diff options
| -rw-r--r-- | core/Command/Integrity/SignApp.php | 11 | ||||
| -rw-r--r-- | core/Command/Integrity/SignCore.php | 12 | ||||
| -rw-r--r-- | lib/private/IntegrityCheck/Checker.php | 38 | ||||
| -rw-r--r-- | lib/private/IntegrityCheck/Helpers/FileAccessHelper.php | 29 |
4 files changed, 71 insertions, 19 deletions
diff --git a/core/Command/Integrity/SignApp.php b/core/Command/Integrity/SignApp.php index 3bc79eb0114..26d2791475b 100644 --- a/core/Command/Integrity/SignApp.php +++ b/core/Command/Integrity/SignApp.php @@ -101,8 +101,13 @@ class SignApp extends Command { $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); - $this->checker->writeAppSignature($path, $x509, $rsa); - - $output->writeln('Successfully signed "'.$path.'"'); + try { + $this->checker->writeAppSignature($path, $x509, $rsa); + $output->writeln('Successfully signed "'.$path.'"'); + } catch (\Exception $e){ + $output->writeln('Error: ' . $e->getMessage()); + return 1; + } + return 0; } } diff --git a/core/Command/Integrity/SignCore.php b/core/Command/Integrity/SignCore.php index 440c3da3b23..8f951204a58 100644 --- a/core/Command/Integrity/SignCore.php +++ b/core/Command/Integrity/SignCore.php @@ -23,12 +23,10 @@ namespace OC\Core\Command\Integrity; use OC\IntegrityCheck\Checker; -use OC\IntegrityCheck\Helpers\EnvironmentHelper; use OC\IntegrityCheck\Helpers\FileAccessHelper; use phpseclib\Crypt\RSA; use phpseclib\File\X509; use Symfony\Component\Console\Command\Command; -use OCP\IConfig; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Output\OutputInterface; @@ -94,8 +92,14 @@ class SignCore extends Command { $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); - $this->checker->writeCoreSignature($x509, $rsa, $path); - $output->writeln('Successfully signed "core"'); + try { + $this->checker->writeCoreSignature($x509, $rsa, $path); + $output->writeln('Successfully signed "core"'); + } catch (\Exception $e){ + $output->writeln('Error: ' . $e->getMessage()); + return 1; + } + return 0; } } diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php index 102fe42a99d..a3d9d906d8d 100644 --- a/lib/private/IntegrityCheck/Checker.php +++ b/lib/private/IntegrityCheck/Checker.php @@ -271,16 +271,24 @@ class Checker { public function writeAppSignature($path, X509 $certificate, RSA $privateKey) { - if(!is_dir($path)) { - throw new \Exception('Directory does not exist.'); - } + $appInfoDir = $path . '/appinfo'; + $this->fileAccessHelper->assertDirectoryExists($path); + $this->fileAccessHelper->assertDirectoryExists($appInfoDir); + $iterator = $this->getFolderIterator($path); $hashes = $this->generateHashes($iterator, $path); $signature = $this->createSignatureData($hashes, $certificate, $privateKey); - $this->fileAccessHelper->file_put_contents( - $path . '/appinfo/signature.json', + try { + $this->fileAccessHelper->file_put_contents( + $appInfoDir . '/signature.json', json_encode($signature, JSON_PRETTY_PRINT) - ); + ); + } catch (\Exception $e){ + if (!$this->fileAccessHelper->is_writeable($appInfoDir)){ + throw new \Exception($appInfoDir . ' is not writable'); + } + throw $e; + } } /** @@ -289,17 +297,29 @@ class Checker { * @param X509 $certificate * @param RSA $rsa * @param string $path + * @throws \Exception */ public function writeCoreSignature(X509 $certificate, RSA $rsa, $path) { + $coreDir = $path . '/core'; + $this->fileAccessHelper->assertDirectoryExists($path); + $this->fileAccessHelper->assertDirectoryExists($coreDir); + $iterator = $this->getFolderIterator($path, $path); $hashes = $this->generateHashes($iterator, $path); $signatureData = $this->createSignatureData($hashes, $certificate, $rsa); - $this->fileAccessHelper->file_put_contents( - $path . '/core/signature.json', + try { + $this->fileAccessHelper->file_put_contents( + $coreDir . '/signature.json', json_encode($signatureData, JSON_PRETTY_PRINT) - ); + ); + } catch (\Exception $e){ + if (!$this->fileAccessHelper->is_writeable($coreDir)){ + throw new \Exception($coreDir . ' is not writable'); + } + throw $e; + } } /** diff --git a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php index 9e2b76ce11a..c3193457890 100644 --- a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php +++ b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php @@ -53,10 +53,33 @@ class FileAccessHelper { * Wrapper around file_put_contents($filename, $data) * * @param string $filename - * @param $data - * @return int|false + * @param string $data + * @return int + * @throws \Exception */ public function file_put_contents($filename, $data) { - return file_put_contents($filename, $data); + $bytesWritten = file_put_contents($filename, $data); + if ($bytesWritten === false || $bytesWritten !== strlen($data)){ + throw new \Exception('Failed to write into ' . $filename); + } + return $bytesWritten; + } + + /** + * @param string $path + * @return bool + */ + public function is_writeable($path){ + return is_writeable($path); + } + + /** + * @param string $path + * @throws \Exception + */ + public function assertDirectoryExists($path){ + if (!is_dir($path)) { + throw new \Exception('Directory ' . $path . ' does not exist.'); + } } } |