class.tx_rsaauth_cmdline_backend.php

/typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_cmdline_backend.php

https://github.com/foxsoft/typo3v4core
PHP | 178 lines | 66 code | 23 blank | 89 comment | 9 complexity | a257b92b6077b00cc97a95e84afc1298 MD5 | raw file
Possible License(s): Apache-2.0

<?php
/***************************************************************
*  Copyright notice
*
*  (c) 2009-2010 Dmitry Dulepov <dmitry@typo3.org>
*  All rights reserved
*
*  This script is part of the TYPO3 project. The TYPO3 project is
*  free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 2 of the License, or
*  (at your option) any later version.
*
*  The GNU General Public License can be found at
*  http://www.gnu.org/copyleft/gpl.html.
*
*  This script is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/

/**
 * [CLASS/FUNCTION INDEX of SCRIPT]
 *
 * $Id$
 */

require_once(t3lib_extMgm::extPath('rsaauth', 'sv1/backends/class.tx_rsaauth_abstract_backend.php'));

/**
 * This class contains a OpenSSL backend for the TYPO3 RSA authentication
 * service. It uses shell version of OpenSSL to perform tasks. See class
 * tx_rsaauth_abstract_backend for the information on using backends.
 *
 * @author	Dmitry Dulepov <dmitry@typo3.org>
 * @package	TYPO3
 * @subpackage	tx_rsaauth
 */
class tx_rsaauth_cmdline_backend extends tx_rsaauth_abstract_backend {

	/**
	 * A path to the openssl binary or false if the binary does not exist
	 *
	 * @var	mixed
	 */
	protected	$opensslPath;

	/**
	 * Temporary directory. It is best of it is outside of the web site root and
	 * not publically readable.
	 * For now we use typo3temp/.
	 *
	 * @var	string
	 */
	protected	$temporaryDirectory;

	/**
	 * Creates an instance of this class. It obtains a path to the OpenSSL
	 * binary.
	 *
	 * @return	void
	 */
	public function __construct() {
		$this->opensslPath = t3lib_exec::getCommand('openssl');
		$this->temporaryDirectory = PATH_site . 'typo3temp';

		// Get temporary directory from the configuration
		$extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth']);
		if ($extconf['temporaryDirectory'] != '' &&
				$extconf['temporaryDirectory']{0} == '/' &&
				@is_dir($extconf['temporaryDirectory']) &&
				is_writable($extconf['temporaryDirectory'])) {
			$this->temporaryDirectory = $extconf['temporaryDirectory'];
		}
	}

	/**
	 *
	 * @return tx_rsaauth_keypair	A new key pair or null in case of error
	 * @see tx_rsaauth_abstract_backend::createNewKeyPair()
	 */
	public function createNewKeyPair() {
		$result = null;

		// Create a temporary file. Security: tempnam() sets permissions to 0600
		$privateKeyFile = tempnam($this->temporaryDirectory, uniqid());

		// Generate the private key.
		//
		// PHP generates 1024 bit key files. We force command line version
		// to do the same and use the F4 (0x10001) exponent. This is the most
		// secure.
		$command = $this->opensslPath . ' genrsa -out ' .
			escapeshellarg($privateKeyFile) . ' 1024';
		exec($command);

		// Test that we got a private key
		$privateKey = file_get_contents($privateKeyFile);
		if (false !== strpos($privateKey, 'BEGIN RSA PRIVATE KEY')) {
			// Ok, we got the private key. Get the modulus.
			$command = $this->opensslPath . ' rsa -noout -modulus -in ' .
				escapeshellarg($privateKeyFile);
			$value = exec($command);
			if (substr($value, 0, 8) === 'Modulus=') {
				$publicKey = substr($value, 8);

				// Create a result object
				$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
				/* @var $result tx_rsa_keypair */
				$result->setExponent(0x10001);
				$result->setPrivateKey($privateKey);
				$result->setPublicKey($publicKey);
			}
		}

		@unlink($privateKeyFile);

		return $result;
	}

	/**
	 *
	 * @param string	$privateKey	The private key (obtained from a call to createNewKeyPair())
	 * @param string	$data	Data to decrypt (base64-encoded)
	 * @return string	Decrypted data or null in case of a error
	 * @see tx_rsaauth_abstract_backend::decrypt()
	 */
	public function decrypt($privateKey, $data) {
		// Key must be put to the file
		$privateKeyFile = tempnam($this->temporaryDirectory, uniqid());
		file_put_contents($privateKeyFile, $privateKey);

		$dataFile = tempnam($this->temporaryDirectory, uniqid());
		file_put_contents($dataFile, base64_decode($data));

		// Prepare the command
		$command = $this->opensslPath . ' rsautl -inkey ' .
			escapeshellarg($privateKeyFile) . ' -in ' .
			escapeshellarg($dataFile) .
			' -decrypt';

		// Execute the command and capture the result
		$output = array();
		exec($command, $output);

		// Remove the file
		@unlink($privateKeyFile);
		@unlink($dataFile);

		return implode(LF, $output);
	}

	/**
	 * Checks if command line version of the OpenSSL is available and can be
	 * executed successfully.
	 *
	 * @return void
	 * @see tx_rsaauth_abstract_backend::isAvailable()
	 */
	public function isAvailable() {
		$result = false;
		if ($this->opensslPath) {
			// If path exists, test that command runs and can produce output
			$test = exec($this->opensslPath . ' version');
			$result = (substr($test, 0, 8) == 'OpenSSL ');
		}
		return $result;
	}
}

if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/backends/class.tx_rsaauth_cmdline_backend.php'])	{
	include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/backends/class.tx_rsaauth_cmdline_backend.php']);
}

?>