/** * @return int PHP memory limit in bytes. */ public function getMemoryLimit() { if (isset($this->override['memory_limit'])) { $limit = $this->override['memory_limit']; } else { $limit = ini_get('memory_limit'); } return Oxygen_Util::convertToBytes($limit); }
private function populateSiteState(&$state, Oxygen_Http_Request $request) { // See how $site_key gets generated in _update_process_fetch_task() for statistical purposes. $state['siteKey'] = strtr(base64_encode(hash_hmac('sha256', (string) $this->context->getGlobal('base_url'), (string) $this->state->get('drupal_private_key'), true)), array('+' => '-', '/' => '_', '=' => '')); $state['cronKey'] = (string) $this->state->get('cron_key'); $state['cronLastRunAt'] = (int) $this->state->get('cron_last'); $state['siteMail'] = (string) $this->state->get('site_mail'); $state['siteName'] = (string) $this->state->get('site_name'); $state['siteRoot'] = isset($request->server['SCRIPT_FILENAME']) ? Oxygen_Util::normalizePath(dirname($request->server['SCRIPT_FILENAME'])) : ''; $state['drupalRoot'] = Oxygen_Util::normalizePath($this->context->getConstant('DRUPAL_ROOT')); $state['drupalVersion'] = $this->context->getConstant('VERSION'); $state['drupalMajorVersion'] = (int) basename($this->context->getConstant('DRUPAL_CORE_COMPATIBILITY'), '.x'); $state['timezone'] = (string) $this->state->get('date_default_timezone'); }
public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event) { $request = $event->getRequest(); $data = $event->getRequestData(); $existingPublicKey = $this->state->get('oxygen_public_key'); $providedPublicKey = $data->publicKey; $signature = $data->signature; $requestId = $data->oxygenRequestId; $requestExpiresAt = $data->requestExpiresAt; if (empty($existingPublicKey)) { // There is no public key set, use the provided one to verify SSL implementation. $verifyPublicKey = $providedPublicKey; } else { $verifyPublicKey = $existingPublicKey; } $verified = $this->rsaVerifier->verify($verifyPublicKey, sprintf('%s|%d', $requestId, $requestExpiresAt), $signature); if (!$verified) { if (empty($existingPublicKey)) { // A public key is not set, but the handshake failed. There might be a problem with the OpenSSL implementation. throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_TEST_FAILED); } else { throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_FAILED); } } if (!empty($existingPublicKey)) { // We validated against an existing key. $this->nonceManager->useNonce($requestId, $requestExpiresAt); $request->setAuthenticated(true); return; } $handshakeKey = @file_get_contents($this->modulePath . '/keys/' . $data->handshakeKey . '.pub'); if ($handshakeKey === false) { $lastError = error_get_last(); throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_KEY_NOT_FOUND, array('lastError' => $lastError['message'], 'keyPath' => $this->modulePath . '/' . $data->handshakeKey)); } $urlSlug = Oxygen_Util::getUrlSlug($this->baseUrl); $verifiedHandshake = $this->rsaVerifier->verify($handshakeKey, $urlSlug, $data->handshakeSignature); if (!$verifiedHandshake) { throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_VERIFY_FAILED); } $this->nonceManager->useNonce($requestId, $requestExpiresAt); $this->state->set('oxygen_public_key', $providedPublicKey); $request->setAuthenticated(true); }
/** * @param Oxygen_Math_BigInteger $modulus * @param Oxygen_Math_BigInteger $exponent * @param string $data * @param string $rawSignature * * @return bool * @throws Oxygen_Exception */ private function rsaMatch(Oxygen_Math_BigInteger $modulus, Oxygen_Math_BigInteger $exponent, $data, $rawSignature) { $modulusLength = strlen($modulus->toBytes()); if ($modulusLength !== strlen($rawSignature)) { throw new Oxygen_Exception(Oxygen_Exception::RSA_KEY_SIGNATURE_SIZE_INVALID); } $signature = new Oxygen_Math_BigInteger($rawSignature, 256); $m2 = $this->rsavp1($signature, $exponent, $modulus); if (strlen($m2->toBytes()) > $modulusLength) { throw new Oxygen_Exception(Oxygen_Exception::RSA_KEY_MODULUS_SIZE_INVALID); } $em = str_pad($m2->toBytes(), $modulusLength, chr(0), STR_PAD_LEFT); $em2 = $this->emsaPkcs1v15Encode($data, $modulusLength); return Oxygen_Util::hashEquals($em, $em2); }
public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event) { $data = $event->getRequestData(); if (empty($data->version)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_NOT_PROVIDED); } if (!is_string($data->version) || !preg_match('{^\\d+\\.\\d+$}', $data->version)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_NOT_VALID); } if (version_compare($data->version, $this->version, '>')) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_TOO_LOW); } if (empty($data->oxygenRequestId)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_REQUEST_ID_NOT_PROVIDED); } if (!is_string($data->oxygenRequestId) || !preg_match('{^([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12})$}', $data->oxygenRequestId)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_REQUEST_ID_NOT_VALID); } if (empty($data->publicKey)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_PUBLIC_KEY_NOT_PROVIDED); } if (!is_string($data->publicKey) || !strlen($data->publicKey)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_PUBLIC_KEY_NOT_VALID); } if (!isset($data->userName)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_USER_NAME_NOT_PROVIDED); } if (!is_string($data->userName)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_USER_NAME_NOT_VALID); } if (empty($data->signature)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_SIGNATURE_NOT_PROVIDED); } if (!is_string($data->signature) || !preg_match('{^[a-zA-Z\\d/+]+={0,2}$}', $data->signature)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_SIGNATURE_NOT_VALID); } if (empty($data->handshakeKey)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_KEY_NOT_PROVIDED); } if (!is_string($data->handshakeKey) || !preg_match('{^[a-z0-9_]+$}', $data->handshakeKey)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_KEY_NOT_VALID); } if (empty($data->handshakeSignature)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_SIGNATURE_NOT_PROVIDED); } if (!is_string($data->handshakeSignature) || !preg_match('{^[a-zA-Z\\d/+]+={0,2}$}', $data->handshakeSignature)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_SIGNATURE_NOT_VALID); } if (empty($data->requestExpiresAt)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_EXPIRATION_NOT_PROVIDED); } if (!is_int($data->requestExpiresAt)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_EXPIRATION_NOT_VALID); } if (empty($data->actionName)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_NAME_NOT_PROVIDED); } if (!is_string($data->actionName)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_NAME_NOT_VALID); } if (!isset($data->actionParameters)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_PARAMETERS_NOT_PROVIDED); } if (!is_array($data->actionParameters)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_PARAMETERS_NOT_VALID); } if (empty($data->baseUrl)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_NOT_PROVIDED); } if (!is_string($data->baseUrl) || !in_array(parse_url($data->baseUrl, PHP_URL_SCHEME), array('http', 'https')) || !is_string(parse_url($data->baseUrl, PHP_URL_HOST))) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_NOT_VALID); } if (!isset($data->stateParameters)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_STATE_PARAMETERS_NOT_PROVIDED); } if (!is_array($data->stateParameters)) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_STATE_PARAMETERS_NOT_VALID); } $providedBaseUrlSlug = Oxygen_Util::getUrlSlug($data->baseUrl); $currentBaseUrlSlug = Oxygen_Util::getUrlSlug($this->baseUrl); if ($providedBaseUrlSlug !== $currentBaseUrlSlug) { throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_SLUG_MISMATCHES, array('providedBaseUrl' => $data->baseUrl, 'providedBaseUrlSlug' => $providedBaseUrlSlug, 'currentBaseUrl' => $this->baseUrl, 'currentBaseUrlSlug' => $currentBaseUrlSlug)); } }