summaryrefslogtreecommitdiffstats
path: root/lib/private/IntegrityCheck/Checker.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/IntegrityCheck/Checker.php')
-rw-r--r--lib/private/IntegrityCheck/Checker.php59
1 files changed, 29 insertions, 30 deletions
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index 725d72d9c79..1084a9e1dd5 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -144,7 +144,7 @@ class Checker {
$folderToIterate,
\RecursiveDirectoryIterator::SKIP_DOTS
);
- if($root === '') {
+ if ($root === '') {
$root = \OC::$SERVERROOT;
}
$root = rtrim($root, '/');
@@ -171,9 +171,9 @@ class Checker {
$hashes = [];
$baseDirectoryLength = \strlen($path);
- foreach($iterator as $filename => $data) {
+ foreach ($iterator as $filename => $data) {
/** @var \DirectoryIterator $data */
- if($data->isDir()) {
+ if ($data->isDir()) {
continue;
}
@@ -181,11 +181,11 @@ class Checker {
$relativeFileName = ltrim($relativeFileName, '/');
// Exclude signature.json files in the appinfo and root folder
- if($relativeFileName === 'appinfo/signature.json') {
+ if ($relativeFileName === 'appinfo/signature.json') {
continue;
}
// Exclude signature.json files in the appinfo and core folder
- if($relativeFileName === 'core/signature.json') {
+ if ($relativeFileName === 'core/signature.json') {
continue;
}
@@ -196,10 +196,10 @@ class Checker {
// Thus we ignore everything below the first occurrence of
// "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the
// hash generated based on this.
- if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
+ if ($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
$fileContent = file_get_contents($filename);
$explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
- if(\count($explodedArray) === 2) {
+ if (\count($explodedArray) === 2) {
$hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
continue;
}
@@ -207,7 +207,7 @@ class Checker {
if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
$oldMimetypeList = new GenerateMimetypeFileBuilder();
$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
- if($newFile === file_get_contents($filename)) {
+ if ($newFile === file_get_contents($filename)) {
$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
continue;
}
@@ -263,11 +263,11 @@ class Checker {
$iterator = $this->getFolderIterator($path);
$hashes = $this->generateHashes($iterator, $path);
$signature = $this->createSignatureData($hashes, $certificate, $privateKey);
- $this->fileAccessHelper->file_put_contents(
+ $this->fileAccessHelper->file_put_contents(
$appInfoDir . '/signature.json',
json_encode($signature, JSON_PRETTY_PRINT)
);
- } catch (\Exception $e){
+ } catch (\Exception $e) {
if (!$this->fileAccessHelper->is_writable($appInfoDir)) {
throw new \Exception($appInfoDir . ' is not writable');
}
@@ -288,7 +288,6 @@ class Checker {
$path) {
$coreDir = $path . '/core';
try {
-
$this->fileAccessHelper->assertDirectoryExists($coreDir);
$iterator = $this->getFolderIterator($path, $path);
$hashes = $this->generateHashes($iterator, $path);
@@ -297,7 +296,7 @@ class Checker {
$coreDir . '/signature.json',
json_encode($signatureData, JSON_PRETTY_PRINT)
);
- } catch (\Exception $e){
+ } catch (\Exception $e) {
if (!$this->fileAccessHelper->is_writable($coreDir)) {
throw new \Exception($coreDir . ' is not writable');
}
@@ -316,7 +315,7 @@ class Checker {
* @throws \Exception
*/
private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
- if(!$this->isCodeCheckEnforced()) {
+ if (!$this->isCodeCheckEnforced()) {
return [];
}
@@ -326,7 +325,7 @@ class Checker {
if (\is_string($content)) {
$signatureData = json_decode($content, true);
}
- if(!\is_array($signatureData)) {
+ if (!\is_array($signatureData)) {
throw new InvalidSignatureException('Signature data not found.');
}
@@ -340,11 +339,11 @@ class Checker {
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);
$x509->loadX509($certificate);
- if(!$x509->validateSignature()) {
+ if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');
}
// Verify if certificate has proper CN. "core" CN is always trusted.
- if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
+ if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
throw new InvalidSignatureException(
sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
);
@@ -357,7 +356,7 @@ class Checker {
$rsa->setMGFHash('sha512');
// See https://tools.ietf.org/html/rfc3447#page-38
$rsa->setSaltLength(0);
- if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
+ if (!$rsa->verify(json_encode($expectedHashes), $signature)) {
throw new InvalidSignatureException('Signature could not get verified.');
}
@@ -366,9 +365,9 @@ class Checker {
//
// Due to this reason we exclude the whole updater/ folder from the code
// integrity check.
- if($basePath === $this->environmentHelper->getServerRoot()) {
- foreach($expectedHashes as $fileName => $hash) {
- if(strpos($fileName, 'updater/') === 0) {
+ if ($basePath === $this->environmentHelper->getServerRoot()) {
+ foreach ($expectedHashes as $fileName => $hash) {
+ if (strpos($fileName, 'updater/') === 0) {
unset($expectedHashes[$fileName]);
}
}
@@ -380,23 +379,23 @@ class Checker {
$differencesB = array_diff($currentInstanceHashes, $expectedHashes);
$differences = array_unique(array_merge($differencesA, $differencesB));
$differenceArray = [];
- foreach($differences as $filename => $hash) {
+ foreach ($differences as $filename => $hash) {
// Check if file should not exist in the new signature table
- if(!array_key_exists($filename, $expectedHashes)) {
+ if (!array_key_exists($filename, $expectedHashes)) {
$differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
$differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
continue;
}
// Check if file is missing
- if(!array_key_exists($filename, $currentInstanceHashes)) {
+ if (!array_key_exists($filename, $currentInstanceHashes)) {
$differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['FILE_MISSING'][$filename]['current'] = '';
continue;
}
// Check if hash does mismatch
- if($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
+ if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
$differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
continue;
@@ -416,7 +415,7 @@ class Checker {
*/
public function hasPassedCheck(): bool {
$results = $this->getResults();
- if(empty($results)) {
+ if (empty($results)) {
return true;
}
@@ -428,7 +427,7 @@ class Checker {
*/
public function getResults(): array {
$cachedResults = $this->cache->get(self::CACHE_KEY);
- if(!\is_null($cachedResults)) {
+ if (!\is_null($cachedResults)) {
return json_decode($cachedResults, true);
}
@@ -447,7 +446,7 @@ class Checker {
private function storeResults(string $scope, array $result) {
$resultArray = $this->getResults();
unset($resultArray[$scope]);
- if(!empty($result)) {
+ if (!empty($result)) {
$resultArray[$scope] = $result;
}
if ($this->config !== null) {
@@ -499,7 +498,7 @@ class Checker {
*/
public function verifyAppSignature(string $appId, string $path = ''): array {
try {
- if($path === '') {
+ if ($path === '') {
$path = $this->appLocator->getAppPath($appId);
}
$result = $this->verify(
@@ -578,7 +577,7 @@ class Checker {
$this->cleanResults();
$this->verifyCoreSignature();
$appIds = $this->appLocator->getAllApps();
- foreach($appIds as $appId) {
+ foreach ($appIds as $appId) {
// If an application is shipped a valid signature is required
$isShipped = $this->appManager->isShipped($appId);
$appNeedsToBeChecked = false;
@@ -589,7 +588,7 @@ class Checker {
$appNeedsToBeChecked = true;
}
- if($appNeedsToBeChecked) {
+ if ($appNeedsToBeChecked) {
$this->verifyAppSignature($appId);
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 06:40:34 +0000