Rev 33 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 33 | Rev 59 | ||
|---|---|---|---|
| 1 | #!/usr/bin/php |
1 | #!/usr/bin/php |
| 2 | <?php |
2 | <?php |
| 3 | 3 | ||
| 4 | /* |
4 | /* |
| 5 | * VNag - Nagios Framework for PHP |
5 | * VNag - Nagios Framework for PHP |
| 6 | * Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com> |
6 | * Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com> |
| 7 | * Licensed under the terms of the Apache 2.0 license |
7 | * Licensed under the terms of the Apache 2.0 license |
| 8 | * |
8 | * |
| 9 | * Revision 2018-11-06 |
9 | * Revision 2018-11-06 |
| 10 | */ |
10 | */ |
| 11 | 11 | ||
| 12 | // Generate keypair with: |
12 | // Generate keypair with: |
| 13 | // openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:8192 |
13 | // openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:8192 |
| 14 | // openssl rsa -pubout -in private.pem -out public.pem |
14 | // openssl rsa -pubout -in private.pem -out public.pem |
| 15 | 15 | ||
| 16 | if ($argc < 2) { |
16 | if ($argc < 2) { |
| 17 | die("Syntax: $argv[0] file1 [file2 ...]\n"); |
17 | die("Syntax: $argv[0] file1 [file2 ...]\n"); |
| 18 | } |
18 | } |
| 19 | 19 | ||
| 20 | if (!file_exists(__DIR__.'/private.pem')) { |
20 | if (!file_exists(__DIR__.'/private.pem')) { |
| 21 | echo "Key private.pem not found\n"; |
21 | echo "Key private.pem not found\n"; |
| 22 | } |
22 | } |
| 23 | 23 | ||
| 24 | for ($i=1; $i<$argc; $i++) { |
24 | for ($i=1; $i<$argc; $i++) { |
| 25 | $file = $argv[$i]; |
25 | $file = $argv[$i]; |
| 26 | 26 | ||
| - | 27 | if (is_dir($file)) continue; |
|
| 27 | $cont = file_get_contents($file); |
28 | $cont = file_get_contents($file); |
| 28 | $original = $cont; |
29 | $original = $cont; |
| 29 | 30 | ||
| 30 | if (strpos($cont, '<?php') === false) { |
31 | if (strpos($cont, '<?php') === false) { |
| 31 | echo "Not a PHP file: $file\n"; |
32 | echo "Not a PHP file: $file\n"; |
| 32 | continue; |
33 | continue; |
| 33 | } |
34 | } |
| 34 | 35 | ||
| 35 | $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
36 | $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
| 36 | 37 | ||
| 37 | $hash = hash("sha256", $naked.basename($file)); |
38 | $hash = hash("sha256", $naked.basename($file)); |
| 38 | 39 | ||
| 39 | $pkeyid = @openssl_pkey_get_private('file://'.__DIR__.'/private.pem'); |
40 | $pkeyid = @openssl_pkey_get_private('file://'.__DIR__.'/private.pem'); |
| 40 | openssl_sign($hash, $signature, $pkeyid, OPENSSL_ALGO_SHA256); |
41 | openssl_sign($hash, $signature, $pkeyid, OPENSSL_ALGO_SHA256); |
| 41 | openssl_free_key($pkeyid); |
42 | openssl_free_key($pkeyid); |
| 42 | 43 | ||
| 43 | if (!$signature) { |
44 | if (!$signature) { |
| 44 | echo "ERROR: $file\n"; |
45 | echo "ERROR: $file\n"; |
| 45 | continue; |
46 | continue; |
| 46 | } |
47 | } |
| 47 | 48 | ||
| 48 | $sign_line = '<?php /* <ViaThinkSoftSignature>'."\n".split_equal_length(base64_encode($signature),65).'</ViaThinkSoftSignature> */ ?>'; |
49 | $sign_line = '<?php /* <ViaThinkSoftSignature>'."\n".split_equal_length(base64_encode($signature),65).'</ViaThinkSoftSignature> */ ?>'; |
| 49 | 50 | ||
| 50 | // We have to put the signature at the beginning, because we don't know if the end of the file lacks a PHP closing tag |
51 | // We have to put the signature at the beginning, because we don't know if the end of the file lacks a PHP closing tag |
| 51 | if (substr($cont,0,2) === '#!') { |
52 | if (substr($cont,0,2) === '#!') { |
| 52 | // Preserve shebang |
53 | // Preserve shebang |
| 53 | $shebang_pos = strpos($naked, "\n"); |
54 | $shebang_pos = strpos($naked, "\n"); |
| 54 | $shebang = substr($naked, 0, $shebang_pos); |
55 | $shebang = substr($naked, 0, $shebang_pos); |
| 55 | $rest = substr($naked, $shebang_pos+1); |
56 | $rest = substr($naked, $shebang_pos+1); |
| 56 | $cont = $shebang."\n".$sign_line."\n".$rest; |
57 | $cont = $shebang."\n".$sign_line."\n".$rest; |
| 57 | } else { |
58 | } else { |
| 58 | $cont = $sign_line."\n".$naked; |
59 | $cont = $sign_line."\n".$naked; |
| 59 | } |
60 | } |
| 60 | 61 | ||
| 61 | if ($cont != $original) { |
62 | if ($cont != $original) { |
| 62 | echo "Signed: $file\n"; |
63 | echo "Signed: $file\n"; |
| 63 | file_put_contents($file, $cont); |
64 | file_put_contents($file, $cont); |
| 64 | } else { |
65 | } else { |
| 65 | echo "Already signed: $file\n"; |
66 | echo "Already signed: $file\n"; |
| 66 | } |
67 | } |
| 67 | } |
68 | } |
| 68 | 69 | ||
| 69 | # --- |
70 | # --- |
| 70 | 71 | ||
| 71 | function split_equal_length($data, $width=65) { |
72 | function split_equal_length($data, $width=65) { |
| 72 | $out = ''; |
73 | $out = ''; |
| 73 | for ($i=0; $i<strlen($data); $i+=$width) { |
74 | for ($i=0; $i<strlen($data); $i+=$width) { |
| 74 | $out .= substr($data, $i, $width)."\n"; |
75 | $out .= substr($data, $i, $width)."\n"; |
| 75 | } |
76 | } |
| 76 | return $out; |
77 | return $out; |
| 77 | } |
78 | } |
| 78 | 79 | ||