/**
* @return int PHP memory limit in bytes.
*/
public function getMemoryLimit()
{
if (isset($this->override['memory_limit'])) {
$limit = $this->override['memory_limit'];
} else {
$limit = ini_get('memory_limit');
}
return Oxygen_Util::convertToBytes($limit);
}
private function populateSiteState(&$state, Oxygen_Http_Request $request)
{
// See how $site_key gets generated in _update_process_fetch_task() for statistical purposes.
$state['siteKey'] = strtr(base64_encode(hash_hmac('sha256', (string) $this->context->getGlobal('base_url'), (string) $this->state->get('drupal_private_key'), true)), array('+' => '-', '/' => '_', '=' => ''));
$state['cronKey'] = (string) $this->state->get('cron_key');
$state['cronLastRunAt'] = (int) $this->state->get('cron_last');
$state['siteMail'] = (string) $this->state->get('site_mail');
$state['siteName'] = (string) $this->state->get('site_name');
$state['siteRoot'] = isset($request->server['SCRIPT_FILENAME']) ? Oxygen_Util::normalizePath(dirname($request->server['SCRIPT_FILENAME'])) : '';
$state['drupalRoot'] = Oxygen_Util::normalizePath($this->context->getConstant('DRUPAL_ROOT'));
$state['drupalVersion'] = $this->context->getConstant('VERSION');
$state['drupalMajorVersion'] = (int) basename($this->context->getConstant('DRUPAL_CORE_COMPATIBILITY'), '.x');
$state['timezone'] = (string) $this->state->get('date_default_timezone');
}
public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event)
{
$request = $event->getRequest();
$data = $event->getRequestData();
$existingPublicKey = $this->state->get('oxygen_public_key');
$providedPublicKey = $data->publicKey;
$signature = $data->signature;
$requestId = $data->oxygenRequestId;
$requestExpiresAt = $data->requestExpiresAt;
if (empty($existingPublicKey)) {
// There is no public key set, use the provided one to verify SSL implementation.
$verifyPublicKey = $providedPublicKey;
} else {
$verifyPublicKey = $existingPublicKey;
}
$verified = $this->rsaVerifier->verify($verifyPublicKey, sprintf('%s|%d', $requestId, $requestExpiresAt), $signature);
if (!$verified) {
if (empty($existingPublicKey)) {
// A public key is not set, but the handshake failed. There might be a problem with the OpenSSL implementation.
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_TEST_FAILED);
} else {
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_FAILED);
}
}
if (!empty($existingPublicKey)) {
// We validated against an existing key.
$this->nonceManager->useNonce($requestId, $requestExpiresAt);
$request->setAuthenticated(true);
return;
}
$handshakeKey = @file_get_contents($this->modulePath . '/keys/' . $data->handshakeKey . '.pub');
if ($handshakeKey === false) {
$lastError = error_get_last();
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_KEY_NOT_FOUND, array('lastError' => $lastError['message'], 'keyPath' => $this->modulePath . '/' . $data->handshakeKey));
}
$urlSlug = Oxygen_Util::getUrlSlug($this->baseUrl);
$verifiedHandshake = $this->rsaVerifier->verify($handshakeKey, $urlSlug, $data->handshakeSignature);
if (!$verifiedHandshake) {
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_VERIFY_FAILED);
}
$this->nonceManager->useNonce($requestId, $requestExpiresAt);
$this->state->set('oxygen_public_key', $providedPublicKey);
$request->setAuthenticated(true);
}
/**
* @param Oxygen_Math_BigInteger $modulus
* @param Oxygen_Math_BigInteger $exponent
* @param string $data
* @param string $rawSignature
*
* @return bool
* @throws Oxygen_Exception
*/
private function rsaMatch(Oxygen_Math_BigInteger $modulus, Oxygen_Math_BigInteger $exponent, $data, $rawSignature)
{
$modulusLength = strlen($modulus->toBytes());
if ($modulusLength !== strlen($rawSignature)) {
throw new Oxygen_Exception(Oxygen_Exception::RSA_KEY_SIGNATURE_SIZE_INVALID);
}
$signature = new Oxygen_Math_BigInteger($rawSignature, 256);
$m2 = $this->rsavp1($signature, $exponent, $modulus);
if (strlen($m2->toBytes()) > $modulusLength) {
throw new Oxygen_Exception(Oxygen_Exception::RSA_KEY_MODULUS_SIZE_INVALID);
}
$em = str_pad($m2->toBytes(), $modulusLength, chr(0), STR_PAD_LEFT);
$em2 = $this->emsaPkcs1v15Encode($data, $modulusLength);
return Oxygen_Util::hashEquals($em, $em2);
}
public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event)
{
$data = $event->getRequestData();
if (empty($data->version)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_NOT_PROVIDED);
}
if (!is_string($data->version) || !preg_match('{^\\d+\\.\\d+$}', $data->version)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_NOT_VALID);
}
if (version_compare($data->version, $this->version, '>')) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_TOO_LOW);
}
if (empty($data->oxygenRequestId)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_REQUEST_ID_NOT_PROVIDED);
}
if (!is_string($data->oxygenRequestId) || !preg_match('{^([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12})$}', $data->oxygenRequestId)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_REQUEST_ID_NOT_VALID);
}
if (empty($data->publicKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_PUBLIC_KEY_NOT_PROVIDED);
}
if (!is_string($data->publicKey) || !strlen($data->publicKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_PUBLIC_KEY_NOT_VALID);
}
if (!isset($data->userName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_USER_NAME_NOT_PROVIDED);
}
if (!is_string($data->userName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_USER_NAME_NOT_VALID);
}
if (empty($data->signature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_SIGNATURE_NOT_PROVIDED);
}
if (!is_string($data->signature) || !preg_match('{^[a-zA-Z\\d/+]+={0,2}$}', $data->signature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_SIGNATURE_NOT_VALID);
}
if (empty($data->handshakeKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_KEY_NOT_PROVIDED);
}
if (!is_string($data->handshakeKey) || !preg_match('{^[a-z0-9_]+$}', $data->handshakeKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_KEY_NOT_VALID);
}
if (empty($data->handshakeSignature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_SIGNATURE_NOT_PROVIDED);
}
if (!is_string($data->handshakeSignature) || !preg_match('{^[a-zA-Z\\d/+]+={0,2}$}', $data->handshakeSignature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_SIGNATURE_NOT_VALID);
}
if (empty($data->requestExpiresAt)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_EXPIRATION_NOT_PROVIDED);
}
if (!is_int($data->requestExpiresAt)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_EXPIRATION_NOT_VALID);
}
if (empty($data->actionName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_NAME_NOT_PROVIDED);
}
if (!is_string($data->actionName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_NAME_NOT_VALID);
}
if (!isset($data->actionParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_PARAMETERS_NOT_PROVIDED);
}
if (!is_array($data->actionParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_PARAMETERS_NOT_VALID);
}
if (empty($data->baseUrl)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_NOT_PROVIDED);
}
if (!is_string($data->baseUrl) || !in_array(parse_url($data->baseUrl, PHP_URL_SCHEME), array('http', 'https')) || !is_string(parse_url($data->baseUrl, PHP_URL_HOST))) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_NOT_VALID);
}
if (!isset($data->stateParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_STATE_PARAMETERS_NOT_PROVIDED);
}
if (!is_array($data->stateParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_STATE_PARAMETERS_NOT_VALID);
}
$providedBaseUrlSlug = Oxygen_Util::getUrlSlug($data->baseUrl);
$currentBaseUrlSlug = Oxygen_Util::getUrlSlug($this->baseUrl);
if ($providedBaseUrlSlug !== $currentBaseUrlSlug) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_SLUG_MISMATCHES, array('providedBaseUrl' => $data->baseUrl, 'providedBaseUrlSlug' => $providedBaseUrlSlug, 'currentBaseUrl' => $this->baseUrl, 'currentBaseUrlSlug' => $currentBaseUrlSlug));
}
}
