/** * Process the submitted credentials. * In this case decrypt the password if it is RSA encrypted. * * @param array $loginData Credentials that are submitted and potentially modified by other services * @param string $passwordTransmissionStrategy Keyword of how the password has been hashed or encrypted before submission * @return bool */ public function processLoginData(array &$loginData, $passwordTransmissionStrategy) { $isProcessed = FALSE; if ($passwordTransmissionStrategy === 'rsa') { $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage(); /** @var $storage \TYPO3\CMS\Rsaauth\Storage\AbstractStorage */ // Decrypt the password $password = $loginData['uident']; $key = $storage->get(); if ($key !== NULL && substr($password, 0, 4) === 'rsa:') { // Decode password and store it in loginData $decryptedPassword = $this->backend->decrypt($key, substr($password, 4)); if ($decryptedPassword !== NULL) { $loginData['uident_text'] = $decryptedPassword; $isProcessed = TRUE; } else { if ($this->pObj->writeDevLog) { \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Process login data: Failed to RSA decrypt password', \TYPO3\CMS\Rsaauth\RsaAuthService::class); } } // Remove the key $storage->put(NULL); } else { if ($this->pObj->writeDevLog) { \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Process login data: passwordTransmissionStrategy has been set to "rsa" but no rsa encrypted password has been found.', \TYPO3\CMS\Rsaauth\RsaAuthService::class); } } } return $isProcessed; }
/** * Hooks to the felogin extension to provide additional code for FE login * * @return array 0 => onSubmit function, 1 => extra fields and required files */ public function loginFormHook() { $result = array(0 => '', 1 => ''); if (trim($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) === 'rsa') { $backend = \TYPO3\CMS\Rsaauth\Backend\BackendFactory::getBackend(); if ($backend) { $result[0] = 'tx_rsaauth_feencrypt(this);'; $javascriptPath = \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::siteRelPath('rsaauth') . 'resources/'; $files = array('jsbn/jsbn.js', 'jsbn/prng4.js', 'jsbn/rng.js', 'jsbn/rsa.js', 'jsbn/base64.js', 'rsaauth_min.js'); foreach ($files as $file) { $result[1] .= '<script type="text/javascript" src="' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . $javascriptPath . $file . '"></script>'; } // Generate a new key pair $keyPair = $backend->createNewKeyPair(); // Save private key $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage(); /** @var $storage \TYPO3\CMS\Rsaauth\Storage\AbstractStorage */ $storage->put($keyPair->getPrivateKey()); // Add RSA hidden fields $result[1] .= '<input type="hidden" id="rsa_n" name="n" value="' . htmlspecialchars($keyPair->getPublicKeyModulus()) . '" />'; $result[1] .= '<input type="hidden" id="rsa_e" name="e" value="' . sprintf('%x', $keyPair->getExponent()) . '" />'; } } return $result; }
/** * Provides form code and javascript for the user setup. * * @param array $parameters Parameters to the script * @param \TYPO3\CMS\Setup\Controller\SetupModuleController $userSetupObject Calling object: user setup module * @return string The code for the user setup */ public function getLoginScripts(array $parameters, \TYPO3\CMS\Setup\Controller\SetupModuleController $userSetupObject) { $content = ''; if ($this->isRsaAvailable()) { // If we can get the backend, we can proceed $backend = \TYPO3\CMS\Rsaauth\Backend\BackendFactory::getBackend(); $javascriptPath = \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::siteRelPath('rsaauth') . 'resources/'; $files = array('jsbn/jsbn.js', 'jsbn/prng4.js', 'jsbn/rng.js', 'jsbn/rsa.js', 'jsbn/base64.js', 'rsaauth_min.js'); $content = ''; foreach ($files as $file) { $content .= '<script type="text/javascript" src="' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . $javascriptPath . $file . '"></script>'; } // Generate a new key pair $keyPair = $backend->createNewKeyPair(); // Save private key $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage(); /** @var $storage \TYPO3\CMS\Rsaauth\Storage\AbstractStorage */ $storage->put($keyPair->getPrivateKey()); // Add form tag $form = '<form action="' . \TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('user_setup') . '" method="post" name="usersetup" enctype="application/x-www-form-urlencoded" onsubmit="tx_rsaauth_encryptUserSetup();">'; // Add RSA hidden fields $form .= '<input type="hidden" id="rsa_n" name="n" value="' . htmlspecialchars($keyPair->getPublicKeyModulus()) . '" />'; $form .= '<input type="hidden" id="rsa_e" name="e" value="' . sprintf('%x', $keyPair->getExponent()) . '" />'; $userSetupObject->doc->form = $form; } return $content; }
/** * Gets RSA Public Key. * * @return Keypair|NULL */ public function getRsaPublicKey() { $keyPair = null; $backend = Backend\BackendFactory::getBackend(); if ($backend !== null) { $keyPair = $backend->createNewKeyPair(); $storage = Storage\StorageFactory::getStorage(); $storage->put($keyPair->getPrivateKey()); session_commit(); } return $keyPair; }
/** * Gets RSA Public Key. * * @param array $parameters Parameters (not used) * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $parent The calling parent AJAX object * @return void */ public function getRsaPublicKey(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $parent) { $backend = BackendFactory::getBackend(); if ($backend !== NULL) { $keyPair = $backend->createNewKeyPair(); $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage(); $storage->put($keyPair->getPrivateKey()); session_commit(); $parent->addContent('publicKeyModulus', $keyPair->getPublicKeyModulus()); $parent->addContent('exponent', sprintf('%x', $keyPair->getExponent())); $parent->setContentFormat('json'); } else { $parent->setError('No OpenSSL backend could be obtained for rsaauth.'); } }
/** * @param ServerRequestInterface $request * @param ResponseInterface $response * @return ResponseInterface */ public function processRequest(ServerRequestInterface $request, ResponseInterface $response) { /** @var \TYPO3\CMS\Rsaauth\Backend\AbstractBackend $backend */ $backend = BackendFactory::getBackend(); if ($backend === null) { // add a HTTP 500 error code, if an error occurred return $response->withStatus(500); } $keyPair = $backend->createNewKeyPair(); $storage = StorageFactory::getStorage(); $storage->put($keyPair->getPrivateKey()); session_commit(); $content = $keyPair->getPublicKeyModulus() . ':' . sprintf('%x', $keyPair->getExponent()) . ':'; $response->getBody()->write($content); return $response; }
/** * Adds RSA-specific JavaScript and returns a form tag * * @return string Form tag */ public function getLoginFormTag(array $params, \TYPO3\CMS\Backend\Controller\LoginController &$pObj) { $form = NULL; if ($pObj->loginSecurityLevel == 'rsa') { // If we can get the backend, we can proceed $backend = \TYPO3\CMS\Rsaauth\Backend\BackendFactory::getBackend(); if (!is_null($backend)) { // Add form tag $form = '<form action="index.php" method="post" name="loginform" onsubmit="tx_rsaauth_encrypt();">'; // Generate a new key pair $keyPair = $backend->createNewKeyPair(); // Save private key $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage(); /** @var $storage \TYPO3\CMS\Rsaauth\Storage\AbstractStorage */ $storage->put($keyPair->getPrivateKey()); // Add RSA hidden fields $form .= '<input type="hidden" id="rsa_n" name="n" value="' . htmlspecialchars($keyPair->getPublicKeyModulus()) . '" />'; $form .= '<input type="hidden" id="rsa_e" name="e" value="' . sprintf('%x', $keyPair->getExponent()) . '" />'; } else { throw new \TYPO3\CMS\Core\Error\Exception('No OpenSSL backend could be obtained for rsaauth.', 1318283565); } } return $form; }
<?php defined('TYPO3_MODE') or die; /** * This file is part of the TYPO3 CMS project. * * It is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License, either version 2 * of the License, or any later version. * * For the full copyright and license information, please read the * LICENSE.txt file that was distributed with this source code. * * The TYPO3 project - inspiring people to share! */ /** @var \TYPO3\CMS\Rsaauth\Backend\AbstractBackend $backend */ $backend = \TYPO3\CMS\Rsaauth\Backend\BackendFactory::getBackend(); if ($backend !== NULL) { $keyPair = $backend->createNewKeyPair(); $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage(); $storage->put($keyPair->getPrivateKey()); session_commit(); echo $keyPair->getPublicKeyModulus() . ':' . sprintf('%x', $keyPair->getExponent()) . ':'; }
/** * @return Storage\AbstractStorage */ protected function getStorage() { if ($this->storage === null) { $this->storage = Storage\StorageFactory::getStorage(); } return $this->storage; }