|
1
|
|
|
<?php |
|
2
|
|
|
namespace Nubs\PwMan; |
|
3
|
|
|
|
|
4
|
|
|
use Exception; |
|
5
|
|
|
use GnuPG; |
|
6
|
|
|
|
|
7
|
|
|
/** |
|
8
|
|
|
* Manage the password file including encryption and encoding. |
|
9
|
|
|
*/ |
|
10
|
|
|
class PasswordFile |
|
11
|
|
|
{ |
|
12
|
|
|
/** @type string The file path to the password file. */ |
|
13
|
|
|
private $_passwordFile; |
|
14
|
|
|
|
|
15
|
|
|
/** @type \GnuPG The gpg resource. */ |
|
16
|
|
|
private $_gpg; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* Initialize the password file. |
|
20
|
|
|
* |
|
21
|
|
|
* @api |
|
22
|
|
|
* @param string $passwordFile The file path to the password file. |
|
23
|
|
|
* @param \GnuPG $gpg The gpg resource for interacting with the password file. |
|
24
|
|
|
*/ |
|
25
|
|
|
public function __construct($passwordFile, GnuPG $gpg) |
|
26
|
|
|
{ |
|
27
|
|
|
$this->_passwordFile = $passwordFile; |
|
28
|
|
|
$this->_gpg = $gpg; |
|
29
|
|
|
} |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* Return all the application passwords out of the password file. |
|
33
|
|
|
* |
|
34
|
|
|
* This requires a decryption key to have been added. |
|
35
|
|
|
* |
|
36
|
|
|
* @api |
|
37
|
|
|
* @see addDecryptKey |
|
38
|
|
|
* @return array<array>|null The passwords in the file if the file could be |
|
39
|
|
|
* loaded. |
|
40
|
|
|
*/ |
|
41
|
|
|
public function getPasswords() |
|
42
|
|
|
{ |
|
43
|
|
|
$contents = file_get_contents($this->_passwordFile); |
|
44
|
|
|
if ($contents === false) { |
|
45
|
|
|
return null; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
$decryptedContents = $this->_gpg->decrypt($contents); |
|
49
|
|
|
if ($decryptedContents === false) { |
|
50
|
|
|
return null; |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
|
|
return json_decode($decryptedContents, true); |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
/** |
|
57
|
|
|
* Add the given decryption key. |
|
58
|
|
|
* |
|
59
|
|
|
* @api |
|
60
|
|
|
* @param string $key The uid or fingerprint of the key to add. |
|
61
|
|
|
* @param string $passphrase The passphrase for the key. |
|
62
|
|
|
* @return void |
|
63
|
|
|
*/ |
|
64
|
|
View Code Duplication |
public function addDecryptKey($key, $passphrase) |
|
|
|
|
|
|
65
|
|
|
{ |
|
66
|
|
|
$keyInfo = $this->_gpg->keyinfo($key); |
|
67
|
|
|
if (count($keyInfo) !== 1) { |
|
68
|
|
|
throw new Exception('Could not find a unique key'); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
if (!$keyInfo[0]['can_sign']) { |
|
72
|
|
|
throw new Exception('Key not a valid decryption key'); |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
$isDecryptionKey = function($subKey) { |
|
76
|
|
|
return $subKey['can_sign']; |
|
77
|
|
|
}; |
|
78
|
|
|
|
|
79
|
|
|
$decryptionKeys = array_values(array_filter($keyInfo[0]['subkeys'], $isDecryptionKey)); |
|
80
|
|
|
if (!$this->_gpg->adddecryptkey($decryptionKeys[0]['fingerprint'], $passphrase)) { |
|
81
|
|
|
throw new Exception('Failed to add the decryption key'); |
|
82
|
|
|
} |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
/** |
|
86
|
|
|
* Add the given encryption key. |
|
87
|
|
|
* |
|
88
|
|
|
* @api |
|
89
|
|
|
* @param string $key The uid or fingerprint of the key to add. |
|
90
|
|
|
* @return void |
|
91
|
|
|
*/ |
|
92
|
|
View Code Duplication |
public function addEncryptKey($key) |
|
|
|
|
|
|
93
|
|
|
{ |
|
94
|
|
|
$keyInfo = $this->_gpg->keyinfo($key); |
|
95
|
|
|
if (count($keyInfo) !== 1) { |
|
96
|
|
|
throw new Exception('Could not find a unique key'); |
|
97
|
|
|
} |
|
98
|
|
|
|
|
99
|
|
|
if (!$keyInfo[0]['can_encrypt']) { |
|
100
|
|
|
throw new Exception('Key not a valid encryption key'); |
|
101
|
|
|
} |
|
102
|
|
|
|
|
103
|
|
|
$isEncryptionKey = function($subKey) { |
|
104
|
|
|
return $subKey['can_encrypt']; |
|
105
|
|
|
}; |
|
106
|
|
|
|
|
107
|
|
|
$encryptionKeys = array_values(array_filter($keyInfo[0]['subkeys'], $isEncryptionKey)); |
|
108
|
|
|
if (!$this->_gpg->addencryptkey($encryptionKeys[0]['fingerprint'])) { |
|
109
|
|
|
throw new Exception('Failed to add the encryption key'); |
|
110
|
|
|
} |
|
111
|
|
|
} |
|
112
|
|
|
|
|
113
|
|
|
/** |
|
114
|
|
|
* Save the passwords to the password file. |
|
115
|
|
|
* |
|
116
|
|
|
* This requires an encryption key to have been added. |
|
117
|
|
|
* |
|
118
|
|
|
* @api |
|
119
|
|
|
* @see addEncryptKey |
|
120
|
|
|
* @param array<array> The passwords to save in the file. |
|
121
|
|
|
* @return void |
|
122
|
|
|
*/ |
|
123
|
|
|
public function setPasswords(array $passwords) |
|
124
|
|
|
{ |
|
125
|
|
|
$encryptedContents = $this->_gpg->encrypt(json_encode($passwords, JSON_PRETTY_PRINT | JSON_FORCE_OBJECT)); |
|
126
|
|
|
if ($encryptedContents === false) { |
|
127
|
|
|
throw new Exception($this->_gpg->geterror()); |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
$successfullyWritten = file_put_contents($this->_passwordFile, $encryptedContents); |
|
131
|
|
|
if (!$successfullyWritten) { |
|
132
|
|
|
throw new Exception('Failed to write to the password file.'); |
|
133
|
|
|
} |
|
134
|
|
|
} |
|
135
|
|
|
} |
|
136
|
|
|
|
nubs /
pwman
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.