Checker, OC\IntegrityCheck PHPのコード例

コード例 #1

0

ファイルを表示

ファイル: SignCore.php プロジェクト: rchicoli/owncloud-core

 /**
  * {@inheritdoc }
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $privateKeyPath = $input->getOption('privateKey');
     $keyBundlePath = $input->getOption('certificate');
     $path = $input->getOption('path');
     if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) {
         $output->writeln('--privateKey, --certificate and --path are required.');
         return null;
     }
     $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
     $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
     if ($privateKey === false) {
         $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
         return null;
     }
     if ($keyBundle === false) {
         $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
         return null;
     }
     $rsa = new RSA();
     $rsa->loadKey($privateKey);
     $x509 = new X509();
     $x509->loadX509($keyBundle);
     $x509->setPrivateKey($rsa);
     $this->checker->writeCoreSignature($x509, $rsa, $path);
     $output->writeln('Successfully signed "core"');
 }

コード例 #2

0

ファイルを表示

ファイル: checkapp.php プロジェクト: ZverAleksey/core

 /**
  * {@inheritdoc }
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $appid = $input->getArgument('appid');
     $path = strval($input->getOption('path'));
     $result = $this->checker->verifyAppSignature($appid, $path);
     $this->writeArrayInOutputFormat($input, $output, $result);
 }

コード例 #3

0

ファイルを表示

ファイル: SignApp.php プロジェクト: GitHubUser4234/core

 /**
  * {@inheritdoc }
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $path = $input->getOption('path');
     $privateKeyPath = $input->getOption('privateKey');
     $keyBundlePath = $input->getOption('certificate');
     if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) {
         $documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity');
         $output->writeln('This command requires the --path, --privateKey and --certificate.');
         $output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"');
         $output->writeln('For more information please consult the documentation: ' . $documentationUrl);
         return null;
     }
     $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
     $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
     if ($privateKey === false) {
         $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
         return null;
     }
     if ($keyBundle === false) {
         $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
         return null;
     }
     $rsa = new RSA();
     $rsa->loadKey($privateKey);
     $x509 = new X509();
     $x509->loadX509($keyBundle);
     $x509->setPrivateKey($rsa);
     $this->checker->writeAppSignature($path, $x509, $rsa);
     $output->writeln('Successfully signed "' . $path . '"');
 }

コード例 #4

0

ファイルを表示

ファイル: Updater.php プロジェクト: stweil/owncloud-core

 /**
  * runs the update actions in maintenance mode, does not upgrade the source files
  * except the main .htaccess file
  *
  * @param string $currentVersion current version to upgrade to
  * @param string $installedVersion previous version from which to upgrade from
  *
  * @throws \Exception
  */
 private function doUpgrade($currentVersion, $installedVersion)
 {
     // Stop update if the update is over several major versions
     $allowedPreviousVersion = $this->getAllowedPreviousVersion();
     if (!self::isUpgradePossible($installedVersion, $currentVersion, $allowedPreviousVersion)) {
         throw new \Exception('Updates between multiple major versions and downgrades are unsupported.');
     }
     // Update .htaccess files
     try {
         Setup::updateHtaccess();
         Setup::protectDataDirectory();
     } catch (\Exception $e) {
         throw new \Exception($e->getMessage());
     }
     // create empty file in data dir, so we can later find
     // out that this is indeed an ownCloud data directory
     // (in case it didn't exist before)
     file_put_contents($this->config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data') . '/.ocdata', '');
     // pre-upgrade repairs
     $repair = new Repair(Repair::getBeforeUpgradeRepairSteps(), \OC::$server->getEventDispatcher());
     $repair->run();
     // simulate DB upgrade
     if ($this->simulateStepEnabled) {
         $this->checkCoreUpgrade();
         // simulate apps DB upgrade
         $this->checkAppUpgrade($currentVersion);
     }
     if ($this->updateStepEnabled) {
         $this->doCoreUpgrade();
         // update all shipped apps
         $disabledApps = $this->checkAppsRequirements();
         $this->doAppUpgrade();
         // upgrade appstore apps
         $this->upgradeAppStoreApps($disabledApps);
         // install new shipped apps on upgrade
         OC_App::loadApps('authentication');
         $errors = Installer::installShippedApps(true);
         foreach ($errors as $appId => $exception) {
             /** @var \Exception $exception */
             $this->log->logException($exception, ['app' => $appId]);
             $this->emit('\\OC\\Updater', 'failure', [$appId . ': ' . $exception->getMessage()]);
         }
         // post-upgrade repairs
         $repair = new Repair(Repair::getRepairSteps(), \OC::$server->getEventDispatcher());
         $repair->run();
         //Invalidate update feed
         $this->config->setAppValue('core', 'lastupdatedat', 0);
         // Check for code integrity if not disabled
         if (\OC::$server->getIntegrityCodeChecker()->isCodeCheckEnforced()) {
             $this->emit('\\OC\\Updater', 'startCheckCodeIntegrity');
             $this->checker->runInstanceVerification();
             $this->emit('\\OC\\Updater', 'finishedCheckCodeIntegrity');
         }
         // only set the final version if everything went well
         $this->config->setSystemValue('version', implode('.', \OCP\Util::getVersion()));
     }
 }

コード例 #5

0

ファイルを表示

ファイル: SignCoreTest.php プロジェクト: evanjt/core

 public function testExecute()
 {
     $inputInterface = $this->getMock('\\Symfony\\Component\\Console\\Input\\InputInterface');
     $outputInterface = $this->getMock('\\Symfony\\Component\\Console\\Output\\OutputInterface');
     $inputInterface->expects($this->at(0))->method('getOption')->with('privateKey')->will($this->returnValue('privateKey'));
     $inputInterface->expects($this->at(1))->method('getOption')->with('certificate')->will($this->returnValue('certificate'));
     $this->fileAccessHelper->expects($this->at(0))->method('file_get_contents')->with('privateKey')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/core.key'));
     $this->fileAccessHelper->expects($this->at(1))->method('file_get_contents')->with('certificate')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/core.crt'));
     $this->checker->expects($this->once())->method('writeCoreSignature');
     $outputInterface->expects($this->at(0))->method('writeln')->with('Successfully signed "core"');
     $this->invokePrivate($this->signCore, 'execute', [$inputInterface, $outputInterface]);
 }

コード例 #6

0

ファイルを表示

ファイル: checkertest.php プロジェクト: evanjt/core

 public function testRunInstanceVerification()
 {
     $this->checker = $this->getMockBuilder('\\OC\\IntegrityCheck\\Checker')->setConstructorArgs([$this->environmentHelper, $this->fileAccessHelper, $this->appLocator, $this->config, $this->cacheFactory, $this->appManager])->setMethods(['verifyCoreSignature', 'verifyAppSignature'])->getMock();
     $this->checker->expects($this->at(0))->method('verifyCoreSignature');
     $this->appLocator->expects($this->at(0))->Method('getAllApps')->will($this->returnValue(['files', 'calendar', 'contacts', 'dav']));
     $this->appManager->expects($this->at(0))->method('isShipped')->with('files')->will($this->returnValue(true));
     $this->checker->expects($this->at(1))->method('verifyAppSignature')->with('files');
     $this->appManager->expects($this->at(1))->method('isShipped')->with('calendar')->will($this->returnValue(false));
     $this->appLocator->expects($this->at(1))->method('getAppPath')->with('calendar')->will($this->returnValue('/apps/calendar'));
     $this->fileAccessHelper->expects($this->at(0))->method('file_exists')->with('/apps/calendar/appinfo/signature.json')->will($this->returnValue(true));
     $this->checker->expects($this->at(2))->method('verifyAppSignature')->with('calendar');
     $this->appManager->expects($this->at(2))->method('isShipped')->with('contacts')->will($this->returnValue(false));
     $this->appLocator->expects($this->at(2))->method('getAppPath')->with('contacts')->will($this->returnValue('/apps/contacts'));
     $this->fileAccessHelper->expects($this->at(1))->method('file_exists')->with('/apps/contacts/appinfo/signature.json')->will($this->returnValue(false));
     $this->appManager->expects($this->at(3))->method('isShipped')->with('dav')->will($this->returnValue(true));
     $this->checker->expects($this->at(3))->method('verifyAppSignature')->with('dav');
     $this->checker->runInstanceVerification();
 }

コード例 #7

0

ファイルを表示

ファイル: CheckerTest.php プロジェクト: GitHubUser4234/core

    public function testCertRevocation()
    {
        $this->environmentHelper->expects($this->once())->method('getChannel')->will($this->returnValue('stable'));
        $this->config->expects($this->any())->method('getSystemValue')->with('integrity.check.disabled', false)->will($this->returnValue(false));
        $this->appLocator->expects($this->once())->method('getAppPath')->with('SomeApp')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/app/'));
        $signatureDataFile = '{
    "hashes": {
        "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
        "subfolder\\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
    },
    "signature": "dYoohBaWIFR\\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\\/Oz8LWFd+BEUQjC2LJgojPnpzaG\\/msw1nBkX16NNVDWWtJ25Bc\\/r\\/mG46rwjWB\\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
    "certificate": "-----BEGIN CERTIFICATE-----\\r\\nMIIE8jCCAtoCAhAIMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNVBAYTAlVTMQ8wDQYD\\r\\nVQQIDAZCb3N0b24xFjAUBgNVBAoMDW93bkNsb3VkIEluYy4xNTAzBgNVBAMMLG93\\r\\nbkNsb3VkIENvZGUgU2lnbmluZyBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MB4XDTE2\\r\\nMDUxODA5MzIwMFoXDTI2MDUxNjA5MzIwMFowEDEOMAwGA1UEAwwFdGFza3MwggIi\\r\\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDwgaK\\/DswWQalQs8RE9\\/5dHk\\/h\\r\\nRWS\\/Jw0Wqh2ASaY+EDXw1Nt62GItiEjQ6R1CgrW4RHeL2g5yokbokYD9Wl3JeIbW\\r\\nv1FcfBuoEBriNQOUmTpFFH5qyR6tlBOzp3uecEF8KcmRsFF\\/KlhQ+jNh2rj1q\\/Tm\\r\\nMLvzJFnRhNbW7HNfl0TZjp0O5xtFdoOUimctIUyhUvunH2OY+ySZpdg\\/Kqab\\/uMQ\\r\\nLU2qBydj2nsV3HYwiKw2JvzEFxMQ4DGPbTbPVBT6RXEL\\/yD8kWjDFzQLz+I0bkpV\\r\\nPoTy\\/7LCX2xUlMTTCxRaIbvLpzKxlBkD9v66JhijF3zVVUhU8yslxCMKdNNvxMOH\\r\\n3IYnrND762pakq+UCv+nvdr39tGXUaEyqUVjWX7SoY56uIU\\/wR3ny9NNuCacozGg\\r\\n81lPrVnBPv7NSD7eSkQvf5V2yp9BneZsvVkgiuWxB9PG2XmHMCbmG\\/1I730pWEb+\\r\\nxm8q7MdXBf+2VWlP4aZiDDI3c\\/tdO+kEiivPMpkf8aNNaFS\\/QuC0jr7ZyMHhPxSK\\r\\nZ0lO00fca\\/fyX0qv9T6EpHOoVrn2cN2z8Atot2iGk11N\\/nzVv3gzMQQOCTSO+67i\\r\\nRN6BxqcmQIbsoLIa35nDkpzZH3ob8cCmrhAMLxVdS08o5fZ4uCzuBVp4ntjCLbrM\\r\\nVBfJrg82cOrkzLpzhQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCqVh0ZzU3UZ3tg\\r\\nsc8jDI+MMrUU6A1gUv0zmT4yWYi2PZwWuhJ5V5z9GftZZNl8AmeyvaDRPdAFP0x4\\r\\nD6MIUthG9TIfu4b1bRbj1W29U+7xFF3A0B8zuLtRlokvjYjhY+PLx6NHh1L+pkKq\\r\\n8G87+PXz2N9eSuf\\/6Mx7Xgg\\/xScfpVDzLRmHgwSczXvyzMRT66HrNeZZBn6bNckC\\r\\nXhfurg1oZmYR2lkhZLPEB3p5ZtNWEYmsdyQz9N\\/J0SrDwcSeUXI4M6X1mCf4D7rX\\r\\nHRTeV5lH3VEQ+FfSL1mqDyRHCU3TKPzVjKNFHrk8XsnwZlcryWkgRodwHhVKZAeU\\r\\no2JmrmDGUMvJ3ktngI2TNGq99eYe3+lM4axFxr8VryRGfFu+0cR0x4ECasaHdLTy\\r\\nttitTcZ3+FCGTYCkhfWc0K2GegZzJiuMZ\\/Culm+tvwX4Z9fH1caWKDI55rk2SULD\\r\\nuCjh94RGxlRKmgljQPVN\\/buFDNE+x+Is18APa\\/5YExQqvfVsRsQ72wk+pzttFdAr\\r\\nDQclXYVjITPOgmX7l654rw7CGUi1lNFAWf+O7psnwEvF3ytPbaYlqWQJlnaYByN8\\r\\neE5bAMBkEoDV2eLmJN4F4R0KQThUDy6dvK2XlI0HUbDZgMZbWMz+D3Fv54ZTRMaW\\r\\nn3MEtya90V9SVUbYcwp7dhF\\/FVM3ug==\\r\\n-----END CERTIFICATE-----"
}';
        $this->fileAccessHelper->expects($this->at(0))->method('file_get_contents')->with(\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json')->will($this->returnValue($signatureDataFile));
        $this->fileAccessHelper->expects($this->at(1))->method('file_get_contents')->with('/resources/codesigning/root.crt')->will($this->returnValue(file_get_contents(__DIR__ . '/../../../resources/codesigning/root.crt')));
        $this->fileAccessHelper->expects($this->at(2))->method('file_get_contents')->with('/resources/codesigning/intermediate.crl.pem')->will($this->returnValue(file_get_contents(__DIR__ . '/../../../resources/codesigning/intermediate.crl.pem')));
        $expected = ['EXCEPTION' => ['class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Certificate has been revoked.']];
        $this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
    }

コード例 #8

0

ファイルを表示

ファイル: checksetupcontroller.php プロジェクト: farukuzun/core-1

 /**
  * @return DataResponse
  */
 public function check()
 {
     return new DataResponse(['serverHasInternetConnection' => $this->isInternetConnectionWorking(), 'isMemcacheConfigured' => $this->isMemcacheConfigured(), 'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'), 'isUrandomAvailable' => $this->isUrandomAvailable(), 'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'), 'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(), 'phpSupported' => $this->isPhpSupported(), 'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(), 'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'), 'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(), 'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(), 'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity')]);
 }

コード例 #9

0

ファイルを表示

ファイル: checkertest.php プロジェクト: farukuzun/core-1

 /**
  * @param string $channel
  * @param bool $isCodeSigningEnforced
  * @dataProvider channelDataProvider
  */
 public function testIsCodeCheckEnforced($channel, $isCodeSigningEnforced)
 {
     $this->environmentHelper->expects($this->once())->method('getChannel')->will($this->returnValue($channel));
     $this->config->expects($this->any())->method('getSystemValue')->with('integrity.check.disabled', false)->will($this->returnValue(false));
     $this->assertSame($isCodeSigningEnforced, $this->checker->isCodeCheckEnforced());
 }

コード例 #10

0

ファイルを表示

ファイル: CheckSetupControllerTest.php プロジェクト: farukuzun/core-1

コード例 #11

0

ファイルを表示

ファイル: checkcore.php プロジェクト: ZverAleksey/core

 /**
  * {@inheritdoc }
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $result = $this->checker->verifyCoreSignature();
     $this->writeArrayInOutputFormat($input, $output, $result);
 }

PHP OC\IntegrityCheck Checkerの例