mirror of
https://github.com/24eme/signaturepdf
synced 2024-05-21 15:16:37 +02:00
symmetric key now transits with cookie
This commit is contained in:
tale-fau
parent
817325eea4
commit
80a0104a7c
21
app.php
21
app.php
|
|
@ -239,8 +239,11 @@ $f3->route('POST /share',
|
|||
if(!$f3->get('DEBUG')) {
|
||||
array_map('unlink', glob($tmpfile."*.svg"));
|
||||
}
|
||||
|
||||
$encryptor = new CryptographyClass();
|
||||
if (!isset($_COOKIE[$hash])) {
|
||||
$symmetric_key = createSymmetricKey();
|
||||
setcookie($hash, $symmetric_key, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]);
|
||||
}
|
||||
$encryptor = new CryptographyClass($symmetric_key);
|
||||
$encryptor->encrypt($hash);
|
||||
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#informations");
|
||||
}
|
||||
|
|
@ -253,10 +256,9 @@ $f3->route('GET /signature/@hash/pdf',
|
|||
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
|
||||
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
|
||||
|
||||
$cryptor = new CryptographyClass();
|
||||
$cryptor = new CryptographyClass($_COOKIE[$hash]);
|
||||
$cryptor->decrypt($hash);
|
||||
|
||||
|
||||
$files = scandir($sharingFolder);
|
||||
$originalFile = $sharingFolder.'/original.pdf';
|
||||
$finalFile = $sharingFolder.'/'.$f3->get('PARAMS.hash').uniqid().'.pdf';
|
||||
|
|
@ -526,4 +528,15 @@ function convertPHPSizeToBytes($sSize)
|
|||
return (int)$iValue;
|
||||
}
|
||||
|
||||
function createSymmetricKey() {
|
||||
$length = 15;
|
||||
$keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
$pieces = [];
|
||||
$max = mb_strlen($keyspace, '8bit') - 1;
|
||||
for ($i = 0; $i < $length; ++$i) {
|
||||
$pieces []= $keyspace[random_int(0, $max)];
|
||||
}
|
||||
return implode('', $pieces);
|
||||
}
|
||||
|
||||
return $f3;
|
||||
|
|
|
|||
|
|
@ -2,15 +2,18 @@
|
|||
|
||||
class CryptographyClass
|
||||
{
|
||||
const KEY_SIZE = 4;
|
||||
private $symmetric_key = null;
|
||||
|
||||
function __construct($key) {
|
||||
$this->setSymmetricKey($key);
|
||||
}
|
||||
|
||||
public function encrypt($hash) {
|
||||
foreach (glob("/tmp/".$hash.'/*.pdf') as $file) {
|
||||
$outputFile = $file.".gpg";
|
||||
$keyPath = $this->getKeyPath();
|
||||
$command = "gpg --batch --passphrase-file $keyPath --symmetric --cipher-algo AES256 -o $outputFile $file";
|
||||
$key = $this->getSymmetricKey();
|
||||
$command = "gpg --batch --passphrase $key --symmetric --cipher-algo AES256 -o $outputFile $file";
|
||||
$result = shell_exec($command);
|
||||
$this->freeKeyFile($keyPath);
|
||||
if ($result === false) {
|
||||
echo "Cypher failure";
|
||||
exit;
|
||||
|
|
@ -22,38 +25,25 @@ class CryptographyClass
|
|||
public function decrypt($hash) {
|
||||
foreach (glob("/tmp/".$hash.'/*.gpg') as $file) {
|
||||
$outputFile = str_replace(".gpg", "", $file);
|
||||
$keyPath = $this->getKeyPath();
|
||||
$command = "gpg --batch --passphrase-file $keyPath --decrypt -o $outputFile $file";
|
||||
$key = $this->getSymmetricKey();
|
||||
$command = "gpg --batch --passphrase $key --decrypt -o $outputFile $file";
|
||||
$result = shell_exec($command);
|
||||
$this->freeKeyFile($keyPath);
|
||||
if ($result === false) {
|
||||
echo "Decypher failure";
|
||||
exit;
|
||||
}
|
||||
unlink($file);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
private function getKeyPath() {
|
||||
$path = "../key.txt";
|
||||
if (file_put_contents($path, 'test') === false)
|
||||
{
|
||||
echo "passphrase generation failure";
|
||||
exit;
|
||||
}
|
||||
return $path;
|
||||
private function getSymmetricKey() {
|
||||
return $this->symmetric_key;
|
||||
}
|
||||
|
||||
private function freeKeyFile($keyPath) {
|
||||
$passphrase_overwrite = str_repeat("0", self::KEY_SIZE);
|
||||
if (file_put_contents($keyPath, $passphrase_overwrite) === false)
|
||||
{
|
||||
echo "passphrase generation failure";
|
||||
exit;
|
||||
}
|
||||
private function setSymmetricKey($key) {
|
||||
$this->symmetric_key = $key;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@
|
|||
</div>
|
||||
<form id="form_pdf" action="<?php echo $REVERSE_PROXY_URL; ?>/signature/<?php echo $hash ?>/save" method="post" enctype="multipart/form-data" class="d-none d-sm-none d-md-block">
|
||||
<input id="input_svg" name="svg[]" type="file" class="d-none" />
|
||||
<!-- <input id="symmetric_key" name="key" type="hidden" value="test" /> -->
|
||||
<button class="btn btn-primary w-100 mt-2" disabled="disabled" type="submit" id="save"><i class="bi bi-cloud-upload"></i> <?php echo _("Transmit my signature"); ?></button>
|
||||
</form>
|
||||
<?php endif; ?>
|
||||
|
|
@ -197,7 +198,7 @@
|
|||
<form id="form_sharing" clas action="<?php echo $REVERSE_PROXY_URL; ?>/share" method="post" enctype="multipart/form-data">
|
||||
<input id="input_pdf_share" name="pdf" type="file" class="d-none" />
|
||||
<input id="input_svg_share" name="svg[]" type="file" class="d-none" />
|
||||
<input id="symmetric_key" name="key" type="hidden" value="test" />
|
||||
<!-- <input id="symmetric_key" name="key" type="hidden" value="test" /> -->
|
||||
<button class="btn col-9 col-md-6 btn-primary" type="submit" id="save_share"><?php echo sprintf(_("%s Start sharing"), '<i class="bi bi-cloud-upload"></i>'); ?></button>
|
||||
</form>
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Reference in a new issue