function install()
{
if (self::$key === null) {
$cryptokey = \Defuse\Crypto\Key::createNewRandomKey();
self::$key = $cryptokey->saveToAsciiSafeString();
}
$authconfig = $this->getConfigIni()->getValue('auth', 'coordplugins');
$authconfigMaster = $this->getLocalConfigIni()->getValue('auth', 'coordplugins');
$forWS = in_array($this->entryPoint->type, array('json', 'jsonrpc', 'soap', 'xmlrpc'));
if (!$authconfig || $forWS && $authconfig == $authconfigMaster) {
if ($forWS) {
$pluginIni = 'authsw.coord.ini.php';
} else {
$pluginIni = 'auth.coord.ini.php';
}
$authconfig = dirname($this->entryPoint->getConfigFile()) . '/' . $pluginIni;
if ($this->firstExec('auth:' . $authconfig)) {
// no configuration, let's install the plugin for the entry point
$this->config->setValue('auth', $authconfig, 'coordplugins');
if (!file_exists(jApp::configPath($authconfig))) {
$this->copyFile('var/config/' . $pluginIni, jApp::configPath($authconfig));
}
}
}
$this->getLocalConfigIni()->setValue('persistant_encryption_key', self::$key, 'coordplugin_auth');
}
public function testEncryptionAndDecrypt()
{
$e = new Encrypter(Key::createNewRandomKey());
$encrypted = $e->encrypt('foo');
$this->assertNotEquals('foo', $encrypted);
$this->assertEquals('foo', $e->decrypt($encrypted));
}
/**
* @expectedException \Defuse\Crypto\Exception\BadFormatException
* @excpectedExceptionMessage key version header
*/
public function testIncorrectHeader()
{
$key = Key::createNewRandomKey();
$str = $key->saveToAsciiSafeString();
$str[0] = 'f';
Key::loadFromAsciiSafeString($str);
}
/**
* @expectedException \Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException
*/
public function testBitflip()
{
$key = Key::createNewRandomKey();
$password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key);
$password[0] = \ord($password[0]) === 0 ? 255 : 0;
PasswordLock::decryptAndVerify('YELLOW SUBMARINE', $password, $key);
}
/**
* Generates a new key
*
* @return string The generated key
*
* @throws \CodeCollab\Encryption\CryptoException When not being able to create a sufficient strong key
*/
public function generate() : string
{
try {
return DefuseKey::createNewRandomKey()->saveToAsciiSafeString();
} catch (EnvironmentIsBrokenException $e) {
throw new CryptoException($e->getMessage(), $e->getCode(), $e);
}
}
public function testProviderWithoutConfigManagerAndNamespace()
{
$container = new Container();
$container->register(new HashingServiceProvider());
$container->instance('viserio.hashing.options', ['key' => Key::createNewRandomKey()]);
$this->assertInstanceOf(Password::class, $container->get(Password::class));
$this->assertInstanceOf(Password::class, $container->get('password'));
}
public function testGenerate()
{
$generator = new UserAgentGenerator(Key::createNewRandomKey(), 'test');
$this->assertInternalType('string', $generator->generate());
$this->assertSame(40, strlen($generator->generate()));
$generator = new UserAgentGenerator(Key::createNewRandomKey());
$this->assertInternalType('string', $generator->generate());
$this->assertSame(40, strlen($generator->generate()));
}
public function testProviderWithoutConfigManagerAndNamespace()
{
$container = new Container();
$container->register(new EncrypterServiceProvider());
$key = Key::createNewRandomKey();
$container->instance('viserio.encryption.options', ['key' => $key->saveToAsciiSafeString()]);
$this->assertInstanceOf(Encrypter::class, $container->get(Encrypter::class));
$this->assertInstanceOf(Encrypter::class, $container->get('encrypter'));
}
public function testEncryptDecryptWithPassword()
{
$data = "EnCrYpT EvErYThInG";
$password = '******';
// Make sure encrypting then decrypting doesn't change the message.
$ciphertext = Crypto::encryptWithPassword($data, $password, true);
try {
$decrypted = Crypto::decryptWithPassword($ciphertext, $password, true);
} catch (Ex\WrongKeyOrModifiedCiphertextException $ex) {
// It's important to catch this and change it into a
// Ex\EnvironmentIsBrokenException, otherwise a test failure could trick
// the user into thinking it's just an invalid ciphertext!
throw new Ex\EnvironmentIsBrokenException();
}
if ($decrypted !== $data) {
throw new Ex\EnvironmentIsBrokenException();
}
// Modifying the ciphertext: Appending a string.
try {
Crypto::decryptWithPassword($ciphertext . 'a', $password, true);
throw new Ex\EnvironmentIsBrokenException();
} catch (Ex\WrongKeyOrModifiedCiphertextException $e) {
/* expected */
}
// Modifying the ciphertext: Changing an HMAC byte.
$indices_to_change = [0, Core::HEADER_VERSION_SIZE + 1, Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + 1, Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + Core::BLOCK_BYTE_SIZE + 1];
foreach ($indices_to_change as $index) {
try {
$ciphertext[$index] = \chr((\ord($ciphertext[$index]) + 1) % 256);
Crypto::decryptWithPassword($ciphertext, $password, true);
throw new Ex\EnvironmentIsBrokenException();
} catch (Ex\WrongKeyOrModifiedCiphertextException $e) {
/* expected */
}
}
// Decrypting with the wrong password.
$password = '******';
$data = 'abcdef';
$ciphertext = Crypto::encryptWithPassword($data, $password, true);
$wrong_password = '******';
try {
Crypto::decryptWithPassword($ciphertext, $wrong_password, true);
throw new Ex\EnvironmentIsBrokenException();
} catch (Ex\WrongKeyOrModifiedCiphertextException $e) {
/* expected */
}
// Ciphertext too small.
$password = Key::createNewRandomKey();
$ciphertext = \str_repeat('A', Core::MINIMUM_CIPHERTEXT_SIZE - 1);
try {
Crypto::decryptWithPassword($ciphertext, $password, true);
throw new Ex\EnvironmentIsBrokenException();
} catch (Ex\WrongKeyOrModifiedCiphertextException $e) {
/* expected */
}
}
public function testGenerateWithIp()
{
$_SERVER['REMOTE_ADDR'] = '192.0.2.60';
$generator = new ClientIpGenerator(Key::createNewRandomKey());
$this->assertInternalType('string', $generator->generate());
$this->assertSame(40, strlen($generator->generate()));
unset($_SERVER['REMOTE_ADDR']);
// return empty ip string
$this->assertInternalType('string', $generator->generate());
$this->assertSame(40, strlen($generator->generate()));
}
public function setUp()
{
parent::setUp();
$encrypter = new Encrypter(Key::createNewRandomKey());
$config = $this->mock(ConfigContract::class);
$config->shouldReceive('get')->with('cache.drivers', []);
$config->shouldReceive('get')->with('cache.namespace');
$manager = new SessionManager($config, $encrypter);
$manager->setContainer(new ArrayContainer([JarContract::class => $this->mock(JarContract::class), CacheManagerContract::class => new CacheManager($config)]));
$this->manager = $manager;
}
/**
* Encrypt a message with defuse/php-encryption, using an ephemeral key,
* then encrypt the key with RSA.
*
* @param string $plaintext
* @param PublicKey $rsaPublicKey
*
* @return string
*/
public static function encrypt($plaintext, PublicKey $rsaPublicKey)
{
// Random encryption key
$ephemeral = Key::createNewRandomKey();
// Encrypt the actual message
$symmetric = Base64::encode(Crypto::encrypt($plaintext, $ephemeral, true));
// Use RSA to encrypt the encryption key
$storeKey = \base64_encode(self::rsaEncrypt($ephemeral->saveToAsciiSafeString(), $rsaPublicKey));
$packaged = \implode(self::SEPARATOR, array(self::VERSION_TAG, $storeKey, $symmetric));
$checksum = \substr(\hash('sha256', $packaged), 0, 16);
// Return the ciphertext
return $packaged . self::SEPARATOR . $checksum;
}
public function testProvider()
{
$container = new Container();
$container->register(new EncrypterServiceProvider());
$container->register(new ConfigServiceProvider());
$container->register(new SessionServiceProvider());
$container->register(new FilesServiceProvider());
$key = Key::createNewRandomKey();
$container->get('config')->set('encryption', ['key' => $key->saveToAsciiSafeString()]);
$container->get('config')->set('session', ['path' => '', 'lifetime' => 3000, 'cookie' => 'test']);
$this->assertInstanceOf(SessionManager::class, $container->get(SessionManager::class));
$this->assertInstanceOf(SessionManager::class, $container->get('session'));
$this->assertInstanceOf(StoreContract::class, $container->get('session.store'));
}
function install()
{
if (self::$key === null) {
$cryptokey = \Defuse\Crypto\Key::createNewRandomKey();
self::$key = $cryptokey->saveToAsciiSafeString();
}
$conf = $this->getConfigIni()->getValue('auth', 'coordplugins');
if ($conf == '1') {
$this->getConfigIni()->removeValue('persistant_crypt_key', 'coordplugin_auth');
} else {
if ($conf) {
$conff = jApp::configPath($conf);
if (file_exists($conff)) {
$ini = new \Jelix\IniFile\IniModifier($conff);
$ini->removeValue('persistant_crypt_key');
}
}
}
$this->getLocalConfigIni()->setValue('persistant_encryption_key', self::$key, 'coordplugin_auth');
}
/**
* Method to generate a new encryption key object.
*
* @param array $options Key generation options.
*
* @return Key
*
* @since 1.3.0
* @throws \RuntimeException
*/
public function generateKey(array $options = array())
{
// Generate the encryption key.
try {
$public = DefuseKey::createNewRandomKey();
} catch (EnvironmentIsBrokenException $ex) {
throw new \RuntimeException('Cannot safely create a key', $ex->getCode(), $ex);
}
// Create the new encryption key object.
return new Key('crypto', $public->saveToAsciiSafeString(), $public->getRawBytes());
}
/**
* @covers ::__construct
* @covers ::key
*/
public function testConstruct()
{
new EncryptAdapter(new MemoryAdapter(), Key::createNewRandomKey());
}
/**
* Generate a 32 length AES256 Key
*
*
* @return string
*/
public static function genAES256Key()
{
return \Defuse\Crypto\Key::createNewRandomKey()->saveToAsciiSafeString();
}
/**
* @covers CodeCollab\Encryption\Defusev2\Encryptor::__construct
* @covers CodeCollab\Encryption\Defusev2\Encryptor::encrypt
*/
public function testEncryptSuccess()
{
$encryptor = new Encryptor(DefuseKey::createNewRandomKey()->saveToAsciiSafeString());
$this->assertSame(186, strlen($encryptor->encrypt('foobarbaz')));
}
public function testShouldRecreate()
{
$key = Key::createNewRandomKey();
$hash = $this->password->create('totally-insecure-but-lengthy-password');
$this->assertNotSame($hash, $this->password->shouldRecreate($hash, $key));
}
public function testStartMethodGeneratesFingerprint()
{
$session = $this->session;
$oldFingerprint = $session->getFingerprint();
$session->addFingerprintGenerator(new UserAgentGenerator(Key::createNewRandomKey(), 'test'));
$session->start();
$this->assertSame('', $oldFingerprint);
$this->assertEquals(40, strlen($session->getFingerprint()));
$this->assertNotEquals($oldFingerprint, $session->getFingerprint());
}
