new biRSAKeyPair('0', $priv['privateExponent']->toHex(), $priv['modulus']->toHex());
                 $decrypted = $keyDecrypt->biDecryptedString($paramResponse);
                 //                    $this->logger->setDebugMessage("decrypted={$decrypted}", 2);
                 if ($decrypted !== false) {
                     $nlPos = strpos($decrypted, "\n");
                     $nlPos = $nlPos === false ? strlen($decrypted) : $nlPos;
                     $password = $keyDecrypt->biDecryptedString(substr($decrypted, 0, $nlPos));
                     $password = strlen($password) == 0 ? "f32b309d4759446fc81de858322ed391a0c167a0" : $password;
                     $challenge = substr($decrypted, $nlPos + 1);
                     //                        $this->logger->setDebugMessage("password={$password}", 2);
                     //                        $this->logger->setDebugMessage("paramAuthUser={$this->paramAuthUser}", 2);
                     if (!$this->checkChallenge($challenge, $clientId)) {
                         $access = "do nothing";
                         $this->dbSettings->setRequireAuthentication(true);
                     } else {
                         $this->dbSettings->setUserAndPasswordForAccess($this->paramAuthUser, $password);
                         $this->logger->setDebugMessage("[checkChallenge] returns true.", 2);
                     }
                 } else {
                     $this->logger->setDebugMessage("Can't decrypt.");
                     $access = "do nothing";
                     $this->dbSettings->setRequireAuthentication(true);
                 }
             } else {
                 $noAuthorization = true;
                 $authorizedGroups = $this->dbClass->getAuthorizedGroups($access);
                 $authorizedUsers = $this->dbClass->getAuthorizedUsers($access);
                 $this->logger->setDebugMessage("authorizedUsers=" . var_export($authorizedUsers, true) . "/authorizedGroups=" . var_export($authorizedGroups, true), 2);
                 if (count($authorizedUsers) == 0 && count($authorizedGroups) == 0) {
                     $noAuthorization = false;
                 } else {
                     $signedUser = $this->dbClass->authSupportUnifyUsernameAndEmail($this->dbSettings->getCurrentUser());
                     if (in_array($signedUser, $authorizedUsers)) {
                         $noAuthorization = false;
                     } else {
                         if (count($authorizedGroups) > 0) {
                             $belongGroups = $this->dbClass->authSupportGetGroupsOfUser($signedUser);
                             $this->logger->setDebugMessage($signedUser . "=belongGroups=" . var_export($belongGroups, true), 2);
                             if (count(array_intersect($belongGroups, $authorizedGroups)) != 0) {
                                 $noAuthorization = false;
                             }
                         }
                     }
                 }
                 if ($noAuthorization) {
                     $this->logger->setDebugMessage("Authorization doesn't meet the settings.");
                     $access = "do nothing";
                     $this->dbSettings->setRequireAuthentication(true);
                 }
                 $signedUser = $this->dbClass->authSupportUnifyUsernameAndEmail($this->paramAuthUser);
                 if (!$this->checkAuthorization($signedUser, $paramResponse, $clientId)) {
                     $this->logger->setDebugMessage("Authentication doesn't meet valid.{$signedUser}/{$paramResponse}/{$clientId}");
                     // Not Authenticated!
                     $access = "do nothing";
                     $this->dbSettings->setRequireAuthentication(true);
                 }
             }
         }
     }
     //        $this->logger->setDebugMessage("requireAuthentication={$this->dbSettings->getRequireAuthentication()}", 2);
     //        $this->logger->setDebugMessage("requireAuthorization={$this->dbSettings->getRequireAuthorization()}", 2);
     //        $this->logger->setDebugMessage("access={$access}, target={$this->dbSettings->getTargetName()}", 2);
     // Come here access=challenge or authenticated access
     switch ($access) {
         case 'describe':
             $result = $this->dbClass->getSchema($this->dbSettings->getTargetName());
             $this->outputOfPrcessing = 'dbresult=' . arrayToJS($result, '') . ';' . "resultCount=0;";
             break;
         case 'select':
             $result = $this->getFromDB($this->dbSettings->getTargetName());
             if (isset($tableInfo['protect-reading']) && is_array($tableInfo['protect-reading'])) {
                 $recordCount = count($result);
                 for ($index = 0; $index < $recordCount; $index++) {
                     foreach ($result[$index] as $field => $value) {
                         if (in_array($field, $tableInfo['protect-reading'])) {
                             $result[$index][$field] = "[protected]";
                         }
                     }
                 }
             }
             $this->outputOfPrcessing = 'dbresult=' . arrayToJS($result, '') . ';' . "resultCount='{$this->countQueryResult($this->dbSettings->getTargetName())}';";
             break;
         case 'update':
             if (isset($tableInfo['protect-writing']) && is_array($tableInfo['protect-writing'])) {
                 $fieldArray = array();
                 $valueArray = array();
                 $counter = 0;
                 $fieldValues = $this->dbSettings->getValue();
                 foreach ($this->dbSettings->getFieldsRequired() as $field) {
                     if (!in_array($field, $tableInfo['protect-writing'])) {
                         $fieldArray[] = $field;
                         $valueArray[] = $fieldValues[$counter];
                     }
                     $counter++;
                 }
                 $this->dbSettings->setTargetFields($fieldArray);
                 $this->dbSettings->setValue($valueArray);
             }
             $this->setToDB($this->dbSettings->getTargetName());
             break;
         case 'new':
             $result = $this->newToDB($this->dbSettings->getTargetName(), $bypassAuth);
             $this->outputOfPrcessing = "newRecordKeyValue='{$result}';";
             break;
         case 'delete':
             $this->deleteFromDB($this->dbSettings->getTargetName());
             break;
         case 'challenge':
             break;
         case 'changepassword':
             if (isset($_POST['newpass'])) {
                 $changeResult = $this->changePassword($this->paramAuthUser, $_POST['newpass']);
                 $this->outputOfPrcessing = "changePasswordResult=" . ($changeResult ? "true;" : "false;");
             } else {
                 $this->outputOfPrcessing = "changePasswordResult=false;";
             }
             break;
     }
     //        $this->logger->setDebugMessage("requireAuthentication={$this->dbSettings->getRequireAuthentication()}", 2);
     //        $this->logger->setDebugMessage("requireAuthorization={$this->dbSettings->getRequireAuthorization()}", 2);
     if ($this->logger->getDebugLevel() !== false) {
         $fInfo = $this->getFieldInfo($this->dbSettings->getTargetName());
         if ($fInfo != null) {
             foreach ($this->dbSettings->getFieldsRequired() as $fieldName) {
                 if (!in_array($fieldName, $fInfo)) {
                     $this->logger->setErrorMessage($messageClass->getMessageAs(1033, array($fieldName)));
                 }
             }
         }
     }
 }