/** * {@inheritdoc } */ protected function execute(InputInterface $input, OutputInterface $output) { $privateKeyPath = $input->getOption('privateKey'); $keyBundlePath = $input->getOption('certificate'); $path = $input->getOption('path'); if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) { $output->writeln('--privateKey, --certificate and --path are required.'); return null; } $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath); $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath); if ($privateKey === false) { $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath)); return null; } if ($keyBundle === false) { $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath)); return null; } $rsa = new RSA(); $rsa->loadKey($privateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); $this->checker->writeCoreSignature($x509, $rsa, $path); $output->writeln('Successfully signed "core"'); }
public function testSaveUnsupportedExtension() { $x509 = new X509(); $cert = $x509->loadX509('-----BEGIN CERTIFICATE----- MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0 ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q== -----END CERTIFICATE-----'); $asn1 = new ASN1(); $value = $this->encodeOID('1.2.3.4'); $ext = chr(ASN1::TYPE_OBJECT_IDENTIFIER) . $asn1->_encodeLength(strlen($value)) . $value; $value = 'zzzzzzzzz'; $ext .= chr(ASN1::TYPE_OCTET_STRING) . $asn1->_encodeLength(strlen($value)) . $value; $ext = chr(ASN1::TYPE_SEQUENCE | 0x20) . $asn1->_encodeLength(strlen($ext)) . $ext; $cert['tbsCertificate']['extensions'][4] = new Element($ext); $result = $x509->loadX509($x509->saveX509($cert)); $this->assertCount(5, $result['tbsCertificate']['extensions']); }
public function __construct($certificate) { $x509 = new X509(); $x509result = $x509->loadX509($certificate); $this->x509 = $x509; $this->x509result = $x509result; }
/** * Check if inputfile is correct. * * @param $contents * * @throws Exception */ protected function guardAgainstInvalidContents($contents) { $x509 = new X509(); if (!$x509->loadX509($contents)) { throw new Exception('Invalid inputfile given.'); } }
/** * @group github705 */ public function testSaveNullRSAParam() { $privKey = new RSA(); $privKey->loadKey('-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDMswfEpAgnUDWA74zZw5XcPsWh1ly1Vk99tsqwoFDkLF7jvXy1 dDLHYfuquvfxCgcp8k/4fQhx4ubR8bbGgEq9B05YRnViK0R0iBB5Ui4IaxWYYhKE 8xqAEH2fL+/7nsqqNFKkEN9KeFwc7WbMY49U2adlMrpBdRjk1DqIEW3QTwIDAQAB AoGBAJ+83cT/1DUJjJcPWLTeweVbPtJp+3Ku5d1OdaGbmURVs764scbP5Ihe2AuF V9LLZoe/RdS9jYeB72nJ3D3PA4JVYYgqMOnJ8nlUMNQ+p0yGl5TqQk6EKLI8MbX5 kQEazNqFXsiWVQXubAd5wjtb6g0n0KD3zoT/pWLES7dtUFexAkEA89h5+vbIIl2P H/NnkPie2NWYDZ1YiMGHFYxPDwsd9KCZMSbrLwAhPg9bPgqIeVNfpwxrzeksS6D9 P98tJt335QJBANbnCe+LhDSrkpHMy9aOG2IdbLGG63MSRUCPz8v2gKPq3kYXDxq6 Y1iqF8N5g0k5iirHD2qlWV5Q+nuGvFTafCMCQQC1wQiC0IkyXEw/Q31RqI82Dlcs 5rhEDwQyQof3LZEhcsdcxKaOPOmKSYX4A3/f9w4YBIEiVQfoQ1Ig1qfgDZklAkAT TQDJcOBY0qgBTEFqbazr7PScJR/0X8m0eLYS/XqkPi3kYaHLpr3RcsVbmwg9hVtx aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7 4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt -----END RSA PRIVATE KEY-----'); $pubKey = new RSA(); $pubKey->loadKey($privKey->getPublicKey()); $pubKey->setPublicKey(); $subject = new X509(); $subject->setDNProp('id-at-organizationName', 'phpseclib demo cert'); $subject->setPublicKey($pubKey); $issuer = new X509(); $issuer->setPrivateKey($privKey); $issuer->setDN($subject->getDN()); $x509 = new X509(); $result = $x509->sign($issuer, $subject); $cert = $x509->saveX509($result); $cert = $x509->loadX509($cert); $this->assertArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']); $this->assertArrayHasKey('parameters', $cert['signatureAlgorithm']); $this->assertArrayHasKey('parameters', $cert['tbsCertificate']['signature']); }
/** * Verifies the signature for the specified path. * * @param string $signaturePath * @param string $basePath * @param string $certificateCN * @return array * @throws InvalidSignatureException * @throws \Exception */ private function verify($signaturePath, $basePath, $certificateCN) { if (!$this->isCodeCheckEnforced()) { return []; } $signatureData = json_decode($this->fileAccessHelper->file_get_contents($signaturePath), true); if (!is_array($signatureData)) { throw new InvalidSignatureException('Signature data not found.'); } $expectedHashes = $signatureData['hashes']; ksort($expectedHashes); $signature = base64_decode($signatureData['signature']); $certificate = $signatureData['certificate']; // Check if certificate is signed by ownCloud Root Authority $x509 = new \phpseclib\File\X509(); $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt'); $x509->loadCA($rootCertificatePublicKey); $x509->loadX509($certificate); if (!$x509->validateSignature()) { throw new InvalidSignatureException('Certificate is not valid.'); } // Verify if certificate has proper CN. "core" CN is always trusted. if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') { throw new InvalidSignatureException(sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true))); } // Check if the signature of the files is valid $rsa = new \phpseclib\Crypt\RSA(); $rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']); $rsa->setSignatureMode(RSA::SIGNATURE_PSS); $rsa->setMGFHash('sha512'); if (!$rsa->verify(json_encode($expectedHashes), $signature)) { throw new InvalidSignatureException('Signature could not get verified.'); } // Compare the list of files which are not identical $currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath); $differencesA = array_diff($expectedHashes, $currentInstanceHashes); $differencesB = array_diff($currentInstanceHashes, $expectedHashes); $differences = array_unique(array_merge($differencesA, $differencesB)); $differenceArray = []; foreach ($differences as $filename => $hash) { // Check if file should not exist in the new signature table if (!array_key_exists($filename, $expectedHashes)) { $differenceArray['EXTRA_FILE'][$filename]['expected'] = ''; $differenceArray['EXTRA_FILE'][$filename]['current'] = $hash; continue; } // Check if file is missing if (!array_key_exists($filename, $currentInstanceHashes)) { $differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename]; $differenceArray['FILE_MISSING'][$filename]['current'] = ''; continue; } // Check if hash does mismatch if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) { $differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename]; $differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename]; continue; } // Should never happen. throw new \Exception('Invalid behaviour in file hash comparison experienced. Please report this error to the developers.'); } return $differenceArray; }
function testVerifyWithGoogleIDToken() { $id_token_string = file_get_contents($this->fixture_dir . 'google.jwt'); $cert_string = file_get_contents($this->fixture_dir . 'google.crt'); $x509 = new X509(); $x509->loadX509($cert_string); $public_key = $x509->getPublicKey()->getPublicKey(); $jwt = JOSE_JWT::decode($id_token_string); $jws = new JOSE_JWS($jwt); $this->assertInstanceOf('JOSE_JWS', $jws->verify($public_key)); }
public function testWriteCoreSignatureWithValidModifiedHtaccess() { $expectedSignatureFileData = '{ "hashes": { ".htaccess": "a232e6a616c40635d0220e47ebaade40348aadf141a67a331b8870b8fae056584e52fe8b56c49468ee17b58f92cbcd269dc30ae598d6206e97f7d8bb00a766c6", "subfolder\\/.htaccess": "2c57b1e25050e11dc3ae975832f378c452159f7b69f818e47eeeafadd6ba568517461dcb4d843b90b906cd7c89d161bc1b89dff8e3ae0eb6f5088508c47befd1" }, "signature": "LNHvrAFg7NJL9h8TanIFmiI3xnmNRz8pltVgRJpnQTqLJCkhZWV5+poHIii\\/\\/dI4NhBijsoN0AAJckf1KFzyeI2rOk3w+niaOEXX7khoJDgbxuz0kwN13Bxa1A6j0cMFqm9IIWet0JK9MKaL8K\\/n3CzNYovXhRBdJsYTQVWvkaY5KMQgTP2roqgaLBABfI8+fuZVnKie1D737UJ3LhxesEtqr9mJEUSdYuN1QpaScdv7bMkX7xTcg02T5Ljs4F0KsKSME43Pzxm33qCQ\\/Gyfsz\\/iNKHYQztg9wPkSanbqvFnDtHhcIhKBsETCbNuBZqBk0AwYCupLIJTjC6SShHc4TtWiv834wtSmc1fYfzrsq7gJalJifFAaeGemzFwkePFlVqjdYc63KSqK8ut0jEcjKPAmJ+5NCUoxc8iASMJCesf31mzUPlw1L9LCBMA0aywDqkZYK4tJHZYMvXc4UkSs19OuAzUbXMoVHsJ03ftfC02gpg4hqZDSiBqYuyKMvt2xuutTA+xQcl3fQGUuNdSmBqUFm0D5cCvT10aZPNUXA2cnS+89u58QSxO1wEZJCYKOrDvX1oqOyJs\\/c8GNip3LwheIF2KB8\\/Zh83h8ZncDxuesAzq89IjV815K3P1G\\/kSVPhvQapw1KMLu9rBDZ3FVvQw8K8fg5a7opBrK2ggGds=", "certificate": "-----BEGIN CERTIFICATE-----\\r\\nMIIEvjCCAqagAwIBAgIUc\\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\\r\\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\\r\\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\\r\\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\\r\\niOf4RwPXR6SE9bWZEm\\/b72SfWk\\/\\/J6AbrD8WiOzBuT\\/ODy6k5T1arEdHO+Pux0W1\\r\\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\\/xolP3oD+eLbShPcblhdS\\r\\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\\r\\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\\/2riAzIssMFSCarWCx0AKYb54+d\\r\\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\\r\\nH87KFhYW8tKFFvF1V3AHl\\/sFQ9tDHaxM9Y0pZ2jPp\\/ccdiqnmdkBxBDqsiRvHvVB\\r\\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\\/wAtd2vUW8UFiq\\r\\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\\/zrM0\\r\\ni8nfCFwTxWRxp3H9KoECzO\\/zS5R5KIS7s3\\/wq\\/w9T2Ie4rcecgXwDizwnn0C\\/aKc\\r\\nbDIjujpL1s9HO05pcD\\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\\r\\nQ238lC+A\\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\\r\\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\\r\\noNCXUbExC\\/0iCPUqdHZIVb+Lc\\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\\r\\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\\r\\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\\/55\\r\\ncf3Fovj6JJgbb9XFxrdnsOsDOu\\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\\r\\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\\/\\/+TJtXRbyNgsf\\r\\noMRZGi8DLGU2SGEAHcRH\\/QZHq\\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\\r\\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\\/XUxEWOa2F\\r\\nK2EqhErgMK\\/N07U1JJJay5tYZRtvkGq46oP\\/5kQG8hYST0MDK6VihJoPpvCmAm4E\\r\\npEYKQ96x6A4EH9Y9mZlYozH\\/eqmxPbTK8n89\\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\\r\\nV204fGUkJqW5CrKy3P3XvY9X\\r\\n-----END CERTIFICATE-----" }'; $this->environmentHelper->expects($this->any())->method('getServerRoot')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent')); $this->fileAccessHelper->expects($this->once())->method('file_put_contents')->with(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json', $expectedSignatureFileData); $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key'); $rsa = new RSA(); $rsa->loadKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent'); }
public function testWriteCoreSignature() { $expectedSignatureFileData = '{ "hashes": { "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112", "subfolder\\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b" }, "signature": "dYoohBaWIFR\\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\\/Oz8LWFd+BEUQjC2LJgojPnpzaG\\/msw1nBkX16NNVDWWtJ25Bc\\/r\\/mG46rwjWB\\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=", "certificate": "-----BEGIN CERTIFICATE-----\\r\\nMIIEvjCCAqagAwIBAgIUc\\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\\r\\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\\r\\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\\r\\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\\r\\niOf4RwPXR6SE9bWZEm\\/b72SfWk\\/\\/J6AbrD8WiOzBuT\\/ODy6k5T1arEdHO+Pux0W1\\r\\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\\/xolP3oD+eLbShPcblhdS\\r\\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\\r\\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\\/2riAzIssMFSCarWCx0AKYb54+d\\r\\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\\r\\nH87KFhYW8tKFFvF1V3AHl\\/sFQ9tDHaxM9Y0pZ2jPp\\/ccdiqnmdkBxBDqsiRvHvVB\\r\\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\\/wAtd2vUW8UFiq\\r\\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\\/zrM0\\r\\ni8nfCFwTxWRxp3H9KoECzO\\/zS5R5KIS7s3\\/wq\\/w9T2Ie4rcecgXwDizwnn0C\\/aKc\\r\\nbDIjujpL1s9HO05pcD\\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\\r\\nQ238lC+A\\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\\r\\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\\r\\noNCXUbExC\\/0iCPUqdHZIVb+Lc\\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\\r\\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\\r\\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\\/55\\r\\ncf3Fovj6JJgbb9XFxrdnsOsDOu\\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\\r\\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\\/\\/+TJtXRbyNgsf\\r\\noMRZGi8DLGU2SGEAHcRH\\/QZHq\\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\\r\\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\\/XUxEWOa2F\\r\\nK2EqhErgMK\\/N07U1JJJay5tYZRtvkGq46oP\\/5kQG8hYST0MDK6VihJoPpvCmAm4E\\r\\npEYKQ96x6A4EH9Y9mZlYozH\\/eqmxPbTK8n89\\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\\r\\nV204fGUkJqW5CrKy3P3XvY9X\\r\\n-----END CERTIFICATE-----" }'; $this->environmentHelper->expects($this->any())->method('getServerRoot')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/app/')); $this->fileAccessHelper->expects($this->once())->method('file_put_contents')->with(\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $expectedSignatureFileData); $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key'); $rsa = new RSA(); $rsa->loadKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa); }
public function testWriteCoreSignatureWithValidModifiedHtaccessAndUserIni() { $expectedSignatureFileData = '{ "hashes": { ".htaccess": "ef34c5f35fffb6e8e3008c2118617b53243cfc5ac2513edba9ebd383169862bc16e4f889316ad65788d6b172fe14713af90908c19838c4ba13b4146e12c7ac62", ".user.ini": "0a557e3cdca4c2e3675deed761d79d109011dcdebbd9c7f6429f1d3476938ec95729543d7384651d1d0c48e26c5024cc5f517445920915a704ea748bdb903c5f", "subfolder\\/.htaccess": "2c57b1e25050e11dc3ae975832f378c452159f7b69f818e47eeeafadd6ba568517461dcb4d843b90b906cd7c89d161bc1b89dff8e3ae0eb6f5088508c47befd1" }, "signature": "d6pqYc0pj5hihZK4Pi\\/rM9XguY1xK9LEch+jUcxZWwhzOPL4qVHx5LN4FAhEOnr5ZjuhK\\/umVEUjieamF4z8tP\\/4nnnu2LmRuPMmj6+1tBEwbsKoeg7NiYfYL5h+VSdBePpIZDmjk0tjEpsMtCPhUPAY5vOSSDJ3Xef4KQIpeL6RKIctDcVdO26QWPLFpCo9NK3j91KHuXTcjbAsATDo+oXQzi0CaomBqL6Ft1SU\\/Bdes6usgeVWd6mGygZ6zUCLqB4hSi6335xIkkUO1c3NekWksiqTWqdmVIpsTEsIpapx+nE0UFBGc7ZF2rnamg5813g67M5V\\/UwhBRcHobMFWfbp73QDUsHcuLCOhamgYh7hbVIlDP7LS2V3kIRLgMLBVwLnvb8LAbaGUsdYGtbfmrhcMK\\/jkpGCv0pqUCc4I+1QuVexNEQrdqafwYRnQUsmdFSFaCASYVvgxPrY5jA+y1HwNX5HEc5mMzVORNPhZXUcxWBRUQxUESY5j473DInMQUhq7SLVNAaglxDR1a9M5tQO8engvIJ5eTImLITm0qdefmEvFrxQ0BrrGmPNFYUysrHeNGDhMkGX+JIONj+T4Ht3Z7dr7cfufYDHRaummsTGgRx6206zRSqavsBWL\\/Cbzrfu1HhiRagncVcoL40EommJt8lobaKHs3GZ8k861Wo=", "certificate": "-----BEGIN CERTIFICATE-----\\r\\nMIIEvjCCAqagAwIBAgIUc\\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\\r\\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\\r\\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\\r\\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\\r\\niOf4RwPXR6SE9bWZEm\\/b72SfWk\\/\\/J6AbrD8WiOzBuT\\/ODy6k5T1arEdHO+Pux0W1\\r\\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\\/xolP3oD+eLbShPcblhdS\\r\\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\\r\\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\\/2riAzIssMFSCarWCx0AKYb54+d\\r\\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\\r\\nH87KFhYW8tKFFvF1V3AHl\\/sFQ9tDHaxM9Y0pZ2jPp\\/ccdiqnmdkBxBDqsiRvHvVB\\r\\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\\/wAtd2vUW8UFiq\\r\\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\\/zrM0\\r\\ni8nfCFwTxWRxp3H9KoECzO\\/zS5R5KIS7s3\\/wq\\/w9T2Ie4rcecgXwDizwnn0C\\/aKc\\r\\nbDIjujpL1s9HO05pcD\\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\\r\\nQ238lC+A\\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\\r\\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\\r\\noNCXUbExC\\/0iCPUqdHZIVb+Lc\\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\\r\\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\\r\\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\\/55\\r\\ncf3Fovj6JJgbb9XFxrdnsOsDOu\\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\\r\\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\\/\\/+TJtXRbyNgsf\\r\\noMRZGi8DLGU2SGEAHcRH\\/QZHq\\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\\r\\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\\/XUxEWOa2F\\r\\nK2EqhErgMK\\/N07U1JJJay5tYZRtvkGq46oP\\/5kQG8hYST0MDK6VihJoPpvCmAm4E\\r\\npEYKQ96x6A4EH9Y9mZlYozH\\/eqmxPbTK8n89\\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\\r\\nV204fGUkJqW5CrKy3P3XvY9X\\r\\n-----END CERTIFICATE-----" }'; $this->environmentHelper->expects($this->any())->method('getServerRoot')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent')); $this->fileAccessHelper->expects($this->once())->method('file_put_contents')->with(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json', $expectedSignatureFileData); $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key'); $rsa = new RSA(); $rsa->loadKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent'); }
/** * {@inheritdoc } */ protected function execute(InputInterface $input, OutputInterface $output) { $path = $input->getOption('path'); $privateKeyPath = $input->getOption('privateKey'); $keyBundlePath = $input->getOption('certificate'); if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) { $documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity'); $output->writeln('This command requires the --path, --privateKey and --certificate.'); $output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"'); $output->writeln('For more information please consult the documentation: ' . $documentationUrl); return null; } $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath); $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath); if ($privateKey === false) { $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath)); return null; } if ($keyBundle === false) { $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath)); return null; } $rsa = new RSA(); $rsa->loadKey($privateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); $this->checker->writeAppSignature($path, $x509, $rsa); $output->writeln('Successfully signed "' . $path . '"'); }