mirror of
https://github.com/24eme/signaturepdf
synced 2024-06-03 14:32:13 +02:00
change way to handle encryption
This commit is contained in:
parent
488f720284
commit
12043408cc
38
app.php
38
app.php
|
@ -230,8 +230,7 @@ $f3->route('POST /share',
|
||||||
return basename($tmpfile."_".$fileBaseName);
|
return basename($tmpfile."_".$fileBaseName);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
array_map('cryptographyClass::hardUnlink', $_FILES['svg']['tmp_name']);
|
|
||||||
CryptographyClass::hardUnlink($_FILES['pdf']['tmp_name']);
|
|
||||||
if(!count($files)) {
|
if(!count($files)) {
|
||||||
$f3->error(403);
|
$f3->error(403);
|
||||||
}
|
}
|
||||||
|
@ -241,15 +240,14 @@ $f3->route('POST /share',
|
||||||
if(!$f3->get('DEBUG')) {
|
if(!$f3->get('DEBUG')) {
|
||||||
array_map('cryptographyClass::hardUnlink', glob($tmpfile."*.svg"));
|
array_map('cryptographyClass::hardUnlink', glob($tmpfile."*.svg"));
|
||||||
}
|
}
|
||||||
if (!isset($_COOKIE[$hash])) {
|
$symmetricKey = CryptographyClass::createSymmetricKey();
|
||||||
$symmetric_key = createSymmetricKey();
|
setcookie($hash, $symmetricKey, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]);
|
||||||
$keyCookieDate = strtotime('+1 year');
|
|
||||||
setcookie($hash, $symmetric_key, ['expires' => $keyCookieDate, 'samesite' => 'Strict', 'path' => "/"]);
|
|
||||||
}
|
|
||||||
$encryptor = new CryptographyClass($symmetric_key);
|
|
||||||
$encryptor->encrypt($hash);
|
|
||||||
|
|
||||||
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetric_key);
|
$encryptor = new CryptographyClass($symmetricKey, $f3->get('PDF_STORAGE_PATH').$hash);
|
||||||
|
$encryptor->encrypt();
|
||||||
|
|
||||||
|
|
||||||
|
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetricKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
);
|
);
|
||||||
|
@ -260,12 +258,11 @@ $f3->route('GET /signature/@hash/pdf',
|
||||||
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
|
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
|
||||||
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
|
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
|
||||||
|
|
||||||
if (substr($_COOKIE[$hash], 0, 4) !== '#sk:') {
|
if (CryptographyClass::isSymmetricKeyValid($_COOKIE[$hash]) == false) {
|
||||||
echo "Error: Invalid prefix.";
|
$f3->error(403);
|
||||||
exit;
|
|
||||||
}
|
}
|
||||||
$cryptor = new CryptographyClass(substr($_COOKIE[$hash], 4, 15));
|
$cryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash);
|
||||||
$cryptor->decrypt($hash);
|
$cryptor->decrypt();
|
||||||
|
|
||||||
$files = scandir($sharingFolder);
|
$files = scandir($sharingFolder);
|
||||||
$originalFile = $sharingFolder.'/original.pdf';
|
$originalFile = $sharingFolder.'/original.pdf';
|
||||||
|
@ -536,15 +533,4 @@ function convertPHPSizeToBytes($sSize)
|
||||||
return (int)$iValue;
|
return (int)$iValue;
|
||||||
}
|
}
|
||||||
|
|
||||||
function createSymmetricKey() {
|
|
||||||
$length = 15;
|
|
||||||
$keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
|
||||||
$pieces = [];
|
|
||||||
$max = mb_strlen($keyspace, '8bit') - 1;
|
|
||||||
for ($i = 0; $i < $length; ++$i) {
|
|
||||||
$pieces []= $keyspace[random_int(0, $max)];
|
|
||||||
}
|
|
||||||
return implode('', $pieces);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $f3;
|
return $f3;
|
||||||
|
|
|
@ -2,54 +2,77 @@
|
||||||
|
|
||||||
class CryptographyClass
|
class CryptographyClass
|
||||||
{
|
{
|
||||||
private $symmetric_key = null;
|
private $symmetricKey = null;
|
||||||
|
private $pathHash = null;
|
||||||
|
|
||||||
function __construct($key) {
|
function __construct($key, $pathHash) {
|
||||||
$this->setSymmetricKey($key);
|
$this->symmetricKey = $key;
|
||||||
|
$this->pathHash = $pathHash;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function encrypt($hash) {
|
private function getFiles($isGpg) {
|
||||||
foreach (glob("/tmp/".$hash.'/*.pdf') as $file) {
|
$suffix = "";
|
||||||
|
if ($isGpg) {
|
||||||
|
$suffix = ".gpg";
|
||||||
|
}
|
||||||
|
$filesTab = glob($this->pathHash.'/*.pdf'.$suffix);
|
||||||
|
$filesTab[] = $this->pathHash."/filename.txt".$suffix;
|
||||||
|
|
||||||
|
return $filesTab;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function encrypt() {
|
||||||
|
|
||||||
|
foreach ($this->getFiles(false) as $file) {
|
||||||
$outputFile = $file.".gpg";
|
$outputFile = $file.".gpg";
|
||||||
$key = $this->getSymmetricKey();
|
$command = "gpg --batch --passphrase $this->symmetricKey --symmetric --cipher-algo AES256 -o $outputFile $file";
|
||||||
$command = "gpg --batch --passphrase $key --symmetric --cipher-algo AES256 -o $outputFile $file";
|
|
||||||
$result = shell_exec($command);
|
$result = shell_exec($command);
|
||||||
if ($result === false) {
|
if ($result === false) {
|
||||||
echo "Cypher failure";
|
echo "Cypher failure";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
unlink($file);
|
$this->hardUnlink($file);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function decrypt($hash) {
|
public function decrypt() {
|
||||||
foreach (glob("/tmp/".$hash.'/*.gpg') as $file) {
|
foreach ($this->getFiles(true) as $file) {
|
||||||
$outputFile = str_replace(".gpg", "", $file);
|
$outputFile = str_replace(".gpg", "", $file);
|
||||||
$key = $this->getSymmetricKey();
|
$command = "gpg --batch --passphrase $this->symmetricKey --decrypt -o $outputFile $file";
|
||||||
$command = "gpg --batch --passphrase $key --decrypt -o $outputFile $file";
|
|
||||||
$result = shell_exec($command);
|
$result = shell_exec($command);
|
||||||
if ($result === false) {
|
if ($result === false) {
|
||||||
echo "Decypher failure";
|
echo "Decypher failure";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
unlink($file);
|
$this->hardUnlink($file);
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getSymmetricKey() {
|
|
||||||
return $this->symmetric_key;
|
|
||||||
}
|
|
||||||
|
|
||||||
private function setSymmetricKey($key) {
|
|
||||||
$this->symmetric_key = $key;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static function hardUnlink($element) {
|
public static function hardUnlink($element) {
|
||||||
$eraser = str_repeat(0, strlen($element));
|
if (!$element) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
print_r(['hu', $element]);
|
||||||
|
$eraser = str_repeat(0, strlen(file_get_contents($element)));
|
||||||
file_put_contents($element, $eraser);
|
file_put_contents($element, $eraser);
|
||||||
unlink($element);
|
unlink($element);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function isSymmetricKeyValid($key) {
|
||||||
|
return (bool)preg_match('/^[0-9a-zA-Z]{15}$/', $key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function createSymmetricKey() {
|
||||||
|
$length = 15;
|
||||||
|
$keySpace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||||
|
$pieces = [];
|
||||||
|
$max = mb_strlen($keySpace, '8bit') - 1;
|
||||||
|
for ($i = 0; $i < $length; ++$i) {
|
||||||
|
$pieces []= $keySpace[random_int(0, $max)];
|
||||||
|
}
|
||||||
|
|
||||||
|
return implode('', $pieces);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -1166,5 +1166,12 @@ var pageSignature = async function(url) {
|
||||||
})();
|
})();
|
||||||
|
|
||||||
function storeSymmetricKeyCookie() {
|
function storeSymmetricKeyCookie() {
|
||||||
document.cookie = pdfHash + "=" + window.location.hash + "; SameSite=Strict";
|
let symmetricKey = window.location.hash;
|
||||||
|
if (symmetricKey.length != 19) {
|
||||||
|
console.error("Erreur taille cle symmetrique.");
|
||||||
|
return;
|
||||||
|
} else if (symmetricKey.substr(0, 4) != "#sk:") {
|
||||||
|
console.error("Erreur format cle symmetrique");
|
||||||
|
}
|
||||||
|
document.cookie = pdfHash + "=" + symmetricKey.substr(4, 15) + "; SameSite=Strict";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue