mirror of
https://github.com/24eme/signaturepdf
synced 2024-05-21 23:26:38 +02:00
change way to handle encryption
This commit is contained in:
parent
488f720284
commit
12043408cc
38
app.php
38
app.php
|
@ -230,8 +230,7 @@ $f3->route('POST /share',
|
|||
return basename($tmpfile."_".$fileBaseName);
|
||||
}
|
||||
});
|
||||
array_map('cryptographyClass::hardUnlink', $_FILES['svg']['tmp_name']);
|
||||
CryptographyClass::hardUnlink($_FILES['pdf']['tmp_name']);
|
||||
|
||||
if(!count($files)) {
|
||||
$f3->error(403);
|
||||
}
|
||||
|
@ -241,15 +240,14 @@ $f3->route('POST /share',
|
|||
if(!$f3->get('DEBUG')) {
|
||||
array_map('cryptographyClass::hardUnlink', glob($tmpfile."*.svg"));
|
||||
}
|
||||
if (!isset($_COOKIE[$hash])) {
|
||||
$symmetric_key = createSymmetricKey();
|
||||
$keyCookieDate = strtotime('+1 year');
|
||||
setcookie($hash, $symmetric_key, ['expires' => $keyCookieDate, 'samesite' => 'Strict', 'path' => "/"]);
|
||||
}
|
||||
$encryptor = new CryptographyClass($symmetric_key);
|
||||
$encryptor->encrypt($hash);
|
||||
$symmetricKey = CryptographyClass::createSymmetricKey();
|
||||
setcookie($hash, $symmetricKey, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]);
|
||||
|
||||
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetric_key);
|
||||
$encryptor = new CryptographyClass($symmetricKey, $f3->get('PDF_STORAGE_PATH').$hash);
|
||||
$encryptor->encrypt();
|
||||
|
||||
|
||||
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetricKey);
|
||||
}
|
||||
|
||||
);
|
||||
|
@ -260,12 +258,11 @@ $f3->route('GET /signature/@hash/pdf',
|
|||
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
|
||||
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
|
||||
|
||||
if (substr($_COOKIE[$hash], 0, 4) !== '#sk:') {
|
||||
echo "Error: Invalid prefix.";
|
||||
exit;
|
||||
if (CryptographyClass::isSymmetricKeyValid($_COOKIE[$hash]) == false) {
|
||||
$f3->error(403);
|
||||
}
|
||||
$cryptor = new CryptographyClass(substr($_COOKIE[$hash], 4, 15));
|
||||
$cryptor->decrypt($hash);
|
||||
$cryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash);
|
||||
$cryptor->decrypt();
|
||||
|
||||
$files = scandir($sharingFolder);
|
||||
$originalFile = $sharingFolder.'/original.pdf';
|
||||
|
@ -536,15 +533,4 @@ function convertPHPSizeToBytes($sSize)
|
|||
return (int)$iValue;
|
||||
}
|
||||
|
||||
function createSymmetricKey() {
|
||||
$length = 15;
|
||||
$keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
$pieces = [];
|
||||
$max = mb_strlen($keyspace, '8bit') - 1;
|
||||
for ($i = 0; $i < $length; ++$i) {
|
||||
$pieces []= $keyspace[random_int(0, $max)];
|
||||
}
|
||||
return implode('', $pieces);
|
||||
}
|
||||
|
||||
return $f3;
|
||||
|
|
|
@ -2,54 +2,77 @@
|
|||
|
||||
class CryptographyClass
|
||||
{
|
||||
private $symmetric_key = null;
|
||||
private $symmetricKey = null;
|
||||
private $pathHash = null;
|
||||
|
||||
function __construct($key) {
|
||||
$this->setSymmetricKey($key);
|
||||
function __construct($key, $pathHash) {
|
||||
$this->symmetricKey = $key;
|
||||
$this->pathHash = $pathHash;
|
||||
}
|
||||
|
||||
public function encrypt($hash) {
|
||||
foreach (glob("/tmp/".$hash.'/*.pdf') as $file) {
|
||||
private function getFiles($isGpg) {
|
||||
$suffix = "";
|
||||
if ($isGpg) {
|
||||
$suffix = ".gpg";
|
||||
}
|
||||
$filesTab = glob($this->pathHash.'/*.pdf'.$suffix);
|
||||
$filesTab[] = $this->pathHash."/filename.txt".$suffix;
|
||||
|
||||
return $filesTab;
|
||||
}
|
||||
|
||||
public function encrypt() {
|
||||
|
||||
foreach ($this->getFiles(false) as $file) {
|
||||
$outputFile = $file.".gpg";
|
||||
$key = $this->getSymmetricKey();
|
||||
$command = "gpg --batch --passphrase $key --symmetric --cipher-algo AES256 -o $outputFile $file";
|
||||
$command = "gpg --batch --passphrase $this->symmetricKey --symmetric --cipher-algo AES256 -o $outputFile $file";
|
||||
$result = shell_exec($command);
|
||||
if ($result === false) {
|
||||
echo "Cypher failure";
|
||||
exit;
|
||||
}
|
||||
unlink($file);
|
||||
$this->hardUnlink($file);
|
||||
}
|
||||
}
|
||||
|
||||
public function decrypt($hash) {
|
||||
foreach (glob("/tmp/".$hash.'/*.gpg') as $file) {
|
||||
public function decrypt() {
|
||||
foreach ($this->getFiles(true) as $file) {
|
||||
$outputFile = str_replace(".gpg", "", $file);
|
||||
$key = $this->getSymmetricKey();
|
||||
$command = "gpg --batch --passphrase $key --decrypt -o $outputFile $file";
|
||||
$command = "gpg --batch --passphrase $this->symmetricKey --decrypt -o $outputFile $file";
|
||||
$result = shell_exec($command);
|
||||
if ($result === false) {
|
||||
echo "Decypher failure";
|
||||
exit;
|
||||
}
|
||||
unlink($file);
|
||||
$this->hardUnlink($file);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
private function getSymmetricKey() {
|
||||
return $this->symmetric_key;
|
||||
}
|
||||
|
||||
private function setSymmetricKey($key) {
|
||||
$this->symmetric_key = $key;
|
||||
}
|
||||
|
||||
public static function hardUnlink($element) {
|
||||
$eraser = str_repeat(0, strlen($element));
|
||||
if (!$element) {
|
||||
return;
|
||||
}
|
||||
print_r(['hu', $element]);
|
||||
$eraser = str_repeat(0, strlen(file_get_contents($element)));
|
||||
file_put_contents($element, $eraser);
|
||||
unlink($element);
|
||||
}
|
||||
|
||||
public static function isSymmetricKeyValid($key) {
|
||||
return (bool)preg_match('/^[0-9a-zA-Z]{15}$/', $key);
|
||||
}
|
||||
|
||||
public static function createSymmetricKey() {
|
||||
$length = 15;
|
||||
$keySpace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
$pieces = [];
|
||||
$max = mb_strlen($keySpace, '8bit') - 1;
|
||||
for ($i = 0; $i < $length; ++$i) {
|
||||
$pieces []= $keySpace[random_int(0, $max)];
|
||||
}
|
||||
|
||||
return implode('', $pieces);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -1166,5 +1166,12 @@ var pageSignature = async function(url) {
|
|||
})();
|
||||
|
||||
function storeSymmetricKeyCookie() {
|
||||
document.cookie = pdfHash + "=" + window.location.hash + "; SameSite=Strict";
|
||||
let symmetricKey = window.location.hash;
|
||||
if (symmetricKey.length != 19) {
|
||||
console.error("Erreur taille cle symmetrique.");
|
||||
return;
|
||||
} else if (symmetricKey.substr(0, 4) != "#sk:") {
|
||||
console.error("Erreur format cle symmetrique");
|
||||
}
|
||||
document.cookie = pdfHash + "=" + symmetricKey.substr(4, 15) + "; SameSite=Strict";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue