deblan-mirror/24eme-signaturepdf
1
0
Fork 0
mirror of https://github.com/24eme/signaturepdf synced 2024-05-21 23:26:38 +02:00
Code Activity

change way to handle encryption

Browse source
This commit is contained in:
tale-fau 2023-11-07 19:51:38 +01:00
parent 488f720284
commit 12043408cc
3 changed files with 65 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
app.php
View file

@ -230,8 +230,7 @@ $f3->route('POST /share',
return basename($tmpfile."_".$fileBaseName);
}
});
array_map('cryptographyClass::hardUnlink', $_FILES['svg']['tmp_name']);
CryptographyClass::hardUnlink($_FILES['pdf']['tmp_name']);
if(!count($files)) {
$f3->error(403);
}
@ -241,15 +240,14 @@ $f3->route('POST /share',
if(!$f3->get('DEBUG')) {
array_map('cryptographyClass::hardUnlink', glob($tmpfile."*.svg"));
}
if (!isset($_COOKIE[$hash])) {
$symmetric_key = createSymmetricKey();
$keyCookieDate = strtotime('+1 year');
setcookie($hash, $symmetric_key, ['expires' => $keyCookieDate, 'samesite' => 'Strict', 'path' => "/"]);
}
$encryptor = new CryptographyClass($symmetric_key);
$encryptor->encrypt($hash);
$symmetricKey = CryptographyClass::createSymmetricKey();
setcookie($hash, $symmetricKey, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]);
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetric_key);
$encryptor = new CryptographyClass($symmetricKey, $f3->get('PDF_STORAGE_PATH').$hash);
$encryptor->encrypt();
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetricKey);
}
);
@ -260,12 +258,11 @@ $f3->route('GET /signature/@hash/pdf',
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
if (substr($_COOKIE[$hash], 0, 4) !== '#sk:') {
echo "Error: Invalid prefix.";
exit;
if (CryptographyClass::isSymmetricKeyValid($_COOKIE[$hash]) == false) {
$f3->error(403);
}
$cryptor = new CryptographyClass(substr($_COOKIE[$hash], 4, 15));
$cryptor->decrypt($hash);
$cryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash);
$cryptor->decrypt();
$files = scandir($sharingFolder);
$originalFile = $sharingFolder.'/original.pdf';
@ -536,15 +533,4 @@ function convertPHPSizeToBytes($sSize)
return (int)$iValue;
}
function createSymmetricKey() {
$length = 15;
$keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$pieces = [];
$max = mb_strlen($keyspace, '8bit') - 1;
for ($i = 0; $i < $length; ++$i) {
$pieces []= $keyspace[random_int(0, $max)];
}
return implode('', $pieces);
}
return $f3;

67
lib/cryptography.class.php
View file

@ -2,54 +2,77 @@
class CryptographyClass
{
private $symmetric_key = null;
private $symmetricKey = null;
private $pathHash = null;
function __construct($key) {
$this->setSymmetricKey($key);
function __construct($key, $pathHash) {
$this->symmetricKey = $key;
$this->pathHash = $pathHash;
}
public function encrypt($hash) {
foreach (glob("/tmp/".$hash.'/*.pdf') as $file) {
private function getFiles($isGpg) {
$suffix = "";
if ($isGpg) {
$suffix = ".gpg";
}
$filesTab = glob($this->pathHash.'/*.pdf'.$suffix);
$filesTab[] = $this->pathHash."/filename.txt".$suffix;
return $filesTab;
}
public function encrypt() {
foreach ($this->getFiles(false) as $file) {
$outputFile = $file.".gpg";
$key = $this->getSymmetricKey();
$command = "gpg --batch --passphrase $key --symmetric --cipher-algo AES256 -o $outputFile $file";
$command = "gpg --batch --passphrase $this->symmetricKey --symmetric --cipher-algo AES256 -o $outputFile $file";
$result = shell_exec($command);
if ($result === false) {
echo "Cypher failure";
exit;
}
unlink($file);
$this->hardUnlink($file);
}
}
public function decrypt($hash) {
foreach (glob("/tmp/".$hash.'/*.gpg') as $file) {
public function decrypt() {
foreach ($this->getFiles(true) as $file) {
$outputFile = str_replace(".gpg", "", $file);
$key = $this->getSymmetricKey();
$command = "gpg --batch --passphrase $key --decrypt -o $outputFile $file";
$command = "gpg --batch --passphrase $this->symmetricKey --decrypt -o $outputFile $file";
$result = shell_exec($command);
if ($result === false) {
echo "Decypher failure";
exit;
}
unlink($file);
$this->hardUnlink($file);
}
return true;
}
private function getSymmetricKey() {
return $this->symmetric_key;
}
private function setSymmetricKey($key) {
$this->symmetric_key = $key;
}
public static function hardUnlink($element) {
$eraser = str_repeat(0, strlen($element));
if (!$element) {
return;
}
print_r(['hu', $element]);
$eraser = str_repeat(0, strlen(file_get_contents($element)));
file_put_contents($element, $eraser);
unlink($element);
}
public static function isSymmetricKeyValid($key) {
return (bool)preg_match('/^[0-9a-zA-Z]{15}$/', $key);
}
public static function createSymmetricKey() {
$length = 15;
$keySpace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$pieces = [];
$max = mb_strlen($keySpace, '8bit') - 1;
for ($i = 0; $i < $length; ++$i) {
$pieces []= $keySpace[random_int(0, $max)];
}
return implode('', $pieces);
}
}
?>

9
public/js/signature.js
View file

@ -1166,5 +1166,12 @@ var pageSignature = async function(url) {
})();
function storeSymmetricKeyCookie() {
document.cookie = pdfHash + "=" + window.location.hash + "; SameSite=Strict";
let symmetricKey = window.location.hash;
if (symmetricKey.length != 19) {
console.error("Erreur taille cle symmetrique.");
return;
} else if (symmetricKey.substr(0, 4) != "#sk:") {
console.error("Erreur format cle symmetrique");
}
document.cookie = pdfHash + "=" + symmetricKey.substr(4, 15) + "; SameSite=Strict";
}