/** * {@inheritdoc } */ protected function execute(InputInterface $input, OutputInterface $output) { $privateKeyPath = $input->getOption('privateKey'); $keyBundlePath = $input->getOption('certificate'); $path = $input->getOption('path'); if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) { $output->writeln('--privateKey, --certificate and --path are required.'); return null; } $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath); $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath); if ($privateKey === false) { $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath)); return null; } if ($keyBundle === false) { $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath)); return null; } $rsa = new RSA(); $rsa->loadKey($privateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); $this->checker->writeCoreSignature($x509, $rsa, $path); $output->writeln('Successfully signed "core"'); }
/** * {@inheritdoc } */ protected function execute(InputInterface $input, OutputInterface $output) { $path = $input->getOption('path'); $privateKeyPath = $input->getOption('privateKey'); $keyBundlePath = $input->getOption('certificate'); if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) { $documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity'); $output->writeln('This command requires the --path, --privateKey and --certificate.'); $output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"'); $output->writeln('For more information please consult the documentation: ' . $documentationUrl); return null; } $privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath); $keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath); if ($privateKey === false) { $output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath)); return null; } if ($keyBundle === false) { $output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath)); return null; } $rsa = new RSA(); $rsa->loadKey($privateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); $this->checker->writeAppSignature($path, $x509, $rsa); $output->writeln('Successfully signed "' . $path . '"'); }
public function testReadAndWrite() { $tempManager = \OC::$server->getTempManager(); $filePath = $tempManager->getTemporaryFile(); $data = 'SomeDataGeneratedByIntegrityCheck'; $this->fileAccessHelper->file_put_contents($filePath, $data); $this->assertSame($data, $this->fileAccessHelper->file_get_contents($filePath)); }
public function testExecute() { $inputInterface = $this->getMock('\\Symfony\\Component\\Console\\Input\\InputInterface'); $outputInterface = $this->getMock('\\Symfony\\Component\\Console\\Output\\OutputInterface'); $inputInterface->expects($this->at(0))->method('getOption')->with('privateKey')->will($this->returnValue('privateKey')); $inputInterface->expects($this->at(1))->method('getOption')->with('certificate')->will($this->returnValue('certificate')); $this->fileAccessHelper->expects($this->at(0))->method('file_get_contents')->with('privateKey')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/core.key')); $this->fileAccessHelper->expects($this->at(1))->method('file_get_contents')->with('certificate')->will($this->returnValue(\OC::$SERVERROOT . '/tests/data/integritycheck/core.crt')); $this->checker->expects($this->once())->method('writeCoreSignature'); $outputInterface->expects($this->at(0))->method('writeln')->with('Successfully signed "core"'); $this->invokePrivate($this->signCore, 'execute', [$inputInterface, $outputInterface]); }
public function testRunInstanceVerification() { $this->checker = $this->getMockBuilder('\\OC\\IntegrityCheck\\Checker')->setConstructorArgs([$this->environmentHelper, $this->fileAccessHelper, $this->appLocator, $this->config, $this->cacheFactory, $this->appManager])->setMethods(['verifyCoreSignature', 'verifyAppSignature'])->getMock(); $this->checker->expects($this->at(0))->method('verifyCoreSignature'); $this->appLocator->expects($this->at(0))->Method('getAllApps')->will($this->returnValue(['files', 'calendar', 'contacts', 'dav'])); $this->appManager->expects($this->at(0))->method('isShipped')->with('files')->will($this->returnValue(true)); $this->checker->expects($this->at(1))->method('verifyAppSignature')->with('files'); $this->appManager->expects($this->at(1))->method('isShipped')->with('calendar')->will($this->returnValue(false)); $this->appLocator->expects($this->at(1))->method('getAppPath')->with('calendar')->will($this->returnValue('/apps/calendar')); $this->fileAccessHelper->expects($this->at(0))->method('file_exists')->with('/apps/calendar/appinfo/signature.json')->will($this->returnValue(true)); $this->checker->expects($this->at(2))->method('verifyAppSignature')->with('calendar'); $this->appManager->expects($this->at(2))->method('isShipped')->with('contacts')->will($this->returnValue(false)); $this->appLocator->expects($this->at(2))->method('getAppPath')->with('contacts')->will($this->returnValue('/apps/contacts')); $this->fileAccessHelper->expects($this->at(1))->method('file_exists')->with('/apps/contacts/appinfo/signature.json')->will($this->returnValue(false)); $this->appManager->expects($this->at(3))->method('isShipped')->with('dav')->will($this->returnValue(true)); $this->checker->expects($this->at(3))->method('verifyAppSignature')->with('dav'); $this->checker->runInstanceVerification(); }
/** * Verify the core code of the instance as well as all applicable applications * and store the results. */ public function runInstanceVerification() { $this->verifyCoreSignature(); $appIds = $this->appLocator->getAllApps(); foreach ($appIds as $appId) { // If an application is shipped a valid signature is required $isShipped = $this->appManager->isShipped($appId); $appNeedsToBeChecked = false; if ($isShipped) { $appNeedsToBeChecked = true; } elseif ($this->fileAccessHelper->file_exists($this->appLocator->getAppPath($appId) . '/appinfo/signature.json')) { // Otherwise only if the application explicitly ships a signature.json file $appNeedsToBeChecked = true; } if ($appNeedsToBeChecked) { $this->verifyAppSignature($appId); } } }