diff --git a/obyte-qa-tool/README.md b/obyte-qa-tool/README.md new file mode 100644 index 0000000..d2af067 --- /dev/null +++ b/obyte-qa-tool/README.md @@ -0,0 +1,36 @@ +# o-Byte QA Tool WordPress Plugin + +WordPress plugin version of the legacy `qa-tool` app. + +## Features + +- Frontend shortcode: `[obyte_qa_tool]` +- WordPress backend settings for GitLab and DocBee configuration +- GitLab template loading through a WordPress REST proxy +- GitLab template writeback through WordPress REST, using the backend token +- Local YAML/JSON template loading +- Full YAML parsing through `js-yaml` with a small built-in fallback parser +- Editable QA steps and groups with drag and drop +- Required-step validation +- Run save/load as JSON +- Markdown, CSV, printable PDF, and YAML template export +- Combined export: DocBee post, WordPress database storage, and Media Library PDF upload +- DocBee ticket posting through a server-side REST endpoint with optional ticket-status restoration + +## Setup + +1. Copy or keep the `obyte-qa-tool` folder in `wp-content/plugins/`. +2. Activate **o-Byte QA Tool** in WordPress. +3. Open **Settings > o-Byte QA Tool**. +4. Enter GitLab and DocBee settings. Secrets are stored as WordPress options and are not exposed to frontend JavaScript. +5. Add `[obyte_qa_tool]` to the page where the QA runner should appear. +6. Saved exports can be reviewed under **Tools > o-Byte QA Reports**. + +## Notes + +- The legacy standalone OIDC login is replaced by WordPress login and capability checks. +- The REST endpoints require the configured WordPress capability. +- GitLab and DocBee credentials from the old PHP files are intentionally not hardcoded into the plugin. +- Reports are stored in WordPress-owned custom tables: `wp_obyte_qa_reports` and `wp_obyte_qa_steps` using the active site prefix. +- Exported PDFs are stored as normal Media Library attachments when enabled. +- Client-side PDF generation uses jsPDF/AutoTable CDNs, matching the standalone tool's browser-based export model. diff --git a/obyte-qa-tool/assets/css/qa-tool.css b/obyte-qa-tool/assets/css/qa-tool.css new file mode 100644 index 0000000..08da8fd --- /dev/null +++ b/obyte-qa-tool/assets/css/qa-tool.css @@ -0,0 +1,819 @@ +@font-face { + font-family: "OByte Nunito"; + src: url("../fonts/Nunito-VariableFont_wght.ttf") format("truetype"); + font-style: normal; + font-weight: 200 900; + font-display: swap; +} + +@font-face { + font-family: "OByte Gothic Demi"; + src: url("../fonts/urw_gothic_l_demi.ttf") format("truetype"); + font-style: normal; + font-weight: 600; + font-display: swap; +} + +.obyte-qa-tool, +.obyte-qa-tool * { + box-sizing: border-box; +} + +.obyte-qa-tool { + --oqt-blue: #00a7e6; + --oqt-blue-soft: #33b9eb; + --oqt-blue-ink: #00648a; + --oqt-bg: #f5fbfe; + --oqt-surface: #ffffff; + --oqt-surface-soft: #f6fafc; + --oqt-line: #dbe6ec; + --oqt-line-strong: #c4d2da; + --oqt-text: #343537; + --oqt-text-soft: #68737c; + --oqt-text-faint: #89949d; + --oqt-success: #188f5c; + --oqt-warning: #f59c00; + --oqt-danger: #c43b3b; + --oqt-muted: #67717a; + --oqt-focus: 0 0 0 3px rgba(0, 167, 230, 0.28); + width: 100%; + margin: 0; + overflow: visible; + border: 1px solid var(--oqt-line); + border-radius: 8px; + background: var(--oqt-surface); + color: var(--oqt-text); + font-family: "OByte Nunito", "Segoe UI", Arial, sans-serif; + font-size: 15px; + line-height: 1.45; + box-shadow: 0 18px 42px rgba(52, 53, 55, 0.08); +} + +.obyte-qa-tool-notice { + max-width: 920px; + margin: 0 auto; + border: 1px solid rgba(0, 167, 230, 0.4); + border-radius: 8px; + background: rgba(0, 167, 230, 0.1); + color: #343537; + padding: 14px 16px; + font-family: "OByte Nunito", "Segoe UI", Arial, sans-serif; +} + +.obyte-qa-tool-notice a { + color: var(--oqt-blue-ink); + font-weight: 800; +} + +.oqt-header { + display: grid; + grid-template-columns: minmax(0, 1fr) auto; + gap: 20px; + align-items: center; + padding: 20px 22px; + border-radius: 8px 8px 0 0; + border-bottom: 1px solid rgba(255, 255, 255, 0.12); + background: linear-gradient(135deg, #343537 0%, #25292d 100%); + color: #ffffff; +} + +.oqt-title-block { + min-width: 0; +} + +.oqt-kicker { + margin: 0 0 4px; + color: rgba(245, 251, 254, 0.72); + font-size: 11px; + font-weight: 900; + letter-spacing: 0.12em; + text-transform: uppercase; +} + +.oqt-header h1 { + margin: 0; + color: #ffffff; + font-family: "OByte Gothic Demi", "OByte Nunito", "Segoe UI", Arial, sans-serif; + font-size: 36px; + font-weight: 600; + line-height: 1.04; + letter-spacing: 0; +} + +.oqt-tags, +.oqt-service-tags, +.oqt-header-actions, +.oqt-template-actions, +.oqt-step-actions, +.oqt-action-group { + display: flex; + flex-wrap: wrap; + align-items: center; + gap: 8px; +} + +.oqt-tags { + margin-top: 12px; +} + +.oqt-tag { + display: inline-flex; + align-items: center; + min-height: 28px; + max-width: 100%; + border: 1px solid var(--oqt-line); + border-radius: 999px; + background: #ffffff; + color: var(--oqt-text-soft); + padding: 4px 10px; + font-size: 12px; + font-weight: 800; + line-height: 1.2; + white-space: nowrap; +} + +.oqt-tag[data-field="stepSummary"] { + white-space: normal; +} + +.oqt-header .oqt-tag { + border-color: rgba(255, 255, 255, 0.22); + background: rgba(255, 255, 255, 0.1); + color: rgba(255, 255, 255, 0.88); +} + +.oqt-tag--muted { + background: var(--oqt-surface-soft); +} + +.oqt-tag.is-ok { + border-color: rgba(24, 143, 92, 0.42); + background: rgba(24, 143, 92, 0.12); + color: #126842; +} + +.oqt-tag.is-warn { + border-color: rgba(245, 156, 0, 0.48); + background: rgba(245, 156, 0, 0.14); + color: #875600; +} + +.oqt-tag.is-bad { + border-color: rgba(196, 59, 59, 0.42); + background: rgba(196, 59, 59, 0.12); + color: #8f2424; +} + +.oqt-header .oqt-tag.is-ok, +.oqt-header .oqt-tag.is-warn, +.oqt-header .oqt-tag.is-bad { + color: #ffffff; +} + +.oqt-panel { + padding: 20px 22px; + background: var(--oqt-surface); + border-bottom: 1px solid var(--oqt-line); +} + +.oqt-panel--setup { + background: linear-gradient(180deg, #ffffff 0%, #fbfdfe 100%); +} + +.oqt-panel-head { + display: grid; + grid-template-columns: minmax(0, 1fr) auto; + gap: 16px; + align-items: start; + margin-bottom: 16px; +} + +.oqt-panel-head h2 { + margin: 0; + color: var(--oqt-text); + font-size: 18px; + font-weight: 900; + line-height: 1.15; + letter-spacing: 0; +} + +.oqt-panel-head p { + margin: 4px 0 0; + color: var(--oqt-text-soft); + font-size: 13px; +} + +.oqt-setup-grid { + display: grid; + grid-template-columns: minmax(260px, 0.95fr) minmax(0, 2fr); + gap: 16px; + align-items: start; +} + +.oqt-template-card { + display: grid; + gap: 10px; + min-width: 0; + border: 1px solid var(--oqt-line); + border-radius: 8px; + background: var(--oqt-surface); + padding: 14px; +} + +.oqt-meta-grid { + display: grid; + grid-template-columns: repeat(5, minmax(0, 1fr)); + gap: 12px; + min-width: 0; +} + +.oqt-field { + display: grid; + gap: 6px; + min-width: 0; + color: var(--oqt-text-soft); + font-size: 12px; + font-weight: 850; +} + +.oqt-field--select { + width: 100%; +} + +.oqt-field--wide-line { + grid-column: span 3; +} + +.oqt-field span, +.oqt-mini-label, +.oqt-group-label { + color: var(--oqt-text-soft); + font-size: 11px; + font-weight: 900; + letter-spacing: 0.08em; + text-transform: uppercase; +} + +.oqt-field input, +.oqt-field select, +.oqt-steps-table input, +.oqt-steps-table textarea, +.oqt-steps-table select { + width: 100%; + min-height: 40px; + border: 1px solid var(--oqt-line-strong); + border-radius: 8px; + background: #ffffff; + color: var(--oqt-text); + font: inherit; + padding: 9px 11px; + outline: none; + transition: border-color 0.16s ease, box-shadow 0.16s ease, background 0.16s ease; +} + +.oqt-field input::placeholder, +.oqt-field select::placeholder, +.oqt-steps-table input::placeholder, +.oqt-steps-table textarea::placeholder { + color: #7a858e; +} + +.oqt-field input:focus, +.oqt-field select:focus, +.oqt-steps-table input:focus, +.oqt-steps-table textarea:focus, +.oqt-steps-table select:focus, +.oqt-btn:focus, +.oqt-icon-btn:focus, +.oqt-status-btn:focus, +.oqt-drag-handle:focus { + outline: none; + box-shadow: var(--oqt-focus); + border-color: var(--oqt-blue); +} + +.oqt-field input[readonly] { + background: #edf5f9; + color: var(--oqt-text-soft); +} + +.oqt-file { + display: none; +} + +.oqt-btn, +.oqt-icon-btn, +.oqt-status-btn { + border: 1px solid transparent; + cursor: pointer; + font: inherit; + text-decoration: none; + transition: border-color 0.16s ease, background 0.16s ease, color 0.16s ease, filter 0.16s ease; +} + +.oqt-btn { + display: inline-flex; + align-items: center; + justify-content: center; + gap: 7px; + min-height: 40px; + border-radius: 8px; + padding: 9px 13px; + font-family: "OByte Gothic Demi", "OByte Nunito", "Segoe UI", Arial, sans-serif; + font-size: 14px; + font-weight: 600; + line-height: 1; + white-space: nowrap; +} + +.oqt-btn .dashicons { + width: 18px; + height: 18px; + font-size: 18px; + line-height: 18px; +} + +.oqt-btn--primary { + background: linear-gradient(132deg, var(--oqt-blue) 0%, var(--oqt-blue-soft) 100%); + color: #ffffff; +} + +.oqt-btn--primary:hover { + filter: brightness(1.05); +} + +.oqt-btn--light { + background: #ffffff; + border-color: var(--oqt-line-strong); + color: var(--oqt-text); +} + +.oqt-btn--light:hover { + border-color: rgba(0, 167, 230, 0.62); + color: #163441; +} + +.oqt-btn[disabled], +.oqt-btn.is-busy { + opacity: 0.62; + pointer-events: none; +} + +.oqt-table-wrap { + overflow-x: auto; + border: 1px solid var(--oqt-line); + border-radius: 8px; + background: #ffffff; +} + +.oqt-steps-table { + width: 100%; + min-width: 1080px; + border-collapse: separate; + border-spacing: 0; + table-layout: fixed; +} + +.oqt-steps-table th, +.oqt-steps-table td { + border-bottom: 1px solid var(--oqt-line); + padding: 12px; + text-align: left; + vertical-align: top; +} + +.oqt-steps-table th { + position: sticky; + top: 0; + z-index: 1; + background: #eef8fc; + color: var(--oqt-text); + font-size: 11px; + font-weight: 900; + letter-spacing: 0.1em; + line-height: 1.2; + text-transform: uppercase; +} + +.oqt-steps-table tbody tr:last-child td { + border-bottom: 0; +} + +.oqt-steps-table th:nth-child(1), +.oqt-steps-table td:nth-child(1) { + width: 36%; +} + +.oqt-steps-table th:nth-child(2), +.oqt-steps-table td:nth-child(2) { + width: 28%; +} + +.oqt-steps-table th:nth-child(3), +.oqt-steps-table td:nth-child(3) { + width: 12%; +} + +.oqt-steps-table th:nth-child(4), +.oqt-steps-table td:nth-child(4) { + width: 24%; +} + +.oqt-empty-row td { + padding: 28px 16px; + color: var(--oqt-text-soft); + text-align: center; +} + +.oqt-step-head { + display: grid; + grid-template-columns: 108px minmax(150px, 1fr) minmax(34px, auto); + gap: 8px; + align-items: start; +} + +.oqt-step-id-wrap, +.oqt-step-title-wrap, +.oqt-group-main { + display: grid; + gap: 5px; + min-width: 0; +} + +.oqt-steps-table textarea { + min-height: 82px; + resize: vertical; +} + +.oqt-steps-table .oqt-title { + min-height: 40px; +} + +.oqt-required { + display: inline-flex; + align-items: center; + gap: 7px; + margin-top: 10px; + color: var(--oqt-text-soft); + font-size: 12px; + font-weight: 800; +} + +.oqt-required input { + width: 16px; + min-height: 16px; +} + +.oqt-pin { + display: inline-flex; + align-items: center; + justify-content: center; + width: 100%; + min-width: 34px; + min-height: 28px; + border: 1px solid rgba(245, 156, 0, 0.46); + border-radius: 999px; + background: rgba(245, 156, 0, 0.14); + color: #8b5900; + padding: 4px 7px; + font-size: 11px; + font-weight: 900; + white-space: nowrap; +} + +.oqt-pin--off { + border-color: rgba(103, 113, 122, 0.28); + background: rgba(103, 113, 122, 0.08); + color: var(--oqt-muted); +} + +.oqt-evidence { + margin-top: 8px; +} + +.oqt-icon-btn, +.oqt-drag-handle { + display: inline-flex; + align-items: center; + justify-content: center; + width: 34px; + height: 34px; + border-radius: 8px; + flex: 0 0 auto; +} + +.oqt-icon-btn { + border-color: var(--oqt-line-strong); + background: #ffffff; + color: var(--oqt-text-soft); +} + +.oqt-icon-btn:hover { + border-color: rgba(196, 59, 59, 0.46); + color: var(--oqt-danger); +} + +.oqt-icon-btn .dashicons, +.oqt-drag-handle .dashicons { + width: 18px; + height: 18px; + font-size: 18px; + line-height: 18px; +} + +.oqt-drag-handle { + border: 1px solid var(--oqt-line-strong); + background: rgba(0, 167, 230, 0.08); + color: var(--oqt-blue-ink); + cursor: grab; + user-select: none; +} + +.oqt-row-tools { + display: inline-flex; + flex-direction: column; + align-items: stretch; + justify-content: flex-start; + gap: 6px; + min-width: 34px; +} + +.oqt-row-tools .oqt-icon-btn, +.oqt-row-tools .oqt-drag-handle { + width: 34px; + height: 34px; +} + +.oqt-step-tools { + justify-self: end; +} + +.oqt-drag-handle:active { + cursor: grabbing; +} + +.oqt-group-row td { + background: #f1f9fd; + border-left: 4px solid var(--oqt-blue); +} + +.oqt-group-row.is-ok td { + background: rgba(24, 143, 92, 0.09); + border-left-color: var(--oqt-success); +} + +.oqt-group-row.is-bad td { + background: rgba(196, 59, 59, 0.09); + border-left-color: var(--oqt-danger); +} + +.oqt-group-head { + display: grid; + grid-template-columns: minmax(240px, 1fr) auto; + gap: 12px; + align-items: end; +} + +.oqt-group-actions { + display: flex; + flex-wrap: nowrap; + align-items: flex-start; + justify-content: flex-end; + gap: 7px; +} + +.oqt-status-set { + display: inline-flex; + align-items: center; + overflow: hidden; + border: 1px solid var(--oqt-line-strong); + border-radius: 8px; + background: #ffffff; +} + +.oqt-status-btn { + min-height: 34px; + border-right: 1px solid var(--oqt-line); + background: #ffffff; + color: var(--oqt-text); + padding: 6px 9px; + font-size: 12px; + font-weight: 900; + line-height: 1; +} + +.oqt-status-btn:last-child { + border-right: 0; +} + +.oqt-status-btn:hover { + background: var(--oqt-surface-soft); +} + +.oqt-status-btn.is-pass { + color: var(--oqt-success); +} + +.oqt-status-btn.is-fail { + color: var(--oqt-danger); +} + +.oqt-status-btn.is-skip { + color: var(--oqt-muted); +} + +.oqt-status-btn.is-blocked { + color: #925d00; +} + +.oqt-row-pass td { + background: rgba(24, 143, 92, 0.055); +} + +.oqt-row-fail td { + background: rgba(196, 59, 59, 0.06); +} + +.oqt-row-skip td { + background: rgba(103, 113, 122, 0.055); +} + +.oqt-row-blocked td { + background: rgba(245, 156, 0, 0.07); +} + +.oqt-status-pass { + border-color: rgba(24, 143, 92, 0.46) !important; + background: rgba(24, 143, 92, 0.12) !important; +} + +.oqt-status-fail { + border-color: rgba(196, 59, 59, 0.46) !important; + background: rgba(196, 59, 59, 0.12) !important; +} + +.oqt-status-skip { + border-color: rgba(103, 113, 122, 0.46) !important; + background: rgba(103, 113, 122, 0.12) !important; +} + +.oqt-status-blocked { + border-color: rgba(245, 156, 0, 0.52) !important; + background: rgba(245, 156, 0, 0.14) !important; +} + +.oqt-dragging { + opacity: 0.58; +} + +.oqt-drag-over { + outline: 2px dashed var(--oqt-blue); + outline-offset: -3px; +} + +.oqt-drag-over[data-drop-pos="before"] { + box-shadow: inset 0 3px 0 var(--oqt-blue); +} + +.oqt-drag-over[data-drop-pos="after"] { + box-shadow: inset 0 -3px 0 var(--oqt-blue); +} + +tr[data-hidden="1"] { + display: none; +} + +.oqt-action-dock { + position: sticky; + bottom: 0; + z-index: 3; + display: grid; + grid-template-columns: minmax(0, auto) minmax(280px, 1fr); + gap: 14px; + align-items: center; + padding: 14px 22px; + border-top: 1px solid var(--oqt-line); + background: rgba(255, 255, 255, 0.94); + backdrop-filter: blur(8px); +} + +.oqt-message { + min-height: 40px; + border: 1px solid transparent; + border-radius: 8px; + background: var(--oqt-surface-soft); + color: var(--oqt-text-soft); + padding: 10px 12px; + font-size: 13px; + font-weight: 800; +} + +.oqt-message:empty { + visibility: hidden; +} + +.oqt-message a { + color: var(--oqt-blue-ink); + text-decoration: underline; +} + +.oqt-message.is-ok { + border-color: rgba(24, 143, 92, 0.28); + background: rgba(24, 143, 92, 0.1); + color: #126842; +} + +.oqt-message.is-bad { + border-color: rgba(196, 59, 59, 0.28); + background: rgba(196, 59, 59, 0.1); + color: #8f2424; +} + +@media (max-width: 1180px) { + .oqt-setup-grid { + grid-template-columns: 1fr; + } + + .oqt-meta-grid { + grid-template-columns: repeat(3, minmax(0, 1fr)); + } + + .oqt-field--wide-line { + grid-column: span 2; + } +} + +@media (max-width: 860px) { + .obyte-qa-tool { + border-left: 0; + border-right: 0; + border-radius: 0; + } + + .oqt-header { + border-radius: 0; + } + + .oqt-header, + .oqt-panel-head, + .oqt-action-dock { + grid-template-columns: 1fr; + } + + .oqt-header-actions, + .oqt-service-tags, + .oqt-step-actions, + .oqt-action-group { + justify-content: flex-start; + } + + .oqt-header h1 { + font-size: 30px; + } + + .oqt-meta-grid { + grid-template-columns: repeat(2, minmax(0, 1fr)); + } + + .oqt-field--wide-line { + grid-column: span 2; + } +} + +@media (max-width: 620px) { + .oqt-header, + .oqt-panel, + .oqt-action-dock { + padding-left: 14px; + padding-right: 14px; + } + + .oqt-meta-grid { + grid-template-columns: 1fr; + } + + .oqt-field--wide-line { + grid-column: span 1; + } + + .oqt-header-actions .oqt-btn, + .oqt-template-actions .oqt-btn, + .oqt-step-actions .oqt-btn, + .oqt-action-group .oqt-btn { + flex: 1 1 auto; + } +} + +@media print { + .obyte-qa-tool { + border: 0; + box-shadow: none; + } + + .oqt-panel--setup, + .oqt-action-dock, + .oqt-step-actions, + .oqt-header-actions { + display: none; + } +} diff --git a/obyte-qa-tool/assets/fonts/Nunito-VariableFont_wght.ttf b/obyte-qa-tool/assets/fonts/Nunito-VariableFont_wght.ttf new file mode 100644 index 0000000..10387be Binary files /dev/null and b/obyte-qa-tool/assets/fonts/Nunito-VariableFont_wght.ttf differ diff --git a/obyte-qa-tool/assets/fonts/urw_gothic_l_demi.ttf b/obyte-qa-tool/assets/fonts/urw_gothic_l_demi.ttf new file mode 100644 index 0000000..49f0f2d Binary files /dev/null and b/obyte-qa-tool/assets/fonts/urw_gothic_l_demi.ttf differ diff --git a/obyte-qa-tool/assets/img/o-byte_Logo_2024_Dark.svg b/obyte-qa-tool/assets/img/o-byte_Logo_2024_Dark.svg new file mode 100644 index 0000000..c613532 --- /dev/null +++ b/obyte-qa-tool/assets/img/o-byte_Logo_2024_Dark.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/obyte-qa-tool/assets/img/o-byte_Logo_2024_White.svg b/obyte-qa-tool/assets/img/o-byte_Logo_2024_White.svg new file mode 100644 index 0000000..82e1663 --- /dev/null +++ b/obyte-qa-tool/assets/img/o-byte_Logo_2024_White.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/obyte-qa-tool/assets/js/qa-tool.js b/obyte-qa-tool/assets/js/qa-tool.js new file mode 100644 index 0000000..ef5bf3f --- /dev/null +++ b/obyte-qa-tool/assets/js/qa-tool.js @@ -0,0 +1,1839 @@ +(function () { + "use strict"; + + var config = window.ObyteQaTool || {}; + + function onReady(callback) { + if (document.readyState === "loading") { + document.addEventListener("DOMContentLoaded", callback); + } else { + callback(); + } + } + + onReady(function () { + document.querySelectorAll("[data-obyte-qa-tool]").forEach(function (root) { + if (root.dataset.oqtReady === "1") { + return; + } + root.dataset.oqtReady = "1"; + new QaTool(root); + }); + }); + + function QaTool(root) { + this.root = root; + this.template = null; + this.dragIndex = -1; + this.storageKey = "obyteQaToolState:" + window.location.pathname; + this.els = this.collectElements(); + this.init(); + } + + QaTool.prototype.collectElements = function () { + var root = this.root; + var field = function (name) { + return root.querySelector('[data-field="' + name + '"]'); + }; + var action = function (name) { + return root.querySelector('[data-action="' + name + '"]'); + }; + + return { + tplName: field("tplName"), + stepSummary: field("stepSummary"), + statusTag: field("statusTag"), + gitlabTplSelect: field("gitlabTplSelect"), + gitlabTplStatus: field("gitlabTplStatus"), + docbeeTokenStatus: field("docbeeTokenStatus"), + templateFile: field("templateFile"), + module: field("module"), + moduleVersion: field("moduleVersion"), + olmNummer: field("olmNummer"), + pbxVersion: field("pbxVersion"), + tester: field("tester"), + docbeeUrl: field("docbeeUrl"), + stepsTable: field("stepsTable"), + stepsTableBody: field("stepsTableBody"), + loadJson: field("loadJson"), + message: field("message"), + reloadGitlab: action("reloadGitlab"), + pickTemplate: action("pickTemplate"), + addStep: action("addStep"), + addGroup: action("addGroup"), + saveJson: action("saveJson"), + pickRun: action("pickRun"), + exportAll: action("exportAll"), + exportMd: action("exportMd"), + exportCsv: action("exportCsv"), + printPdf: action("printPdf"), + exportTemplateYaml: action("exportTemplateYaml"), + pushDocbee: action("pushDocbee") + }; + }; + + QaTool.prototype.init = function () { + var self = this; + + if (this.els.tester) { + this.els.tester.value = config.tester || ""; + } + if (this.els.pbxVersion && config.defaultPbxVersion) { + this.els.pbxVersion.value = config.defaultPbxVersion; + } + + this.restoreAutosave(); + this.bindMetaAutosave(); + this.bindControls(); + this.updateServiceBadges(); + this.updateRunSummary(); + + if (config.gitlabEnabled) { + this.populateGitlabDropdown(); + } + }; + + QaTool.prototype.bindMetaAutosave = function () { + var self = this; + ["input", "change"].forEach(function (eventName) { + [self.els.module, self.els.moduleVersion, self.els.olmNummer, self.els.pbxVersion, self.els.docbeeUrl].forEach(function (el) { + if (el) { + el.addEventListener(eventName, function () { + self.updateAutosave(); + }); + } + }); + }); + }; + + QaTool.prototype.bindControls = function () { + var self = this; + + bind(this.els.reloadGitlab, "click", function (event) { + event.preventDefault(); + self.populateGitlabDropdown(); + }); + + bind(this.els.pickTemplate, "click", function () { + if (self.els.templateFile) { + self.els.templateFile.click(); + } + }); + + bind(this.els.templateFile, "change", function (event) { + self.loadLocalTemplate(event); + }); + + bind(this.els.gitlabTplSelect, "change", function (event) { + self.loadGitlabTemplate(event.target.value); + }); + + bind(this.els.addStep, "click", function () { + self.addStep(); + }); + + bind(this.els.addGroup, "click", function () { + self.addGroup(); + }); + + bind(this.els.saveJson, "click", function () { + self.saveJson(); + }); + + bind(this.els.pickRun, "click", function () { + if (self.els.loadJson) { + self.els.loadJson.click(); + } + }); + + bind(this.els.loadJson, "change", function (event) { + self.loadRunJson(event); + }); + + bind(this.els.exportAll, "click", function () { + self.exportAll(); + }); + + bind(this.els.exportMd, "click", function () { + self.exportMd(); + }); + + bind(this.els.exportCsv, "click", function () { + self.exportCsv(); + }); + + bind(this.els.printPdf, "click", function () { + self.printPdf(); + }); + + bind(this.els.exportTemplateYaml, "click", function () { + self.exportTemplateYaml(); + }); + + bind(this.els.pushDocbee, "click", function () { + self.postToDocbee(); + }); + + if (this.els.stepsTableBody) { + this.els.stepsTableBody.addEventListener("click", function (event) { + self.handleRowClick(event); + }); + this.els.stepsTableBody.addEventListener("input", function () { + self.captureEditsIntoTemplate(); + self.updateRunSummary(); + }); + this.els.stepsTableBody.addEventListener("change", function (event) { + if (event.target && event.target.matches("select.oqt-status")) { + self.updateStatusClass(event.target); + self.recomputeGroupStyles(); + } + self.captureEditsIntoTemplate(); + self.updateRunSummary(); + }); + this.els.stepsTableBody.addEventListener("dragstart", function (event) { + self.handleDragStart(event); + }); + this.els.stepsTableBody.addEventListener("dragend", function (event) { + self.handleDragEnd(event); + }); + this.els.stepsTableBody.addEventListener("dragover", function (event) { + self.handleDragOver(event); + }); + this.els.stepsTableBody.addEventListener("drop", function (event) { + self.handleDrop(event); + }); + } + }; + + QaTool.prototype.api = async function (path, options) { + options = options || {}; + var response = await fetch((config.restUrl || "") + path, { + method: options.method || "GET", + credentials: "same-origin", + headers: Object.assign({ + "Accept": "application/json", + "X-WP-Nonce": config.nonce || "" + }, options.headers || {}), + body: options.body || null + }); + + var text = await response.text(); + var data = {}; + if (text) { + try { + data = JSON.parse(text); + } catch (error) { + data = { message: text }; + } + } + + if (!response.ok) { + throw new Error(data.message || ("Request failed with HTTP " + response.status)); + } + + return data; + }; + + QaTool.prototype.populateGitlabDropdown = async function () { + var select = this.els.gitlabTplSelect; + var tag = this.els.gitlabTplStatus; + + if (!select) { + return; + } + + select.innerHTML = ''; + + if (!config.gitlabEnabled) { + select.disabled = true; + this.setTag(tag, "GitLab: deaktiviert", "warn"); + return; + } + + try { + select.disabled = true; + this.setTag(tag, "GitLab: lade Liste", ""); + var data = await this.api("templates"); + var templates = data.templates || []; + + templates.forEach(function (item) { + var option = document.createElement("option"); + option.value = item.path; + option.textContent = item.name; + select.appendChild(option); + }); + + this.setTag(tag, templates.length ? ("GitLab: " + templates.length + " Vorlage(n)") : "GitLab: keine YAMLs", templates.length ? "ok" : "warn"); + } catch (error) { + this.setTag(tag, "GitLab: Fehler", "bad"); + this.showMessage("GitLab-Liste konnte nicht geladen werden: " + error.message, "bad"); + } finally { + select.disabled = false; + } + }; + + QaTool.prototype.loadGitlabTemplate = async function (path) { + if (!path) { + return; + } + + try { + this.setTag(this.els.gitlabTplStatus, "GitLab: lade Datei", ""); + var data = await this.api("template?path=" + encodeURIComponent(path)); + this.loadTemplateText(data.content || "", path.split("/").pop()); + this.setTag(this.els.gitlabTplStatus, "GitLab: geladen", "ok"); + } catch (error) { + this.setTag(this.els.gitlabTplStatus, "GitLab: Fehler", "bad"); + this.showMessage("Vorlage aus GitLab konnte nicht geladen werden: " + error.message, "bad"); + } + }; + + QaTool.prototype.loadLocalTemplate = async function (event) { + var file = event.target.files && event.target.files[0]; + if (!file) { + return; + } + + try { + var text = await file.text(); + this.loadTemplateText(text, file.name); + this.showMessage("Lokale Vorlage geladen.", "ok"); + } catch (error) { + this.showMessage("Vorlage konnte nicht geladen werden: " + error.message, "bad"); + } finally { + event.target.value = ""; + } + }; + + QaTool.prototype.loadTemplateText = function (text, fallbackName) { + var parsed = parseTemplateText(text); + var normalized = normalizeTemplate(parsed, fallbackName || "Template"); + this.template = normalized; + + if (this.els.tplName) { + this.els.tplName.textContent = normalized.name || fallbackName || "Template"; + } + if (this.els.module) { + this.els.module.value = normalized.module || ""; + } + if (this.els.moduleVersion) { + this.els.moduleVersion.value = normalized.module_version || ""; + } + if (this.els.olmNummer) { + this.els.olmNummer.value = normalized.olm_nummer || ""; + } + if (this.els.pbxVersion) { + this.els.pbxVersion.value = normalized.pbx_version || config.defaultPbxVersion || ""; + } + + this.renderSteps(); + this.setTag(this.els.statusTag, "Vorlage geladen", "ok"); + this.updateAutosave(); + }; + + QaTool.prototype.renderSteps = function () { + var body = this.els.stepsTableBody; + if (!body || !this.template) { + return; + } + + body.innerHTML = ""; + var groupCollapsed = false; + var self = this; + + (this.template.steps || []).forEach(function (step) { + var kind = step.kind || step.type || "step"; + if (kind === "group") { + var groupRow = document.createElement("tr"); + groupRow.className = "oqt-group-row"; + groupRow.dataset.kind = "group"; + groupRow.draggable = false; + if (step.collapsed) { + groupRow.dataset.collapsed = "1"; + } + + groupRow.innerHTML = + '' + + '
' + + '
' + + 'Gruppe' + + '' + + '
' + + '
' + + '
' + + '' + + '' + + '' + + '' + + '
' + + '
' + + '' + + '' + + '' + + '
' + + '
' + + '
' + + ''; + + body.appendChild(groupRow); + groupCollapsed = !!step.collapsed; + return; + } + + var row = document.createElement("tr"); + row.dataset.kind = "step"; + row.draggable = false; + if (groupCollapsed) { + row.dataset.hidden = "1"; + } + + row.innerHTML = + '' + + '
' + + '
' + + 'ID' + + '' + + '
' + + '
' + + 'Titel' + + '' + + '
' + + '
' + + (step.required ? 'Pflicht' : 'Optional') + + '' + + '' + + '
' + + '
' + + '' + + '' + + '' + + '' + + '' + + '' + + '' + + '' + + '' + + ''; + + body.appendChild(row); + self.updateStatusClass(row.querySelector("select.oqt-status")); + }); + + this.recomputeGroupStyles(); + this.updateRunSummary(); + }; + + QaTool.prototype.captureEditsIntoTemplate = function () { + if (!this.template || !this.els.stepsTableBody) { + return; + } + + var rows = Array.prototype.slice.call(this.els.stepsTableBody.querySelectorAll("tr")); + this.template.steps = rows.map(function (row, index) { + var kind = row.dataset.kind || "step"; + if (kind === "group") { + return { + kind: "group", + title: valueOf(row, ".oqt-group-title"), + collapsed: row.dataset.collapsed === "1" + }; + } + + return { + kind: "step", + id: valueOf(row, ".oqt-step-id") || ("step-" + String(index + 1).padStart(3, "0")), + title: valueOf(row, ".oqt-title"), + expected: valueOf(row, ".oqt-expected"), + required: !!(row.querySelector(".oqt-step-required") && row.querySelector(".oqt-step-required").checked), + status: valueOf(row, ".oqt-status"), + comment: valueOf(row, ".oqt-comment"), + evidence: valueOf(row, ".oqt-evidence") + }; + }); + }; + + QaTool.prototype.ensureTemplate = function () { + if (!this.template) { + this.template = { + name: "Neues Template", + module: "", + module_version: "", + olm_nummer: "", + pbx_version: config.defaultPbxVersion || "", + steps: [] + }; + if (this.els.tplName) { + this.els.tplName.textContent = this.template.name; + } + } + }; + + QaTool.prototype.addStep = function () { + this.ensureTemplate(); + this.captureEditsIntoTemplate(); + this.template.steps.push({ + kind: "step", + id: "", + title: "", + expected: "", + required: true, + status: "", + comment: "", + evidence: "" + }); + this.renumberSteps(); + this.renderSteps(); + this.setTag(this.els.statusTag, "Step hinzugefügt", "ok"); + }; + + QaTool.prototype.addGroup = function () { + this.ensureTemplate(); + this.captureEditsIntoTemplate(); + this.template.steps.push({ + kind: "group", + title: "Neue Gruppe", + collapsed: false + }); + this.renderSteps(); + this.setTag(this.els.statusTag, "Gruppe hinzugefügt", "ok"); + }; + + QaTool.prototype.handleRowClick = function (event) { + var button = event.target.closest("[data-row-action]"); + if (!button) { + return; + } + + event.preventDefault(); + this.captureEditsIntoTemplate(); + + var row = button.closest("tr"); + var index = this.rowIndex(row); + if (index < 0 || !this.template || !this.template.steps[index]) { + return; + } + + var action = button.dataset.rowAction; + var item = this.template.steps[index]; + + if (action === "toggle-group" && item.kind === "group") { + item.collapsed = !item.collapsed; + this.renderSteps(); + return; + } + + if (action === "group-status" && item.kind === "group") { + this.applyGroupStatus(index, button.dataset.status || ""); + return; + } + + if (action === "delete-group" && item.kind === "group") { + var count = this.countStepsUntilNextGroup(index); + if (count > 0 && !window.confirm("Diese Gruppe enthält " + count + " Schritt(e). Gruppe wirklich löschen? Die Schritte bleiben erhalten.")) { + return; + } + this.template.steps.splice(index, 1); + this.renderSteps(); + return; + } + + if (action === "delete-step") { + this.template.steps.splice(index, 1); + this.renumberSteps(); + this.renderSteps(); + } + }; + + QaTool.prototype.applyGroupStatus = function (groupIndex, status) { + if (["pass", "fail", "skip", "blocked"].indexOf(status) === -1) { + return; + } + + var end = this.template.steps.length; + for (var i = groupIndex + 1; i < this.template.steps.length; i++) { + var kind = this.template.steps[i].kind || this.template.steps[i].type || "step"; + if (kind === "group") { + end = i; + break; + } + } + + var willOverwrite = this.template.steps.slice(groupIndex + 1, end).some(function (step) { + return (step.kind || "step") === "step" && step.status && step.status !== status; + }); + + if (willOverwrite && !window.confirm("Einige Schritte haben bereits einen anderen Status. Alle auf " + status.toUpperCase() + " setzen?")) { + return; + } + + for (var j = groupIndex + 1; j < end; j++) { + if ((this.template.steps[j].kind || "step") === "step") { + this.template.steps[j].status = status; + } + } + + this.renderSteps(); + }; + + QaTool.prototype.countStepsUntilNextGroup = function (groupIndex) { + var count = 0; + for (var i = groupIndex + 1; i < this.template.steps.length; i++) { + var kind = this.template.steps[i].kind || this.template.steps[i].type || "step"; + if (kind === "group") { + break; + } + if (kind === "step") { + count++; + } + } + return count; + }; + + QaTool.prototype.rowIndex = function (row) { + if (!row || !this.els.stepsTableBody) { + return -1; + } + return Array.prototype.indexOf.call(this.els.stepsTableBody.children, row); + }; + + QaTool.prototype.handleDragStart = function (event) { + if (!event.target.closest(".oqt-drag-handle")) { + event.preventDefault(); + return; + } + + var row = event.target.closest("tr"); + var index = this.rowIndex(row); + if (index < 0) { + return; + } + + this.dragIndex = index; + row.classList.add("oqt-dragging"); + if (event.dataTransfer) { + event.dataTransfer.effectAllowed = "move"; + event.dataTransfer.setData("text/plain", String(index)); + } + }; + + QaTool.prototype.handleDragEnd = function (event) { + var row = event.target.closest("tr"); + if (row) { + row.classList.remove("oqt-dragging"); + } + this.clearDragMarkers(); + this.dragIndex = -1; + }; + + QaTool.prototype.handleDragOver = function (event) { + event.preventDefault(); + var row = event.target.closest("tr"); + if (!row) { + return; + } + + this.clearDragMarkers(); + row.classList.add("oqt-drag-over"); + var rect = row.getBoundingClientRect(); + row.dataset.dropPos = (event.clientY - rect.top) < rect.height / 2 ? "before" : "after"; + }; + + QaTool.prototype.handleDrop = function (event) { + event.preventDefault(); + var row = event.target.closest("tr"); + if (!row || !this.template) { + return; + } + + this.captureEditsIntoTemplate(); + var from = this.dragIndex >= 0 ? this.dragIndex : parseInt(event.dataTransfer && event.dataTransfer.getData("text/plain"), 10); + var toBase = this.rowIndex(row); + if (!isFinite(from) || from < 0 || toBase < 0) { + return; + } + + var to = toBase + (row.dataset.dropPos === "after" ? 1 : 0); + if (to === from || to - 1 === from) { + this.renderSteps(); + return; + } + + var item = this.template.steps.splice(from, 1)[0]; + if (to > from) { + to--; + } + this.template.steps.splice(to, 0, item); + this.renumberSteps(); + this.renderSteps(); + }; + + QaTool.prototype.clearDragMarkers = function () { + if (!this.els.stepsTableBody) { + return; + } + this.els.stepsTableBody.querySelectorAll("tr").forEach(function (row) { + row.classList.remove("oqt-drag-over"); + delete row.dataset.dropPos; + }); + }; + + QaTool.prototype.updateStatusClass = function (select) { + if (!select) { + return; + } + var row = select.closest("tr"); + ["oqt-status-pass", "oqt-status-fail", "oqt-status-skip", "oqt-status-blocked"].forEach(function (className) { + select.classList.remove(className); + }); + ["oqt-row-pass", "oqt-row-fail", "oqt-row-skip", "oqt-row-blocked"].forEach(function (className) { + if (row) { + row.classList.remove(className); + } + }); + + if (!select.value) { + return; + } + + select.classList.add("oqt-status-" + select.value); + if (row) { + row.classList.add("oqt-row-" + select.value); + } + }; + + QaTool.prototype.recomputeGroupStyles = function () { + if (!this.els.stepsTableBody) { + return; + } + + var current = null; + var groups = []; + this.els.stepsTableBody.querySelectorAll("tr").forEach(function (row) { + if ((row.dataset.kind || "step") === "group") { + current = { row: row, steps: [] }; + groups.push(current); + } else if (current) { + current.steps.push(row); + } + }); + + groups.forEach(function (group) { + group.row.classList.remove("is-ok", "is-bad"); + var statuses = group.steps.map(function (row) { + var select = row.querySelector("select.oqt-status"); + return select ? select.value : ""; + }); + if (!statuses.length) { + return; + } + if (statuses.every(function (status) { return status === "pass"; })) { + group.row.classList.add("is-ok"); + } else if (statuses.some(function (status) { return status === "fail" || status === "blocked"; })) { + group.row.classList.add("is-bad"); + } + }); + }; + + QaTool.prototype.updateRunSummary = function () { + if (!this.els.stepSummary) { + return; + } + + var counts = countStatuses(this.template ? this.template.steps : []); + if (!counts.total) { + this.setTag(this.els.stepSummary, "0 Steps", ""); + return; + } + + var text = counts.total + " Step" + (counts.total === 1 ? "" : "s") + + " | " + counts.pass + " PASS" + + " | " + counts.fail + " FAIL" + + " | " + counts.skip + " SKIP" + + " | " + counts.blocked + " BLOCK"; + if (counts.missingRequired) { + text += " | " + counts.missingRequired + " offen"; + } + this.setTag(this.els.stepSummary, text, counts.missingRequired ? "warn" : (counts.total ? "ok" : "")); + }; + + QaTool.prototype.renumberSteps = function () { + if (!this.template || !Array.isArray(this.template.steps)) { + return; + } + + var number = 1; + this.template.steps.forEach(function (step) { + var kind = step.kind || step.type || "step"; + if (kind !== "step") { + return; + } + step.id = "step-" + String(number).padStart(3, "0"); + number++; + }); + }; + + QaTool.prototype.collectRun = function () { + if (!this.template) { + this.showMessage("Bitte zuerst eine Vorlage laden oder Schritte anlegen.", "bad"); + return null; + } + + this.captureEditsIntoTemplate(); + this.renumberSteps(); + return { + name: this.template.name || "", + module: value(this.els.module), + module_version: value(this.els.moduleVersion), + olm_nummer: value(this.els.olmNummer), + pbx_version: value(this.els.pbxVersion), + tester: value(this.els.tester), + docbee_url: value(this.els.docbeeUrl), + ts: new Date().toISOString(), + steps: clone(this.template.steps || []) + }; + }; + + QaTool.prototype.collectTemplateFromDom = function () { + this.ensureTemplate(); + this.captureEditsIntoTemplate(); + this.renumberSteps(); + + return { + name: this.template.name || "QA Template", + module: value(this.els.module), + module_version: value(this.els.moduleVersion), + olm_nummer: value(this.els.olmNummer), + pbx_version: value(this.els.pbxVersion), + steps: (this.template.steps || []).map(function (step) { + var kind = step.kind || step.type || "step"; + if (kind === "group") { + return { type: "group", title: step.title || "" }; + } + return { + type: "step", + id: step.id || "", + title: step.title || "", + expected: step.expected || "", + required: !!step.required + }; + }) + }; + }; + + QaTool.prototype.checkRequired = function (run) { + var missing = (run.steps || []).filter(function (step) { + return (step.kind || step.type || "step") === "step" && step.required && !step.status; + }); + + if (!missing.length) { + return true; + } + + var message = "Folgende Pflichtschritte haben keinen Status:\n" + missing.map(function (step) { + return (step.id || "") + " - " + (step.title || ""); + }).join("\n"); + window.alert(message); + this.showMessage("Pflichtschritte ohne Status vorhanden.", "bad"); + return false; + }; + + QaTool.prototype.saveJson = function () { + var run = this.collectRun(); + if (!run || !this.checkRequired(run)) { + return; + } + this.renumberSteps(); + download(JSON.stringify(run, null, 2), runBaseName("qa-run", run) + ".json", "application/json"); + }; + + QaTool.prototype.loadRunJson = async function (event) { + var file = event.target.files && event.target.files[0]; + if (!file) { + return; + } + + try { + var text = await file.text(); + var run = parseTemplateText(text); + var isRun = !!(run.tester || run.docbee_url || (run.steps || []).some(function (step) { + return step && (step.status || step.comment || step.evidence); + })); + if (!run || !Array.isArray(run.steps)) { + throw new Error("Datei enthält keine steps."); + } + + this.template = normalizeTemplate({ + name: run.name || file.name, + module: run.module || "", + module_version: run.module_version || "", + olm_nummer: run.olm_nummer || "", + pbx_version: run.pbx_version || "", + steps: run.steps + }, file.name); + + if (this.els.tplName) { + this.els.tplName.textContent = run.name || file.name; + } + if (this.els.module) { + this.els.module.value = run.module || ""; + } + if (this.els.moduleVersion) { + this.els.moduleVersion.value = run.module_version || ""; + } + if (this.els.olmNummer) { + this.els.olmNummer.value = run.olm_nummer || ""; + } + if (this.els.pbxVersion) { + this.els.pbxVersion.value = run.pbx_version || ""; + } + if (this.els.tester) { + this.els.tester.value = isRun ? (run.tester || config.tester || "") : (config.tester || ""); + } + if (this.els.docbeeUrl) { + this.els.docbeeUrl.value = isRun ? (run.docbee_url || "") : ""; + } + + this.renderSteps(); + this.setTag(this.els.statusTag, isRun ? "Lauf geladen" : "Template geladen", "ok"); + this.updateAutosave(); + } catch (error) { + this.showMessage("Datei konnte nicht geladen werden: " + error.message, "bad"); + } finally { + event.target.value = ""; + } + }; + + QaTool.prototype.exportMd = function () { + var run = this.collectRun(); + if (!run || !this.checkRequired(run)) { + return; + } + this.renumberSteps(); + + var md = "# Testprotokoll\n\n" + + "- Modul: " + (run.module || "") + "\n" + + "- Modul-Version: " + (run.module_version || "") + "\n" + + "- OLM-Nummer: " + (run.olm_nummer || "") + "\n" + + "- PBX-Version: " + (run.pbx_version || "") + "\n" + + "- DocBee: " + (run.docbee_url || "") + "\n" + + "- Tester: " + (run.tester || "") + "\n" + + "- Datum: " + new Date(run.ts).toLocaleString("de-DE") + "\n\n" + + "| Schritt | Erwartung | Status | Kommentar | Evidenz |\n" + + "|---|---|---|---|---|\n"; + + run.steps.forEach(function (step) { + if ((step.kind || step.type || "step") === "group") { + md += "| **-- " + mdCell(step.title) + " --** | | | | |\n"; + return; + } + md += "| **" + mdCell(step.id) + " - " + mdCell(step.title) + (step.required ? " [required]" : "") + "** | " + + mdCell(step.expected) + " | " + mdCell(step.status) + " | " + mdCell(step.comment) + " | " + mdCell(step.evidence) + " |\n"; + }); + + download(md, runBaseName("qa-report", run) + ".md", "text/markdown"); + }; + + QaTool.prototype.exportCsv = function () { + var run = this.collectRun(); + if (!run || !this.checkRequired(run)) { + return; + } + this.renumberSteps(); + + var meta = [ + ["module", run.module || ""], + ["module_version", run.module_version || ""], + ["olm_nummer", run.olm_nummer || ""], + ["pbx_version", run.pbx_version || ""], + ["docbee_url", run.docbee_url || ""], + ["tester", run.tester || ""], + ["date", new Date(run.ts).toLocaleString("de-DE")] + ].map(function (row) { + return row[0] + ";" + csvCell(row[1]); + }).join("\n"); + + var rows = [["id", "title", "expected", "required", "status", "comment", "evidence"]]; + run.steps.forEach(function (step) { + if ((step.kind || step.type || "step") === "group") { + rows.push(["", "### Gruppe: " + (step.title || ""), "", "", "", "", ""]); + return; + } + rows.push([step.id, step.title, step.expected, step.required ? "true" : "false", step.status, step.comment, step.evidence]); + }); + + var table = rows.map(function (row) { + return row.map(csvCell).join(";"); + }).join("\n"); + + download(meta + "\n\n" + table, runBaseName("qa-report", run) + ".csv", "text/csv"); + }; + + QaTool.prototype.ensureJsPdf = async function () { + if (window.jspdf && window.jspdf.jsPDF) { + return true; + } + + var urls = config.jsPdfUrls || []; + for (var i = 0; i < urls.length; i++) { + try { + await loadScript(urls[i]); + } catch (error) { + // Try next CDN. + } + if (window.jspdf && window.jspdf.jsPDF) { + break; + } + } + + if (!(window.jspdf && window.jspdf.jsPDF)) { + return false; + } + + try { + var test = new window.jspdf.jsPDF(); + if (typeof test.autoTable !== "function") { + var tableUrls = config.autoTableUrls || []; + for (var j = 0; j < tableUrls.length; j++) { + try { + await loadScript(tableUrls[j]); + } catch (error2) { + // PDF export still works without AutoTable. + } + test = new window.jspdf.jsPDF(); + if (typeof test.autoTable === "function") { + break; + } + } + } + } catch (error3) { + // Basic jsPDF is enough for a fallback PDF. + } + + return true; + }; + + QaTool.prototype.generatePdfBlob = async function (run) { + var ready = await this.ensureJsPdf(); + if (!ready) { + throw new Error("PDF-Bibliothek konnte nicht geladen werden."); + } + + var jsPDF = window.jspdf.jsPDF; + var doc = new jsPDF({ + orientation: "landscape", + unit: "mm", + format: "a4", + compress: true + }); + + var pageW = doc.internal.pageSize.getWidth(); + var pageH = doc.internal.pageSize.getHeight(); + var marginL = 14; + var marginR = 14; + var xRight = pageW - marginR; + var footerY = pageH - 13; + var muted = [102, 102, 102]; + var headFill = [232, 247, 253]; + var ok = [24, 143, 92]; + var fail = [196, 59, 59]; + var skip = [103, 113, 122]; + var blocked = [245, 156, 0]; + var logoDataUrl = null; + + try { + logoDataUrl = await imageToDataUrl(config.printLogoUrl || config.logoUrl || ""); + } catch (error) { + logoDataUrl = null; + } + + doc.setFont("helvetica", "bold"); + doc.setFontSize(18); + doc.setTextColor(52, 53, 55); + doc.text("QA Report", marginL, 16); + if (logoDataUrl) { + try { + var props = doc.getImageProperties ? doc.getImageProperties(logoDataUrl) : null; + var ratio = props && props.width ? props.height / props.width : 0.38; + var logoW = 32; + var logoH = logoW * ratio; + if (logoH > 13) { + logoH = 13; + logoW = logoH / ratio; + } + doc.addImage(logoDataUrl, "PNG", xRight - logoW, 6.5, logoW, logoH, undefined, "FAST"); + } catch (error2) { + // Logo is decorative; keep the PDF export working without it. + } + } + doc.setDrawColor(0, 167, 230); + doc.setLineWidth(0.45); + doc.line(marginL, 18, xRight, 18); + + var meta = [ + ["Modul", sanitizePdfText(run.module)], + ["Modul-Version", sanitizePdfText(run.module_version)], + ["OLM-Nummer", sanitizePdfText(run.olm_nummer || "-")], + ["PBX-Version", sanitizePdfText(run.pbx_version)], + ["Tester", sanitizePdfText(run.tester)], + ["DocBee", sanitizePdfText(run.docbee_url || "-")] + ]; + var y = 25; + doc.setFontSize(10); + meta.forEach(function (row) { + doc.setFont("helvetica", "bold"); + doc.setTextColor(muted[0], muted[1], muted[2]); + doc.text(row[0] + ":", marginL, y); + doc.setFont("helvetica", "normal"); + doc.setTextColor(0, 0, 0); + doc.text(row[1] || "-", 50, y); + y += 6; + }); + + var rows = []; + var currentGroup = "-"; + var index = 0; + (run.steps || []).forEach(function (step) { + if ((step.kind || step.type || "step") === "group") { + currentGroup = sanitizePdfText(step.title || "-"); + return; + } + index++; + rows.push({ + nr: index, + group: currentGroup, + id: sanitizePdfText(step.id), + title: sanitizePdfText(step.title) + (step.required ? " [required]" : ""), + expected: sanitizePdfText(step.expected), + status: sanitizePdfText((step.status || "").toLowerCase()), + comment: sanitizePdfText(step.comment) + }); + }); + + if (typeof doc.autoTable === "function") { + doc.autoTable({ + startY: Math.max(y + 4, 25), + tableWidth: pageW - (marginL + marginR), + head: [["#", "Gruppe", "Step-ID", "Titel", "Erwartet", "Status", "Kommentar"]], + body: rows.map(function (row) { + return [row.nr, row.group, row.id, row.title, row.expected, row.status, row.comment]; + }), + styles: { + font: "helvetica", + fontSize: 9, + cellPadding: 2, + overflow: "linebreak", + valign: "top" + }, + headStyles: { + fillColor: headFill, + textColor: [52, 53, 55], + halign: "left" + }, + columnStyles: { + 0: { halign: "right", cellWidth: 8 }, + 1: { cellWidth: 36 }, + 2: { cellWidth: 24 }, + 3: { cellWidth: 62 }, + 4: { cellWidth: 76, font: "courier", fillColor: [250, 250, 250] }, + 5: { cellWidth: 20 }, + 6: { cellWidth: 36 } + }, + didParseCell: function (data) { + if (data.section === "body" && data.column.index === 5) { + var value = String(data.cell.raw || "").toLowerCase(); + if (value === "pass") { + data.cell.styles.textColor = ok; + } else if (value === "fail") { + data.cell.styles.textColor = fail; + } else if (value === "skip" || value === "na") { + data.cell.styles.textColor = skip; + } else if (value === "blocked") { + data.cell.styles.textColor = blocked; + } + } + }, + margin: { left: marginL, right: marginR }, + pageBreak: "auto" + }); + } else { + doc.setFont("helvetica", "normal"); + doc.setFontSize(9); + y += 6; + rows.forEach(function (row) { + if (y > pageH - 20) { + doc.addPage(); + y = 16; + } + doc.text([row.nr + " " + row.id + " " + row.status, row.group + " | " + row.title, row.expected, row.comment].join(" - "), marginL, y, { + maxWidth: pageW - marginL - marginR + }); + y += 8; + }); + } + + var pageCount = doc.getNumberOfPages(); + var timestamp = new Date().toLocaleString("de-DE"); + for (var p = 1; p <= pageCount; p++) { + doc.setPage(p); + doc.setFont("helvetica", "normal"); + doc.setFontSize(8); + doc.setTextColor(muted[0], muted[1], muted[2]); + doc.text("Seite " + p + " / " + pageCount, xRight, footerY, { align: "right" }); + doc.text(timestamp, marginL, footerY); + } + + return doc.output("blob"); + }; + + QaTool.prototype.printPdf = async function () { + var run = this.collectRun(); + if (!run || !this.checkRequired(run)) { + return; + } + this.renumberSteps(); + + try { + var pdfBlob = await this.generatePdfBlob(run); + download(pdfBlob, runBaseName("qa-report", run) + ".pdf", "application/pdf"); + this.showMessage("PDF wurde erzeugt.", "ok"); + return; + } catch (error) { + this.showMessage("PDF konnte nicht erzeugt werden: " + error.message, "bad"); + return; + } + }; + + QaTool.prototype.exportAll = async function () { + var run = this.collectRun(); + if (!run || !this.checkRequired(run)) { + return; + } + + var button = this.els.exportAll; + try { + if (button) { + button.disabled = true; + button.classList.add("is-busy"); + } + + this.showMessage("Export läuft: PDF wird erzeugt und WordPress speichert den Lauf...", ""); + var pdfBlob = null; + try { + pdfBlob = await this.generatePdfBlob(run); + } catch (pdfError) { + this.showMessage("PDF konnte nicht erzeugt werden, Report wird trotzdem gespeichert: " + pdfError.message, "bad"); + } + + var form = new FormData(); + form.append("run", JSON.stringify(run)); + if (pdfBlob) { + form.append("pdf", pdfBlob, runBaseName("qa-report", run) + ".pdf"); + } + + var data = await this.api("export", { + method: "POST", + body: form + }); + + var parts = []; + if (data.report_id) { + parts.push("Report-ID: " + data.report_id); + } + if (data.pdf_url) { + parts.push('PDF in Mediathek öffnen'); + } + if (data.docbee && data.docbee.ok) { + var docbeeLink = data.docbee.url ? ' DocBee öffnen' : ""; + parts.push("DocBee gepostet." + docbeeLink); + } else if (data.docbee && data.docbee.message) { + parts.push("DocBee Fehler: " + escHtml(data.docbee.message)); + } + + this.showMessage("Export fertig. " + parts.join(" | "), "ok", true); + } catch (error) { + this.showMessage("Export fehlgeschlagen: " + error.message, "bad"); + } finally { + if (button) { + button.disabled = false; + button.classList.remove("is-busy"); + } + } + }; + + QaTool.prototype.exportTemplateYaml = async function () { + var template = this.collectTemplateFromDom(); + if (!template.module || !template.module_version || !template.pbx_version) { + this.showMessage("Bitte Modul, Modul-Version und PBX-Version angeben.", "bad"); + return; + } + + var yaml = dumpTemplateYaml(template); + var button = this.els.exportTemplateYaml; + + if (!config.gitlabWritesEnabled) { + download(yaml, runBaseName("qa-template", template) + ".yaml", "text/yaml"); + this.showMessage("GitLab-Schreiben ist deaktiviert. Template wurde lokal gespeichert.", "ok"); + this.renderSteps(); + return; + } + + try { + if (button) { + button.disabled = true; + button.classList.add("is-busy"); + } + this.showMessage("GitLab: Template wird geschrieben...", ""); + var data = await this.api("gitlab/template", { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ template: template, yaml: yaml }) + }); + this.showMessage("GitLab: Template gespeichert: " + (data.path || ""), "ok"); + } catch (error) { + this.showMessage("GitLab-Push fehlgeschlagen: " + error.message, "bad"); + } finally { + if (button) { + button.disabled = false; + button.classList.remove("is-busy"); + } + this.renderSteps(); + } + }; + + QaTool.prototype.postToDocbee = async function () { + var run = this.collectRun(); + if (!run || !this.checkRequired(run)) { + return; + } + + if (!config.docbeeEnabled || !config.docbeeConfigured) { + this.showMessage("DocBee ist im WordPress Backend nicht vollständig konfiguriert.", "bad"); + return; + } + + var button = this.els.pushDocbee; + try { + if (button) { + button.disabled = true; + button.classList.add("is-busy"); + } + this.showMessage("DocBee: sende Report...", ""); + var data = await this.api("docbee/message", { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ run: run }) + }); + + var suffix = data.url ? ' Oeffnen' : ""; + this.showMessage("DocBee: Report wurde gepostet." + suffix, "ok", true); + } catch (error) { + this.showMessage("DocBee-Request fehlgeschlagen: " + error.message, "bad"); + } finally { + if (button) { + button.disabled = false; + button.classList.remove("is-busy"); + } + } + }; + + QaTool.prototype.updateAutosave = function () { + var state = { + module: value(this.els.module), + moduleVersion: value(this.els.moduleVersion), + olmNummer: value(this.els.olmNummer), + pbxVersion: value(this.els.pbxVersion), + docbeeUrl: value(this.els.docbeeUrl) + }; + + try { + window.localStorage.setItem(this.storageKey, JSON.stringify(state)); + } catch (error) { + // Ignore private browsing quota errors. + } + }; + + QaTool.prototype.restoreAutosave = function () { + try { + var state = JSON.parse(window.localStorage.getItem(this.storageKey) || "{}"); + if (state.module && this.els.module) { + this.els.module.value = state.module; + } + if (state.moduleVersion && this.els.moduleVersion) { + this.els.moduleVersion.value = state.moduleVersion; + } + if (state.olmNummer && this.els.olmNummer) { + this.els.olmNummer.value = state.olmNummer; + } + if (state.pbxVersion && this.els.pbxVersion) { + this.els.pbxVersion.value = state.pbxVersion; + } + if (state.docbeeUrl && this.els.docbeeUrl) { + this.els.docbeeUrl.value = state.docbeeUrl; + } + } catch (error) { + // Ignore broken old autosave data. + } + }; + + QaTool.prototype.updateServiceBadges = function () { + if (config.gitlabEnabled) { + this.setTag(this.els.gitlabTplStatus, "GitLab: bereit", ""); + } else { + this.setTag(this.els.gitlabTplStatus, "GitLab: deaktiviert", "warn"); + } + + if (!config.docbeeEnabled) { + this.setTag(this.els.docbeeTokenStatus, "DocBee: deaktiviert", "warn"); + } else if (config.docbeeConfigured) { + this.setTag(this.els.docbeeTokenStatus, "DocBee: konfiguriert", "ok"); + } else { + this.setTag(this.els.docbeeTokenStatus, "DocBee: fehlt", "warn"); + } + }; + + QaTool.prototype.setTag = function (tag, text, state) { + if (!tag) { + return; + } + tag.textContent = text; + tag.classList.remove("is-ok", "is-warn", "is-bad"); + if (state) { + tag.classList.add("is-" + state); + } + }; + + QaTool.prototype.showMessage = function (message, state, allowHtml) { + if (!this.els.message) { + return; + } + this.els.message.classList.remove("is-ok", "is-bad"); + if (state) { + this.els.message.classList.add("is-" + state); + } + if (allowHtml) { + this.els.message.innerHTML = message; + } else { + this.els.message.textContent = message; + } + }; + + function bind(el, eventName, callback) { + if (el) { + el.addEventListener(eventName, callback); + } + } + + function value(el) { + return el ? String(el.value || "").trim() : ""; + } + + function valueOf(root, selector) { + return value(root.querySelector(selector)); + } + + function clone(valueToClone) { + return JSON.parse(JSON.stringify(valueToClone)); + } + + function parseTemplateText(text) { + var trimmed = String(text || "").trim(); + if (!trimmed) { + throw new Error("Datei ist leer."); + } + + if (window.jsyaml && typeof window.jsyaml.load === "function") { + try { + var yaml = window.jsyaml.load(trimmed); + if (yaml && typeof yaml === "object") { + return yaml; + } + } catch (error) { + // Try JSON and the small fallback parser below. + } + } + + if (trimmed.charAt(0) === "{" || trimmed.charAt(0) === "[") { + return JSON.parse(trimmed); + } + + try { + return JSON.parse(trimmed); + } catch (error) { + return parseSimpleYaml(trimmed); + } + } + + function normalizeTemplate(input, fallbackName) { + if (!input || !Array.isArray(input.steps)) { + throw new Error('Ungültige Vorlage: "steps" fehlt.'); + } + + return { + name: stringOr(input.name, fallbackName || "Template"), + module: stringOr(input.module, ""), + module_version: stringOr(input.module_version, ""), + olm_nummer: stringOr(input.olm_nummer || input.olm || input.olmNumber, ""), + pbx_version: stringOr(input.pbx_version, ""), + steps: input.steps.map(function (step, index) { + var kind = step.kind || step.type || "step"; + if (kind === "group") { + return { + kind: "group", + title: stringOr(step.title || step.name, "Gruppe " + (index + 1)), + collapsed: !!step.collapsed + }; + } + + return { + kind: "step", + id: stringOr(step.id, "step-" + String(index + 1).padStart(3, "0")), + title: stringOr(step.title, ""), + expected: stringOr(step.expected, ""), + required: toBool(step.required), + status: stringOr(step.status, ""), + comment: stringOr(step.comment, ""), + evidence: stringOr(step.evidence, "") + }; + }) + }; + } + + function parseSimpleYaml(text) { + var lines = String(text || "").replace(/\r\n?/g, "\n").split("\n"); + var out = {}; + var steps = null; + var current = null; + var index = 0; + + while (index < lines.length) { + var raw = lines[index]; + var trimmed = raw.trim(); + var indent = countIndent(raw); + + if (!trimmed || trimmed.charAt(0) === "#") { + index++; + continue; + } + + if (indent === 0) { + var top = splitKeyValue(trimmed); + if (!top) { + index++; + continue; + } + + if (top.key === "steps") { + steps = []; + out.steps = steps; + current = null; + index++; + continue; + } + + if (top.value === "|" || top.value === ">") { + var topBlock = readBlock(lines, index + 1, indent, top.value === ">"); + out[top.key] = topBlock.value; + index = topBlock.next; + continue; + } + + out[top.key] = parseScalar(top.value); + index++; + continue; + } + + if (steps && indent >= 2) { + if (trimmed.indexOf("- ") === 0) { + current = {}; + steps.push(current); + var rest = trimmed.slice(2).trim(); + if (rest) { + var inline = splitKeyValue(rest); + if (inline) { + current[inline.key] = parseScalar(inline.value); + } + } + index++; + continue; + } + + if (current) { + var pair = splitKeyValue(trimmed); + if (pair) { + if (pair.value === "|" || pair.value === ">") { + var block = readBlock(lines, index + 1, indent, pair.value === ">"); + current[pair.key] = block.value; + index = block.next; + continue; + } + current[pair.key] = parseScalar(pair.value); + } + } + } + + index++; + } + + return out; + } + + function countIndent(line) { + var match = String(line || "").match(/^ */); + return match ? match[0].length : 0; + } + + function splitKeyValue(text) { + var position = text.indexOf(":"); + if (position < 0) { + return null; + } + return { + key: text.slice(0, position).trim(), + value: text.slice(position + 1).trim() + }; + } + + function readBlock(lines, start, parentIndent, folded) { + var collected = []; + var index = start; + var minIndent = null; + + while (index < lines.length) { + var raw = lines[index]; + var trimmed = raw.trim(); + var indent = countIndent(raw); + if (trimmed && indent <= parentIndent) { + break; + } + if (!trimmed) { + collected.push(""); + index++; + continue; + } + if (minIndent === null || indent < minIndent) { + minIndent = indent; + } + collected.push(raw); + index++; + } + + minIndent = minIndent || 0; + var value = collected.map(function (line) { + return line ? line.slice(minIndent) : ""; + }).join("\n").trim(); + + if (folded) { + value = value.replace(/\n+/g, " "); + } + + return { value: value, next: index }; + } + + function parseScalar(value) { + value = String(value || "").trim(); + if (value === "") { + return ""; + } + if (value === "true") { + return true; + } + if (value === "false") { + return false; + } + if (value === "null" || value === "~") { + return ""; + } + if ((value.charAt(0) === '"' && value.charAt(value.length - 1) === '"') || (value.charAt(0) === "'" && value.charAt(value.length - 1) === "'")) { + value = value.slice(1, -1); + } + return value.replace(/\\"/g, '"').replace(/\\n/g, "\n"); + } + + function dumpTemplateYaml(template) { + if (window.jsyaml && typeof window.jsyaml.dump === "function") { + return window.jsyaml.dump(template, { lineWidth: 100 }); + } + + var lines = [ + 'name: "' + yamlString(template.name || "") + '"', + 'module: "' + yamlString(template.module || "") + '"', + 'module_version: "' + yamlString(template.module_version || "") + '"', + 'olm_nummer: "' + yamlString(template.olm_nummer || "") + '"', + 'pbx_version: "' + yamlString(template.pbx_version || "") + '"', + "steps:" + ]; + + (template.steps || []).forEach(function (step) { + if (step.type === "group") { + lines.push(' - type: "group"'); + lines.push(' title: "' + yamlString(step.title || "") + '"'); + return; + } + lines.push(' - type: "step"'); + lines.push(' id: "' + yamlString(step.id || "") + '"'); + lines.push(' title: "' + yamlString(step.title || "") + '"'); + lines.push(' expected: "' + yamlString(step.expected || "") + '"'); + lines.push(" required: " + (step.required ? "true" : "false")); + }); + + return lines.join("\n") + "\n"; + } + + function yamlString(valueToEscape) { + return String(valueToEscape || "").replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/\n/g, "\\n"); + } + + function toBool(valueToConvert) { + if (typeof valueToConvert === "boolean") { + return valueToConvert; + } + return ["1", "true", "yes", "ja"].indexOf(String(valueToConvert || "").toLowerCase()) !== -1; + } + + function stringOr(valueToConvert, fallback) { + if (valueToConvert === undefined || valueToConvert === null) { + return fallback; + } + return String(valueToConvert); + } + + function loadScript(url) { + return new Promise(function (resolve, reject) { + var script = document.createElement("script"); + script.src = url; + script.async = true; + script.onload = resolve; + script.onerror = reject; + document.head.appendChild(script); + }); + } + + function imageToDataUrl(src) { + return new Promise(function (resolve, reject) { + if (!src) { + reject(new Error("No image source.")); + return; + } + + var image = new Image(); + image.crossOrigin = "anonymous"; + image.onload = function () { + try { + var canvas = document.createElement("canvas"); + canvas.width = image.naturalWidth || image.width; + canvas.height = image.naturalHeight || image.height; + var context = canvas.getContext("2d"); + context.drawImage(image, 0, 0); + resolve(canvas.toDataURL("image/png")); + } catch (error) { + reject(error); + } + }; + image.onerror = reject; + image.src = src; + }); + } + + function replaceSymbols(valueToClean) { + return String(valueToClean === undefined || valueToClean === null ? "" : valueToClean) + .replace(/[\u2192\u21A6\u21E8\u27A1\u2794\u27F6\u27F7\u27F9\u279D\u279E\u279F\u27A0]/g, "->") + .replace(/[\u2190\u21A4\u21E6\u2B05\u27F5]/g, "<-") + .replace(/[\u2194\u21D4\u27F7\u27F8\u2B04]/g, "<->") + .replace(/[\u2013\u2014\u2011]/g, "-") + .replace(/\u2026/g, "...") + .replace(/\u00D7/g, "x"); + } + + function toPdfSafe(valueToClean) { + return String(valueToClean || "").replace(/[^\x09\x0A\x0D\x20-\x7E\u00A0-\u00FF]/g, "?"); + } + + function sanitizePdfText(valueToClean) { + return toPdfSafe(replaceSymbols(String(valueToClean === undefined || valueToClean === null ? "" : valueToClean) + .replace(/\u00A0/g, " ") + .replace(/[\u201C\u201D]/g, '"') + .replace(/[\u2018\u2019]/g, "'") + .replace(/\s+/g, " ") + .trim())); + } + + function download(content, filename, type) { + var blob = content instanceof Blob ? content : new Blob([content], { type: type }); + var url = URL.createObjectURL(blob); + var link = document.createElement("a"); + link.href = url; + link.download = filename; + document.body.appendChild(link); + link.click(); + link.remove(); + setTimeout(function () { + URL.revokeObjectURL(url); + }, 1500); + } + + function runBaseName(prefix, run) { + return [ + prefix, + safeName(run.module || "modul"), + safeName(run.module_version || "version"), + safeName(run.pbx_version || "pbx") + ].join("-"); + } + + function safeName(valueToClean) { + return String(valueToClean || "") + .trim() + .toLowerCase() + .replace(/\s+/g, "-") + .replace(/[^\w.-]/g, "") || "qa"; + } + + function mdCell(valueToEscape) { + return String(valueToEscape || "").replace(/\|/g, "\\|").replace(/\n/g, " "); + } + + function csvCell(valueToEscape) { + return '"' + String(valueToEscape === undefined || valueToEscape === null ? "" : valueToEscape).replace(/"/g, '""') + '"'; + } + + function countStatuses(steps) { + var counts = { total: 0, pass: 0, fail: 0, skip: 0, blocked: 0, missingRequired: 0 }; + (steps || []).forEach(function (step) { + if ((step.kind || step.type || "step") !== "step") { + return; + } + counts.total++; + if (Object.prototype.hasOwnProperty.call(counts, step.status)) { + counts[step.status]++; + } + if (step.required && !step.status) { + counts.missingRequired++; + } + }); + return counts; + } + + function escHtml(valueToEscape) { + return String(valueToEscape === undefined || valueToEscape === null ? "" : valueToEscape) + .replace(/&/g, "&") + .replace(//g, ">"); + } + + function escAttr(valueToEscape) { + return escHtml(valueToEscape).replace(/"/g, """); + } + +})(); diff --git a/obyte-qa-tool/obyte-qa-tool.php b/obyte-qa-tool/obyte-qa-tool.php new file mode 100644 index 0000000..acbe076 --- /dev/null +++ b/obyte-qa-tool/obyte-qa-tool.php @@ -0,0 +1,1566 @@ + 'read', + 'default_pbx_version' => '', + 'gitlab_enabled' => 1, + 'gitlab_base_url' => 'https://git.steinert.cc', + 'gitlab_project' => 'qa/templates', + 'gitlab_ref' => 'main', + 'gitlab_template_path' => 'templates', + 'gitlab_token' => '', + 'gitlab_per_page' => 100, + 'gitlab_allow_writes' => 1, + 'storage_enabled' => 1, + 'media_pdf_enabled' => 1, + 'docbee_enabled' => 1, + 'docbee_base_url' => 'https://obyte.docbee.com', + 'docbee_username' => '', + 'docbee_password' => '', + 'docbee_lifetime' => 1440, + 'docbee_refresh_lifetime' => 1, + 'docbee_message_internal' => 1, + 'docbee_message_hidden' => 0, + 'docbee_enable_fallback_note' => 0, + 'docbee_preserve_ticket_status' => 1, + ]; + } + + private function settings(): array + { + $stored = get_option(self::OPTION_NAME, []); + return wp_parse_args(is_array($stored) ? $stored : [], self::defaults()); + } + + private static function reports_table(): string + { + global $wpdb; + return $wpdb->prefix . 'obyte_qa_reports'; + } + + private static function steps_table(): string + { + global $wpdb; + return $wpdb->prefix . 'obyte_qa_steps'; + } + + private static function create_tables(): void + { + global $wpdb; + + require_once ABSPATH . 'wp-admin/includes/upgrade.php'; + + $charset_collate = $wpdb->get_charset_collate(); + $reports_table = self::reports_table(); + $steps_table = self::steps_table(); + + dbDelta(" + CREATE TABLE {$reports_table} ( + id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT, + created_at DATETIME NOT NULL, + user_id BIGINT UNSIGNED NULL, + module VARCHAR(255) NULL, + module_version VARCHAR(100) NULL, + pbx_version VARCHAR(100) NULL, + olm_nummer VARCHAR(100) NULL, + tester VARCHAR(255) NULL, + docbee_url TEXT NULL, + docbee_result_url TEXT NULL, + summary VARCHAR(255) NULL, + pdf_attachment_id BIGINT UNSIGNED NOT NULL DEFAULT 0, + pdf_url TEXT NULL, + run_json LONGTEXT NULL, + PRIMARY KEY (id), + KEY module (module(120)), + KEY created_at (created_at), + KEY user_id (user_id) + ) {$charset_collate}; + "); + + dbDelta(" + CREATE TABLE {$steps_table} ( + id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT, + report_id BIGINT UNSIGNED NOT NULL, + step_index INT UNSIGNED NOT NULL DEFAULT 0, + step_id VARCHAR(80) NULL, + title TEXT NULL, + expected TEXT NULL, + status VARCHAR(20) NOT NULL DEFAULT '', + required TINYINT(1) NOT NULL DEFAULT 0, + comment TEXT NULL, + evidence TEXT NULL, + group_title VARCHAR(255) NULL, + group_index INT NULL, + PRIMARY KEY (id), + KEY report_id (report_id), + KEY status (status) + ) {$charset_collate}; + "); + } + + public function register_assets(): void + { + wp_register_style( + 'obyte-qa-tool', + plugins_url('assets/css/qa-tool.css', __FILE__), + [], + self::VERSION + ); + + wp_register_script( + 'obyte-qa-tool-js-yaml', + 'https://cdn.jsdelivr.net/npm/js-yaml@4.1.0/dist/js-yaml.min.js', + [], + '4.1.0', + true + ); + + wp_register_script( + 'obyte-qa-tool', + plugins_url('assets/js/qa-tool.js', __FILE__), + ['obyte-qa-tool-js-yaml'], + self::VERSION, + true + ); + } + + private function enqueue_frontend_assets(string $root_id): void + { + $settings = $this->settings(); + $user = wp_get_current_user(); + + wp_enqueue_style('obyte-qa-tool'); + wp_enqueue_style('dashicons'); + wp_enqueue_script('obyte-qa-tool-js-yaml'); + wp_enqueue_script('obyte-qa-tool'); + wp_localize_script( + 'obyte-qa-tool', + 'ObyteQaTool', + [ + 'rootId' => $root_id, + 'restUrl' => esc_url_raw(rest_url(self::REST_NAMESPACE . '/')), + 'nonce' => wp_create_nonce('wp_rest'), + 'tester' => $this->tester_name($user), + 'defaultPbxVersion' => (string) $settings['default_pbx_version'], + 'gitlabEnabled' => !empty($settings['gitlab_enabled']), + 'gitlabWritesEnabled' => !empty($settings['gitlab_enabled']) && !empty($settings['gitlab_allow_writes']), + 'docbeeEnabled' => !empty($settings['docbee_enabled']), + 'docbeeConfigured' => $this->docbee_configured($settings), + 'storageEnabled' => !empty($settings['storage_enabled']), + 'mediaPdfEnabled' => !empty($settings['media_pdf_enabled']), + 'logoUrl' => esc_url_raw(plugins_url('assets/img/o-byte_Logo_2024_Dark.svg', __FILE__)), + 'printLogoUrl' => esc_url_raw(plugins_url('assets/img/o-byte_Logo_2024_Dark.svg', __FILE__)), + 'jsPdfUrls' => [ + 'https://cdn.jsdelivr.net/npm/jspdf@2.5.1/dist/jspdf.umd.min.js', + 'https://unpkg.com/jspdf@2.5.1/dist/jspdf.umd.min.js', + ], + 'autoTableUrls' => [ + 'https://cdn.jsdelivr.net/npm/jspdf-autotable@3.8.2/dist/jspdf.plugin.autotable.min.js', + 'https://unpkg.com/jspdf-autotable@3.8.2/dist/jspdf.plugin.autotable.min.js', + ], + ] + ); + } + + public function render_shortcode(array $atts = []): string + { + $settings = $this->settings(); + $capability = $this->required_capability($settings); + + if (!is_user_logged_in()) { + $login_url = wp_login_url(get_permalink()); + return '
' . + esc_html__('Bitte melde dich an, um das QA Tool zu nutzen.', 'obyte-qa-tool') . + ' ' . esc_html__('Zum Login', 'obyte-qa-tool') . '
'; + } + + if (!current_user_can($capability)) { + return '
' . + esc_html__('Dein WordPress Benutzer hat keine Berechtigung für das QA Tool.', 'obyte-qa-tool') . + '
'; + } + + $root_id = wp_unique_id('obyte-qa-tool-'); + $this->enqueue_frontend_assets($root_id); + + ob_start(); + ?> +
+
+
+

Qualitätssicherung

+

QA System

+
+ Keine Vorlage + 0 Steps + Bereit +
+
+
+ + + +
+
+ +
+
+
+

Setup

+

Template laden, Laufdaten setzen, Ticket verknüpfen.

+
+
+ GitLab: nicht geladen + DocBee: unbekannt +
+
+ +
+
+ +
+ + + +
+
+ +
+ + + + + + +
+
+
+ +
+
+
+

Testschritte

+

Status, Kommentar und Evidenz direkt am Schritt pflegen.

+
+
+ + +
+
+
+ + + + + + + + + + + + +
StepErwartungStatusKommentar / Evidenz
Keine Vorlage geladen.
+
+
+ +
+
+ + + + + + +
+
+
+
+ 'array', + 'sanitize_callback' => [$this, 'sanitize_settings'], + 'default' => self::defaults(), + ] + ); + } + + public function sanitize_settings($input): array + { + $input = is_array($input) ? $input : []; + $old = $this->settings(); + $out = self::defaults(); + + $out['required_capability'] = sanitize_text_field((string) ($input['required_capability'] ?? $old['required_capability'])); + $out['default_pbx_version'] = sanitize_text_field((string) ($input['default_pbx_version'] ?? '')); + $out['gitlab_enabled'] = empty($input['gitlab_enabled']) ? 0 : 1; + $out['gitlab_base_url'] = $this->base_url((string) ($input['gitlab_base_url'] ?? '')); + $out['gitlab_project'] = sanitize_text_field((string) ($input['gitlab_project'] ?? '')); + $out['gitlab_ref'] = sanitize_text_field((string) ($input['gitlab_ref'] ?? '')); + $out['gitlab_template_path'] = trim(sanitize_text_field((string) ($input['gitlab_template_path'] ?? '')), '/'); + $out['gitlab_per_page'] = min(100, max(1, absint($input['gitlab_per_page'] ?? 100))); + $out['gitlab_token'] = $this->sanitize_secret_field('gitlab_token', $input, $old, 'gitlab_token_clear'); + $out['gitlab_allow_writes'] = empty($input['gitlab_allow_writes']) ? 0 : 1; + + $out['storage_enabled'] = empty($input['storage_enabled']) ? 0 : 1; + $out['media_pdf_enabled'] = empty($input['media_pdf_enabled']) ? 0 : 1; + + $out['docbee_enabled'] = empty($input['docbee_enabled']) ? 0 : 1; + $out['docbee_base_url'] = $this->base_url((string) ($input['docbee_base_url'] ?? '')); + $out['docbee_username'] = sanitize_text_field((string) ($input['docbee_username'] ?? '')); + $out['docbee_password'] = $this->sanitize_secret_field('docbee_password', $input, $old, 'docbee_password_clear'); + $out['docbee_lifetime'] = min(10080, max(1, absint($input['docbee_lifetime'] ?? 1440))); + $out['docbee_refresh_lifetime'] = empty($input['docbee_refresh_lifetime']) ? 0 : 1; + $out['docbee_message_internal'] = empty($input['docbee_message_internal']) ? 0 : 1; + $out['docbee_message_hidden'] = empty($input['docbee_message_hidden']) ? 0 : 1; + $out['docbee_enable_fallback_note'] = empty($input['docbee_enable_fallback_note']) ? 0 : 1; + $out['docbee_preserve_ticket_status'] = empty($input['docbee_preserve_ticket_status']) ? 0 : 1; + + return $out; + } + + public function render_admin_page(): void + { + if (!current_user_can('manage_options')) { + return; + } + + $settings = $this->settings(); + $option = self::OPTION_NAME; + ?> +
+

o-Byte QA Tool

+

Shortcode: [obyte_qa_tool]

+ +
+ + +

Allgemein

+ + + + + + + + + + + +

GitLab Templates

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Speicherung in WordPress

+ + + + + + + + + + + +

DocBee

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ get_results("SELECT * FROM {$reports_table} ORDER BY created_at DESC LIMIT 100", ARRAY_A); + ?> +
+

o-Byte QA Reports

+

Die letzten 100 gespeicherten QA-Exports aus der WordPress Datenbank.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IDDatumModulVersionOLMTesterSummaryPDFDocBee
Noch keine QA Reports gespeichert.
+ + PDF + + - + + + + DocBee + + Ticket + + - + +
+
+ WP_REST_Server::READABLE, + 'callback' => [$this, 'rest_list_templates'], + 'permission_callback' => [$this, 'rest_can_use'], + ]); + + register_rest_route(self::REST_NAMESPACE, '/template', [ + 'methods' => WP_REST_Server::READABLE, + 'callback' => [$this, 'rest_get_template'], + 'permission_callback' => [$this, 'rest_can_use'], + 'args' => [ + 'path' => [ + 'type' => 'string', + 'required' => true, + ], + ], + ]); + + register_rest_route(self::REST_NAMESPACE, '/docbee/message', [ + 'methods' => WP_REST_Server::CREATABLE, + 'callback' => [$this, 'rest_post_docbee_message'], + 'permission_callback' => [$this, 'rest_can_use'], + ]); + + register_rest_route(self::REST_NAMESPACE, '/export', [ + 'methods' => WP_REST_Server::CREATABLE, + 'callback' => [$this, 'rest_export_run'], + 'permission_callback' => [$this, 'rest_can_use'], + ]); + + register_rest_route(self::REST_NAMESPACE, '/gitlab/template', [ + 'methods' => WP_REST_Server::CREATABLE, + 'callback' => [$this, 'rest_push_gitlab_template'], + 'permission_callback' => [$this, 'rest_can_use'], + ]); + + register_rest_route(self::REST_NAMESPACE, '/reports', [ + 'methods' => WP_REST_Server::READABLE, + 'callback' => [$this, 'rest_list_reports'], + 'permission_callback' => [$this, 'rest_can_use'], + ]); + } + + public function rest_can_use(): bool + { + $settings = $this->settings(); + return is_user_logged_in() && current_user_can($this->required_capability($settings)); + } + + public function rest_list_templates(WP_REST_Request $request) + { + $settings = $this->settings(); + if (empty($settings['gitlab_enabled'])) { + return new WP_Error('gitlab_disabled', 'GitLab templates are disabled.', ['status' => 403]); + } + + $base_url = $settings['gitlab_base_url']; + $project = $settings['gitlab_project']; + if (!$base_url || !$project) { + return new WP_Error('gitlab_missing_config', 'GitLab base URL or project is missing.', ['status' => 400]); + } + + $url = $base_url . '/api/v4/projects/' . rawurlencode($project) . '/repository/tree'; + $url = add_query_arg( + [ + 'path' => $settings['gitlab_template_path'], + 'ref' => $settings['gitlab_ref'], + 'per_page' => (int) $settings['gitlab_per_page'], + ], + $url + ); + + $response = wp_remote_get($url, [ + 'timeout' => 20, + 'headers' => $this->gitlab_headers($settings), + ]); + + $data = $this->remote_json($response, 'gitlab_tree_failed'); + if (is_wp_error($data)) { + return $data; + } + + $files = []; + foreach ($data as $item) { + if (!is_array($item)) { + continue; + } + $name = (string) ($item['name'] ?? ''); + $path = (string) ($item['path'] ?? ''); + $type = (string) ($item['type'] ?? ''); + if ($type === 'blob' && preg_match('/\.ya?ml$/i', $name)) { + $files[] = [ + 'name' => $name, + 'path' => $path, + ]; + } + } + + return rest_ensure_response(['templates' => $files]); + } + + public function rest_get_template(WP_REST_Request $request) + { + $settings = $this->settings(); + if (empty($settings['gitlab_enabled'])) { + return new WP_Error('gitlab_disabled', 'GitLab templates are disabled.', ['status' => 403]); + } + + $path = $this->clean_gitlab_path((string) $request->get_param('path')); + if (!$path) { + return new WP_Error('gitlab_bad_path', 'Template path is invalid.', ['status' => 400]); + } + + $url = $settings['gitlab_base_url'] . '/api/v4/projects/' . rawurlencode($settings['gitlab_project']) . + '/repository/files/' . rawurlencode($path) . '/raw'; + $url = add_query_arg(['ref' => $settings['gitlab_ref']], $url); + + $response = wp_remote_get($url, [ + 'timeout' => 20, + 'headers' => $this->gitlab_headers($settings), + ]); + + if (is_wp_error($response)) { + return new WP_Error('gitlab_raw_failed', $response->get_error_message(), ['status' => 502]); + } + + $code = (int) wp_remote_retrieve_response_code($response); + if ($code < 200 || $code >= 300) { + return new WP_Error('gitlab_raw_failed', 'GitLab returned HTTP ' . $code . '.', ['status' => $code ?: 502]); + } + + return rest_ensure_response([ + 'path' => $path, + 'content' => (string) wp_remote_retrieve_body($response), + ]); + } + + public function rest_post_docbee_message(WP_REST_Request $request) + { + $settings = $this->settings(); + $params = $request->get_json_params(); + $run = is_array($params) && isset($params['run']) && is_array($params['run']) ? $params['run'] : []; + if (empty($run['steps']) || !is_array($run['steps'])) { + return new WP_Error('docbee_bad_run', 'QA run payload is invalid.', ['status' => 400]); + } + + $posted = $this->docbee_post_run($run, $settings); + if (is_wp_error($posted)) { + return $posted; + } + + return rest_ensure_response($posted); + } + + public function rest_export_run(WP_REST_Request $request) + { + $settings = $this->settings(); + $run_raw = (string) ($request->get_param('run') ?? ''); + $run = json_decode($run_raw, true); + if (!is_array($run) || empty($run['steps']) || !is_array($run['steps'])) { + return new WP_Error('qa_bad_run', 'QA run payload is invalid.', ['status' => 400]); + } + + $docbee = null; + if (!empty($settings['docbee_enabled']) && $this->docbee_configured($settings) && $this->extract_ticket_id((string) ($run['docbee_url'] ?? ''))) { + $posted = $this->docbee_post_run($run, $settings); + if (is_wp_error($posted)) { + $docbee = [ + 'ok' => false, + 'message' => $posted->get_error_message(), + ]; + } else { + $docbee = $posted; + } + } + + $attachment_id = 0; + $pdf_url = ''; + $files = $request->get_file_params(); + if (!empty($settings['media_pdf_enabled']) && isset($files['pdf']) && is_array($files['pdf']) && (int) ($files['pdf']['error'] ?? UPLOAD_ERR_NO_FILE) === UPLOAD_ERR_OK) { + $uploaded = $this->store_pdf_attachment($files['pdf'], $run); + if (is_wp_error($uploaded)) { + return $uploaded; + } + $attachment_id = (int) $uploaded['attachment_id']; + $pdf_url = (string) $uploaded['url']; + } + + $report_id = 0; + $summary = $this->summary_text($run); + if (!empty($settings['storage_enabled'])) { + $stored = $this->store_report($run, $summary, $attachment_id, $pdf_url, $docbee); + if (is_wp_error($stored)) { + return $stored; + } + $report_id = (int) $stored; + } + + return rest_ensure_response([ + 'ok' => true, + 'report_id' => $report_id, + 'summary' => $summary, + 'pdf_attachment_id' => $attachment_id, + 'pdf_url' => $pdf_url, + 'docbee' => $docbee, + ]); + } + + public function rest_push_gitlab_template(WP_REST_Request $request) + { + $settings = $this->settings(); + if (empty($settings['gitlab_enabled']) || empty($settings['gitlab_allow_writes'])) { + return new WP_Error('gitlab_writes_disabled', 'GitLab template writes are disabled.', ['status' => 403]); + } + if (empty($settings['gitlab_token'])) { + return new WP_Error('gitlab_missing_token', 'GitLab token is missing.', ['status' => 400]); + } + + $params = $request->get_json_params(); + $template = is_array($params) && isset($params['template']) && is_array($params['template']) ? $params['template'] : []; + $yaml = is_array($params) ? (string) ($params['yaml'] ?? '') : ''; + if (empty($template['steps']) || !is_array($template['steps']) || $yaml === '') { + return new WP_Error('gitlab_bad_template', 'Template payload is invalid.', ['status' => 400]); + } + if (empty($template['module']) || empty($template['module_version']) || empty($template['pbx_version'])) { + return new WP_Error('gitlab_missing_template_meta', 'Module, module version, and PBX version are required for GitLab template export.', ['status' => 400]); + } + + $filename = $this->safe_filename((string) ($template['module'] ?? $template['name'] ?? 'qa-template')) . '.yaml'; + $template_path = trim((string) $settings['gitlab_template_path'], '/'); + $path = ($template_path !== '' ? $template_path . '/' : '') . $filename; + $file_url = $settings['gitlab_base_url'] . '/api/v4/projects/' . rawurlencode($settings['gitlab_project']) . + '/repository/files/' . rawurlencode($path); + + $check_url = add_query_arg(['ref' => $settings['gitlab_ref']], $file_url); + $check = wp_remote_get($check_url, [ + 'timeout' => 20, + 'headers' => $this->gitlab_headers($settings), + ]); + $exists = !is_wp_error($check) && (int) wp_remote_retrieve_response_code($check) >= 200 && (int) wp_remote_retrieve_response_code($check) < 300; + + $message = $exists + ? 'Update QA template for ' . sanitize_text_field((string) $template['module']) . ' ' . sanitize_text_field((string) $template['module_version']) + : 'Add QA template for ' . sanitize_text_field((string) $template['module']) . ' ' . sanitize_text_field((string) $template['module_version']); + + $response = wp_remote_request($file_url, [ + 'method' => $exists ? 'PUT' : 'POST', + 'timeout' => 20, + 'headers' => array_merge($this->gitlab_headers($settings), ['Content-Type' => 'application/json']), + 'body' => wp_json_encode([ + 'branch' => $settings['gitlab_ref'], + 'commit_message' => $message, + 'content' => base64_encode($yaml), + 'encoding' => 'base64', + ]), + ]); + + $data = $this->remote_json($response, 'gitlab_template_push_failed'); + if (is_wp_error($data)) { + return $data; + } + + return rest_ensure_response([ + 'ok' => true, + 'path' => $path, + 'created' => !$exists, + 'result' => $data, + ]); + } + + public function rest_list_reports(WP_REST_Request $request) + { + global $wpdb; + $reports_table = self::reports_table(); + $limit = min(100, max(1, (int) ($request->get_param('limit') ?: 20))); + $rows = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$reports_table} ORDER BY created_at DESC LIMIT %d", $limit), ARRAY_A); + + return rest_ensure_response([ + 'reports' => is_array($rows) ? $rows : [], + ]); + } + + private function tester_name(WP_User $user): string + { + if ($user->exists()) { + if ($user->display_name) { + return $user->display_name; + } + + return $user->user_login; + } + + return ''; + } + + private function required_capability(array $settings): string + { + $capability = trim((string) ($settings['required_capability'] ?? 'read')); + return $capability !== '' ? $capability : 'read'; + } + + private function docbee_configured(array $settings): bool + { + return !empty($settings['docbee_base_url']) + && !empty($settings['docbee_username']) + && !empty($settings['docbee_password']); + } + + private function docbee_post_run(array $run, array $settings) + { + if (empty($settings['docbee_enabled'])) { + return new WP_Error('docbee_disabled', 'DocBee posting is disabled.', ['status' => 403]); + } + + if (!$this->docbee_configured($settings)) { + return new WP_Error('docbee_missing_config', 'DocBee credentials are missing.', ['status' => 400]); + } + + $ticket_id = $this->extract_ticket_id((string) ($run['docbee_url'] ?? '')); + if (!$ticket_id) { + return new WP_Error('docbee_missing_ticket', 'No DocBee ticket ID found in the URL.', ['status' => 400]); + } + + $token = $this->docbee_token($settings); + if (is_wp_error($token)) { + return $token; + } + + $previous_status_id = null; + if (!empty($settings['docbee_preserve_ticket_status'])) { + $ticket = $this->docbee_get_json($settings['docbee_base_url'] . '/restApi/v1/ticket/' . rawurlencode($ticket_id) . '?fields=ticketStatus.id,ticketStatus.name,status.id,status.name', $token); + if (!is_wp_error($ticket)) { + $previous_status_id = $this->extract_docbee_status_id($ticket); + } + } + + $content = $this->format_docbee_message($run); + $subject = 'QA Report ' . $ticket_id; + if (!empty($run['module'])) { + $subject .= ' - ' . sanitize_text_field((string) $run['module']); + } + + $message_url = $settings['docbee_base_url'] . '/restApi/v1/ticket/' . rawurlencode($ticket_id) . '/message'; + $payload = [ + 'content' => $content, + 'subject' => $subject, + 'internal' => !empty($settings['docbee_message_internal']), + 'hidden' => !empty($settings['docbee_message_hidden']), + ]; + + $message_response = $this->docbee_post_json($message_url, $payload, $token); + if (!is_wp_error($message_response)) { + $restored = false; + if ($previous_status_id !== null) { + $restored = $this->docbee_restore_ticket_status($ticket_id, $previous_status_id, $settings, $token); + } + + return [ + 'ok' => true, + 'type' => 'message', + 'ticket_id' => $ticket_id, + 'status_restored' => $restored, + 'url' => $this->docbee_result_url($settings['docbee_base_url'], $message_response, 'message'), + ]; + } + + if (empty($settings['docbee_enable_fallback_note'])) { + return $message_response; + } + + $note_url = $settings['docbee_base_url'] . '/restApi/v1/note'; + $note_payload = [ + 'note' => [ + 'ticket' => ['id' => (int) $ticket_id], + 'subject' => $subject, + 'text' => $content, + 'internal' => false, + ], + ]; + + $note_response = $this->docbee_post_json($note_url, $note_payload, $token); + if (is_wp_error($note_response)) { + return $note_response; + } + + return [ + 'ok' => true, + 'type' => 'note', + 'ticket_id' => $ticket_id, + 'status_restored' => false, + 'url' => $this->docbee_result_url($settings['docbee_base_url'], $note_response, 'note'), + ]; + } + + private function store_report(array $run, string $summary, int $attachment_id, string $pdf_url, ?array $docbee) + { + global $wpdb; + + self::create_tables(); + + $reports_table = self::reports_table(); + $steps_table = self::steps_table(); + $docbee_result_url = is_array($docbee) && !empty($docbee['url']) ? (string) $docbee['url'] : ''; + + $inserted = $wpdb->insert( + $reports_table, + [ + 'created_at' => current_time('mysql'), + 'user_id' => get_current_user_id(), + 'module' => $this->plain($run['module'] ?? ''), + 'module_version' => $this->plain($run['module_version'] ?? ''), + 'pbx_version' => $this->plain($run['pbx_version'] ?? ''), + 'olm_nummer' => $this->plain($run['olm_nummer'] ?? ''), + 'tester' => $this->plain($run['tester'] ?? ''), + 'docbee_url' => esc_url_raw((string) ($run['docbee_url'] ?? '')), + 'docbee_result_url' => esc_url_raw($docbee_result_url), + 'summary' => $summary, + 'pdf_attachment_id' => $attachment_id, + 'pdf_url' => esc_url_raw($pdf_url), + 'run_json' => wp_json_encode($run), + ], + ['%s', '%d', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%d', '%s', '%s'] + ); + + if (!$inserted) { + return new WP_Error('qa_report_store_failed', $wpdb->last_error ?: 'Report could not be stored.', ['status' => 500]); + } + + $report_id = (int) $wpdb->insert_id; + $step_index = 0; + $group_index = -1; + $current_group = null; + + foreach ((array) ($run['steps'] ?? []) as $step) { + if (!is_array($step)) { + continue; + } + + $kind = (string) ($step['kind'] ?? $step['type'] ?? 'step'); + if ($kind === 'group') { + $current_group = $this->plain($step['title'] ?? ''); + $group_index++; + continue; + } + + $step_index++; + $wpdb->insert( + $steps_table, + [ + 'report_id' => $report_id, + 'step_index' => $step_index, + 'step_id' => $this->plain($step['id'] ?? ''), + 'title' => $this->plain($step['title'] ?? ''), + 'expected' => wp_strip_all_tags((string) ($step['expected'] ?? '')), + 'status' => $this->normalize_status((string) ($step['status'] ?? '')), + 'required' => empty($step['required']) ? 0 : 1, + 'comment' => wp_strip_all_tags((string) ($step['comment'] ?? '')), + 'evidence' => esc_url_raw((string) ($step['evidence'] ?? '')), + 'group_title' => $current_group, + 'group_index' => $group_index >= 0 ? $group_index : null, + ], + ['%d', '%d', '%s', '%s', '%s', '%s', '%d', '%s', '%s', '%s', '%d'] + ); + } + + return $report_id; + } + + private function store_pdf_attachment(array $file, array $run) + { + if (empty($file['tmp_name']) || !is_uploaded_file($file['tmp_name'])) { + return new WP_Error('qa_pdf_upload_failed', 'PDF upload is invalid.', ['status' => 400]); + } + + require_once ABSPATH . 'wp-admin/includes/file.php'; + require_once ABSPATH . 'wp-admin/includes/media.php'; + require_once ABSPATH . 'wp-admin/includes/image.php'; + + $filename = sprintf( + 'QA-%s-%s-%s-%s.pdf', + $this->safe_filename((string) ($run['module'] ?? 'mod')), + $this->safe_filename((string) ($run['module_version'] ?? 'v')), + $this->safe_filename((string) ($run['pbx_version'] ?? 'pbx')), + wp_date('Ymd_His') + ); + + $file_array = [ + 'name' => $filename, + 'type' => 'application/pdf', + 'tmp_name' => $file['tmp_name'], + 'error' => (int) ($file['error'] ?? 0), + 'size' => (int) ($file['size'] ?? 0), + ]; + + $upload = wp_handle_sideload($file_array, [ + 'test_form' => false, + 'mimes' => ['pdf' => 'application/pdf'], + ]); + + if (!empty($upload['error'])) { + return new WP_Error('qa_pdf_upload_failed', (string) $upload['error'], ['status' => 500]); + } + + $title = 'QA Report'; + if (!empty($run['module'])) { + $title .= ' - ' . $this->plain($run['module']); + } + + $attachment_id = wp_insert_attachment( + [ + 'post_mime_type' => 'application/pdf', + 'post_title' => $title, + 'post_content' => '', + 'post_status' => 'inherit', + ], + $upload['file'] + ); + + if (is_wp_error($attachment_id) || !$attachment_id) { + return new WP_Error('qa_pdf_attachment_failed', 'PDF could not be added to the Media Library.', ['status' => 500]); + } + + $metadata = wp_generate_attachment_metadata($attachment_id, $upload['file']); + if (is_array($metadata)) { + wp_update_attachment_metadata($attachment_id, $metadata); + } + + return [ + 'attachment_id' => (int) $attachment_id, + 'url' => wp_get_attachment_url($attachment_id) ?: '', + ]; + } + + private function summary_text(array $run): string + { + $counts = $this->status_counts((array) ($run['steps'] ?? [])); + return sprintf( + '%d/%d pass, %d fail, %d skip, %d blocked', + $counts['pass'], + $counts['total'], + $counts['fail'], + $counts['skip'], + $counts['blocked'] + ); + } + + private function status_counts(array $steps): array + { + $counts = ['total' => 0, 'pass' => 0, 'fail' => 0, 'skip' => 0, 'blocked' => 0, 'na' => 0]; + foreach ($steps as $step) { + if (!is_array($step)) { + continue; + } + + $kind = (string) ($step['kind'] ?? $step['type'] ?? 'step'); + if ($kind !== 'step') { + continue; + } + + $counts['total']++; + $status = $this->normalize_status((string) ($step['status'] ?? '')); + if (isset($counts[$status])) { + $counts[$status]++; + } + } + + return $counts; + } + + private function normalize_status(string $status): string + { + $status = strtolower(trim($status)); + $map = [ + 'ok' => 'pass', + 'passed' => 'pass', + 'success' => 'pass', + 'true' => 'pass', + 'yes' => 'pass', + 'ko' => 'fail', + 'failed' => 'fail', + 'error' => 'fail', + 'x' => 'fail', + 'skipped' => 'skip', + 'block' => 'blocked', + 'n/a' => 'na', + 'not applicable' => 'na', + ]; + + $status = $map[$status] ?? $status; + return in_array($status, ['pass', 'fail', 'skip', 'blocked', 'na', ''], true) ? $status : ''; + } + + private function safe_filename(string $value): string + { + $value = sanitize_title($value); + return $value !== '' ? $value : 'qa'; + } + + private function base_url(string $url): string + { + $url = esc_url_raw(trim($url)); + return untrailingslashit($url); + } + + private function sanitize_secret_field(string $field, array $input, array $old, string $clear_field): string + { + if (!empty($input[$clear_field])) { + return ''; + } + + if (!array_key_exists($field, $input) || (string) $input[$field] === '') { + return (string) ($old[$field] ?? ''); + } + + $value = (string) wp_unslash($input[$field]); + $value = preg_replace('/[\x00-\x1F\x7F]/', '', $value); + + return trim((string) $value); + } + + private function gitlab_headers(array $settings): array + { + $headers = ['Accept' => 'application/json']; + if (!empty($settings['gitlab_token'])) { + $headers['PRIVATE-TOKEN'] = (string) $settings['gitlab_token']; + } + + return $headers; + } + + private function remote_json($response, string $error_code) + { + if (is_wp_error($response)) { + return new WP_Error($error_code, $response->get_error_message(), ['status' => 502]); + } + + $code = (int) wp_remote_retrieve_response_code($response); + $body = (string) wp_remote_retrieve_body($response); + if ($code < 200 || $code >= 300) { + return new WP_Error($error_code, 'Remote service returned HTTP ' . $code . '.', ['status' => $code ?: 502]); + } + + $data = json_decode($body, true); + if (!is_array($data)) { + return new WP_Error($error_code, 'Remote service returned invalid JSON.', ['status' => 502]); + } + + return $data; + } + + private function clean_gitlab_path(string $path): string + { + $path = trim(wp_unslash($path)); + $path = str_replace('\\', '/', $path); + $path = ltrim($path, '/'); + if ($path === '' || strpos($path, '..') !== false) { + return ''; + } + + return $path; + } + + private function docbee_token(array $settings) + { + $payload = [ + 'username' => (string) $settings['docbee_username'], + 'password' => (string) $settings['docbee_password'], + 'lifeTime' => (int) $settings['docbee_lifetime'], + 'lifeTimeRefresh' => !empty($settings['docbee_refresh_lifetime']), + ]; + + $response = wp_remote_post($settings['docbee_base_url'] . '/restApi/login', [ + 'timeout' => 20, + 'headers' => [ + 'Content-Type' => 'application/json', + 'Accept' => 'application/json', + ], + 'body' => wp_json_encode($payload), + ]); + + $data = $this->remote_json($response, 'docbee_login_failed'); + if (is_wp_error($data)) { + return $data; + } + + $token = (string) ($data['access_token'] ?? ''); + if ($token === '') { + return new WP_Error('docbee_login_failed', 'DocBee did not return an access token.', ['status' => 502]); + } + + return $token; + } + + private function docbee_post_json(string $url, array $payload, string $token) + { + $response = wp_remote_post($url, [ + 'timeout' => 20, + 'headers' => [ + 'Authorization' => 'Bearer ' . $token, + 'Content-Type' => 'application/json', + 'Accept' => 'application/json', + ], + 'body' => wp_json_encode($payload), + ]); + + if (is_wp_error($response)) { + return new WP_Error('docbee_post_failed', $response->get_error_message(), ['status' => 502]); + } + + $code = (int) wp_remote_retrieve_response_code($response); + $body = (string) wp_remote_retrieve_body($response); + if ($code < 200 || $code >= 300) { + return new WP_Error('docbee_post_failed', 'DocBee returned HTTP ' . $code . '.', ['status' => $code ?: 502]); + } + + return $body; + } + + private function docbee_get_json(string $url, string $token) + { + $response = wp_remote_get($url, [ + 'timeout' => 20, + 'headers' => [ + 'Authorization' => 'Bearer ' . $token, + 'Accept' => 'application/json', + ], + ]); + + return $this->remote_json($response, 'docbee_get_failed'); + } + + private function docbee_put_json(string $url, array $payload, string $token) + { + $response = wp_remote_request($url, [ + 'method' => 'PUT', + 'timeout' => 20, + 'headers' => [ + 'Authorization' => 'Bearer ' . $token, + 'Content-Type' => 'application/json', + 'Accept' => 'application/json', + ], + 'body' => wp_json_encode($payload), + ]); + + if (is_wp_error($response)) { + return $response; + } + + $code = (int) wp_remote_retrieve_response_code($response); + if ($code < 200 || $code >= 300) { + return new WP_Error('docbee_put_failed', 'DocBee returned HTTP ' . $code . '.', ['status' => $code ?: 502]); + } + + return (string) wp_remote_retrieve_body($response); + } + + private function extract_docbee_status_id(array $ticket): ?int + { + $candidates = [ + $ticket['ticketStatus']['id'] ?? null, + $ticket['ticketStatus'] ?? null, + $ticket['status']['id'] ?? null, + $ticket['status'] ?? null, + ]; + + foreach ($candidates as $candidate) { + if (is_numeric($candidate)) { + return (int) $candidate; + } + } + + return null; + } + + private function docbee_restore_ticket_status(string $ticket_id, int $status_id, array $settings, string $token): bool + { + $url = $settings['docbee_base_url'] . '/restApi/v1/ticket/' . rawurlencode($ticket_id); + $tries = [ + ['ticketStatus' => $status_id], + ['ticketStatus' => ['id' => $status_id]], + ['status' => $status_id], + ['status' => ['id' => $status_id]], + ]; + + foreach ($tries as $payload) { + $result = $this->docbee_put_json($url, $payload, $token); + if (!is_wp_error($result)) { + return true; + } + } + + return false; + } + + private function extract_ticket_id(string $url): string + { + if (preg_match('/(?:\/ticket\/show\/|\/tickets\/|\/ticket\/)(\d+)/i', $url, $matches)) { + return $matches[1]; + } + + if (preg_match('/^\d+$/', trim($url))) { + return trim($url); + } + + return ''; + } + + private function format_docbee_message(array $run): string + { + $counts = $this->status_counts((array) ($run['steps'] ?? [])); + + $timestamp = !empty($run['ts']) ? strtotime((string) $run['ts']) : time(); + if (!$timestamp) { + $timestamp = time(); + } + $date = wp_date('d.m.Y H:i', $timestamp); + $lines = []; + $lines[] = 'QA REPORT'; + $lines[] = '========='; + $lines[] = 'Modul: ' . $this->plain($run['module'] ?? ''); + $lines[] = 'Modul-Version: ' . $this->plain($run['module_version'] ?? ''); + $lines[] = 'PBX-Version: ' . $this->plain($run['pbx_version'] ?? ''); + if (!empty($run['olm_nummer'])) { + $lines[] = 'OLM-Nummer: ' . $this->plain($run['olm_nummer']); + } + $lines[] = 'Tester: ' . $this->plain($run['tester'] ?? ''); + if (!empty($run['docbee_url'])) { + $lines[] = 'Ticket: ' . $this->plain($run['docbee_url']); + } + $lines[] = 'Datum: ' . $date; + $lines[] = ''; + $lines[] = sprintf('Uebersicht: PASS %d | FAIL %d | SKIP %d | BLOCK %d', $counts['pass'], $counts['fail'], $counts['skip'], $counts['blocked']); + $lines[] = ''; + $lines[] = '------------------------------------------------------------------------'; + $lines[] = 'Schritt Status Titel'; + $lines[] = '------------------------------------------------------------------------'; + + foreach ((array) ($run['steps'] ?? []) as $step) { + if (!is_array($step)) { + continue; + } + + $kind = (string) ($step['kind'] ?? $step['type'] ?? 'step'); + if ($kind === 'group') { + $lines[] = ''; + $lines[] = '## ' . $this->plain($step['title'] ?? ''); + $lines[] = ''; + continue; + } + + $status = strtoupper((string) ($step['status'] ?? '')); + $status = $status === 'BLOCKED' ? 'BLOCK' : $status; + $required = !empty($step['required']) ? ' [required]' : ''; + $lines[] = sprintf( + '%-12s %-7s %s%s', + $this->plain($step['id'] ?? ''), + $status, + $this->plain($step['title'] ?? ''), + $required + ); + if (!empty($step['comment'])) { + $lines[] = ' Kommentar: ' . $this->plain($step['comment']); + } + if (!empty($step['evidence'])) { + $lines[] = ' Evidenz: ' . $this->plain($step['evidence']); + } + } + + $lines[] = '------------------------------------------------------------------------'; + $lines[] = 'Legende: PASS, FAIL, SKIP, BLOCK'; + + return implode("\n", $lines); + } + + private function docbee_result_url(string $base_url, string $response_body, string $prefix): string + { + $data = json_decode($response_body, true); + if (!is_array($data)) { + return ''; + } + + if (!empty($data['link'])) { + $link = (string) $data['link']; + if (preg_match('/^https?:\/\//i', $link)) { + return esc_url_raw($link); + } + + return esc_url_raw(trailingslashit($base_url) . ltrim($link, '/')); + } + + if (!empty($data['id'])) { + return esc_url_raw(trailingslashit($base_url) . $prefix . '/' . rawurlencode((string) $data['id'])); + } + + return ''; + } + + private function plain($value): string + { + $value = wp_strip_all_tags((string) $value); + $value = preg_replace('/\s+/', ' ', $value); + + return trim((string) $value); + } +} + +register_activation_hook(__FILE__, ['Obyte_QA_Tool', 'activate']); +Obyte_QA_Tool::instance(); diff --git a/qa-tool/README.MD b/qa-tool/README.MD new file mode 100644 index 0000000..78bb64e --- /dev/null +++ b/qa-tool/README.MD @@ -0,0 +1,460 @@ +# o‑Byte QA – Testprotokoll‑Tool (Full README) + +**Stand:** 2025-09-04 +**Stack:** PHP 8.3 ( Apache ), JS (Vanilla), MariaDB, Docker & Compose, Portainer + +Dieses Repository enthält ein vollwertiges QA‑Tool mit Login (OIDC), GitLab‑Template‑Loader, DocBee‑Posting, PDF‑Erzeugung im Browser und persistenter Speicherung (DB + PDF‑Ablage). Diese README basiert ausschließlich auf dem mitgelieferten Projektstand. + +--- + +## Inhaltsverzeichnis + +1. [Überblick](#überblick) +2. [Architektur & Verzeichnisstruktur](#architektur--verzeichnisstruktur) +3. [Funktionen](#funktionen) +4. [UI‑Bedienung (Kurzüberblick)](#ui-bedienung-kurzüberblick) +5. [Datenmodell (DB)](#datenmodell-db) +6. [API‑Endpunkte](#api-endpunkte) +7. [Konfiguration per Umgebungsvariablen (.env)](#konfiguration-per-umgebungsvariablen-env) +8. [Lokale Entwicklung](#lokale-entwicklung) +9. [Deployment mit Docker Compose](#deployment-mit-docker-compose) +10. [Deployment mit Portainer (Stack)](#deployment-mit-portainer-stack) +11. [GitLab‑Vorlagen](#gitlab-vorlagen) +12. [DocBee‑Integration](#docbee-integration) +13. [PDF‑Export](#pdf-export) +14. [Troubleshooting](#troubleshooting) +15. [Sicherheitshinweise](#sicherheitshinweise) +16. [Lizenz / Nutzung](#lizenz--nutzung) + +--- + +## Überblick + +- **Ziel:** Manuelle QA‑Testläufe effizient vorbereiten, durchführen und revisionssicher exportieren. +- **Workflow:** Vorlage laden → Metadaten eintragen (inkl. **OLM‑Nummer**) → Schritte bearbeiten (Gruppen, Status, Evidenzen) → **Exportieren (DocBee, DB, PDF)**. +- **Login:** OpenID Connect (konfigurierbar), optional **bypassbar** über `AUTH_DISABLED=true` für lokale Tests. +- **Persistenz:** Reports (Metadaten & Steps) in MariaDB, PDFs serverseitig abgelegt. +- **Integrationen:** GitLab (YAML‑Vorlagen), DocBee (Login + Notiz‑Erzeugung via REST). + +--- + +## Architektur & Verzeichnisstruktur + +``` +o-byte-qa-tool/ +├─ compose/ +│ ├─ Dockerfile # PHP 8.3 + Apache, Composer +│ └─ docker-compose.yml # app, mariadb, schema-loader, phpmyadmin, fix-pdf-perms +└─ htdocs/ # Webroot + ├─ index.php # App-Entry, Token-Bootstrap für DocBee, UI + ├─ app.js # UI-Logik, Exporte, DocBee-Push, GitLab-Loader + ├─ style.css # Styles + ├─ api/ + │ ├─ export.php # Report+Steps in DB speichern, PDF entgegennehmen + │ ├─ echo.php # einfache Echo-Route (Debug) + │ └─ health.php # Health‑Check (DB/PDF‑Pfad) + ├─ config/config.php # ENV‑Konfiguration (OIDC, DocBee, DB, APP_BASE_URL, …) + ├─ login.php # OIDC‑Start + ├─ callback.php # OIDC‑Callback, Session‑Bootstrap + ├─ logout.php # Session reset (OLM beibehalten) + ├─ logo.png / logo_light.png + ├─ favicon.ico + ├─ vendor/ # Composer (z. B. jumbojett/openid-connect-php, phpseclib, …) + └─ oidc/ # phpseclib Assets (lokal eingebunden) +``` + +--- + +## Funktionen + +### Vorlagen & Schritte +- **Vorlagen laden**: YAML/JSON (lokal per Datei **oder** aus **GitLab**‑Repo/Pfad/Ref). +- **Gruppen**: Gruppenzeilen, ein-/ausklappbar; Schritte via Drag‑Handle verschiebbar (innerhalb und zwischen Gruppen). +- **Automatische Neu‑Nummerierung** der Steps bei Änderungen/Verschieben. +- **Pflichtschritte** (📌) werden geprüft – Export blockiert, wenn offen. +- **Gruppenstatus setzen** auf *pass/fail/skip/blocked*, inkl. **Warnung** bei Überschreiben bestehender Stati. +- **Kommentare & Evidenzen** (Freitext + URL). + +### Metadaten +- **Module**, **Modul‑Version**, **PBX‑Version**, **Tester** (aus Session), **DocBee‑Ticket‑URL**, **OLM‑Nummer** (`olm_nummer`). + +### Exporte +- **Exportieren (DocBee, DB, PDF)** per **einem** Button: + 1. DocBee‑Notiz erstellen (falls Token vorhanden) → Ticket‑URL ggf. aktualisiert. + 2. **PDF** im Browser generieren (jsPDF+AutoTable). + 3. **/api/export.php**: JSON (Run) + PDF (multipart) an Server → DB‑Speicherung + PDF‑Ablage. + 4. Server sendet `report_id` und `pdf_path` zurück. +- **Lauf speichern / laden** als JSON (Zwischenspeichern/Weiterarbeiten). +- **Template als YAML exportieren** (inkl. `olm_nummer`, Gruppen & Steps). + +> Hinweis: Dedizierte Buttons für CSV/MD/PDF wurden in dieser Version **konsolidiert** – CSV/MD‑Funktionen existieren noch im Code, UI‑seitig aber nicht exponiert. + +--- + +## UI‑Bedienung (Kurzüberblick) + +- **GitLab Vorlage**: Dropdown befüllen (`GitLab: …` Tag zeigt Status), Datei wählen → Vorlage wird geladen. +- **Metadaten**: Felder ausfüllen (**OLM‑Nummer** nicht vergessen). +- **Steps**: `+ Step` / `+ Gruppe`, per Griff `⋮⋮` ziehen, Status setzen, Kommentare/Evidenzen pflegen. +- **Exportieren (DocBee, DB, PDF)**: Startet kompletten Lauf‑Export. Ergebnisdialog zeigt Ticket/PDF‑Pfad/Report‑ID. + +--- + +## Datenmodell (DB) + +Beim Export werden folgende Tabellen (idempotent) angelegt/aktualisiert: + +**reports** +- `id` BIGINT (PK) +- `created_at` TIMESTAMP (Default `CURRENT_TIMESTAMP`) +- `module` VARCHAR(255) +- `module_version` VARCHAR(100) +- `pbx_version` VARCHAR(100) +- `olm_nummer` VARCHAR(100) +- `tester` VARCHAR(255) +- `docbee_url` TEXT +- `summary` VARCHAR(255)  → z. B. `12/15 pass, 2 fail, 1 skip` +- `pdf_path` TEXT + +**steps** +- `id` BIGINT (PK) +- `report_id` BIGINT (FK → reports.id, ON DELETE CASCADE) +- `step_index` INT +- `step_id` VARCHAR(50) +- `title` TEXT +- `expected` TEXT +- `status` ENUM('pass','fail','skip','na','') +- `comment` TEXT +- `evidence` TEXT +- `group_title` VARCHAR(255) +- `group_index` INT + +Der **schema‑loader** Service in `docker-compose.yml` erstellt die Tabellen automatisch beim ersten Start. + +--- + +## API‑Endpunkte + +- `GET /api/health.php` + - Prüft PDO / MariaDB‑Erreichbarkeit, Schreibrechte des PDF‑Ordners. +- `POST /api/export.php` (multipart/form-data) + - **Felder:** + - `run` – JSON mit Metadaten (`module`, `module_version`, `pbx_version`, `olm_nummer`, `tester`, `docbee_url`, `ts`, `steps`[…]) + - `pdf` – erzeugte PDF‑Datei (optional; Export läuft auch ohne PDF durch) + - **Antwort:** `{{"ok":true,"report_id":,"pdf_path":"…","summary":"…"}}` +- `POST /api/echo.php` + - Debug/Echo. + +--- + +## Konfiguration per Umgebungsvariablen (.env) + +Beispiel **.env** (für Compose/Portainer): + +```env +# App +APP_PORT=8009 +APP_BASE_URL=http://localhost:8009 +AUTH_DISABLED=false # true = Login-BYPASS (nur lokal verwenden) + +# OpenID Connect (Login) +OIDC_PROVIDER=https://auth.o-byte.com/realms/o-byte.com +OIDC_CLIENT=qa-tool +OIDC_SECRET= + +# MariaDB +DB_HOST=mariadb +DB_PORT=3306 +DB_NAME=qa_tool +DB_USER=qa +DB_PASS=change_me +DB_ROOT_PASS=change_me_root + +# Persistenz +PDF_STORAGE_DIR=/var/reports + +# DocBee +DOCBEE_BASEURL=https://obyte.docbee.com +DOCBEE_USER=OBYTE/service +DOCBEE_PASS= +DOCBEE_TIME=1440 # Minuten Token-Gültigkeit + +# GitLab Templates +GITLAB_HOST=https://git.steinert.cc +GITLAB_PROJECT_ID=qa/templates # oder numerische ID +GITLAB_REF=main +GITLAB_PATH=templates +GITLAB_TOKEN= # optional (PRIVATE-TOKEN) + +# Container-User (Dateirechte) +APP_UID=0 +APP_GID=0 + +# phpMyAdmin Port (optional) +PHPMYADMIN_PORT=8010 +``` + +> **Wichtig:** Keine Secrets in Repos commiten. Für Produktion Token/Passwörter über Portainer‑UI/Secrets setzen. + +--- + +## Lokale Entwicklung + +1. **Composer‑Abhängigkeiten** sind bereits im Repo (`vendor/`). Falls nötig: + ```bash + cd htdocs && composer install + ``` +2. **PHP‑Built‑in** (nur für schnellen Test, ohne DB/PDF‑Ablage): + ```bash + php -S 127.0.0.1:8009 -t htdocs + ``` +3. **Login‑Bypass** lokal aktivieren: + ```bash + export AUTH_DISABLED=true + ``` +4. Browser: `http://127.0.0.1:8009` + +--- + +## Deployment mit Docker Compose + +Im Ordner `compose/` befindet sich ein funktionsfähiges Setup mit: +- **app** (Apache+PHP 8.3), bind‑mountet `htdocs` und nutzt `PDF_STORAGE_DIR` Volume +- **mariadb** (11.x) +- **schema-loader** (initialisiert Tabellen) +- **phpmyadmin** (optional) +- **fix-pdf-perms** (setzt 0777 auf PDF‑Volume) + +**Starten:** +```bash +cd compose +cp ../.env .env # eigene Werte setzen +docker compose up -d +``` + +**Zugriff:** `http://:${APP_PORT:-8009}` +**phpMyAdmin:** `http://:${PHPMYADMIN_PORT:-8010}` + +--- + +## Deployment mit Portainer (Stack) + +1. **Stack → Add Stack** +2. **Environment Vars** nach obiger `.env` setzen (oder Datei hochladen). +3. **Compose** verwenden (aus `compose/docker-compose.yml`), z. B.: + +```yaml +version: "3.8" +services: + app: + image: thecodingmachine/php:8.3-v4-apache + user: "${APP_UID:-0}:${APP_GID:-0}" + ports: + - "${APP_PORT:-8009}:80" + environment: + PHP_EXTENSION_PDO_MYSQL: "1" + APP_BASE_URL: ${APP_BASE_URL} + AUTH_DISABLED: ${AUTH_DISABLED} + DB_HOST: ${DB_HOST} + DB_PORT: ${DB_PORT} + DB_NAME: ${DB_NAME} + DB_USER: ${DB_USER} + DB_PASS: ${DB_PASS} + PDF_STORAGE_DIR: ${PDF_STORAGE_DIR} + OIDC_PROVIDER: ${OIDC_PROVIDER} + OIDC_CLIENT: ${OIDC_CLIENT} + OIDC_SECRET: ${OIDC_SECRET} + DOCBEE_BASEURL: ${DOCBEE_BASEURL} + DOCBEE_USER: ${DOCBEE_USER} + DOCBEE_PASS: ${DOCBEE_PASS} + DOCBEE_TIME: ${DOCBEE_TIME} + GITLAB_HOST: ${GITLAB_HOST} + GITLAB_PROJECT_ID: ${GITLAB_PROJECT_ID} + GITLAB_REF: ${GITLAB_REF} + GITLAB_PATH: ${GITLAB_PATH} + GITLAB_TOKEN: ${GITLAB_TOKEN} + volumes: + - ${APP_HTDOCS_HOST:-/opt/qa-tool/htdocs}:/var/www/html + - pdf_storage:/var/reports + depends_on: + mariadb: + condition: service_healthy + fix-pdf-perms: + condition: service_completed_successfully + restart: unless-stopped + + mariadb: + image: mariadb:11 + environment: + MYSQL_DATABASE: ${DB_NAME} + MYSQL_USER: ${DB_USER} + MYSQL_PASSWORD: ${DB_PASS} + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + volumes: + - db_data:/var/lib/mysql + healthcheck: + test: ["CMD", "mariadb-admin", "ping", "-h", "127.0.0.1", "-p${DB_PASS}"] + interval: 10s + timeout: 5s + retries: 30 + start_period: 20s + restart: unless-stopped + + schema-loader: + image: mariadb:11 + depends_on: + mariadb: + condition: service_healthy + environment: + DB_HOST: ${DB_HOST} + DB_PORT: ${DB_PORT} + DB_NAME: ${DB_NAME} + DB_USER: ${DB_USER} + DB_PASS: ${DB_PASS} + command: > + sh -lc " + echo 'Waiting for DB…'; sleep 3; + mysql -h $DB_HOST -P $DB_PORT -u$DB_USER -p$DB_PASS $DB_NAME </dev/null || true + chown -R 0:0 /target 2>/dev/null || true + exit 0 + ' + restart: "no" + + phpmyadmin: + image: phpmyadmin:5 + ports: + - "${PHPMYADMIN_PORT:-8010}:80" + environment: + PMA_HOST: mariadb + PMA_USER: ${DB_USER} + PMA_PASSWORD: ${DB_PASS} + depends_on: + mariadb: + condition: service_healthy + restart: unless-stopped + +volumes: + db_data: + pdf_storage: +``` + +4. **Deploy Stack** → öffnen: `http://:${APP_PORT}`. + +--- + +## GitLab‑Vorlagen + +- Konfiguration via ENV (`GITLAB_HOST`, `GITLAB_PROJECT_ID`, `GITLAB_REF`, `GITLAB_PATH`, `GITLAB_TOKEN`). +- UI lädt per GitLab API die Liste der YAML‑Dateien aus `GITLAB_PATH` (nur `.yaml`/`.yml`). +- Parser akzeptiert **YAML** und **JSON** (Fallback). + +--- + +## DocBee‑Integration + +- Beim Laden von `index.php` wird via `DOCBEE_BASEURL/restApi/login` ein Token geholt und **clientseitig** als `window.DOCBEE_TOKEN` bereitgestellt. +- Exportablauf: + 1. **postToDocBee** erstellt eine Notiz im angegebenen **Ticket** (aus `DocBee Ticket‑URL`). + 2. Bei Erfolg wird die URL im Lauf aktualisiert. + 3. Danach erfolgt Server‑Export (DB + optional PDF). + +**Erforderliche ENV:** `DOCBEE_BASEURL`, `DOCBEE_USER`, `DOCBEE_PASS`, `DOCBEE_TIME` (Minuten). + +--- + +## PDF‑Export + +- Erzeugung **im Browser** via **jsPDF** + **AutoTable** (CDN‑Fallbacks vorhanden). +- **Logo** `logo_light.png` wird proportional (max 26×12 mm) **rechtsbündig** im Kopf platziert. +- Fallback: Falls Libraries fehlen, wird ein Text‑PDF erzeugt. +- Server speichert PDFs in `PDF_STORAGE_DIR` (Default `/var/reports`). + +--- + +## YAML‑Vorlage (Beispiel inkl. OLM) + +```yaml +name: "Modul XYZ – Basis‑Tests" +module: "Modul XYZ" +module_version: "1.2.3" +pbx_version: "8.1" +olm_nummer: "OLM-12345" +steps: + - type: "group" + title: "Telefonie Basis" + - type: "step" + id: "s1" + title: "Anruf initiieren" + expected: "Ruf wird erfolgreich aufgebaut" + required: true + - type: "step" + id: "s2" + title: "Rufumleitung" + expected: "Ruf wird korrekt umgeleitet" + required: false +``` + +--- + +## Troubleshooting + +- **Login‑Loop / 401:** OIDC‑Konfiguration prüfen (`OIDC_PROVIDER`, Redirect‑URL `/callback.php`). Lokal ggf. `AUTH_DISABLED=true`. +- **DocBee 401/403:** `DOCBEE_USER/DOCBEE_PASS/DOCBEE_BASEURL/DOCBEE_TIME` prüfen. +- **DB‑Fehler (PDO not loaded):** Image/Extension prüfen (`PHP_EXTENSION_PDO_MYSQL=1` gesetzt? Compose). +- **Keine Schreibrechte PDF:** Volume/`fix-pdf-perms` prüfen; `PDF_STORAGE_DIR` existiert/schreibbar? `/api/health.php` ansehen. +- **GitLab‑Liste leer:** Pfad/Ref/Token prüfen; nur `.yaml/.yml` werden angezeigt. +- **Export blockiert:** Pflichtschritte haben keinen Status (📌). + +--- + +## Sicherheitshinweise + +- **AUTH_DISABLED** ausschließlich in Dev/Stage verwenden. +- DocBee‑Token wird **clientseitig** verwendet – nur in internen Netzen nutzen oder alternative Server‑Proxy‑Variante vorsehen. +- Secrets per Portainer‑Secrets/ENV setzen, nicht im Repo. +- DB‑Backups/Retention für `reports`/`steps` einplanen; PDF‑Ablage regelmäßig bereinigen/archivieren. + +--- + +## Lizenz / Nutzung + +Interne Nutzung innerhalb o‑Byte / Kundenprojekten. Anpassungen willkommen. diff --git a/qa-tool/compose/.env.example b/qa-tool/compose/.env.example new file mode 100644 index 0000000..adbecaf --- /dev/null +++ b/qa-tool/compose/.env.example @@ -0,0 +1,45 @@ +# ====== QA-Tool .env (Beispiel) ====== +# Port-Mapping (Host:Container) +APP_PORT=8009 + +# Host-Pfad zu htdocs (Code); in PROD auf readonly Mount achten +APP_HTDOCS_HOST=/opt/qa-tool/htdocs + +# Basis-URL der App (ohne trailing slash) +APP_BASE_URL=http://192.168.1.112:8009 + +# Authentifizierung umgehen (nur lokal/test): true/false +AUTH_DISABLED=false + +# --- OpenID Connect --- +OIDC_PROVIDER=https://auth.o-byte.com/realms/o-byte.com +OIDC_CLIENT=qa-tool +OIDC_SECRET=PLEASE_SET_ME + +# --- DocBee --- +DOCBEE_BASEURL=https://obyte.docbee.com +DOCBEE_USER=OBYTE/service +DOCBEE_PASS=PLEASE_SET_ME +DOCBEE_TIME=1440 + +# --- GitLab (Templates) --- +GITLAB_HOST=https://git.steinert.cc +GITLAB_PROJECT_ID=qa/templates +GITLAB_REF=main +GITLAB_PATH=templates +# optional, leer lassen wenn Repo public ist +GITLAB_TOKEN= + + +# --- Database --- +DB_HOST=mariadb +DB_PORT=3306 +DB_NAME=qa_tool +DB_USER=qa +DB_PASS=PLEASE_SET_ME +DB_ROOT_PASS=PLEASE_SET_ME_ROOT + +# --- phpMyAdmin --- +PHPMYADMIN_PORT=8010 + + diff --git a/qa-tool/compose/Dockerfile b/qa-tool/compose/Dockerfile new file mode 100644 index 0000000..3ec8360 --- /dev/null +++ b/qa-tool/compose/Dockerfile @@ -0,0 +1,24 @@ +# Verwende das offizielle PHP-Image mit Apache und PHP 8.3 +FROM php:8.3-apache + +# Enable Apache modules +RUN a2enmod rewrite + +# Beispiel für Debian/Ubuntu-basierte Images +RUN apt-get update && apt-get install -y && apt install -y nano mc libssl-dev \ + zip \ + unzip \ + git && docker-php-ext-install mysqli + +# Installiere Composer +COPY --from=composer:latest /usr/bin/composer /usr/bin/composer + +# Setze das Arbeitsverzeichnis +WORKDIR /var/www/html + +# Installiere die benötigte Bibliothek (leeres Verzeichnis, um Abhängigkeiten zu verwalten) +RUN mkdir -p /var/www/html +#RUN composer require jumbojett/openid-connect-php + +# Exponiere Port 8009 +EXPOSE 8009 \ No newline at end of file diff --git a/qa-tool/compose/db/init/01_schema.sql b/qa-tool/compose/db/init/01_schema.sql new file mode 100644 index 0000000..0ca2586 --- /dev/null +++ b/qa-tool/compose/db/init/01_schema.sql @@ -0,0 +1,29 @@ + +-- qa-tool schema +CREATE TABLE IF NOT EXISTS reports ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + module VARCHAR(255), + module_version VARCHAR(100), + pbx_version VARCHAR(100), + olm_nummer VARCHAR(100), + tester VARCHAR(255), + docbee_url TEXT, + summary VARCHAR(255), + pdf_path TEXT +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE IF NOT EXISTS steps ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + report_id BIGINT NOT NULL, + step_index INT, + step_id VARCHAR(50), + title TEXT, + expected TEXT, + status ENUM('pass','fail','skip','na','') DEFAULT '', + comment TEXT, + evidence TEXT, + group_title VARCHAR(255), + group_index INT, + CONSTRAINT fk_steps_report FOREIGN KEY (report_id) REFERENCES reports(id) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; diff --git a/qa-tool/compose/docker-compose.yml b/qa-tool/compose/docker-compose.yml new file mode 100644 index 0000000..d045abe --- /dev/null +++ b/qa-tool/compose/docker-compose.yml @@ -0,0 +1,128 @@ +version: "3.8" + +services: + app: + image: thecodingmachine/php:8.3-v4-apache + user: "${APP_UID:-0}:${APP_GID:-0}" # root zum Stabilisieren; später gern 33:33 + ports: + - "${APP_PORT:-8009}:80" + environment: + PHP_EXTENSION_PDO_MYSQL: "1" + APP_BASE_URL: ${APP_BASE_URL:-http://localhost:8009} + AUTH_DISABLED: ${AUTH_DISABLED:-false} + + # DB + DB_HOST: ${DB_HOST:-mariadb} + DB_PORT: ${DB_PORT:-3306} + DB_NAME: ${DB_NAME:-qa_tool} + DB_USER: ${DB_USER:-qa} + DB_PASS: ${DB_PASS:-change_me} + + # STORAGE – außerhalb des Code-Mounts + PDF_STORAGE_DIR: ${PDF_STORAGE_DIR:-/var/reports} + volumes: + # CODE (Bind-Mount) – passe den Hostpfad an + - ${APP_HTDOCS_HOST:-/opt/qa-tool/htdocs}:/var/www/html + # STORAGE (Named Volume, **RW**!) + - pdf_storage:/var/reports + depends_on: + mariadb: + condition: service_healthy + fix-pdf-perms: + condition: service_completed_successfully + restart: unless-stopped + + mariadb: + image: mariadb:11 + environment: + MYSQL_DATABASE: ${DB_NAME:-qa_tool} + MYSQL_USER: ${DB_USER:-qa} + MYSQL_PASSWORD: ${DB_PASS:-change_me} + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS:-change_me_root} + volumes: + - db_data:/var/lib/mysql + restart: unless-stopped + healthcheck: + test: ["CMD", "mariadb-admin", "ping", "-h", "127.0.0.1", "-p${DB_PASS:-change_me}"] + interval: 10s + timeout: 5s + retries: 30 + start_period: 20s + + schema-loader: + image: mariadb:11 + depends_on: + mariadb: + condition: service_healthy + environment: + DB_HOST: ${DB_HOST:-mariadb} + DB_PORT: ${DB_PORT:-3306} + DB_NAME: ${DB_NAME:-qa_tool} + DB_USER: ${DB_USER:-qa} + DB_PASS: ${DB_PASS:-change_me} + command: + - bash + - -lc + - | + until mariadb-admin -h"$DB_HOST" -P"$DB_PORT" -u"$DB_USER" -p"$DB_PASS" ping --silent; do sleep 2; done + mariadb -h"$DB_HOST" -P"$DB_PORT" -u"$DB_USER" -p"$DB_PASS" "$DB_NAME" <<'SQL' + CREATE TABLE IF NOT EXISTS reports ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + module VARCHAR(255), + module_version VARCHAR(100), + pbx_version VARCHAR(100), + olm_nummer VARCHAR(100), + tester VARCHAR(255), + docbee_url TEXT, + summary VARCHAR(255), + pdf_path TEXT + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + CREATE TABLE IF NOT EXISTS steps ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + report_id BIGINT NOT NULL, + step_index INT, + step_id VARCHAR(50), + title TEXT, + expected TEXT, + status ENUM('pass','fail','skip','na','') DEFAULT '', + comment TEXT, + evidence TEXT, + group_title VARCHAR(255), + group_index INT, + CONSTRAINT fk_steps_report FOREIGN KEY (report_id) REFERENCES reports(id) ON DELETE CASCADE + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + SQL + restart: "no" + + # Rechte-Fix fürs Storage-Volume – nie failen, maximal permissiv + fix-pdf-perms: + image: busybox:1.36 + volumes: + - pdf_storage:/target + command: | + sh -lc ' + set +e + mkdir -p /target + chmod -R 0777 /target 2>/dev/null || true + chown -R 0:0 /target 2>/dev/null || true + exit 0 + ' + restart: "no" + + phpmyadmin: + image: phpmyadmin:5 + ports: + - "${PHPMYADMIN_PORT:-8010}:80" + environment: + PMA_HOST: mariadb + PMA_USER: ${DB_USER:-qa} + PMA_PASSWORD: ${DB_PASS:-change_me} + depends_on: + mariadb: + condition: service_healthy + restart: unless-stopped + +volumes: + db_data: + pdf_storage: diff --git a/qa-tool/htdocs/README.md b/qa-tool/htdocs/README.md new file mode 100644 index 0000000..0f5f084 --- /dev/null +++ b/qa-tool/htdocs/README.md @@ -0,0 +1,85 @@ +# o-Byte QA – Testprotokoll-Tool + +Ein leichtgewichtiges Web-Tool für manuelle QA-Tests, entwickelt für kleine Teams. +Das Tool läuft **lokal im Browser** und benötigt keinen Server, keine Logins und keine Datenbank. + +--- + +## Features + +- **Vorlagen laden** (YAML oder JSON) +- **Steps dynamisch hinzufügen / löschen** +- Pflichtschritte 📌 markieren (mit Check, ob alle required Steps bearbeitet wurden) +- **Metadaten erfassen:** Modul, Modul-Version, PBX-Version, Tester, DocBee-URL +- **Ergebnis eintragen:** pass ✅, fail ❌, skip ⏭️, blocked ⛔ +- **Evidenz-Links** hinterlegen (z. B. Screenshots, Tickets, Nextcloud-Dateien) +- **Exporte:** + - Markdown (`.md`) + - CSV (`.csv`) + - PDF (mit Logo, Farben, Emojis, klickbaren Links) + - YAML-Template (nur Vorlage ohne Testergebnisse) + - JSON (Lauf speichern und wieder laden) + - DocBee (Report als DocBee Nachricht posten) +--- + +## Installation & Nutzung + +1. Repository klonen oder ZIP entpacken: + ```bash + git clone + cd o-byte-qa-tool + ``` +2. Dateien liegen im Projektordner: + - `index.html` + - `style.css` + - `app.js` + - `logo.png` (für UI) + - `logo_light.png` (für PDF-Export) + - `favicon.ico` +3. Öffne `index.html` direkt im Browser (Doppelklick oder via `file://`). +4. Vorlage (`.yaml`) laden → Tests ausführen → Ergebnisse exportieren. + +--- + +## YAML-Vorlage (Beispiel) + +```yaml +name: "Modul XYZ – Basis-Tests" +module: "Modul XYZ" +module_version: "1.2.3" +pbx_version: "8.1" +steps: + - id: "s1" + title: "Anruf initiieren" + expected: "Ruf wird erfolgreich aufgebaut" + required: true + - id: "s2" + title: "Rufumleitung" + expected: "Ruf wird korrekt umgeleitet" + required: false +``` + +--- + +## Exportformate + +- **Markdown:** Übersicht für Doku oder Git-Repos +- **CSV:** Für Excel oder Datenanalyse +- **PDF:** Fertiges Protokoll (inkl. Logo, Farben, Emojis) +- **YAML:** Neue Testvorlage (nur Struktur, keine Ergebnisse) +- **JSON:** Gesamter Testlauf (inkl. Ergebnisse) → kann wieder eingelesen werden + +--- + +## Hinweise + +- Pflichtschritte sind mit 📌 markiert und müssen einen Status haben, sonst wird kein Export zugelassen. +- Evidenz-URLs können beliebige Links sein (http/https, Tickets, Dateien im Intranet). +- Alle Daten bleiben **lokal** im Browser; es gibt keinen Server und keine externe Speicherung. +- Getestet mit **Chrome** und **Edge**. Andere Browser funktionieren meist, sind aber nicht primär getestet. + +--- + +## Lizenz + +Interne Nutzung. Erweiterungen und Anpassungen nach Bedarf. diff --git a/qa-tool/htdocs/api/echo.php b/qa-tool/htdocs/api/echo.php new file mode 100644 index 0000000..7dc1d86 --- /dev/null +++ b/qa-tool/htdocs/api/echo.php @@ -0,0 +1,9 @@ +true, + 'method'=>$_SERVER['REQUEST_METHOD'] ?? null, + 'post'=>$_POST, + 'files'=>array_map(fn($f)=>['name'=>$f['name']??null,'size'=>$f['size']??null,'type'=>$f['type']??null,'error'=>$f['error']??null], $_FILES ?? []) +]); diff --git a/qa-tool/htdocs/api/export.php b/qa-tool/htdocs/api/export.php new file mode 100644 index 0000000..62156e2 --- /dev/null +++ b/qa-tool/htdocs/api/export.php @@ -0,0 +1,162 @@ +false, 'error'=>'Method not allowed']); + exit; + } + + if (!isset($_POST['run'])) { + http_response_code(400); + echo json_encode(['ok'=>false, 'error'=>'Missing run']); + exit; + } + + // Eingabe parsen + $run = json_decode($_POST['run'], true, 512, JSON_THROW_ON_ERROR); + + // Optional: PDF speichern + $savedPdf = null; + if (isset($_FILES['pdf']) && $_FILES['pdf']['error'] === UPLOAD_ERR_OK) { + $ext = '.pdf'; + $fname = sprintf( + 'QA-%s-%s-%s-%s%s', + preg_replace('~[^a-zA-Z0-9_-]+~','_', $run['module'] ?? 'mod'), + preg_replace('~[^a-zA-Z0-9_-]+~','_', $run['module_version'] ?? 'v'), + preg_replace('~[^a-zA-Z0-9_-]+~','_', $run['pbx_version'] ?? 'pbx'), + date('Ymd_His'), + $ext + ); + $destDir = rtrim($pdf_storage_dir ?? (__DIR__ . '/../storage/reports'), '/'); + if (!is_dir($destDir)) { @mkdir($destDir, 0775, true); } + $dest = $destDir . '/' . $fname; + if (!@move_uploaded_file($_FILES['pdf']['tmp_name'], $dest)) { + $savedPdf = null; // PDF optional; DB-Export läuft trotzdem weiter + } + $savedPdf = $dest; + } + + // DB verbinden + $dsn = "mysql:host={$db_host};port={$db_port};dbname={$db_name};charset=utf8mb4"; + $pdo = new PDO($dsn, $db_user, $db_pass, [ + PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC + ]); + + // Schema sicherstellen (idempotent) + $pdo->exec(" + CREATE TABLE IF NOT EXISTS reports ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + module VARCHAR(255), + module_version VARCHAR(100), + pbx_version VARCHAR(100), + olm_nummer VARCHAR(100), + tester VARCHAR(255), + docbee_url TEXT, + summary VARCHAR(255), + pdf_path TEXT + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + CREATE TABLE IF NOT EXISTS steps ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + report_id BIGINT NOT NULL, + step_index INT, + step_id VARCHAR(50), + title TEXT, + expected TEXT, + status ENUM('pass','fail','skip','na','') DEFAULT '', + comment TEXT, + evidence TEXT, + group_title VARCHAR(255), + group_index INT, + CONSTRAINT fk_steps_report FOREIGN KEY (report_id) REFERENCES reports(id) ON DELETE CASCADE + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + "); + + // Summary berechnen + $total=0;$pass=0;$fail=0;$skip=0; + foreach (($run['steps'] ?? []) as $s) { + if (($s['kind'] ?? 'step') === 'step') { + $total++; + $st = $s['status'] ?? ''; + if ($st==='pass') $pass++; + elseif ($st==='fail') $fail++; + elseif ($st==='skip') $skip++; + } + } + $summary = sprintf('%d/%d pass, %d fail, %d skip', $pass, $total, $fail, $skip); + + // Report speichern + $stmt = $pdo->prepare("INSERT INTO reports + (module, module_version, pbx_version, olm_nummer, tester, docbee_url, summary, pdf_path) + VALUES (:module, :module_version, :pbx_version, :olm_nummer, :tester, :docbee_url, :summary, :pdf_path)"); + $stmt->execute([ + ':module' => $run['module'] ?? null, + ':module_version' => $run['module_version'] ?? null, + ':pbx_version' => $run['pbx_version'] ?? null, + ':olm_nummer' => $run['olm_nummer'] ?? null, + ':tester' => $run['tester'] ?? null, + ':docbee_url' => $run['docbee_url'] ?? null, + ':summary' => $summary, + ':pdf_path' => $savedPdf + ]); + $reportId = (int)$pdo->lastInsertId(); + + // Steps speichern + $idx = 0; $gidx = -1; $currentGroup = null; + $ins = $pdo->prepare("INSERT INTO steps + (report_id, step_index, step_id, title, expected, status, comment, evidence, group_title, group_index) + VALUES (:report_id,:step_index,:step_id,:title,:expected,:status,:comment,:evidence,:group_title,:group_index)"); + foreach (($run['steps'] ?? []) as $s) { + if (($s['kind'] ?? 'step') === 'group') { + $currentGroup = $s['title'] ?? null; + $gidx++; + continue; + } + $idx++; + // status normalisieren → ENUM-kompatibel + $rawStatus = strtolower(trim((string)($s['status'] ?? ''))); + $map = [ + 'ok'=>'pass','passed'=>'pass','success'=>'pass','true'=>'pass','yes'=>'pass','✔'=>'pass','✓'=>'pass', + 'ko'=>'fail','failed'=>'fail','error'=>'fail','✗'=>'fail','x'=>'fail', + 'skipped'=>'skip', + 'n/a'=>'na','not applicable'=>'na', + 'block'=>'blocked','blocked'=>'blocked','⛔'=>'blocked' + ]; +$st = $map[$rawStatus] ?? (in_array($rawStatus, ['pass','fail','skip','na','blocked',''], true) ? $rawStatus : ''); +// und beim Insert: +// ':status' => $st, + + $st = $map[$rawStatus] ?? (in_array($rawStatus, ['pass','fail','skip','na',''], true) ? $rawStatus : ''); + try { + $ins->execute([ + ':report_id' => $reportId, + ':step_index' => $idx, + ':step_id' => $s['id'] ?? null, + ':title' => $s['title'] ?? null, + ':expected' => $s['expected'] ?? null, + ':status' => $st, + ':comment' => $s['comment'] ?? null, + ':evidence' => $s['evidence'] ?? null, + ':group_title' => $currentGroup, + ':group_index' => $gidx >= 0 ? $gidx : null, + ]); + } catch (PDOException $e) { + if ($e->getCode() !== '01000') { throw $e; } // ENUM-Truncation-Warning ignorieren + } + } + + echo json_encode(['ok'=>true, 'report_id'=>$reportId, 'pdf_path'=>$savedPdf, 'summary'=>$summary]); +} catch (Throwable $e) { + http_response_code(500); + echo json_encode(['ok'=>false, 'error'=>$e->getMessage()]); +} + diff --git a/qa-tool/htdocs/api/health.php b/qa-tool/htdocs/api/health.php new file mode 100644 index 0000000..368db89 --- /dev/null +++ b/qa-tool/htdocs/api/health.php @@ -0,0 +1,29 @@ +true, 'checks'=>[]]; + +try { + require_once __DIR__ . '/../config/config.php'; + $status['checks']['php'] = ['pdo'=>extension_loaded('pdo'), 'pdo_mysql'=>extension_loaded('pdo_mysql')]; + + // DB-Ping + $dsn = "mysql:host={$db_host};port={$db_port};dbname={$db_name};charset=utf8mb4"; + $pdo = new PDO($dsn, $db_user, $db_pass, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION]); + $pdo->query('SELECT 1'); + $status['checks']['db'] = 'ok'; + + // Schreibtest PDF-Pfad (ohne Datei anzulegen) + $dir = rtrim($pdf_storage_dir ?? (__DIR__.'/../storage/reports'), '/'); + $status['checks']['pdf_dir'] = ['path'=>$dir, 'exists'=>is_dir($dir), 'writable'=>is_writable($dir)]; + $probe = @file_put_contents($dir.'/.__probe__.tmp', 'x'); + if ($probe !== false) { @unlink($dir.'/.__probe__.tmp'); } + $status['checks']['pdf_dir']['probe_write'] = ($probe !== false); + +} catch (Throwable $e) { + $status['ok'] = false; + $status['error'] = $e->getMessage(); +} + +echo json_encode($status); diff --git a/qa-tool/htdocs/app.js b/qa-tool/htdocs/app.js new file mode 100644 index 0000000..3d7a072 --- /dev/null +++ b/qa-tool/htdocs/app.js @@ -0,0 +1,1817 @@ +// ===================== QA App – komplette app.js ===================== + +// === DocBee: Token HIER eintragen === +const DOCBEE_TOKEN = window.DOCBEE_TOKEN || ""; // DocBee Token eintragen" +const ENABLE_FALLBACK_NOTE = false; // auf true setzen, falls bei Fehler automatisch Notiz angelegt werden soll + +window.addEventListener('error', e => { + try { + console.error(e.error || e.message || e); + } catch (_) {} + alert('JS-Fehler: ' + (e.message || e)); +}); + +// === Keyboard Shortcuts === +window.addEventListener('keydown', e => { + // Alt + S to add a new step + if (e.altKey && e.key.toLowerCase() === 's' && els.btnAddStep) { + e.preventDefault(); + els.btnAddStep.click(); + } +}); + + +// === DOM-Refs === +const els = { + yamlFile: document.getElementById('yamlFile'), + stepsTableBody: document.querySelector('#stepsTable tbody'), + tplName: document.getElementById('tplName'), + statusTag: document.getElementById('statusTag'), + module: document.getElementById('module'), + moduleVersion: document.getElementById('moduleVersion'), + pbxVersion: document.getElementById('pbxVersion'), + tester: document.getElementById('tester'), + olmNummer: document.getElementById('olmNummer'), + docbeeUrl: document.getElementById('docbeeUrl'), + btnAddStep: document.getElementById('btnAddStep'), + btnSaveJSON: document.getElementById('btnSaveJSON'), + loadJSON: document.getElementById('loadJSON'), + btnAddGroup: document.getElementById('btnAddGroup'), + btnExportTemplateYAML: document.getElementById('btnExportTemplateYAML'), + btnExportAll: document.getElementById('btnExportAll'), + gitlabTplSelect: document.getElementById('gitlabTplSelect'), + gitlabTplStatus: document.getElementById('gitlabTplStatus'), + docbeeTokenStatus: document.getElementById('docbeeTokenStatus'), + btnGitlabReload: document.getElementById('btnGitlabReload'), +}; +// === Drag Guard + Observer: Nur Drag über expliziten Griff zulassen === +function enforceDragHandleOnly() { + if (!els.stepsTableBody) return; + els.stepsTableBody.querySelectorAll('tr[draggable="true"]').forEach(tr => tr.setAttribute('draggable', 'false')); + els.stepsTableBody.querySelectorAll('.drag-handle').forEach(h => h.setAttribute('draggable', 'true')); +} +document.addEventListener('DOMContentLoaded', () => { + if (els.stepsTableBody) { + const mo = new MutationObserver(() => enforceDragHandleOnly()); + mo.observe(els.stepsTableBody, { + childList: true, + subtree: true + }); + enforceDragHandleOnly(); + } +}); +document.addEventListener('dragstart', (e) => { + if (!e.target.closest('.drag-handle')) { + e.preventDefault(); + } +}, { + capture: true +}); + + +let template = null; // {name,module,module_version,pbx_version,steps:[...]} + + +// === GitLab: Projektquelle für Templates === +const GITLAB = { + host: (window.GITLAB && window.GITLAB.host) || "https://git.steinert.cc", + projectId: (window.GITLAB && window.GITLAB.projectId) || "qa/templates", + ref: (window.GITLAB && window.GITLAB.ref) || "main", + path: (window.GITLAB && window.GITLAB.path) || "templates", + token: (window.GITLAB && window.GITLAB.token) || "" +}; + +function glHeaders() { + const h = { + "Accept": "application/json" + }; + if (GITLAB.token && GITLAB.token.trim()) h["PRIVATE-TOKEN"] = GITLAB.token.trim(); + return h; +} +// Listet .yml/.yaml im Repo-Pfad +async function listGitlabTemplates() { + const url = `${GITLAB.host}/api/v4/projects/${encodeURIComponent(GITLAB.projectId)}/repository/tree?path=${encodeURIComponent(GITLAB.path)}&ref=${encodeURIComponent(GITLAB.ref)}&per_page=100`; + const r = await fetch(url, { + headers: glHeaders() + }); + if (!r.ok) throw new Error(`GitLab Tree ${r.status}`); + const items = await r.json(); + return items.filter(it => it.type === "blob" && /\.ya?ml$/i.test(it.name)).map(it => ({ + name: it.name, + path: it.path + })); +} +// Holt RAW-Inhalt einer Datei +async function fetchGitlabFileRaw(filePath) { + const url = `${GITLAB.host}/api/v4/projects/${encodeURIComponent(GITLAB.projectId)}/repository/files/${encodeURIComponent(filePath)}/raw?ref=${encodeURIComponent(GITLAB.ref)}`; + const r = await fetch(url, { + headers: glHeaders(), + cache: "no-store" + }); + if (!r.ok) throw new Error(`GitLab Raw ${r.status}`); + return await r.text(); +} +// Dropdown füllen +async function populateGitlabDropdown() { + const sel = els.gitlabTplSelect, + tag = els.gitlabTplStatus; + if (!sel) return; + sel.innerHTML = ``; + try { + tag && (tag.textContent = "GitLab: lade Liste…"); + const files = await listGitlabTemplates(); + files.forEach(f => { + const opt = document.createElement('option'); + opt.value = f.path; + opt.textContent = f.name; + sel.appendChild(opt); + }); + tag && (tag.textContent = files.length ? `GitLab: ${files.length} Vorlage(n)` : "GitLab: keine YAMLs gefunden"); + } catch (e) { + tag && (tag.textContent = "GitLab: Fehler"); + console.error("[GitLab] list failed:", e); + alert("GitLab-Liste konnte nicht geladen werden: " + e.message); + } +} +// === Utils === +const hasToken = () => typeof DOCBEE_TOKEN === 'string' && DOCBEE_TOKEN.trim().length > 0; +const escHTML = (s) => String(s ?? '').replaceAll('&', '&').replaceAll('<', '<').replaceAll('>', '>'); +const escAttr = (s) => String(s ?? '').replaceAll('"', '"'); +const safeName = (s) => String(s || '').replace(/\s+/g, '-').toLowerCase().replace(/[^\w.-]/g, ''); +const linkify = (s) => /^https?:\/\//i.test(String(s || '')) ? `${escHTML(s)}` : escHTML(s); + +// --- Utils: Logo laden + Text normalisieren --- +// ========= Text & Symbol Normalization (PDF-safe) ========= +// Map many Unicode arrows/dashes to ASCII; avoids font issues in jsPDF +function replaceSymbols(s) { + return String(s) + // right arrows (→ ⇒ ⟶ ➔ ➜ …) → "->" + .replace(/[\u2192\u21A6\u21E8\u27A1\u2794\u27F6\u27F7\u27F9\u279D\u279E\u279F\u27A0]/g, '->') + // left arrows (← ⇐ ⟵ …) → "<-" + .replace(/[\u2190\u21A4\u21E6\u2B05\u27F5]/g, '<-') + // both directions (↔ ⇔ ⟷ …) → "<->" + .replace(/[\u2194\u21D4\u27F7\u27F8\u2B04]/g, '<->') + // normalize dashes + .replace(/[–—‑]/g, '-') + // ellipsis/multiply + .replace(/…/g, '...') + .replace(/×/g, 'x'); +} + +// Restrict to ASCII + Latin-1 (tabs/newlines allowed); replace others with '?' +function toPdfSafe(s) { + return String(s).replace(/[^\x09\x0A\x0D\x20-\x7E\u00A0-\u00FF]/g, '?'); +} + +async function imgToDataURL(src) { + return new Promise((resolve, reject) => { + const img = new Image(); + img.crossOrigin = 'anonymous'; + img.onload = () => { + const c = document.createElement('canvas'); + c.width = img.naturalWidth; + c.height = img.naturalHeight; + const ctx = c.getContext('2d'); + ctx.drawImage(img, 0, 0); + resolve(c.toDataURL('image/png')); + }; + img.onerror = reject; + img.src = src; + }); +} + +function sanitizeText(s) { + // Inline text normalization for labels/titles/comments + const out = String(s ?? '') + .replace(/\u00A0/g, ' ') // NBSP -> space + .replace(/[“”]/g, '"') // smart quotes -> ASCII + .replace(/[’‘]/g, "'") + .replace(/\s+/g, ' ') + .trim(); + // Map arrows/dashes and limit to PDF-safe charset + return toPdfSafe(replaceSymbols(out)); +} + +// ===== Funktion: download ===== +// Hilfsfunktion: Client-seitiges Herunterladen als Datei. +function download(content, filename, type) { + const blob = new Blob([content], { + type + }); + const url = URL.createObjectURL(blob); + const a = document.createElement('a'); + a.href = url; + a.download = filename; + a.click(); + setTimeout(() => URL.revokeObjectURL(url), 1500); +} + +// === Autosave der Meta-Felder === +// ===== Funktion: updateAutosave ===== +function updateAutosave() { + const st = { + module: els.module?.value || '', + moduleVersion: els.moduleVersion?.value || '', + pbxVersion: els.pbxVersion?.value || '', + tester: els.tester?.value || '', + docbeeUrl: els.docbeeUrl?.value || '', + }; + try { + localStorage.setItem('qaLiteState', JSON.stringify(st)); + } catch {} +} +window.addEventListener('load', () => { + try { + const st = JSON.parse(localStorage.getItem('qaLiteState') || '{}'); + if (st.module) els.module.value = st.module; + if (st.moduleVersion) els.moduleVersion.value = st.moduleVersion; + if (st.pbxVersion) els.pbxVersion.value = st.pbxVersion; + if (st.tester) els.tester.value = st.tester; + if (st.docbeeUrl) els.docbeeUrl.value = st.docbeeUrl; + } catch {} + // NEU: Token-Badge initial bewerten + GitLab-Dropdown füllen + if (typeof updateTokenBadge === 'function') updateTokenBadge(); + if (els.gitlabTplSelect && typeof populateGitlabDropdown === 'function') { + populateGitlabDropdown(); + } +}); + +['input', 'change'].forEach(ev => { + [els.module, els.moduleVersion, els.pbxVersion, els.tester, els.docbeeUrl].forEach(el => el && el.addEventListener(ev, updateAutosave)); +}); + +// === Vorlage laden (YAML/JSON) === +// ===== Funktion: parseTemplate ===== +function parseTemplate(text) { + if (window.jsyaml && typeof jsyaml.load === 'function') { + try { + return jsyaml.load(text); + } catch (e) {} + } + try { + return JSON.parse(text); + } catch (e) {} + throw new Error('Vorlage konnte weder als YAML noch JSON gelesen werden.'); +} +// ===== Funktion: loadYAMLText ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +function loadYAMLText(yamlText) { + const obj = parseTemplate(yamlText); + if (!obj || !Array.isArray(obj.steps)) throw new Error('Ungültige Vorlage: "steps" fehlt.'); + // Normalisieren: type→kind, default "step" + obj.steps = obj.steps.map(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') return { + kind: 'group', + title: s.title || s.name || '', + collapsed: !!s.collapsed + }; + return { + kind: 'step', + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required, + status: s.status || '', + comment: s.comment || '', + evidence: s.evidence || '' + }; + }); + template = obj; + if (els.tplName) els.tplName.textContent = obj.name || '—'; + if (obj.module) els.module.value = obj.module; + if (obj.module_version) els.moduleVersion.value = obj.module_version; + if (els.olmNummer) els.olmNummer.value = obj.olm_nummer || obj.olm || obj.olmNumber || ''; + if (obj.pbx_version) els.pbxVersion.value = obj.pbx_version; + renderSteps(obj.steps); + if (els.statusTag) els.statusTag.textContent = 'Vorlage geladen'; + updateAutosave(); +} + +// === DOM -> template === +// ===== Funktion: captureEditsIntoTemplate ===== +function captureEditsIntoTemplate() { + if (!template) return; + const rows = [...(els.stepsTableBody?.querySelectorAll('tr') || [])]; + template.steps = rows.map((row, i) => { + const kind = row.getAttribute('data-kind') || 'step'; + if (kind === 'group') { + return { + kind: 'group', + title: (row.querySelector('.tpl-group-title')?.value || '').trim(), + collapsed: row.getAttribute('data-collapsed') === '1' + }; + } + return { + kind: 'step', + id: (row.querySelector('.tpl-id')?.value || '').trim() || `step-${String(i+1).padStart(3,'0')}`, + title: (row.querySelector('.tpl-title')?.value || row.querySelector('.tpl-title')?.textContent || '').trim(), + expected: (row.querySelector('.tpl-expected')?.value || '').trim(), + required: !!(row.querySelector('.tpl-required')?.checked), + status: row.querySelector('select.status')?.value || '', + comment: row.querySelector('.run-comment')?.value || '', + evidence: row.querySelector('.run-evidence')?.value || '' + }; + }); +} + +// === Helper: nächsten Step-Index ermitteln (Gruppen ignorieren) === +// ===== Funktion: nextStepNumber ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +function nextStepNumber() { + const stepsOnly = (template?.steps || []).filter(s => (s.kind || s.type || 'step') === 'step'); + // Versuche numerischen Suffix aus "step-XYZ" zu lesen, sonst zähle Steps + const nums = stepsOnly + .map(s => String(s.id || '')) + .map(id => { + const m = id.match(/step-(\d+)/i); + return m ? parseInt(m[1], 10) : null; + }) + .filter(n => Number.isFinite(n)); + const base = nums.length ? Math.max(...nums) : stepsOnly.length; + return base + 1; +} +// ===== Funktion: makeStepId ===== +function makeStepId(n) { + const num = String(Math.max(1, n)).padStart(3, '0'); + return `step-${num}`; +} + +// === Helper: IDs streng sequentiell vergeben (Gruppen ignorieren) === +// ===== Funktion: renumberSteps ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +function renumberSteps() { + if (!template || !Array.isArray(template.steps)) return; + let n = 1; + template.steps.forEach(s => { + const k = s.kind || s.type || 'step'; + if (k !== 'step') return; + const id = `step-${String(n).padStart(3,'0')}`; + s.id = id; + n++; + }); +} +// ===== Funktion: ensureRenumberAndRender ===== +function ensureRenumberAndRender() { + renumberSteps(); + renderSteps(template.steps); + recomputeGroupStyles(); +} + +// === Steps rendern === +// ===== Funktion: renderSteps ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +// Rendert die Steps-Tabelle, erzeugt Zeilen & bindet Events (Pass/Fail/Kommentar). +function renderSteps(steps) { + if (!els.stepsTableBody) return; + els.stepsTableBody.innerHTML = ''; + let groupCollapsed = false; + steps.forEach((s, idx) => { + if ((s.kind || 'step') === 'group') { + const trG = document.createElement('tr'); + trG.setAttribute('data-kind', 'group'); + trG.className = 'group-row'; + if (s.collapsed) trG.setAttribute('data-collapsed', '1'); + /* drag via handle only */ + // trG.setAttribute('draggable','true'); + trG.innerHTML = ` + +
+ +
+ + + + + + +
+
⋮⋮
+
+ `; + els.stepsTableBody.appendChild(trG); + groupCollapsed = !!s.collapsed; + return; + } + const id = s.id || ''; + const tr = document.createElement('tr'); + tr.setAttribute('data-kind', 'step'); + /* drag via handle only */ + // tr.setAttribute('draggable','true'); + if (groupCollapsed) tr.setAttribute('data-hidden', '1'); + tr.innerHTML = ` + +
+ + + ${s.required ? '📌' : ''} + + +
⋮⋮
+
+ + + + + + + + + + `; + els.stepsTableBody.appendChild(tr); + updateStatusClass(tr.querySelector('select.status')); + // nach jedem Render Schritt neu bewerten + recomputeGroupStyles(); + }); +} + +// === Gruppenstatus einfärben === +function recomputeGroupStyles() { + try { + const body = els.stepsTableBody; + if (!body) return; + const rows = [...body.querySelectorAll('tr')]; + // Collect groups with following step rows until next group + let groups = []; + let current = null; + rows.forEach(r => { + const kind = r.getAttribute('data-kind') || 'step'; + if (kind === 'group') { + current = { + row: r, + steps: [] + }; + groups.push(current); + } else if (current) { + current.steps.push(r); + } + }); + groups.forEach(g => { + g.row.classList.remove('group-ok', 'group-fail'); + const statuses = g.steps.map(tr => (tr.querySelector('select.status')?.value || '').toUpperCase()); + if (!statuses.length) return; + const allPass = statuses.every(s => s === 'PASS'); + const anyFail = statuses.some(s => s === 'FAIL' || s === 'BLOCKED'); + if (allPass) g.row.classList.add('group-ok'); + else if (anyFail) g.row.classList.add('group-fail'); + }); + } catch (e) { + console.warn('recomputeGroupStyles failed', e); + } +} + +function updateStatusClass(selectEl) { + if (!selectEl) return; + const tr = selectEl.closest('tr'); + ['st-pass', 'st-fail', 'st-skip', 'st-blocked'].forEach(c => selectEl.classList.remove(c)); + ['row-pass', 'row-fail', 'row-skip', 'row-blocked'].forEach(c => tr.classList.remove(c)); + const v = selectEl.value || ''; + if (!v) return; + selectEl.classList.add('st-' + v); + tr.classList.add('row-' + v); +} + +// === Lauf/Template sammeln === +// ===== Funktion: collectRun ===== +function collectRun() { + if (!template) return null; + captureEditsIntoTemplate(); + return { + name: template?.name || '', + module: els.module.value, + module_version: els.moduleVersion.value, + pbx_version: els.pbxVersion.value, + olm_nummer: els.olmNummer ? els.olmNummer.value : '', + tester: els.tester.value, + docbee_url: els.docbeeUrl.value, + ts: new Date().toISOString(), + steps: [...template.steps] + }; +} +// ===== Funktion: collectTemplateFromDOM ===== +function collectTemplateFromDOM() { + if (!template) return { + name: '', + module: '', + module_version: '', + pbx_version: '', + olm_nummer: '', + steps: [] + }; + captureEditsIntoTemplate(); + renumberSteps(); + return { + name: template?.name || els.tplName?.textContent || '', + module: els.module.value, + module_version: els.moduleVersion.value, + pbx_version: els.pbxVersion.value, + olm_nummer: els.olmNummer ? els.olmNummer.value : '', + steps: template.steps.map(s => { + if ((s.kind || 'step') === 'group') return { + type: 'group', + title: s.title + }; + return { + type: 'step', + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required + }; + }) + }; +} +// ===== Funktion: checkRequired ===== +function checkRequired(run) { + const missing = run.steps.filter(s => (s.kind || 'step') === 'step' && s.required && !s.status); + if (missing.length > 0) { + alert("Folgende Pflichtschritte haben keinen Status:\n" + + missing.map(s => `${s.id} – ${s.title}`).join("\n")); + return false; + } + return true; +} + +// === Exporte === + +// === Export All (DocBee, DB, PDF) === +async function exportAll() { + console.log('exportAll START'); + const run = collectRun(); + console.log('collectRun()', run); + if (!run) { + alert('Kein Template/keine Steps: bitte Template laden oder Steps anlegen.'); + return; + } + if (!checkRequired(run)) { + console.log('checkRequired() failed'); + return; + } + renumberSteps(); + + // 1) Push to DocBee using existing function (if token available) + let pushedDocBee = null; + try { + if (window.DOCBEE_TOKEN && window.DOCBEE_TOKEN.length > 10) { + pushedDocBee = await postToDocBee(true); // variant returning URL + if (pushedDocBee && typeof pushedDocBee === 'string') { + run.docbee_url = pushedDocBee; + } + } + } catch (e) { + console.warn('DocBee push failed:', e); + } + + // 2) Generate PDF client-side + const pdfBlob = await generatePdfBlob(run).catch(() => null); + + // 3) Upload to server (DB + PDF) + const fd = new FormData(); + fd.append('run', JSON.stringify(run)); + if (pdfBlob) fd.append('pdf', pdfBlob, 'report.pdf'); + + const res = await fetch('/api/export.php', { + method: 'POST', + body: fd + }); + const raw = await res.text(); + let json; + try { + json = JSON.parse(raw); + } catch { + json = null; + } + console.log('Server response:', raw); + if (!res.ok || !json || json.ok === false) { + alert('Serverfehler beim Export:\n' + (json?.error || raw || ('HTTP ' + res.status))); + return; + } + + alert('Export fertig:\n' + + (run.docbee_url ? ('DocBee: ' + run.docbee_url + '\n') : '') + + (json.pdf_path ? ('PDF gespeichert: ' + json.pdf_path + '\n') : '') + + ('Report-ID: ' + json.report_id)); +} +// ========= jsPDF Loader (local + CDN) ========= +// Lädt jsPDF (lokal -> CDN -> Unpkg) und optional autotable. +// Gibt true/false zurück, wirft NICHT. +async function ensureJsPdf() { + function loadScript(url) { + return new Promise((resolve, reject) => { + const s = document.createElement('script'); + s.src = url; + s.onload = resolve; + s.onerror = reject; + document.head.appendChild(s); + }); + } + async function tryLoad(urls) { + for (const u of urls) { + try { + await loadScript(u); + } catch (_) {} + if (window.jspdf && window.jspdf.jsPDF) return true; + } + return !!(window.jspdf && window.jspdf.jsPDF); + } + + // 1) jsPDF laden (lokal bevorzugt, dann CDN/Unpkg) + if (!(window.jspdf && window.jspdf.jsPDF)) { + await tryLoad([ + '/vendor/jspdf/jspdf.umd.min.js', + 'https://cdn.jsdelivr.net/npm/jspdf@2.5.1/dist/jspdf.umd.min.js', + 'https://unpkg.com/jspdf@2.5.1/dist/jspdf.umd.min.js' + ]); + } + if (!(window.jspdf && window.jspdf.jsPDF)) return false; + + // 2) autotable nachladen, falls nicht vorhanden + try { + const test = new window.jspdf.jsPDF(); + if (typeof test.autoTable !== 'function') { + await tryLoad([ + '/vendor/jspdf-autotable/jspdf.plugin.autotable.min.js', + 'https://cdn.jsdelivr.net/npm/jspdf-autotable@3.8.2/dist/jspdf.plugin.autotable.min.js', + 'https://unpkg.com/jspdf-autotable@3.8.2/dist/jspdf.plugin.autotable.min.js' + ]); + } + } catch (_) { + /* egal – PDF geht auch ohne autotable-Funktion (Fallback) */ + } + + return true; +} +async function generatePdfBlob(run) { + // Lade jsPDF + AutoTable falls nötig (lokal → CDN/Unpkg). Fällt ansonsten sauber auf Text-Blob zurück. + const pdfReady = await ensureJsPdf(); + if (!pdfReady) { + const txt = 'QA Report\n' + JSON.stringify(run, null, 2); + return new Blob([txt], { + type: 'application/pdf' + }); + } + const { + jsPDF + } = window.jspdf; + const doc = new jsPDF({ + orientation: 'landscape', + unit: 'mm', + format: 'a4', + compress: true + }); + // dynamic layout metrics for landscape A4 + const pageW = doc.internal.pageSize.getWidth(); + const pageH = doc.internal.pageSize.getHeight(); + const marginL = 14, + marginR = 14; + const xRight = pageW - marginR; + const footerY = pageH - 13; + + // Farben (RGB, NICHT Hex!): "muted" war zuvor unsichtbar – jetzt korrekt + const muted = [102, 102, 102]; + const headFill = [242, 242, 242]; + const ok = [0, 140, 0], + fail = [200, 0, 0], + skip = [160, 160, 0]; + + // Optionales Logo oben rechts – proportional in 26×12 mm Box, rechtsbündig + let logo = null; + try { + logo = await imgToDataURL('logo_light.png'); + } catch {} + + if (logo) { + // 1) Bildabmessungen ermitteln (erst jsPDF, dann Fallback über ) + let iw = 0, + ih = 0; + try { + const props = doc.getImageProperties ? doc.getImageProperties(logo) : null; + if (props) { + iw = props.width || 0; + ih = props.height || 0; + } + } catch {} + if (!(iw && ih)) { + await new Promise((resolve) => { + const img = new Image(); + img.onload = () => { + iw = img.naturalWidth; + ih = img.naturalHeight; + resolve(); + }; + img.onerror = () => resolve(); + img.src = logo; + }); + } + + // 2) Proportional in die Box einpassen + const maxW = 26, + maxH = 12; + const ratio = (ih && iw) ? (ih / iw) : (10 / 26); + let w = maxW, + h = w * ratio; + if (h > maxH) { + h = maxH; + w = h / ratio; + } + + // 3) Rechtsbündig relativ zur Nutzkante (xRight) + const x = xRight - w; + const y = 7.8; + + try { + doc.addImage(logo, 'PNG', x, y, w, h, undefined, 'FAST'); + } catch {} + } + + + // Titelzeile + doc.setFont('helvetica', 'bold'); + doc.setFontSize(18); + doc.setTextColor(0, 0, 0); + doc.text('QA Report', 14, 16); + doc.setDrawColor(0, 0, 0); + doc.setLineWidth(0.2); + doc.line(marginL, 18, xRight, 18); + + // Metadaten mit Labels (sichtbar!) + const meta = [ + ['Modul', sanitizeText(run.module)], + ['Modul-Version', sanitizeText(run.module_version)], + ['PBX-Version', sanitizeText(run.pbx_version)], + ['OLM-Nummer', sanitizeText(run.olm_nummer)], + ['Tester', sanitizeText(run.tester)], + ['DocBee', sanitizeText(run.docbee_url || '-')], + ]; + let y = 24; + doc.setFontSize(10); + meta.forEach(([k, v]) => { + doc.setFont('helvetica', 'bold'); + doc.setTextColor(...muted); + doc.text(k + ':', 14, y); + doc.setFont('helvetica', 'normal'); + doc.setTextColor(0, 0, 0); + doc.text(v || '—', 50, y); + y += 6; + }); + + // Zeilen aus Steps bauen + const rows = []; + let i = 0, + group = null; + (run.steps || []).forEach(s => { + if ((s.kind || 'step') === 'group') { + group = sanitizeText(s.title); + return; + } + i++; + rows.push({ + nr: i, + group: sanitizeText(group || '–'), + id: sanitizeText(s.id), + title: sanitizeText(s.title), + expected: sanitizeText(s.expected), + status: sanitizeText((s.status || '').toLowerCase()), + comment: sanitizeText(s.comment), + }); + }); + + const body = rows.map(r => [r.nr, r.group, r.id, r.title, r.expected, r.status, r.comment]); + const startY = Math.max(y + 4, 24); + + // Tabelle (autoTable) + // @ts-ignore + doc.autoTable({ + startY, + tableWidth: pageW - (marginL + marginR), + head: [ + ['#', 'Gruppe', 'Step-ID', 'Titel', 'Erwartet', 'Status', 'Kommentar'] + ], + body, + styles: { + font: 'helvetica', + fontSize: 9, + cellPadding: 2, + overflow: 'linebreak', + valign: 'top' + }, + headStyles: { + fillColor: headFill, + textColor: [0, 0, 0], + halign: 'left' + }, + columnStyles: { + 0: { + halign: 'right', + cellWidth: 8 + }, + 1: { + cellWidth: 36 + }, + 2: { + cellWidth: 24 + }, + 3: { + cellWidth: 62 + }, + 4: { + cellWidth: 76 + }, + 5: { + cellWidth: 20, + halign: 'left' + }, + 6: { + cellWidth: 36 + } + }, + didParseCell: (d) => { + // Normalize every cell fragment to PDF-safe ASCII/Latin-1 and map arrows + if (d && d.cell) { + const arr = Array.isArray(d.cell.text) ? d.cell.text : [String(d.cell.text ?? '')]; + d.cell.text = arr.map(t => toPdfSafe(replaceSymbols(String(t)))); + } + if (d.section === 'body') { + // Status einfärben + if (d.column.index === 5) { + const val = String(d.cell.raw || '').toLowerCase(); + if (val === 'pass') d.cell.styles.textColor = ok; + else if (val === 'fail') d.cell.styles.textColor = fail; + else if (val === 'skip' || val === 'na') d.cell.styles.textColor = skip; + } + // "Erwartet" als Monospace + leicht grauer Hintergrund + if (d.column.index === 4) { + d.cell.styles.font = 'courier'; + d.cell.styles.fillColor = [250, 250, 250]; + } + } + }, + margin: { + left: marginL, + right: marginR + }, + pageBreak: 'auto' + }); + + // Footer: Seitenzahlen & Zeitstempel + const pageCount = doc.getNumberOfPages(); + const ts = new Date().toLocaleString(); + for (let p = 1; p <= pageCount; p++) { + doc.setPage(p); + doc.setFont('helvetica', 'normal'); + doc.setFontSize(8); + doc.setTextColor(...muted); + doc.text(`Seite ${p} / ${pageCount}`, xRight, footerY, { + align: 'right' + }); + doc.text(ts, marginL, footerY); + } + + return doc.output('blob'); +} + +// === Template als YAML exportieren und zu GitLab pushen === +// ===== Funktion: exportTemplateYAML ===== +async function exportTemplateYAML() { + if (!GITLAB.token) { + alert('Kein GitLab-Token konfiguriert. Bitte Token setzen.'); + return; + } + + const tpl = collectTemplateFromDOM(); + if (!tpl.module || !tpl.module_version || !tpl.pbx_version) { + alert('Bitte Modul, Modul-Version und PBX-Version angeben.'); + return; + } + + let yml = ''; + if (window.jsyaml && jsyaml.dump) { + yml = jsyaml.dump(tpl, { + lineWidth: 100 + }); + } else { + yml += `name: "${tpl.name||''}"\n`; + yml += `module: "${tpl.module||''}"\n`; + yml += `module_version: "${tpl.module_version||''}"\n`; + yml += `pbx_version: "${tpl.pbx_version||''}"\n`; + yml += `olm_nummer: "${tpl.olm_nummer||''}"\n`; + yml += `steps:\n`; + tpl.steps.forEach(s => { + if (s.type === 'group') { + yml += ` - type: "group"\n`; + yml += ` title: "${(s.title||'').replace(/"/g,'\\"')}"\n`; + } else { + yml += ` - type: "step"\n`; + yml += ` id: "${s.id||''}"\n`; + yml += ` title: "${(s.title||'').replace(/"/g,'\\"')}"\n`; + yml += ` expected: "${(s.expected||'').replace(/"/g,'\\"')}"\n`; + yml += ` required: ${s.required ? 'true':'false'}\n`; + } + }); + } + + // Keep original filename behaviour: module name only + const filename = `${safeName(tpl.module)}.yaml`; + const filePath = GITLAB.path + '/' + filename; + + // Keep base64 encoding but send the proper `encoding` flag so GitLab + // decodes and stores the real YAML. The prior bug encoded the content + // but did not set `encoding`, so GitLab stored the base64 string. + const content = btoa(unescape(encodeURIComponent(yml))); + + try { + if (els.statusTag) els.statusTag.textContent = 'GitLab: Pushe Template...'; + + const url = `${GITLAB.host}/api/v4/projects/${encodeURIComponent(GITLAB.projectId)}/repository/files/${encodeURIComponent(filePath)}`; + + // Try to get the file first to see if it exists + const checkRes = await fetch(url + `?ref=${encodeURIComponent(GITLAB.ref)}`, { + headers: glHeaders() + }); + + const method = checkRes.ok ? 'PUT' : 'POST'; + const commitMessage = checkRes.ok ? + `Update QA template for ${tpl.module} ${tpl.module_version}` : + `Add QA template for ${tpl.module} ${tpl.module_version}`; + + const response = await fetch(url, { + method, + headers: { + ...glHeaders(), + 'Content-Type': 'application/json', + }, + body: JSON.stringify({ + branch: GITLAB.ref, + content: content, + encoding: 'base64', + commit_message: commitMessage, + }) + }); + + if (!response.ok) { + throw new Error(`HTTP ${response.status}`); + } + + const result = await response.json(); + if (els.statusTag) els.statusTag.textContent = 'GitLab: Template erfolgreich gepusht'; + alert(`Template wurde erfolgreich zu GitLab gepusht:\n${filePath}`); + } catch (error) { + console.error('GitLab push failed:', error); + if (els.statusTag) els.statusTag.textContent = 'GitLab: Fehler beim Pushen'; + alert('Fehler beim Pushen zu GitLab: ' + error.message); + } +} + +// === JSON speichern/laden === +els.btnSaveJSON && els.btnSaveJSON.addEventListener('click', () => { + const run = collectRun(); + if (!run) return; + if (!checkRequired(run)) return; + renumberSteps(); + const base = `qa-run-${safeName(run.module)}-${safeName(run.module_version)}-${safeName(run.pbx_version)}`; + download(JSON.stringify(run, null, 2), `${base}.json`, 'application/json'); +}); + +// Rebind: entfernt ALLE alten Listener am File-Input und setzt den neuen +document.addEventListener('DOMContentLoaded', () => { + let inp = document.getElementById('loadJSON'); + if (!inp) return; + const clone = inp.cloneNode(true); // droppt alle alten Listener + inp.replaceWith(clone); + els.loadJSON = clone; // unsere globale Referenz aktualisieren + + clone.addEventListener('change', async (e) => { + const f = e.target.files?.[0]; + if (!f) return; + const txt = await f.text(); + const name = String(f.name || ''); + const ext = (name.split('.').pop() || '').toLowerCase(); + const looksLikeJSON = /^[\s\r\n]*[{\[]/.test(txt); + + function applyRun(run) { + template = { + name: run.name || '', + steps: (run.steps || []).map(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') return { + kind: 'group', + title: s.title || '' + }; + return { + kind: 'step', + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required, + status: s.status || '', + comment: s.comment || '', + evidence: s.evidence || '' + }; + }) + }; + if (els.tplName) els.tplName.textContent = run.name || '—'; + if (els.module) els.module.value = run.module || ''; + if (els.moduleVersion) els.moduleVersion.value = run.module_version || ''; + if (els.pbxVersion) els.pbxVersion.value = run.pbx_version || ''; + if (els.tester) els.tester.value = run.tester || ''; + if (els.docbeeUrl) els.docbeeUrl.value = run.docbee_url || ''; + if (els.olmNummer) els.olmNummer.value = run.olm_nummer || ''; + renderSteps(template.steps); + recomputeGroupStyles(); + if (els.statusTag) els.statusTag.textContent = 'Lauf geladen'; + updateAutosave(); + } + + function applyTemplateOnly(tplObj) { + template = { + name: tplObj.name || '', + steps: (tplObj.steps || []).map(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') return { + kind: 'group', + title: s.title || '' + }; + return { + kind: 'step', + id: s.id || '', + title: s.title || '', + expected: s.expected || '', + required: !!s.required, + status: '', + comment: '', + evidence: '' + }; + }) + }; + if (els.tplName) els.tplName.textContent = template.name || '—'; + if (els.module) els.module.value = tplObj.module || ''; + if (els.moduleVersion) els.moduleVersion.value = tplObj.module_version || ''; + if (els.pbxVersion) els.pbxVersion.value = tplObj.pbx_version || ''; + if (els.olmNummer) els.olmNummer.value = tplObj.olm_nummer || ''; + renderSteps(template.steps); + recomputeGroupStyles(); + if (els.statusTag) els.statusTag.textContent = 'Template geladen'; + updateAutosave(); + } + + try { + if (ext === 'json' || looksLikeJSON) { + try { + const run = JSON.parse(txt); + applyRun(run); + } catch (jsonErr) { + if (window.jsyaml && jsyaml.load) { + const tplObj = jsyaml.load(txt) || {}; + applyTemplateOnly(tplObj); + } else { + throw new Error('JSON ungültig und YAML nicht verfügbar: ' + jsonErr.message); + } + } + } else { + if (!(window.jsyaml && jsyaml.load)) throw new Error('YAML-Unterstützung (js-yaml) fehlt.'); + const tplObj = jsyaml.load(txt) || {}; + applyTemplateOnly(tplObj); + } + } catch (err) { + alert('Fehler beim Laden: ' + (err?.message || err)); + } + }); +}); + + +// === Ticket-ID aus URL === +// ===== Funktion: extractTicketId ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +function extractTicketId(u) { + const m = String(u || "").match(/(?:\/ticket\/show\/|\/tickets\/)(\d+)/i); + return m ? m[1] : null; +} + +// === DocBee Calls === +async function postJSON(url, body) { + const r = await fetch(url, { + method: "POST", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Content-Type": "application/json; charset=utf-8", + "Accept": "application/json" + }, + body: JSON.stringify(body) + }); + const text = await r.text().catch(() => "-"); + console.log("[DocBee][POST]", url, body); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + if (r.status === 401) { + try { + updateTokenBadge("bad"); + } catch (_) {} + } + return { + ok: r.ok, + status: r.status, + text + }; +} + +// --- Helpers (DocBee) ------------------------------------------------- +if (typeof sleep !== 'function') { + function sleep(ms) { + return new Promise(r => setTimeout(r, ms)); + } +} +if (typeof getJSON !== 'function') { + async function getJSON(url) { + const r = await fetch(url, { + method: "GET", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Accept": "application/json" + } + }); + const text = await r.text().catch(() => "-"); + let json = null; + try { + json = JSON.parse(text); + } catch {} + console.log("[DocBee][GET]", url); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + return { + ok: r.ok, + status: r.status, + json, + text + }; + } +} + +// --- DocBee-Helper global (hoisted) --- +function sleep(ms) { + return new Promise(r => setTimeout(r, ms)); +} + +async function getJSON(url) { + const r = await fetch(url, { + method: "GET", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Accept": "application/json" + } + }); + const text = await r.text().catch(() => "-"); + let json = null; + try { + json = JSON.parse(text); + } catch {} + console.log("[DocBee][GET]", url); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + return { + ok: r.ok, + status: r.status, + json, + text + }; +} + +async function putJSON(url, body) { + const r = await fetch(url, { + method: "PUT", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Content-Type": "application/json; charset=utf-8", + "Accept": "application/json" + }, + body: JSON.stringify(body) + }); + const text = await r.text().catch(() => "-"); + console.log("[DocBee][PUT]", url, body); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + let json = null; + try { + json = JSON.parse(text); + } catch {} + return { + ok: r.ok, + status: r.status, + json, + text + }; +} + +// Vorgangs-Status robust auf vorherige ID zurücksetzen (primär ticketStatus, Fallback status) +async function restoreTicketStatus(ticketId, prevStatusId) { + try { + const maxLoops = 5; // ~30s + let stable = 0; + for (let i = 0; i < maxLoops; i++) { + await sleep(200); + const tCur = await getJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}?fields=ticketStatus`); + const curId = tCur?.json?.ticketStatus ?? null; + if (curId == null) break; + if (curId !== prevStatusId) { + let r = await putJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}`, { + ticketStatus: { + id: prevStatusId + } + }); + if (!r.ok) { + await putJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}`, { + status: { + id: prevStatusId + } + }); + } + stable = 0; + } else { + stable++; + if (stable >= 2) break; + } + } + } catch (e) { + console.warn("[DocBee] restoreTicketStatus failed:", e); + } +} + + +if (typeof putJSON !== 'function') { + async function putJSON(url, body) { + const r = await fetch(url, { + method: "PUT", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Content-Type": "application/json; charset=utf-8", + "Accept": "application/json" + }, + body: JSON.stringify(body) + }); + const text = await r.text().catch(() => "-"); + console.log("[DocBee][PUT]", url, body); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + let json = null; + try { + json = JSON.parse(text); + } catch {} + return { + ok: r.ok, + status: r.status, + json, + text + }; + } +} + +async function restoreTicketStatus(ticketId, prevStatusId) { + try { + const maxLoops = 30; // ~30s + let stable = 0; + for (let i = 0; i < maxLoops; i++) { + await sleep(200); + const tCur = await getJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}?fields=ticketStatus.id,ticketStatus.name,status.id,status.name`); + const curId = tCur?.json?.ticketStatus?.id ?? tCur?.json?.status?.id ?? null; + if (curId == null) break; + if (curId !== prevStatusId) { + const r = await setTicketStatus(ticketId, prevStatusId); + console.log("[DocBee][restore] result:", r); + stable = 0; // nach Setzen erneut beobachten + } else { + stable++; + if (stable >= 2) break; // 2x stabil reicht + } + } + } catch (e) { + console.warn("[DocBee] restoreTicketStatus failed:", e); + } +} + + +// Status-Setter +async function setTicketStatus(ticketId, statusId) { + const base = `${DOCBEE_BASEURL}/restApi/v1`; + const tries = [ + () => putJSON(`${base}/ticket/${ticketId}`, { + ticketStatus: statusId + }), + ]; + let last = null; + for (let i = 0; i < tries.length; i++) { + try { + const r = await tries[i](); + console.log(`[DocBee][STATUS][try ${i}]`, r?.status, r?.ok); + if (r && r.ok) return { + ok: true, + variant: i, + status: r.status, + text: r.text + }; + last = r; + } catch (e) { + console.warn(`[DocBee][STATUS][try ${i}] exception`, e); + last = { + ok: false, + status: 0, + text: String(e) + }; + } + } + return last || { + ok: false + }; +} + + +// ===== Funktion: appendResultLink ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. + +const DOCBEE_UI_BASE = DOCBEE_BASEURL; // feste Instanzbasis für UI-Links + +function appendResultLink(createdJSON) { + let link = null; + try { + const j = JSON.parse(createdJSON || "{}"); + link = j?.link || null; + } catch {} + + // Ticket-ID aus dem Eingabefeld (falls vorhanden) extrahieren + const ticketId = extractTicketId(els.docbeeUrl?.value || ''); + + // Ziel-URL bestimmen: + + let url = `${DOCBEE_UI_BASE.replace(/\/+$/,'')}/ticket/show/${ticketId}`; + + if (!url) return; + + const hint = document.createElement('div'); + hint.className = 'docbee-hint'; + hint.innerHTML = `✅ Angelegt: ${url}`; + document.querySelector('.actions')?.appendChild(hint); +} + +// ===== Funktion: formatDocBeeMessage ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +function formatDocBeeMessage(run) { + const pad = (s, n) => (s || '').length > n ? (s || '').slice(0, n - 1) + '…' : (s || '').padEnd(n, ' '); + const fmtDate = new Date(run.ts).toLocaleString('de-DE'); + + // Kurz-Summary (nur echte Steps zählen) + const counts = { + pass: 0, + fail: 0, + skip: 0, + blocked: 0 + }; + (run.steps || []).forEach(s => { + const k = s.kind || s.type || 'step'; + if (k !== 'step') return; + if (counts[s.status] !== undefined) counts[s.status]++; + }); + const summary = `✅ ${counts.pass} | ❌ ${counts.fail} | ⏭️ ${counts.skip} | ⛔ ${counts.blocked}`; + + // Kopf + Metadaten (out VOR jeglicher Nutzung initialisieren) + let out = ''; + if (counts.fail === 0 && counts.blocked === 0) { + out += `✅ QA Bestanden\n`; + } else { + out += `❌ QA nicht Bestanden\n`; + } + out += `Modul: ${run.module || ''}\n`; + out += `Modul-Version:${run.module_version || ''}\n`; + out += `PBX-Version: ${run.pbx_version || ''}\n`; + out += `Tester: ${run.tester || ''}\n`; + if (run.docbee_url) out += `Ticket: ${run.docbee_url}\n`; + out += `Datum: ${fmtDate}\n\n`; + out += `Übersicht: ${summary}\n\n`; + out += `\n`; + + // Tabelle (monospace-geeignet) + const SEP = '─────────────────────────────────────────────────────────────────────'; + out += `${SEP}\n`; + out += `${pad('Schritt', 12)} ${pad('Status', 7)} ${pad('Titel', 52)}\n`; + out += `${SEP}\n`; + + (run.steps || []).forEach(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') { + out += `\n## ${s.title || ''}\n\n`; + return; + } + const st = (s.status || '').toUpperCase(); // PASS/FAIL/SKIP/BLOCKED/… + const stShort = st === 'BLOCKED' ? 'BLOCK' : st; + const SMAP = { + pass: '✅', + fail: '❌', + skip: '⏭️', + blocked: '⛔' + }; + const stLabel = (SMAP[(s.status || '').toLowerCase()] ? + SMAP[(s.status || '').toLowerCase()] + ' ' : + '') + stShort; + const req = s.required ? '📌 ' : ''; + out += `${pad(s.id || '', 12)} ${pad(stLabel, 9)} ${pad(req + (s.title || ''), 50)}\n`; + if (s.expected) out += ` • Erwartet: ${s.expected}\n`; + if (s.comment) out += ` • Kommentar: ${s.comment}\n`; + if (s.evidence) out += ` • Evidenz: ${s.evidence}\n`; + }); + out += `${SEP}\n`; + out += `Legende: PASS=✅, FAIL=❌, SKIP=⏭️, BLOCK=⛔, PFLICHTSCHRITT=📌 \n`; + return out; +} + + +async function postToDocBee() { + const run = collectRun(); + if (!run) return; + if (!checkRequired(run)) return; + + const ticketId = extractTicketId(els.docbeeUrl?.value || ''); + if (!ticketId) { + alert("Keine Ticket-ID in der DocBee-URL gefunden."); + return; + } + if (!hasToken()) { + alert("Kein API-Token konfiguriert."); + return; + } + + // Kommentarinhalt (Markdown) + const content = formatDocBeeMessage(run); + + // alten Vorgangs-Status holen (Vorgangs-Status = ticketStatus) + const tGet = await getJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}?fields=ticketStatus`); + const prevStatusId = tGet?.json?.ticketStatus ?? null; + + // Busy-State + els.btnPushDocBee?.setAttribute('disabled', ''); + els.btnPushDocBee?.classList.add('is-busy'); + + try { + + // *** Message posten (muss Message sein) *** + const url = `${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}/message`; + const rMsg = await postJSON(url, { + content: content, + subject: `QA Report ${ticketId}`, + internal: true, + hidden: false + }); + + if (rMsg.ok) { + // kurze Wartezeit, dann Status ggf. zurücksetzen (gegen Auto-"Antwort erhalten") + await sleep(400); + if (prevStatusId != null) { + await restoreTicketStatus(ticketId, prevStatusId); + } + appendResultLink(rMsg.text); + //alert("Nachricht im Ticket angelegt (Status beibehalten)."); // Debug Message anzeigen + return; + } + + + if (ENABLE_FALLBACK_NOTE) { + const rNote = await postJSON(`${DOCBEE_BASEURL}/restApi/v1/note`, { + note: { + ticket: { + id: Number(ticketId) + }, + subject: `QA Report ${ticketId}`, + text: content, + internal: false + } + }); + if (rNote.ok) { + appendResultLink(rNote.text); + alert("Notiz angelegt (Fallback)."); + return; + } + alert(`Fehler: MSG ${rMsg.status}, NOTE ${rNote.status}`); + } else { + alert(`Nachricht fehlgeschlagen (Status ${rMsg.status}). Details siehe Konsole.`); + } + } catch (e) { + alert("DocBee-Request fehlgeschlagen: " + String(e)); + } finally { + els.btnPushDocBee?.removeAttribute('disabled'); + els.btnPushDocBee?.classList.remove('is-busy'); + } +} + + +// === Token Badge === +function updateTokenBadge(state) { + const el = els.docbeeTokenStatus; + if (!el) return; + const has = !!(typeof DOCBEE_TOKEN !== 'undefined' && String(DOCBEE_TOKEN || '').trim().length > 10); + el.classList.remove('ok', 'bad', 'warn'); + if (state === 'bad') { + el.textContent = 'DocBee: ungültig/401'; + el.classList.add('bad'); + return; + } + if (state === 'ok' || (state === undefined && has)) { + el.textContent = 'DocBee: Token gesetzt'; + el.classList.add('ok'); + return; + } + el.textContent = 'DocBee: fehlt'; + el.classList.add('warn'); +} + +// === Events === +els.yamlFile && els.yamlFile.addEventListener('change', async (e) => { + const f = e.target.files?.[0]; + if (!f) return; + const txt = await f.text(); + try { + loadYAMLText(txt); + } catch (err) { + alert('Vorlage konnte nicht geladen werden: ' + err.message); + } +}); +els.btnAddStep && els.btnAddStep.addEventListener('click', () => { + if (!template) template = { + name: 'Neues Template', + steps: [] + }; + captureEditsIntoTemplate(); + template.steps.push({ + kind: 'step', + id: '', + title: '', + expected: '', + required: true, + status: '', + comment: '', + evidence: '' + }); + ensureRenumberAndRender(); +}); +els.btnAddGroup && els.btnAddGroup.addEventListener('click', () => { + if (!template) template = { + name: 'Neues Template', + steps: [] + }; + captureEditsIntoTemplate(); + template.steps.push({ + kind: 'group', + title: 'Neue Gruppe', + collapsed: false + }); + ensureRenumberAndRender(); +}); +els.stepsTableBody && els.stepsTableBody.addEventListener('click', (e) => { + const btnStep = e.target.closest('.btn btn-delete-step, .btn-delete-step'); + const btnGroup = e.target.closest('.btn btn-delete-group, .btn-delete-group'); + const btnToggle = e.target.closest('.btn btn-toggle-group, .btn-toggle-group'); + const btnMass = e.target.closest('.btn btn-group-status, .btn-group-status'); + if (!btnStep && !btnGroup && !btnToggle && !btnMass) return; + captureEditsIntoTemplate(); + const tr = e.target.closest('tr'); + const idx = [...els.stepsTableBody.children].indexOf(tr); + if (idx < 0) return; + if (btnToggle) { + if ((template.steps[idx] || {}).kind === 'group') { + template.steps[idx].collapsed = !template.steps[idx].collapsed; + ensureRenumberAndRender(); + } + return; + } + + if (btnMass && (template.steps[idx] || {}).kind === 'group') { + const status = (btnMass.getAttribute('data-status') || '').toLowerCase(); + if (!['pass', 'fail', 'skip', 'blocked'].includes(status)) return; + // Schritte bis zur nächsten Gruppe finden + let start = idx + 1; + let end = template.steps.length; + for (let i = start; i < template.steps.length; i++) { + const k = (template.steps[i].kind || template.steps[i].type || 'step'); + if (k === 'group') { + end = i; + break; + } + } + // Warnung, falls überschrieben würde + const willOverwrite = template.steps.slice(start, end) + .some(s => (s.kind || 'step') === 'step' && s.status && s.status !== status); + if (willOverwrite) { + const ok = confirm(`Einige Schritte in dieser Gruppe haben bereits einen anderen Status.\nAlle auf ${status.toUpperCase()} setzen?`); + if (!ok) return; + } + for (let i = start; i < end; i++) { + if ((template.steps[i].kind || 'step') !== 'step') continue; + template.steps[i].status = status; + } + ensureRenumberAndRender(); + return; + } + + // löschen (mit Warnung wenn Gruppe und nicht leer) + if (btnGroup && (template.steps[idx] || {}).kind === 'group') { + // zähle Steps bis zur nächsten Gruppe + let cnt = 0; + for (let i = idx + 1; i < template.steps.length; i++) { + const k = (template.steps[i].kind || template.steps[i].type || 'step'); + if (k === 'group') break; + if (k === 'step') cnt++; + } + if (cnt > 0) { + const ok = confirm(`Diese Gruppe enthält ${cnt} Schritt(e).\nGruppe wirklich löschen? Die Schritte bleiben bestehen und werden nicht gelöscht.`); + if (!ok) return; + } + } + template.steps.splice(idx, 1); + ensureRenumberAndRender(); +}); + +// === GitLab Events === +if (els.gitlabTplSelect) els.gitlabTplSelect.addEventListener('change', async (e) => { + const p = e.target.value; + if (!p) return; + try { + els.gitlabTplStatus && (els.gitlabTplStatus.textContent = "GitLab: lade Datei…"); + const y = await fetchGitlabFileRaw(p); + loadYAMLText(y); + els.gitlabTplStatus && (els.gitlabTplStatus.textContent = `GitLab: geladen – ${p.split('/').pop()}`); + } catch (err) { + els.gitlabTplStatus && (els.gitlabTplStatus.textContent = "GitLab: Fehler"); + console.error("[GitLab] raw failed:", err); + alert("Vorlage aus GitLab konnte nicht geladen werden: " + err.message); + } +}); + +if (els.btnGitlabReload) els.btnGitlabReload.addEventListener('click', (e) => { + e.preventDefault(); + populateGitlabDropdown(); +}); + +// === Drag & Drop (Rows verschieben, inkl. Gruppen) === +let dragIndex = -1; + +// ===== Funktion: rowIndexOf ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +function rowIndexOf(target) { + const tr = target.closest('tr'); + if (!tr) return -1; + return [...els.stepsTableBody.children].indexOf(tr); +} +els.stepsTableBody && els.stepsTableBody.addEventListener('dragstart', (e) => { + if (!e.target.closest('.drag-handle')) { + e.preventDefault(); + return; + } + const i = rowIndexOf(e.target); + if (i < 0) return; + dragIndex = i; + e.dataTransfer?.setData('text/plain', String(i)); + if (e.dataTransfer) e.dataTransfer.effectAllowed = 'move'; + const row = e.target.closest('tr') || e.target; + e.dataTransfer?.setDragImage?.(row, 16, 16); + row.classList.add('dragging'); +}); +els.stepsTableBody && els.stepsTableBody.addEventListener('dragend', (e) => { + const tr = e.target.closest('tr'); + if (tr) tr.classList.remove('dragging'); + [...els.stepsTableBody.children].forEach(r => { + r.classList.remove('drag-over'); + r.removeAttribute('data-pos'); + }); + dragIndex = -1; +}); +els.stepsTableBody && els.stepsTableBody.addEventListener('dragover', (e) => { + e.preventDefault(); + const tr = e.target.closest('tr'); + if (!tr) return; + [...els.stepsTableBody.children].forEach(r => { + r.classList.remove('drag-over'); + r.removeAttribute('data-pos'); + }); + tr.classList.add('drag-over'); + const rect = tr.getBoundingClientRect(); + const pos = (e.clientY - rect.top) < rect.height / 2 ? 'before' : 'after'; + tr.setAttribute('data-pos', pos); +}); +els.stepsTableBody && els.stepsTableBody.addEventListener('drop', (e) => { + e.preventDefault(); + captureEditsIntoTemplate(); + const from = dragIndex >= 0 ? dragIndex : parseInt(e.dataTransfer?.getData('text/plain') || '-1', 10); + const tr = e.target.closest('tr'); + if (from < 0 || !tr) return; + const toBase = rowIndexOf(tr); + const pos = tr.getAttribute('data-pos') || 'after'; + let to = toBase + (pos === 'after' ? 1 : 0); + if (to === from || to - 1 === from) { + renderSteps(template.steps); + recomputeGroupStyles(); + return; + } + // Element verschieben + const item = template.steps.splice(from, 1)[0]; + if (to > from) to--; // nach dem Entfernen verschiebt sich Index + template.steps.splice(to, 0, item); + ensureRenumberAndRender(); +}); + +document.getElementById('stepsTable')?.addEventListener('change', (e) => { + if (e.target && e.target.matches('select.status')) { + updateStatusClass(e.target); + recomputeGroupStyles(); + } +}); + +els.btnExportMD && els.btnExportMD.addEventListener('click', exportMD); +els.btnExportCSV && els.btnExportCSV.addEventListener('click', exportCSV); +els.btnPrintPDF && els.btnPrintPDF.addEventListener('click', printPDF); +els.btnExportTemplateYAML && els.btnExportTemplateYAML.addEventListener('click', exportTemplateYAML); + +els.btnSaveJSON && els.btnSaveJSON.addEventListener('click', () => { + const run = collectRun(); + if (!run) return; + if (!checkRequired(run)) return; + const base = `qa-run-${safeName(run.module)}-${safeName(run.module_version)}-${safeName(run.pbx_version)}`; + download(JSON.stringify(run, null, 2), `${base}.json`, 'application/json'); +}); +els.loadJSON && els.loadJSON.addEventListener('change', async (e) => { + const f = e.target.files?.[0]; + if (!f) return; + const txt = await f.text(); + try { + const run = JSON.parse(txt); + template = { + name: run.name || '', + steps: (run.steps || []).map(s => ({ + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required, + status: s.status || '', + comment: s.comment || '', + evidence: s.evidence || '' + })) + }; + if (els.tplName) els.tplName.textContent = run.name || '—'; + els.module.value = run.module || ''; + els.moduleVersion.value = run.module_version || ''; + els.pbxVersion.value = run.pbx_version || ''; + els.tester.value = run.tester || ''; + els.docbeeUrl.value = run.docbee_url || ''; + renderSteps(template.steps); + recomputeGroupStyles(); + if (els.statusTag) els.statusTag.textContent = 'Lauf geladen'; + updateAutosave(); + } catch (err) { + alert('Ungültiges JSON: ' + err.message); + } +}); + +// === Bindings absichern + Busy-Fix + Mini-CSS === +(function ensureBindings() { + // ===== Funktion: bind ===== + // Zweck: siehe Inline-Kommentare im Funktionskörper. + function bind() { + const b = document.getElementById('btnPushDocBee'); + if (b) { + b.removeAttribute('disabled'); + b.classList.remove('is-busy'); + b.style.pointerEvents = 'auto'; + b.addEventListener('click', postToDocBee, { + once: false + }); + } + const p = document.getElementById('btnPrintPDF'); + const btn = document.getElementById('btnExportAll'); + if (btn) { + btn.addEventListener('click', e => { + e.preventDefault(); + exportAll().catch(err => alert('Export error: ' + err.message)); + }); + console.log('Export-Button gebunden'); + } else { + alert('Export-Button nicht gefunden (id=btnExportAll).'); + } + } + if (document.readyState === 'loading') document.addEventListener('DOMContentLoaded', bind); + else bind(); + window.addEventListener('pageshow', () => { + const b = document.getElementById('btnPushDocBee'); + if (b) { + b.removeAttribute('disabled'); + b.classList.remove('is-busy'); + b.style.pointerEvents = 'auto'; + } + }); +})(); +(function injectAuxCss() { + const s = document.createElement('style'); + s.textContent = ` + .is-busy{opacity:.6;pointer-events:none} + .docbee-hint{margin-top:8px;font-size:14px} + .docbee-hint a{text-decoration:underline} + `; + document.head.appendChild(s); +})(); + +// ===================== Ende app.js ===================== \ No newline at end of file diff --git a/qa-tool/htdocs/callback.php b/qa-tool/htdocs/callback.php new file mode 100644 index 0000000..da1aa50 --- /dev/null +++ b/qa-tool/htdocs/callback.php @@ -0,0 +1,33 @@ +setRedirectURL($OIDC_REDIRECT_URL); + +// Scopes als Array hinzufügen +$oidc->addScope(['openid', 'profile', 'email', 'groups']); + +// Benutzer authentifizieren +$oidc->authenticate(); + +// Benutzerinformationen abrufen +$_SESSION['user_authenticated'] = true; +$_SESSION['user_name'] = $oidc->requestUserInfo('name'); +$_SESSION['user_email'] = $oidc->requestUserInfo('email'); +$_SESSION['groups'] = $oidc->requestUserInfo('groups'); + +// Zurück zur Hauptseite +header('Location: index.php'); +exit(); +?> \ No newline at end of file diff --git a/qa-tool/htdocs/composer.json b/qa-tool/htdocs/composer.json new file mode 100644 index 0000000..08ef219 --- /dev/null +++ b/qa-tool/htdocs/composer.json @@ -0,0 +1,6 @@ +{ + "require": { + "litesaml/lightsaml": "^4.2", + "jumbojett/openid-connect-php": "^1.0" + } +} diff --git a/qa-tool/htdocs/composer.lock b/qa-tool/htdocs/composer.lock new file mode 100644 index 0000000..91a1acf --- /dev/null +++ b/qa-tool/htdocs/composer.lock @@ -0,0 +1,681 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "e5120dce5ca198fc0f926511014570d9", + "packages": [ + { + "name": "jumbojett/openid-connect-php", + "version": "v1.0.0", + "source": { + "type": "git", + "url": "https://github.com/jumbojett/OpenID-Connect-PHP.git", + "reference": "4af1d11497ec765dccddf928c14c04535ca96017" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/jumbojett/OpenID-Connect-PHP/zipball/4af1d11497ec765dccddf928c14c04535ca96017", + "reference": "4af1d11497ec765dccddf928c14c04535ca96017", + "shasum": "" + }, + "require": { + "ext-curl": "*", + "ext-json": "*", + "php": ">=7.0", + "phpseclib/phpseclib": "~3.0" + }, + "require-dev": { + "roave/security-advisories": "dev-latest", + "yoast/phpunit-polyfills": "^1.0" + }, + "type": "library", + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "description": "Bare-bones OpenID Connect client", + "support": { + "issues": "https://github.com/jumbojett/OpenID-Connect-PHP/issues", + "source": "https://github.com/jumbojett/OpenID-Connect-PHP/tree/v1.0.0" + }, + "time": "2023-12-13T09:52:12+00:00" + }, + { + "name": "litesaml/lightsaml", + "version": "v4.2.0", + "source": { + "type": "git", + "url": "https://github.com/litesaml/lightsaml.git", + "reference": "da88de24e699418918a128f0142dd09e2c41dd38" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/litesaml/lightsaml/zipball/da88de24e699418918a128f0142dd09e2c41dd38", + "reference": "da88de24e699418918a128f0142dd09e2c41dd38", + "shasum": "" + }, + "require": { + "php": ">=7.4", + "psr/event-dispatcher": "^1.0", + "robrichards/xmlseclibs": "~2.0|~3.0|~4.0", + "symfony/http-foundation": "~5.0|~6.0|~7.0" + }, + "require-dev": { + "litesaml/schemas": "~1.0.0", + "marcocesarato/php-conventional-changelog": "^1.15", + "monolog/monolog": "^2.0|^3.0", + "phpstan/phpstan": "^1.8", + "phpunit/phpunit": "~8.4|~9.5", + "pimple/pimple": "~3.0", + "squizlabs/php_codesniffer": "^3.6", + "symfony/css-selector": "~5.0|~6.0|~7.0", + "symfony/dom-crawler": "~5.0|~6.0|~7.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "LightSaml\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "William", + "email": "work@suppo.fr" + }, + { + "name": "Milos Tomic", + "email": "tmilos@gmail.com", + "homepage": "https://github.com/tmilos/", + "role": "Developer" + } + ], + "description": "SAML 2.0 PHP library", + "keywords": [ + "SAML 2.0", + "Single Logout", + "Single SignOn", + "library", + "lightSAML", + "php" + ], + "support": { + "docs": "https://docs.litesaml.com", + "issues": "https://github.com/litesaml/lightsaml/issues", + "source": "https://github.com/litesaml/lightsaml" + }, + "time": "2024-02-08T11:59:00+00:00" + }, + { + "name": "paragonie/constant_time_encoding", + "version": "v3.0.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/constant_time_encoding.git", + "reference": "df1e7fde177501eee2037dd159cf04f5f301a512" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/df1e7fde177501eee2037dd159cf04f5f301a512", + "reference": "df1e7fde177501eee2037dd159cf04f5f301a512", + "shasum": "" + }, + "require": { + "php": "^8" + }, + "require-dev": { + "phpunit/phpunit": "^9", + "vimeo/psalm": "^4|^5" + }, + "type": "library", + "autoload": { + "psr-4": { + "ParagonIE\\ConstantTime\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com", + "role": "Maintainer" + }, + { + "name": "Steve 'Sc00bz' Thomas", + "email": "steve@tobtu.com", + "homepage": "https://www.tobtu.com", + "role": "Original Developer" + } + ], + "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)", + "keywords": [ + "base16", + "base32", + "base32_decode", + "base32_encode", + "base64", + "base64_decode", + "base64_encode", + "bin2hex", + "encoding", + "hex", + "hex2bin", + "rfc4648" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/constant_time_encoding/issues", + "source": "https://github.com/paragonie/constant_time_encoding" + }, + "time": "2024-05-08T12:36:18+00:00" + }, + { + "name": "paragonie/random_compat", + "version": "v9.99.100", + "source": { + "type": "git", + "url": "https://github.com/paragonie/random_compat.git", + "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a", + "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a", + "shasum": "" + }, + "require": { + "php": ">= 7" + }, + "require-dev": { + "phpunit/phpunit": "4.*|5.*", + "vimeo/psalm": "^1" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + }, + "type": "library", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "polyfill", + "pseudorandom", + "random" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/random_compat/issues", + "source": "https://github.com/paragonie/random_compat" + }, + "time": "2020-10-15T08:29:30+00:00" + }, + { + "name": "phpseclib/phpseclib", + "version": "3.0.41", + "source": { + "type": "git", + "url": "https://github.com/phpseclib/phpseclib.git", + "reference": "621c73f7dcb310b61de34d1da4c4204e8ace6ceb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/621c73f7dcb310b61de34d1da4c4204e8ace6ceb", + "reference": "621c73f7dcb310b61de34d1da4c4204e8ace6ceb", + "shasum": "" + }, + "require": { + "paragonie/constant_time_encoding": "^1|^2|^3", + "paragonie/random_compat": "^1.4|^2.0|^9.99.99", + "php": ">=5.6.1" + }, + "require-dev": { + "phpunit/phpunit": "*" + }, + "suggest": { + "ext-dom": "Install the DOM extension to load XML formatted public keys.", + "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.", + "ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.", + "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.", + "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations." + }, + "type": "library", + "autoload": { + "files": [ + "phpseclib/bootstrap.php" + ], + "psr-4": { + "phpseclib3\\": "phpseclib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jim Wigginton", + "email": "terrafrost@php.net", + "role": "Lead Developer" + }, + { + "name": "Patrick Monnerat", + "email": "pm@datasphere.ch", + "role": "Developer" + }, + { + "name": "Andreas Fischer", + "email": "bantu@phpbb.com", + "role": "Developer" + }, + { + "name": "Hans-Jürgen Petrich", + "email": "petrich@tronic-media.com", + "role": "Developer" + }, + { + "name": "Graham Campbell", + "email": "graham@alt-three.com", + "role": "Developer" + } + ], + "description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.", + "homepage": "http://phpseclib.sourceforge.net", + "keywords": [ + "BigInteger", + "aes", + "asn.1", + "asn1", + "blowfish", + "crypto", + "cryptography", + "encryption", + "rsa", + "security", + "sftp", + "signature", + "signing", + "ssh", + "twofish", + "x.509", + "x509" + ], + "support": { + "issues": "https://github.com/phpseclib/phpseclib/issues", + "source": "https://github.com/phpseclib/phpseclib/tree/3.0.41" + }, + "funding": [ + { + "url": "https://github.com/terrafrost", + "type": "github" + }, + { + "url": "https://www.patreon.com/phpseclib", + "type": "patreon" + }, + { + "url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib", + "type": "tidelift" + } + ], + "time": "2024-08-12T00:13:54+00:00" + }, + { + "name": "psr/event-dispatcher", + "version": "1.0.0", + "source": { + "type": "git", + "url": "https://github.com/php-fig/event-dispatcher.git", + "reference": "dbefd12671e8a14ec7f180cab83036ed26714bb0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/event-dispatcher/zipball/dbefd12671e8a14ec7f180cab83036ed26714bb0", + "reference": "dbefd12671e8a14ec7f180cab83036ed26714bb0", + "shasum": "" + }, + "require": { + "php": ">=7.2.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\EventDispatcher\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" + } + ], + "description": "Standard interfaces for event handling.", + "keywords": [ + "events", + "psr", + "psr-14" + ], + "support": { + "issues": "https://github.com/php-fig/event-dispatcher/issues", + "source": "https://github.com/php-fig/event-dispatcher/tree/1.0.0" + }, + "time": "2019-01-08T18:20:26+00:00" + }, + { + "name": "robrichards/xmlseclibs", + "version": "3.1.1", + "source": { + "type": "git", + "url": "https://github.com/robrichards/xmlseclibs.git", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">= 5.4" + }, + "type": "library", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "A PHP library for XML Security", + "homepage": "https://github.com/robrichards/xmlseclibs", + "keywords": [ + "security", + "signature", + "xml", + "xmldsig" + ], + "support": { + "issues": "https://github.com/robrichards/xmlseclibs/issues", + "source": "https://github.com/robrichards/xmlseclibs/tree/3.1.1" + }, + "time": "2020-09-05T13:00:25+00:00" + }, + { + "name": "symfony/http-foundation", + "version": "v7.1.3", + "source": { + "type": "git", + "url": "https://github.com/symfony/http-foundation.git", + "reference": "f602d5c17d1fa02f8019ace2687d9d136b7f4a1a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/http-foundation/zipball/f602d5c17d1fa02f8019ace2687d9d136b7f4a1a", + "reference": "f602d5c17d1fa02f8019ace2687d9d136b7f4a1a", + "shasum": "" + }, + "require": { + "php": ">=8.2", + "symfony/polyfill-mbstring": "~1.1", + "symfony/polyfill-php83": "^1.27" + }, + "conflict": { + "doctrine/dbal": "<3.6", + "symfony/cache": "<6.4" + }, + "require-dev": { + "doctrine/dbal": "^3.6|^4", + "predis/predis": "^1.1|^2.0", + "symfony/cache": "^6.4|^7.0", + "symfony/dependency-injection": "^6.4|^7.0", + "symfony/expression-language": "^6.4|^7.0", + "symfony/http-kernel": "^6.4|^7.0", + "symfony/mime": "^6.4|^7.0", + "symfony/rate-limiter": "^6.4|^7.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\HttpFoundation\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Defines an object-oriented layer for the HTTP specification", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/http-foundation/tree/v7.1.3" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-07-26T12:41:01+00:00" + }, + { + "name": "symfony/polyfill-mbstring", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-mbstring.git", + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "provide": { + "ext-mbstring": "*" + }, + "suggest": { + "ext-mbstring": "For best performance" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Mbstring\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill for the Mbstring extension", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "mbstring", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-06-19T12:30:46+00:00" + }, + { + "name": "symfony/polyfill-php83", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php83.git", + "reference": "dbdcdf1a4dcc2743591f1079d0c35ab1e2dcbbc9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php83/zipball/dbdcdf1a4dcc2743591f1079d0c35ab1e2dcbbc9", + "reference": "dbdcdf1a4dcc2743591f1079d0c35ab1e2dcbbc9", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php83\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 8.3+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php83/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-06-19T12:35:24+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [], + "plugin-api-version": "2.6.0" +} diff --git a/qa-tool/htdocs/config/config.php b/qa-tool/htdocs/config/config.php new file mode 100644 index 0000000..07a9af3 --- /dev/null +++ b/qa-tool/htdocs/config/config.php @@ -0,0 +1,35 @@ + $docbee_user, // Benutzername + 'password' => $docbee_pass, // Passwort + 'lifeTime' => $docbee_time, // Gültigkeit in Minuten + 'lifeTimeRefresh' => true // Token-Lebenszeit bei jedem Call verlängern +]; + +$ch = curl_init($loginEndpoint); +curl_setopt_array($ch, [ + CURLOPT_RETURNTRANSFER => true, + CURLOPT_POST => true, + CURLOPT_HTTPHEADER => ['Content-Type: application/json', 'Accept: application/json'], + CURLOPT_POSTFIELDS => json_encode($payload, JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE), + CURLOPT_TIMEOUT => 20, +]); + +$response = curl_exec($ch); +$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); +if ($response === false) { + throw new RuntimeException('cURL error: ' . curl_error($ch)); +} +curl_close($ch); + +if ($httpCode !== 200) { + // 401 bei falschen Credentials usw. + throw new RuntimeException("Login fehlgeschlagen, HTTP $httpCode: $response"); +} + +$data = json_decode($response, true, 512, JSON_THROW_ON_ERROR); +$docbee_token = $data['access_token'] ?? null; +if (!$docbee_token) { + throw new RuntimeException('Kein access_token in der Antwort gefunden.'); +} + +?> + + + + + + + QA System + + + + + + + +
+
+ +

QA System

+
+
+ + Keine Vorlage geladen +
+
+ + +
+
+ + + GitLab: nicht verbunden + DocBee: unbekannt +
+ + + + + + + +
+ +
+ + + + + + + + + + +
StepExpectedStatusKommentar/Evidenz
+
+ + +
+
+ + +
+ + + + + +
+ + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/qa-tool/htdocs/js/docbee.js b/qa-tool/htdocs/js/docbee.js new file mode 100644 index 0000000..60bfe39 --- /dev/null +++ b/qa-tool/htdocs/js/docbee.js @@ -0,0 +1,151 @@ +// auto-split module + + + function sleep(ms) { + return new Promise(r => setTimeout(r, ms)); + } + + + async function getJSON(url) { + const r = await fetch(url, { + method: "GET", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Accept": "application/json" + } + }); + const text = await r.text().catch(() => "-"); + let json = null; + try { + json = JSON.parse(text); + } catch {} + console.log("[DocBee][GET]", url); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + return { + ok: r.ok, + status: r.status, + json, + text + }; + } + + +async function putJSON(url, body) { + const r = await fetch(url, { + method: "PUT", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Content-Type": "application/json; charset=utf-8", + "Accept": "application/json" + }, + body: JSON.stringify(body) + }); + const text = await r.text().catch(() => "-"); + console.log("[DocBee][PUT]", url, body); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + let json = null; + try { + json = JSON.parse(text); + } catch {} + return { + ok: r.ok, + status: r.status, + json, + text + }; +} + + +async function postJSON(url, body) { + const r = await fetch(url, { + method: "POST", + headers: { + "Authorization": "Bearer " + DOCBEE_TOKEN, + "Content-Type": "application/json; charset=utf-8", + "Accept": "application/json" + }, + body: JSON.stringify(body) + }); + const text = await r.text().catch(() => "-"); + console.log("[DocBee][POST]", url, body); + console.log("[DocBee][RES]", r.status, text.slice(0, 700)); + if (r.status === 401) { + try { + updateTokenBadge("bad"); + } catch (_) {} + } + return { + ok: r.ok, + status: r.status, + text + }; +} + + +async function restoreTicketStatus(ticketId, prevStatusId) { + try { + const maxLoops = 5; // ~30s + let stable = 0; + for (let i = 0; i < maxLoops; i++) { + await sleep(100); + const tCur = await getJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}?fields=ticketStatus`); + const curId = tCur?.json?.ticketStatus ?? null; + if (curId == null) break; + if (curId !== prevStatusId) { + let r = await putJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}`, { + ticketStatus: { + id: prevStatusId + } + }); + if (!r.ok) { + await putJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}`, { + status: { + id: prevStatusId + } + }); + } + stable = 0; + } else { + stable++; + if (stable >= 2) break; + } + } + } catch (e) { + console.warn("[DocBee] restoreTicketStatus failed:", e); + } +} + + +async function setTicketStatus(ticketId, statusId) { + const base = `${DOCBEE_BASEURL}/restApi/v1`; + const tries = [ + () => putJSON(`${base}/ticket/${ticketId}`, { + ticketStatus: statusId + }), + ]; + let last = null; + for (let i = 0; i < tries.length; i++) { + try { + const r = await tries[i](); + console.log(`[DocBee][STATUS][try ${i}]`, r?.status, r?.ok); + if (r && r.ok) return { + ok: true, + variant: i, + status: r.status, + text: r.text + }; + last = r; + } catch (e) { + console.warn(`[DocBee][STATUS][try ${i}] exception`, e); + last = { + ok: false, + status: 0, + text: String(e) + }; + } + } + return last || { + ok: false + }; +} + diff --git a/qa-tool/htdocs/js/export.js b/qa-tool/htdocs/js/export.js new file mode 100644 index 0000000..39cbc47 --- /dev/null +++ b/qa-tool/htdocs/js/export.js @@ -0,0 +1,93 @@ +// auto-split module + + +async function exportAll() { + console.log('exportAll START'); + const run = collectRun(); + console.log('collectRun()', run); + if (!run) { + alert('Kein Template/keine Steps: bitte Template laden oder Steps anlegen.'); + return; + } + if (!checkRequired(run)) { + console.log('checkRequired() failed'); + return; + } + renumberSteps(); + + // 1) Push to DocBee using existing function (if token available) + let pushedDocBee = null; + try { + if (window.DOCBEE_TOKEN && window.DOCBEE_TOKEN.length > 10) { + pushedDocBee = await postToDocBee(true); // variant returning URL + if (pushedDocBee && typeof pushedDocBee === 'string') { + run.docbee_url = pushedDocBee; + } + } + } catch (e) { + console.warn('DocBee push failed:', e); + } + + // 2) Generate PDF client-side + const pdfBlob = await generatePdfBlob(run).catch(() => null); + + // 3) Upload to server (DB + PDF) + const fd = new FormData(); + fd.append('run', JSON.stringify(run)); + if (pdfBlob) fd.append('pdf', pdfBlob, 'report.pdf'); + + const res = await fetch('/api/export.php', { + method: 'POST', + body: fd + }); + const raw = await res.text(); + let json; + try { + json = JSON.parse(raw); + } catch { + json = null; + } + console.log('Server response:', raw); + if (!res.ok || !json || json.ok === false) { + alert('Serverfehler beim Export:\n' + (json?.error || raw || ('HTTP ' + res.status))); + return; + } + + alert('Export fertig:\n' + + (run.docbee_url ? ('DocBee: ' + run.docbee_url + '\n') : '') + + (json.pdf_path ? ('PDF gespeichert: ' + json.pdf_path + '\n') : '') + + ('Report-ID: ' + json.report_id)); +} + + +function exportTemplateYAML() { + const tpl = collectTemplateFromDOM(); + let yml = ''; + if (window.jsyaml && jsyaml.dump) { + yml = jsyaml.dump(tpl, { + lineWidth: 100 + }); + } else { + yml += `name: "${tpl.name||''}"\n`; + yml += `module: "${tpl.module||''}"\n`; + yml += `module_version: "${tpl.module_version||''}"\n`; + yml += `pbx_version: "${tpl.pbx_version||''}"\n`; + yml += `olm_nummer: "${tpl.olm_nummer||''}"\n`; + yml += `steps:\n`; + tpl.steps.forEach(s => { + if (s.type === 'group') { + yml += ` - type: "group"\n`; + yml += ` title: "${(s.title||'').replace(/"/g,'\\"')}"\n`; + } else { + yml += ` - type: "step"\n`; + yml += ` id: "${s.id||''}"\n`; + yml += ` title: "${(s.title||'').replace(/"/g,'\\"')}"\n`; + yml += ` expected: "${(s.expected||'').replace(/"/g,'\\"')}"\n`; + yml += ` required: ${s.required ? 'true':'false'}\n`; + } + }); + } + const base = `qa-template-${safeName(tpl.module)}-${safeName(tpl.module_version)}-${safeName(tpl.pbx_version)}`; + download(yml, `${base}.yaml`, 'text/yaml'); +} + diff --git a/qa-tool/htdocs/js/flow.js b/qa-tool/htdocs/js/flow.js new file mode 100644 index 0000000..86b646e --- /dev/null +++ b/qa-tool/htdocs/js/flow.js @@ -0,0 +1,314 @@ +// auto-split module + + + async function tryLoad(urls) { + for (const u of urls) { + try { + await loadScript(u); + } catch (_) {} + if (window.jspdf && window.jspdf.jsPDF) return true; + } + return !!(window.jspdf && window.jspdf.jsPDF); + } + + + function go(){ + try{ window.focus(); }catch(e){} + setTimeout(function(){ window.print(); }, 120); + } + + + + function applyRun(run) { + template = { + name: run.name || '', + steps: (run.steps || []).map(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') return { + kind: 'group', + title: s.title || '' + }; + return { + kind: 'step', + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required, + status: s.status || '', + comment: s.comment || '', + evidence: s.evidence || '' + }; + }) + }; + if (els.tplName) els.tplName.textContent = run.name || '—'; + if (els.module) els.module.value = run.module || ''; + if (els.moduleVersion) els.moduleVersion.value = run.module_version || ''; + if (els.pbxVersion) els.pbxVersion.value = run.pbx_version || ''; + if (els.tester) els.tester.value = run.tester || ''; + if (els.docbeeUrl) els.docbeeUrl.value = run.docbee_url || ''; + renderSteps(template.steps); + recomputeGroupStyles(); + if (els.statusTag) els.statusTag.textContent = 'Lauf geladen'; + updateAutosave(); + } + + + + function applyTemplateOnly(tplObj) { + template = { + name: tplObj.name || '', + steps: (tplObj.steps || []).map(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') return { + kind: 'group', + title: s.title || '' + }; + return { + kind: 'step', + id: s.id || '', + title: s.title || '', + expected: s.expected || '', + required: !!s.required, + status: '', + comment: '', + evidence: '' + }; + }) + }; + if (els.tplName) els.tplName.textContent = template.name || '—'; + if (els.module) els.module.value = tplObj.module || ''; + if (els.moduleVersion) els.moduleVersion.value = tplObj.module_version || ''; + if (els.pbxVersion) els.pbxVersion.value = tplObj.pbx_version || ''; + renderSteps(template.steps); + recomputeGroupStyles(); + if (els.statusTag) els.statusTag.textContent = 'Template geladen'; + updateAutosave(); + } + + +function collectTemplateFromDOM() { + if (!template) return { + name: '', + module: '', + module_version: '', + pbx_version: '', + olm_nummer: '', + steps: [] + }; + captureEditsIntoTemplate(); + renumberSteps(); + return { + name: template?.name || els.tplName?.textContent || '', + module: els.module.value, + module_version: els.moduleVersion.value, + pbx_version: els.pbxVersion.value, + olm_nummer: els.olmNummer ? els.olmNummer.value : '', + steps: template.steps.map(s => { + if ((s.kind || 'step') === 'group') return { + type: 'group', + title: s.title + }; + return { + type: 'step', + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required + }; + }) + }; +} + + +function collectRun() { + if (!template) return null; + captureEditsIntoTemplate(); + return { + name: template?.name || '', + module: els.module.value, + module_version: els.moduleVersion.value, + pbx_version: els.pbxVersion.value, + olm_nummer: els.olmNummer ? els.olmNummer.value : '', + tester: els.tester.value, + docbee_url: els.docbeeUrl.value, + ts: new Date().toISOString(), + steps: [...template.steps] + }; +} + + + +function appendResultLink(createdJSON) { + let link = null; + try { + const j = JSON.parse(createdJSON || "{}"); + link = j?.link || null; + } catch {} + + // Ticket-ID aus dem Eingabefeld (falls vorhanden) extrahieren + const ticketId = extractTicketId(els.docbeeUrl?.value || ''); + + // Ziel-URL bestimmen: + // 1) Falls API bereits einen Pfad liefert (z. B. "ticket/show/123"), normieren. + // 2) Sonst UI-Link über bekannte Struktur /ticket/show/%ID% bauen. + let url = null; + if (link) { + if (/^https?:\/\//i.test(link)) { + url = link; // bereits absolute URL + } else { + url = DOCBEE_UI_BASE.replace(/\/+$/, '') + '/' + String(link).replace(/^\/+/, ''); + } + } else if (ticketId) { + url = `${DOCBEE_UI_BASE.replace(/\/+$/,'')}/ticket/show/${ticketId}`; + } + if (!url) return; + + const hint = document.createElement('div'); + hint.className = 'docbee-hint'; + hint.innerHTML = `✅ Angelegt: ${url}`; + document.querySelector('.actions')?.appendChild(hint); +} + + +function formatDocBeeMessage(run) { + const pad = (s, n) => (s || '').length > n ? (s || '').slice(0, n - 1) + '…' : (s || '').padEnd(n, ' '); + const fmtDate = new Date(run.ts).toLocaleString('de-DE'); + + // Kurz-Summary (nur echte Steps zählen) + const counts = { + pass: 0, + fail: 0, + skip: 0, + blocked: 0 + }; + (run.steps || []).forEach(s => { + const k = s.kind || s.type || 'step'; + if (k !== 'step') return; + if (counts[s.status] !== undefined) counts[s.status]++; + }); + const summary = `✅ ${counts.pass} | ❌ ${counts.fail} | ⏭️ ${counts.skip} | ⛔ ${counts.blocked}`; + + // Kopf + Metadaten (out VOR jeglicher Nutzung initialisieren) + let out = ''; + out += `QA REPORT\n`; + out += `===========\n`; + out += `Modul: ${run.module || ''}\n`; + out += `Modul-Version:${run.module_version || ''}\n`; + out += `PBX-Version: ${run.pbx_version || ''}\n`; + out += `Tester: ${run.tester || ''}\n`; + if (run.docbee_url) out += `Ticket: ${run.docbee_url}\n`; + out += `Datum: ${fmtDate}\n\n`; + out += `Übersicht: ${summary}\n\n`; + + // Tabelle (monospace-geeignet) + const SEP = '────────────────────────────────────────────────────────────────────────'; + out += `${SEP}\n`; + out += `${pad('Schritt', 12)} ${pad('Status', 7)} ${pad('Titel', 52)}\n`; + out += `${SEP}\n`; + + (run.steps || []).forEach(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') { + out += `\n## ${s.title || ''}\n\n`; + return; + } + const st = (s.status || '').toUpperCase(); // PASS/FAIL/SKIP/BLOCKED/… + const stShort = st === 'BLOCKED' ? 'BLOCK' : st; + const SMAP = { + pass: '✅', + fail: '❌', + skip: '⏭️', + blocked: '⛔' + }; + const stLabel = (SMAP[(s.status || '').toLowerCase()] ? + SMAP[(s.status || '').toLowerCase()] + ' ' : + '') + stShort; + const req = s.required ? '📌 ' : ''; + out += `${pad(s.id || '', 12)} ${pad(stLabel, 9)} ${pad(req + (s.title || ''), 50)}\n`; + if (s.comment) out += ` • Kommentar: ${s.comment}\n`; + if (s.evidence) out += ` • Evidenz: ${s.evidence}\n`; + }); + out += `${SEP}\n`; + out += `Legende: PASS=✅, FAIL=❌, SKIP=⏭️, BLOCK=⛔\n`; + return out; +} + + + + +async function postToDocBee() { + const run = collectRun(); + if (!run) return; + if (!checkRequired(run)) return; + + const ticketId = extractTicketId(els.docbeeUrl?.value || ''); + if (!ticketId) { + alert("Keine Ticket-ID in der DocBee-URL gefunden."); + return; + } + if (!hasToken()) { + alert("Kein API-Token konfiguriert."); + return; + } + + // Kommentarinhalt (Markdown) + const content = formatDocBeeMessage(run); + + // alten Vorgangs-Status holen (Vorgangs-Status = ticketStatus) + const tGet = await getJSON(`${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}?fields=ticketStatus`); + const prevStatusId = tGet?.json?.ticketStatus ?? null; + + // Busy-State + els.btnPushDocBee?.setAttribute('disabled', ''); + els.btnPushDocBee?.classList.add('is-busy'); + + try { + + // *** Message posten (muss Message sein) *** + const url = `${DOCBEE_BASEURL}/restApi/v1/ticket/${ticketId}/message`; + const rMsg = await postJSON(url, { + content: content, + subject: `QA Report ${ticketId}`, + internal: true, + hidden: false + }); + + if (rMsg.ok) { + // kurze Wartezeit, dann Status ggf. zurücksetzen (gegen Auto-"Antwort erhalten") + await sleep(800); + if (prevStatusId != null) { + await restoreTicketStatus(ticketId, prevStatusId); + } + appendResultLink(rMsg.text); + alert("Nachricht im Ticket angelegt (Status beibehalten)."); + return; + } + + + if (ENABLE_FALLBACK_NOTE) { + const rNote = await postJSON(`${DOCBEE_BASEURL}/restApi/v1/note`, { + note: { + ticket: { + id: Number(ticketId) + }, + subject: `QA Report ${ticketId}`, + text: content, + internal: false + } + }); + if (rNote.ok) { + appendResultLink(rNote.text); + alert("Notiz angelegt (Fallback)."); + return; + } + alert(`Fehler: MSG ${rMsg.status}, NOTE ${rNote.status}`); + } else { + alert(`Nachricht fehlgeschlagen (Status ${rMsg.status}). Details siehe Konsole.`); + } + } catch (e) { + alert("DocBee-Request fehlgeschlagen: " + String(e)); + } finally { + els.btnPushDocBee?.removeAttribute('disabled'); + els.btnPushDocBee?.classList.remove('is-busy'); + } +} \ No newline at end of file diff --git a/qa-tool/htdocs/js/gitlab.js b/qa-tool/htdocs/js/gitlab.js new file mode 100644 index 0000000..0a16ded --- /dev/null +++ b/qa-tool/htdocs/js/gitlab.js @@ -0,0 +1,102 @@ +// auto-split module + +const GITLAB = { + host: (window.GITLAB && window.GITLAB.host) || "https://git.steinert.cc", + projectId: (window.GITLAB && window.GITLAB.projectId) || "qa/templates", + ref: (window.GITLAB && window.GITLAB.ref) || "main", + path: (window.GITLAB && window.GITLAB.path) || "templates", + token: (window.GITLAB && window.GITLAB.token) || "" +}; + +// auto-split module + + +function glHeaders() { + const h = { + "Accept": "application/json" + }; + if (GITLAB.token && GITLAB.token.trim()) h["PRIVATE-TOKEN"] = GITLAB.token.trim(); + return h; +} + + +async function listGitlabTemplates() { + const url = `${GITLAB.host}/api/v4/projects/${encodeURIComponent(GITLAB.projectId)}/repository/tree?path=${encodeURIComponent(GITLAB.path)}&ref=${encodeURIComponent(GITLAB.ref)}&per_page=100`; + const r = await fetch(url, { + headers: glHeaders() + }); + if (!r.ok) throw new Error(`GitLab Tree ${r.status}`); + const items = await r.json(); + return items.filter(it => it.type === "blob" && /\.ya?ml$/i.test(it.name)).map(it => ({ + name: it.name, + path: it.path + })); +} + + +async function fetchGitlabFileRaw(filePath) { + const url = `${GITLAB.host}/api/v4/projects/${encodeURIComponent(GITLAB.projectId)}/repository/files/${encodeURIComponent(filePath)}/raw?ref=${encodeURIComponent(GITLAB.ref)}`; + const r = await fetch(url, { + headers: glHeaders(), + cache: "no-store" + }); + if (!r.ok) throw new Error(`GitLab Raw ${r.status}`); + return await r.text(); +} + + +async function populateGitlabDropdown() { + const sel = els.gitlabTplSelect, + tag = els.gitlabTplStatus; + if (!sel) return; + sel.innerHTML = ``; + try { + tag && (tag.textContent = "GitLab: lade Liste…"); + const files = await listGitlabTemplates(); + files.forEach(f => { + const opt = document.createElement('option'); + opt.value = f.path; + opt.textContent = f.name; + sel.appendChild(opt); + }); + tag && (tag.textContent = files.length ? `GitLab: ${files.length} Vorlage(n)` : "GitLab: keine YAMLs gefunden"); + } catch (e) { + tag && (tag.textContent = "GitLab: Fehler"); + console.error("[GitLab] list failed:", e); + alert("GitLab-Liste konnte nicht geladen werden: " + e.message); + } +} + + +function loadYAMLText(yamlText) { + const obj = parseTemplate(yamlText); + if (!obj || !Array.isArray(obj.steps)) throw new Error('Ungültige Vorlage: "steps" fehlt.'); + // Normalisieren: type→kind, default "step" + obj.steps = obj.steps.map(s => { + const k = s.kind || s.type || 'step'; + if (k === 'group') return { + kind: 'group', + title: s.title || s.name || '', + collapsed: !!s.collapsed + }; + return { + kind: 'step', + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required, + status: s.status || '', + comment: s.comment || '', + evidence: s.evidence || '' + }; + }); + template = obj; + if (els.tplName) els.tplName.textContent = obj.name || '—'; + if (obj.module) els.module.value = obj.module; + if (obj.module_version) els.moduleVersion.value = obj.module_version; + if (obj.pbx_version) els.pbxVersion.value = obj.pbx_version; + renderSteps(obj.steps); + if (els.statusTag) els.statusTag.textContent = 'Vorlage geladen'; + updateAutosave(); +} + diff --git a/qa-tool/htdocs/js/main.js b/qa-tool/htdocs/js/main.js new file mode 100644 index 0000000..c4f8012 --- /dev/null +++ b/qa-tool/htdocs/js/main.js @@ -0,0 +1,253 @@ +// ===================== QA App – komplette app.js ===================== + +// === DocBee: Token HIER eintragen === +const DOCBEE_TOKEN = window.DOCBEE_TOKEN || ""; // DocBee Token eintragen" +const ENABLE_FALLBACK_NOTE = false; // auf true setzen, falls bei Fehler automatisch Notiz angelegt werden soll + +window.addEventListener('error', e => { + try { + console.error(e.error || e.message || e); + } catch (_) {} + alert('JS-Fehler: ' + (e.message || e)); +}); + +let template = null; // {name,module,module_version,pbx_version,steps:[...]} + + + + +// === DOM-Refs === +const els = { + yamlFile: document.getElementById('yamlFile'), + stepsTableBody: document.querySelector('#stepsTable tbody'), + tplName: document.getElementById('tplName'), + statusTag: document.getElementById('statusTag'), + module: document.getElementById('module'), + moduleVersion: document.getElementById('moduleVersion'), + pbxVersion: document.getElementById('pbxVersion'), + tester: document.getElementById('tester'), + olmNummer: document.getElementById('olmNummer'), + docbeeUrl: document.getElementById('docbeeUrl'), + btnAddStep: document.getElementById('btnAddStep'), + btnSaveJSON: document.getElementById('btnSaveJSON'), + loadJSON: document.getElementById('loadJSON'), + btnAddGroup: document.getElementById('btnAddGroup'), + btnExportTemplateYAML: document.getElementById('btnExportTemplateYAML'), + btnExportAll: document.getElementById('btnExportAll'), + gitlabTplSelect: document.getElementById('gitlabTplSelect'), + gitlabTplStatus: document.getElementById('gitlabTplStatus'), + docbeeTokenStatus: document.getElementById('docbeeTokenStatus'), + btnGitlabReload: document.getElementById('btnGitlabReload'), +}; +// === Drag Guard + Observer: Nur Drag über expliziten Griff zulassen === +function enforceDragHandleOnly() { + if (!els.stepsTableBody) return; + els.stepsTableBody.querySelectorAll('tr[draggable="true"]').forEach(tr => tr.setAttribute('draggable', 'false')); + els.stepsTableBody.querySelectorAll('.drag-handle').forEach(h => h.setAttribute('draggable', 'true')); +} +document.addEventListener('DOMContentLoaded', () => { + if (els.stepsTableBody) { + const mo = new MutationObserver(() => enforceDragHandleOnly()); + mo.observe(els.stepsTableBody, { + childList: true, + subtree: true + }); + enforceDragHandleOnly(); + } +}); +document.addEventListener('dragstart', (e) => { + if (!e.target.closest('.drag-handle')) { + e.preventDefault(); + } +}, { + capture: true +}); + + +// === GitLab Events === +if (els.gitlabTplSelect) els.gitlabTplSelect.addEventListener('change', async (e) => { + const p = e.target.value; + if (!p) return; + try { + els.gitlabTplStatus && (els.gitlabTplStatus.textContent = "GitLab: lade Datei…"); + const y = await fetchGitlabFileRaw(p); + loadYAMLText(y); + els.gitlabTplStatus && (els.gitlabTplStatus.textContent = `GitLab: geladen – ${p.split('/').pop()}`); + } catch (err) { + els.gitlabTplStatus && (els.gitlabTplStatus.textContent = "GitLab: Fehler"); + console.error("[GitLab] raw failed:", err); + alert("Vorlage aus GitLab konnte nicht geladen werden: " + err.message); + } +}); + +if (els.btnGitlabReload) els.btnGitlabReload.addEventListener('click', (e) => { + e.preventDefault(); + populateGitlabDropdown(); +}); + +// === Drag & Drop (Rows verschieben, inkl. Gruppen) === +let dragIndex = -1; +// ===== Funktion: rowIndexOf ===== +// Zweck: siehe Inline-Kommentare im Funktionskörper. +function rowIndexOf(target) { + const tr = target.closest('tr'); + if (!tr) return -1; + return [...els.stepsTableBody.children].indexOf(tr); +} +els.stepsTableBody && els.stepsTableBody.addEventListener('dragstart', (e) => { + if (!e.target.closest('.drag-handle')) { + e.preventDefault(); + return; + } + const i = rowIndexOf(e.target); + if (i < 0) return; + dragIndex = i; + e.dataTransfer?.setData('text/plain', String(i)); + if (e.dataTransfer) e.dataTransfer.effectAllowed = 'move'; + const row = e.target.closest('tr') || e.target; + e.dataTransfer?.setDragImage?.(row, 16, 16); + row.classList.add('dragging'); +}); +els.stepsTableBody && els.stepsTableBody.addEventListener('dragend', (e) => { + const tr = e.target.closest('tr'); + if (tr) tr.classList.remove('dragging'); + [...els.stepsTableBody.children].forEach(r => { + r.classList.remove('drag-over'); + r.removeAttribute('data-pos'); + }); + dragIndex = -1; +}); +els.stepsTableBody && els.stepsTableBody.addEventListener('dragover', (e) => { + e.preventDefault(); + const tr = e.target.closest('tr'); + if (!tr) return; + [...els.stepsTableBody.children].forEach(r => { + r.classList.remove('drag-over'); + r.removeAttribute('data-pos'); + }); + tr.classList.add('drag-over'); + const rect = tr.getBoundingClientRect(); + const pos = (e.clientY - rect.top) < rect.height / 2 ? 'before' : 'after'; + tr.setAttribute('data-pos', pos); +}); +els.stepsTableBody && els.stepsTableBody.addEventListener('drop', (e) => { + e.preventDefault(); + captureEditsIntoTemplate(); + const from = dragIndex >= 0 ? dragIndex : parseInt(e.dataTransfer?.getData('text/plain') || '-1', 10); + const tr = e.target.closest('tr'); + if (from < 0 || !tr) return; + const toBase = rowIndexOf(tr); + const pos = tr.getAttribute('data-pos') || 'after'; + let to = toBase + (pos === 'after' ? 1 : 0); + if (to === from || to - 1 === from) { + renderSteps(template.steps); + recomputeGroupStyles(); + return; + } + // Element verschieben + const item = template.steps.splice(from, 1)[0]; + if (to > from) to--; // nach dem Entfernen verschiebt sich Index + template.steps.splice(to, 0, item); + ensureRenumberAndRender(); +}); + +document.getElementById('stepsTable')?.addEventListener('change', (e) => { + if (e.target && e.target.matches('select.status')) { + updateStatusClass(e.target); + recomputeGroupStyles(); + } +}); + +els.btnExportMD && els.btnExportMD.addEventListener('click', exportMD); +els.btnExportCSV && els.btnExportCSV.addEventListener('click', exportCSV); +els.btnPrintPDF && els.btnPrintPDF.addEventListener('click', printPDF); +els.btnExportTemplateYAML && els.btnExportTemplateYAML.addEventListener('click', exportTemplateYAML); + +els.btnSaveJSON && els.btnSaveJSON.addEventListener('click', () => { + const run = collectRun(); + if (!run) return; + if (!checkRequired(run)) return; + const base = `qa-run-${safeName(run.module)}-${safeName(run.module_version)}-${safeName(run.pbx_version)}`; + download(JSON.stringify(run, null, 2), `${base}.json`, 'application/json'); +}); +els.loadJSON && els.loadJSON.addEventListener('change', async (e) => { + const f = e.target.files?.[0]; + if (!f) return; + const txt = await f.text(); + try { + const run = JSON.parse(txt); + template = { + name: run.name || '', + steps: (run.steps || []).map(s => ({ + id: s.id, + title: s.title, + expected: s.expected, + required: !!s.required, + status: s.status || '', + comment: s.comment || '', + evidence: s.evidence || '' + })) + }; + if (els.tplName) els.tplName.textContent = run.name || '—'; + els.module.value = run.module || ''; + els.moduleVersion.value = run.module_version || ''; + els.pbxVersion.value = run.pbx_version || ''; + els.tester.value = run.tester || ''; + els.docbeeUrl.value = run.docbee_url || ''; + renderSteps(template.steps); + recomputeGroupStyles(); + if (els.statusTag) els.statusTag.textContent = 'Lauf geladen'; + updateAutosave(); + } catch (err) { + alert('Ungültiges JSON: ' + err.message); + } +}); + +// === Bindings absichern + Busy-Fix + Mini-CSS === +(function ensureBindings() { + // ===== Funktion: bind ===== + // Zweck: siehe Inline-Kommentare im Funktionskörper. + function bind() { + const b = document.getElementById('btnPushDocBee'); + if (b) { + b.removeAttribute('disabled'); + b.classList.remove('is-busy'); + b.style.pointerEvents = 'auto'; + b.addEventListener('click', postToDocBee, { + once: false + }); + } + const p = document.getElementById('btnPrintPDF'); + const btn = document.getElementById('btnExportAll'); + if (btn) { + btn.addEventListener('click', e => { + e.preventDefault(); + exportAll().catch(err => alert('Export error: ' + err.message)); + }); + console.log('Export-Button gebunden'); + } else { + alert('Export-Button nicht gefunden (id=btnExportAll).'); + } + } + if (document.readyState === 'loading') document.addEventListener('DOMContentLoaded', bind); + else bind(); + window.addEventListener('pageshow', () => { + const b = document.getElementById('btnPushDocBee'); + if (b) { + b.removeAttribute('disabled'); + b.classList.remove('is-busy'); + b.style.pointerEvents = 'auto'; + } + }); +})(); +(function injectAuxCss() { + const s = document.createElement('style'); + s.textContent = ` + .is-busy{opacity:.6;pointer-events:none} + .docbee-hint{margin-top:8px;font-size:14px} + .docbee-hint a{text-decoration:underline} + `; + document.head.appendChild(s); +})(); + +// ===================== Ende app.js ===================== \ No newline at end of file diff --git a/qa-tool/htdocs/js/pdf.js b/qa-tool/htdocs/js/pdf.js new file mode 100644 index 0000000..a9d679c --- /dev/null +++ b/qa-tool/htdocs/js/pdf.js @@ -0,0 +1,515 @@ +// auto-split module + + +async function ensureJsPdf() { + function loadScript(url) { + return new Promise((resolve, reject) => { + const s = document.createElement('script'); + s.src = url; + s.onload = resolve; + s.onerror = reject; + document.head.appendChild(s); + }); + } + async function tryLoad(urls) { + for (const u of urls) { + try { + await loadScript(u); + } catch (_) {} + if (window.jspdf && window.jspdf.jsPDF) return true; + } + return !!(window.jspdf && window.jspdf.jsPDF); + } + + // 1) jsPDF laden (lokal bevorzugt, dann CDN/Unpkg) + if (!(window.jspdf && window.jspdf.jsPDF)) { + await tryLoad([ + '/vendor/jspdf/jspdf.umd.min.js', + 'https://cdn.jsdelivr.net/npm/jspdf@2.5.1/dist/jspdf.umd.min.js', + 'https://unpkg.com/jspdf@2.5.1/dist/jspdf.umd.min.js' + ]); + } + if (!(window.jspdf && window.jspdf.jsPDF)) return false; + + // 2) autotable nachladen, falls nicht vorhanden + try { + const test = new window.jspdf.jsPDF(); + if (typeof test.autoTable !== 'function') { + await tryLoad([ + '/vendor/jspdf-autotable/jspdf.plugin.autotable.min.js', + 'https://cdn.jsdelivr.net/npm/jspdf-autotable@3.8.2/dist/jspdf.plugin.autotable.min.js', + 'https://unpkg.com/jspdf-autotable@3.8.2/dist/jspdf.plugin.autotable.min.js' + ]); + } + } catch (_) { + /* egal – PDF geht auch ohne autotable-Funktion (Fallback) */ + } + + return true; +} + + +async function generatePdfBlob(run) { + // Lade jsPDF + AutoTable falls nötig (lokal → CDN/Unpkg). Fällt ansonsten sauber auf Text-Blob zurück. + const pdfReady = await ensureJsPdf(); + if (!pdfReady) { + const txt = 'QA Report\n' + JSON.stringify(run, null, 2); + return new Blob([txt], { + type: 'application/pdf' + }); + } + const { + jsPDF + } = window.jspdf; + const doc = new jsPDF({ + orientation: 'landscape', + unit: 'mm', + format: 'a4', + compress: true + }); + // dynamic layout metrics for landscape A4 + const pageW = doc.internal.pageSize.getWidth(); + const pageH = doc.internal.pageSize.getHeight(); + const marginL = 14, + marginR = 14; + const xRight = pageW - marginR; + const footerY = pageH - 13; + + // Farben (RGB, NICHT Hex!): "muted" war zuvor unsichtbar – jetzt korrekt + const muted = [102, 102, 102]; + const headFill = [242, 242, 242]; + const ok = [0, 140, 0], + fail = [200, 0, 0], + skip = [160, 160, 0]; + + // Optionales Logo oben rechts – proportional in 26×12 mm Box, rechtsbündig + let logo = null; + try { + logo = await imgToDataURL('logo_light.png'); + } catch {} + + if (logo) { + // 1) Bildabmessungen ermitteln (erst jsPDF, dann Fallback über ) + let iw = 0, + ih = 0; + try { + const props = doc.getImageProperties ? doc.getImageProperties(logo) : null; + if (props) { + iw = props.width || 0; + ih = props.height || 0; + } + } catch {} + if (!(iw && ih)) { + await new Promise((resolve) => { + const img = new Image(); + img.onload = () => { + iw = img.naturalWidth; + ih = img.naturalHeight; + resolve(); + }; + img.onerror = () => resolve(); + img.src = logo; + }); + } + + // 2) Proportional in die Box einpassen + const maxW = 26, + maxH = 12; + const ratio = (ih && iw) ? (ih / iw) : (10 / 26); + let w = maxW, + h = w * ratio; + if (h > maxH) { + h = maxH; + w = h / ratio; + } + + // 3) Rechtsbündig relativ zur Nutzkante (xRight) + const x = xRight - w; + const y = 7.8; + + try { + doc.addImage(logo, 'PNG', x, y, w, h, undefined, 'FAST'); + } catch {} + } + + + // Titelzeile + doc.setFont('helvetica', 'bold'); + doc.setFontSize(18); + doc.setTextColor(0, 0, 0); + doc.text('QA Report', 14, 16); + if (logo) { + try { + // Optionales Logo oben rechts – proportional in 26×12 mm Box, rechtsbündig + let logo = null; + try { + logo = await imgToDataURL('logo_light.png'); + } catch {} + + if (logo) { + // Bildabmessungen: zuerst aus jsPDF, sonst via -Fallback + let iw = 0, + ih = 0; + try { + const props = doc.getImageProperties ? doc.getImageProperties(logo) : null; + if (props) { + iw = props.width || 0; + ih = props.height || 0; + } + } catch {} + if (!(iw && ih)) { + await new Promise((resolve) => { + const img = new Image(); + img.onload = () => { + iw = img.naturalWidth; + ih = img.naturalHeight; + resolve(); + }; + img.onerror = () => resolve(); + img.src = logo; + }); + } + + // proportional in die Box einpassen + const maxW = 26, + maxH = 12; + const ratio = (ih && iw) ? (ih / iw) : (10 / 26); + let w = maxW, + h = w * ratio; + if (h > maxH) { + h = maxH; + w = h / ratio; + } + + // rechtsbündig zur Nutzkante + const x = xRight - w; + const y = 7.8; + + try { + doc.addImage(logo, 'PNG', x, y, w, h, undefined, 'FAST'); + } catch {} + } + + } catch {} + } + doc.setDrawColor(0, 0, 0); + doc.setLineWidth(0.2); + doc.line(marginL, 18, xRight, 18); + + // Metadaten mit Labels (sichtbar!) + const meta = [ + ['Modul', sanitizeText(run.module)], + ['Modul-Version', sanitizeText(run.module_version)], + ['PBX-Version', sanitizeText(run.pbx_version)], + ['OLM-Nummer', sanitizeText(run.olm_nummer)], + ['Tester', sanitizeText(run.tester)], + ['DocBee', sanitizeText(run.docbee_url || '-')], + ]; + let y = 24; + doc.setFontSize(10); + meta.forEach(([k, v]) => { + doc.setFont('helvetica', 'bold'); + doc.setTextColor(...muted); + doc.text(k + ':', 14, y); + doc.setFont('helvetica', 'normal'); + doc.setTextColor(0, 0, 0); + doc.text(v || '—', 50, y); + y += 6; + }); + + // Zeilen aus Steps bauen + const rows = []; + let i = 0, + group = null; + (run.steps || []).forEach(s => { + if ((s.kind || 'step') === 'group') { + group = sanitizeText(s.title); + return; + } + i++; + rows.push({ + nr: i, + group: sanitizeText(group || '–'), + id: sanitizeText(s.id), + title: sanitizeText(s.title), + expected: sanitizeText(s.expected), + status: sanitizeText((s.status || '').toLowerCase()), + comment: sanitizeText(s.comment), + }); + }); + + const body = rows.map(r => [r.nr, r.group, r.id, r.title, r.expected, r.status, r.comment]); + const startY = Math.max(y + 4, 24); + + // Tabelle (autoTable) + // @ts-ignore + doc.autoTable({ + startY, + tableWidth: pageW - (marginL + marginR), + tableWidth: pageW - (marginL + marginR), + head: [ + ['#', 'Gruppe', 'Step-ID', 'Titel', 'Erwartet', 'Status', 'Kommentar'] + ], + body, + styles: { + font: 'helvetica', + fontSize: 9, + cellPadding: 2, + overflow: 'linebreak', + valign: 'top' + }, + headStyles: { + fillColor: headFill, + textColor: [0, 0, 0], + halign: 'left' + }, + columnStyles: { + 0: { + halign: 'right', + cellWidth: 8 + }, + 1: { + cellWidth: 36 + }, + 2: { + cellWidth: 24 + }, + 3: { + cellWidth: 62 + }, + 4: { + cellWidth: 76 + }, + 5: { + cellWidth: 20, + halign: 'left' + }, + 6: { + cellWidth: 36 + } + }, + didParseCell: (d) => { + // Normalize every cell fragment to PDF-safe ASCII/Latin-1 and map arrows + if (d && d.cell) { + const arr = Array.isArray(d.cell.text) ? d.cell.text : [String(d.cell.text ?? '')]; + d.cell.text = arr.map(t => toPdfSafe(replaceSymbols(String(t)))); + } + if (d.section === 'body') { + // Status einfärben + if (d.column.index === 5) { + const val = String(d.cell.raw || '').toLowerCase(); + if (val === 'pass') d.cell.styles.textColor = ok; + else if (val === 'fail') d.cell.styles.textColor = fail; + else if (val === 'skip' || val === 'na') d.cell.styles.textColor = skip; + } + // "Erwartet" als Monospace + leicht grauer Hintergrund + if (d.column.index === 4) { + d.cell.styles.font = 'courier'; + d.cell.styles.fillColor = [250, 250, 250]; + } + } + }, + margin: { + left: marginL, + right: marginR + }, + pageBreak: 'auto' + }); + + // Footer: Seitenzahlen & Zeitstempel + const pageCount = doc.getNumberOfPages(); + const ts = new Date().toLocaleString(); + for (let p = 1; p <= pageCount; p++) { + doc.setPage(p); + doc.setFont('helvetica', 'normal'); + doc.setFontSize(8); + doc.setTextColor(...muted); + doc.text(`Seite ${p} / ${pageCount}`, xRight, footerY, { + align: 'right' + }); + doc.text(ts, marginL, footerY); + } + + return doc.output('blob'); +} + + +async function printPDF() { + const run = collectRun(); + if (!run) return; + if (!checkRequired(run)) return; + renumberSteps(); + + const logoDataUrl = await imgToDataURL('logo_light.png').catch(() => null); + const esc = (s) => String(s ?? '').replace(/&/g, '&').replace(//g, '>'); + // ===== Funktion: badge (Arrow) ===== + // Zweck: siehe Inline-Kommentare im Funktionskörper. + const badge = (status) => { + const map = { + pass: { + txt: '✅ PASS', + bg: '#DCFCE7', + bd: '#22c55e' + }, + fail: { + txt: '❌ FAIL', + bg: '#FEE2E2', + bd: '#ef4444' + }, + skip: { + txt: '⏭️ SKIP', + bg: '#E5E7EB', + bd: '#6b7280' + }, + blocked: { + txt: '⛔ BLOCK', + bg: '#FEF3C7', + bd: '#f59e0b' + }, + '': { + txt: '—', + bg: '#F3F4F6', + bd: '#9ca3af' + } + }; + const m = map[status || ''] || map['']; + return `${m.txt}`; + }; + const counts = { + pass: 0, + fail: 0, + skip: 0, + blocked: 0 + }; + run.steps.forEach(s => { + if ((s.kind || 'step') !== 'step') return; + if (counts[s.status] !== undefined) counts[s.status]++; + }); + const summary = `✅ ${counts.pass} ❌ ${counts.fail} ⏭️ ${counts.skip} ⛔ ${counts.blocked}`; + let rows = ''; + let seenGroup = false; + for (const s of run.steps) { + if ((s.kind || 'step') === 'group') { + const t = esc(s.title || ''); + const cls = `group${seenGroup ? ' pagebreak' : ''}`; + rows += `${t}`; + seenGroup = true; + continue; + } + rows += ` + + ${esc(s.id)}
${esc(s.title)}${s.required?' 📌':''}
+ ${esc(s.expected)} + ${badge(s.status||'')} + ${esc(s.comment)} + ${linkify(s.evidence)} + `; + } + + const html = ` +QA Report + + + +
+
+ ${logoDataUrl ? `Logo` : ``} +

Testprotokoll

+
+
${summary}
+
+ +
+
    +
  • Modul: ${esc(run.module||'')}
    • +
  • Modul-Version: ${esc(run.module_version||'')}
    • +
  • PBX-Version: ${esc(run.pbx_version||'')}
    • +
  • DocBee: ${esc(run.docbee_url||'')}
    • +
  • Tester: ${esc(run.tester||'')}
    • +
  • Datum: ${new Date(run.ts).toLocaleString('de-DE')}
    • +
+
Legende: ✅ Pass, ❌ Fail, ⏭️ Skip, ⛔ Blocked, 📌 Pflicht
+
+ + + + ${rows} +
SchrittErwartungStatusKommentarEvidenz
+ + +`; + + const blob = new Blob([html], { + type: 'text/html' + }); + const url = URL.createObjectURL(blob); + const w = window.open(url, '_blank', 'noopener'); + if (!w) { + alert('Pop-up blockiert. Bitte Pop-ups erlauben.'); + URL.revokeObjectURL(url); + return; + } + setTimeout(() => URL.revokeObjectURL(url), 10000); +} + + +function toPdfSafe(s) { + return String(s).replace(/[^\x09\x0A\x0D\x20-\x7E\u00A0-\u00FF]/g, '?'); +} + + +async function imgToDataURL(src) { + return new Promise((resolve, reject) => { + const img = new Image(); + img.crossOrigin = 'anonymous'; + img.onload = () => { + const c = document.createElement('canvas'); + c.width = img.naturalWidth; + c.height = img.naturalHeight; + const ctx = c.getContext('2d'); + ctx.drawImage(img, 0, 0); + resolve(c.toDataURL('image/png')); + }; + img.onerror = reject; + img.src = src; + }); +} + diff --git a/qa-tool/htdocs/js/steps.js b/qa-tool/htdocs/js/steps.js new file mode 100644 index 0000000..6d21274 --- /dev/null +++ b/qa-tool/htdocs/js/steps.js @@ -0,0 +1,195 @@ +// auto-split module + + +function parseTemplate(text) { + if (window.jsyaml && typeof jsyaml.load === 'function') { + try { + return jsyaml.load(text); + } catch (e) {} + } + try { + return JSON.parse(text); + } catch (e) {} + throw new Error('Vorlage konnte weder als YAML noch JSON gelesen werden.'); +} + + +function captureEditsIntoTemplate() { + if (!template) return; + const rows = [...(els.stepsTableBody?.querySelectorAll('tr') || [])]; + template.steps = rows.map((row, i) => { + const kind = row.getAttribute('data-kind') || 'step'; + if (kind === 'group') { + return { + kind: 'group', + title: (row.querySelector('.tpl-group-title')?.value || '').trim(), + collapsed: row.getAttribute('data-collapsed') === '1' + }; + } + return { + kind: 'step', + id: (row.querySelector('.tpl-id')?.value || '').trim() || `step-${String(i+1).padStart(3,'0')}`, + title: (row.querySelector('.tpl-title')?.value || row.querySelector('.tpl-title')?.textContent || '').trim(), + expected: (row.querySelector('.tpl-expected')?.value || '').trim(), + required: !!(row.querySelector('.tpl-required')?.checked), + status: row.querySelector('select.status')?.value || '', + comment: row.querySelector('.run-comment')?.value || '', + evidence: row.querySelector('.run-evidence')?.value || '' + }; + }); +} + + +function nextStepNumber() { + const stepsOnly = (template?.steps || []).filter(s => (s.kind || s.type || 'step') === 'step'); + // Versuche numerischen Suffix aus "step-XYZ" zu lesen, sonst zähle Steps + const nums = stepsOnly + .map(s => String(s.id || '')) + .map(id => { + const m = id.match(/step-(\d+)/i); + return m ? parseInt(m[1], 10) : null; + }) + .filter(n => Number.isFinite(n)); + const base = nums.length ? Math.max(...nums) : stepsOnly.length; + return base + 1; +} + + +function makeStepId(n) { + const num = String(Math.max(1, n)).padStart(3, '0'); + return `step-${num}`; +} + + +function renumberSteps() { + if (!template || !Array.isArray(template.steps)) return; + let n = 1; + template.steps.forEach(s => { + const k = s.kind || s.type || 'step'; + if (k !== 'step') return; + const id = `step-${String(n).padStart(3,'0')}`; + s.id = id; + n++; + }); +} + + +function ensureRenumberAndRender() { + renumberSteps(); + renderSteps(template.steps); + recomputeGroupStyles(); +} + + +function renderSteps(steps) { + if (!els.stepsTableBody) return; + els.stepsTableBody.innerHTML = ''; + let groupCollapsed = false; + steps.forEach((s, idx) => { + if ((s.kind || 'step') === 'group') { + const trG = document.createElement('tr'); + trG.setAttribute('data-kind', 'group'); + trG.className = 'group-row'; + if (s.collapsed) trG.setAttribute('data-collapsed', '1'); + /* drag via handle only */ + // trG.setAttribute('draggable','true'); + trG.innerHTML = ` + +
+ +
+ + + + + + +
+
⋮⋮
+
+ `; + els.stepsTableBody.appendChild(trG); + groupCollapsed = !!s.collapsed; + return; + } + const id = s.id || ''; + const tr = document.createElement('tr'); + tr.setAttribute('data-kind', 'step'); + /* drag via handle only */ + // tr.setAttribute('draggable','true'); + if (groupCollapsed) tr.setAttribute('data-hidden', '1'); + tr.innerHTML = ` + +
+ + + ${s.required ? '📌' : ''} + + +
⋮⋮
+
+ + + + + + + + + + `; + els.stepsTableBody.appendChild(tr); + updateStatusClass(tr.querySelector('select.status')); + // nach jedem Render Schritt neu bewerten + recomputeGroupStyles(); + }); +} + + +function recomputeGroupStyles() { + try { + const body = els.stepsTableBody; + if (!body) return; + const rows = [...body.querySelectorAll('tr')]; + // Collect groups with following step rows until next group + let groups = []; + let current = null; + rows.forEach(r => { + const kind = r.getAttribute('data-kind') || 'step'; + if (kind === 'group') { + current = { + row: r, + steps: [] + }; + groups.push(current); + } else if (current) { + current.steps.push(r); + } + }); + groups.forEach(g => { + g.row.classList.remove('group-ok', 'group-fail'); + const statuses = g.steps.map(tr => (tr.querySelector('select.status')?.value || '').toUpperCase()); + if (!statuses.length) return; + const allPass = statuses.every(s => s === 'PASS'); + const anyFail = statuses.some(s => s === 'FAIL' || s === 'BLOCKED'); + if (allPass) g.row.classList.add('group-ok'); + else if (anyFail) g.row.classList.add('group-fail'); + }); + } catch (e) { + console.warn('recomputeGroupStyles failed', e); + } +} + + +function enforceDragHandleOnly() { + if (!els.stepsTableBody) return; + els.stepsTableBody.querySelectorAll('tr[draggable="true"]').forEach(tr => tr.setAttribute('draggable', 'false')); + els.stepsTableBody.querySelectorAll('.drag-handle').forEach(h => h.setAttribute('draggable', 'true')); +} + diff --git a/qa-tool/htdocs/js/ui.js b/qa-tool/htdocs/js/ui.js new file mode 100644 index 0000000..92fa11f --- /dev/null +++ b/qa-tool/htdocs/js/ui.js @@ -0,0 +1,101 @@ +// auto-split module + + +function updateStatusClass(selectEl) { + if (!selectEl) return; + const tr = selectEl.closest('tr'); + ['st-pass', 'st-fail', 'st-skip', 'st-blocked'].forEach(c => selectEl.classList.remove(c)); + ['row-pass', 'row-fail', 'row-skip', 'row-blocked'].forEach(c => tr.classList.remove(c)); + const v = selectEl.value || ''; + if (!v) return; + selectEl.classList.add('st-' + v); + tr.classList.add('row-' + v); +} + + + function bind() { + const b = document.getElementById('btnPushDocBee'); + if (b) { + b.removeAttribute('disabled'); + b.classList.remove('is-busy'); + b.style.pointerEvents = 'auto'; + b.addEventListener('click', postToDocBee, { + once: false + }); + } + const p = document.getElementById('btnPrintPDF'); + const btn = document.getElementById('btnExportAll'); + if (btn) { + btn.addEventListener('click', e => { + e.preventDefault(); + exportAll().catch(err => alert('Export error: ' + err.message)); + }); + console.log('Export-Button gebunden'); + } else { + alert('Export-Button nicht gefunden (id=btnExportAll).'); + } + } + + +function updateTokenBadge(state) { + const el = els.docbeeTokenStatus; + if (!el) return; + const has = !!(typeof DOCBEE_TOKEN !== 'undefined' && String(DOCBEE_TOKEN || '').trim().length > 10); + el.classList.remove('ok', 'bad', 'warn'); + if (state === 'bad') { + el.textContent = 'DocBee: ungültig/401'; + el.classList.add('bad'); + return; + } + if (state === 'ok' || (state === undefined && has)) { + el.textContent = 'DocBee: Token gesetzt'; + el.classList.add('ok'); + return; + } + el.textContent = 'DocBee: fehlt'; + el.classList.add('warn'); +} + + +function checkRequired(run) { + const missing = run.steps.filter(s => (s.kind || 'step') === 'step' && s.required && !s.status); + if (missing.length > 0) { + alert("Folgende Pflichtschritte haben keinen Status:\n" + + missing.map(s => `${s.id} – ${s.title}`).join("\n")); + return false; + } + return true; +} + + + const badge = (status) => { + const map = { + pass: { + txt: '✅ PASS', + bg: '#DCFCE7', + bd: '#22c55e' + }, + fail: { + txt: '❌ FAIL', + bg: '#FEE2E2', + bd: '#ef4444' + }, + skip: { + txt: '⏭️ SKIP', + bg: '#E5E7EB', + bd: '#6b7280' + }, + blocked: { + txt: '⛔ BLOCK', + bg: '#FEF3C7', + bd: '#f59e0b' + }, + '': { + txt: '—', + bg: '#F3F4F6', + bd: '#9ca3af' + } + }; + const m = map[status || ''] || map['']; + return `${m.txt}`; + } \ No newline at end of file diff --git a/qa-tool/htdocs/js/utils.js b/qa-tool/htdocs/js/utils.js new file mode 100644 index 0000000..01a9184 --- /dev/null +++ b/qa-tool/htdocs/js/utils.js @@ -0,0 +1,96 @@ +// auto-split module + +const DOCBEE_UI_BASE = DOCBEE_BASEURL; // feste Instanzbasis für UI-Links +const SEP = '────────────────────────────────────────────────────────────────────────'; +const SMAP = { + pass: '✅', + fail: '❌', + skip: '⏭️', + blocked: '⛔' + }; + +// auto-split module + + +const escAttr = (s) => String(s ?? '').replaceAll('"', '"'); + + +const escHTML = (s) => String(s ?? '').replaceAll('&', '&').replaceAll('<', '<').replaceAll('>', '>'); + + +const safeName = (s) => String(s || '').replace(/\s+/g, '-').toLowerCase().replace(/[^\w.-]/g, ''); + + +const linkify = (s) => /^https?:\/\//i.test(String(s || '')) ? `${escHTML(s)}` : escHTML(s); + + +const hasToken = () => typeof DOCBEE_TOKEN === 'string' && DOCBEE_TOKEN.trim().length > 0; + +// auto-split module + + +function download(content, filename, type) { + const blob = new Blob([content], { + type + }); + const url = URL.createObjectURL(blob); + const a = document.createElement('a'); + a.href = url; + a.download = filename; + a.click(); + setTimeout(() => URL.revokeObjectURL(url), 1500); +} + + + function loadScript(url) { + return new Promise((resolve, reject) => { + const s = document.createElement('script'); + s.src = url; + s.onload = resolve; + s.onerror = reject; + document.head.appendChild(s); + }); + } + + +function extractTicketId(u) { + const m = String(u || "").match(/(?:\/ticket\/show\/|\/tickets\/)(\d+)/i); + return m ? m[1] : null; +} + + +function rowIndexOf(target) { + const tr = target.closest('tr'); + if (!tr) return -1; + return [...els.stepsTableBody.children].indexOf(tr); +} + + +function replaceSymbols(s) { + return String(s) + // right arrows (→ ⇒ ⟶ ➔ ➜ …) → "->" + .replace(/[\u2192\u21A6\u21E8\u27A1\u2794\u27F6\u27F7\u27F9\u279D\u279E\u279F\u27A0]/g, '->') + // left arrows (← ⇐ ⟵ …) → "<-" + .replace(/[\u2190\u21A4\u21E6\u2B05\u27F5]/g, '<-') + // both directions (↔ ⇔ ⟷ …) → "<->" + .replace(/[\u2194\u21D4\u27F7\u27F8\u2B04]/g, '<->') + // normalize dashes + .replace(/[–—‑]/g, '-') + // ellipsis/multiply + .replace(/…/g, '...') + .replace(/×/g, 'x'); +} + + + +function sanitizeText(s) { + // Inline text normalization for labels/titles/comments + const out = String(s ?? '') + .replace(/\u00A0/g, ' ') // NBSP -> space + .replace(/[“”]/g, '"') // smart quotes -> ASCII + .replace(/[’‘]/g, "'") + .replace(/\s+/g, ' ') + .trim(); + // Map arrows/dashes and limit to PDF-safe charset + return toPdfSafe(replaceSymbols(out)); +} \ No newline at end of file diff --git a/qa-tool/htdocs/login.php b/qa-tool/htdocs/login.php new file mode 100644 index 0000000..b9b88f7 --- /dev/null +++ b/qa-tool/htdocs/login.php @@ -0,0 +1,32 @@ +setRedirectURL($OIDC_REDIRECT_URL); + +// Scopes als Array hinzufügen +$oidc->addScope(['openid', 'profile', 'email', 'groups']); + +// Benutzer zur Authentifizierungsseite weiterleiten +$oidc->authenticate(); +?> \ No newline at end of file diff --git a/qa-tool/htdocs/logo.png b/qa-tool/htdocs/logo.png new file mode 100644 index 0000000..638abaa Binary files /dev/null and b/qa-tool/htdocs/logo.png differ diff --git a/qa-tool/htdocs/logo_light.png b/qa-tool/htdocs/logo_light.png new file mode 100644 index 0000000..7e9f692 Binary files /dev/null and b/qa-tool/htdocs/logo_light.png differ diff --git a/qa-tool/htdocs/logout.php b/qa-tool/htdocs/logout.php new file mode 100644 index 0000000..f0a5fee --- /dev/null +++ b/qa-tool/htdocs/logout.php @@ -0,0 +1,10 @@ + \ No newline at end of file diff --git a/qa-tool/htdocs/oidc/phpseclib/Common/ConstantUtilityTrait.php b/qa-tool/htdocs/oidc/phpseclib/Common/ConstantUtilityTrait.php new file mode 100644 index 0000000..a349c33 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Common/ConstantUtilityTrait.php @@ -0,0 +1,44 @@ +getConstants(); + self::$valueToConstantNameMap = array_flip($constantNameToValueMap); + } + if (isset(self::$valueToConstantNameMap[$value])) { + return self::$valueToConstantNameMap[$value]; + } + return null; + } + + /** + * @param string|int $value + */ + public static function getConstantNameByValue($value): string + { + $constantName = static::findConstantNameByValue($value); + if ($constantName === null) { + throw new InvalidArgumentException(sprintf('"%s" does not have constant with value "%s".', static::class, $value)); + } + return $constantName; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Common/Functions/Strings.php b/qa-tool/htdocs/oidc/phpseclib/Common/Functions/Strings.php new file mode 100644 index 0000000..30d7741 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Common/Functions/Strings.php @@ -0,0 +1,461 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Common\Functions; + +use ParagonIE\ConstantTime\Base64; +use ParagonIE\ConstantTime\Base64UrlSafe; +use ParagonIE\ConstantTime\Hex; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField; + +/** + * Common String Functions + * + * @author Jim Wigginton + */ +abstract class Strings +{ + /** + * String Shift + * + * Inspired by array_shift + */ + public static function shift(string &$string, int $index = 1): string + { + $substr = substr($string, 0, $index); + $string = substr($string, $index); + return $substr; + } + + /** + * String Pop + * + * Inspired by array_pop + */ + public static function pop(string &$string, int $index = 1): string + { + $substr = substr($string, -$index); + $string = substr($string, 0, -$index); + return $substr; + } + + /** + * Parse SSH2-style string + * + * Returns either an array or a boolean if $data is malformed. + * + * Valid characters for $format are as follows: + * + * C = byte + * b = boolean (true/false) + * N = uint32 + * Q = uint64 + * s = string + * i = mpint + * L = name-list + * + * uint64 is not supported. + */ + public static function unpackSSH2(string $format, string &$data): array + { + $format = self::formatPack($format); + $result = []; + for ($i = 0; $i < strlen($format); $i++) { + switch ($format[$i]) { + case 'C': + case 'b': + if (!strlen($data)) { + throw new LengthException('At least one byte needs to be present for successful C / b decodes'); + } + break; + case 'N': + case 'i': + case 's': + case 'L': + if (strlen($data) < 4) { + throw new LengthException('At least four byte needs to be present for successful N / i / s / L decodes'); + } + break; + case 'Q': + if (strlen($data) < 8) { + throw new LengthException('At least eight byte needs to be present for successful N / i / s / L decodes'); + } + break; + + default: + throw new InvalidArgumentException('$format contains an invalid character'); + } + switch ($format[$i]) { + case 'C': + $result[] = ord(self::shift($data)); + continue 2; + case 'b': + $result[] = ord(self::shift($data)) != 0; + continue 2; + case 'N': + [, $temp] = unpack('N', self::shift($data, 4)); + $result[] = $temp; + continue 2; + case 'Q': + // pack() added support for Q in PHP 5.6.3 and PHP 5.6 is phpseclib 3's minimum version + // so in theory we could support this BUT, "64-bit format codes are not available for + // 32-bit versions" and phpseclib works on 32-bit installs. on 32-bit installs + // 64-bit floats can be used to get larger numbers then 32-bit signed ints would allow + // for. sure, you're not gonna get the full precision of 64-bit numbers but just because + // you need > 32-bit precision doesn't mean you need the full 64-bit precision + extract(unpack('Nupper/Nlower', self::shift($data, 8))); + $temp = $upper ? 4294967296 * $upper : 0; + $temp += $lower < 0 ? ($lower & 0x7FFFFFFFF) + 0x80000000 : $lower; + // $temp = hexdec(bin2hex(self::shift($data, 8))); + $result[] = $temp; + continue 2; + } + [, $length] = unpack('N', self::shift($data, 4)); + if (strlen($data) < $length) { + throw new LengthException("$length bytes needed; " . strlen($data) . ' bytes available'); + } + $temp = self::shift($data, $length); + switch ($format[$i]) { + case 'i': + $result[] = new BigInteger($temp, -256); + break; + case 's': + $result[] = $temp; + break; + case 'L': + $result[] = explode(',', $temp); + } + } + + return $result; + } + + /** + * Create SSH2-style string + * + * @param string|int|float|array|bool ...$elements + */ + public static function packSSH2(string $format, ...$elements): string + { + $format = self::formatPack($format); + if (strlen($format) != count($elements)) { + throw new InvalidArgumentException('There must be as many arguments as there are characters in the $format string'); + } + $result = ''; + for ($i = 0; $i < strlen($format); $i++) { + $element = $elements[$i]; + switch ($format[$i]) { + case 'C': + if (!is_int($element)) { + throw new InvalidArgumentException('Bytes must be represented as an integer between 0 and 255, inclusive.'); + } + $result .= pack('C', $element); + break; + case 'b': + if (!is_bool($element)) { + throw new InvalidArgumentException('A boolean parameter was expected.'); + } + $result .= $element ? "\1" : "\0"; + break; + case 'Q': + if (!is_int($element) && !is_float($element)) { + throw new InvalidArgumentException('An integer was expected.'); + } + // 4294967296 == 1 << 32 + $result .= pack('NN', $element / 4294967296, $element); + break; + case 'N': + if (is_float($element)) { + $element = (int) $element; + } + if (!is_int($element)) { + throw new InvalidArgumentException('An integer was expected.'); + } + $result .= pack('N', $element); + break; + case 's': + if (!self::is_stringable($element)) { + throw new InvalidArgumentException('A string was expected.'); + } + $result .= pack('Na*', strlen($element), $element); + break; + case 'i': + if (!$element instanceof BigInteger && !$element instanceof FiniteField\Integer) { + throw new InvalidArgumentException('A phpseclib3\Math\BigInteger or phpseclib3\Math\Common\FiniteField\Integer object was expected.'); + } + $element = $element->toBytes(true); + $result .= pack('Na*', strlen($element), $element); + break; + case 'L': + if (!is_array($element)) { + throw new InvalidArgumentException('An array was expected.'); + } + $element = implode(',', $element); + $result .= pack('Na*', strlen($element), $element); + break; + default: + throw new InvalidArgumentException('$format contains an invalid character'); + } + } + return $result; + } + + /** + * Expand a pack string + * + * Converts C5 to CCCCC, for example. + */ + private static function formatPack(string $format): string + { + $parts = preg_split('#(\d+)#', $format, -1, PREG_SPLIT_DELIM_CAPTURE); + $format = ''; + for ($i = 1; $i < count($parts); $i += 2) { + $format .= substr($parts[$i - 1], 0, -1) . str_repeat($parts[$i - 1][-1], (int) $parts[$i]); + } + $format .= $parts[$i - 1]; + + return $format; + } + + /** + * Convert binary data into bits + * + * bin2hex / hex2bin refer to base-256 encoded data as binary, whilst + * decbin / bindec refer to base-2 encoded data as binary. For the purposes + * of this function, bin refers to base-256 encoded data whilst bits refers + * to base-2 encoded data + */ + public static function bits2bin(string $x): string + { + /* + // the pure-PHP approach is faster than the GMP approach + if (function_exists('gmp_export')) { + return strlen($x) ? gmp_export(gmp_init($x, 2)) : gmp_init(0); + } + */ + + if (preg_match('#[^01]#', $x)) { + throw new RuntimeException('The only valid characters are 0 and 1'); + } + + if (!defined('PHP_INT_MIN')) { + define('PHP_INT_MIN', ~PHP_INT_MAX); + } + + $length = strlen($x); + if (!$length) { + return ''; + } + $block_size = PHP_INT_SIZE << 3; + $pad = $block_size - ($length % $block_size); + if ($pad != $block_size) { + $x = str_repeat('0', $pad) . $x; + } + + $parts = str_split($x, $block_size); + $str = ''; + foreach ($parts as $part) { + $xor = $part[0] == '1' ? PHP_INT_MIN : 0; + $part[0] = '0'; + $str .= pack( + PHP_INT_SIZE == 4 ? 'N' : 'J', + $xor ^ eval('return 0b' . $part . ';') + ); + } + return ltrim($str, "\0"); + } + + /** + * Convert bits to binary data + */ + public static function bin2bits(string $x, bool $trim = true): string + { + /* + // the pure-PHP approach is slower than the GMP approach BUT + // i want to the pure-PHP version to be easily unit tested as well + if (function_exists('gmp_import')) { + return gmp_strval(gmp_import($x), 2); + } + */ + + $len = strlen($x); + $mod = $len % PHP_INT_SIZE; + if ($mod) { + $x = str_pad($x, $len + PHP_INT_SIZE - $mod, "\0", STR_PAD_LEFT); + } + + $bits = ''; + if (PHP_INT_SIZE == 4) { + $digits = unpack('N*', $x); + foreach ($digits as $digit) { + $bits .= sprintf('%032b', $digit); + } + } else { + $digits = unpack('J*', $x); + foreach ($digits as $digit) { + $bits .= sprintf('%064b', $digit); + } + } + + return $trim ? ltrim($bits, '0') : $bits; + } + + /** + * Switch Endianness Bit Order + */ + public static function switchEndianness(string $x): string + { + $r = ''; + for ($i = strlen($x) - 1; $i >= 0; $i--) { + $b = ord($x[$i]); + if (PHP_INT_SIZE === 8) { + // 3 operations + // from http://graphics.stanford.edu/~seander/bithacks.html#ReverseByteWith64BitsDiv + $r .= chr((($b * 0x0202020202) & 0x010884422010) % 1023); + } else { + // 7 operations + // from http://graphics.stanford.edu/~seander/bithacks.html#ReverseByteWith32Bits + $p1 = ($b * 0x0802) & 0x22110; + $p2 = ($b * 0x8020) & 0x88440; + $r .= chr( + (($p1 | $p2) * 0x10101) >> 16 + ); + } + } + return $r; + } + + /** + * Increment the current string + */ + public static function increment_str(string &$var): string + { + if (function_exists('sodium_increment')) { + $var = strrev($var); + sodium_increment($var); + $var = strrev($var); + return $var; + } + + for ($i = 4; $i <= strlen($var); $i += 4) { + $temp = substr($var, -$i, 4); + switch ($temp) { + case "\xFF\xFF\xFF\xFF": + $var = substr_replace($var, "\x00\x00\x00\x00", -$i, 4); + break; + case "\x7F\xFF\xFF\xFF": + $var = substr_replace($var, "\x80\x00\x00\x00", -$i, 4); + return $var; + default: + $temp = unpack('Nnum', $temp); + $var = substr_replace($var, pack('N', $temp['num'] + 1), -$i, 4); + return $var; + } + } + + $remainder = strlen($var) % 4; + + if ($remainder == 0) { + return $var; + } + + $temp = unpack('Nnum', str_pad(substr($var, 0, $remainder), 4, "\0", STR_PAD_LEFT)); + $temp = substr(pack('N', $temp['num'] + 1), -$remainder); + $var = substr_replace($var, $temp, 0, $remainder); + + return $var; + } + + /** + * Find whether the type of a variable is string (or could be converted to one) + * + * @psalm-assert-if-true string|\Stringable $var + */ + public static function is_stringable($var): bool + { + return is_string($var) || (is_object($var) && method_exists($var, '__toString')); + } + + /** + * Constant Time Base64-decoding + * + * ParagoneIE\ConstantTime doesn't use libsodium if it's available so we'll do so + * ourselves. see https://github.com/paragonie/constant_time_encoding/issues/39 + */ + public static function base64_decode(string $data): string + { + return function_exists('sodium_base642bin') ? + sodium_base642bin($data, SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, '=') : + Base64::decode($data); + } + + /** + * Constant Time Base64-decoding (URL safe) + */ + public static function base64url_decode(string $data): string + { + // return self::base64_decode(str_replace(['-', '_'], ['+', '/'], $data)); + + return function_exists('sodium_base642bin') ? + sodium_base642bin($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, '=') : + Base64UrlSafe::decode($data); + } + + /** + * Constant Time Base64-encoding + */ + public static function base64_encode(string $data): string + { + return function_exists('sodium_bin2base64') ? + sodium_bin2base64($data, SODIUM_BASE64_VARIANT_ORIGINAL) : + Base64::encode($data); + } + + /** + * Constant Time Base64-encoding (URL safe) + */ + public static function base64url_encode(string $data): string + { + // return str_replace(['+', '/'], ['-', '_'], self::base64_encode($data)); + + return function_exists('sodium_bin2base64') ? + sodium_bin2base64($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING) : + Base64UrlSafe::encode($data); + } + + /** + * Constant Time Hex Decoder + */ + public static function hex2bin(string $data): string + { + return function_exists('sodium_hex2bin') ? + sodium_hex2bin($data) : + Hex::decode($data); + } + + /** + * Constant Time Hex Encoder + */ + public static function bin2hex(string $data): string + { + return function_exists('sodium_bin2hex') ? + sodium_bin2hex($data) : + Hex::encode($data); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/AES.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/AES.php new file mode 100644 index 0000000..0009d2f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/AES.php @@ -0,0 +1,118 @@ + + * setKey('abcdefghijklmnop'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $aes->decrypt($aes->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2008 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Exception\BadMethodCallException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of AES. + * + * @author Jim Wigginton + */ +class AES extends Rijndael +{ + /** + * Dummy function + * + * Since \phpseclib3\Crypt\AES extends \phpseclib3\Crypt\Rijndael, this function is, technically, available, but it doesn't do anything. + * + * @throws BadMethodCallException anytime it's called + * @see \phpseclib3\Crypt\Rijndael::setBlockLength() + */ + public function setBlockLength(int $length): void + { + throw new BadMethodCallException('The block length cannot be set for AES.'); + } + + /** + * Sets the key length + * + * Valid key lengths are 128, 192, and 256. Set the link to bool(false) to disable a fixed key length + * + * @throws LengthException if the key length isn't supported + * @see \phpseclib3\Crypt\Rijndael:setKeyLength() + */ + public function setKeyLength(int $length): void + { + switch ($length) { + case 128: + case 192: + case 256: + break; + default: + throw new LengthException('Key of size ' . $length . ' not supported by this algorithm. Only keys of sizes 128, 192 or 256 supported'); + } + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Rijndael supports five different key lengths, AES only supports three. + * + * @throws LengthException if the key length isn't supported + * @see \phpseclib3\Crypt\Rijndael:setKey() + * @see setKeyLength() + */ + public function setKey(string $key): void + { + switch (strlen($key)) { + case 16: + case 24: + case 32: + break; + default: + throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported'); + } + + parent::setKey($key); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Blowfish.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Blowfish.php new file mode 100644 index 0000000..e13fe88 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Blowfish.php @@ -0,0 +1,790 @@ + unpack('N*', $x), $blocks); it jumps up by an additional + * ~90MB, yielding a 106x increase in memory usage. Consequently, it bcrypt calls a different + * _encryptBlock() then the regular Blowfish does. That said, the Blowfish _encryptBlock() is + * basically just a thin wrapper around the bcrypt _encryptBlock(), so there's that. + * + * # phpseclib's three different _setupKey() implementations + * + * Every bcrypt round is the equivalent of encrypting 512KB of data. Since OpenSSH uses 16 + * rounds by default that's ~8MB of data that's essentially being encrypted whenever + * you use bcrypt. That's a lot of data, however, bcrypt operates within tighter constraints + * than regular Blowfish, so we can use that to our advantage. In particular, whereas Blowfish + * supports variable length keys, in bcrypt, the initial "key" is the sha512 hash of the + * password. sha512 hashes are 512 bits or 64 bytes long and thus the bcrypt keys are of a + * fixed length whereas Blowfish keys are not of a fixed length. + * + * bcrypt actually has two different key expansion steps. The first one (expandstate) is + * constantly XOR'ing every _encryptBlock() parameter against the salt prior _encryptBlock()'s + * being called. The second one (expand0state) is more similar to Blowfish's _setupKey() + * but it can still use the fixed length key optimization discussed above and can do away with + * the pack() / unpack() calls. + * + * I suppose _setupKey() could be made to be a thin wrapper around expandstate() but idk it's + * just a lot of work for very marginal benefits as _setupKey() is only called once for + * regular Blowfish vs the 128 times it's called --per round-- with bcrypt. + * + * # blowfish + bcrypt in the same class + * + * Altho there's a lot of Blowfish code that bcrypt doesn't re-use, bcrypt does re-use the + * initial S-boxes, the initial P-array and the int-only _encryptBlock() implementation. + * + * # Credit + * + * phpseclib's bcrypt implementation is based losely off of OpenSSH's implementation: + * + * https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bcrypt_pbkdf.c + * + * Here's a short example of how to use this library: + * + * setKey('12345678901234567890123456789012'); + * + * $plaintext = str_repeat('a', 1024); + * + * echo $blowfish->decrypt($blowfish->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of Blowfish. + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + */ +class Blowfish extends BlockCipher +{ + /** + * Block Length of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 8; + + /** + * The fixed subkeys boxes ($sbox0 - $sbox3) with 256 entries each + * + * S-Box + * + * @var array + */ + private static $sbox = [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a, + + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7, + + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, + + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6, + ]; + + /** + * P-Array consists of 18 32-bit subkeys + * + * @var array + */ + private static $parray = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b, + ]; + + /** + * The BCTX-working Array + * + * Holds the expanded key [p] and the key-depended s-boxes [sb] + * + * @var array + */ + private $bctx; + + /** + * Holds the last used key + * + * @var array + */ + private $kl; + + /** + * The Key Length (in bytes) + * {@internal The max value is 256 / 8 = 32, the min value is 128 / 8 = 16. Exists in conjunction with $Nk + * because the encryption / decryption / key schedule creation requires this number and not $key_length. We could + * derive this from $key_length or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once.} + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKeyLength() + * @var int + */ + protected $key_length = 16; + + /** + * Default Constructor. + * + * @throws InvalidArgumentException if an invalid / unsupported mode is provided + */ + public function __construct(string $mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new InvalidArgumentException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Sets the key length. + * + * Key lengths can be between 32 and 448 bits. + */ + public function setKeyLength(int $length): void + { + if ($length < 32 || $length > 448) { + throw new LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes between 32 and 448 bits are supported'); + } + + $this->key_length = $length >> 3; + + parent::setKeyLength($length); + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + */ + protected function isValidEngineHelper(int $engine): bool + { + if ($engine == self::ENGINE_OPENSSL) { + if ($this->key_length < 16) { + return false; + } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl_ecb = 'bf-ecb'; + $this->cipher_name_openssl = 'bf-' . $this->openssl_translate_mode(); + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupKey() + */ + protected function setupKey(): void + { + if (isset($this->kl['key']) && $this->key === $this->kl['key']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key]; + + /* key-expanding p[] and S-Box building sb[] */ + $this->bctx = [ + 'p' => [], + 'sb' => self::$sbox, + ]; + + // unpack binary string in unsigned chars + $key = array_values(unpack('C*', $this->key)); + $keyl = count($key); + // with bcrypt $keyl will always be 16 (because the key is the sha512 of the key you provide) + for ($j = 0, $i = 0; $i < 18; ++$i) { + // xor P1 with the first 32-bits of the key, xor P2 with the second 32-bits ... + for ($data = 0, $k = 0; $k < 4; ++$k) { + $data = ($data << 8) | $key[$j]; + if (++$j >= $keyl) { + $j = 0; + } + } + $this->bctx['p'][] = self::$parray[$i] ^ intval($data); + } + + // encrypt the zero-string, replace P1 and P2 with the encrypted data, + // encrypt P3 and P4 with the new P1 and P2, do it with all P-array and subkeys + $data = "\0\0\0\0\0\0\0\0"; + for ($i = 0; $i < 18; $i += 2) { + [$l, $r] = array_values(unpack('N*', $data = $this->encryptBlock($data))); + $this->bctx['p'][$i ] = $l; + $this->bctx['p'][$i + 1] = $r; + } + for ($i = 0; $i < 0x400; $i += 0x100) { + for ($j = 0; $j < 256; $j += 2) { + [$l, $r] = array_values(unpack('N*', $data = $this->encryptBlock($data))); + $this->bctx['sb'][$i | $j] = $l; + $this->bctx['sb'][$i | ($j + 1)] = $r; + } + } + } + + /** + * Initialize Static Variables + */ + protected static function initialize_static_variables(): void + { + if (is_float(self::$sbox[0x200])) { + self::$sbox = array_map('intval', self::$sbox); + self::$parray = array_map('intval', self::$parray); + } + + parent::initialize_static_variables(); + } + + /** + * bcrypt + */ + private static function bcrypt_hash(string $sha2pass, string $sha2salt): string + { + $p = self::$parray; + $sbox = self::$sbox; + + $cdata = array_values(unpack('N*', 'OxychromaticBlowfishSwatDynamite')); + $sha2pass = array_values(unpack('N*', $sha2pass)); + $sha2salt = array_values(unpack('N*', $sha2salt)); + + self::expandstate($sha2salt, $sha2pass, $sbox, $p); + for ($i = 0; $i < 64; $i++) { + self::expand0state($sha2salt, $sbox, $p); + self::expand0state($sha2pass, $sbox, $p); + } + + for ($i = 0; $i < 64; $i++) { + for ($j = 0; $j < 8; $j += 2) { // count($cdata) == 8 + [$cdata[$j], $cdata[$j + 1]] = self::encryptBlockHelperFast($cdata[$j], $cdata[$j + 1], $sbox, $p); + } + } + + return pack('V*', ...$cdata); + } + + /** + * Performs OpenSSH-style bcrypt + */ + public static function bcrypt_pbkdf(string $pass, string $salt, int $keylen, int $rounds): string + { + self::initialize_static_variables(); + + if (PHP_INT_SIZE == 4) { + throw new \RuntimeException('bcrypt is far too slow to be practical on 32-bit versions of PHP'); + } + + $sha2pass = hash('sha512', $pass, true); + $results = []; + $count = 1; + while (32 * count($results) < $keylen) { + $countsalt = $salt . pack('N', $count++); + $sha2salt = hash('sha512', $countsalt, true); + $out = $tmpout = self::bcrypt_hash($sha2pass, $sha2salt); + for ($i = 1; $i < $rounds; $i++) { + $sha2salt = hash('sha512', $tmpout, true); + $tmpout = self::bcrypt_hash($sha2pass, $sha2salt); + $out ^= $tmpout; + } + $results[] = $out; + } + $output = ''; + for ($i = 0; $i < 32; $i++) { + foreach ($results as $result) { + $output .= $result[$i]; + } + } + return substr($output, 0, $keylen); + } + + /** + * Key expansion without salt + * + * @access private + * @param int[] $key + * @param int[] $sbox + * @param int[] $p + * @see self::_bcrypt_hash() + */ + private static function expand0state(array $key, array &$sbox, array &$p): void + { + // expand0state is basically the same thing as this: + //return self::expandstate(array_fill(0, 16, 0), $key); + // but this separate function eliminates a bunch of XORs and array lookups + + $p = [ + $p[0] ^ $key[0], + $p[1] ^ $key[1], + $p[2] ^ $key[2], + $p[3] ^ $key[3], + $p[4] ^ $key[4], + $p[5] ^ $key[5], + $p[6] ^ $key[6], + $p[7] ^ $key[7], + $p[8] ^ $key[8], + $p[9] ^ $key[9], + $p[10] ^ $key[10], + $p[11] ^ $key[11], + $p[12] ^ $key[12], + $p[13] ^ $key[13], + $p[14] ^ $key[14], + $p[15] ^ $key[15], + $p[16] ^ $key[0], + $p[17] ^ $key[1], + ]; + + // @codingStandardsIgnoreStart + [ $p[0], $p[1]] = self::encryptBlockHelperFast( 0, 0, $sbox, $p); + [ $p[2], $p[3]] = self::encryptBlockHelperFast($p[ 0], $p[ 1], $sbox, $p); + [ $p[4], $p[5]] = self::encryptBlockHelperFast($p[ 2], $p[ 3], $sbox, $p); + [ $p[6], $p[7]] = self::encryptBlockHelperFast($p[ 4], $p[ 5], $sbox, $p); + [ $p[8], $p[9]] = self::encryptBlockHelperFast($p[ 6], $p[ 7], $sbox, $p); + [$p[10], $p[11]] = self::encryptBlockHelperFast($p[ 8], $p[ 9], $sbox, $p); + [$p[12], $p[13]] = self::encryptBlockHelperFast($p[10], $p[11], $sbox, $p); + [$p[14], $p[15]] = self::encryptBlockHelperFast($p[12], $p[13], $sbox, $p); + [$p[16], $p[17]] = self::encryptBlockHelperFast($p[14], $p[15], $sbox, $p); + // @codingStandardsIgnoreEnd + + [$sbox[0], $sbox[1]] = self::encryptBlockHelperFast($p[16], $p[17], $sbox, $p); + for ($i = 2; $i < 1024; $i += 2) { + [$sbox[$i], $sbox[$i + 1]] = self::encryptBlockHelperFast($sbox[$i - 2], $sbox[$i - 1], $sbox, $p); + } + } + + /** + * Key expansion with salt + * + * @access private + * @param int[] $data + * @param int[] $key + * @param int[] $sbox + * @param int[] $p + * @see self::_bcrypt_hash() + */ + private static function expandstate(array $data, array $key, array &$sbox, array &$p): void + { + $p = [ + $p[0] ^ $key[0], + $p[1] ^ $key[1], + $p[2] ^ $key[2], + $p[3] ^ $key[3], + $p[4] ^ $key[4], + $p[5] ^ $key[5], + $p[6] ^ $key[6], + $p[7] ^ $key[7], + $p[8] ^ $key[8], + $p[9] ^ $key[9], + $p[10] ^ $key[10], + $p[11] ^ $key[11], + $p[12] ^ $key[12], + $p[13] ^ $key[13], + $p[14] ^ $key[14], + $p[15] ^ $key[15], + $p[16] ^ $key[0], + $p[17] ^ $key[1], + ]; + + // @codingStandardsIgnoreStart + [ $p[0], $p[1]] = self::encryptBlockHelperFast($data[ 0] , $data[ 1] , $sbox, $p); + [ $p[2], $p[3]] = self::encryptBlockHelperFast($data[ 2] ^ $p[ 0], $data[ 3] ^ $p[ 1], $sbox, $p); + [ $p[4], $p[5]] = self::encryptBlockHelperFast($data[ 4] ^ $p[ 2], $data[ 5] ^ $p[ 3], $sbox, $p); + [ $p[6], $p[7]] = self::encryptBlockHelperFast($data[ 6] ^ $p[ 4], $data[ 7] ^ $p[ 5], $sbox, $p); + [ $p[8], $p[9]] = self::encryptBlockHelperFast($data[ 8] ^ $p[ 6], $data[ 9] ^ $p[ 7], $sbox, $p); + [$p[10], $p[11]] = self::encryptBlockHelperFast($data[10] ^ $p[ 8], $data[11] ^ $p[ 9], $sbox, $p); + [$p[12], $p[13]] = self::encryptBlockHelperFast($data[12] ^ $p[10], $data[13] ^ $p[11], $sbox, $p); + [$p[14], $p[15]] = self::encryptBlockHelperFast($data[14] ^ $p[12], $data[15] ^ $p[13], $sbox, $p); + [$p[16], $p[17]] = self::encryptBlockHelperFast($data[ 0] ^ $p[14], $data[ 1] ^ $p[15], $sbox, $p); + // @codingStandardsIgnoreEnd + + [$sbox[0], $sbox[1]] = self::encryptBlockHelperFast($data[2] ^ $p[16], $data[3] ^ $p[17], $sbox, $p); + for ($i = 2, $j = 4; $i < 1024; $i += 2, $j = ($j + 2) % 16) { // instead of 16 maybe count($data) would be better? + [$sbox[$i], $sbox[$i + 1]] = self::encryptBlockHelperFast($data[$j] ^ $sbox[$i - 2], $data[$j + 1] ^ $sbox[$i - 1], $sbox, $p); + } + } + + /** + * Encrypts a block + */ + protected function encryptBlock(string $in): string + { + $p = $this->bctx['p']; + // extract($this->bctx['sb'], EXTR_PREFIX_ALL, 'sb'); // slower + $sb = $this->bctx['sb']; + + $in = unpack('N*', $in); + $l = $in[1]; + $r = $in[2]; + + [$r, $l] = PHP_INT_SIZE == 4 ? + self::encryptBlockHelperSlow($l, $r, $sb, $p) : + self::encryptBlockHelperFast($l, $r, $sb, $p); + + return pack("N*", $r, $l); + } + + /** + * Fast helper function for block encryption + * + * @access private + * @param int[] $sbox + * @param int[] $p + * @return int[] + */ + private static function encryptBlockHelperFast(int $x0, int $x1, array $sbox, array $p): array + { + $x0 ^= $p[0]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[1]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[2]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[3]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[4]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[5]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[6]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[7]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[8]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[9]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[10]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[11]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[12]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[13]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[14]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[15]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[16]; + + return [$x1 & 0xFFFFFFFF ^ $p[17], $x0 & 0xFFFFFFFF]; + } + + /** + * Slow helper function for block encryption + * + * @param int[] $sbox + * @param int[] $p + * @return int[] + */ + private static function encryptBlockHelperSlow(int $x0, int $x1, array $sbox0, array $sbox, array $p): array + { + // -16777216 == intval(0xFF000000) on 32-bit PHP installs + $x0 ^= $p[0]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[1]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[2]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[3]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[4]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[5]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[6]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[7]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[8]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[9]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[10]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[11]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[12]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[13]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[14]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[15]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[16]; + + return [$x1 ^ $p[17], $x0]; + } + + /** + * Decrypts a block + */ + protected function decryptBlock(string $in): string + { + $p = $this->bctx['p']; + $sb = $this->bctx['sb']; + + $in = unpack('N*', $in); + $l = $in[1]; + $r = $in[2]; + + for ($i = 17; $i > 2; $i -= 2) { + $l ^= $p[$i]; + $r ^= intval((intval($sb[$l >> 24 & 0xff] + $sb[0x100 + ($l >> 16 & 0xff)]) ^ + $sb[0x200 + ($l >> 8 & 0xff)]) + + $sb[0x300 + ($l & 0xff)]); + + $r ^= $p[$i - 1]; + $l ^= intval((intval($sb[$r >> 24 & 0xff] + $sb[0x100 + ($r >> 16 & 0xff)]) ^ + $sb[0x200 + ($r >> 8 & 0xff)]) + + $sb[0x300 + ($r & 0xff)]); + } + return pack('N*', $r ^ $p[0], $l ^ $p[1]); + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupInlineCrypt() + */ + protected function setupInlineCrypt(): void + { + $p = $this->bctx['p']; + $init_crypt = ' + static $sb; + if (!$sb) { + $sb = $this->bctx["sb"]; + } + '; + + // Generating encrypt code: + $encrypt_block = ' + $in = unpack("N*", $in); + $l = $in[1]; + $r = $in[2]; + '; + for ($i = 0; $i < 16; $i += 2) { + $encrypt_block .= ' + $l^= ' . $p[$i] . '; + $r^= intval((intval($sb[$l >> 24 & 0xff] + $sb[0x100 + ($l >> 16 & 0xff)]) ^ + $sb[0x200 + ($l >> 8 & 0xff)]) + + $sb[0x300 + ($l & 0xff)]); + + $r^= ' . $p[$i + 1] . '; + $l^= intval((intval($sb[$r >> 24 & 0xff] + $sb[0x100 + ($r >> 16 & 0xff)]) ^ + $sb[0x200 + ($r >> 8 & 0xff)]) + + $sb[0x300 + ($r & 0xff)]); + '; + } + $encrypt_block .= ' + $in = pack("N*", + $r ^ ' . $p[17] . ', + $l ^ ' . $p[16] . ' + ); + '; + + // Generating decrypt code: + $decrypt_block = ' + $in = unpack("N*", $in); + $l = $in[1]; + $r = $in[2]; + '; + + for ($i = 17; $i > 2; $i -= 2) { + $decrypt_block .= ' + $l^= ' . $p[$i] . '; + $r^= intval((intval($sb[$l >> 24 & 0xff] + $sb[$l >> 16 & 0xff]) ^ + $sb[0x200 + ($l >> 8 & 0xff)]) + + $sb[0x300 + ($l & 0xff)]); + + $r^= ' . $p[$i - 1] . '; + $l^= intval((intval($sb[$r >> 24 & 0xff] + $sb[$r >> 16 & 0xff]) ^ + $sb[0x200 + ($r >> 8 & 0xff)]) + + $sb[0x300 + ($r & 0xff)]); + '; + } + + $decrypt_block .= ' + $in = pack("N*", + $r ^ ' . $p[0] . ', + $l ^ ' . $p[1] . ' + ); + '; + + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'init_encrypt' => '', + 'init_decrypt' => '', + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block, + ] + ); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/ChaCha20.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/ChaCha20.php new file mode 100644 index 0000000..c19eda4 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/ChaCha20.php @@ -0,0 +1,788 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\UnexpectedValueException; + +/** + * Pure-PHP implementation of ChaCha20. + * + * @author Jim Wigginton + */ +class ChaCha20 extends Salsa20 +{ + /** + * The OpenSSL specific name of the cipher + * + * @var string + */ + protected $cipher_name_openssl = 'chacha20'; + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + protected function isValidEngineHelper(int $engine): bool + { + switch ($engine) { + case self::ENGINE_LIBSODIUM: + // PHP 7.2.0 (30 Nov 2017) added support for libsodium + + // we could probably make it so that if $this->counter == 0 then the first block would be done with either OpenSSL + // or PHP and then subsequent blocks would then be done with libsodium but idk - it's not a high priority atm + + // we could also make it so that if $this->counter == 0 and $this->continuousBuffer then do the first string + // with libsodium and subsequent strings with openssl or pure-PHP but again not a high priority + return function_exists('sodium_crypto_aead_chacha20poly1305_ietf_encrypt') && + $this->key_length == 32 && + (($this->usePoly1305 && !isset($this->poly1305Key) && $this->counter == 0) || $this->counter == 1) && + !$this->continuousBuffer; + case self::ENGINE_OPENSSL: + // OpenSSL 1.1.0 (released 25 Aug 2016) added support for chacha20. + // PHP didn't support OpenSSL 1.1.0 until 7.0.19 (11 May 2017) + + // if you attempt to provide openssl with a 128 bit key (as opposed to a 256 bit key) openssl will null + // pad the key to 256 bits and still use the expansion constant for 256-bit keys. the fact that + // openssl treats the IV as both the counter and nonce, however, let's us use openssl in continuous mode + // whereas libsodium does not + if ($this->key_length != 32) { + return false; + } + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Encrypts a message. + * + * @return string $ciphertext + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @see self::crypt() + */ + public function encrypt(string $plaintext): string + { + $this->setup(); + + if ($this->engine == self::ENGINE_LIBSODIUM) { + return $this->encrypt_with_libsodium($plaintext); + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). + * At least if the continuous buffer is disabled. + * + * @return string $plaintext + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see self::crypt() + */ + public function decrypt(string $ciphertext): string + { + $this->setup(); + + if ($this->engine == self::ENGINE_LIBSODIUM) { + return $this->decrypt_with_libsodium($ciphertext); + } + + return parent::decrypt($ciphertext); + } + + /** + * Encrypts a message with libsodium + * + * @return string $text + * @see self::encrypt() + */ + private function encrypt_with_libsodium(string $plaintext): string + { + $params = [$plaintext, $this->aad, $this->nonce, $this->key]; + $ciphertext = strlen($this->nonce) == 8 ? + sodium_crypto_aead_chacha20poly1305_encrypt(...$params) : + sodium_crypto_aead_chacha20poly1305_ietf_encrypt(...$params); + if (!$this->usePoly1305) { + return substr($ciphertext, 0, strlen($plaintext)); + } + + $newciphertext = substr($ciphertext, 0, strlen($plaintext)); + + $this->newtag = $this->usingGeneratedPoly1305Key && strlen($this->nonce) == 12 ? + substr($ciphertext, strlen($plaintext)) : + $this->poly1305($newciphertext); + + return $newciphertext; + } + + /** + * Decrypts a message with libsodium + * + * @return string $text + * @see self::decrypt() + */ + private function decrypt_with_libsodium(string $ciphertext): string + { + $params = [$ciphertext, $this->aad, $this->nonce, $this->key]; + + if (isset($this->poly1305Key)) { + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + if ($this->usingGeneratedPoly1305Key && strlen($this->nonce) == 12) { + $plaintext = sodium_crypto_aead_chacha20poly1305_ietf_decrypt(...$params); + $this->oldtag = false; + if ($plaintext === false) { + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + return $plaintext; + } + $newtag = $this->poly1305($ciphertext); + if ($this->oldtag != substr($newtag, 0, strlen($this->oldtag))) { + $this->oldtag = false; + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + $this->oldtag = false; + } + + $plaintext = strlen($this->nonce) == 8 ? + sodium_crypto_aead_chacha20poly1305_encrypt(...$params) : + sodium_crypto_aead_chacha20poly1305_ietf_encrypt(...$params); + + return substr($plaintext, 0, strlen($ciphertext)); + } + + /** + * Sets the nonce. + */ + public function setNonce(string $nonce): void + { + if (!is_string($nonce)) { + throw new UnexpectedValueException('The nonce should be a string'); + } + + /* + from https://tools.ietf.org/html/rfc7539#page-7 + + "Note also that the original ChaCha had a 64-bit nonce and 64-bit + block count. We have modified this here to be more consistent with + recommendations in Section 3.2 of [RFC5116]." + */ + switch (strlen($nonce)) { + case 8: // 64 bits + case 12: // 96 bits + break; + default: + throw new LengthException('Nonce of size ' . strlen($nonce) . ' not supported by this algorithm. Only 64-bit nonces or 96-bit nonces are supported'); + } + + $this->nonce = $nonce; + $this->changed = true; + $this->setEngine(); + } + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setNonce() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * @see self::setKey() + * @see self::setNonce() + * @see self::disableContinuousBuffer() + */ + protected function setup(): void + { + if (!$this->changed) { + return; + } + + $this->enbuffer = $this->debuffer = ['ciphertext' => '', 'counter' => $this->counter]; + + $this->changed = $this->nonIVChanged = false; + + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + if ($this->usePoly1305 && !isset($this->poly1305Key)) { + $this->usingGeneratedPoly1305Key = true; + if ($this->engine == self::ENGINE_LIBSODIUM) { + return; + } + $this->createPoly1305Key(); + } + + $key = $this->key; + if (strlen($key) == 16) { + $constant = 'expand 16-byte k'; + $key .= $key; + } else { + $constant = 'expand 32-byte k'; + } + + $this->p1 = $constant . $key; + $this->p2 = $this->nonce; + if (strlen($this->nonce) == 8) { + $this->p2 = "\0\0\0\0" . $this->p2; + } + } + + /** + * The quarterround function + */ + protected static function quarterRound(int &$a, int &$b, int &$c, int &$d): void + { + // in https://datatracker.ietf.org/doc/html/rfc7539#section-2.1 the addition, + // xor'ing and rotation are all on the same line so i'm keeping it on the same + // line here as well + // @codingStandardsIgnoreStart + $a+= $b; $d = self::leftRotate(intval($d) ^ intval($a), 16); + $c+= $d; $b = self::leftRotate(intval($b) ^ intval($c), 12); + $a+= $b; $d = self::leftRotate(intval($d) ^ intval($a), 8); + $c+= $d; $b = self::leftRotate(intval($b) ^ intval($c), 7); + // @codingStandardsIgnoreEnd + } + + /** + * The doubleround function + * + * @param int $x0 (by reference) + * @param int $x1 (by reference) + * @param int $x2 (by reference) + * @param int $x3 (by reference) + * @param int $x4 (by reference) + * @param int $x5 (by reference) + * @param int $x6 (by reference) + * @param int $x7 (by reference) + * @param int $x8 (by reference) + * @param int $x9 (by reference) + * @param int $x10 (by reference) + * @param int $x11 (by reference) + * @param int $x12 (by reference) + * @param int $x13 (by reference) + * @param int $x14 (by reference) + * @param int $x15 (by reference) + */ + protected static function doubleRound(int &$x0, int &$x1, int &$x2, int &$x3, int &$x4, int &$x5, int &$x6, int &$x7, int &$x8, int &$x9, int &$x10, int &$x11, int &$x12, int &$x13, int &$x14, int &$x15): void + { + // columnRound + static::quarterRound($x0, $x4, $x8, $x12); + static::quarterRound($x1, $x5, $x9, $x13); + static::quarterRound($x2, $x6, $x10, $x14); + static::quarterRound($x3, $x7, $x11, $x15); + // rowRound + static::quarterRound($x0, $x5, $x10, $x15); + static::quarterRound($x1, $x6, $x11, $x12); + static::quarterRound($x2, $x7, $x8, $x13); + static::quarterRound($x3, $x4, $x9, $x14); + } + + /** + * The Salsa20 hash function function + * + * On my laptop this loop unrolled / function dereferenced version of parent::salsa20 encrypts 1mb of text in + * 0.65s vs the 0.85s that it takes with the parent method. + * + * If we were free to assume that the host OS would always be 64-bits then the if condition in leftRotate could + * be eliminated and we could knock this done to 0.60s. + * + * For comparison purposes, RC4 takes 0.16s and AES in CTR mode with the Eval engine takes 0.48s. + * AES in CTR mode with the PHP engine takes 1.19s. Salsa20 / ChaCha20 do not benefit as much from the Eval + * approach due to the fact that there are a lot less variables to de-reference, fewer loops to unroll, etc + */ + protected static function salsa20(string $x) + { + [, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15] = unpack('V*', $x); + $z0 = $x0; + $z1 = $x1; + $z2 = $x2; + $z3 = $x3; + $z4 = $x4; + $z5 = $x5; + $z6 = $x6; + $z7 = $x7; + $z8 = $x8; + $z9 = $x9; + $z10 = $x10; + $z11 = $x11; + $z12 = $x12; + $z13 = $x13; + $z14 = $x14; + $z15 = $x15; + + // @codingStandardsIgnoreStart + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + // @codingStandardsIgnoreEnd + + $x0 += $z0; + $x1 += $z1; + $x2 += $z2; + $x3 += $z3; + $x4 += $z4; + $x5 += $z5; + $x6 += $z6; + $x7 += $z7; + $x8 += $z8; + $x9 += $z9; + $x10 += $z10; + $x11 += $z11; + $x12 += $z12; + $x13 += $z13; + $x14 += $z14; + $x15 += $z15; + + return pack('V*', $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/AsymmetricKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/AsymmetricKey.php new file mode 100644 index 0000000..b2bfec2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/AsymmetricKey.php @@ -0,0 +1,532 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common; + +use phpseclib3\Crypt\Hash; +use phpseclib3\Exception\NoKeyLoadedException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Base Class for all asymmetric cipher classes + * + * @author Jim Wigginton + */ +abstract class AsymmetricKey +{ + /** + * Precomputed Zero + * + * @var BigInteger + */ + protected static $zero; + + /** + * Precomputed One + * + * @var BigInteger + */ + protected static $one; + + /** + * Format of the loaded key + * + * @var string + */ + protected $format; + + /** + * Hash function + * + * @var Hash + */ + protected $hash; + + /** + * HMAC function + * + * @var Hash + */ + private $hmac; + + /** + * Supported plugins (lower case) + * + * @see self::initialize_static_variables() + * @var array + */ + private static $plugins = []; + + /** + * Invisible plugins + * + * @see self::initialize_static_variables() + * @var array + */ + private static $invisiblePlugins = []; + + /** + * Available Engines + * + * @var boolean[] + */ + protected static $engines = []; + + /** + * Key Comment + * + * @var null|string + */ + private $comment; + + abstract public function toString(string $type, array $options = []): array|string; + + /** + * The constructor + */ + protected function __construct() + { + self::initialize_static_variables(); + + $this->hash = new Hash('sha256'); + $this->hmac = new Hash('sha256'); + } + + /** + * Initialize static variables + */ + protected static function initialize_static_variables(): void + { + if (!isset(self::$zero)) { + self::$zero = new BigInteger(0); + self::$one = new BigInteger(1); + } + + self::loadPlugins('Keys'); + if (static::ALGORITHM != 'RSA' && static::ALGORITHM != 'DH') { + self::loadPlugins('Signature'); + } + } + + /** + * Load the key + * + * @param string|array $key + * @return PublicKey|PrivateKey + */ + public static function load($key, ?string $password = null): AsymmetricKey + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('load() should not be called from final classes (' . static::class . ')'); + } + + $components = false; + foreach (self::$plugins[static::ALGORITHM]['Keys'] as $format) { + if (isset(self::$invisiblePlugins[static::ALGORITHM]) && in_array($format, self::$invisiblePlugins[static::ALGORITHM])) { + continue; + } + try { + $components = $format::load($key, $password); + } catch (\Exception $e) { + $components = false; + } + if ($components !== false) { + break; + } + } + + if ($components === false) { + throw new NoKeyLoadedException('Unable to read key'); + } + + $components['format'] = $format; + $components['secret'] ??= ''; + $comment = $components['comment'] ?? null; + $new = static::onLoad($components); + $new->format = $format; + $new->comment = $comment; + return $new instanceof PrivateKey ? + $new->withPassword($password) : + $new; + } + + /** + * Loads a private key + * + * @param string|array $key + * @param string $password optional + */ + public static function loadPrivateKey($key, string $password = ''): PrivateKey + { + $key = self::load($key, $password); + if (!$key instanceof PrivateKey) { + throw new NoKeyLoadedException('The key that was loaded was not a private key'); + } + return $key; + } + + /** + * Loads a public key + * + * @param string|array $key + */ + public static function loadPublicKey($key): PublicKey + { + $key = self::load($key); + if (!$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a public key'); + } + return $key; + } + + /** + * Loads parameters + * + * @param string|array $key + */ + public static function loadParameters($key): AsymmetricKey + { + $key = self::load($key); + if (!$key instanceof PrivateKey && !$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a parameter'); + } + return $key; + } + + /** + * Load the key, assuming a specific format + * + * @return static + */ + public static function loadFormat(string $type, string $key, ?string $password = null): AsymmetricKey + { + self::initialize_static_variables(); + + $components = false; + $format = strtolower($type); + if (isset(self::$plugins[static::ALGORITHM]['Keys'][$format])) { + $format = self::$plugins[static::ALGORITHM]['Keys'][$format]; + $components = $format::load($key, $password); + } + + if ($components === false) { + throw new NoKeyLoadedException('Unable to read key'); + } + + $components['format'] = $format; + $components['secret'] ??= ''; + + $new = static::onLoad($components); + $new->format = $format; + return $new instanceof PrivateKey ? + $new->withPassword($password) : + $new; + } + + /** + * Loads a private key + */ + public static function loadPrivateKeyFormat(string $type, string $key, ?string $password = null): PrivateKey + { + $key = self::loadFormat($type, $key, $password); + if (!$key instanceof PrivateKey) { + throw new NoKeyLoadedException('The key that was loaded was not a private key'); + } + return $key; + } + + /** + * Loads a public key + */ + public static function loadPublicKeyFormat(string $type, string $key): PublicKey + { + $key = self::loadFormat($type, $key); + if (!$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a public key'); + } + return $key; + } + + /** + * Loads parameters + * + * @param string|array $key + */ + public static function loadParametersFormat(string $type, $key): AsymmetricKey + { + $key = self::loadFormat($type, $key); + if (!$key instanceof PrivateKey && !$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a parameter'); + } + return $key; + } + + /** + * Validate Plugin + * + * @param string|null $method optional + */ + protected static function validatePlugin(string $format, string $type, ?string $method = null) + { + $type = strtolower($type); + if (!isset(self::$plugins[static::ALGORITHM][$format][$type])) { + throw new UnsupportedFormatException("$type is not a supported format"); + } + $type = self::$plugins[static::ALGORITHM][$format][$type]; + if (isset($method) && !method_exists($type, $method)) { + throw new UnsupportedFormatException("$type does not implement $method"); + } + + return $type; + } + + /** + * Load Plugins + */ + private static function loadPlugins(string $format): void + { + if (!isset(self::$plugins[static::ALGORITHM][$format])) { + self::$plugins[static::ALGORITHM][$format] = []; + foreach (new \DirectoryIterator(__DIR__ . '/../' . static::ALGORITHM . '/Formats/' . $format . '/') as $file) { + if ($file->getExtension() != 'php') { + continue; + } + $name = $file->getBasename('.php'); + if ($name[0] == '.') { + continue; + } + $type = 'phpseclib3\Crypt\\' . static::ALGORITHM . '\\Formats\\' . $format . '\\' . $name; + $reflect = new \ReflectionClass($type); + if ($reflect->isTrait()) { + continue; + } + self::$plugins[static::ALGORITHM][$format][strtolower($name)] = $type; + if ($reflect->hasConstant('IS_INVISIBLE')) { + self::$invisiblePlugins[static::ALGORITHM][] = $type; + } + } + } + } + + /** + * Returns a list of supported formats. + */ + public static function getSupportedKeyFormats(): array + { + self::initialize_static_variables(); + + return self::$plugins[static::ALGORITHM]['Keys']; + } + + /** + * Add a fileformat plugin + * + * The plugin needs to either already be loaded or be auto-loadable. + * Loading a plugin whose shortname overwrite an existing shortname will overwrite the old plugin. + * + * @see self::load() + */ + public static function addFileFormat(string $fullname): void + { + self::initialize_static_variables(); + + if (class_exists($fullname)) { + $meta = new \ReflectionClass($fullname); + $shortname = $meta->getShortName(); + self::$plugins[static::ALGORITHM]['Keys'][strtolower($shortname)] = $fullname; + if ($meta->hasConstant('IS_INVISIBLE')) { + self::$invisiblePlugins[static::ALGORITHM][] = strtolower($shortname); + } + } + } + + /** + * Returns the format of the loaded key. + * + * If the key that was loaded wasn't in a valid or if the key was auto-generated + * with RSA::createKey() then this will throw an exception. + * + * @see self::load() + */ + public function getLoadedFormat(): string + { + if (empty($this->format)) { + throw new NoKeyLoadedException('This key was created with createKey - it was not loaded with load. Therefore there is no "loaded format"'); + } + + $meta = new \ReflectionClass($this->format); + return $meta->getShortName(); + } + + /** + * Returns the key's comment + * + * Not all key formats support comments. If you want to set a comment use toString() + */ + public function getComment(): ?string + { + return $this->comment; + } + + /** + * Tests engine validity + */ + public static function useBestEngine(): array + { + static::$engines = [ + 'PHP' => true, + 'OpenSSL' => extension_loaded('openssl'), + // this test can be satisfied by either of the following: + // http://php.net/manual/en/book.sodium.php + // https://github.com/paragonie/sodium_compat + 'libsodium' => function_exists('sodium_crypto_sign_keypair'), + ]; + + return static::$engines; + } + + /** + * Flag to use internal engine only (useful for unit testing) + */ + public static function useInternalEngine(): void + { + static::$engines = [ + 'PHP' => true, + 'OpenSSL' => false, + 'libsodium' => false, + ]; + } + + /** + * __toString() magic method + * + * @return string + */ + public function __toString() + { + return $this->toString('PKCS8'); + } + + /** + * Determines which hashing function should be used + */ + public function withHash(string $hash): AsymmetricKey + { + $new = clone $this; + + $new->hash = new Hash($hash); + $new->hmac = new Hash($hash); + + return $new; + } + + /** + * Returns the hash algorithm currently being used + */ + public function getHash(): Hash + { + return clone $this->hash; + } + + /** + * Compute the pseudorandom k for signature generation, + * using the process specified for deterministic DSA. + * + * @return string + */ + protected function computek(string $h1) + { + $v = str_repeat("\1", strlen($h1)); + + $k = str_repeat("\0", strlen($h1)); + + $x = $this->int2octets($this->x); + $h1 = $this->bits2octets($h1); + + $this->hmac->setKey($k); + $k = $this->hmac->hash($v . "\0" . $x . $h1); + $this->hmac->setKey($k); + $v = $this->hmac->hash($v); + $k = $this->hmac->hash($v . "\1" . $x . $h1); + $this->hmac->setKey($k); + $v = $this->hmac->hash($v); + + $qlen = $this->q->getLengthInBytes(); + + while (true) { + $t = ''; + while (strlen($t) < $qlen) { + $v = $this->hmac->hash($v); + $t = $t . $v; + } + $k = $this->bits2int($t); + + if (!$k->equals(self::$zero) && $k->compare($this->q) < 0) { + break; + } + $k = $this->hmac->hash($v . "\0"); + $this->hmac->setKey($k); + $v = $this->hmac->hash($v); + } + + return $k; + } + + /** + * Integer to Octet String + */ + private function int2octets(BigInteger $v): string + { + $out = $v->toBytes(); + $rolen = $this->q->getLengthInBytes(); + if (strlen($out) < $rolen) { + return str_pad($out, $rolen, "\0", STR_PAD_LEFT); + } elseif (strlen($out) > $rolen) { + return substr($out, -$rolen); + } else { + return $out; + } + } + + /** + * Bit String to Integer + */ + protected function bits2int(string $in): BigInteger + { + $v = new BigInteger($in, 256); + $vlen = strlen($in) << 3; + $qlen = $this->q->getLength(); + if ($vlen > $qlen) { + return $v->bitwise_rightShift($vlen - $qlen); + } + return $v; + } + + /** + * Bit String to Octet String + */ + private function bits2octets(string $in): string + { + $z1 = $this->bits2int($in); + $z2 = $z1->subtract($this->q); + return $z2->compare(self::$zero) < 0 ? + $this->int2octets($z1) : + $this->int2octets($z2); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/BlockCipher.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/BlockCipher.php new file mode 100644 index 0000000..2c68586 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/BlockCipher.php @@ -0,0 +1,26 @@ + + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common; + +/** + * Base Class for all block cipher classes + * + * @author Jim Wigginton + */ +abstract class BlockCipher extends SymmetricKey +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/JWK.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/JWK.php new file mode 100644 index 0000000..4aa7d5b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/JWK.php @@ -0,0 +1,60 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; + +/** + * JSON Web Key Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class JWK +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + protected static function loadHelper($key): \stdClass + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $key = preg_replace('#\s#', '', $key); // remove whitespace + + $key = json_decode($key, null, 512, JSON_THROW_ON_ERROR); + + if (isset($key->kty)) { + return $key; + } + + if (count($key->keys) != 1) { + throw new \RuntimeException('Although the JWK key format supports multiple keys phpseclib does not'); + } + + return $key->keys[0]; + } + + /** + * Wrap a key appropriately + */ + protected static function wrapKey(array $key, array $options): string + { + return json_encode(['keys' => [$key + $options]]); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..4bbeffe --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php @@ -0,0 +1,217 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; + +/** + * OpenSSH Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH +{ + /** + * Default comment + * + * @var string + */ + protected static $comment = 'phpseclib-generated-key'; + + /** + * Binary key flag + * + * @var bool + */ + protected static $binary = false; + + /** + * Sets the default comment + */ + public static function setComment(string $comment): void + { + self::$comment = str_replace(["\r", "\n"], '', $comment); + } + + /** + * Break a public or private key down into its constituent components + * + * $type can be either ssh-dss or ssh-rsa + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + // key format is described here: + // https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD + + if (str_contains($key, 'BEGIN OPENSSH PRIVATE KEY')) { + $key = preg_replace('#(?:^-.*?-[\r\n]*$)|\s#ms', '', $key); + $key = Strings::base64_decode($key); + $magic = Strings::shift($key, 15); + if ($magic != "openssh-key-v1\0") { + throw new RuntimeException('Expected openssh-key-v1'); + } + [$ciphername, $kdfname, $kdfoptions, $numKeys] = Strings::unpackSSH2('sssN', $key); + if ($numKeys != 1) { + // if we wanted to support multiple keys we could update PublicKeyLoader to preview what the # of keys + // would be; it'd then call Common\Keys\OpenSSH.php::load() and get the paddedKey. it'd then pass + // that to the appropriate key loading parser $numKey times or something + throw new RuntimeException('Although the OpenSSH private key format supports multiple keys phpseclib does not'); + } + + switch ($ciphername) { + case 'none': + break; + case 'aes256-ctr': + if ($kdfname != 'bcrypt') { + throw new RuntimeException('Only the bcrypt kdf is supported (' . $kdfname . ' encountered)'); + } + [$salt, $rounds] = Strings::unpackSSH2('sN', $kdfoptions); + $crypto = new AES('ctr'); + //$crypto->setKeyLength(256); + //$crypto->disablePadding(); + $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32); + break; + default: + throw new RuntimeException('The only supported ciphers are: none, aes256-ctr (' . $ciphername . ' is being used)'); + } + + [$publicKey, $paddedKey] = Strings::unpackSSH2('ss', $key); + [$type] = Strings::unpackSSH2('s', $publicKey); + if (isset($crypto)) { + $paddedKey = $crypto->decrypt($paddedKey); + } + [$checkint1, $checkint2] = Strings::unpackSSH2('NN', $paddedKey); + // any leftover bytes in $paddedKey are for padding? but they should be sequential bytes. eg. 1, 2, 3, etc. + if ($checkint1 != $checkint2) { + if (isset($crypto)) { + throw new BadDecryptionException('Unable to decrypt key - please verify the password you are using'); + } + throw new RuntimeException("The two checkints do not match ($checkint1 vs. $checkint2)"); + } + self::checkType($type); + + return compact('type', 'publicKey', 'paddedKey'); + } + + $parts = explode(' ', $key, 3); + + if (!isset($parts[1])) { + $key = base64_decode($parts[0]); + $comment = false; + } else { + $asciiType = $parts[0]; + self::checkType($parts[0]); + $key = base64_decode($parts[1]); + $comment = $parts[2] ?? false; + } + if ($key === false) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + [$type] = Strings::unpackSSH2('s', $key); + self::checkType($type); + if (isset($asciiType) && $asciiType != $type) { + throw new RuntimeException('Two different types of keys are claimed: ' . $asciiType . ' and ' . $type); + } + if (strlen($key) <= 4) { + throw new UnexpectedValueException('Key appears to be malformed'); + } + + $publicKey = $key; + + return compact('type', 'publicKey', 'comment'); + } + + /** + * Toggle between binary and printable keys + * + * Printable keys are what are generated by default. These are the ones that go in + * $HOME/.ssh/authorized_key. + */ + public static function setBinaryOutput(bool $enabled): void + { + self::$binary = $enabled; + } + + /** + * Checks to see if the type is valid + */ + private static function checkType(string $candidate): void + { + if (!in_array($candidate, static::$types)) { + throw new RuntimeException("The key type ($candidate) is not equal to: " . implode(',', static::$types)); + } + } + + /** + * Wrap a private key appropriately + * + * @param string|false $password + */ + protected static function wrapPrivateKey(string $publicKey, string $privateKey, $password, array $options): string + { + [, $checkint] = unpack('N', Random::string(4)); + + $comment = $options['comment'] ?? self::$comment; + $paddedKey = Strings::packSSH2('NN', $checkint, $checkint) . + $privateKey . + Strings::packSSH2('s', $comment); + + $usesEncryption = !empty($password) && is_string($password); + + /* + from http://tools.ietf.org/html/rfc4253#section-6 : + + Note that the length of the concatenation of 'packet_length', + 'padding_length', 'payload', and 'random padding' MUST be a multiple + of the cipher block size or 8, whichever is larger. + */ + $blockSize = $usesEncryption ? 16 : 8; + $paddingLength = (($blockSize - 1) * strlen($paddedKey)) % $blockSize; + for ($i = 1; $i <= $paddingLength; $i++) { + $paddedKey .= chr($i); + } + if (!$usesEncryption) { + $key = Strings::packSSH2('sssNss', 'none', 'none', '', 1, $publicKey, $paddedKey); + } else { + $rounds = $options['rounds'] ?? 16; + $salt = Random::string(16); + $kdfoptions = Strings::packSSH2('sN', $salt, $rounds); + $crypto = new AES('ctr'); + $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32); + $paddedKey = $crypto->encrypt($paddedKey); + $key = Strings::packSSH2('sssNss', 'aes256-ctr', 'bcrypt', $kdfoptions, 1, $publicKey, $paddedKey); + } + $key = "openssh-key-v1\0$key"; + + return "-----BEGIN OPENSSH PRIVATE KEY-----\n" . + chunk_split(Strings::base64_encode($key), 70, "\n") . + "-----END OPENSSH PRIVATE KEY-----\n"; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS.php new file mode 100644 index 0000000..1707793 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS.php @@ -0,0 +1,71 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +/** + * PKCS1 Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS +{ + /** + * Auto-detect the format + */ + public const MODE_ANY = 0; + /** + * Require base64-encoded PEM's be supplied + */ + public const MODE_PEM = 1; + /** + * Require raw DER's be supplied + */ + public const MODE_DER = 2; + /**#@-*/ + + /** + * Is the key a base-64 encoded PEM, DER or should it be auto-detected? + * + * @var int + */ + protected static $format = self::MODE_ANY; + + /** + * Require base64-encoded PEM's be supplied + */ + public static function requirePEM(): void + { + self::$format = self::MODE_PEM; + } + + /** + * Require raw DER's be supplied + */ + public static function requireDER(): void + { + self::$format = self::MODE_DER; + } + + /** + * Accept any format and auto detect the format + * + * This is the default setting + */ + public static function requireAny(): void + { + self::$format = self::MODE_ANY; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..7fedf6c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS1.php @@ -0,0 +1,195 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\DES; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\TripleDES; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\File\ASN1; + +/** + * PKCS1 Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends PKCS +{ + /** + * Default encryption algorithm + * + * @var string + */ + private static $defaultEncryptionAlgorithm = 'AES-128-CBC'; + + /** + * Sets the default encryption algorithm + */ + public static function setEncryptionAlgorithm(string $algo): void + { + self::$defaultEncryptionAlgorithm = $algo; + } + + /** + * Returns the mode constant corresponding to the mode string + * + * @return int + * @throws UnexpectedValueException if the block cipher mode is unsupported + */ + private static function getEncryptionMode(string $mode) + { + switch ($mode) { + case 'CBC': + case 'ECB': + case 'CFB': + case 'OFB': + case 'CTR': + return $mode; + } + throw new UnexpectedValueException('Unsupported block cipher mode of operation'); + } + + /** + * Returns a cipher object corresponding to a string + * + * @return AES|DES|TripleDES + * @throws UnexpectedValueException if the encryption algorithm is unsupported + */ + private static function getEncryptionObject(string $algo) + { + $modes = '(CBC|ECB|CFB|OFB|CTR)'; + switch (true) { + case preg_match("#^AES-(128|192|256)-$modes$#", $algo, $matches): + $cipher = new AES(self::getEncryptionMode($matches[2])); + $cipher->setKeyLength((int) $matches[1]); + return $cipher; + case preg_match("#^DES-EDE3-$modes$#", $algo, $matches): + return new TripleDES(self::getEncryptionMode($matches[1])); + case preg_match("#^DES-$modes$#", $algo, $matches): + return new DES(self::getEncryptionMode($matches[1])); + default: + throw new UnsupportedAlgorithmException($algo . ' is not a supported algorithm'); + } + } + + /** + * Generate a symmetric key for PKCS#1 keys + */ + private static function generateSymmetricKey(string $password, string $iv, int $length): string + { + $symkey = ''; + $iv = substr($iv, 0, 8); + while (strlen($symkey) < $length) { + $symkey .= md5($symkey . $password . $iv, true); + } + return substr($symkey, 0, $length); + } + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + * @return array|string + */ + protected static function load($key, ?string $password = null) + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is + "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to + protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding + two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here: + + http://tools.ietf.org/html/rfc1421#section-4.6.1.1 + http://tools.ietf.org/html/rfc1421#section-4.6.1.3 + + DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell. + DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation + function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's + own implementation. ie. the implementation *is* the standard and any bugs that may exist in that + implementation are part of the standard, as well. + + * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */ + if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) { + $iv = Strings::hex2bin(trim($matches[2])); + // remove the Proc-Type / DEK-Info sections as they're no longer needed + $key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key); + $ciphertext = ASN1::extractBER($key); + if ($ciphertext === false) { + $ciphertext = $key; + } + $crypto = self::getEncryptionObject($matches[1]); + $crypto->setKey(self::generateSymmetricKey($password, $iv, $crypto->getKeyLength() >> 3)); + $crypto->setIV($iv); + $key = $crypto->decrypt($ciphertext); + } else { + if (self::$format != self::MODE_DER) { + $decoded = ASN1::extractBER($key); + if ($decoded !== false) { + $key = $decoded; + } elseif (self::$format == self::MODE_PEM) { + throw new UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text'); + } + } + } + + return $key; + } + + /** + * Wrap a private key appropriately + * + * @param string|false $password + * @param array $options optional + */ + protected static function wrapPrivateKey(string $key, string $type, $password, array $options = []): string + { + if (empty($password) || !is_string($password)) { + return "-----BEGIN $type PRIVATE KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END $type PRIVATE KEY-----"; + } + + $encryptionAlgorithm = $options['encryptionAlgorithm'] ?? self::$defaultEncryptionAlgorithm; + + $cipher = self::getEncryptionObject($encryptionAlgorithm); + $iv = Random::string($cipher->getBlockLength() >> 3); + $cipher->setKey(self::generateSymmetricKey($password, $iv, $cipher->getKeyLength() >> 3)); + $cipher->setIV($iv); + $iv = strtoupper(Strings::bin2hex($iv)); + return "-----BEGIN $type PRIVATE KEY-----\r\n" . + "Proc-Type: 4,ENCRYPTED\r\n" . + "DEK-Info: " . $encryptionAlgorithm . ",$iv\r\n" . + "\r\n" . + chunk_split(Strings::base64_encode($cipher->encrypt($key)), 64) . + "-----END $type PRIVATE KEY-----"; + } + + /** + * Wrap a public key appropriately + */ + protected static function wrapPublicKey(string $key, string $type): string + { + return "-----BEGIN $type PUBLIC KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END $type PUBLIC KEY-----"; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..abc0af7 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php @@ -0,0 +1,697 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\Common\SymmetricKey; +use phpseclib3\Crypt\DES; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RC2; +use phpseclib3\Crypt\RC4; +use phpseclib3\Crypt\TripleDES; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; + +/** + * PKCS#8 Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends PKCS +{ + /** + * Default encryption algorithm + * + * @var string + */ + private static $defaultEncryptionAlgorithm = 'id-PBES2'; + + /** + * Default encryption scheme + * + * Only used when defaultEncryptionAlgorithm is id-PBES2 + * + * @var string + */ + private static $defaultEncryptionScheme = 'aes128-CBC-PAD'; + + /** + * Default PRF + * + * Only used when defaultEncryptionAlgorithm is id-PBES2 + * + * @var string + */ + private static $defaultPRF = 'id-hmacWithSHA256'; + + /** + * Default Iteration Count + * + * @var int + */ + private static $defaultIterationCount = 2048; + + /** + * OIDs loaded + * + * @var bool + */ + private static $oidsLoaded = false; + + /** + * Sets the default encryption algorithm + */ + public static function setEncryptionAlgorithm(string $algo): void + { + self::$defaultEncryptionAlgorithm = $algo; + } + + /** + * Sets the default encryption algorithm for PBES2 + */ + public static function setEncryptionScheme(string $algo): void + { + self::$defaultEncryptionScheme = $algo; + } + + /** + * Sets the iteration count + */ + public static function setIterationCount(int $count): void + { + self::$defaultIterationCount = $count; + } + + /** + * Sets the PRF for PBES2 + */ + public static function setPRF(string $algo): void + { + self::$defaultPRF = $algo; + } + + /** + * Returns a SymmetricKey object based on a PBES1 $algo + * + * @return SymmetricKey + */ + private static function getPBES1EncryptionObject(string $algo) + { + $algo = preg_match('#^pbeWith(?:MD2|MD5|SHA1|SHA)And(.*?)-CBC$#', $algo, $matches) ? + $matches[1] : + substr($algo, 13); // strlen('pbeWithSHAAnd') == 13 + + switch ($algo) { + case 'DES': + $cipher = new DES('cbc'); + break; + case 'RC2': + $cipher = new RC2('cbc'); + $cipher->setKeyLength(64); + break; + case '3-KeyTripleDES': + $cipher = new TripleDES('cbc'); + break; + case '2-KeyTripleDES': + $cipher = new TripleDES('cbc'); + $cipher->setKeyLength(128); + break; + case '128BitRC2': + $cipher = new RC2('cbc'); + $cipher->setKeyLength(128); + break; + case '40BitRC2': + $cipher = new RC2('cbc'); + $cipher->setKeyLength(40); + break; + case '128BitRC4': + $cipher = new RC4(); + $cipher->setKeyLength(128); + break; + case '40BitRC4': + $cipher = new RC4(); + $cipher->setKeyLength(40); + break; + default: + throw new UnsupportedAlgorithmException("$algo is not a supported algorithm"); + } + + return $cipher; + } + + /** + * Returns a hash based on a PBES1 $algo + */ + private static function getPBES1Hash(string $algo): string + { + if (preg_match('#^pbeWith(MD2|MD5|SHA1|SHA)And.*?-CBC$#', $algo, $matches)) { + return $matches[1] == 'SHA' ? 'sha1' : $matches[1]; + } + + return 'sha1'; + } + + /** + * Returns a KDF baesd on a PBES1 $algo + */ + private static function getPBES1KDF(string $algo): string + { + switch ($algo) { + case 'pbeWithMD2AndDES-CBC': + case 'pbeWithMD2AndRC2-CBC': + case 'pbeWithMD5AndDES-CBC': + case 'pbeWithMD5AndRC2-CBC': + case 'pbeWithSHA1AndDES-CBC': + case 'pbeWithSHA1AndRC2-CBC': + return 'pbkdf1'; + } + + return 'pkcs12'; + } + + /** + * Returns a SymmetricKey object baesd on a PBES2 $algo + */ + private static function getPBES2EncryptionObject(string $algo): SymmetricKey + { + switch ($algo) { + case 'desCBC': + $cipher = new DES('cbc'); + break; + case 'des-EDE3-CBC': + $cipher = new TripleDES('cbc'); + break; + case 'rc2CBC': + $cipher = new RC2('cbc'); + // in theory this can be changed + $cipher->setKeyLength(128); + break; + case 'rc5-CBC-PAD': + throw new UnsupportedAlgorithmException('rc5-CBC-PAD is not supported for PBES2 PKCS#8 keys'); + case 'aes128-CBC-PAD': + case 'aes192-CBC-PAD': + case 'aes256-CBC-PAD': + $cipher = new AES('cbc'); + $cipher->setKeyLength((int) substr($algo, 3, 3)); + break; + default: + throw new UnsupportedAlgorithmException("$algo is not supported"); + } + + return $cipher; + } + + /** + * Initialize static variables + */ + private static function initialize_static_variables(): void + { + if (!isset(static::$childOIDsLoaded)) { + throw new InsufficientSetupException('This class should not be called directly'); + } + + if (!static::$childOIDsLoaded) { + ASN1::loadOIDs(is_array(static::OID_NAME) ? + array_combine(static::OID_NAME, static::OID_VALUE) : + [static::OID_NAME => static::OID_VALUE]); + static::$childOIDsLoaded = true; + } + if (!self::$oidsLoaded) { + // from https://tools.ietf.org/html/rfc2898 + ASN1::loadOIDs([ + // PBES1 encryption schemes + 'pbeWithMD2AndDES-CBC' => '1.2.840.113549.1.5.1', + 'pbeWithMD2AndRC2-CBC' => '1.2.840.113549.1.5.4', + 'pbeWithMD5AndDES-CBC' => '1.2.840.113549.1.5.3', + 'pbeWithMD5AndRC2-CBC' => '1.2.840.113549.1.5.6', + 'pbeWithSHA1AndDES-CBC' => '1.2.840.113549.1.5.10', + 'pbeWithSHA1AndRC2-CBC' => '1.2.840.113549.1.5.11', + + // from PKCS#12: + // https://tools.ietf.org/html/rfc7292 + 'pbeWithSHAAnd128BitRC4' => '1.2.840.113549.1.12.1.1', + 'pbeWithSHAAnd40BitRC4' => '1.2.840.113549.1.12.1.2', + 'pbeWithSHAAnd3-KeyTripleDES-CBC' => '1.2.840.113549.1.12.1.3', + 'pbeWithSHAAnd2-KeyTripleDES-CBC' => '1.2.840.113549.1.12.1.4', + 'pbeWithSHAAnd128BitRC2-CBC' => '1.2.840.113549.1.12.1.5', + 'pbeWithSHAAnd40BitRC2-CBC' => '1.2.840.113549.1.12.1.6', + + 'id-PBKDF2' => '1.2.840.113549.1.5.12', + 'id-PBES2' => '1.2.840.113549.1.5.13', + 'id-PBMAC1' => '1.2.840.113549.1.5.14', + + // from PKCS#5 v2.1: + // http://www.rsa.com/rsalabs/pkcs/files/h11302-wp-pkcs5v2-1-password-based-cryptography-standard.pdf + 'id-hmacWithSHA1' => '1.2.840.113549.2.7', + 'id-hmacWithSHA224' => '1.2.840.113549.2.8', + 'id-hmacWithSHA256' => '1.2.840.113549.2.9', + 'id-hmacWithSHA384' => '1.2.840.113549.2.10', + 'id-hmacWithSHA512' => '1.2.840.113549.2.11', + 'id-hmacWithSHA512-224' => '1.2.840.113549.2.12', + 'id-hmacWithSHA512-256' => '1.2.840.113549.2.13', + + 'desCBC' => '1.3.14.3.2.7', + 'des-EDE3-CBC' => '1.2.840.113549.3.7', + 'rc2CBC' => '1.2.840.113549.3.2', + 'rc5-CBC-PAD' => '1.2.840.113549.3.9', + + 'aes128-CBC-PAD' => '2.16.840.1.101.3.4.1.2', + 'aes192-CBC-PAD' => '2.16.840.1.101.3.4.1.22', + 'aes256-CBC-PAD' => '2.16.840.1.101.3.4.1.42', + ]); + self::$oidsLoaded = true; + } + } + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + protected static function load($key, ?string $password = null): array + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $isPublic = str_contains($key, 'PUBLIC'); + $isPrivate = str_contains($key, 'PRIVATE'); + + $decoded = self::preParse($key); + + $meta = []; + + $decrypted = ASN1::asn1map($decoded[0], Maps\EncryptedPrivateKeyInfo::MAP); + if ($password !== null && strlen($password) && is_array($decrypted)) { + $algorithm = $decrypted['encryptionAlgorithm']['algorithm']; + switch ($algorithm) { + // PBES1 + case 'pbeWithMD2AndDES-CBC': + case 'pbeWithMD2AndRC2-CBC': + case 'pbeWithMD5AndDES-CBC': + case 'pbeWithMD5AndRC2-CBC': + case 'pbeWithSHA1AndDES-CBC': + case 'pbeWithSHA1AndRC2-CBC': + case 'pbeWithSHAAnd3-KeyTripleDES-CBC': + case 'pbeWithSHAAnd2-KeyTripleDES-CBC': + case 'pbeWithSHAAnd128BitRC2-CBC': + case 'pbeWithSHAAnd40BitRC2-CBC': + case 'pbeWithSHAAnd128BitRC4': + case 'pbeWithSHAAnd40BitRC4': + $cipher = self::getPBES1EncryptionObject($algorithm); + $hash = self::getPBES1Hash($algorithm); + $kdf = self::getPBES1KDF($algorithm); + + $meta['meta']['algorithm'] = $algorithm; + + $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + if (!$temp) { + throw new RuntimeException('Unable to decode BER'); + } + extract(ASN1::asn1map($temp[0], Maps\PBEParameter::MAP)); + $iterationCount = (int) $iterationCount->toString(); + $cipher->setPassword($password, $kdf, $hash, $salt, $iterationCount); + $key = $cipher->decrypt($decrypted['encryptedData']); + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER 2'); + } + + break; + case 'id-PBES2': + $meta['meta']['algorithm'] = $algorithm; + + $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + if (!$temp) { + throw new RuntimeException('Unable to decode BER'); + } + $temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP); + extract($temp); + + $cipher = self::getPBES2EncryptionObject($encryptionScheme['algorithm']); + $meta['meta']['cipher'] = $encryptionScheme['algorithm']; + + $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + if (!$temp) { + throw new RuntimeException('Unable to decode BER'); + } + $temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP); + extract($temp); + + if (!$cipher instanceof RC2) { + $cipher->setIV($encryptionScheme['parameters']['octetString']); + } else { + $temp = ASN1::decodeBER($encryptionScheme['parameters']); + if (!$temp) { + throw new RuntimeException('Unable to decode BER'); + } + extract(ASN1::asn1map($temp[0], Maps\RC2CBCParameter::MAP)); + $effectiveKeyLength = (int) $rc2ParametersVersion->toString(); + switch ($effectiveKeyLength) { + case 160: + $effectiveKeyLength = 40; + break; + case 120: + $effectiveKeyLength = 64; + break; + case 58: + $effectiveKeyLength = 128; + break; + //default: // should be >= 256 + } + $cipher->setIV($iv); + $cipher->setKeyLength($effectiveKeyLength); + } + + $meta['meta']['keyDerivationFunc'] = $keyDerivationFunc['algorithm']; + switch ($keyDerivationFunc['algorithm']) { + case 'id-PBKDF2': + $temp = ASN1::decodeBER($keyDerivationFunc['parameters']); + if (!$temp) { + throw new RuntimeException('Unable to decode BER'); + } + $prf = ['algorithm' => 'id-hmacWithSHA1']; + $params = ASN1::asn1map($temp[0], Maps\PBKDF2params::MAP); + extract($params); + $meta['meta']['prf'] = $prf['algorithm']; + $hash = str_replace('-', '/', substr($prf['algorithm'], 11)); + $params = [ + $password, + 'pbkdf2', + $hash, + $salt, + (int) $iterationCount->toString(), + ]; + if (isset($keyLength)) { + $params[] = (int) $keyLength->toString(); + } + $cipher->setPassword(...$params); + $key = $cipher->decrypt($decrypted['encryptedData']); + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER 3'); + } + break; + default: + throw new UnsupportedAlgorithmException('Only PBKDF2 is supported for PBES2 PKCS#8 keys'); + } + break; + case 'id-PBMAC1': + //$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + //$value = ASN1::asn1map($temp[0], Maps\PBMAC1params::MAP); + // since i can't find any implementation that does PBMAC1 it is unsupported + throw new UnsupportedAlgorithmException('Only PBES1 and PBES2 PKCS#8 keys are supported.'); + // at this point we'll assume that the key conforms to PublicKeyInfo + } + } + + $private = ASN1::asn1map($decoded[0], Maps\OneAsymmetricKey::MAP); + if (is_array($private)) { + if ($isPublic) { + throw new UnexpectedValueException('Human readable string claims public key but DER encoded string claims private key'); + } + + if (isset($private['privateKeyAlgorithm']['parameters']) && !$private['privateKeyAlgorithm']['parameters'] instanceof ASN1\Element && isset($decoded[0]['content'][1]['content'][1])) { + $temp = $decoded[0]['content'][1]['content'][1]; + $private['privateKeyAlgorithm']['parameters'] = new ASN1\Element(substr($key, $temp['start'], $temp['length'])); + } + if (is_array(static::OID_NAME)) { + if (!in_array($private['privateKeyAlgorithm']['algorithm'], static::OID_NAME)) { + throw new UnsupportedAlgorithmException($private['privateKeyAlgorithm']['algorithm'] . ' is not a supported key type'); + } + } else { + if ($private['privateKeyAlgorithm']['algorithm'] != static::OID_NAME) { + throw new UnsupportedAlgorithmException('Only ' . static::OID_NAME . ' keys are supported; this is a ' . $private['privateKeyAlgorithm']['algorithm'] . ' key'); + } + } + if (isset($private['publicKey'])) { + if ($private['publicKey'][0] != "\0") { + throw new UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($private['publicKey'][0])); + } + $private['publicKey'] = substr($private['publicKey'], 1); + } + return $private + $meta; + } + + // EncryptedPrivateKeyInfo and PublicKeyInfo have largely identical "signatures". the only difference + // is that the former has an octet string and the later has a bit string. the first byte of a bit + // string represents the number of bits in the last byte that are to be ignored but, currently, + // bit strings wanting a non-zero amount of bits trimmed are not supported + $public = ASN1::asn1map($decoded[0], Maps\PublicKeyInfo::MAP); + + if (is_array($public)) { + if ($isPrivate) { + throw new UnexpectedValueException('Human readable string claims private key but DER encoded string claims public key'); + } + + if ($public['publicKey'][0] != "\0") { + throw new UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($public['publicKey'][0])); + } + if (is_array(static::OID_NAME)) { + if (!in_array($public['publicKeyAlgorithm']['algorithm'], static::OID_NAME)) { + throw new UnsupportedAlgorithmException($public['publicKeyAlgorithm']['algorithm'] . ' is not a supported key type'); + } + } else { + if ($public['publicKeyAlgorithm']['algorithm'] != static::OID_NAME) { + throw new UnsupportedAlgorithmException('Only ' . static::OID_NAME . ' keys are supported; this is a ' . $public['publicKeyAlgorithm']['algorithm'] . ' key'); + } + } + if (isset($public['publicKeyAlgorithm']['parameters']) && !$public['publicKeyAlgorithm']['parameters'] instanceof ASN1\Element && isset($decoded[0]['content'][0]['content'][1])) { + $temp = $decoded[0]['content'][0]['content'][1]; + $public['publicKeyAlgorithm']['parameters'] = new ASN1\Element(substr($key, $temp['start'], $temp['length'])); + } + $public['publicKey'] = substr($public['publicKey'], 1); + return $public; + } + + throw new RuntimeException('Unable to parse using either OneAsymmetricKey or PublicKeyInfo ASN1 maps'); + } + + /** + * Wrap a private key appropriately + * + * @param array|string $attr + * @param string|false $password + * @param string|null $oid optional + * @param string $publicKey optional + * @param array $options optional + */ + protected static function wrapPrivateKey(string $key, $attr, $params, $password, ?string $oid = null, string $publicKey = '', array $options = []): string + { + self::initialize_static_variables(); + + $key = [ + 'version' => 'v1', + 'privateKeyAlgorithm' => [ + 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid, + ], + 'privateKey' => $key, + ]; + if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') { + $key['privateKeyAlgorithm']['parameters'] = $params; + } + if (!empty($attr)) { + $key['attributes'] = $attr; + } + if (!empty($publicKey)) { + $key['version'] = 'v2'; + $key['publicKey'] = $publicKey; + } + $key = ASN1::encodeDER($key, Maps\OneAsymmetricKey::MAP); + if (!empty($password) && is_string($password)) { + $salt = Random::string(8); + + $iterationCount = $options['iterationCount'] ?? self::$defaultIterationCount; + $encryptionAlgorithm = $options['encryptionAlgorithm'] ?? self::$defaultEncryptionAlgorithm; + $encryptionScheme = $options['encryptionScheme'] ?? self::$defaultEncryptionScheme; + $prf = $options['PRF'] ?? self::$defaultPRF; + + if ($encryptionAlgorithm == 'id-PBES2') { + $crypto = self::getPBES2EncryptionObject($encryptionScheme); + $hash = str_replace('-', '/', substr($prf, 11)); + $kdf = 'pbkdf2'; + $iv = Random::string($crypto->getBlockLength() >> 3); + + $PBKDF2params = [ + 'salt' => $salt, + 'iterationCount' => $iterationCount, + 'prf' => ['algorithm' => $prf, 'parameters' => null], + ]; + $PBKDF2params = ASN1::encodeDER($PBKDF2params, Maps\PBKDF2params::MAP); + + if (!$crypto instanceof RC2) { + $params = ['octetString' => $iv]; + } else { + $params = [ + 'rc2ParametersVersion' => 58, + 'iv' => $iv, + ]; + $params = ASN1::encodeDER($params, Maps\RC2CBCParameter::MAP); + $params = new ASN1\Element($params); + } + + $params = [ + 'keyDerivationFunc' => [ + 'algorithm' => 'id-PBKDF2', + 'parameters' => new ASN1\Element($PBKDF2params), + ], + 'encryptionScheme' => [ + 'algorithm' => $encryptionScheme, + 'parameters' => $params, + ], + ]; + $params = ASN1::encodeDER($params, Maps\PBES2params::MAP); + + $crypto->setIV($iv); + } else { + $crypto = self::getPBES1EncryptionObject($encryptionAlgorithm); + $hash = self::getPBES1Hash($encryptionAlgorithm); + $kdf = self::getPBES1KDF($encryptionAlgorithm); + + $params = [ + 'salt' => $salt, + 'iterationCount' => $iterationCount, + ]; + $params = ASN1::encodeDER($params, Maps\PBEParameter::MAP); + } + $crypto->setPassword($password, $kdf, $hash, $salt, $iterationCount); + $key = $crypto->encrypt($key); + + $key = [ + 'encryptionAlgorithm' => [ + 'algorithm' => $encryptionAlgorithm, + 'parameters' => new ASN1\Element($params), + ], + 'encryptedData' => $key, + ]; + + $key = ASN1::encodeDER($key, Maps\EncryptedPrivateKeyInfo::MAP); + + return "-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END ENCRYPTED PRIVATE KEY-----"; + } + + return "-----BEGIN PRIVATE KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END PRIVATE KEY-----"; + } + + /** + * Wrap a public key appropriately + */ + protected static function wrapPublicKey(string $key, $params, ?string $oid = null): string + { + self::initialize_static_variables(); + + $key = [ + 'publicKeyAlgorithm' => [ + 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid, + ], + 'publicKey' => "\0" . $key, + ]; + + if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') { + $key['publicKeyAlgorithm']['parameters'] = $params; + } + + $key = ASN1::encodeDER($key, Maps\PublicKeyInfo::MAP); + + return "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + } + + /** + * Perform some preliminary parsing of the key + * + * @param string|array $key + */ + private static function preParse(&$key): array + { + self::initialize_static_variables(); + + if (self::$format != self::MODE_DER) { + $decoded = ASN1::extractBER($key); + if ($decoded !== false) { + $key = $decoded; + } elseif (self::$format == self::MODE_PEM) { + throw new UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text'); + } + } + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + + return $decoded; + } + + /** + * Returns the encryption parameters used by the key + */ + public static function extractEncryptionAlgorithm(string $key): array + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $decoded = self::preParse($key); + + $r = ASN1::asn1map($decoded[0], Maps\EncryptedPrivateKeyInfo::MAP); + if (!is_array($r)) { + throw new RuntimeException('Unable to parse using EncryptedPrivateKeyInfo map'); + } + + if ($r['encryptionAlgorithm']['algorithm'] == 'id-PBES2') { + $decoded = ASN1::decodeBER($r['encryptionAlgorithm']['parameters']->element); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + $r['encryptionAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], Maps\PBES2params::MAP); + + $kdf = &$r['encryptionAlgorithm']['parameters']['keyDerivationFunc']; + switch ($kdf['algorithm']) { + case 'id-PBKDF2': + $decoded = ASN1::decodeBER($kdf['parameters']->element); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + $kdf['parameters'] = ASN1::asn1map($decoded[0], Maps\PBKDF2params::MAP); + } + } + + return $r['encryptionAlgorithm']; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..83697ed --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php @@ -0,0 +1,353 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedAlgorithmException; + +/** + * PuTTY Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY +{ + /** + * Default comment + * + * @var string + */ + private static $comment = 'phpseclib-generated-key'; + + /** + * Default version + * + * @var int + */ + private static $version = 2; + + /** + * Sets the default comment + */ + public static function setComment(string $comment): void + { + self::$comment = str_replace(["\r", "\n"], '', $comment); + } + + /** + * Sets the default version + */ + public static function setVersion(int $version): void + { + if ($version != 2 && $version != 3) { + throw new RuntimeException('Only supported versions are 2 and 3'); + } + self::$version = $version; + } + + /** + * Generate a symmetric key for PuTTY v2 keys + */ + private static function generateV2Key(string $password, int $length): string + { + $symkey = ''; + $sequence = 0; + while (strlen($symkey) < $length) { + $temp = pack('Na*', $sequence++, $password); + $symkey .= Strings::hex2bin(sha1($temp)); + } + return substr($symkey, 0, $length); + } + + /** + * Generate a symmetric key for PuTTY v3 keys + */ + private static function generateV3Key(string $password, string $flavour, int $memory, int $passes, string $salt): array + { + if (!function_exists('sodium_crypto_pwhash')) { + throw new RuntimeException('sodium_crypto_pwhash needs to exist for Argon2 password hasing'); + } + + switch ($flavour) { + case 'Argon2i': + $flavour = SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13; + break; + case 'Argon2id': + $flavour = SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13; + break; + default: + throw new UnsupportedAlgorithmException('Only Argon2i and Argon2id are supported'); + } + + $length = 80; // keylen + ivlen + mac_keylen + $temp = sodium_crypto_pwhash($length, $password, $salt, $passes, $memory << 10, $flavour); + + $symkey = substr($temp, 0, 32); + $symiv = substr($temp, 32, 16); + $hashkey = substr($temp, -32); + + return compact('symkey', 'symiv', 'hashkey'); + } + + /** + * Break a public or private key down into its constituent components + * + * @param array|string $key + * @param string|false $password + * @return array|false + */ + public static function load($key, $password) + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (str_contains($key, 'BEGIN SSH2 PUBLIC KEY')) { + $lines = preg_split('#[\r\n]+#', $key); + switch (true) { + case $lines[0] != '---- BEGIN SSH2 PUBLIC KEY ----': + throw new UnexpectedValueException('Key doesn\'t start with ---- BEGIN SSH2 PUBLIC KEY ----'); + case $lines[count($lines) - 1] != '---- END SSH2 PUBLIC KEY ----': + throw new UnexpectedValueException('Key doesn\'t end with ---- END SSH2 PUBLIC KEY ----'); + } + $lines = array_splice($lines, 1, -1); + $lines = array_map(fn ($line) => rtrim($line, "\r\n"), $lines); + $data = $current = ''; + $values = []; + $in_value = false; + foreach ($lines as $line) { + switch (true) { + case preg_match('#^(.*?): (.*)#', $line, $match): + $in_value = $line[-1] == '\\'; + $current = strtolower($match[1]); + $values[$current] = $in_value ? substr($match[2], 0, -1) : $match[2]; + break; + case $in_value: + $in_value = $line[-1] == '\\'; + $values[$current] .= $in_value ? substr($line, 0, -1) : $line; + break; + default: + $data .= $line; + } + } + + $components = call_user_func([static::PUBLIC_HANDLER, 'load'], $data); + if ($components === false) { + throw new UnexpectedValueException('Unable to decode public key'); + } + $components += $values; + $components['comment'] = str_replace(['\\\\', '\"'], ['\\', '"'], $values['comment']); + + return $components; + } + + $components = []; + + $key = preg_split('#\r\n|\r|\n#', trim($key)); + if (Strings::shift($key[0], strlen('PuTTY-User-Key-File-')) != 'PuTTY-User-Key-File-') { + return false; + } + $version = (int) Strings::shift($key[0], 3); // should be either "2: " or "3: 0" prior to int casting + if ($version != 2 && $version != 3) { + throw new RuntimeException('Only v2 and v3 PuTTY private keys are supported'); + } + $components['type'] = $type = rtrim($key[0]); + if (!in_array($type, static::$types)) { + $error = count(static::$types) == 1 ? + 'Only ' . static::$types[0] . ' keys are supported. ' : + ''; + throw new UnsupportedAlgorithmException($error . 'This is an unsupported ' . $type . ' key'); + } + $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1])); + $components['comment'] = trim(preg_replace('#Comment: (.+)#', '$1', $key[2])); + + $publicLength = (int) trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3])); + $public = Strings::base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength)))); + + $source = Strings::packSSH2('ssss', $type, $encryption, $components['comment'], $public); + + extract(unpack('Nlength', Strings::shift($public, 4))); + $newtype = Strings::shift($public, $length); + if ($newtype != $type) { + throw new RuntimeException('The binary type does not match the human readable type field'); + } + + $components['public'] = $public; + + switch ($version) { + case 3: + $hashkey = ''; + break; + case 2: + $hashkey = 'putty-private-key-file-mac-key'; + } + + $offset = $publicLength + 4; + switch ($encryption) { + case 'aes256-cbc': + $crypto = new AES('cbc'); + switch ($version) { + case 3: + $flavour = trim(preg_replace('#Key-Derivation: (.*)#', '$1', $key[$offset++])); + $memory = trim(preg_replace('#Argon2-Memory: (\d+)#', '$1', $key[$offset++])); + $passes = trim(preg_replace('#Argon2-Passes: (\d+)#', '$1', $key[$offset++])); + $parallelism = trim(preg_replace('#Argon2-Parallelism: (\d+)#', '$1', $key[$offset++])); + $salt = Strings::hex2bin(trim(preg_replace('#Argon2-Salt: ([0-9a-f]+)#', '$1', $key[$offset++]))); + + extract(self::generateV3Key($password, $flavour, (int)$memory, (int)$passes, $salt)); + + break; + case 2: + $symkey = self::generateV2Key($password, 32); + $symiv = str_repeat("\0", $crypto->getBlockLength() >> 3); + $hashkey .= $password; + } + } + + switch ($version) { + case 3: + $hash = new Hash('sha256'); + $hash->setKey($hashkey); + break; + case 2: + $hash = new Hash('sha1'); + $hash->setKey(sha1($hashkey, true)); + } + + $privateLength = (int) trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$offset++])); + $private = Strings::base64_decode(implode('', array_map('trim', array_slice($key, $offset, $privateLength)))); + + if ($encryption != 'none') { + $crypto->setKey($symkey); + $crypto->setIV($symiv); + $crypto->disablePadding(); + $private = $crypto->decrypt($private); + } + + $source .= Strings::packSSH2('s', $private); + + $hmac = trim(preg_replace('#Private-MAC: (.+)#', '$1', $key[$offset + $privateLength])); + $hmac = Strings::hex2bin($hmac); + + if (!hash_equals($hash->hash($source), $hmac)) { + throw new UnexpectedValueException('MAC validation error'); + } + + $components['private'] = $private; + + return $components; + } + + /** + * Wrap a private key appropriately + * + * @param string|false $password + * @param array $options optional + */ + protected static function wrapPrivateKey(string $public, string $private, string $type, $password, array $options = []): string + { + $encryption = (!empty($password) || is_string($password)) ? 'aes256-cbc' : 'none'; + $comment = $options['comment'] ?? self::$comment; + $version = $options['version'] ?? self::$version; + + $key = "PuTTY-User-Key-File-$version: $type\r\n"; + $key .= "Encryption: $encryption\r\n"; + $key .= "Comment: $comment\r\n"; + + $public = Strings::packSSH2('s', $type) . $public; + + $source = Strings::packSSH2('ssss', $type, $encryption, $comment, $public); + + $public = Strings::base64_encode($public); + $key .= "Public-Lines: " . ((strlen($public) + 63) >> 6) . "\r\n"; + $key .= chunk_split($public, 64); + + if (empty($password) && !is_string($password)) { + $source .= Strings::packSSH2('s', $private); + switch ($version) { + case 3: + $hash = new Hash('sha256'); + $hash->setKey(''); + break; + case 2: + $hash = new Hash('sha1'); + $hash->setKey(sha1('putty-private-key-file-mac-key', true)); + } + } else { + $private .= Random::string(16 - (strlen($private) & 15)); + $source .= Strings::packSSH2('s', $private); + $crypto = new AES('cbc'); + + switch ($version) { + case 3: + $salt = Random::string(16); + $key .= "Key-Derivation: Argon2id\r\n"; + $key .= "Argon2-Memory: 8192\r\n"; + $key .= "Argon2-Passes: 13\r\n"; + $key .= "Argon2-Parallelism: 1\r\n"; + $key .= "Argon2-Salt: " . Strings::bin2hex($salt) . "\r\n"; + extract(self::generateV3Key($password, 'Argon2id', 8192, 13, $salt)); + + $hash = new Hash('sha256'); + $hash->setKey($hashkey); + + break; + case 2: + $symkey = self::generateV2Key($password, 32); + $symiv = str_repeat("\0", $crypto->getBlockLength() >> 3); + $hashkey = 'putty-private-key-file-mac-key' . $password; + + $hash = new Hash('sha1'); + $hash->setKey(sha1($hashkey, true)); + } + + $crypto->setKey($symkey); + $crypto->setIV($symiv); + $crypto->disablePadding(); + $private = $crypto->encrypt($private); + $mac = $hash->hash($source); + } + + $private = Strings::base64_encode($private); + $key .= 'Private-Lines: ' . ((strlen($private) + 63) >> 6) . "\r\n"; + $key .= chunk_split($private, 64); + $key .= 'Private-MAC: ' . Strings::bin2hex($hash->hash($source)) . "\r\n"; + + return $key; + } + + /** + * Wrap a public key appropriately + * + * This is basically the format described in RFC 4716 (https://tools.ietf.org/html/rfc4716) + */ + protected static function wrapPublicKey(string $key, string $type): string + { + $key = pack('Na*a*', strlen($type), $type, $key); + $key = "---- BEGIN SSH2 PUBLIC KEY ----\r\n" . + 'Comment: "' . str_replace(['\\', '"'], ['\\\\', '\"'], self::$comment) . "\"\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + '---- END SSH2 PUBLIC KEY ----'; + return $key; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Signature/Raw.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Signature/Raw.php new file mode 100644 index 0000000..c3db69c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Formats/Signature/Raw.php @@ -0,0 +1,57 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Formats\Signature; + +use phpseclib3\Math\BigInteger; + +/** + * Raw Signature Handler + * + * @author Jim Wigginton + */ +abstract class Raw +{ + /** + * Loads a signature + * + * @return array|bool + */ + public static function load(array $sig) + { + switch (true) { + case !is_array($sig): + case !isset($sig['r']) || !isset($sig['s']): + case !$sig['r'] instanceof BigInteger: + case !$sig['s'] instanceof BigInteger: + return false; + } + + return [ + 'r' => $sig['r'], + 's' => $sig['s'], + ]; + } + + /** + * Returns a signature in the appropriate format + */ + public static function save(BigInteger $r, BigInteger $s): string + { + return compact('r', 's'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/PrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/PrivateKey.php new file mode 100644 index 0000000..518f9b5 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/PrivateKey.php @@ -0,0 +1,32 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common; + +/** + * PrivateKey interface + * + * @author Jim Wigginton + */ +interface PrivateKey +{ + public function sign($message); + //public function decrypt($ciphertext); + public function getPublicKey(); + public function toString(string $type, array $options = []): string; + + /** + * @return static + */ + public function withPassword(?string $password = null): PrivateKey; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/PublicKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/PublicKey.php new file mode 100644 index 0000000..88ff2a1 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/PublicKey.php @@ -0,0 +1,27 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common; + +/** + * PublicKey interface + * + * @author Jim Wigginton + */ +interface PublicKey +{ + public function verify($message, $signature); + //public function encrypt($plaintext); + public function toString(string $type, array $options = []): string; + public function getFingerprint($algorithm); +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/StreamCipher.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/StreamCipher.php new file mode 100644 index 0000000..1f37e70 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/StreamCipher.php @@ -0,0 +1,54 @@ + + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common; + +/** + * Base Class for all stream cipher classes + * + * @author Jim Wigginton + */ +abstract class StreamCipher extends SymmetricKey +{ + /** + * Block Length of the cipher + * + * Stream ciphers do not have a block size + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 0; + + /** + * Default Constructor. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @return StreamCipher + */ + public function __construct() + { + parent::__construct('stream'); + } + + /** + * Stream ciphers not use an IV + */ + public function usesIV(): bool + { + return false; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/SymmetricKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/SymmetricKey.php new file mode 100644 index 0000000..67daca0 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/SymmetricKey.php @@ -0,0 +1,2955 @@ + + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Blowfish; +use phpseclib3\Crypt\Hash; +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\BadMethodCallException; +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\InconsistentSetupException; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\LogicException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\BinaryField; +use phpseclib3\Math\PrimeField; + +/** + * Base Class for all \phpseclib3\Crypt\* cipher classes + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + */ +abstract class SymmetricKey +{ + /** + * Encrypt / decrypt using the Counter mode. + * + * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_CTR = -1; + /** + * Encrypt / decrypt using the Electronic Code Book mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_ECB = 1; + /** + * Encrypt / decrypt using the Code Book Chaining mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_CBC = 2; + /** + * Encrypt / decrypt using the Cipher Feedback mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_CFB = 3; + /** + * Encrypt / decrypt using the Cipher Feedback mode (8bit) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_CFB8 = 7; + /** + * Encrypt / decrypt using the Output Feedback mode (8bit) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_OFB8 = 8; + /** + * Encrypt / decrypt using the Output Feedback mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_OFB = 4; + /** + * Encrypt / decrypt using Galois/Counter mode. + * + * @link https://en.wikipedia.org/wiki/Galois/Counter_Mode + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_GCM = 5; + /** + * Encrypt / decrypt using streaming mode. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public const MODE_STREAM = 6; + + /** + * Mode Map + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + public const MODE_MAP = [ + 'ctr' => self::MODE_CTR, + 'ecb' => self::MODE_ECB, + 'cbc' => self::MODE_CBC, + 'cfb' => self::MODE_CFB, + 'cfb8' => self::MODE_CFB8, + 'ofb' => self::MODE_OFB, + 'ofb8' => self::MODE_OFB8, + 'gcm' => self::MODE_GCM, + 'stream' => self::MODE_STREAM, + ]; + + /** + * Base value for the internal implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + public const ENGINE_INTERNAL = 1; + /** + * Base value for the eval() implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + public const ENGINE_EVAL = 2; + /** + * Base value for the openssl implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + public const ENGINE_OPENSSL = 4; + /** + * Base value for the libsodium implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + public const ENGINE_LIBSODIUM = 5; + /** + * Base value for the openssl / gcm implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + public const ENGINE_OPENSSL_GCM = 6; + + /** + * Engine Reverse Map + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::getEngine() + */ + public const ENGINE_MAP = [ + self::ENGINE_INTERNAL => 'PHP', + self::ENGINE_EVAL => 'Eval', + self::ENGINE_OPENSSL => 'OpenSSL', + self::ENGINE_LIBSODIUM => 'libsodium', + self::ENGINE_OPENSSL_GCM => 'OpenSSL (GCM)', + ]; + + /** + * The Encryption Mode + * + * @see self::__construct() + * @var int + */ + protected $mode; + + /** + * The Block Length of the block cipher + * + * @var int + */ + protected $block_size = 16; + + /** + * The Key + * + * @see self::setKey() + * @var string + */ + protected $key = false; + + /** + * HMAC Key + * + * @see self::setupGCM() + * @var null|string + */ + private $hKey = null; + + /** + * The Initialization Vector + * + * @see self::setIV() + * @var string + */ + protected $iv = false; + + /** + * A "sliding" Initialization Vector + * + * @see self::enableContinuousBuffer() + * @see self::clearBuffers() + * @var string + */ + protected $encryptIV; + + /** + * A "sliding" Initialization Vector + * + * @see self::enableContinuousBuffer() + * @see self::clearBuffers() + * @var string + */ + protected $decryptIV; + + /** + * Continuous Buffer status + * + * @see self::enableContinuousBuffer() + * @var bool + */ + protected $continuousBuffer = false; + + /** + * Encryption buffer for CTR, OFB and CFB modes + * + * @see self::encrypt() + * @see self::clearBuffers() + * @var array + */ + protected $enbuffer; + + /** + * Decryption buffer for CTR, OFB and CFB modes + * + * @see self::decrypt() + * @see self::clearBuffers() + * @var array + */ + protected $debuffer; + + /** + * Does internal cipher state need to be (re)initialized? + * + * @see self::setKey() + * @see self::setIV() + * @see self::disableContinuousBuffer() + * @var bool + */ + protected $changed = true; + + /** + * Does Eval engie need to be (re)initialized? + * + * @see self::setup() + * @var bool + */ + protected $nonIVChanged = true; + + /** + * Padding status + * + * @see self::enablePadding() + * @var bool + */ + private $padding = true; + + /** + * Is the mode one that is paddable? + * + * @see self::__construct() + * @var bool + */ + private $paddable = false; + + /** + * Holds which crypt engine internaly should be use, + * which will be determined automatically on __construct() + * + * Currently available $engines are: + * - self::ENGINE_LIBSODIUM (very fast, php-extension: libsodium, extension_loaded('libsodium') required) + * - self::ENGINE_OPENSSL_GCM (very fast, php-extension: openssl, extension_loaded('openssl') required) + * - self::ENGINE_OPENSSL (very fast, php-extension: openssl, extension_loaded('openssl') required) + * - self::ENGINE_EVAL (medium, pure php-engine, no php-extension required) + * - self::ENGINE_INTERNAL (slower, pure php-engine, no php-extension required) + * + * @see self::setEngine() + * @see self::encrypt() + * @see self::decrypt() + * @var int + */ + protected $engine; + + /** + * Holds the preferred crypt engine + * + * @see self::setEngine() + * @see self::setPreferredEngine() + * @var int + */ + private $preferredEngine; + + /** + * The openssl specific name of the cipher + * + * Only used if $engine == self::ENGINE_OPENSSL + * + * @link http://www.php.net/openssl-get-cipher-methods + * @var string + */ + protected $cipher_name_openssl; + + /** + * The openssl specific name of the cipher in ECB mode + * + * If OpenSSL does not support the mode we're trying to use (CTR) + * it can still be emulated with ECB mode. + * + * @link http://www.php.net/openssl-get-cipher-methods + * @var string + */ + protected $cipher_name_openssl_ecb; + + /** + * The default salt used by setPassword() + * + * @see self::setPassword() + * @var string + */ + private $password_default_salt = 'phpseclib/salt'; + + /** + * The name of the performance-optimized callback function + * + * Used by encrypt() / decrypt() + * only if $engine == self::ENGINE_INTERNAL + * + * @see self::encrypt() + * @see self::decrypt() + * @see self::setupInlineCrypt() + * @var Callback + */ + protected $inline_crypt; + + /** + * If OpenSSL can be used in ECB but not in CTR we can emulate CTR + * + * @see self::openssl_ctr_process() + * @var bool + */ + private $openssl_emulate_ctr = false; + + /** + * Has the key length explicitly been set or should it be derived from the key, itself? + * + * @see self::setKeyLength() + * @var bool + */ + protected $explicit_key_length = false; + + /** + * Hash subkey for GHASH + * + * @see self::setupGCM() + * @see self::ghash() + * @var BinaryField\Integer + */ + private $h; + + /** + * Additional authenticated data + * + * @var string + */ + protected $aad = ''; + + /** + * Authentication Tag produced after a round of encryption + * + * @var string + */ + protected $newtag = false; + + /** + * Authentication Tag to be verified during decryption + * + * @var string + */ + protected $oldtag = false; + + /** + * GCM Binary Field + * + * @see self::__construct() + * @see self::ghash() + * @var BinaryField + */ + private static $gcmField; + + /** + * Poly1305 Prime Field + * + * @see self::enablePoly1305() + * @see self::poly1305() + * @var PrimeField + */ + private static $poly1305Field; + + /** + * Poly1305 Key + * + * @see self::setPoly1305Key() + * @see self::poly1305() + * @var string + */ + protected $poly1305Key; + + /** + * Poly1305 Flag + * + * @see self::setPoly1305Key() + * @see self::enablePoly1305() + * @var boolean + */ + protected $usePoly1305 = false; + + /** + * The Original Initialization Vector + * + * GCM uses the nonce to build the IV but we want to be able to distinguish between nonce-derived + * IV's and user-set IV's + * + * @see self::setIV() + * @var string + */ + private $origIV = false; + + /** + * Nonce + * + * Only used with GCM. We could re-use setIV() but nonce's can be of a different length and + * toggling between GCM and other modes could be more complicated if we re-used setIV() + * + * @see self::setNonce() + * @var string + */ + protected $nonce = false; + + /** + * Default Constructor. + * + * $mode could be: + * + * - ecb + * + * - cbc + * + * - ctr + * + * - cfb + * + * - cfb8 + * + * - ofb + * + * - ofb8 + * + * - gcm + * + * @throws BadModeException if an invalid / unsupported mode is provided + */ + public function __construct(string $mode) + { + $mode = strtolower($mode); + // necessary because of 5.6 compatibility; we can't do isset(self::MODE_MAP[$mode]) in 5.6 + $map = self::MODE_MAP; + if (!isset($map[$mode])) { + throw new BadModeException('No valid mode has been specified'); + } + + $mode = self::MODE_MAP[$mode]; + + // $mode dependent settings + switch ($mode) { + case self::MODE_ECB: + case self::MODE_CBC: + $this->paddable = true; + break; + case self::MODE_CTR: + case self::MODE_CFB: + case self::MODE_CFB8: + case self::MODE_OFB: + case self::MODE_OFB8: + case self::MODE_STREAM: + $this->paddable = false; + break; + case self::MODE_GCM: + if ($this->block_size != 16) { + throw new BadModeException('GCM is only valid for block ciphers with a block size of 128 bits'); + } + if (!isset(self::$gcmField)) { + self::$gcmField = new BinaryField(128, 7, 2, 1, 0); + } + $this->paddable = false; + break; + default: + throw new BadModeException('No valid mode has been specified'); + } + + $this->mode = $mode; + + static::initialize_static_variables(); + } + + /** + * Initialize static variables + */ + protected static function initialize_static_variables(): void + { + } + + /** + * Sets the initialization vector. + * + * setIV() is not required when ecb or gcm modes are being used. + * + * {@internal Can be overwritten by a sub class, but does not have to be} + * + * @throws LengthException if the IV length isn't equal to the block size + * @throws BadMethodCallException if an IV is provided when one shouldn't be + */ + public function setIV(string $iv): void + { + if ($this->mode == self::MODE_ECB) { + throw new BadMethodCallException('This mode does not require an IV.'); + } + + if ($this->mode == self::MODE_GCM) { + throw new BadMethodCallException('Use setNonce instead'); + } + + if (!$this->usesIV()) { + throw new BadMethodCallException('This algorithm does not use an IV.'); + } + + if (strlen($iv) != $this->block_size) { + throw new LengthException('Received initialization vector of size ' . strlen($iv) . ', but size ' . $this->block_size . ' is required'); + } + + $this->iv = $this->origIV = $iv; + $this->changed = true; + } + + /** + * Enables Poly1305 mode. + * + * Once enabled Poly1305 cannot be disabled. + * + * @throws BadMethodCallException if Poly1305 is enabled whilst in GCM mode + */ + public function enablePoly1305(): void + { + if ($this->mode == self::MODE_GCM) { + throw new BadMethodCallException('Poly1305 cannot be used in GCM mode'); + } + + $this->usePoly1305 = true; + } + + /** + * Enables Poly1305 mode. + * + * Once enabled Poly1305 cannot be disabled. If $key is not passed then an attempt to call createPoly1305Key + * will be made. + * + * @param string|null $key optional + * @throws LengthException if the key isn't long enough + * @throws BadMethodCallException if Poly1305 is enabled whilst in GCM mode + */ + public function setPoly1305Key(?string $key = null): void + { + if ($this->mode == self::MODE_GCM) { + throw new BadMethodCallException('Poly1305 cannot be used in GCM mode'); + } + + if (!is_string($key) || strlen($key) != 32) { + throw new LengthException('The Poly1305 key must be 32 bytes long (256 bits)'); + } + + if (!isset(self::$poly1305Field)) { + // 2^130-5 + self::$poly1305Field = new PrimeField(new BigInteger('3fffffffffffffffffffffffffffffffb', 16)); + } + + $this->poly1305Key = $key; + $this->usePoly1305 = true; + } + + /** + * Sets the nonce. + * + * setNonce() is only required when gcm is used + * + * @throws BadMethodCallException if an nonce is provided when one shouldn't be + */ + public function setNonce(string $nonce): void + { + if ($this->mode != self::MODE_GCM) { + throw new BadMethodCallException('Nonces are only used in GCM mode.'); + } + + $this->nonce = $nonce; + $this->setEngine(); + } + + /** + * Sets additional authenticated data + * + * setAAD() is only used by gcm or in poly1305 mode + * + * @throws BadMethodCallException if mode isn't GCM or if poly1305 isn't being utilized + */ + public function setAAD(string $aad): void + { + if ($this->mode != self::MODE_GCM && !$this->usePoly1305) { + throw new BadMethodCallException('Additional authenticated data is only utilized in GCM mode or with Poly1305'); + } + + $this->aad = $aad; + } + + /** + * Returns whether or not the algorithm uses an IV + */ + public function usesIV(): bool + { + return $this->mode != self::MODE_GCM && $this->mode != self::MODE_ECB; + } + + /** + * Returns whether or not the algorithm uses a nonce + */ + public function usesNonce(): bool + { + return $this->mode == self::MODE_GCM; + } + + /** + * Returns the current key length in bits + */ + public function getKeyLength(): int + { + return $this->key_length << 3; + } + + /** + * Returns the current block length in bits + */ + public function getBlockLength(): int + { + return $this->block_size << 3; + } + + /** + * Returns the current block length in bytes + */ + public function getBlockLengthInBytes(): int + { + return $this->block_size; + } + + /** + * Sets the key length. + * + * Keys with explicitly set lengths need to be treated accordingly + */ + public function setKeyLength(int $length): void + { + $this->explicit_key_length = $length >> 3; + + if (is_string($this->key) && strlen($this->key) != $this->explicit_key_length) { + $this->key = false; + throw new InconsistentSetupException('Key has already been set and is not ' . $this->explicit_key_length . ' bytes long'); + } + } + + /** + * Sets the key. + * + * The min/max length(s) of the key depends on the cipher which is used. + * If the key not fits the length(s) of the cipher it will paded with null bytes + * up to the closest valid key length. If the key is more than max length, + * we trim the excess bits. + * + * If the key is not explicitly set, it'll be assumed to be all null bytes. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + */ + public function setKey(string $key): void + { + if ($this->explicit_key_length !== false && strlen($key) != $this->explicit_key_length) { + throw new InconsistentSetupException('Key length has already been set to ' . $this->explicit_key_length . ' bytes and this key is ' . strlen($key) . ' bytes'); + } + + $this->key = $key; + $this->key_length = strlen($key); + $this->setEngine(); + } + + /** + * Sets the password. + * + * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: + * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2} or pbkdf1: + * $hash, $salt, $count, $dkLen + * + * Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php + * {@link https://en.wikipedia.org/wiki/Bcrypt bcypt}: + * $salt, $rounds, $keylen + * + * This is a modified version of bcrypt used by OpenSSH. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @param int|string ...$func_args + * @throws LengthException if pbkdf1 is being used and the derived key length exceeds the hash length + * @throws RuntimeException if bcrypt is being used and a salt isn't provided + * @see Crypt/Hash.php + */ + public function setPassword(string $password, string $method = 'pbkdf2', ...$func_args): bool + { + $key = ''; + + $method = strtolower($method); + switch ($method) { + case 'bcrypt': + if (!isset($func_args[2])) { + throw new RuntimeException('A salt must be provided for bcrypt to work'); + } + + $salt = $func_args[0]; + + $rounds = $func_args[1] ?? 16; + $keylen = $func_args[2] ?? $this->key_length; + + $key = Blowfish::bcrypt_pbkdf($password, $salt, $keylen + $this->block_size, $rounds); + + $this->setKey(substr($key, 0, $keylen)); + $this->setIV(substr($key, $keylen)); + + return true; + case 'pkcs12': // from https://tools.ietf.org/html/rfc7292#appendix-B.2 + case 'pbkdf1': + case 'pbkdf2': + // Hash function + $hash = isset($func_args[0]) ? strtolower($func_args[0]) : 'sha1'; + $hashObj = new Hash(); + $hashObj->setHash($hash); + + // WPA and WPA2 use the SSID as the salt + $salt = $func_args[1] ?? $this->password_default_salt; + + // RFC2898#section-4.2 uses 1,000 iterations by default + // WPA and WPA2 use 4,096. + $count = $func_args[2] ?? 1000; + + // Keylength + if (isset($func_args[3])) { + if ($func_args[3] <= 0) { + throw new LengthException('Derived key length cannot be longer 0 or less'); + } + $dkLen = $func_args[3]; + } else { + $key_length = $this->explicit_key_length !== false ? $this->explicit_key_length : $this->key_length; + $dkLen = $method == 'pbkdf1' ? 2 * $key_length : $key_length; + } + + switch (true) { + case $method == 'pkcs12': + /* + In this specification, however, all passwords are created from + BMPStrings with a NULL terminator. This means that each character in + the original BMPString is encoded in 2 bytes in big-endian format + (most-significant byte first). There are no Unicode byte order + marks. The 2 bytes produced from the last character in the BMPString + are followed by 2 additional bytes with the value 0x00. + + -- https://tools.ietf.org/html/rfc7292#appendix-B.1 + */ + $password = "\0" . chunk_split($password, 1, "\0") . "\0"; + + /* + This standard specifies 3 different values for the ID byte mentioned + above: + + 1. If ID=1, then the pseudorandom bits being produced are to be used + as key material for performing encryption or decryption. + + 2. If ID=2, then the pseudorandom bits being produced are to be used + as an IV (Initial Value) for encryption or decryption. + + 3. If ID=3, then the pseudorandom bits being produced are to be used + as an integrity key for MACing. + */ + // Construct a string, D (the "diversifier"), by concatenating v/8 + // copies of ID. + $blockLength = $hashObj->getBlockLengthInBytes(); + $d1 = str_repeat(chr(1), $blockLength); + $d2 = str_repeat(chr(2), $blockLength); + $s = ''; + if (strlen($salt)) { + while (strlen($s) < $blockLength) { + $s .= $salt; + } + } + $s = substr($s, 0, $blockLength); + + $p = ''; + if (strlen($password)) { + while (strlen($p) < $blockLength) { + $p .= $password; + } + } + $p = substr($p, 0, $blockLength); + + $i = $s . $p; + + $this->setKey(self::pkcs12helper($dkLen, $hashObj, $i, $d1, $count)); + if ($this->usesIV()) { + $this->setIV(self::pkcs12helper($this->block_size, $hashObj, $i, $d2, $count)); + } + + return true; + case $method == 'pbkdf1': + if ($dkLen > $hashObj->getLengthInBytes()) { + throw new LengthException('Derived key length cannot be longer than the hash length'); + } + $t = $password . $salt; + for ($i = 0; $i < $count; ++$i) { + $t = $hashObj->hash($t); + } + $key = substr($t, 0, $dkLen); + + $this->setKey(substr($key, 0, $dkLen >> 1)); + if ($this->usesIV()) { + $this->setIV(substr($key, $dkLen >> 1)); + } + + return true; + case !in_array($hash, hash_algos()): + $i = 1; + $hashObj->setKey($password); + while (strlen($key) < $dkLen) { + $f = $u = $hashObj->hash($salt . pack('N', $i++)); + for ($j = 2; $j <= $count; ++$j) { + $u = $hashObj->hash($u); + $f ^= $u; + } + $key .= $f; + } + $key = substr($key, 0, $dkLen); + break; + default: + $key = hash_pbkdf2($hash, $password, $salt, $count, $dkLen, true); + } + break; + default: + throw new UnsupportedAlgorithmException($method . ' is not a supported password hashing method'); + } + + $this->setKey($key); + + return true; + } + + /** + * PKCS#12 KDF Helper Function + * + * As discussed here: + * + * {@link https://tools.ietf.org/html/rfc7292#appendix-B} + * + * @return string $a + * @see self::setPassword() + */ + private static function pkcs12helper(int $n, Hash $hashObj, string $i, string $d, int $count): string + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + $blockLength = $hashObj->getBlockLength() >> 3; + + $c = ceil($n / $hashObj->getLengthInBytes()); + $a = ''; + for ($j = 1; $j <= $c; $j++) { + $ai = $d . $i; + for ($k = 0; $k < $count; $k++) { + $ai = $hashObj->hash($ai); + } + $b = ''; + while (strlen($b) < $blockLength) { + $b .= $ai; + } + $b = substr($b, 0, $blockLength); + $b = new BigInteger($b, 256); + $newi = ''; + for ($k = 0; $k < strlen($i); $k += $blockLength) { + $temp = substr($i, $k, $blockLength); + $temp = new BigInteger($temp, 256); + $temp->setPrecision($blockLength << 3); + $temp = $temp->add($b); + $temp = $temp->add($one); + $newi .= $temp->toBytes(false); + } + $i = $newi; + $a .= $ai; + } + + return substr($a, 0, $n); + } + + /** + * Encrypts a message. + * + * $plaintext will be padded with additional bytes such that it's length is a multiple of the block size. Other cipher + * implementations may or may not pad in the same manner. Other common approaches to padding and the reasons why it's + * necessary are discussed in the following + * URL: + * + * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html} + * + * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. + * strlen($plaintext) will still need to be a multiple of the block size, however, arbitrary values can be added to make it that + * length. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @return string $ciphertext + * @see self::decrypt() + */ + public function encrypt(string $plaintext): string + { + if ($this->paddable) { + $plaintext = $this->pad($plaintext); + } + + $this->setup(); + + if ($this->mode == self::MODE_GCM) { + $oldIV = $this->iv; + Strings::increment_str($this->iv); + $cipher = new static('ctr'); + $cipher->setKey($this->key); + $cipher->setIV($this->iv); + $ciphertext = $cipher->encrypt($plaintext); + + $s = $this->ghash( + self::nullPad128($this->aad) . + self::nullPad128($ciphertext) . + self::len64($this->aad) . + self::len64($ciphertext) + ); + $cipher->encryptIV = $this->iv = $this->encryptIV = $this->decryptIV = $oldIV; + $this->newtag = $cipher->encrypt($s); + return $ciphertext; + } + + if (isset($this->poly1305Key)) { + $cipher = clone $this; + unset($cipher->poly1305Key); + $this->usePoly1305 = false; + $ciphertext = $cipher->encrypt($plaintext); + $this->newtag = $this->poly1305($ciphertext); + return $ciphertext; + } + + if ($this->engine === self::ENGINE_OPENSSL) { + switch ($this->mode) { + case self::MODE_STREAM: + return openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + case self::MODE_ECB: + return openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + case self::MODE_CBC: + $result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->encryptIV); + if ($this->continuousBuffer) { + $this->encryptIV = substr($result, -$this->block_size); + } + return $result; + case self::MODE_CTR: + return $this->openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer); + case self::MODE_CFB: + // cfb loosely routines inspired by openssl's: + // {@link http://cvs.openssl.org/fileview?f=openssl/crypto/modes/cfb128.c&v=1.3.2.2.2.1} + $ciphertext = ''; + if ($this->continuousBuffer) { + $iv = &$this->encryptIV; + $pos = &$this->enbuffer['pos']; + } else { + $iv = $this->encryptIV; + $pos = 0; + } + $len = strlen($plaintext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $this->block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $blocksize + $ciphertext = substr($iv, $orig_pos) ^ $plaintext; + $iv = substr_replace($iv, $ciphertext, $orig_pos, $i); + $plaintext = substr($plaintext, $i); + } + + $overflow = $len % $this->block_size; + + if ($overflow) { + $ciphertext .= openssl_encrypt(substr($plaintext, 0, -$overflow) . str_repeat("\0", $this->block_size), $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $iv = Strings::pop($ciphertext, $this->block_size); + + $size = $len - $overflow; + $block = $iv ^ substr($plaintext, -$overflow); + $iv = substr_replace($iv, $block, 0, $overflow); + $ciphertext .= $block; + $pos = $overflow; + } elseif ($len) { + $ciphertext = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $iv = substr($ciphertext, -$this->block_size); + } + + return $ciphertext; + case self::MODE_CFB8: + $ciphertext = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->encryptIV); + if ($this->continuousBuffer) { + if (($len = strlen($ciphertext)) >= $this->block_size) { + $this->encryptIV = substr($ciphertext, -$this->block_size); + } else { + $this->encryptIV = substr($this->encryptIV, $len - $this->block_size) . substr($ciphertext, -$len); + } + } + return $ciphertext; + case self::MODE_OFB8: + $ciphertext = ''; + $len = strlen($plaintext); + $iv = $this->encryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = openssl_encrypt($iv, $this->cipher_name_openssl_ecb, $this->key, $this->openssl_options, $this->decryptIV); + $ciphertext .= $plaintext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $iv; + } + break; + case self::MODE_OFB: + return $this->openssl_ofb_process($plaintext, $this->encryptIV, $this->enbuffer); + } + } + + if ($this->engine === self::ENGINE_EVAL) { + $inline = $this->inline_crypt; + return $inline('encrypt', $plaintext); + } + + $buffer = &$this->enbuffer; + $block_size = $this->block_size; + $ciphertext = ''; + switch ($this->mode) { + case self::MODE_ECB: + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $ciphertext .= $this->encryptBlock(substr($plaintext, $i, $block_size)); + } + break; + case self::MODE_CBC: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + $block = $this->encryptBlock($block ^ $xor); + $xor = $block; + $ciphertext .= $block; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + break; + case self::MODE_CTR: + $xor = $this->encryptIV; + if (strlen($buffer['ciphertext'])) { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + if (strlen($block) > strlen($buffer['ciphertext'])) { + $buffer['ciphertext'] .= $this->encryptBlock($xor); + Strings::increment_str($xor); + } + $key = Strings::shift($buffer['ciphertext'], $block_size); + $ciphertext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + $key = $this->encryptBlock($xor); + Strings::increment_str($xor); + $ciphertext .= $block ^ $key; + } + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + if ($start = strlen($plaintext) % $block_size) { + $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext']; + } + } + break; + case self::MODE_CFB: + // cfb loosely routines inspired by openssl's: + // {@link http://cvs.openssl.org/fileview?f=openssl/crypto/modes/cfb128.c&v=1.3.2.2.2.1} + if ($this->continuousBuffer) { + $iv = &$this->encryptIV; + $pos = &$buffer['pos']; + } else { + $iv = $this->encryptIV; + $pos = 0; + } + $len = strlen($plaintext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $blocksize + $ciphertext = substr($iv, $orig_pos) ^ $plaintext; + $iv = substr_replace($iv, $ciphertext, $orig_pos, $i); + } + while ($len >= $block_size) { + $iv = $this->encryptBlock($iv) ^ substr($plaintext, $i, $block_size); + $ciphertext .= $iv; + $len -= $block_size; + $i += $block_size; + } + if ($len) { + $iv = $this->encryptBlock($iv); + $block = $iv ^ substr($plaintext, $i); + $iv = substr_replace($iv, $block, 0, $len); + $ciphertext .= $block; + $pos = $len; + } + break; + case self::MODE_CFB8: + $ciphertext = ''; + $len = strlen($plaintext); + $iv = $this->encryptIV; + + for ($i = 0; $i < $len; ++$i) { + $ciphertext .= ($c = $plaintext[$i] ^ $this->encryptBlock($iv)); + $iv = substr($iv, 1) . $c; + } + + if ($this->continuousBuffer) { + if ($len >= $block_size) { + $this->encryptIV = substr($ciphertext, -$block_size); + } else { + $this->encryptIV = substr($this->encryptIV, $len - $block_size) . substr($ciphertext, -$len); + } + } + break; + case self::MODE_OFB8: + $ciphertext = ''; + $len = strlen($plaintext); + $iv = $this->encryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = $this->encryptBlock($iv); + $ciphertext .= $plaintext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $iv; + } + break; + case self::MODE_OFB: + $xor = $this->encryptIV; + if (strlen($buffer['xor'])) { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + if (strlen($block) > strlen($buffer['xor'])) { + $xor = $this->encryptBlock($xor); + $buffer['xor'] .= $xor; + } + $key = Strings::shift($buffer['xor'], $block_size); + $ciphertext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $xor = $this->encryptBlock($xor); + $ciphertext .= substr($plaintext, $i, $block_size) ^ $xor; + } + $key = $xor; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + if ($start = strlen($plaintext) % $block_size) { + $buffer['xor'] = substr($key, $start) . $buffer['xor']; + } + } + break; + case self::MODE_STREAM: + $ciphertext = $this->encryptBlock($plaintext); + break; + } + + return $ciphertext; + } + + /** + * Decrypts a message. + * + * If strlen($ciphertext) is not a multiple of the block size, null bytes will be added to the end of the string until + * it is. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @return string $plaintext + * @throws LengthException if we're inside a block cipher and the ciphertext length is not a multiple of the block size + * @see self::encrypt() + */ + public function decrypt(string $ciphertext): string + { + if ($this->paddable && strlen($ciphertext) % $this->block_size) { + throw new LengthException('The ciphertext length (' . strlen($ciphertext) . ') needs to be a multiple of the block size (' . $this->block_size . ')'); + } + $this->setup(); + + if ($this->mode == self::MODE_GCM || isset($this->poly1305Key)) { + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + + if (isset($this->poly1305Key)) { + $newtag = $this->poly1305($ciphertext); + } else { + $oldIV = $this->iv; + Strings::increment_str($this->iv); + $cipher = new static('ctr'); + $cipher->setKey($this->key); + $cipher->setIV($this->iv); + $plaintext = $cipher->decrypt($ciphertext); + + $s = $this->ghash( + self::nullPad128($this->aad) . + self::nullPad128($ciphertext) . + self::len64($this->aad) . + self::len64($ciphertext) + ); + $cipher->encryptIV = $this->iv = $this->encryptIV = $this->decryptIV = $oldIV; + $newtag = $cipher->encrypt($s); + } + if ($this->oldtag != substr($newtag, 0, strlen($newtag))) { + $cipher = clone $this; + unset($cipher->poly1305Key); + $this->usePoly1305 = false; + $plaintext = $cipher->decrypt($ciphertext); + $this->oldtag = false; + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + $this->oldtag = false; + return $plaintext; + } + + if ($this->engine === self::ENGINE_OPENSSL) { + switch ($this->mode) { + case self::MODE_STREAM: + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + break; + case self::MODE_ECB: + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + break; + case self::MODE_CBC: + $offset = $this->block_size; + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->decryptIV); + if ($this->continuousBuffer) { + $this->decryptIV = substr($ciphertext, -$offset, $this->block_size); + } + break; + case self::MODE_CTR: + $plaintext = $this->openssl_ctr_process($ciphertext, $this->decryptIV, $this->debuffer); + break; + case self::MODE_CFB: + // cfb loosely routines inspired by openssl's: + // {@link http://cvs.openssl.org/fileview?f=openssl/crypto/modes/cfb128.c&v=1.3.2.2.2.1} + $plaintext = ''; + if ($this->continuousBuffer) { + $iv = &$this->decryptIV; + $pos = &$this->debuffer['pos']; + } else { + $iv = $this->decryptIV; + $pos = 0; + } + $len = strlen($ciphertext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $this->block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $this->blocksize + $plaintext = substr($iv, $orig_pos) ^ $ciphertext; + $iv = substr_replace($iv, substr($ciphertext, 0, $i), $orig_pos, $i); + $ciphertext = substr($ciphertext, $i); + } + $overflow = $len % $this->block_size; + if ($overflow) { + $plaintext .= openssl_decrypt(substr($ciphertext, 0, -$overflow), $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + if ($len - $overflow) { + $iv = substr($ciphertext, -$overflow - $this->block_size, -$overflow); + } + $iv = openssl_encrypt(str_repeat("\0", $this->block_size), $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $plaintext .= $iv ^ substr($ciphertext, -$overflow); + $iv = substr_replace($iv, substr($ciphertext, -$overflow), 0, $overflow); + $pos = $overflow; + } elseif ($len) { + $plaintext .= openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $iv = substr($ciphertext, -$this->block_size); + } + break; + case self::MODE_CFB8: + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->decryptIV); + if ($this->continuousBuffer) { + if (($len = strlen($ciphertext)) >= $this->block_size) { + $this->decryptIV = substr($ciphertext, -$this->block_size); + } else { + $this->decryptIV = substr($this->decryptIV, $len - $this->block_size) . substr($ciphertext, -$len); + } + } + break; + case self::MODE_OFB8: + $plaintext = ''; + $len = strlen($ciphertext); + $iv = $this->decryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = openssl_encrypt($iv, $this->cipher_name_openssl_ecb, $this->key, $this->openssl_options, $this->decryptIV); + $plaintext .= $ciphertext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $iv; + } + break; + case self::MODE_OFB: + $plaintext = $this->openssl_ofb_process($ciphertext, $this->decryptIV, $this->debuffer); + } + + return $this->paddable ? $this->unpad($plaintext) : $plaintext; + } + + if ($this->engine === self::ENGINE_EVAL) { + $inline = $this->inline_crypt; + return $inline('decrypt', $ciphertext); + } + + $block_size = $this->block_size; + + $buffer = &$this->debuffer; + $plaintext = ''; + switch ($this->mode) { + case self::MODE_ECB: + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $plaintext .= $this->decryptBlock(substr($ciphertext, $i, $block_size)); + } + break; + case self::MODE_CBC: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + $plaintext .= $this->decryptBlock($block) ^ $xor; + $xor = $block; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + break; + case self::MODE_CTR: + $xor = $this->decryptIV; + if (strlen($buffer['ciphertext'])) { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + if (strlen($block) > strlen($buffer['ciphertext'])) { + $buffer['ciphertext'] .= $this->encryptBlock($xor); + Strings::increment_str($xor); + } + $key = Strings::shift($buffer['ciphertext'], $block_size); + $plaintext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + $key = $this->encryptBlock($xor); + Strings::increment_str($xor); + $plaintext .= $block ^ $key; + } + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + if ($start = strlen($ciphertext) % $block_size) { + $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext']; + } + } + break; + case self::MODE_CFB: + if ($this->continuousBuffer) { + $iv = &$this->decryptIV; + $pos = &$buffer['pos']; + } else { + $iv = $this->decryptIV; + $pos = 0; + } + $len = strlen($ciphertext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $blocksize + $plaintext = substr($iv, $orig_pos) ^ $ciphertext; + $iv = substr_replace($iv, substr($ciphertext, 0, $i), $orig_pos, $i); + } + while ($len >= $block_size) { + $iv = $this->encryptBlock($iv); + $cb = substr($ciphertext, $i, $block_size); + $plaintext .= $iv ^ $cb; + $iv = $cb; + $len -= $block_size; + $i += $block_size; + } + if ($len) { + $iv = $this->encryptBlock($iv); + $plaintext .= $iv ^ substr($ciphertext, $i); + $iv = substr_replace($iv, substr($ciphertext, $i), 0, $len); + $pos = $len; + } + break; + case self::MODE_CFB8: + $plaintext = ''; + $len = strlen($ciphertext); + $iv = $this->decryptIV; + + for ($i = 0; $i < $len; ++$i) { + $plaintext .= $ciphertext[$i] ^ $this->encryptBlock($iv); + $iv = substr($iv, 1) . $ciphertext[$i]; + } + + if ($this->continuousBuffer) { + if ($len >= $block_size) { + $this->decryptIV = substr($ciphertext, -$block_size); + } else { + $this->decryptIV = substr($this->decryptIV, $len - $block_size) . substr($ciphertext, -$len); + } + } + break; + case self::MODE_OFB8: + $plaintext = ''; + $len = strlen($ciphertext); + $iv = $this->decryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = $this->encryptBlock($iv); + $plaintext .= $ciphertext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $iv; + } + break; + case self::MODE_OFB: + $xor = $this->decryptIV; + if (strlen($buffer['xor'])) { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + if (strlen($block) > strlen($buffer['xor'])) { + $xor = $this->encryptBlock($xor); + $buffer['xor'] .= $xor; + } + $key = Strings::shift($buffer['xor'], $block_size); + $plaintext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $xor = $this->encryptBlock($xor); + $plaintext .= substr($ciphertext, $i, $block_size) ^ $xor; + } + $key = $xor; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + if ($start = strlen($ciphertext) % $block_size) { + $buffer['xor'] = substr($key, $start) . $buffer['xor']; + } + } + break; + case self::MODE_STREAM: + $plaintext = $this->decryptBlock($ciphertext); + break; + } + return $this->paddable ? $this->unpad($plaintext) : $plaintext; + } + + /** + * Get the authentication tag + * + * Only used in GCM or Poly1305 mode + * + * @param int $length optional + * @return string + * @throws LengthException if $length isn't of a sufficient length + * @throws RuntimeException if GCM mode isn't being used + * @see self::encrypt() + */ + public function getTag(int $length = 16) + { + if ($this->mode != self::MODE_GCM && !$this->usePoly1305) { + throw new BadMethodCallException('Authentication tags are only utilized in GCM mode or with Poly1305'); + } + + if ($this->newtag === false) { + throw new BadMethodCallException('A tag can only be returned after a round of encryption has been performed'); + } + + // the tag is 128-bits. it can't be greater than 16 bytes because that's bigger than the tag is. if it + // were 0 you might as well be doing CTR and less than 4 provides minimal security that could be trivially + // easily brute forced. + // see https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=36 + // for more info + if ($length < 4 || $length > 16) { + throw new LengthException('The authentication tag must be between 4 and 16 bytes long'); + } + + return $length == 16 ? + $this->newtag : + substr($this->newtag, 0, $length); + } + + /** + * Sets the authentication tag + * + * Only used in GCM mode + * + * @throws LengthException if $length isn't of a sufficient length + * @throws RuntimeException if GCM mode isn't being used + * @see self::decrypt() + */ + public function setTag(string $tag): void + { + if ($this->usePoly1305 && !isset($this->poly1305Key) && method_exists($this, 'createPoly1305Key')) { + $this->createPoly1305Key(); + } + + if ($this->mode != self::MODE_GCM && !$this->usePoly1305) { + throw new BadMethodCallException('Authentication tags are only utilized in GCM mode or with Poly1305'); + } + + $length = strlen($tag); + if ($length < 4 || $length > 16) { + throw new LengthException('The authentication tag must be between 4 and 16 bytes long'); + } + $this->oldtag = $tag; + } + + /** + * OpenSSL CTR Processor + * + * PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream + * for CTR is the same for both encrypting and decrypting this function is re-used by both SymmetricKey::encrypt() + * and SymmetricKey::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this + * function will emulate CTR with ECB when necessary. + * + * @see self::encrypt() + * @see self::decrypt() + */ + private function openssl_ctr_process(string $plaintext, string &$encryptIV, array &$buffer): string + { + $ciphertext = ''; + + $block_size = $this->block_size; + $key = $this->key; + + if ($this->openssl_emulate_ctr) { + $xor = $encryptIV; + if (strlen($buffer['ciphertext'])) { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + if (strlen($block) > strlen($buffer['ciphertext'])) { + $buffer['ciphertext'] .= openssl_encrypt($xor, $this->cipher_name_openssl_ecb, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + } + Strings::increment_str($xor); + $otp = Strings::shift($buffer['ciphertext'], $block_size); + $ciphertext .= $block ^ $otp; + } + } else { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + $otp = openssl_encrypt($xor, $this->cipher_name_openssl_ecb, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + Strings::increment_str($xor); + $ciphertext .= $block ^ $otp; + } + } + if ($this->continuousBuffer) { + $encryptIV = $xor; + if ($start = strlen($plaintext) % $block_size) { + $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext']; + } + } + + return $ciphertext; + } + + if (strlen($buffer['ciphertext'])) { + $ciphertext = $plaintext ^ Strings::shift($buffer['ciphertext'], strlen($plaintext)); + $plaintext = substr($plaintext, strlen($ciphertext)); + + if (!strlen($plaintext)) { + return $ciphertext; + } + } + + $overflow = strlen($plaintext) % $block_size; + if ($overflow) { + $plaintext2 = Strings::pop($plaintext, $overflow); // ie. trim $plaintext to a multiple of $block_size and put rest of $plaintext in $plaintext2 + $encrypted = openssl_encrypt($plaintext . str_repeat("\0", $block_size), $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + $temp = Strings::pop($encrypted, $block_size); + $ciphertext .= $encrypted . ($plaintext2 ^ $temp); + if ($this->continuousBuffer) { + $buffer['ciphertext'] = substr($temp, $overflow); + $encryptIV = $temp; + } + } elseif (!strlen($buffer['ciphertext'])) { + $ciphertext .= openssl_encrypt($plaintext . str_repeat("\0", $block_size), $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + $temp = Strings::pop($ciphertext, $block_size); + if ($this->continuousBuffer) { + $encryptIV = $temp; + } + } + if ($this->continuousBuffer) { + $encryptIV = openssl_decrypt($encryptIV, $this->cipher_name_openssl_ecb, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + if ($overflow) { + Strings::increment_str($encryptIV); + } + } + + return $ciphertext; + } + + /** + * OpenSSL OFB Processor + * + * PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream + * for OFB is the same for both encrypting and decrypting this function is re-used by both SymmetricKey::encrypt() + * and SymmetricKey::decrypt(). + * + * @see self::encrypt() + * @see self::decrypt() + */ + private function openssl_ofb_process(string $plaintext, string &$encryptIV, array &$buffer): string + { + if (strlen($buffer['xor'])) { + $ciphertext = $plaintext ^ $buffer['xor']; + $buffer['xor'] = substr($buffer['xor'], strlen($ciphertext)); + $plaintext = substr($plaintext, strlen($ciphertext)); + } else { + $ciphertext = ''; + } + + $block_size = $this->block_size; + + $len = strlen($plaintext); + $key = $this->key; + $overflow = $len % $block_size; + + if (strlen($plaintext)) { + if ($overflow) { + $ciphertext .= openssl_encrypt(substr($plaintext, 0, -$overflow) . str_repeat("\0", $block_size), $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + $xor = Strings::pop($ciphertext, $block_size); + if ($this->continuousBuffer) { + $encryptIV = $xor; + } + $ciphertext .= Strings::shift($xor, $overflow) ^ substr($plaintext, -$overflow); + if ($this->continuousBuffer) { + $buffer['xor'] = $xor; + } + } else { + $ciphertext = openssl_encrypt($plaintext, $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + if ($this->continuousBuffer) { + $encryptIV = substr($ciphertext, -$block_size) ^ substr($plaintext, -$block_size); + } + } + } + + return $ciphertext; + } + + /** + * phpseclib <-> OpenSSL Mode Mapper + * + * May need to be overwritten by classes extending this one in some cases + */ + protected function openssl_translate_mode(): ?string + { + switch ($this->mode) { + case self::MODE_ECB: + return 'ecb'; + case self::MODE_CBC: + return 'cbc'; + case self::MODE_CTR: + case self::MODE_GCM: + return 'ctr'; + case self::MODE_CFB: + return 'cfb'; + case self::MODE_CFB8: + return 'cfb8'; + case self::MODE_OFB: + return 'ofb'; + } + return null; + } + + /** + * Pad "packets". + * + * Block ciphers working by encrypting between their specified [$this->]block_size at a time + * If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to + * pad the input so that it is of the proper length. + * + * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, + * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping + * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is + * transmitted separately) + * + * @see self::disablePadding() + */ + public function enablePadding(): void + { + $this->padding = true; + } + + /** + * Do not pad packets. + * + * @see self::enablePadding() + */ + public function disablePadding(): void + { + $this->padding = false; + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 32-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * + * echo $rijndael->encrypt(substr($plaintext, 0, 16)); + * echo $rijndael->encrypt(substr($plaintext, 16, 16)); + * + * + * echo $rijndael->encrypt($plaintext); + * + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * + * $rijndael->encrypt(substr($plaintext, 0, 16)); + * echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16))); + * + * + * echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16))); + * + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the \phpseclib3\Crypt\*() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::disableContinuousBuffer() + */ + public function enableContinuousBuffer(): void + { + if ($this->mode == self::MODE_ECB) { + return; + } + + if ($this->mode == self::MODE_GCM) { + throw new BadMethodCallException('This mode does not run in continuous mode'); + } + + $this->continuousBuffer = true; + + $this->setEngine(); + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::enableContinuousBuffer() + */ + public function disableContinuousBuffer(): void + { + if ($this->mode == self::MODE_ECB) { + return; + } + if (!$this->continuousBuffer) { + return; + } + + $this->continuousBuffer = false; + + $this->setEngine(); + } + + /** + * Test for engine validity + * + * @see self::__construct() + */ + protected function isValidEngineHelper(int $engine): bool + { + switch ($engine) { + case self::ENGINE_OPENSSL: + $this->openssl_emulate_ctr = false; + $result = $this->cipher_name_openssl && + extension_loaded('openssl'); + if (!$result) { + return false; + } + + $methods = openssl_get_cipher_methods(); + if (in_array($this->cipher_name_openssl, $methods)) { + return true; + } + // not all of openssl's symmetric cipher's support ctr. for those + // that don't we'll emulate it + switch ($this->mode) { + case self::MODE_CTR: + if (in_array($this->cipher_name_openssl_ecb, $methods)) { + $this->openssl_emulate_ctr = true; + return true; + } + } + return false; + case self::ENGINE_EVAL: + return method_exists($this, 'setupInlineCrypt'); + case self::ENGINE_INTERNAL: + return true; + } + + return false; + } + + /** + * Test for engine validity + * + * @see self::__construct() + */ + public function isValidEngine(string $engine): bool + { + static $reverseMap; + if (!isset($reverseMap)) { + $reverseMap = array_map('strtolower', self::ENGINE_MAP); + $reverseMap = array_flip($reverseMap); + } + $engine = strtolower($engine); + if (!isset($reverseMap[$engine])) { + return false; + } + + return $this->isValidEngineHelper($reverseMap[$engine]); + } + + /** + * Sets the preferred crypt engine + * + * Currently, $engine could be: + * + * - libsodium[very fast] + * + * - OpenSSL [very fast] + * + * - Eval [slow] + * + * - PHP [slowest] + * + * If the preferred crypt engine is not available the fastest available one will be used + * + * @see self::__construct() + */ + public function setPreferredEngine(string $engine): void + { + static $reverseMap; + if (!isset($reverseMap)) { + $reverseMap = array_map('strtolower', self::ENGINE_MAP); + $reverseMap = array_flip($reverseMap); + } + $engine = is_string($engine) ? strtolower($engine) : ''; + $this->preferredEngine = $reverseMap[$engine] ?? self::ENGINE_LIBSODIUM; + + $this->setEngine(); + } + + /** + * Returns the engine currently being utilized + * + * @see self::setEngine() + */ + public function getEngine(): string + { + return self::ENGINE_MAP[$this->engine]; + } + + /** + * Sets the engine as appropriate + * + * @see self::__construct() + */ + protected function setEngine(): void + { + $this->engine = null; + + $candidateEngines = [ + self::ENGINE_LIBSODIUM, + self::ENGINE_OPENSSL_GCM, + self::ENGINE_OPENSSL, + self::ENGINE_EVAL, + ]; + if (isset($this->preferredEngine)) { + $temp = [$this->preferredEngine]; + $candidateEngines = array_merge( + $temp, + array_diff($candidateEngines, $temp) + ); + } + foreach ($candidateEngines as $engine) { + if ($this->isValidEngineHelper($engine)) { + $this->engine = $engine; + break; + } + } + if (!$this->engine) { + $this->engine = self::ENGINE_INTERNAL; + } + + $this->changed = $this->nonIVChanged = true; + } + + /** + * Encrypts a block + * + * Note: Must be extended by the child \phpseclib3\Crypt\* class + */ + abstract protected function encryptBlock(string $in): string; + + /** + * Decrypts a block + * + * Note: Must be extended by the child \phpseclib3\Crypt\* class + */ + abstract protected function decryptBlock(string $in): string; + + /** + * Setup the key (expansion) + * + * Only used if $engine == self::ENGINE_INTERNAL + * + * Note: Must extend by the child \phpseclib3\Crypt\* class + * + * @see self::setup() + */ + abstract protected function setupKey(); + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine and flush all $buffers + * Used (only) if $engine == self::ENGINE_INTERNAL + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setIV() + * + * - disableContinuousBuffer() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * {@internal setup() is always called before en/decryption.} + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::setKey() + * @see self::setIV() + * @see self::disableContinuousBuffer() + */ + protected function setup(): void + { + if (!$this->changed) { + return; + } + + $this->changed = false; + + if ($this->usePoly1305 && !isset($this->poly1305Key) && method_exists($this, 'createPoly1305Key')) { + $this->createPoly1305Key(); + } + + $this->enbuffer = $this->debuffer = ['ciphertext' => '', 'xor' => '', 'pos' => 0, 'enmcrypt_init' => true]; + //$this->newtag = $this->oldtag = false; + + if ($this->usesNonce()) { + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + if ($this->mode == self::MODE_GCM && !in_array($this->engine, [self::ENGINE_LIBSODIUM, self::ENGINE_OPENSSL_GCM])) { + $this->setupGCM(); + } + } else { + $this->iv = $this->origIV; + } + + if ($this->iv === false && !in_array($this->mode, [self::MODE_STREAM, self::MODE_ECB])) { + if ($this->mode != self::MODE_GCM || !in_array($this->engine, [self::ENGINE_LIBSODIUM, self::ENGINE_OPENSSL_GCM])) { + throw new InsufficientSetupException('No IV has been defined'); + } + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + $this->encryptIV = $this->decryptIV = $this->iv; + + switch ($this->engine) { + case self::ENGINE_INTERNAL: + $this->setupKey(); + break; + case self::ENGINE_EVAL: + if ($this->nonIVChanged) { + $this->setupKey(); + $this->setupInlineCrypt(); + } + } + + $this->nonIVChanged = false; + } + + /** + * Pads a string + * + * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. + * $this->block_size - (strlen($text) % $this->block_size) bytes are added, each of which is equal to + * chr($this->block_size - (strlen($text) % $this->block_size) + * + * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless + * and padding will, hence forth, be enabled. + * + * @throws LengthException if padding is disabled and the plaintext's length is not a multiple of the block size + * @see self::unpad() + */ + protected function pad(string $text): string + { + $length = strlen($text); + + if (!$this->padding) { + if ($length % $this->block_size == 0) { + return $text; + } else { + throw new LengthException("The plaintext's length ($length) is not a multiple of the block size ({$this->block_size}). Try enabling padding."); + } + } + + $pad = $this->block_size - ($length % $this->block_size); + + return str_pad($text, $length + $pad, chr($pad)); + } + + /** + * Unpads a string. + * + * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong + * and false will be returned. + * + * @throws LengthException if the ciphertext's length is not a multiple of the block size + * @see self::pad() + */ + protected function unpad(string $text): string + { + if (!$this->padding) { + return $text; + } + + $length = ord($text[-1]); + + if (!$length || $length > $this->block_size) { + throw new BadDecryptionException("The ciphertext has an invalid padding length ($length) compared to the block size ({$this->block_size})"); + } + + return substr($text, 0, -$length); + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * Stores the created (or existing) callback function-name + * in $this->inline_crypt + * + * Internally for phpseclib developers: + * + * _setupInlineCrypt() would be called only if: + * + * - $this->engine === self::ENGINE_EVAL + * + * - each time on _setup(), after(!) _setupKey() + * + * + * This ensures that _setupInlineCrypt() has always a + * full ready2go initializated internal cipher $engine state + * where, for example, the keys already expanded, + * keys/block_size calculated and such. + * + * It is, each time if called, the responsibility of _setupInlineCrypt(): + * + * - to set $this->inline_crypt to a valid and fully working callback function + * as a (faster) replacement for encrypt() / decrypt() + * + * - NOT to create unlimited callback functions (for memory reasons!) + * no matter how often _setupInlineCrypt() would be called. At some + * point of amount they must be generic re-useable. + * + * - the code of _setupInlineCrypt() it self, + * and the generated callback code, + * must be, in following order: + * - 100% safe + * - 100% compatible to encrypt()/decrypt() + * - using only php5+ features/lang-constructs/php-extensions if + * compatibility (down to php4) or fallback is provided + * - readable/maintainable/understandable/commented and... not-cryptic-styled-code :-) + * - >= 10% faster than encrypt()/decrypt() [which is, by the way, + * the reason for the existence of _setupInlineCrypt() :-)] + * - memory-nice + * - short (as good as possible) + * + * Note: - _setupInlineCrypt() is using _createInlineCryptFunction() to create the full callback function code. + * - In case of using inline crypting, _setupInlineCrypt() must extend by the child \phpseclib3\Crypt\* class. + * - The following variable names are reserved: + * - $_* (all variable names prefixed with an underscore) + * - $self (object reference to it self. Do not use $this, but $self instead) + * - $in (the content of $in has to en/decrypt by the generated code) + * - The callback function should not use the 'return' statement, but en/decrypt'ing the content of $in only + * + * {@internal If a Crypt_* class providing inline crypting it must extend _setupInlineCrypt()} + * + * @see self::setup() + * @see self::createInlineCryptFunction() + * @see self::encrypt() + * @see self::decrypt() + */ + //protected function setupInlineCrypt(); + + /** + * Creates the performance-optimized function for en/decrypt() + * + * Internally for phpseclib developers: + * + * _createInlineCryptFunction(): + * + * - merge the $cipher_code [setup'ed by _setupInlineCrypt()] + * with the current [$this->]mode of operation code + * + * - create the $inline function, which called by encrypt() / decrypt() + * as its replacement to speed up the en/decryption operations. + * + * - return the name of the created $inline callback function + * + * - used to speed up en/decryption + * + * + * + * The main reason why can speed up things [up to 50%] this way are: + * + * - using variables more effective then regular. + * (ie no use of expensive arrays but integers $k_0, $k_1 ... + * or even, for example, the pure $key[] values hardcoded) + * + * - avoiding 1000's of function calls of ie _encryptBlock() + * but inlining the crypt operations. + * in the mode of operation for() loop. + * + * - full loop unroll the (sometimes key-dependent) rounds + * avoiding this way ++$i counters and runtime-if's etc... + * + * The basic code architectur of the generated $inline en/decrypt() + * lambda function, in pseudo php, is: + * + * + * +----------------------------------------------------------------------------------------------+ + * | callback $inline = create_function: | + * | lambda_function_0001_crypt_ECB($action, $text) | + * | { | + * | INSERT PHP CODE OF: | + * | $cipher_code['init_crypt']; // general init code. | + * | // ie: $sbox'es declarations used for | + * | // encrypt and decrypt'ing. | + * | | + * | switch ($action) { | + * | case 'encrypt': | + * | INSERT PHP CODE OF: | + * | $cipher_code['init_encrypt']; // encrypt sepcific init code. | + * | ie: specified $key or $box | + * | declarations for encrypt'ing. | + * | | + * | foreach ($ciphertext) { | + * | $in = $block_size of $ciphertext; | + * | | + * | INSERT PHP CODE OF: | + * | $cipher_code['encrypt_block']; // encrypt's (string) $in, which is always: | + * | // strlen($in) == $this->block_size | + * | // here comes the cipher algorithm in action | + * | // for encryption. | + * | // $cipher_code['encrypt_block'] has to | + * | // encrypt the content of the $in variable | + * | | + * | $plaintext .= $in; | + * | } | + * | return $plaintext; | + * | | + * | case 'decrypt': | + * | INSERT PHP CODE OF: | + * | $cipher_code['init_decrypt']; // decrypt sepcific init code | + * | ie: specified $key or $box | + * | declarations for decrypt'ing. | + * | foreach ($plaintext) { | + * | $in = $block_size of $plaintext; | + * | | + * | INSERT PHP CODE OF: | + * | $cipher_code['decrypt_block']; // decrypt's (string) $in, which is always | + * | // strlen($in) == $this->block_size | + * | // here comes the cipher algorithm in action | + * | // for decryption. | + * | // $cipher_code['decrypt_block'] has to | + * | // decrypt the content of the $in variable | + * | $ciphertext .= $in; | + * | } | + * | return $ciphertext; | + * | } | + * | } | + * +----------------------------------------------------------------------------------------------+ + * + * + * See also the \phpseclib3\Crypt\*::_setupInlineCrypt()'s for + * productive inline $cipher_code's how they works. + * + * Structure of: + * + * $cipher_code = [ + * 'init_crypt' => (string) '', // optional + * 'init_encrypt' => (string) '', // optional + * 'init_decrypt' => (string) '', // optional + * 'encrypt_block' => (string) '', // required + * 'decrypt_block' => (string) '' // required + * ]; + * + * + * @see self::decrypt() + * @see self::setupInlineCrypt() + * @see self::encrypt() + */ + protected function createInlineCryptFunction(array $cipher_code): \Closure + { + $block_size = $this->block_size; + + // optional + $init_crypt = $cipher_code['init_crypt'] ?? ''; + $init_encrypt = $cipher_code['init_encrypt'] ?? ''; + $init_decrypt = $cipher_code['init_decrypt'] ?? ''; + // required + $encrypt_block = $cipher_code['encrypt_block']; + $decrypt_block = $cipher_code['decrypt_block']; + + // Generating mode of operation inline code, + // merged with the $cipher_code algorithm + // for encrypt- and decryption. + switch ($this->mode) { + case self::MODE_ECB: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $in = substr($_text, $_i, ' . $block_size . '); + ' . $encrypt_block . ' + $_ciphertext.= $in; + } + + return $_ciphertext; + '; + + $decrypt = $init_decrypt . ' + $_plaintext = ""; + $_text = str_pad($_text, strlen($_text) + (' . $block_size . ' - strlen($_text) % ' . $block_size . ') % ' . $block_size . ', chr(0)); + $_ciphertext_len = strlen($_text); + + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $in = substr($_text, $_i, ' . $block_size . '); + ' . $decrypt_block . ' + $_plaintext.= $in; + } + + return $this->unpad($_plaintext); + '; + break; + case self::MODE_CTR: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + $_xor = $this->encryptIV; + $_buffer = &$this->enbuffer; + if (strlen($_buffer["ciphertext"])) { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["ciphertext"])) { + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_buffer["ciphertext"].= $in; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["ciphertext"], ' . $block_size . '); + $_ciphertext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_key = $in; + $_ciphertext.= $_block ^ $_key; + } + } + if ($this->continuousBuffer) { + $this->encryptIV = $_xor; + if ($_start = $_plaintext_len % ' . $block_size . ') { + $_buffer["ciphertext"] = substr($_key, $_start) . $_buffer["ciphertext"]; + } + } + + return $_ciphertext; + '; + + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_ciphertext_len = strlen($_text); + $_xor = $this->decryptIV; + $_buffer = &$this->debuffer; + + if (strlen($_buffer["ciphertext"])) { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["ciphertext"])) { + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_buffer["ciphertext"].= $in; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["ciphertext"], ' . $block_size . '); + $_plaintext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_key = $in; + $_plaintext.= $_block ^ $_key; + } + } + if ($this->continuousBuffer) { + $this->decryptIV = $_xor; + if ($_start = $_ciphertext_len % ' . $block_size . ') { + $_buffer["ciphertext"] = substr($_key, $_start) . $_buffer["ciphertext"]; + } + } + + return $_plaintext; + '; + break; + case self::MODE_CFB: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_buffer = &$this->enbuffer; + + if ($this->continuousBuffer) { + $_iv = &$this->encryptIV; + $_pos = &$_buffer["pos"]; + } else { + $_iv = $this->encryptIV; + $_pos = 0; + } + $_len = strlen($_text); + $_i = 0; + if ($_pos) { + $_orig_pos = $_pos; + $_max = ' . $block_size . ' - $_pos; + if ($_len >= $_max) { + $_i = $_max; + $_len-= $_max; + $_pos = 0; + } else { + $_i = $_len; + $_pos+= $_len; + $_len = 0; + } + $_ciphertext = substr($_iv, $_orig_pos) ^ $_text; + $_iv = substr_replace($_iv, $_ciphertext, $_orig_pos, $_i); + } + while ($_len >= ' . $block_size . ') { + $in = $_iv; + ' . $encrypt_block . '; + $_iv = $in ^ substr($_text, $_i, ' . $block_size . '); + $_ciphertext.= $_iv; + $_len-= ' . $block_size . '; + $_i+= ' . $block_size . '; + } + if ($_len) { + $in = $_iv; + ' . $encrypt_block . ' + $_iv = $in; + $_block = $_iv ^ substr($_text, $_i); + $_iv = substr_replace($_iv, $_block, 0, $_len); + $_ciphertext.= $_block; + $_pos = $_len; + } + return $_ciphertext; + '; + + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_buffer = &$this->debuffer; + + if ($this->continuousBuffer) { + $_iv = &$this->decryptIV; + $_pos = &$_buffer["pos"]; + } else { + $_iv = $this->decryptIV; + $_pos = 0; + } + $_len = strlen($_text); + $_i = 0; + if ($_pos) { + $_orig_pos = $_pos; + $_max = ' . $block_size . ' - $_pos; + if ($_len >= $_max) { + $_i = $_max; + $_len-= $_max; + $_pos = 0; + } else { + $_i = $_len; + $_pos+= $_len; + $_len = 0; + } + $_plaintext = substr($_iv, $_orig_pos) ^ $_text; + $_iv = substr_replace($_iv, substr($_text, 0, $_i), $_orig_pos, $_i); + } + while ($_len >= ' . $block_size . ') { + $in = $_iv; + ' . $encrypt_block . ' + $_iv = $in; + $cb = substr($_text, $_i, ' . $block_size . '); + $_plaintext.= $_iv ^ $cb; + $_iv = $cb; + $_len-= ' . $block_size . '; + $_i+= ' . $block_size . '; + } + if ($_len) { + $in = $_iv; + ' . $encrypt_block . ' + $_iv = $in; + $_plaintext.= $_iv ^ substr($_text, $_i); + $_iv = substr_replace($_iv, substr($_text, $_i), 0, $_len); + $_pos = $_len; + } + + return $_plaintext; + '; + break; + case self::MODE_CFB8: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_len = strlen($_text); + $_iv = $this->encryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_ciphertext .= ($_c = $_text[$_i] ^ $in); + $_iv = substr($_iv, 1) . $_c; + } + + if ($this->continuousBuffer) { + if ($_len >= ' . $block_size . ') { + $this->encryptIV = substr($_ciphertext, -' . $block_size . '); + } else { + $this->encryptIV = substr($this->encryptIV, $_len - ' . $block_size . ') . substr($_ciphertext, -$_len); + } + } + + return $_ciphertext; + '; + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_len = strlen($_text); + $_iv = $this->decryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_plaintext .= $_text[$_i] ^ $in; + $_iv = substr($_iv, 1) . $_text[$_i]; + } + + if ($this->continuousBuffer) { + if ($_len >= ' . $block_size . ') { + $this->decryptIV = substr($_text, -' . $block_size . '); + } else { + $this->decryptIV = substr($this->decryptIV, $_len - ' . $block_size . ') . substr($_text, -$_len); + } + } + + return $_plaintext; + '; + break; + case self::MODE_OFB8: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_len = strlen($_text); + $_iv = $this->encryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_ciphertext.= $_text[$_i] ^ $in; + $_iv = substr($_iv, 1) . $in[0]; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $_iv; + } + + return $_ciphertext; + '; + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_len = strlen($_text); + $_iv = $this->decryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_plaintext.= $_text[$_i] ^ $in; + $_iv = substr($_iv, 1) . $in[0]; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $_iv; + } + + return $_plaintext; + '; + break; + case self::MODE_OFB: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + $_xor = $this->encryptIV; + $_buffer = &$this->enbuffer; + + if (strlen($_buffer["xor"])) { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["xor"])) { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_buffer["xor"].= $_xor; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["xor"], ' . $block_size . '); + $_ciphertext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_ciphertext.= substr($_text, $_i, ' . $block_size . ') ^ $_xor; + } + $_key = $_xor; + } + if ($this->continuousBuffer) { + $this->encryptIV = $_xor; + if ($_start = $_plaintext_len % ' . $block_size . ') { + $_buffer["xor"] = substr($_key, $_start) . $_buffer["xor"]; + } + } + return $_ciphertext; + '; + + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_ciphertext_len = strlen($_text); + $_xor = $this->decryptIV; + $_buffer = &$this->debuffer; + + if (strlen($_buffer["xor"])) { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["xor"])) { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_buffer["xor"].= $_xor; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["xor"], ' . $block_size . '); + $_plaintext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_plaintext.= substr($_text, $_i, ' . $block_size . ') ^ $_xor; + } + $_key = $_xor; + } + if ($this->continuousBuffer) { + $this->decryptIV = $_xor; + if ($_start = $_ciphertext_len % ' . $block_size . ') { + $_buffer["xor"] = substr($_key, $_start) . $_buffer["xor"]; + } + } + return $_plaintext; + '; + break; + case self::MODE_STREAM: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + ' . $encrypt_block . ' + return $_ciphertext; + '; + $decrypt = $init_decrypt . ' + $_plaintext = ""; + ' . $decrypt_block . ' + return $_plaintext; + '; + break; + // case self::MODE_CBC: + default: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + + $in = $this->encryptIV; + + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $in = substr($_text, $_i, ' . $block_size . ') ^ $in; + ' . $encrypt_block . ' + $_ciphertext.= $in; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $in; + } + + return $_ciphertext; + '; + + $decrypt = $init_decrypt . ' + $_plaintext = ""; + $_text = str_pad($_text, strlen($_text) + (' . $block_size . ' - strlen($_text) % ' . $block_size . ') % ' . $block_size . ', chr(0)); + $_ciphertext_len = strlen($_text); + + $_iv = $this->decryptIV; + + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $in = $_block = substr($_text, $_i, ' . $block_size . '); + ' . $decrypt_block . ' + $_plaintext.= $in ^ $_iv; + $_iv = $_block; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $_iv; + } + + return $this->unpad($_plaintext); + '; + break; + } + + // Before discrediting this, please read the following: + // @see https://github.com/phpseclib/phpseclib/issues/1293 + // @see https://github.com/phpseclib/phpseclib/pull/1143 + + /** @var \Closure $func */ + $func = eval(<<h + if (!$this->h || $this->hKey != $this->key) { + $cipher = new static('ecb'); + $cipher->setKey($this->key); + $cipher->disablePadding(); + + $this->h = self::$gcmField->newInteger( + Strings::switchEndianness($cipher->encrypt("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0")) + ); + $this->hKey = $this->key; + } + + if (strlen($this->nonce) == 12) { + $this->iv = $this->nonce . "\0\0\0\1"; + } else { + $this->iv = $this->ghash( + self::nullPad128($this->nonce) . str_repeat("\0", 8) . self::len64($this->nonce) + ); + } + } + + /** + * Performs GHASH operation + * + * See https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=20 + * for more info + * + * @see self::decrypt() + * @see self::encrypt() + */ + private function ghash(string $x): string + { + $h = $this->h; + $y = ["\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"]; + $x = str_split($x, 16); + $n = 0; + // the switchEndianness calls are necessary because the multiplication algorithm in BinaryField/Integer + // interprets strings as polynomials in big endian order whereas in GCM they're interpreted in little + // endian order per https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=19. + // big endian order is what binary field elliptic curves use per http://www.secg.org/sec1-v2.pdf#page=18. + + // we could switchEndianness here instead of in the while loop but doing so in the while loop seems like it + // might be slightly more performant + //$x = Strings::switchEndianness($x); + foreach ($x as $xn) { + $xn = Strings::switchEndianness($xn); + $t = $y[$n] ^ $xn; + $temp = self::$gcmField->newInteger($t); + $y[++$n] = $temp->multiply($h)->toBytes(); + $y[$n] = substr($y[$n], 1); + } + $y[$n] = Strings::switchEndianness($y[$n]); + return $y[$n]; + } + + /** + * Returns the bit length of a string in a packed format + * + * @see self::setupGCM() + * @see self::decrypt() + * @see self::encrypt() + */ + private static function len64(string $str): string + { + return "\0\0\0\0" . pack('N', 8 * strlen($str)); + } + + /** + * NULL pads a string to be a multiple of 128 + * + * @see self::setupGCM() + * @see self::decrypt() + * @see self::encrypt() + */ + protected static function nullPad128(string $str): string + { + $len = strlen($str); + return $str . str_repeat("\0", 16 * ((int) ceil($len / 16)) - $len); + } + + /** + * Calculates Poly1305 MAC + * + * On my system ChaCha20, with libsodium, takes 0.5s. With this custom Poly1305 implementation + * it takes 1.2s. + * + *@see self::decrypt() + * @see self::encrypt() + */ + protected function poly1305(string $text): string + { + $s = $this->poly1305Key; // strlen($this->poly1305Key) == 32 + $r = Strings::shift($s, 16); + $r = strrev($r); + $r &= "\x0f\xff\xff\xfc\x0f\xff\xff\xfc\x0f\xff\xff\xfc\x0f\xff\xff\xff"; + $s = strrev($s); + + $r = self::$poly1305Field->newInteger(new BigInteger($r, 256)); + $s = self::$poly1305Field->newInteger(new BigInteger($s, 256)); + $a = self::$poly1305Field->newInteger(new BigInteger()); + + $blocks = str_split($text, 16); + foreach ($blocks as $block) { + $n = strrev($block . chr(1)); + $n = self::$poly1305Field->newInteger(new BigInteger($n, 256)); + $a = $a->add($n); + $a = $a->multiply($r); + } + $r = $a->toBigInteger()->add($s->toBigInteger()); + $mask = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"; + return strrev($r->toBytes()) & $mask; + } + + /** + * Return the mode + * + * You can do $obj instanceof AES or whatever to get the cipher but you can't do that to get the mode + */ + public function getMode(): string + { + return array_flip(self::MODE_MAP)[$this->mode]; + } + + /** + * Is the continuous buffer enabled? + */ + public function continuousBufferEnabled(): bool + { + return $this->continuousBuffer; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Traits/Fingerprint.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Traits/Fingerprint.php new file mode 100644 index 0000000..dfce841 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Traits/Fingerprint.php @@ -0,0 +1,58 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Traits; + +use phpseclib3\Crypt\Hash; + +/** + * Fingerprint Trait for Private Keys + * + * @author Jim Wigginton + */ +trait Fingerprint +{ + /** + * Returns the public key's fingerprint + * + * The public key's fingerprint is returned, which is equivalent to running `ssh-keygen -lf rsa.pub`. If there is + * no public key currently loaded, false is returned. + * Example output (md5): "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" (as specified by RFC 4716) + * + * @param string $algorithm The hashing algorithm to be used. Valid options are 'md5' and 'sha256'. False is returned + * for invalid values. + */ + public function getFingerprint($algorithm = 'md5') + { + $type = self::validatePlugin('Keys', 'OpenSSH', 'savePublicKey'); + if ($type === false) { + return false; + } + $key = $this->toString('OpenSSH', ['binary' => true]); + if ($key === false) { + return false; + } + switch ($algorithm) { + case 'sha256': + $hash = new Hash('sha256'); + $base = base64_encode($hash->hash($key)); + return substr($base, 0, strlen($base) - 1); + case 'md5': + return substr(chunk_split(md5($key), 2, ':'), 0, -1); + default: + return false; + } + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Traits/PasswordProtected.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Traits/PasswordProtected.php new file mode 100644 index 0000000..984e198 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Common/Traits/PasswordProtected.php @@ -0,0 +1,47 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\Common\Traits; + +/** + * Password Protected Trait for Private Keys + * + * @author Jim Wigginton + */ +trait PasswordProtected +{ + /** + * @var string|null + */ + private $password = null; + + /** + * Sets the password + * + * Private keys can be encrypted with a password. To unset the password, pass in the empty string or false. + * Or rather, pass in $password such that empty($password) && !is_string($password) is true. + * + * @see self::createKey() + * @see self::load() + * + * @return static + */ + public function withPassword(?string $password = null): self + { + $new = clone $this; + $new->password = $password; + return $new; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DES.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DES.php new file mode 100644 index 0000000..1ca1853 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DES.php @@ -0,0 +1,1369 @@ + + * setKey('abcdefgh'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $des->decrypt($des->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of DES. + * + * @author Jim Wigginton + */ +class DES extends BlockCipher +{ + /** + * Contains $keys[self::ENCRYPT] + * + * @see \phpseclib3\Crypt\DES::setupKey() + * @see \phpseclib3\Crypt\DES::processBlock() + */ + public const ENCRYPT = 0; + /** + * Contains $keys[self::DECRYPT] + * + * @see \phpseclib3\Crypt\DES::setupKey() + * @see \phpseclib3\Crypt\DES::processBlock() + */ + public const DECRYPT = 1; + + /** + * Block Length of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 8; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKeyLength() + * @var int + */ + protected $key_length = 8; + + /** + * The OpenSSL names of the cipher / modes + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::openssl_mode_names + * @var array + */ + protected $openssl_mode_names = [ + self::MODE_ECB => 'des-ecb', + self::MODE_CBC => 'des-cbc', + self::MODE_CFB => 'des-cfb', + self::MODE_OFB => 'des-ofb', + // self::MODE_CTR is undefined for DES + ]; + + /** + * Switch for DES/3DES encryption + * + * Used only if $engine == self::ENGINE_INTERNAL + * + * @see self::setupKey() + * @see self::processBlock() + * @var int + */ + protected $des_rounds = 1; + + /** + * max possible size of $key + * + * @see self::setKey() + * @var string + */ + protected $key_length_max = 8; + + /** + * The Key Schedule + * + * @see self::setupKey() + * @var array + */ + private $keys; + + /** + * Key Cache "key" + * + * @see self::setupKey() + * @var array + */ + private $kl; + + /** + * Shuffle table. + * + * For each byte value index, the entry holds an 8-byte string + * with each byte containing all bits in the same state as the + * corresponding bit in the index value. + * + * @see self::processBlock() + * @see self::setupKey() + * @var array + */ + protected static $shuffle = [ + "\x00\x00\x00\x00\x00\x00\x00\x00", "\x00\x00\x00\x00\x00\x00\x00\xFF", + "\x00\x00\x00\x00\x00\x00\xFF\x00", "\x00\x00\x00\x00\x00\x00\xFF\xFF", + "\x00\x00\x00\x00\x00\xFF\x00\x00", "\x00\x00\x00\x00\x00\xFF\x00\xFF", + "\x00\x00\x00\x00\x00\xFF\xFF\x00", "\x00\x00\x00\x00\x00\xFF\xFF\xFF", + "\x00\x00\x00\x00\xFF\x00\x00\x00", "\x00\x00\x00\x00\xFF\x00\x00\xFF", + "\x00\x00\x00\x00\xFF\x00\xFF\x00", "\x00\x00\x00\x00\xFF\x00\xFF\xFF", + "\x00\x00\x00\x00\xFF\xFF\x00\x00", "\x00\x00\x00\x00\xFF\xFF\x00\xFF", + "\x00\x00\x00\x00\xFF\xFF\xFF\x00", "\x00\x00\x00\x00\xFF\xFF\xFF\xFF", + "\x00\x00\x00\xFF\x00\x00\x00\x00", "\x00\x00\x00\xFF\x00\x00\x00\xFF", + "\x00\x00\x00\xFF\x00\x00\xFF\x00", "\x00\x00\x00\xFF\x00\x00\xFF\xFF", + "\x00\x00\x00\xFF\x00\xFF\x00\x00", "\x00\x00\x00\xFF\x00\xFF\x00\xFF", + "\x00\x00\x00\xFF\x00\xFF\xFF\x00", "\x00\x00\x00\xFF\x00\xFF\xFF\xFF", + "\x00\x00\x00\xFF\xFF\x00\x00\x00", "\x00\x00\x00\xFF\xFF\x00\x00\xFF", + "\x00\x00\x00\xFF\xFF\x00\xFF\x00", "\x00\x00\x00\xFF\xFF\x00\xFF\xFF", + "\x00\x00\x00\xFF\xFF\xFF\x00\x00", "\x00\x00\x00\xFF\xFF\xFF\x00\xFF", + "\x00\x00\x00\xFF\xFF\xFF\xFF\x00", "\x00\x00\x00\xFF\xFF\xFF\xFF\xFF", + "\x00\x00\xFF\x00\x00\x00\x00\x00", "\x00\x00\xFF\x00\x00\x00\x00\xFF", + "\x00\x00\xFF\x00\x00\x00\xFF\x00", "\x00\x00\xFF\x00\x00\x00\xFF\xFF", + "\x00\x00\xFF\x00\x00\xFF\x00\x00", "\x00\x00\xFF\x00\x00\xFF\x00\xFF", + "\x00\x00\xFF\x00\x00\xFF\xFF\x00", "\x00\x00\xFF\x00\x00\xFF\xFF\xFF", + "\x00\x00\xFF\x00\xFF\x00\x00\x00", "\x00\x00\xFF\x00\xFF\x00\x00\xFF", + "\x00\x00\xFF\x00\xFF\x00\xFF\x00", "\x00\x00\xFF\x00\xFF\x00\xFF\xFF", + "\x00\x00\xFF\x00\xFF\xFF\x00\x00", "\x00\x00\xFF\x00\xFF\xFF\x00\xFF", + "\x00\x00\xFF\x00\xFF\xFF\xFF\x00", "\x00\x00\xFF\x00\xFF\xFF\xFF\xFF", + "\x00\x00\xFF\xFF\x00\x00\x00\x00", "\x00\x00\xFF\xFF\x00\x00\x00\xFF", + "\x00\x00\xFF\xFF\x00\x00\xFF\x00", "\x00\x00\xFF\xFF\x00\x00\xFF\xFF", + "\x00\x00\xFF\xFF\x00\xFF\x00\x00", "\x00\x00\xFF\xFF\x00\xFF\x00\xFF", + "\x00\x00\xFF\xFF\x00\xFF\xFF\x00", "\x00\x00\xFF\xFF\x00\xFF\xFF\xFF", + "\x00\x00\xFF\xFF\xFF\x00\x00\x00", "\x00\x00\xFF\xFF\xFF\x00\x00\xFF", + "\x00\x00\xFF\xFF\xFF\x00\xFF\x00", "\x00\x00\xFF\xFF\xFF\x00\xFF\xFF", + "\x00\x00\xFF\xFF\xFF\xFF\x00\x00", "\x00\x00\xFF\xFF\xFF\xFF\x00\xFF", + "\x00\x00\xFF\xFF\xFF\xFF\xFF\x00", "\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF", + "\x00\xFF\x00\x00\x00\x00\x00\x00", "\x00\xFF\x00\x00\x00\x00\x00\xFF", + "\x00\xFF\x00\x00\x00\x00\xFF\x00", "\x00\xFF\x00\x00\x00\x00\xFF\xFF", + "\x00\xFF\x00\x00\x00\xFF\x00\x00", "\x00\xFF\x00\x00\x00\xFF\x00\xFF", + "\x00\xFF\x00\x00\x00\xFF\xFF\x00", "\x00\xFF\x00\x00\x00\xFF\xFF\xFF", + "\x00\xFF\x00\x00\xFF\x00\x00\x00", "\x00\xFF\x00\x00\xFF\x00\x00\xFF", + "\x00\xFF\x00\x00\xFF\x00\xFF\x00", "\x00\xFF\x00\x00\xFF\x00\xFF\xFF", + "\x00\xFF\x00\x00\xFF\xFF\x00\x00", "\x00\xFF\x00\x00\xFF\xFF\x00\xFF", + "\x00\xFF\x00\x00\xFF\xFF\xFF\x00", "\x00\xFF\x00\x00\xFF\xFF\xFF\xFF", + "\x00\xFF\x00\xFF\x00\x00\x00\x00", "\x00\xFF\x00\xFF\x00\x00\x00\xFF", + "\x00\xFF\x00\xFF\x00\x00\xFF\x00", "\x00\xFF\x00\xFF\x00\x00\xFF\xFF", + "\x00\xFF\x00\xFF\x00\xFF\x00\x00", "\x00\xFF\x00\xFF\x00\xFF\x00\xFF", + "\x00\xFF\x00\xFF\x00\xFF\xFF\x00", "\x00\xFF\x00\xFF\x00\xFF\xFF\xFF", + "\x00\xFF\x00\xFF\xFF\x00\x00\x00", "\x00\xFF\x00\xFF\xFF\x00\x00\xFF", + "\x00\xFF\x00\xFF\xFF\x00\xFF\x00", "\x00\xFF\x00\xFF\xFF\x00\xFF\xFF", + "\x00\xFF\x00\xFF\xFF\xFF\x00\x00", "\x00\xFF\x00\xFF\xFF\xFF\x00\xFF", + "\x00\xFF\x00\xFF\xFF\xFF\xFF\x00", "\x00\xFF\x00\xFF\xFF\xFF\xFF\xFF", + "\x00\xFF\xFF\x00\x00\x00\x00\x00", "\x00\xFF\xFF\x00\x00\x00\x00\xFF", + "\x00\xFF\xFF\x00\x00\x00\xFF\x00", "\x00\xFF\xFF\x00\x00\x00\xFF\xFF", + "\x00\xFF\xFF\x00\x00\xFF\x00\x00", "\x00\xFF\xFF\x00\x00\xFF\x00\xFF", + "\x00\xFF\xFF\x00\x00\xFF\xFF\x00", "\x00\xFF\xFF\x00\x00\xFF\xFF\xFF", + "\x00\xFF\xFF\x00\xFF\x00\x00\x00", "\x00\xFF\xFF\x00\xFF\x00\x00\xFF", + "\x00\xFF\xFF\x00\xFF\x00\xFF\x00", "\x00\xFF\xFF\x00\xFF\x00\xFF\xFF", + "\x00\xFF\xFF\x00\xFF\xFF\x00\x00", "\x00\xFF\xFF\x00\xFF\xFF\x00\xFF", + "\x00\xFF\xFF\x00\xFF\xFF\xFF\x00", "\x00\xFF\xFF\x00\xFF\xFF\xFF\xFF", + "\x00\xFF\xFF\xFF\x00\x00\x00\x00", "\x00\xFF\xFF\xFF\x00\x00\x00\xFF", + "\x00\xFF\xFF\xFF\x00\x00\xFF\x00", "\x00\xFF\xFF\xFF\x00\x00\xFF\xFF", + "\x00\xFF\xFF\xFF\x00\xFF\x00\x00", "\x00\xFF\xFF\xFF\x00\xFF\x00\xFF", + "\x00\xFF\xFF\xFF\x00\xFF\xFF\x00", "\x00\xFF\xFF\xFF\x00\xFF\xFF\xFF", + "\x00\xFF\xFF\xFF\xFF\x00\x00\x00", "\x00\xFF\xFF\xFF\xFF\x00\x00\xFF", + "\x00\xFF\xFF\xFF\xFF\x00\xFF\x00", "\x00\xFF\xFF\xFF\xFF\x00\xFF\xFF", + "\x00\xFF\xFF\xFF\xFF\xFF\x00\x00", "\x00\xFF\xFF\xFF\xFF\xFF\x00\xFF", + "\x00\xFF\xFF\xFF\xFF\xFF\xFF\x00", "\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + "\xFF\x00\x00\x00\x00\x00\x00\x00", "\xFF\x00\x00\x00\x00\x00\x00\xFF", + "\xFF\x00\x00\x00\x00\x00\xFF\x00", "\xFF\x00\x00\x00\x00\x00\xFF\xFF", + "\xFF\x00\x00\x00\x00\xFF\x00\x00", "\xFF\x00\x00\x00\x00\xFF\x00\xFF", + "\xFF\x00\x00\x00\x00\xFF\xFF\x00", "\xFF\x00\x00\x00\x00\xFF\xFF\xFF", + "\xFF\x00\x00\x00\xFF\x00\x00\x00", "\xFF\x00\x00\x00\xFF\x00\x00\xFF", + "\xFF\x00\x00\x00\xFF\x00\xFF\x00", "\xFF\x00\x00\x00\xFF\x00\xFF\xFF", + "\xFF\x00\x00\x00\xFF\xFF\x00\x00", "\xFF\x00\x00\x00\xFF\xFF\x00\xFF", + "\xFF\x00\x00\x00\xFF\xFF\xFF\x00", "\xFF\x00\x00\x00\xFF\xFF\xFF\xFF", + "\xFF\x00\x00\xFF\x00\x00\x00\x00", "\xFF\x00\x00\xFF\x00\x00\x00\xFF", + "\xFF\x00\x00\xFF\x00\x00\xFF\x00", "\xFF\x00\x00\xFF\x00\x00\xFF\xFF", + "\xFF\x00\x00\xFF\x00\xFF\x00\x00", "\xFF\x00\x00\xFF\x00\xFF\x00\xFF", + "\xFF\x00\x00\xFF\x00\xFF\xFF\x00", "\xFF\x00\x00\xFF\x00\xFF\xFF\xFF", + "\xFF\x00\x00\xFF\xFF\x00\x00\x00", "\xFF\x00\x00\xFF\xFF\x00\x00\xFF", + "\xFF\x00\x00\xFF\xFF\x00\xFF\x00", "\xFF\x00\x00\xFF\xFF\x00\xFF\xFF", + "\xFF\x00\x00\xFF\xFF\xFF\x00\x00", "\xFF\x00\x00\xFF\xFF\xFF\x00\xFF", + "\xFF\x00\x00\xFF\xFF\xFF\xFF\x00", "\xFF\x00\x00\xFF\xFF\xFF\xFF\xFF", + "\xFF\x00\xFF\x00\x00\x00\x00\x00", "\xFF\x00\xFF\x00\x00\x00\x00\xFF", + "\xFF\x00\xFF\x00\x00\x00\xFF\x00", "\xFF\x00\xFF\x00\x00\x00\xFF\xFF", + "\xFF\x00\xFF\x00\x00\xFF\x00\x00", "\xFF\x00\xFF\x00\x00\xFF\x00\xFF", + "\xFF\x00\xFF\x00\x00\xFF\xFF\x00", "\xFF\x00\xFF\x00\x00\xFF\xFF\xFF", + "\xFF\x00\xFF\x00\xFF\x00\x00\x00", "\xFF\x00\xFF\x00\xFF\x00\x00\xFF", + "\xFF\x00\xFF\x00\xFF\x00\xFF\x00", "\xFF\x00\xFF\x00\xFF\x00\xFF\xFF", + "\xFF\x00\xFF\x00\xFF\xFF\x00\x00", "\xFF\x00\xFF\x00\xFF\xFF\x00\xFF", + "\xFF\x00\xFF\x00\xFF\xFF\xFF\x00", "\xFF\x00\xFF\x00\xFF\xFF\xFF\xFF", + "\xFF\x00\xFF\xFF\x00\x00\x00\x00", "\xFF\x00\xFF\xFF\x00\x00\x00\xFF", + "\xFF\x00\xFF\xFF\x00\x00\xFF\x00", "\xFF\x00\xFF\xFF\x00\x00\xFF\xFF", + "\xFF\x00\xFF\xFF\x00\xFF\x00\x00", "\xFF\x00\xFF\xFF\x00\xFF\x00\xFF", + "\xFF\x00\xFF\xFF\x00\xFF\xFF\x00", "\xFF\x00\xFF\xFF\x00\xFF\xFF\xFF", + "\xFF\x00\xFF\xFF\xFF\x00\x00\x00", "\xFF\x00\xFF\xFF\xFF\x00\x00\xFF", + "\xFF\x00\xFF\xFF\xFF\x00\xFF\x00", "\xFF\x00\xFF\xFF\xFF\x00\xFF\xFF", + "\xFF\x00\xFF\xFF\xFF\xFF\x00\x00", "\xFF\x00\xFF\xFF\xFF\xFF\x00\xFF", + "\xFF\x00\xFF\xFF\xFF\xFF\xFF\x00", "\xFF\x00\xFF\xFF\xFF\xFF\xFF\xFF", + "\xFF\xFF\x00\x00\x00\x00\x00\x00", "\xFF\xFF\x00\x00\x00\x00\x00\xFF", + "\xFF\xFF\x00\x00\x00\x00\xFF\x00", "\xFF\xFF\x00\x00\x00\x00\xFF\xFF", + "\xFF\xFF\x00\x00\x00\xFF\x00\x00", "\xFF\xFF\x00\x00\x00\xFF\x00\xFF", + "\xFF\xFF\x00\x00\x00\xFF\xFF\x00", "\xFF\xFF\x00\x00\x00\xFF\xFF\xFF", + "\xFF\xFF\x00\x00\xFF\x00\x00\x00", "\xFF\xFF\x00\x00\xFF\x00\x00\xFF", + "\xFF\xFF\x00\x00\xFF\x00\xFF\x00", "\xFF\xFF\x00\x00\xFF\x00\xFF\xFF", + "\xFF\xFF\x00\x00\xFF\xFF\x00\x00", "\xFF\xFF\x00\x00\xFF\xFF\x00\xFF", + "\xFF\xFF\x00\x00\xFF\xFF\xFF\x00", "\xFF\xFF\x00\x00\xFF\xFF\xFF\xFF", + "\xFF\xFF\x00\xFF\x00\x00\x00\x00", "\xFF\xFF\x00\xFF\x00\x00\x00\xFF", + "\xFF\xFF\x00\xFF\x00\x00\xFF\x00", "\xFF\xFF\x00\xFF\x00\x00\xFF\xFF", + "\xFF\xFF\x00\xFF\x00\xFF\x00\x00", "\xFF\xFF\x00\xFF\x00\xFF\x00\xFF", + "\xFF\xFF\x00\xFF\x00\xFF\xFF\x00", "\xFF\xFF\x00\xFF\x00\xFF\xFF\xFF", + "\xFF\xFF\x00\xFF\xFF\x00\x00\x00", "\xFF\xFF\x00\xFF\xFF\x00\x00\xFF", + "\xFF\xFF\x00\xFF\xFF\x00\xFF\x00", "\xFF\xFF\x00\xFF\xFF\x00\xFF\xFF", + "\xFF\xFF\x00\xFF\xFF\xFF\x00\x00", "\xFF\xFF\x00\xFF\xFF\xFF\x00\xFF", + "\xFF\xFF\x00\xFF\xFF\xFF\xFF\x00", "\xFF\xFF\x00\xFF\xFF\xFF\xFF\xFF", + "\xFF\xFF\xFF\x00\x00\x00\x00\x00", "\xFF\xFF\xFF\x00\x00\x00\x00\xFF", + "\xFF\xFF\xFF\x00\x00\x00\xFF\x00", "\xFF\xFF\xFF\x00\x00\x00\xFF\xFF", + "\xFF\xFF\xFF\x00\x00\xFF\x00\x00", "\xFF\xFF\xFF\x00\x00\xFF\x00\xFF", + "\xFF\xFF\xFF\x00\x00\xFF\xFF\x00", "\xFF\xFF\xFF\x00\x00\xFF\xFF\xFF", + "\xFF\xFF\xFF\x00\xFF\x00\x00\x00", "\xFF\xFF\xFF\x00\xFF\x00\x00\xFF", + "\xFF\xFF\xFF\x00\xFF\x00\xFF\x00", "\xFF\xFF\xFF\x00\xFF\x00\xFF\xFF", + "\xFF\xFF\xFF\x00\xFF\xFF\x00\x00", "\xFF\xFF\xFF\x00\xFF\xFF\x00\xFF", + "\xFF\xFF\xFF\x00\xFF\xFF\xFF\x00", "\xFF\xFF\xFF\x00\xFF\xFF\xFF\xFF", + "\xFF\xFF\xFF\xFF\x00\x00\x00\x00", "\xFF\xFF\xFF\xFF\x00\x00\x00\xFF", + "\xFF\xFF\xFF\xFF\x00\x00\xFF\x00", "\xFF\xFF\xFF\xFF\x00\x00\xFF\xFF", + "\xFF\xFF\xFF\xFF\x00\xFF\x00\x00", "\xFF\xFF\xFF\xFF\x00\xFF\x00\xFF", + "\xFF\xFF\xFF\xFF\x00\xFF\xFF\x00", "\xFF\xFF\xFF\xFF\x00\xFF\xFF\xFF", + "\xFF\xFF\xFF\xFF\xFF\x00\x00\x00", "\xFF\xFF\xFF\xFF\xFF\x00\x00\xFF", + "\xFF\xFF\xFF\xFF\xFF\x00\xFF\x00", "\xFF\xFF\xFF\xFF\xFF\x00\xFF\xFF", + "\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00", "\xFF\xFF\xFF\xFF\xFF\xFF\x00\xFF", + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00", "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + ]; + + /** + * IP mapping helper table. + * + * Indexing this table with each source byte performs the initial bit permutation. + * + * @var array + */ + protected static $ipmap = [ + 0x00, 0x10, 0x01, 0x11, 0x20, 0x30, 0x21, 0x31, + 0x02, 0x12, 0x03, 0x13, 0x22, 0x32, 0x23, 0x33, + 0x40, 0x50, 0x41, 0x51, 0x60, 0x70, 0x61, 0x71, + 0x42, 0x52, 0x43, 0x53, 0x62, 0x72, 0x63, 0x73, + 0x04, 0x14, 0x05, 0x15, 0x24, 0x34, 0x25, 0x35, + 0x06, 0x16, 0x07, 0x17, 0x26, 0x36, 0x27, 0x37, + 0x44, 0x54, 0x45, 0x55, 0x64, 0x74, 0x65, 0x75, + 0x46, 0x56, 0x47, 0x57, 0x66, 0x76, 0x67, 0x77, + 0x80, 0x90, 0x81, 0x91, 0xA0, 0xB0, 0xA1, 0xB1, + 0x82, 0x92, 0x83, 0x93, 0xA2, 0xB2, 0xA3, 0xB3, + 0xC0, 0xD0, 0xC1, 0xD1, 0xE0, 0xF0, 0xE1, 0xF1, + 0xC2, 0xD2, 0xC3, 0xD3, 0xE2, 0xF2, 0xE3, 0xF3, + 0x84, 0x94, 0x85, 0x95, 0xA4, 0xB4, 0xA5, 0xB5, + 0x86, 0x96, 0x87, 0x97, 0xA6, 0xB6, 0xA7, 0xB7, + 0xC4, 0xD4, 0xC5, 0xD5, 0xE4, 0xF4, 0xE5, 0xF5, + 0xC6, 0xD6, 0xC7, 0xD7, 0xE6, 0xF6, 0xE7, 0xF7, + 0x08, 0x18, 0x09, 0x19, 0x28, 0x38, 0x29, 0x39, + 0x0A, 0x1A, 0x0B, 0x1B, 0x2A, 0x3A, 0x2B, 0x3B, + 0x48, 0x58, 0x49, 0x59, 0x68, 0x78, 0x69, 0x79, + 0x4A, 0x5A, 0x4B, 0x5B, 0x6A, 0x7A, 0x6B, 0x7B, + 0x0C, 0x1C, 0x0D, 0x1D, 0x2C, 0x3C, 0x2D, 0x3D, + 0x0E, 0x1E, 0x0F, 0x1F, 0x2E, 0x3E, 0x2F, 0x3F, + 0x4C, 0x5C, 0x4D, 0x5D, 0x6C, 0x7C, 0x6D, 0x7D, + 0x4E, 0x5E, 0x4F, 0x5F, 0x6E, 0x7E, 0x6F, 0x7F, + 0x88, 0x98, 0x89, 0x99, 0xA8, 0xB8, 0xA9, 0xB9, + 0x8A, 0x9A, 0x8B, 0x9B, 0xAA, 0xBA, 0xAB, 0xBB, + 0xC8, 0xD8, 0xC9, 0xD9, 0xE8, 0xF8, 0xE9, 0xF9, + 0xCA, 0xDA, 0xCB, 0xDB, 0xEA, 0xFA, 0xEB, 0xFB, + 0x8C, 0x9C, 0x8D, 0x9D, 0xAC, 0xBC, 0xAD, 0xBD, + 0x8E, 0x9E, 0x8F, 0x9F, 0xAE, 0xBE, 0xAF, 0xBF, + 0xCC, 0xDC, 0xCD, 0xDD, 0xEC, 0xFC, 0xED, 0xFD, + 0xCE, 0xDE, 0xCF, 0xDF, 0xEE, 0xFE, 0xEF, 0xFF, + ]; + + /** + * Inverse IP mapping helper table. + * Indexing this table with a byte value reverses the bit order. + * + * @var array + */ + protected static $invipmap = [ + 0x00, 0x80, 0x40, 0xC0, 0x20, 0xA0, 0x60, 0xE0, + 0x10, 0x90, 0x50, 0xD0, 0x30, 0xB0, 0x70, 0xF0, + 0x08, 0x88, 0x48, 0xC8, 0x28, 0xA8, 0x68, 0xE8, + 0x18, 0x98, 0x58, 0xD8, 0x38, 0xB8, 0x78, 0xF8, + 0x04, 0x84, 0x44, 0xC4, 0x24, 0xA4, 0x64, 0xE4, + 0x14, 0x94, 0x54, 0xD4, 0x34, 0xB4, 0x74, 0xF4, + 0x0C, 0x8C, 0x4C, 0xCC, 0x2C, 0xAC, 0x6C, 0xEC, + 0x1C, 0x9C, 0x5C, 0xDC, 0x3C, 0xBC, 0x7C, 0xFC, + 0x02, 0x82, 0x42, 0xC2, 0x22, 0xA2, 0x62, 0xE2, + 0x12, 0x92, 0x52, 0xD2, 0x32, 0xB2, 0x72, 0xF2, + 0x0A, 0x8A, 0x4A, 0xCA, 0x2A, 0xAA, 0x6A, 0xEA, + 0x1A, 0x9A, 0x5A, 0xDA, 0x3A, 0xBA, 0x7A, 0xFA, + 0x06, 0x86, 0x46, 0xC6, 0x26, 0xA6, 0x66, 0xE6, + 0x16, 0x96, 0x56, 0xD6, 0x36, 0xB6, 0x76, 0xF6, + 0x0E, 0x8E, 0x4E, 0xCE, 0x2E, 0xAE, 0x6E, 0xEE, + 0x1E, 0x9E, 0x5E, 0xDE, 0x3E, 0xBE, 0x7E, 0xFE, + 0x01, 0x81, 0x41, 0xC1, 0x21, 0xA1, 0x61, 0xE1, + 0x11, 0x91, 0x51, 0xD1, 0x31, 0xB1, 0x71, 0xF1, + 0x09, 0x89, 0x49, 0xC9, 0x29, 0xA9, 0x69, 0xE9, + 0x19, 0x99, 0x59, 0xD9, 0x39, 0xB9, 0x79, 0xF9, + 0x05, 0x85, 0x45, 0xC5, 0x25, 0xA5, 0x65, 0xE5, + 0x15, 0x95, 0x55, 0xD5, 0x35, 0xB5, 0x75, 0xF5, + 0x0D, 0x8D, 0x4D, 0xCD, 0x2D, 0xAD, 0x6D, 0xED, + 0x1D, 0x9D, 0x5D, 0xDD, 0x3D, 0xBD, 0x7D, 0xFD, + 0x03, 0x83, 0x43, 0xC3, 0x23, 0xA3, 0x63, 0xE3, + 0x13, 0x93, 0x53, 0xD3, 0x33, 0xB3, 0x73, 0xF3, + 0x0B, 0x8B, 0x4B, 0xCB, 0x2B, 0xAB, 0x6B, 0xEB, + 0x1B, 0x9B, 0x5B, 0xDB, 0x3B, 0xBB, 0x7B, 0xFB, + 0x07, 0x87, 0x47, 0xC7, 0x27, 0xA7, 0x67, 0xE7, + 0x17, 0x97, 0x57, 0xD7, 0x37, 0xB7, 0x77, 0xF7, + 0x0F, 0x8F, 0x4F, 0xCF, 0x2F, 0xAF, 0x6F, 0xEF, + 0x1F, 0x9F, 0x5F, 0xDF, 0x3F, 0xBF, 0x7F, 0xFF, + ]; + + /** + * Pre-permuted S-box1 + * + * Each box ($sbox1-$sbox8) has been vectorized, then each value pre-permuted using the + * P table: concatenation can then be replaced by exclusive ORs. + * + * @var array + */ + protected static $sbox1 = [ + 0x00808200, 0x00000000, 0x00008000, 0x00808202, + 0x00808002, 0x00008202, 0x00000002, 0x00008000, + 0x00000200, 0x00808200, 0x00808202, 0x00000200, + 0x00800202, 0x00808002, 0x00800000, 0x00000002, + 0x00000202, 0x00800200, 0x00800200, 0x00008200, + 0x00008200, 0x00808000, 0x00808000, 0x00800202, + 0x00008002, 0x00800002, 0x00800002, 0x00008002, + 0x00000000, 0x00000202, 0x00008202, 0x00800000, + 0x00008000, 0x00808202, 0x00000002, 0x00808000, + 0x00808200, 0x00800000, 0x00800000, 0x00000200, + 0x00808002, 0x00008000, 0x00008200, 0x00800002, + 0x00000200, 0x00000002, 0x00800202, 0x00008202, + 0x00808202, 0x00008002, 0x00808000, 0x00800202, + 0x00800002, 0x00000202, 0x00008202, 0x00808200, + 0x00000202, 0x00800200, 0x00800200, 0x00000000, + 0x00008002, 0x00008200, 0x00000000, 0x00808002, + ]; + + /** + * Pre-permuted S-box2 + * + * @var array + */ + protected static $sbox2 = [ + 0x40084010, 0x40004000, 0x00004000, 0x00084010, + 0x00080000, 0x00000010, 0x40080010, 0x40004010, + 0x40000010, 0x40084010, 0x40084000, 0x40000000, + 0x40004000, 0x00080000, 0x00000010, 0x40080010, + 0x00084000, 0x00080010, 0x40004010, 0x00000000, + 0x40000000, 0x00004000, 0x00084010, 0x40080000, + 0x00080010, 0x40000010, 0x00000000, 0x00084000, + 0x00004010, 0x40084000, 0x40080000, 0x00004010, + 0x00000000, 0x00084010, 0x40080010, 0x00080000, + 0x40004010, 0x40080000, 0x40084000, 0x00004000, + 0x40080000, 0x40004000, 0x00000010, 0x40084010, + 0x00084010, 0x00000010, 0x00004000, 0x40000000, + 0x00004010, 0x40084000, 0x00080000, 0x40000010, + 0x00080010, 0x40004010, 0x40000010, 0x00080010, + 0x00084000, 0x00000000, 0x40004000, 0x00004010, + 0x40000000, 0x40080010, 0x40084010, 0x00084000, + ]; + + /** + * Pre-permuted S-box3 + * + * @var array + */ + protected static $sbox3 = [ + 0x00000104, 0x04010100, 0x00000000, 0x04010004, + 0x04000100, 0x00000000, 0x00010104, 0x04000100, + 0x00010004, 0x04000004, 0x04000004, 0x00010000, + 0x04010104, 0x00010004, 0x04010000, 0x00000104, + 0x04000000, 0x00000004, 0x04010100, 0x00000100, + 0x00010100, 0x04010000, 0x04010004, 0x00010104, + 0x04000104, 0x00010100, 0x00010000, 0x04000104, + 0x00000004, 0x04010104, 0x00000100, 0x04000000, + 0x04010100, 0x04000000, 0x00010004, 0x00000104, + 0x00010000, 0x04010100, 0x04000100, 0x00000000, + 0x00000100, 0x00010004, 0x04010104, 0x04000100, + 0x04000004, 0x00000100, 0x00000000, 0x04010004, + 0x04000104, 0x00010000, 0x04000000, 0x04010104, + 0x00000004, 0x00010104, 0x00010100, 0x04000004, + 0x04010000, 0x04000104, 0x00000104, 0x04010000, + 0x00010104, 0x00000004, 0x04010004, 0x00010100, + ]; + + /** + * Pre-permuted S-box4 + * + * @var array + */ + protected static $sbox4 = [ + 0x80401000, 0x80001040, 0x80001040, 0x00000040, + 0x00401040, 0x80400040, 0x80400000, 0x80001000, + 0x00000000, 0x00401000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00400040, 0x80400000, + 0x80000000, 0x00001000, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x80001000, 0x00001040, + 0x80400040, 0x80000000, 0x00001040, 0x00400040, + 0x00001000, 0x00401040, 0x80401040, 0x80000040, + 0x00400040, 0x80400000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00000000, 0x00401000, + 0x00001040, 0x00400040, 0x80400040, 0x80000000, + 0x80401000, 0x80001040, 0x80001040, 0x00000040, + 0x80401040, 0x80000040, 0x80000000, 0x00001000, + 0x80400000, 0x80001000, 0x00401040, 0x80400040, + 0x80001000, 0x00001040, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x00001000, 0x00401040, + ]; + + /** + * Pre-permuted S-box5 + * + * @var array + */ + protected static $sbox5 = [ + 0x00000080, 0x01040080, 0x01040000, 0x21000080, + 0x00040000, 0x00000080, 0x20000000, 0x01040000, + 0x20040080, 0x00040000, 0x01000080, 0x20040080, + 0x21000080, 0x21040000, 0x00040080, 0x20000000, + 0x01000000, 0x20040000, 0x20040000, 0x00000000, + 0x20000080, 0x21040080, 0x21040080, 0x01000080, + 0x21040000, 0x20000080, 0x00000000, 0x21000000, + 0x01040080, 0x01000000, 0x21000000, 0x00040080, + 0x00040000, 0x21000080, 0x00000080, 0x01000000, + 0x20000000, 0x01040000, 0x21000080, 0x20040080, + 0x01000080, 0x20000000, 0x21040000, 0x01040080, + 0x20040080, 0x00000080, 0x01000000, 0x21040000, + 0x21040080, 0x00040080, 0x21000000, 0x21040080, + 0x01040000, 0x00000000, 0x20040000, 0x21000000, + 0x00040080, 0x01000080, 0x20000080, 0x00040000, + 0x00000000, 0x20040000, 0x01040080, 0x20000080, + ]; + + /** + * Pre-permuted S-box6 + * + * @var array + */ + protected static $sbox6 = [ + 0x10000008, 0x10200000, 0x00002000, 0x10202008, + 0x10200000, 0x00000008, 0x10202008, 0x00200000, + 0x10002000, 0x00202008, 0x00200000, 0x10000008, + 0x00200008, 0x10002000, 0x10000000, 0x00002008, + 0x00000000, 0x00200008, 0x10002008, 0x00002000, + 0x00202000, 0x10002008, 0x00000008, 0x10200008, + 0x10200008, 0x00000000, 0x00202008, 0x10202000, + 0x00002008, 0x00202000, 0x10202000, 0x10000000, + 0x10002000, 0x00000008, 0x10200008, 0x00202000, + 0x10202008, 0x00200000, 0x00002008, 0x10000008, + 0x00200000, 0x10002000, 0x10000000, 0x00002008, + 0x10000008, 0x10202008, 0x00202000, 0x10200000, + 0x00202008, 0x10202000, 0x00000000, 0x10200008, + 0x00000008, 0x00002000, 0x10200000, 0x00202008, + 0x00002000, 0x00200008, 0x10002008, 0x00000000, + 0x10202000, 0x10000000, 0x00200008, 0x10002008, + ]; + + /** + * Pre-permuted S-box7 + * + * @var array + */ + protected static $sbox7 = [ + 0x00100000, 0x02100001, 0x02000401, 0x00000000, + 0x00000400, 0x02000401, 0x00100401, 0x02100400, + 0x02100401, 0x00100000, 0x00000000, 0x02000001, + 0x00000001, 0x02000000, 0x02100001, 0x00000401, + 0x02000400, 0x00100401, 0x00100001, 0x02000400, + 0x02000001, 0x02100000, 0x02100400, 0x00100001, + 0x02100000, 0x00000400, 0x00000401, 0x02100401, + 0x00100400, 0x00000001, 0x02000000, 0x00100400, + 0x02000000, 0x00100400, 0x00100000, 0x02000401, + 0x02000401, 0x02100001, 0x02100001, 0x00000001, + 0x00100001, 0x02000000, 0x02000400, 0x00100000, + 0x02100400, 0x00000401, 0x00100401, 0x02100400, + 0x00000401, 0x02000001, 0x02100401, 0x02100000, + 0x00100400, 0x00000000, 0x00000001, 0x02100401, + 0x00000000, 0x00100401, 0x02100000, 0x00000400, + 0x02000001, 0x02000400, 0x00000400, 0x00100001, + ]; + + /** + * Pre-permuted S-box8 + * + * @var array + */ + protected static $sbox8 = [ + 0x08000820, 0x00000800, 0x00020000, 0x08020820, + 0x08000000, 0x08000820, 0x00000020, 0x08000000, + 0x00020020, 0x08020000, 0x08020820, 0x00020800, + 0x08020800, 0x00020820, 0x00000800, 0x00000020, + 0x08020000, 0x08000020, 0x08000800, 0x00000820, + 0x00020800, 0x00020020, 0x08020020, 0x08020800, + 0x00000820, 0x00000000, 0x00000000, 0x08020020, + 0x08000020, 0x08000800, 0x00020820, 0x00020000, + 0x00020820, 0x00020000, 0x08020800, 0x00000800, + 0x00000020, 0x08020020, 0x00000800, 0x00020820, + 0x08000800, 0x00000020, 0x08000020, 0x08020000, + 0x08020020, 0x08000000, 0x00020000, 0x08000820, + 0x00000000, 0x08020820, 0x00020020, 0x08000020, + 0x08020000, 0x08000800, 0x08000820, 0x00000000, + 0x08020820, 0x00020800, 0x00020800, 0x00000820, + 0x00000820, 0x00020020, 0x08000000, 0x08020800, + ]; + + /** + * Default Constructor. + * + * @throws BadModeException if an invalid / unsupported mode is provided + */ + public function __construct(string $mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + */ + protected function isValidEngineHelper(int $engine): bool + { + if ($this->key_length_max == 8) { + if ($engine == self::ENGINE_OPENSSL) { + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl_ecb = 'des-ecb'; + $this->cipher_name_openssl = 'des-' . $this->openssl_translate_mode(); + } + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the key. + * + * Keys must be 64-bits long or 8 bytes long. + * + * DES also requires that every eighth bit be a parity bit, however, we'll ignore that. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKey() + */ + public function setKey(string $key): void + { + if (!($this instanceof TripleDES) && strlen($key) != 8) { + throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of size 8 are supported'); + } + + // Sets the key + parent::setKey($key); + } + + /** + * Encrypts a block + * + * @see self::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::encryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + */ + protected function encryptBlock(string $in): string + { + return $this->processBlock($in, self::ENCRYPT); + } + + /** + * Decrypts a block + * + * @see self::decrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + protected function decryptBlock(string $in): string + { + return $this->processBlock($in, self::DECRYPT); + } + + /** + * Encrypts or decrypts a 64-bit block + * + * $mode should be either self::ENCRYPT or self::DECRYPT. See + * {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general + * idea of what this function does. + * + * @return string + * @see self::decryptBlock() + * @see self::encryptBlock() + */ + private function processBlock(string $block, int $mode) + { + static $sbox1, $sbox2, $sbox3, $sbox4, $sbox5, $sbox6, $sbox7, $sbox8, $shuffleip, $shuffleinvip; + if (!$sbox1) { + $sbox1 = array_map('intval', self::$sbox1); + $sbox2 = array_map('intval', self::$sbox2); + $sbox3 = array_map('intval', self::$sbox3); + $sbox4 = array_map('intval', self::$sbox4); + $sbox5 = array_map('intval', self::$sbox5); + $sbox6 = array_map('intval', self::$sbox6); + $sbox7 = array_map('intval', self::$sbox7); + $sbox8 = array_map('intval', self::$sbox8); + /* Merge $shuffle with $[inv]ipmap */ + for ($i = 0; $i < 256; ++$i) { + $shuffleip[] = self::$shuffle[self::$ipmap[$i]]; + $shuffleinvip[] = self::$shuffle[self::$invipmap[$i]]; + } + } + + $keys = $this->keys[$mode]; + $ki = -1; + + // Do the initial IP permutation. + $t = unpack('Nl/Nr', $block); + [$l, $r] = [$t['l'], $t['r']]; + $block = ($shuffleip[ $r & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleip[($r >> 8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleip[($r >> 24) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleip[ $l & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleip[($l >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleip[($l >> 16) & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleip[($l >> 24) & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01"); + + // Extract L0 and R0. + $t = unpack('Nl/Nr', $block); + [$l, $r] = [$t['l'], $t['r']]; + + for ($des_round = 0; $des_round < $this->des_rounds; ++$des_round) { + // Perform the 16 steps. + for ($i = 0; $i < 16; $i++) { + // start of "the Feistel (F) function" - see the following URL: + // http://en.wikipedia.org/wiki/Image:Data_Encryption_Standard_InfoBox_Diagram.png + // Merge key schedule. + $b1 = (($r >> 3) & 0x1FFFFFFF) ^ ($r << 29) ^ $keys[++$ki]; + $b2 = (($r >> 31) & 0x00000001) ^ ($r << 1) ^ $keys[++$ki]; + + // S-box indexing. + $t = $sbox1[($b1 >> 24) & 0x3F] ^ $sbox2[($b2 >> 24) & 0x3F] ^ + $sbox3[($b1 >> 16) & 0x3F] ^ $sbox4[($b2 >> 16) & 0x3F] ^ + $sbox5[($b1 >> 8) & 0x3F] ^ $sbox6[($b2 >> 8) & 0x3F] ^ + $sbox7[ $b1 & 0x3F] ^ $sbox8[ $b2 & 0x3F] ^ $l; + // end of "the Feistel (F) function" + + $l = $r; + $r = $t; + } + + // Last step should not permute L & R. + $t = $l; + $l = $r; + $r = $t; + } + + // Perform the inverse IP permutation. + return ($shuffleinvip[($r >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleinvip[($l >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleinvip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleinvip[($l >> 16) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleinvip[($r >> 8) & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleinvip[($l >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleinvip[ $r & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleinvip[ $l & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01"); + } + + /** + * Creates the key schedule + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey(): void + { + if (isset($this->kl['key']) && $this->key === $this->kl['key'] && $this->des_rounds === $this->kl['des_rounds']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key, 'des_rounds' => $this->des_rounds]; + + static $shifts = [ // number of key bits shifted per round + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1, + ]; + + static $pc1map = [ + 0x00, 0x00, 0x08, 0x08, 0x04, 0x04, 0x0C, 0x0C, + 0x02, 0x02, 0x0A, 0x0A, 0x06, 0x06, 0x0E, 0x0E, + 0x10, 0x10, 0x18, 0x18, 0x14, 0x14, 0x1C, 0x1C, + 0x12, 0x12, 0x1A, 0x1A, 0x16, 0x16, 0x1E, 0x1E, + 0x20, 0x20, 0x28, 0x28, 0x24, 0x24, 0x2C, 0x2C, + 0x22, 0x22, 0x2A, 0x2A, 0x26, 0x26, 0x2E, 0x2E, + 0x30, 0x30, 0x38, 0x38, 0x34, 0x34, 0x3C, 0x3C, + 0x32, 0x32, 0x3A, 0x3A, 0x36, 0x36, 0x3E, 0x3E, + 0x40, 0x40, 0x48, 0x48, 0x44, 0x44, 0x4C, 0x4C, + 0x42, 0x42, 0x4A, 0x4A, 0x46, 0x46, 0x4E, 0x4E, + 0x50, 0x50, 0x58, 0x58, 0x54, 0x54, 0x5C, 0x5C, + 0x52, 0x52, 0x5A, 0x5A, 0x56, 0x56, 0x5E, 0x5E, + 0x60, 0x60, 0x68, 0x68, 0x64, 0x64, 0x6C, 0x6C, + 0x62, 0x62, 0x6A, 0x6A, 0x66, 0x66, 0x6E, 0x6E, + 0x70, 0x70, 0x78, 0x78, 0x74, 0x74, 0x7C, 0x7C, + 0x72, 0x72, 0x7A, 0x7A, 0x76, 0x76, 0x7E, 0x7E, + 0x80, 0x80, 0x88, 0x88, 0x84, 0x84, 0x8C, 0x8C, + 0x82, 0x82, 0x8A, 0x8A, 0x86, 0x86, 0x8E, 0x8E, + 0x90, 0x90, 0x98, 0x98, 0x94, 0x94, 0x9C, 0x9C, + 0x92, 0x92, 0x9A, 0x9A, 0x96, 0x96, 0x9E, 0x9E, + 0xA0, 0xA0, 0xA8, 0xA8, 0xA4, 0xA4, 0xAC, 0xAC, + 0xA2, 0xA2, 0xAA, 0xAA, 0xA6, 0xA6, 0xAE, 0xAE, + 0xB0, 0xB0, 0xB8, 0xB8, 0xB4, 0xB4, 0xBC, 0xBC, + 0xB2, 0xB2, 0xBA, 0xBA, 0xB6, 0xB6, 0xBE, 0xBE, + 0xC0, 0xC0, 0xC8, 0xC8, 0xC4, 0xC4, 0xCC, 0xCC, + 0xC2, 0xC2, 0xCA, 0xCA, 0xC6, 0xC6, 0xCE, 0xCE, + 0xD0, 0xD0, 0xD8, 0xD8, 0xD4, 0xD4, 0xDC, 0xDC, + 0xD2, 0xD2, 0xDA, 0xDA, 0xD6, 0xD6, 0xDE, 0xDE, + 0xE0, 0xE0, 0xE8, 0xE8, 0xE4, 0xE4, 0xEC, 0xEC, + 0xE2, 0xE2, 0xEA, 0xEA, 0xE6, 0xE6, 0xEE, 0xEE, + 0xF0, 0xF0, 0xF8, 0xF8, 0xF4, 0xF4, 0xFC, 0xFC, + 0xF2, 0xF2, 0xFA, 0xFA, 0xF6, 0xF6, 0xFE, 0xFE, + ]; + + // Mapping tables for the PC-2 transformation. + static $pc2mapc1 = [ + 0x00000000, 0x00000400, 0x00200000, 0x00200400, + 0x00000001, 0x00000401, 0x00200001, 0x00200401, + 0x02000000, 0x02000400, 0x02200000, 0x02200400, + 0x02000001, 0x02000401, 0x02200001, 0x02200401, + ]; + static $pc2mapc2 = [ + 0x00000000, 0x00000800, 0x08000000, 0x08000800, + 0x00010000, 0x00010800, 0x08010000, 0x08010800, + 0x00000000, 0x00000800, 0x08000000, 0x08000800, + 0x00010000, 0x00010800, 0x08010000, 0x08010800, + 0x00000100, 0x00000900, 0x08000100, 0x08000900, + 0x00010100, 0x00010900, 0x08010100, 0x08010900, + 0x00000100, 0x00000900, 0x08000100, 0x08000900, + 0x00010100, 0x00010900, 0x08010100, 0x08010900, + 0x00000010, 0x00000810, 0x08000010, 0x08000810, + 0x00010010, 0x00010810, 0x08010010, 0x08010810, + 0x00000010, 0x00000810, 0x08000010, 0x08000810, + 0x00010010, 0x00010810, 0x08010010, 0x08010810, + 0x00000110, 0x00000910, 0x08000110, 0x08000910, + 0x00010110, 0x00010910, 0x08010110, 0x08010910, + 0x00000110, 0x00000910, 0x08000110, 0x08000910, + 0x00010110, 0x00010910, 0x08010110, 0x08010910, + 0x00040000, 0x00040800, 0x08040000, 0x08040800, + 0x00050000, 0x00050800, 0x08050000, 0x08050800, + 0x00040000, 0x00040800, 0x08040000, 0x08040800, + 0x00050000, 0x00050800, 0x08050000, 0x08050800, + 0x00040100, 0x00040900, 0x08040100, 0x08040900, + 0x00050100, 0x00050900, 0x08050100, 0x08050900, + 0x00040100, 0x00040900, 0x08040100, 0x08040900, + 0x00050100, 0x00050900, 0x08050100, 0x08050900, + 0x00040010, 0x00040810, 0x08040010, 0x08040810, + 0x00050010, 0x00050810, 0x08050010, 0x08050810, + 0x00040010, 0x00040810, 0x08040010, 0x08040810, + 0x00050010, 0x00050810, 0x08050010, 0x08050810, + 0x00040110, 0x00040910, 0x08040110, 0x08040910, + 0x00050110, 0x00050910, 0x08050110, 0x08050910, + 0x00040110, 0x00040910, 0x08040110, 0x08040910, + 0x00050110, 0x00050910, 0x08050110, 0x08050910, + 0x01000000, 0x01000800, 0x09000000, 0x09000800, + 0x01010000, 0x01010800, 0x09010000, 0x09010800, + 0x01000000, 0x01000800, 0x09000000, 0x09000800, + 0x01010000, 0x01010800, 0x09010000, 0x09010800, + 0x01000100, 0x01000900, 0x09000100, 0x09000900, + 0x01010100, 0x01010900, 0x09010100, 0x09010900, + 0x01000100, 0x01000900, 0x09000100, 0x09000900, + 0x01010100, 0x01010900, 0x09010100, 0x09010900, + 0x01000010, 0x01000810, 0x09000010, 0x09000810, + 0x01010010, 0x01010810, 0x09010010, 0x09010810, + 0x01000010, 0x01000810, 0x09000010, 0x09000810, + 0x01010010, 0x01010810, 0x09010010, 0x09010810, + 0x01000110, 0x01000910, 0x09000110, 0x09000910, + 0x01010110, 0x01010910, 0x09010110, 0x09010910, + 0x01000110, 0x01000910, 0x09000110, 0x09000910, + 0x01010110, 0x01010910, 0x09010110, 0x09010910, + 0x01040000, 0x01040800, 0x09040000, 0x09040800, + 0x01050000, 0x01050800, 0x09050000, 0x09050800, + 0x01040000, 0x01040800, 0x09040000, 0x09040800, + 0x01050000, 0x01050800, 0x09050000, 0x09050800, + 0x01040100, 0x01040900, 0x09040100, 0x09040900, + 0x01050100, 0x01050900, 0x09050100, 0x09050900, + 0x01040100, 0x01040900, 0x09040100, 0x09040900, + 0x01050100, 0x01050900, 0x09050100, 0x09050900, + 0x01040010, 0x01040810, 0x09040010, 0x09040810, + 0x01050010, 0x01050810, 0x09050010, 0x09050810, + 0x01040010, 0x01040810, 0x09040010, 0x09040810, + 0x01050010, 0x01050810, 0x09050010, 0x09050810, + 0x01040110, 0x01040910, 0x09040110, 0x09040910, + 0x01050110, 0x01050910, 0x09050110, 0x09050910, + 0x01040110, 0x01040910, 0x09040110, 0x09040910, + 0x01050110, 0x01050910, 0x09050110, 0x09050910, + ]; + static $pc2mapc3 = [ + 0x00000000, 0x00000004, 0x00001000, 0x00001004, + 0x00000000, 0x00000004, 0x00001000, 0x00001004, + 0x10000000, 0x10000004, 0x10001000, 0x10001004, + 0x10000000, 0x10000004, 0x10001000, 0x10001004, + 0x00000020, 0x00000024, 0x00001020, 0x00001024, + 0x00000020, 0x00000024, 0x00001020, 0x00001024, + 0x10000020, 0x10000024, 0x10001020, 0x10001024, + 0x10000020, 0x10000024, 0x10001020, 0x10001024, + 0x00080000, 0x00080004, 0x00081000, 0x00081004, + 0x00080000, 0x00080004, 0x00081000, 0x00081004, + 0x10080000, 0x10080004, 0x10081000, 0x10081004, + 0x10080000, 0x10080004, 0x10081000, 0x10081004, + 0x00080020, 0x00080024, 0x00081020, 0x00081024, + 0x00080020, 0x00080024, 0x00081020, 0x00081024, + 0x10080020, 0x10080024, 0x10081020, 0x10081024, + 0x10080020, 0x10080024, 0x10081020, 0x10081024, + 0x20000000, 0x20000004, 0x20001000, 0x20001004, + 0x20000000, 0x20000004, 0x20001000, 0x20001004, + 0x30000000, 0x30000004, 0x30001000, 0x30001004, + 0x30000000, 0x30000004, 0x30001000, 0x30001004, + 0x20000020, 0x20000024, 0x20001020, 0x20001024, + 0x20000020, 0x20000024, 0x20001020, 0x20001024, + 0x30000020, 0x30000024, 0x30001020, 0x30001024, + 0x30000020, 0x30000024, 0x30001020, 0x30001024, + 0x20080000, 0x20080004, 0x20081000, 0x20081004, + 0x20080000, 0x20080004, 0x20081000, 0x20081004, + 0x30080000, 0x30080004, 0x30081000, 0x30081004, + 0x30080000, 0x30080004, 0x30081000, 0x30081004, + 0x20080020, 0x20080024, 0x20081020, 0x20081024, + 0x20080020, 0x20080024, 0x20081020, 0x20081024, + 0x30080020, 0x30080024, 0x30081020, 0x30081024, + 0x30080020, 0x30080024, 0x30081020, 0x30081024, + 0x00000002, 0x00000006, 0x00001002, 0x00001006, + 0x00000002, 0x00000006, 0x00001002, 0x00001006, + 0x10000002, 0x10000006, 0x10001002, 0x10001006, + 0x10000002, 0x10000006, 0x10001002, 0x10001006, + 0x00000022, 0x00000026, 0x00001022, 0x00001026, + 0x00000022, 0x00000026, 0x00001022, 0x00001026, + 0x10000022, 0x10000026, 0x10001022, 0x10001026, + 0x10000022, 0x10000026, 0x10001022, 0x10001026, + 0x00080002, 0x00080006, 0x00081002, 0x00081006, + 0x00080002, 0x00080006, 0x00081002, 0x00081006, + 0x10080002, 0x10080006, 0x10081002, 0x10081006, + 0x10080002, 0x10080006, 0x10081002, 0x10081006, + 0x00080022, 0x00080026, 0x00081022, 0x00081026, + 0x00080022, 0x00080026, 0x00081022, 0x00081026, + 0x10080022, 0x10080026, 0x10081022, 0x10081026, + 0x10080022, 0x10080026, 0x10081022, 0x10081026, + 0x20000002, 0x20000006, 0x20001002, 0x20001006, + 0x20000002, 0x20000006, 0x20001002, 0x20001006, + 0x30000002, 0x30000006, 0x30001002, 0x30001006, + 0x30000002, 0x30000006, 0x30001002, 0x30001006, + 0x20000022, 0x20000026, 0x20001022, 0x20001026, + 0x20000022, 0x20000026, 0x20001022, 0x20001026, + 0x30000022, 0x30000026, 0x30001022, 0x30001026, + 0x30000022, 0x30000026, 0x30001022, 0x30001026, + 0x20080002, 0x20080006, 0x20081002, 0x20081006, + 0x20080002, 0x20080006, 0x20081002, 0x20081006, + 0x30080002, 0x30080006, 0x30081002, 0x30081006, + 0x30080002, 0x30080006, 0x30081002, 0x30081006, + 0x20080022, 0x20080026, 0x20081022, 0x20081026, + 0x20080022, 0x20080026, 0x20081022, 0x20081026, + 0x30080022, 0x30080026, 0x30081022, 0x30081026, + 0x30080022, 0x30080026, 0x30081022, 0x30081026, + ]; + static $pc2mapc4 = [ + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208, + ]; + static $pc2mapd1 = [ + 0x00000000, 0x00000001, 0x08000000, 0x08000001, + 0x00200000, 0x00200001, 0x08200000, 0x08200001, + 0x00000002, 0x00000003, 0x08000002, 0x08000003, + 0x00200002, 0x00200003, 0x08200002, 0x08200003, + ]; + static $pc2mapd2 = [ + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04, + ]; + static $pc2mapd3 = [ + 0x00000000, 0x00010000, 0x02000000, 0x02010000, + 0x00000020, 0x00010020, 0x02000020, 0x02010020, + 0x00040000, 0x00050000, 0x02040000, 0x02050000, + 0x00040020, 0x00050020, 0x02040020, 0x02050020, + 0x00002000, 0x00012000, 0x02002000, 0x02012000, + 0x00002020, 0x00012020, 0x02002020, 0x02012020, + 0x00042000, 0x00052000, 0x02042000, 0x02052000, + 0x00042020, 0x00052020, 0x02042020, 0x02052020, + 0x00000000, 0x00010000, 0x02000000, 0x02010000, + 0x00000020, 0x00010020, 0x02000020, 0x02010020, + 0x00040000, 0x00050000, 0x02040000, 0x02050000, + 0x00040020, 0x00050020, 0x02040020, 0x02050020, + 0x00002000, 0x00012000, 0x02002000, 0x02012000, + 0x00002020, 0x00012020, 0x02002020, 0x02012020, + 0x00042000, 0x00052000, 0x02042000, 0x02052000, + 0x00042020, 0x00052020, 0x02042020, 0x02052020, + 0x00000010, 0x00010010, 0x02000010, 0x02010010, + 0x00000030, 0x00010030, 0x02000030, 0x02010030, + 0x00040010, 0x00050010, 0x02040010, 0x02050010, + 0x00040030, 0x00050030, 0x02040030, 0x02050030, + 0x00002010, 0x00012010, 0x02002010, 0x02012010, + 0x00002030, 0x00012030, 0x02002030, 0x02012030, + 0x00042010, 0x00052010, 0x02042010, 0x02052010, + 0x00042030, 0x00052030, 0x02042030, 0x02052030, + 0x00000010, 0x00010010, 0x02000010, 0x02010010, + 0x00000030, 0x00010030, 0x02000030, 0x02010030, + 0x00040010, 0x00050010, 0x02040010, 0x02050010, + 0x00040030, 0x00050030, 0x02040030, 0x02050030, + 0x00002010, 0x00012010, 0x02002010, 0x02012010, + 0x00002030, 0x00012030, 0x02002030, 0x02012030, + 0x00042010, 0x00052010, 0x02042010, 0x02052010, + 0x00042030, 0x00052030, 0x02042030, 0x02052030, + 0x20000000, 0x20010000, 0x22000000, 0x22010000, + 0x20000020, 0x20010020, 0x22000020, 0x22010020, + 0x20040000, 0x20050000, 0x22040000, 0x22050000, + 0x20040020, 0x20050020, 0x22040020, 0x22050020, + 0x20002000, 0x20012000, 0x22002000, 0x22012000, + 0x20002020, 0x20012020, 0x22002020, 0x22012020, + 0x20042000, 0x20052000, 0x22042000, 0x22052000, + 0x20042020, 0x20052020, 0x22042020, 0x22052020, + 0x20000000, 0x20010000, 0x22000000, 0x22010000, + 0x20000020, 0x20010020, 0x22000020, 0x22010020, + 0x20040000, 0x20050000, 0x22040000, 0x22050000, + 0x20040020, 0x20050020, 0x22040020, 0x22050020, + 0x20002000, 0x20012000, 0x22002000, 0x22012000, + 0x20002020, 0x20012020, 0x22002020, 0x22012020, + 0x20042000, 0x20052000, 0x22042000, 0x22052000, + 0x20042020, 0x20052020, 0x22042020, 0x22052020, + 0x20000010, 0x20010010, 0x22000010, 0x22010010, + 0x20000030, 0x20010030, 0x22000030, 0x22010030, + 0x20040010, 0x20050010, 0x22040010, 0x22050010, + 0x20040030, 0x20050030, 0x22040030, 0x22050030, + 0x20002010, 0x20012010, 0x22002010, 0x22012010, + 0x20002030, 0x20012030, 0x22002030, 0x22012030, + 0x20042010, 0x20052010, 0x22042010, 0x22052010, + 0x20042030, 0x20052030, 0x22042030, 0x22052030, + 0x20000010, 0x20010010, 0x22000010, 0x22010010, + 0x20000030, 0x20010030, 0x22000030, 0x22010030, + 0x20040010, 0x20050010, 0x22040010, 0x22050010, + 0x20040030, 0x20050030, 0x22040030, 0x22050030, + 0x20002010, 0x20012010, 0x22002010, 0x22012010, + 0x20002030, 0x20012030, 0x22002030, 0x22012030, + 0x20042010, 0x20052010, 0x22042010, 0x22052010, + 0x20042030, 0x20052030, 0x22042030, 0x22052030, + ]; + static $pc2mapd4 = [ + 0x00000000, 0x00000400, 0x01000000, 0x01000400, + 0x00000000, 0x00000400, 0x01000000, 0x01000400, + 0x00000100, 0x00000500, 0x01000100, 0x01000500, + 0x00000100, 0x00000500, 0x01000100, 0x01000500, + 0x10000000, 0x10000400, 0x11000000, 0x11000400, + 0x10000000, 0x10000400, 0x11000000, 0x11000400, + 0x10000100, 0x10000500, 0x11000100, 0x11000500, + 0x10000100, 0x10000500, 0x11000100, 0x11000500, + 0x00080000, 0x00080400, 0x01080000, 0x01080400, + 0x00080000, 0x00080400, 0x01080000, 0x01080400, + 0x00080100, 0x00080500, 0x01080100, 0x01080500, + 0x00080100, 0x00080500, 0x01080100, 0x01080500, + 0x10080000, 0x10080400, 0x11080000, 0x11080400, + 0x10080000, 0x10080400, 0x11080000, 0x11080400, + 0x10080100, 0x10080500, 0x11080100, 0x11080500, + 0x10080100, 0x10080500, 0x11080100, 0x11080500, + 0x00000008, 0x00000408, 0x01000008, 0x01000408, + 0x00000008, 0x00000408, 0x01000008, 0x01000408, + 0x00000108, 0x00000508, 0x01000108, 0x01000508, + 0x00000108, 0x00000508, 0x01000108, 0x01000508, + 0x10000008, 0x10000408, 0x11000008, 0x11000408, + 0x10000008, 0x10000408, 0x11000008, 0x11000408, + 0x10000108, 0x10000508, 0x11000108, 0x11000508, + 0x10000108, 0x10000508, 0x11000108, 0x11000508, + 0x00080008, 0x00080408, 0x01080008, 0x01080408, + 0x00080008, 0x00080408, 0x01080008, 0x01080408, + 0x00080108, 0x00080508, 0x01080108, 0x01080508, + 0x00080108, 0x00080508, 0x01080108, 0x01080508, + 0x10080008, 0x10080408, 0x11080008, 0x11080408, + 0x10080008, 0x10080408, 0x11080008, 0x11080408, + 0x10080108, 0x10080508, 0x11080108, 0x11080508, + 0x10080108, 0x10080508, 0x11080108, 0x11080508, + 0x00001000, 0x00001400, 0x01001000, 0x01001400, + 0x00001000, 0x00001400, 0x01001000, 0x01001400, + 0x00001100, 0x00001500, 0x01001100, 0x01001500, + 0x00001100, 0x00001500, 0x01001100, 0x01001500, + 0x10001000, 0x10001400, 0x11001000, 0x11001400, + 0x10001000, 0x10001400, 0x11001000, 0x11001400, + 0x10001100, 0x10001500, 0x11001100, 0x11001500, + 0x10001100, 0x10001500, 0x11001100, 0x11001500, + 0x00081000, 0x00081400, 0x01081000, 0x01081400, + 0x00081000, 0x00081400, 0x01081000, 0x01081400, + 0x00081100, 0x00081500, 0x01081100, 0x01081500, + 0x00081100, 0x00081500, 0x01081100, 0x01081500, + 0x10081000, 0x10081400, 0x11081000, 0x11081400, + 0x10081000, 0x10081400, 0x11081000, 0x11081400, + 0x10081100, 0x10081500, 0x11081100, 0x11081500, + 0x10081100, 0x10081500, 0x11081100, 0x11081500, + 0x00001008, 0x00001408, 0x01001008, 0x01001408, + 0x00001008, 0x00001408, 0x01001008, 0x01001408, + 0x00001108, 0x00001508, 0x01001108, 0x01001508, + 0x00001108, 0x00001508, 0x01001108, 0x01001508, + 0x10001008, 0x10001408, 0x11001008, 0x11001408, + 0x10001008, 0x10001408, 0x11001008, 0x11001408, + 0x10001108, 0x10001508, 0x11001108, 0x11001508, + 0x10001108, 0x10001508, 0x11001108, 0x11001508, + 0x00081008, 0x00081408, 0x01081008, 0x01081408, + 0x00081008, 0x00081408, 0x01081008, 0x01081408, + 0x00081108, 0x00081508, 0x01081108, 0x01081508, + 0x00081108, 0x00081508, 0x01081108, 0x01081508, + 0x10081008, 0x10081408, 0x11081008, 0x11081408, + 0x10081008, 0x10081408, 0x11081008, 0x11081408, + 0x10081108, 0x10081508, 0x11081108, 0x11081508, + 0x10081108, 0x10081508, 0x11081108, 0x11081508, + ]; + + $keys = []; + for ($des_round = 0; $des_round < $this->des_rounds; ++$des_round) { + // pad the key and remove extra characters as appropriate. + $key = str_pad(substr($this->key, $des_round * 8, 8), 8, "\0"); + + // Perform the PC/1 transformation and compute C and D. + $t = unpack('Nl/Nr', $key); + [$l, $r] = [$t['l'], $t['r']]; + $key = (self::$shuffle[$pc1map[ $r & 0xFF]] & "\x80\x80\x80\x80\x80\x80\x80\x00") | + (self::$shuffle[$pc1map[($r >> 8) & 0xFF]] & "\x40\x40\x40\x40\x40\x40\x40\x00") | + (self::$shuffle[$pc1map[($r >> 16) & 0xFF]] & "\x20\x20\x20\x20\x20\x20\x20\x00") | + (self::$shuffle[$pc1map[($r >> 24) & 0xFF]] & "\x10\x10\x10\x10\x10\x10\x10\x00") | + (self::$shuffle[$pc1map[ $l & 0xFF]] & "\x08\x08\x08\x08\x08\x08\x08\x00") | + (self::$shuffle[$pc1map[($l >> 8) & 0xFF]] & "\x04\x04\x04\x04\x04\x04\x04\x00") | + (self::$shuffle[$pc1map[($l >> 16) & 0xFF]] & "\x02\x02\x02\x02\x02\x02\x02\x00") | + (self::$shuffle[$pc1map[($l >> 24) & 0xFF]] & "\x01\x01\x01\x01\x01\x01\x01\x00"); + $key = unpack('Nc/Nd', $key); + $c = ( $key['c'] >> 4) & 0x0FFFFFFF; + $d = (($key['d'] >> 4) & 0x0FFFFFF0) | ($key['c'] & 0x0F); + + $keys[$des_round] = [ + self::ENCRYPT => [], + self::DECRYPT => array_fill(0, 32, 0), + ]; + for ($i = 0, $ki = 31; $i < 16; ++$i, $ki -= 2) { + $c <<= $shifts[$i]; + $c = ($c | ($c >> 28)) & 0x0FFFFFFF; + $d <<= $shifts[$i]; + $d = ($d | ($d >> 28)) & 0x0FFFFFFF; + + // Perform the PC-2 transformation. + $cp = $pc2mapc1[ $c >> 24 ] | $pc2mapc2[($c >> 16) & 0xFF] | + $pc2mapc3[($c >> 8) & 0xFF] | $pc2mapc4[ $c & 0xFF]; + $dp = $pc2mapd1[ $d >> 24 ] | $pc2mapd2[($d >> 16) & 0xFF] | + $pc2mapd3[($d >> 8) & 0xFF] | $pc2mapd4[ $d & 0xFF]; + + // Reorder: odd bytes/even bytes. Push the result in key schedule. + $val1 = ( $cp & intval(0xFF000000)) | (($cp << 8) & 0x00FF0000) | + (($dp >> 16) & 0x0000FF00) | (($dp >> 8) & 0x000000FF); + $val2 = (($cp << 8) & intval(0xFF000000)) | (($cp << 16) & 0x00FF0000) | + (($dp >> 8) & 0x0000FF00) | ( $dp & 0x000000FF); + $keys[$des_round][self::ENCRYPT][ ] = $val1; + $keys[$des_round][self::DECRYPT][$ki - 1] = $val1; + $keys[$des_round][self::ENCRYPT][ ] = $val2; + $keys[$des_round][self::DECRYPT][$ki ] = $val2; + } + } + + switch ($this->des_rounds) { + case 3: // 3DES keys + $this->keys = [ + self::ENCRYPT => array_merge( + $keys[0][self::ENCRYPT], + $keys[1][self::DECRYPT], + $keys[2][self::ENCRYPT] + ), + self::DECRYPT => array_merge( + $keys[2][self::DECRYPT], + $keys[1][self::ENCRYPT], + $keys[0][self::DECRYPT] + ), + ]; + break; + // case 1: // DES keys + default: + $this->keys = [ + self::ENCRYPT => $keys[0][self::ENCRYPT], + self::DECRYPT => $keys[0][self::DECRYPT], + ]; + } + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupInlineCrypt() + */ + protected function setupInlineCrypt(): void + { + // Engine configuration for: + // - DES ($des_rounds == 1) or + // - 3DES ($des_rounds == 3) + $des_rounds = $this->des_rounds; + + $init_crypt = 'static $sbox1, $sbox2, $sbox3, $sbox4, $sbox5, $sbox6, $sbox7, $sbox8, $shuffleip, $shuffleinvip; + if (!$sbox1) { + $sbox1 = array_map("intval", self::$sbox1); + $sbox2 = array_map("intval", self::$sbox2); + $sbox3 = array_map("intval", self::$sbox3); + $sbox4 = array_map("intval", self::$sbox4); + $sbox5 = array_map("intval", self::$sbox5); + $sbox6 = array_map("intval", self::$sbox6); + $sbox7 = array_map("intval", self::$sbox7); + $sbox8 = array_map("intval", self::$sbox8);' + /* Merge $shuffle with $[inv]ipmap */ . ' + for ($i = 0; $i < 256; ++$i) { + $shuffleip[] = self::$shuffle[self::$ipmap[$i]]; + $shuffleinvip[] = self::$shuffle[self::$invipmap[$i]]; + } + } + '; + + $k = [ + self::ENCRYPT => $this->keys[self::ENCRYPT], + self::DECRYPT => $this->keys[self::DECRYPT], + ]; + $init_encrypt = ''; + $init_decrypt = ''; + + // Creating code for en- and decryption. + $crypt_block = []; + foreach ([self::ENCRYPT, self::DECRYPT] as $c) { + /* Do the initial IP permutation. */ + $crypt_block[$c] = ' + $in = unpack("N*", $in); + $l = $in[1]; + $r = $in[2]; + $in = unpack("N*", + ($shuffleip[ $r & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleip[($r >> 8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleip[($r >> 24) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleip[ $l & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleip[($l >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleip[($l >> 16) & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleip[($l >> 24) & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01") + ); + ' . /* Extract L0 and R0 */ ' + $l = $in[1]; + $r = $in[2]; + '; + + $l = '$l'; + $r = '$r'; + + // Perform DES or 3DES. + for ($ki = -1, $des_round = 0; $des_round < $des_rounds; ++$des_round) { + // Perform the 16 steps. + for ($i = 0; $i < 16; ++$i) { + // start of "the Feistel (F) function" - see the following URL: + // http://en.wikipedia.org/wiki/Image:Data_Encryption_Standard_InfoBox_Diagram.png + // Merge key schedule. + $crypt_block[$c] .= ' + $b1 = ((' . $r . ' >> 3) & 0x1FFFFFFF) ^ (' . $r . ' << 29) ^ ' . $k[$c][++$ki] . '; + $b2 = ((' . $r . ' >> 31) & 0x00000001) ^ (' . $r . ' << 1) ^ ' . $k[$c][++$ki] . ';' . + /* S-box indexing. */ + $l . ' = $sbox1[($b1 >> 24) & 0x3F] ^ $sbox2[($b2 >> 24) & 0x3F] ^ + $sbox3[($b1 >> 16) & 0x3F] ^ $sbox4[($b2 >> 16) & 0x3F] ^ + $sbox5[($b1 >> 8) & 0x3F] ^ $sbox6[($b2 >> 8) & 0x3F] ^ + $sbox7[ $b1 & 0x3F] ^ $sbox8[ $b2 & 0x3F] ^ ' . $l . '; + '; + // end of "the Feistel (F) function" + + // swap L & R + [$l, $r] = [$r, $l]; + } + [$l, $r] = [$r, $l]; + } + + // Perform the inverse IP permutation. + $crypt_block[$c] .= '$in = + ($shuffleinvip[($l >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleinvip[($r >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleinvip[($l >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleinvip[($r >> 16) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleinvip[($l >> 8) & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleinvip[($r >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleinvip[ $l & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleinvip[ $r & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01"); + '; + } + + // Creates the inline-crypt function + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'init_encrypt' => $init_encrypt, + 'init_decrypt' => $init_decrypt, + 'encrypt_block' => $crypt_block[self::ENCRYPT], + 'decrypt_block' => $crypt_block[self::DECRYPT], + ] + ); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DH.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH.php new file mode 100644 index 0000000..9375ad3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH.php @@ -0,0 +1,397 @@ + + * + * + * + * @author Jim Wigginton + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\DH\Parameters; +use phpseclib3\Crypt\DH\PrivateKey; +use phpseclib3\Crypt\DH\PublicKey; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\NoKeyLoadedException; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP (EC)DH implementation + * + * @author Jim Wigginton + */ +abstract class DH extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + public const ALGORITHM = 'DH'; + + /** + * DH prime + * + * @var BigInteger + */ + protected $prime; + + /** + * DH Base + * + * Prime divisor of p-1 + * + * @var BigInteger + */ + protected $base; + + /** + * Public Key + * + * @var BigInteger + */ + protected $publicKey; + + /** + * Create DH parameters + * + * This method is a bit polymorphic. It can take any of the following: + * - two BigInteger's (prime and base) + * - an integer representing the size of the prime in bits (the base is assumed to be 2) + * - a string (eg. diffie-hellman-group14-sha1) + */ + public static function createParameters(...$args): Parameters + { + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createParameters() should not be called from final classes (' . static::class . ')'); + } + + $params = new Parameters(); + if (count($args) == 2 && $args[0] instanceof BigInteger && $args[1] instanceof BigInteger) { + //if (!$args[0]->isPrime()) { + // throw new \phpseclib3\Exception\InvalidArgumentException('The first parameter should be a prime number'); + //} + $params->prime = $args[0]; + $params->base = $args[1]; + return $params; + } elseif (count($args) == 1 && is_numeric($args[0])) { + $params->prime = BigInteger::randomPrime($args[0]); + $params->base = new BigInteger(2); + return $params; + } elseif (count($args) != 1 || !is_string($args[0])) { + throw new InvalidArgumentException('Valid parameters are either: two BigInteger\'s (prime and base), a single integer (the length of the prime; base is assumed to be 2) or a string'); + } + switch ($args[0]) { + // see http://tools.ietf.org/html/rfc2409#section-6.2 and + // http://tools.ietf.org/html/rfc2412, appendex E + case 'diffie-hellman-group1-sha1': + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF'; + break; + // see http://tools.ietf.org/html/rfc3526#section-3 + case 'diffie-hellman-group14-sha1': // 2048-bit MODP Group + case 'diffie-hellman-group14-sha256': + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-4 + case 'diffie-hellman-group15-sha512': // 3072-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-5 + case 'diffie-hellman-group16-sha512': // 4096-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7' . + '88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8' . + 'DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2' . + '233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9' . + '93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-6 + case 'diffie-hellman-group17-sha512': // 6144-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7' . + '88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8' . + 'DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2' . + '233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9' . + '93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026' . + 'C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AE' . + 'B06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B' . + 'DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92EC' . + 'F032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E' . + '59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA' . + 'CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76' . + 'F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468' . + '043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-7 + case 'diffie-hellman-group18-sha512': // 8192-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7' . + '88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8' . + 'DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2' . + '233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9' . + '93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026' . + 'C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AE' . + 'B06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B' . + 'DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92EC' . + 'F032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E' . + '59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA' . + 'CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76' . + 'F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468' . + '043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4' . + '38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED' . + '2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652D' . + 'E3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B' . + '4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A6' . + '6D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851D' . + 'F9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92' . + '4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA' . + '9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF'; + break; + default: + throw new InvalidArgumentException('Invalid named prime provided'); + } + + $params->prime = new BigInteger($prime, 16); + $params->base = new BigInteger(2); + + return $params; + } + + /** + * Create public / private key pair. + * + * The rationale for the second parameter is described in http://tools.ietf.org/html/rfc4419#section-6.2 : + * + * "To increase the speed of the key exchange, both client and server may + * reduce the size of their private exponents. It should be at least + * twice as long as the key material that is generated from the shared + * secret. For more details, see the paper by van Oorschot and Wiener + * [VAN-OORSCHOT]." + * + * $length is in bits + * + * @param int $length optional + */ + public static function createKey(Parameters $params, int $length = 0): PrivateKey + { + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + $one = new BigInteger(1); + if ($length) { + $max = $one->bitwise_leftShift($length); + $max = $max->subtract($one); + } else { + $max = $params->prime->subtract($one); + } + + $key = new PrivateKey(); + $key->prime = $params->prime; + $key->base = $params->base; + $key->privateKey = BigInteger::randomRange($one, $max); + $key->publicKey = $key->base->powMod($key->privateKey, $key->prime); + return $key; + } + + /** + * Compute Shared Secret + * + * @param PrivateKey|EC $private + * @param PublicKey|BigInteger|string $public + */ + public static function computeSecret($private, $public) + { + if ($private instanceof PrivateKey) { // DH\PrivateKey + switch (true) { + case $public instanceof PublicKey: + if (!$private->prime->equals($public->prime) || !$private->base->equals($public->base)) { + throw new InvalidArgumentException('The public and private key do not share the same prime and / or base numbers'); + } + return $public->publicKey->powMod($private->privateKey, $private->prime)->toBytes(true); + case is_string($public): + $public = new BigInteger($public, -256); + // fall-through + case $public instanceof BigInteger: + return $public->powMod($private->privateKey, $private->prime)->toBytes(true); + default: + throw new InvalidArgumentException('$public needs to be an instance of DH\PublicKey, a BigInteger or a string'); + } + } + + if ($private instanceof EC\PrivateKey) { + switch (true) { + case $public instanceof EC\PublicKey: + $public = $public->getEncodedCoordinates(); + // fall-through + case is_string($public): + $point = $private->multiply($public); + switch ($private->getCurve()) { + case 'Curve25519': + case 'Curve448': + $secret = $point; + break; + default: + // according to https://www.secg.org/sec1-v2.pdf#page=33 only X is returned + $secret = substr($point, 1, (strlen($point) - 1) >> 1); + } + /* + if (($secret[0] & "\x80") === "\x80") { + $secret = "\0$secret"; + } + */ + return $secret; + default: + throw new InvalidArgumentException('$public needs to be an instance of EC\PublicKey or a string (an encoded coordinate)'); + } + } + } + + /** + * Load the key + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): AsymmetricKey + { + try { + return EC::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + return parent::load($key, $password); + } + + /** + * OnLoad Handler + * + * @return Parameters|PrivateKey|PublicKey + */ + protected static function onLoad(array $components) + { + if (!isset($components['privateKey']) && !isset($components['publicKey'])) { + $new = new Parameters(); + } else { + $new = isset($components['privateKey']) ? + new PrivateKey() : + new PublicKey(); + } + + $new->prime = $components['prime']; + $new->base = $components['base']; + + if (isset($components['privateKey'])) { + $new->privateKey = $components['privateKey']; + } + if (isset($components['publicKey'])) { + $new->publicKey = $components['publicKey']; + } + + return $new; + } + + /** + * Determines which hashing function should be used + */ + public function withHash(string $hash): AsymmetricKey + { + throw new UnsupportedOperationException('DH does not use a hash algorithm'); + } + + /** + * Returns the hash algorithm currently being used + */ + public function getHash(): Hash + { + throw new UnsupportedOperationException('DH does not use a hash algorithm'); + } + + /** + * Returns the parameters + * + * A public / private key is only returned if the currently loaded "key" contains an x or y + * value. + * + * @see self::getPublicKey() + */ + public function getParameters(): AsymmetricKey + { + $type = DH::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + $key = $type::saveParameters($this->prime, $this->base); + return DH::load($key, 'PKCS1'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Formats/Keys/PKCS1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..b134df9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Formats/Keys/PKCS1.php @@ -0,0 +1,76 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DH\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * "PKCS1" Formatted DH Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + + $components = ASN1::asn1map($decoded[0], Maps\DHParameter::MAP); + if (!is_array($components)) { + throw new RuntimeException('Unable to perform ASN1 mapping on parameters'); + } + + return $components; + } + + /** + * Convert EC parameters to the appropriate format + */ + public static function saveParameters(BigInteger $prime, BigInteger $base, array $options = []): string + { + $params = [ + 'prime' => $prime, + 'base' => $base, + ]; + $params = ASN1::encodeDER($params, Maps\DHParameter::MAP); + + return "-----BEGIN DH PARAMETERS-----\r\n" . + chunk_split(base64_encode($params), 64) . + "-----END DH PARAMETERS-----\r\n"; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Formats/Keys/PKCS8.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..d8cc31d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Formats/Keys/PKCS8.php @@ -0,0 +1,121 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DH\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted DH Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + public const OID_NAME = 'dhKeyAgreement'; + + /** + * OID Value + * + * @var string + */ + public const OID_VALUE = '1.2.840.113549.1.3.1'; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'privateKey' : 'publicKey'; + + $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element); + if (empty($decoded)) { + throw new RuntimeException('Unable to decode BER of parameters'); + } + $components = ASN1::asn1map($decoded[0], Maps\DHParameter::MAP); + if (!is_array($components)) { + throw new RuntimeException('Unable to perform ASN1 mapping on parameters'); + } + + $decoded = ASN1::decodeBER($key[$type]); + switch (true) { + case !isset($decoded): + case !isset($decoded[0]['content']): + case !$decoded[0]['content'] instanceof BigInteger: + throw new RuntimeException('Unable to decode BER of parameters'); + } + $components[$type] = $decoded[0]['content']; + + return $components; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $prime, BigInteger $base, BigInteger $privateKey, BigInteger $publicKey, ?string $password = null, array $options = []): string + { + $params = [ + 'prime' => $prime, + 'base' => $base, + ]; + $params = ASN1::encodeDER($params, Maps\DHParameter::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($privateKey, ['type' => ASN1::TYPE_INTEGER]); + return self::wrapPrivateKey($key, [], $params, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param array $options optional + */ + public static function savePublicKey(BigInteger $prime, BigInteger $base, BigInteger $publicKey, array $options = []): string + { + $params = [ + 'prime' => $prime, + 'base' => $base, + ]; + $params = ASN1::encodeDER($params, Maps\DHParameter::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($publicKey, ['type' => ASN1::TYPE_INTEGER]); + return self::wrapPublicKey($key, $params); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Parameters.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Parameters.php new file mode 100644 index 0000000..7e8106e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/Parameters.php @@ -0,0 +1,36 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DH; + +use phpseclib3\Crypt\DH; + +/** + * DH Parameters + * + * @author Jim Wigginton + */ +final class Parameters extends DH +{ + /** + * Returns the parameters + * + * @param array $options optional + */ + public function toString(string $type = 'PKCS1', array $options = []): string + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + return $type::saveParameters($this->prime, $this->base, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/PrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/PrivateKey.php new file mode 100644 index 0000000..30a783e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/PrivateKey.php @@ -0,0 +1,74 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DH; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DH; +use phpseclib3\Math\BigInteger; + +/** + * DH Private Key + * + * @author Jim Wigginton + */ +final class PrivateKey extends DH +{ + use Common\Traits\PasswordProtected; + + /** + * Private Key + * + * @var BigInteger + */ + protected $privateKey; + + /** + * Public Key + * + * @var BigInteger + */ + protected $publicKey; + + /** + * Returns the public key + */ + public function getPublicKey(): PublicKey + { + $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey'); + + if (!isset($this->publicKey)) { + $this->publicKey = $this->base->powMod($this->privateKey, $this->prime); + } + + $key = $type::savePublicKey($this->prime, $this->base, $this->publicKey); + + return DH::loadFormat('PKCS8', $key); + } + + /** + * Returns the private key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin('Keys', $type, 'savePrivateKey'); + + if (!isset($this->publicKey)) { + $this->publicKey = $this->base->powMod($this->privateKey, $this->prime); + } + + return $type::savePrivateKey($this->prime, $this->base, $this->privateKey, $this->publicKey, $this->password, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/PublicKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/PublicKey.php new file mode 100644 index 0000000..134b39a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DH/PublicKey.php @@ -0,0 +1,48 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DH; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DH; +use phpseclib3\Math\BigInteger; + +/** + * DH Public Key + * + * @author Jim Wigginton + */ +final class PublicKey extends DH +{ + use Common\Traits\Fingerprint; + + /** + * Returns the public key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + return $type::savePublicKey($this->prime, $this->base, $this->publicKey, $options); + } + + /** + * Returns the public key as a BigInteger + */ + public function toBigInteger(): BigInteger + { + return $this->publicKey; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA.php new file mode 100644 index 0000000..2175e44 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA.php @@ -0,0 +1,330 @@ + + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $signature = $private->sign($plaintext); + * + * echo $public->verify($plaintext, $signature) ? 'verified' : 'unverified'; + * ?> + * + * + * @author Jim Wigginton + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\DSA\Parameters; +use phpseclib3\Crypt\DSA\PrivateKey; +use phpseclib3\Crypt\DSA\PublicKey; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP FIPS 186-4 compliant implementation of DSA. + * + * @author Jim Wigginton + */ +abstract class DSA extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + public const ALGORITHM = 'DSA'; + + /** + * DSA Prime P + * + * @var BigInteger + */ + protected $p; + + /** + * DSA Group Order q + * + * Prime divisor of p-1 + * + * @var BigInteger + */ + protected $q; + + /** + * DSA Group Generator G + * + * @var BigInteger + */ + protected $g; + + /** + * DSA public key value y + * + * @var BigInteger + */ + protected $y; + + /** + * Signature Format + * + * @var string + */ + protected $sigFormat; + + /** + * Signature Format (Short) + * + * @var string + */ + protected $shortFormat; + + /** + * Create DSA parameters + * + * @return DSA|bool + */ + public static function createParameters(int $L = 2048, int $N = 224) + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createParameters() should not be called from final classes (' . static::class . ')'); + } + + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + switch (true) { + case $N == 160: + /* + in FIPS 186-1 and 186-2 N was fixed at 160 whereas K had an upper bound of 1024. + RFC 4253 (SSH Transport Layer Protocol) references FIPS 186-2 and as such most + SSH DSA implementations only support keys with an N of 160. + puttygen let's you set the size of L (but not the size of N) and uses 2048 as the + default L value. that's not really compliant with any of the FIPS standards, however, + for the purposes of maintaining compatibility with puttygen, we'll support it + */ + //case ($L >= 512 || $L <= 1024) && (($L & 0x3F) == 0) && $N == 160: + // FIPS 186-3 changed this as follows: + //case $L == 1024 && $N == 160: + case $L == 2048 && $N == 224: + case $L == 2048 && $N == 256: + case $L == 3072 && $N == 256: + break; + default: + throw new InvalidArgumentException('Invalid values for N and L'); + } + + $two = new BigInteger(2); + + $q = BigInteger::randomPrime($N); + $divisor = $q->multiply($two); + + do { + $x = BigInteger::random($L); + [, $c] = $x->divide($divisor); + $p = $x->subtract($c->subtract(self::$one)); + } while ($p->getLength() != $L || !$p->isPrime()); + + $p_1 = $p->subtract(self::$one); + [$e] = $p_1->divide($q); + + // quoting http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=50 , + // "h could be obtained from a random number generator or from a counter that + // changes after each use". PuTTY (sshdssg.c) starts h off at 1 and increments + // it on each loop. wikipedia says "commonly h = 2 is used" so we'll just do that + $h = clone $two; + while (true) { + $g = $h->powMod($e, $p); + if (!$g->equals(self::$one)) { + break; + } + $h = $h->add(self::$one); + } + + $dsa = new Parameters(); + $dsa->p = $p; + $dsa->q = $q; + $dsa->g = $g; + + return $dsa; + } + + /** + * Create public / private key pair. + * + * This method is a bit polymorphic. It can take a DSA/Parameters object, L / N as two distinct parameters or + * no parameters (at which point L and N will be generated with this method) + * + * Returns the private key, from which the publickey can be extracted + * + * @param int[] ...$args + */ + public static function createKey(...$args): PrivateKey + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + if (count($args) == 2 && is_int($args[0]) && is_int($args[1])) { + $params = self::createParameters($args[0], $args[1]); + } elseif (count($args) == 1 && $args[0] instanceof Parameters) { + $params = $args[0]; + } elseif (!count($args)) { + $params = self::createParameters(); + } else { + throw new InsufficientSetupException('Valid parameters are either two integers (L and N), a single DSA object or no parameters at all.'); + } + + $private = new PrivateKey(); + $private->p = $params->p; + $private->q = $params->q; + $private->g = $params->g; + + $private->x = BigInteger::randomRange(self::$one, $private->q->subtract(self::$one)); + $private->y = $private->g->powMod($private->x, $private->p); + + //$public = clone $private; + //unset($public->x); + + return $private + ->withHash($params->hash->getHash()) + ->withSignatureFormat($params->shortFormat); + } + + /** + * OnLoad Handler + * + * @return Parameters|PrivateKey|PublicKey + */ + protected static function onLoad(array $components) + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + if (!isset($components['x']) && !isset($components['y'])) { + $new = new Parameters(); + } elseif (isset($components['x'])) { + $new = new PrivateKey(); + $new->x = $components['x']; + } else { + $new = new PublicKey(); + } + + $new->p = $components['p']; + $new->q = $components['q']; + $new->g = $components['g']; + + if (isset($components['y'])) { + $new->y = $components['y']; + } + + return $new; + } + + /** + * Constructor + * + * PublicKey and PrivateKey objects can only be created from abstract RSA class + */ + protected function __construct() + { + $this->sigFormat = self::validatePlugin('Signature', 'ASN1'); + $this->shortFormat = 'ASN1'; + + parent::__construct(); + } + + /** + * Returns the key size + * + * More specifically, this L (the length of DSA Prime P) and N (the length of DSA Group Order q) + */ + public function getLength(): array + { + return ['L' => $this->p->getLength(), 'N' => $this->q->getLength()]; + } + + /** + * Returns the current engine being used + * + * @see self::useInternalEngine() + * @see self::useBestEngine() + */ + public function getEngine(): string + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + return self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods()) ? + 'OpenSSL' : 'PHP'; + } + + /** + * Returns the parameters + * + * A public / private key is only returned if the currently loaded "key" contains an x or y + * value. + * + * @see self::getPublicKey() + */ + public function getParameters() + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + $key = $type::saveParameters($this->p, $this->q, $this->g); + return DSA::load($key, 'PKCS1') + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + } + + /** + * Determines the signature padding mode + * + * Valid values are: ASN1, SSH2, Raw + */ + public function withSignatureFormat(string $format): DSA + { + $new = clone $this; + $new->shortFormat = $format; + $new->sigFormat = self::validatePlugin('Signature', $format); + return $new; + } + + /** + * Returns the signature format currently being used + */ + public function getSignatureFormat(): string + { + return $this->shortFormat; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..be295c0 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php @@ -0,0 +1,106 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\OpenSSH as Progenitor; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; + +/** + * OpenSSH Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH extends Progenitor +{ + /** + * Supported Key Types + * + * @var array + */ + protected static $types = ['ssh-dss']; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $parsed = parent::load($key, $password); + + if (isset($parsed['paddedKey'])) { + [$type] = Strings::unpackSSH2('s', $parsed['paddedKey']); + if ($type != $parsed['type']) { + throw new RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])"); + } + + [$p, $q, $g, $y, $x, $comment] = Strings::unpackSSH2('i5s', $parsed['paddedKey']); + + return compact('p', 'q', 'g', 'y', 'x', 'comment'); + } + + [$p, $q, $g, $y] = Strings::unpackSSH2('iiii', $parsed['publicKey']); + + $comment = $parsed['comment']; + + return compact('p', 'q', 'g', 'y', 'comment'); + } + + /** + * Convert a public key to the appropriate format + * + * @param array $options optional + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = []): string + { + if ($q->getLength() != 160) { + throw new InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160'); + } + + // from : + // string "ssh-dss" + // mpint p + // mpint q + // mpint g + // mpint y + $DSAPublicKey = Strings::packSSH2('siiii', 'ssh-dss', $p, $q, $g, $y); + + if ($options['binary'] ?? self::$binary) { + return $DSAPublicKey; + } + + $comment = $options['comment'] ?? self::$comment; + $DSAPublicKey = 'ssh-dss ' . base64_encode($DSAPublicKey) . ' ' . $comment; + + return $DSAPublicKey; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, ?string $password = null, array $options = []): string + { + $publicKey = self::savePublicKey($p, $q, $g, $y, ['binary' => true]); + $privateKey = Strings::packSSH2('si5', 'ssh-dss', $p, $q, $g, $y, $x); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..bd6d945 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php @@ -0,0 +1,127 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#1 Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + + $key = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP); + if (is_array($key)) { + return $key; + } + + $key = ASN1::asn1map($decoded[0], Maps\DSAPrivateKey::MAP); + if (is_array($key)) { + return $key; + } + + $key = ASN1::asn1map($decoded[0], Maps\DSAPublicKey::MAP); + if (is_array($key)) { + return $key; + } + + throw new RuntimeException('Unable to perform ASN1 mapping'); + } + + /** + * Convert DSA parameters to the appropriate format + */ + public static function saveParameters(BigInteger $p, BigInteger $q, BigInteger $g): string + { + $key = [ + 'p' => $p, + 'q' => $q, + 'g' => $g, + ]; + + $key = ASN1::encodeDER($key, Maps\DSAParams::MAP); + + return "-----BEGIN DSA PARAMETERS-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END DSA PARAMETERS-----\r\n"; + } + + /** + * Convert a private key to the appropriate format. + * + * @param string $password optional + * @param array $options optional + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, string $password = '', array $options = []): string + { + $key = [ + 'version' => 0, + 'p' => $p, + 'q' => $q, + 'g' => $g, + 'y' => $y, + 'x' => $x, + ]; + + $key = ASN1::encodeDER($key, Maps\DSAPrivateKey::MAP); + + return self::wrapPrivateKey($key, 'DSA', $password, $options); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string + { + $key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP); + + return self::wrapPublicKey($key, 'DSA'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..c5a0e03 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php @@ -0,0 +1,133 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + public const OID_NAME = 'id-dsa'; + + /** + * OID Value + * + * @var string + */ + public const OID_VALUE = '1.2.840.10040.4.1'; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'privateKey' : 'publicKey'; + + $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER of parameters'); + } + $components = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP); + if (!is_array($components)) { + throw new RuntimeException('Unable to perform ASN1 mapping on parameters'); + } + + $decoded = ASN1::decodeBER($key[$type]); + if (empty($decoded)) { + throw new RuntimeException('Unable to decode BER'); + } + + $var = $type == 'privateKey' ? 'x' : 'y'; + $components[$var] = ASN1::asn1map($decoded[0], Maps\DSAPublicKey::MAP); + if (!$components[$var] instanceof BigInteger) { + throw new RuntimeException('Unable to perform ASN1 mapping'); + } + + if (isset($key['meta'])) { + $components['meta'] = $key['meta']; + } + + return $components; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, ?string $password = null, array $options = []): string + { + $params = [ + 'p' => $p, + 'q' => $q, + 'g' => $g, + ]; + $params = ASN1::encodeDER($params, Maps\DSAParams::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($x, Maps\DSAPublicKey::MAP); + return self::wrapPrivateKey($key, [], $params, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param array $options optional + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = []): string + { + $params = [ + 'p' => $p, + 'q' => $q, + 'g' => $g, + ]; + $params = ASN1::encodeDER($params, Maps\DSAParams::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP); + return self::wrapPublicKey($key, $params); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..50f3856 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php @@ -0,0 +1,97 @@ + 160 kinda useless, hence this handlers not supporting such keys. + * + * PHP version 5 + * + * @author Jim Wigginton + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PuTTY as Progenitor; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Math\BigInteger; + +/** + * PuTTY Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY extends Progenitor +{ + /** + * Public Handler + * + * @var string + */ + public const PUBLIC_HANDLER = 'phpseclib3\Crypt\DSA\Formats\Keys\OpenSSH'; + + /** + * Algorithm Identifier + * + * @var array + */ + protected static $types = ['ssh-dss']; + + /** + * Break a public or private key down into its constituent components + * + * @param array|string $key + * @param string|false $password + * @return array|false + */ + public static function load($key, $password) + { + $components = parent::load($key, $password); + if (!isset($components['private'])) { + return $components; + } + extract($components); + unset($components['public'], $components['private']); + + [$p, $q, $g, $y] = Strings::unpackSSH2('iiii', $public); + [$x] = Strings::unpackSSH2('i', $private); + + return compact('p', 'q', 'g', 'y', 'x', 'comment'); + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, ?string $password = null, array $options = []): string + { + if ($q->getLength() != 160) { + throw new InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160'); + } + + $public = Strings::packSSH2('iiii', $p, $q, $g, $y); + $private = Strings::packSSH2('i', $x); + + return self::wrapPrivateKey($public, $private, 'ssh-dss', $password, $options); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string + { + if ($q->getLength() != 160) { + throw new InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160'); + } + + return self::wrapPublicKey(Strings::packSSH2('iiii', $p, $q, $g, $y), 'ssh-dss'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/Raw.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/Raw.php new file mode 100644 index 0000000..3013199 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/Raw.php @@ -0,0 +1,74 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; + +/** + * Raw DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class Raw +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + if (!is_array($key)) { + throw new UnexpectedValueException('Key should be a array - not a ' . gettype($key)); + } + + switch (true) { + case !isset($key['p']) || !isset($key['q']) || !isset($key['g']): + case !$key['p'] instanceof BigInteger: + case !$key['q'] instanceof BigInteger: + case !$key['g'] instanceof BigInteger: + case !isset($key['x']) && !isset($key['y']): + case isset($key['x']) && !$key['x'] instanceof BigInteger: + case isset($key['y']) && !$key['y'] instanceof BigInteger: + throw new UnexpectedValueException('Key appears to be malformed'); + } + + $options = ['p' => 1, 'q' => 1, 'g' => 1, 'x' => 1, 'y' => 1]; + + return array_intersect_key($key, $options); + } + + /** + * Convert a private key to the appropriate format. + * + * @param string $password optional + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, string $password = ''): string + { + return compact('p', 'q', 'g', 'y', 'x'); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string + { + return compact('p', 'q', 'g', 'y'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/XML.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/XML.php new file mode 100644 index 0000000..41a2088 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Keys/XML.php @@ -0,0 +1,125 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; + +/** + * XML Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class XML +{ + /** + * Break a public or private key down into its constituent components + */ + public static function load(string $key, ?string $password = null): array + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (!class_exists('DOMDocument')) { + throw new BadConfigurationException('The dom extension is not setup correctly on this system'); + } + + $use_errors = libxml_use_internal_errors(true); + + $dom = new \DOMDocument(); + if (substr($key, 0, 5) != '' . $key . ''; + } + if (!$dom->loadXML($key)) { + libxml_use_internal_errors($use_errors); + throw new UnexpectedValueException('Key does not appear to contain XML'); + } + $xpath = new \DOMXPath($dom); + $keys = ['p', 'q', 'g', 'y', 'j', 'seed', 'pgencounter']; + foreach ($keys as $key) { + // $dom->getElementsByTagName($key) is case-sensitive + $temp = $xpath->query("//*[translate(local-name(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='$key']"); + if (!$temp->length) { + continue; + } + $value = new BigInteger(Strings::base64_decode($temp->item(0)->nodeValue), 256); + switch ($key) { + case 'p': // a prime modulus meeting the [DSS] requirements + // Parameters P, Q, and G can be public and common to a group of users. They might be known + // from application context. As such, they are optional but P and Q must either both appear + // or both be absent + $components['p'] = $value; + break; + case 'q': // an integer in the range 2**159 < Q < 2**160 which is a prime divisor of P-1 + $components['q'] = $value; + break; + case 'g': // an integer with certain properties with respect to P and Q + $components['g'] = $value; + break; + case 'y': // G**X mod P (where X is part of the private key and not made public) + $components['y'] = $value; + // the remaining options do not do anything + case 'j': // (P - 1) / Q + // Parameter J is available for inclusion solely for efficiency as it is calculatable from + // P and Q + case 'seed': // a DSA prime generation seed + // Parameters seed and pgenCounter are used in the DSA prime number generation algorithm + // specified in [DSS]. As such, they are optional but must either both be present or both + // be absent + case 'pgencounter': // a DSA prime generation counter + } + } + + libxml_use_internal_errors($use_errors); + + if (!isset($components['y'])) { + throw new UnexpectedValueException('Key is missing y component'); + } + + switch (true) { + case !isset($components['p']): + case !isset($components['q']): + case !isset($components['g']): + return ['y' => $components['y']]; + } + + return $components; + } + + /** + * Convert a public key to the appropriate format + * + * See https://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string + { + return "\r\n" . + '

' . Strings::base64_encode($p->toBytes()) . "

\r\n" . + ' ' . Strings::base64_encode($q->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($g->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($y->toBytes()) . "\r\n" . + ''; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/ASN1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/ASN1.php new file mode 100644 index 0000000..99a50c0 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/ASN1.php @@ -0,0 +1,59 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Signature; + +use phpseclib3\File\ASN1 as Encoder; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * ASN1 Signature Handler + * + * @author Jim Wigginton + */ +abstract class ASN1 +{ + /** + * Loads a signature + * + * @return array|bool + */ + public static function load(string $sig) + { + if (!is_string($sig)) { + return false; + } + + $decoded = Encoder::decodeBER($sig); + if (empty($decoded)) { + return false; + } + $components = Encoder::asn1map($decoded[0], Maps\DssSigValue::MAP); + + return $components; + } + + /** + * Returns a signature in the appropriate format + */ + public static function save(BigInteger $r, BigInteger $s): string + { + return Encoder::encodeDER(compact('r', 's'), Maps\DssSigValue::MAP); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/Raw.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/Raw.php new file mode 100644 index 0000000..205ba71 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/Raw.php @@ -0,0 +1,27 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Signature; + +use phpseclib3\Crypt\Common\Formats\Signature\Raw as Progenitor; + +/** + * Raw DSA Signature Handler + * + * @author Jim Wigginton + */ +abstract class Raw extends Progenitor +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/SSH2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/SSH2.php new file mode 100644 index 0000000..5d1ba36 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Formats/Signature/SSH2.php @@ -0,0 +1,71 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA\Formats\Signature; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BigInteger; + +/** + * SSH2 Signature Handler + * + * @author Jim Wigginton + */ +abstract class SSH2 +{ + /** + * Loads a signature + */ + public static function load(string $sig) + { + if (!is_string($sig)) { + return false; + } + + $result = Strings::unpackSSH2('ss', $sig); + if ($result === false) { + return false; + } + [$type, $blob] = $result; + if ($type != 'ssh-dss' || strlen($blob) != 40) { + return false; + } + + return [ + 'r' => new BigInteger(substr($blob, 0, 20), 256), + 's' => new BigInteger(substr($blob, 20), 256), + ]; + } + + /** + * Returns a signature in the appropriate format + * + * @return string + */ + public static function save(BigInteger $r, BigInteger $s) + { + if ($r->getLength() > 160 || $s->getLength() > 160) { + return false; + } + return Strings::packSSH2( + 'ss', + 'ssh-dss', + str_pad($r->toBytes(), 20, "\0", STR_PAD_LEFT) . + str_pad($s->toBytes(), 20, "\0", STR_PAD_LEFT) + ); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Parameters.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Parameters.php new file mode 100644 index 0000000..243f0de --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/Parameters.php @@ -0,0 +1,36 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA; + +use phpseclib3\Crypt\DSA; + +/** + * DSA Parameters + * + * @author Jim Wigginton + */ +final class Parameters extends DSA +{ + /** + * Returns the parameters + * + * @param array $options optional + */ + public function toString(string $type = 'PKCS1', array $options = []): string + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + return $type::saveParameters($this->p, $this->q, $this->g, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/PrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/PrivateKey.php new file mode 100644 index 0000000..e781963 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/PrivateKey.php @@ -0,0 +1,150 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\DSA\Formats\Signature\ASN1 as ASN1Signature; +use phpseclib3\Math\BigInteger; + +/** + * DSA Private Key + * + * @author Jim Wigginton + */ +final class PrivateKey extends DSA implements Common\PrivateKey +{ + use Common\Traits\PasswordProtected; + + /** + * DSA secret exponent x + * + * @var BigInteger + */ + protected $x; + + /** + * Returns the public key + * + * If you do "openssl rsa -in private.rsa -pubout -outform PEM" you get a PKCS8 formatted key + * that contains a publicKeyAlgorithm AlgorithmIdentifier and a publicKey BIT STRING. + * An AlgorithmIdentifier contains an OID and a parameters field. With RSA public keys this + * parameters field is NULL. With DSA PKCS8 public keys it is not - it contains the p, q and g + * variables. The publicKey BIT STRING contains, simply, the y variable. This can be verified + * by getting a DSA PKCS8 public key: + * + * "openssl dsa -in private.dsa -pubout -outform PEM" + * + * ie. just swap out rsa with dsa in the rsa command above. + * + * A PKCS1 public key corresponds to the publicKey portion of the PKCS8 key. In the case of RSA + * the publicKey portion /is/ the key. In the case of DSA it is not. You cannot verify a signature + * without the parameters and the PKCS1 DSA public key format does not include the parameters. + * + * @see self::getPrivateKey() + */ + public function getPublicKey() + { + $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey'); + + if (!isset($this->y)) { + $this->y = $this->g->powMod($this->x, $this->p); + } + + $key = $type::savePublicKey($this->p, $this->q, $this->g, $this->y); + + return DSA::loadFormat('PKCS8', $key) + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + } + + /** + * Create a signature + * + * @see self::verify() + * @param string $message + */ + public function sign($message): string + { + $format = $this->sigFormat; + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $signature = ''; + $result = openssl_sign($message, $signature, $this->toString('PKCS8'), $this->hash->getHash()); + + if ($result) { + if ($this->shortFormat == 'ASN1') { + return $signature; + } + + extract(ASN1Signature::load($signature)); + + return $format::save($r, $s); + } + } + + $h = $this->hash->hash($message); + $h = $this->bits2int($h); + + while (true) { + $k = BigInteger::randomRange(self::$one, $this->q->subtract(self::$one)); + $r = $this->g->powMod($k, $this->p); + [, $r] = $r->divide($this->q); + if ($r->equals(self::$zero)) { + continue; + } + $kinv = $k->modInverse($this->q); + $temp = $h->add($this->x->multiply($r)); + $temp = $kinv->multiply($temp); + [, $s] = $temp->divide($this->q); + if (!$s->equals(self::$zero)) { + break; + } + } + + // the following is an RFC6979 compliant implementation of deterministic DSA + // it's unused because it's mainly intended for use when a good CSPRNG isn't + // available. if phpseclib's CSPRNG isn't good then even key generation is + // suspect + /* + $h1 = $this->hash->hash($message); + $k = $this->computek($h1); + $r = $this->g->powMod($k, $this->p); + list(, $r) = $r->divide($this->q); + $kinv = $k->modInverse($this->q); + $h1 = $this->bits2int($h1); + $temp = $h1->add($this->x->multiply($r)); + $temp = $kinv->multiply($temp); + list(, $s) = $temp->divide($this->q); + */ + + return $format::save($r, $s); + } + + /** + * Returns the private key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin('Keys', $type, 'savePrivateKey'); + + if (!isset($this->y)) { + $this->y = $this->g->powMod($this->x, $this->p); + } + + return $type::savePrivateKey($this->p, $this->q, $this->g, $this->y, $this->x, $this->password, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/PublicKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/PublicKey.php new file mode 100644 index 0000000..77dc8f4 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/DSA/PublicKey.php @@ -0,0 +1,85 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\DSA; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\DSA\Formats\Signature\ASN1 as ASN1Signature; + +/** + * DSA Public Key + * + * @author Jim Wigginton + */ +final class PublicKey extends DSA implements Common\PublicKey +{ + use Common\Traits\Fingerprint; + + /** + * Verify a signature + * + * @see self::verify() + * @param string $message + * @param string $signature + */ + public function verify($message, $signature): bool + { + $format = $this->sigFormat; + + $params = $format::load($signature); + if ($params === false || count($params) != 2) { + return false; + } + extract($params); + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $sig = $format != 'ASN1' ? ASN1Signature::save($r, $s) : $signature; + + $result = openssl_verify($message, $sig, $this->toString('PKCS8'), $this->hash->getHash()); + + if ($result != -1) { + return (bool) $result; + } + } + + $q_1 = $this->q->subtract(self::$one); + if (!$r->between(self::$one, $q_1) || !$s->between(self::$one, $q_1)) { + return false; + } + + $w = $s->modInverse($this->q); + $h = $this->hash->hash($message); + $h = $this->bits2int($h); + [, $u1] = $h->multiply($w)->divide($this->q); + [, $u2] = $r->multiply($w)->divide($this->q); + $v1 = $this->g->powMod($u1, $this->p); + $v2 = $this->y->powMod($u2, $this->p); + [, $v] = $v1->multiply($v2)->divide($this->p); + [, $v] = $v->divide($this->q); + + return $v->equals($r); + } + + /** + * Returns the public key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + return $type::savePublicKey($this->p, $this->q, $this->g, $this->y, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC.php new file mode 100644 index 0000000..e5832a5 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC.php @@ -0,0 +1,470 @@ + + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $signature = $private->sign($plaintext); + * + * echo $public->verify($plaintext, $signature) ? 'verified' : 'unverified'; + * ?> + * + * + * @author Jim Wigginton + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\EC\BaseCurves\Base; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Curves\Ed448; +use phpseclib3\Crypt\EC\Formats\Keys\PKCS1; +use phpseclib3\Crypt\EC\Parameters; +use phpseclib3\Crypt\EC\PrivateKey; +use phpseclib3\Crypt\EC\PublicKey; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps\ECParameters; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP implementation of EC. + * + * @author Jim Wigginton + */ +abstract class EC extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + public const ALGORITHM = 'EC'; + + /** + * Public Key QA + * + * @var object[] + */ + protected $QA; + + /** + * Curve + * + * @var Base + */ + protected $curve; + + /** + * Signature Format + * + * @var string + */ + protected $format; + + /** + * Signature Format (Short) + * + * @var string + */ + protected $shortFormat; + + /** + * Curve Name + * + * @var string + */ + private $curveName; + + /** + * Curve Order + * + * Used for deterministic ECDSA + * + * @var BigInteger + */ + protected $q; + + /** + * Alias for the private key + * + * Used for deterministic ECDSA. AsymmetricKey expects $x. I don't like x because + * with x you have x * the base point yielding an (x, y)-coordinate that is the + * public key. But the x is different depending on which side of the equal sign + * you're on. It's less ambiguous if you do dA * base point = (x, y)-coordinate. + * + * @var BigInteger + */ + protected $x; + + /** + * Context + * + * @var string + */ + protected $context; + + /** + * Signature Format + * + * @var string + */ + protected $sigFormat; + + /** + * Create public / private key pair. + */ + public static function createKey(string $curve): PrivateKey + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + $curve = strtolower($curve); + if (self::$engines['libsodium'] && $curve == 'ed25519' && function_exists('sodium_crypto_sign_keypair')) { + $kp = sodium_crypto_sign_keypair(); + + $privatekey = EC::loadFormat('libsodium', sodium_crypto_sign_secretkey($kp)); + //$publickey = EC::loadFormat('libsodium', sodium_crypto_sign_publickey($kp)); + + $privatekey->curveName = 'Ed25519'; + //$publickey->curveName = $curve; + + return $privatekey; + } + + $privatekey = new PrivateKey(); + + $curveName = $curve; + if (preg_match('#(?:^curve|^ed)\d+$#', $curveName)) { + $curveName = ucfirst($curveName); + } elseif (substr($curveName, 0, 10) == 'brainpoolp') { + $curveName = 'brainpoolP' . substr($curveName, 10); + } + $curve = '\phpseclib3\Crypt\EC\Curves\\' . $curveName; + + if (!class_exists($curve)) { + throw new UnsupportedCurveException('Named Curve of ' . $curveName . ' is not supported'); + } + + $reflect = new \ReflectionClass($curve); + $curveName = $reflect->isFinal() ? + $reflect->getParentClass()->getShortName() : + $reflect->getShortName(); + + $curve = new $curve(); + if ($curve instanceof TwistedEdwardsCurve) { + $arr = $curve->extractSecret(Random::string($curve instanceof Ed448 ? 57 : 32)); + $privatekey->dA = $dA = $arr['dA']; + $privatekey->secret = $arr['secret']; + } else { + $privatekey->dA = $dA = $curve->createRandomMultiplier(); + } + if ($curve instanceof Curve25519 && self::$engines['libsodium']) { + //$r = pack('H*', '0900000000000000000000000000000000000000000000000000000000000000'); + //$QA = sodium_crypto_scalarmult($dA->toBytes(), $r); + $QA = sodium_crypto_box_publickey_from_secretkey($dA->toBytes()); + $privatekey->QA = [$curve->convertInteger(new BigInteger(strrev($QA), 256))]; + } else { + $privatekey->QA = $curve->multiplyPoint($curve->getBasePoint(), $dA); + } + $privatekey->curve = $curve; + + //$publickey = clone $privatekey; + //unset($publickey->dA); + //unset($publickey->x); + + $privatekey->curveName = $curveName; + //$publickey->curveName = $curveName; + + if ($privatekey->curve instanceof TwistedEdwardsCurve) { + return $privatekey->withHash($curve::HASH); + } + + return $privatekey; + } + + /** + * OnLoad Handler + * + * @return AsymmetricKey|Parameters|PrivateKey|PublicKey + */ + protected static function onLoad(array $components) + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + if (!isset($components['dA']) && !isset($components['QA'])) { + $new = new Parameters(); + $new->curve = $components['curve']; + return $new; + } + + $new = isset($components['dA']) ? + new PrivateKey() : + new PublicKey(); + $new->curve = $components['curve']; + $new->QA = $components['QA']; + + if (isset($components['dA'])) { + $new->dA = $components['dA']; + $new->secret = $components['secret']; + } + + if ($new->curve instanceof TwistedEdwardsCurve) { + return $new->withHash($components['curve']::HASH); + } + + return $new; + } + + /** + * Constructor + * + * PublicKey and PrivateKey objects can only be created from abstract RSA class + */ + protected function __construct() + { + $this->sigFormat = self::validatePlugin('Signature', 'ASN1'); + $this->shortFormat = 'ASN1'; + + parent::__construct(); + } + + /** + * Returns the curve + * + * Returns a string if it's a named curve, an array if not + * + * @return string|array + */ + public function getCurve() + { + if ($this->curveName) { + return $this->curveName; + } + + if ($this->curve instanceof MontgomeryCurve) { + $this->curveName = $this->curve instanceof Curve25519 ? 'Curve25519' : 'Curve448'; + return $this->curveName; + } + + if ($this->curve instanceof TwistedEdwardsCurve) { + $this->curveName = $this->curve instanceof Ed25519 ? 'Ed25519' : 'Ed448'; + return $this->curveName; + } + + $params = $this->getParameters()->toString('PKCS8', ['namedCurve' => true]); + $decoded = ASN1::extractBER($params); + $decoded = ASN1::decodeBER($decoded); + $decoded = ASN1::asn1map($decoded[0], ECParameters::MAP); + if (isset($decoded['namedCurve'])) { + $this->curveName = $decoded['namedCurve']; + return $decoded['namedCurve']; + } + + if (!$namedCurves) { + PKCS1::useSpecifiedCurve(); + } + + return $decoded; + } + + /** + * Returns the key size + * + * Quoting https://tools.ietf.org/html/rfc5656#section-2, + * + * "The size of a set of elliptic curve domain parameters on a prime + * curve is defined as the number of bits in the binary representation + * of the field order, commonly denoted by p. Size on a + * characteristic-2 curve is defined as the number of bits in the binary + * representation of the field, commonly denoted by m. A set of + * elliptic curve domain parameters defines a group of order n generated + * by a base point P" + */ + public function getLength(): int + { + return $this->curve->getLength(); + } + + /** + * Returns the current engine being used + * + * @see self::useInternalEngine() + * @see self::useBestEngine() + */ + public function getEngine(): string + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + if ($this->curve instanceof TwistedEdwardsCurve) { + return $this->curve instanceof Ed25519 && self::$engines['libsodium'] && !isset($this->context) ? + 'libsodium' : 'PHP'; + } + + return self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods()) ? + 'OpenSSL' : 'PHP'; + } + + /** + * Returns the public key coordinates as a string + * + * Used by ECDH + */ + public function getEncodedCoordinates(): string + { + if ($this->curve instanceof MontgomeryCurve) { + return strrev($this->QA[0]->toBytes(true)); + } + if ($this->curve instanceof TwistedEdwardsCurve) { + return $this->curve->encodePoint($this->QA); + } + return "\4" . $this->QA[0]->toBytes(true) . $this->QA[1]->toBytes(true); + } + + /** + * Returns the parameters + * + * @param string $type optional + * @see self::getPublicKey() + */ + public function getParameters(string $type = 'PKCS1') + { + $type = self::validatePlugin('Keys', $type, 'saveParameters'); + + $key = $type::saveParameters($this->curve); + + return EC::load($key, 'PKCS1') + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + } + + /** + * Determines the signature padding mode + * + * Valid values are: ASN1, SSH2, Raw + */ + public function withSignatureFormat(string $format): EC + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + + $new = clone $this; + $new->shortFormat = $format; + $new->sigFormat = self::validatePlugin('Signature', $format); + return $new; + } + + /** + * Returns the signature format currently being used + */ + public function getSignatureFormat(): string + { + return $this->shortFormat; + } + + /** + * Sets the context + * + * Used by Ed25519 / Ed448. + * + * @param string|null $context optional + * @see self::verify() + * @see self::sign() + */ + public function withContext(?string $context = null): EC + { + if (!$this->curve instanceof TwistedEdwardsCurve) { + throw new UnsupportedCurveException('Only Ed25519 and Ed448 support contexts'); + } + + $new = clone $this; + if (!isset($context)) { + $new->context = null; + return $new; + } + if (!is_string($context)) { + throw new InvalidArgumentException('setContext expects a string'); + } + if (strlen($context) > 255) { + throw new LengthException('The context is supposed to be, at most, 255 bytes long'); + } + $new->context = $context; + return $new; + } + + /** + * Returns the signature format currently being used + */ + public function getContext(): string + { + return $this->context; + } + + /** + * Determines which hashing function should be used + */ + public function withHash(string $hash): AsymmetricKey + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + if ($this->curve instanceof Ed25519 && $hash != 'sha512') { + throw new UnsupportedAlgorithmException('Ed25519 only supports sha512 as a hash'); + } + if ($this->curve instanceof Ed448 && $hash != 'shake256-912') { + throw new UnsupportedAlgorithmException('Ed448 only supports shake256 with a length of 114 bytes'); + } + + return parent::withHash($hash); + } + + /** + * __toString() magic method + * + * @return string + */ + public function __toString() + { + if ($this->curve instanceof MontgomeryCurve) { + return ''; + } + + return parent::__toString(); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Base.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Base.php new file mode 100644 index 0000000..4e46426 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Base.php @@ -0,0 +1,217 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Exception\RangeException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\FiniteField\Integer; + +/** + * Base + * + * @author Jim Wigginton + */ +abstract class Base +{ + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Finite Field Integer factory + * + * @var Integer + */ + protected $factory; + + /** + * Returns a random integer + * + * @return object + */ + public function randomInteger() + { + return $this->factory->randomInteger(); + } + + /** + * Converts a BigInteger to a \phpseclib3\Math\FiniteField\Integer integer + * + * @return object + */ + public function convertInteger(BigInteger $x) + { + return $this->factory->newInteger($x); + } + + /** + * Returns the length, in bytes, of the modulo + * + * @return Integer + */ + public function getLengthInBytes(): int + { + return $this->factory->getLengthInBytes(); + } + + /** + * Returns the length, in bits, of the modulo + * + * @return Integer + */ + public function getLength(): int + { + return $this->factory->getLength(); + } + + /** + * Multiply a point on the curve by a scalar + * + * Uses the montgomery ladder technique as described here: + * + * https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder + * https://github.com/phpecc/phpecc/issues/16#issuecomment-59176772 + */ + public function multiplyPoint(array $p, BigInteger $d): array + { + $alreadyInternal = isset($p[2]); + $r = $alreadyInternal ? + [[], $p] : + [[], $this->convertToInternal($p)]; + + $d = $d->toBits(); + for ($i = 0; $i < strlen($d); $i++) { + $d_i = (int) $d[$i]; + $r[1 - $d_i] = $this->addPoint($r[0], $r[1]); + $r[$d_i] = $this->doublePoint($r[$d_i]); + } + + return $alreadyInternal ? $r[0] : $this->convertToAffine($r[0]); + } + + /** + * Creates a random scalar multiplier + */ + public function createRandomMultiplier(): BigInteger + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + return BigInteger::randomRange($one, $this->order->subtract($one)); + } + + /** + * Performs range check + */ + public function rangeCheck(BigInteger $x): void + { + static $zero; + if (!isset($zero)) { + $zero = new BigInteger(); + } + + if (!isset($this->order)) { + throw new RuntimeException('setOrder needs to be called before this method'); + } + if ($x->compare($this->order) > 0 || $x->compare($zero) <= 0) { + throw new RangeException('x must be between 1 and the order of the curve'); + } + } + + /** + * Sets the Order + */ + public function setOrder(BigInteger $order): void + { + $this->order = $order; + } + + /** + * Returns the Order + */ + public function getOrder(): BigInteger + { + return $this->order; + } + + /** + * Use a custom defined modular reduction function + * + * @return object + */ + public function setReduction(callable $func) + { + $this->factory->setReduction($func); + } + + /** + * Returns the affine point + * + * @return object[] + */ + public function convertToAffine(array $p): array + { + return $p; + } + + /** + * Converts an affine point to a jacobian coordinate + * + * @return object[] + */ + public function convertToInternal(array $p): array + { + return $p; + } + + /** + * Negates a point + * + * @return object[] + */ + public function negatePoint(array $p): array + { + $temp = [ + $p[0], + $p[1]->negate(), + ]; + if (isset($p[2])) { + $temp[] = $p[2]; + } + return $temp; + } + + /** + * Multiply and Add Points + * + * @return int[] + */ + public function multiplyAddPoints(array $points, array $scalars): array + { + $p1 = $this->convertToInternal($points[0]); + $p2 = $this->convertToInternal($points[1]); + $p1 = $this->multiplyPoint($p1, $scalars[0]); + $p2 = $this->multiplyPoint($p2, $scalars[1]); + $r = $this->addPoint($p1, $p2); + return $this->convertToAffine($r); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Binary.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Binary.php new file mode 100644 index 0000000..09100a3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Binary.php @@ -0,0 +1,371 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\BinaryField; +use phpseclib3\Math\BinaryField\Integer as BinaryInteger; +use phpseclib3\Math\PrimeField\Integer; + +/** + * Curves over y^2 + x*y = x^3 + a*x^2 + b + * + * @author Jim Wigginton + */ +class Binary extends Base +{ + /** + * Binary Field Integer factory + * + * @var BinaryField + */ + protected $factory; + + /** + * Cofficient for x^1 + * + * @var object + */ + protected $a; + + /** + * Cofficient for x^0 + * + * @var object + */ + protected $b; + + /** + * Base Point + * + * @var object + */ + protected $p; + + /** + * The number one over the specified finite field + * + * @var object + */ + protected $one; + + /** + * The modulo + * + * @var array + */ + protected $modulo; + + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Sets the modulo + */ + public function setModulo(int ...$modulo): void + { + $this->modulo = $modulo; + $this->factory = new BinaryField(...$modulo); + + $this->one = $this->factory->newInteger("\1"); + } + + /** + * Set coefficients a and b + */ + public function setCoefficients(string $a, string $b): void + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger(pack('H*', $a)); + $this->b = $this->factory->newInteger(pack('H*', $b)); + } + + /** + * Set x and y coordinates for the base point + * + * @param string|BinaryInteger $x + * @param string|BinaryInteger $y + */ + public function setBasePoint($x, $y): void + { + switch (true) { + case !is_string($x) && !$x instanceof BinaryInteger: + throw new UnexpectedValueException('Argument 1 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer'); + case !is_string($y) && !$y instanceof BinaryInteger: + throw new UnexpectedValueException('Argument 2 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer'); + } + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + is_string($x) ? $this->factory->newInteger(pack('H*', $x)) : $x, + is_string($y) ? $this->factory->newInteger(pack('H*', $y)) : $y, + ]; + } + + /** + * Retrieve the base point as an array + * + * @return array + */ + public function getBasePoint() + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + if (!isset($p[2]) || !isset($q[2])) { + throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + return !$p[1]->equals($q[1]) ? [] : $this->doublePoint($p); + } + + // formulas from http://hyperelliptic.org/EFD/g12o/auto-shortw-jacobian.html + + [$x1, $y1, $z1] = $p; + [$x2, $y2, $z2] = $q; + + $o1 = $z1->multiply($z1); + $b = $x2->multiply($o1); + + if ($z2->equals($this->one)) { + $d = $y2->multiply($o1)->multiply($z1); + $e = $x1->add($b); + $f = $y1->add($d); + $z3 = $e->multiply($z1); + $h = $f->multiply($x2)->add($z3->multiply($y2)); + $i = $f->add($z3); + $g = $z3->multiply($z3); + $p1 = $this->a->multiply($g); + $p2 = $f->multiply($i); + $p3 = $e->multiply($e)->multiply($e); + $x3 = $p1->add($p2)->add($p3); + $y3 = $i->multiply($x3)->add($g->multiply($h)); + + return [$x3, $y3, $z3]; + } + + $o2 = $z2->multiply($z2); + $a = $x1->multiply($o2); + $c = $y1->multiply($o2)->multiply($z2); + $d = $y2->multiply($o1)->multiply($z1); + $e = $a->add($b); + $f = $c->add($d); + $g = $e->multiply($z1); + $h = $f->multiply($x2)->add($g->multiply($y2)); + $z3 = $g->multiply($z2); + $i = $f->add($z3); + $p1 = $this->a->multiply($z3->multiply($z3)); + $p2 = $f->multiply($i); + $p3 = $e->multiply($e)->multiply($e); + $x3 = $p1->add($p2)->add($p3); + $y3 = $i->multiply($x3)->add($g->multiply($g)->multiply($h)); + + return [$x3, $y3, $z3]; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + if (!isset($p[2])) { + throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + // formulas from http://hyperelliptic.org/EFD/g12o/auto-shortw-jacobian.html + + [$x1, $y1, $z1] = $p; + + $a = $x1->multiply($x1); + $b = $a->multiply($a); + + if ($z1->equals($this->one)) { + $x3 = $b->add($this->b); + $z3 = clone $x1; + $p1 = $a->add($y1)->add($z3)->multiply($this->b); + $p2 = $a->add($y1)->multiply($b); + $y3 = $p1->add($p2); + + return [$x3, $y3, $z3]; + } + + $c = $z1->multiply($z1); + $d = $c->multiply($c); + $x3 = $b->add($this->b->multiply($d->multiply($d))); + $z3 = $x1->multiply($c); + $p1 = $b->multiply($z3); + $p2 = $a->add($y1->multiply($z1))->add($z3)->multiply($x3); + $y3 = $p1->add($p2); + + return [$x3, $y3, $z3]; + } + + /** + * Returns the X coordinate and the derived Y coordinate + * + * Not supported because it is covered by patents. + * Quoting https://www.openssl.org/docs/man1.1.0/apps/ecparam.html , + * + * "Due to patent issues the compressed option is disabled by default for binary curves + * and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at + * compile time." + */ + public function derivePoint($m): array + { + throw new RuntimeException('Point compression on binary finite field elliptic curves is not supported'); + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p): bool + { + [$x, $y] = $p; + $lhs = $y->multiply($y); + $lhs = $lhs->add($x->multiply($y)); + $x2 = $x->multiply($x); + $x3 = $x2->multiply($x); + $rhs = $x3->add($this->a->multiply($x2))->add($this->b); + + return $lhs->equals($rhs); + } + + /** + * Returns the modulo + */ + public function getModulo(): array + { + return $this->modulo; + } + + /** + * Returns the a coefficient + * + * @return Integer + */ + public function getA() + { + return $this->a; + } + + /** + * Returns the a coefficient + * + * @return Integer + */ + public function getB() + { + return $this->b; + } + + /** + * Returns the affine point + * + * A Jacobian Coordinate is of the form (x, y, z). + * To convert a Jacobian Coordinate to an Affine Point + * you do (x / z^2, y / z^3) + * + * @return Integer[] + */ + public function convertToAffine(array $p): array + { + if (!isset($p[2])) { + return $p; + } + [$x, $y, $z] = $p; + $z = $this->one->divide($z); + $z2 = $z->multiply($z); + return [ + $x->multiply($z2), + $y->multiply($z2)->multiply($z), + ]; + } + + /** + * Converts an affine point to a jacobian coordinate + * + * @return Integer[] + */ + public function convertToInternal(array $p): array + { + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + $p['fresh'] = true; + return $p; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/KoblitzPrime.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/KoblitzPrime.php new file mode 100644 index 0000000..81a24c6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/KoblitzPrime.php @@ -0,0 +1,335 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; + +/** + * Curves over y^2 = x^3 + b + * + * @author Jim Wigginton + */ +class KoblitzPrime extends Prime +{ + /** + * Basis + * + * @var list + */ + public $basis; + + /** + * Beta + * + * @var PrimeField\Integer + */ + public $beta; + + // don't overwrite setCoefficients() with one that only accepts one parameter so that + // one might be able to switch between KoblitzPrime and Prime more easily (for benchmarking + // purposes). + + /** + * Multiply and Add Points + * + * Uses a efficiently computable endomorphism to achieve a slight speedup + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/curve/short.js#L219 + * + * @return int[] + */ + public function multiplyAddPoints(array $points, array $scalars): array + { + static $zero, $one, $two; + if (!isset($two)) { + $two = new BigInteger(2); + $one = new BigInteger(1); + } + + if (!isset($this->beta)) { + // get roots + $inv = $this->one->divide($this->two)->negate(); + $s = $this->three->negate()->squareRoot()->multiply($inv); + $betas = [ + $inv->add($s), + $inv->subtract($s), + ]; + $this->beta = $betas[0]->compare($betas[1]) < 0 ? $betas[0] : $betas[1]; + //echo strtoupper($this->beta->toHex(true)) . "\n"; exit; + } + + if (!isset($this->basis)) { + $factory = new PrimeField($this->order); + $tempOne = $factory->newInteger($one); + $tempTwo = $factory->newInteger($two); + $tempThree = $factory->newInteger(new BigInteger(3)); + + $inv = $tempOne->divide($tempTwo)->negate(); + $s = $tempThree->negate()->squareRoot()->multiply($inv); + + $lambdas = [ + $inv->add($s), + $inv->subtract($s), + ]; + + $lhs = $this->multiplyPoint($this->p, $lambdas[0])[0]; + $rhs = $this->p[0]->multiply($this->beta); + $lambda = $lhs->equals($rhs) ? $lambdas[0] : $lambdas[1]; + + $this->basis = static::extendedGCD($lambda->toBigInteger(), $this->order); + ///* + foreach ($this->basis as $basis) { + echo strtoupper($basis['a']->toHex(true)) . "\n"; + echo strtoupper($basis['b']->toHex(true)) . "\n\n"; + } + exit; + //*/ + } + + $npoints = $nscalars = []; + for ($i = 0; $i < count($points); $i++) { + $p = $points[$i]; + $k = $scalars[$i]->toBigInteger(); + + // begin split + [$v1, $v2] = $this->basis; + + $c1 = $v2['b']->multiply($k); + [$c1, $r] = $c1->divide($this->order); + if ($this->order->compare($r->multiply($two)) <= 0) { + $c1 = $c1->add($one); + } + + $c2 = $v1['b']->negate()->multiply($k); + [$c2, $r] = $c2->divide($this->order); + if ($this->order->compare($r->multiply($two)) <= 0) { + $c2 = $c2->add($one); + } + + $p1 = $c1->multiply($v1['a']); + $p2 = $c2->multiply($v2['a']); + $q1 = $c1->multiply($v1['b']); + $q2 = $c2->multiply($v2['b']); + + $k1 = $k->subtract($p1)->subtract($p2); + $k2 = $q1->add($q2)->negate(); + // end split + + $beta = [ + $p[0]->multiply($this->beta), + $p[1], + clone $this->one, + ]; + + if (isset($p['naf'])) { + $beta['naf'] = array_map(function ($p) { + return [ + $p[0]->multiply($this->beta), + $p[1], + clone $this->one, + ]; + }, $p['naf']); + $beta['nafwidth'] = $p['nafwidth']; + } + + if ($k1->isNegative()) { + $k1 = $k1->negate(); + $p = $this->negatePoint($p); + } + + if ($k2->isNegative()) { + $k2 = $k2->negate(); + $beta = $this->negatePoint($beta); + } + + $pos = 2 * $i; + $npoints[$pos] = $p; + $nscalars[$pos] = $this->factory->newInteger($k1); + + $pos++; + $npoints[$pos] = $beta; + $nscalars[$pos] = $this->factory->newInteger($k2); + } + + return parent::multiplyAddPoints($npoints, $nscalars); + } + + /** + * Returns the numerator and denominator of the slope + * + * @return FiniteField[] + */ + protected function doublePointHelper(array $p): array + { + $numerator = $this->three->multiply($p[0])->multiply($p[0]); + $denominator = $this->two->multiply($p[1]); + return [$numerator, $denominator]; + } + + /** + * Doubles a jacobian coordinate on the curve + * + * See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l + * + * @return FiniteField[] + */ + protected function jacobianDoublePoint(array $p): array + { + [$x1, $y1, $z1] = $p; + $a = $x1->multiply($x1); + $b = $y1->multiply($y1); + $c = $b->multiply($b); + $d = $x1->add($b); + $d = $d->multiply($d)->subtract($a)->subtract($c)->multiply($this->two); + $e = $this->three->multiply($a); + $f = $e->multiply($e); + $x3 = $f->subtract($this->two->multiply($d)); + $y3 = $e->multiply($d->subtract($x3))->subtract( + $this->eight->multiply($c) + ); + $z3 = $this->two->multiply($y1)->multiply($z1); + return [$x3, $y3, $z3]; + } + + /** + * Doubles a "fresh" jacobian coordinate on the curve + * + * See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-mdbl-2007-bl + * + * @return FiniteField[] + */ + protected function jacobianDoublePointMixed(array $p): array + { + [$x1, $y1] = $p; + $xx = $x1->multiply($x1); + $yy = $y1->multiply($y1); + $yyyy = $yy->multiply($yy); + $s = $x1->add($yy); + $s = $s->multiply($s)->subtract($xx)->subtract($yyyy)->multiply($this->two); + $m = $this->three->multiply($xx); + $t = $m->multiply($m)->subtract($this->two->multiply($s)); + $x3 = $t; + $y3 = $s->subtract($t); + $y3 = $m->multiply($y3)->subtract($this->eight->multiply($yyyy)); + $z3 = $this->two->multiply($y1); + return [$x3, $y3, $z3]; + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p): bool + { + [$x, $y] = $p; + $lhs = $y->multiply($y); + $temp = $x->multiply($x)->multiply($x); + $rhs = $temp->add($this->b); + + return $lhs->equals($rhs); + } + + /** + * Calculates the parameters needed from the Euclidean algorithm as discussed at + * http://diamond.boisestate.edu/~liljanab/MATH308/GuideToECC.pdf#page=148 + * + * @return BigInteger[] + */ + protected static function extendedGCD(BigInteger $u, BigInteger $v): array + { + $one = new BigInteger(1); + $zero = new BigInteger(); + + $a = clone $one; + $b = clone $zero; + $c = clone $zero; + $d = clone $one; + + $stop = $v->bitwise_rightShift($v->getLength() >> 1); + + $a1 = clone $zero; + $b1 = clone $zero; + $a2 = clone $zero; + $b2 = clone $zero; + + $postGreatestIndex = 0; + + while (!$v->equals($zero)) { + [$q] = $u->divide($v); + + $temp = $u; + $u = $v; + $v = $temp->subtract($v->multiply($q)); + + $temp = $a; + $a = $c; + $c = $temp->subtract($a->multiply($q)); + + $temp = $b; + $b = $d; + $d = $temp->subtract($b->multiply($q)); + + if ($v->compare($stop) > 0) { + $a0 = $v; + $b0 = $c; + } else { + $postGreatestIndex++; + } + + if ($postGreatestIndex == 1) { + $a1 = $v; + $b1 = $c->negate(); + } + + if ($postGreatestIndex == 2) { + $rhs = $a0->multiply($a0)->add($b0->multiply($b0)); + $lhs = $v->multiply($v)->add($b->multiply($b)); + if ($lhs->compare($rhs) <= 0) { + $a2 = $a0; + $b2 = $b0->negate(); + } else { + $a2 = $v; + $b2 = $c->negate(); + } + + break; + } + } + + return [ + ['a' => $a1, 'b' => $b1], + ['a' => $a2, 'b' => $b2], + ]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Montgomery.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Montgomery.php new file mode 100644 index 0000000..c6fb744 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Montgomery.php @@ -0,0 +1,281 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; +use phpseclib3\Math\PrimeField\Integer as PrimeInteger; + +/** + * Curves over y^2 = x^3 + a*x + x + * + * @author Jim Wigginton + */ +class Montgomery extends Base +{ + /** + * Prime Field Integer factory + * + * @var PrimeField + */ + protected $factory; + + /** + * Cofficient for x + * + * @var object + */ + protected $a; + + /** + * Constant used for point doubling + * + * @var object + */ + protected $a24; + + /** + * The Number Zero + * + * @var object + */ + protected $zero; + + /** + * The Number One + * + * @var object + */ + protected $one; + + /** + * Base Point + * + * @var object + */ + protected $p; + + /** + * The modulo + * + * @var BigInteger + */ + protected $modulo; + + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Sets the modulo + */ + public function setModulo(BigInteger $modulo): void + { + $this->modulo = $modulo; + $this->factory = new PrimeField($modulo); + $this->zero = $this->factory->newInteger(new BigInteger()); + $this->one = $this->factory->newInteger(new BigInteger(1)); + } + + /** + * Set coefficients a + */ + public function setCoefficients(BigInteger $a): void + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger($a); + $two = $this->factory->newInteger(new BigInteger(2)); + $four = $this->factory->newInteger(new BigInteger(4)); + $this->a24 = $this->a->subtract($two)->divide($four); + } + + /** + * Set x and y coordinates for the base point + * + * @param BigInteger|PrimeInteger $x + * @param BigInteger|PrimeInteger $y + * @return PrimeInteger[] + */ + public function setBasePoint($x, $y): array + { + switch (true) { + case !$x instanceof BigInteger && !$x instanceof PrimeInteger: + throw new UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + case !$y instanceof BigInteger && !$y instanceof PrimeInteger: + throw new UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + } + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + $x instanceof BigInteger ? $this->factory->newInteger($x) : $x, + $y instanceof BigInteger ? $this->factory->newInteger($y) : $y, + ]; + } + + /** + * Retrieve the base point as an array + * + * @return array + */ + public function getBasePoint() + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Doubles and adds a point on a curve + * + * See https://tools.ietf.org/html/draft-ietf-tls-curve25519-01#appendix-A.1.3 + * + * @return FiniteField[][] + */ + private function doubleAndAddPoint(array $p, array $q, PrimeInteger $x1): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + return []; + } + + if (!isset($p[1])) { + throw new RuntimeException('Affine coordinates need to be manually converted to XZ coordinates'); + } + + [$x2, $z2] = $p; + [$x3, $z3] = $q; + + $a = $x2->add($z2); + $aa = $a->multiply($a); + $b = $x2->subtract($z2); + $bb = $b->multiply($b); + $e = $aa->subtract($bb); + $c = $x3->add($z3); + $d = $x3->subtract($z3); + $da = $d->multiply($a); + $cb = $c->multiply($b); + $temp = $da->add($cb); + $x5 = $temp->multiply($temp); + $temp = $da->subtract($cb); + $z5 = $x1->multiply($temp->multiply($temp)); + $x4 = $aa->multiply($bb); + $temp = static::class == Curve25519::class ? $bb : $aa; + $z4 = $e->multiply($temp->add($this->a24->multiply($e))); + + return [ + [$x4, $z4], + [$x5, $z5], + ]; + } + + /** + * Multiply a point on the curve by a scalar + * + * Uses the montgomery ladder technique as described here: + * + * https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder + * https://github.com/phpecc/phpecc/issues/16#issuecomment-59176772 + */ + public function multiplyPoint(array $p, BigInteger $d): array + { + $p1 = [$this->one, $this->zero]; + $alreadyInternal = isset($x[1]); + $p2 = $this->convertToInternal($p); + $x = $p[0]; + + $b = $d->toBits(); + $b = str_pad($b, 256, '0', STR_PAD_LEFT); + for ($i = 0; $i < strlen($b); $i++) { + $b_i = (int) $b[$i]; + if ($b_i) { + [$p2, $p1] = $this->doubleAndAddPoint($p2, $p1, $x); + } else { + [$p1, $p2] = $this->doubleAndAddPoint($p1, $p2, $x); + } + } + + return $alreadyInternal ? $p1 : $this->convertToAffine($p1); + } + + /** + * Converts an affine point to an XZ coordinate + * + * From https://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html + * + * XZ coordinates represent x y as X Z satsfying the following equations: + * + * x=X/Z + * + * @return PrimeInteger[] + */ + public function convertToInternal(array $p): array + { + if (empty($p)) { + return [clone $this->zero, clone $this->one]; + } + + if (isset($p[1])) { + return $p; + } + + $p[1] = clone $this->one; + + return $p; + } + + /** + * Returns the affine point + * + * @return PrimeInteger[] + */ + public function convertToAffine(array $p): array + { + if (!isset($p[1])) { + return $p; + } + [$x, $z] = $p; + return [$x->divide($z)]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Prime.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Prime.php new file mode 100644 index 0000000..ebaad64 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/Prime.php @@ -0,0 +1,785 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; +use phpseclib3\Math\PrimeField; +use phpseclib3\Math\PrimeField\Integer as PrimeInteger; +use phpseclib3\Math\PrimeFields; + +/** + * Curves over y^2 = x^3 + a*x + b + * + * @author Jim Wigginton + */ +class Prime extends Base +{ + /** + * Prime Field Integer factory + * + * @var PrimeFields + */ + protected $factory; + + /** + * Cofficient for x^1 + * + * @var object + */ + protected $a; + + /** + * Cofficient for x^0 + * + * @var object + */ + protected $b; + + /** + * Base Point + * + * @var object + */ + protected $p; + + /** + * The number one over the specified finite field + * + * @var object + */ + protected $one; + + /** + * The number two over the specified finite field + * + * @var object + */ + protected $two; + + /** + * The number three over the specified finite field + * + * @var object + */ + protected $three; + + /** + * The number four over the specified finite field + * + * @var object + */ + protected $four; + + /** + * The number eight over the specified finite field + * + * @var object + */ + protected $eight; + + /** + * The modulo + * + * @var BigInteger + */ + protected $modulo; + + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Sets the modulo + */ + public function setModulo(BigInteger $modulo): void + { + $this->modulo = $modulo; + $this->factory = new PrimeField($modulo); + $this->two = $this->factory->newInteger(new BigInteger(2)); + $this->three = $this->factory->newInteger(new BigInteger(3)); + // used by jacobian coordinates + $this->one = $this->factory->newInteger(new BigInteger(1)); + $this->four = $this->factory->newInteger(new BigInteger(4)); + $this->eight = $this->factory->newInteger(new BigInteger(8)); + } + + /** + * Set coefficients a and b + */ + public function setCoefficients(BigInteger $a, BigInteger $b): void + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger($a); + $this->b = $this->factory->newInteger($b); + } + + /** + * Set x and y coordinates for the base point + * + * @param BigInteger|PrimeInteger $x + * @param BigInteger|PrimeInteger $y + */ + public function setBasePoint($x, $y): void + { + switch (true) { + case !$x instanceof BigInteger && !$x instanceof PrimeInteger: + throw new UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + case !$y instanceof BigInteger && !$y instanceof PrimeInteger: + throw new UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + } + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + $x instanceof BigInteger ? $this->factory->newInteger($x) : $x, + $y instanceof BigInteger ? $this->factory->newInteger($y) : $y, + ]; + } + + /** + * Retrieve the base point as an array + * + * @return array + */ + public function getBasePoint() + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Adds two "fresh" jacobian form on the curve + * + * @return FiniteField[] + */ + protected function jacobianAddPointMixedXY(array $p, array $q): array + { + [$u1, $s1] = $p; + [$u2, $s2] = $q; + if ($u1->equals($u2)) { + if (!$s1->equals($s2)) { + return []; + } else { + return $this->doublePoint($p); + } + } + $h = $u2->subtract($u1); + $r = $s2->subtract($s1); + $h2 = $h->multiply($h); + $h3 = $h2->multiply($h); + $v = $u1->multiply($h2); + $x3 = $r->multiply($r)->subtract($h3)->subtract($v->multiply($this->two)); + $y3 = $r->multiply( + $v->subtract($x3) + )->subtract( + $s1->multiply($h3) + ); + return [$x3, $y3, $h]; + } + + /** + * Adds one "fresh" jacobian form on the curve + * + * The second parameter should be the "fresh" one + * + * @return FiniteField[] + */ + protected function jacobianAddPointMixedX(array $p, array $q): array + { + [$u1, $s1, $z1] = $p; + [$x2, $y2] = $q; + + $z12 = $z1->multiply($z1); + + $u2 = $x2->multiply($z12); + $s2 = $y2->multiply($z12->multiply($z1)); + if ($u1->equals($u2)) { + if (!$s1->equals($s2)) { + return []; + } else { + return $this->doublePoint($p); + } + } + $h = $u2->subtract($u1); + $r = $s2->subtract($s1); + $h2 = $h->multiply($h); + $h3 = $h2->multiply($h); + $v = $u1->multiply($h2); + $x3 = $r->multiply($r)->subtract($h3)->subtract($v->multiply($this->two)); + $y3 = $r->multiply( + $v->subtract($x3) + )->subtract( + $s1->multiply($h3) + ); + $z3 = $h->multiply($z1); + return [$x3, $y3, $z3]; + } + + /** + * Adds two jacobian coordinates on the curve + * + * @return FiniteField[] + */ + protected function jacobianAddPoint(array $p, array $q): array + { + [$x1, $y1, $z1] = $p; + [$x2, $y2, $z2] = $q; + + $z12 = $z1->multiply($z1); + $z22 = $z2->multiply($z2); + + $u1 = $x1->multiply($z22); + $u2 = $x2->multiply($z12); + $s1 = $y1->multiply($z22->multiply($z2)); + $s2 = $y2->multiply($z12->multiply($z1)); + if ($u1->equals($u2)) { + if (!$s1->equals($s2)) { + return []; + } else { + return $this->doublePoint($p); + } + } + $h = $u2->subtract($u1); + $r = $s2->subtract($s1); + $h2 = $h->multiply($h); + $h3 = $h2->multiply($h); + $v = $u1->multiply($h2); + $x3 = $r->multiply($r)->subtract($h3)->subtract($v->multiply($this->two)); + $y3 = $r->multiply( + $v->subtract($x3) + )->subtract( + $s1->multiply($h3) + ); + $z3 = $h->multiply($z1)->multiply($z2); + return [$x3, $y3, $z3]; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + // use jacobian coordinates + if (isset($p[2]) && isset($q[2])) { + if (isset($p['fresh']) && isset($q['fresh'])) { + return $this->jacobianAddPointMixedXY($p, $q); + } + if (isset($p['fresh'])) { + return $this->jacobianAddPointMixedX($q, $p); + } + if (isset($q['fresh'])) { + return $this->jacobianAddPointMixedX($p, $q); + } + return $this->jacobianAddPoint($p, $q); + } + + if (isset($p[2]) || isset($q[2])) { + throw new RuntimeException('Affine coordinates need to be manually converted to Jacobi coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + if (!$p[1]->equals($q[1])) { + return []; + } else { // eg. doublePoint + [$numerator, $denominator] = $this->doublePointHelper($p); + } + } else { + $numerator = $q[1]->subtract($p[1]); + $denominator = $q[0]->subtract($p[0]); + } + $slope = $numerator->divide($denominator); + $x = $slope->multiply($slope)->subtract($p[0])->subtract($q[0]); + $y = $slope->multiply($p[0]->subtract($x))->subtract($p[1]); + + return [$x, $y]; + } + + /** + * Returns the numerator and denominator of the slope + * + * @return FiniteField[] + */ + protected function doublePointHelper(array $p): array + { + $numerator = $this->three->multiply($p[0])->multiply($p[0])->add($this->a); + $denominator = $this->two->multiply($p[1]); + return [$numerator, $denominator]; + } + + /** + * Doubles a jacobian coordinate on the curve + * + * @return FiniteField[] + */ + protected function jacobianDoublePoint(array $p): array + { + [$x, $y, $z] = $p; + $x2 = $x->multiply($x); + $y2 = $y->multiply($y); + $z2 = $z->multiply($z); + $s = $this->four->multiply($x)->multiply($y2); + $m1 = $this->three->multiply($x2); + $m2 = $this->a->multiply($z2->multiply($z2)); + $m = $m1->add($m2); + $x1 = $m->multiply($m)->subtract($this->two->multiply($s)); + $y1 = $m->multiply($s->subtract($x1))->subtract( + $this->eight->multiply($y2->multiply($y2)) + ); + $z1 = $this->two->multiply($y)->multiply($z); + return [$x1, $y1, $z1]; + } + + /** + * Doubles a "fresh" jacobian coordinate on the curve + * + * @return FiniteField[] + */ + protected function jacobianDoublePointMixed(array $p): array + { + [$x, $y] = $p; + $x2 = $x->multiply($x); + $y2 = $y->multiply($y); + $s = $this->four->multiply($x)->multiply($y2); + $m1 = $this->three->multiply($x2); + $m = $m1->add($this->a); + $x1 = $m->multiply($m)->subtract($this->two->multiply($s)); + $y1 = $m->multiply($s->subtract($x1))->subtract( + $this->eight->multiply($y2->multiply($y2)) + ); + $z1 = $this->two->multiply($y); + return [$x1, $y1, $z1]; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + // use jacobian coordinates + if (isset($p[2])) { + if (isset($p['fresh'])) { + return $this->jacobianDoublePointMixed($p); + } + return $this->jacobianDoublePoint($p); + } + + [$numerator, $denominator] = $this->doublePointHelper($p); + + $slope = $numerator->divide($denominator); + + $x = $slope->multiply($slope)->subtract($p[0])->subtract($p[0]); + $y = $slope->multiply($p[0]->subtract($x))->subtract($p[1]); + + return [$x, $y]; + } + + /** + * Returns the X coordinate and the derived Y coordinate + */ + public function derivePoint($m): array + { + $y = ord(Strings::shift($m)); + $x = new BigInteger($m, 256); + $xp = $this->convertInteger($x); + switch ($y) { + case 2: + $ypn = false; + break; + case 3: + $ypn = true; + break; + default: + throw new RuntimeException('Coordinate not in recognized format'); + } + $temp = $xp->multiply($this->a); + $temp = $xp->multiply($xp)->multiply($xp)->add($temp); + $temp = $temp->add($this->b); + $b = $temp->squareRoot(); + if (!$b) { + throw new RuntimeException('Unable to derive Y coordinate'); + } + $bn = $b->isOdd(); + $yp = $ypn == $bn ? $b : $b->negate(); + return [$xp, $yp]; + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p): bool + { + [$x, $y] = $p; + $lhs = $y->multiply($y); + $temp = $x->multiply($this->a); + $temp = $x->multiply($x)->multiply($x)->add($temp); + $rhs = $temp->add($this->b); + + return $lhs->equals($rhs); + } + + /** + * Returns the modulo + */ + public function getModulo(): BigInteger + { + return $this->modulo; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getA() + { + return $this->a; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getB() + { + return $this->b; + } + + /** + * Multiply and Add Points + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/curve/base.js#L125 + * + * @return int[] + */ + public function multiplyAddPoints(array $points, array $scalars): array + { + $length = count($points); + + foreach ($points as &$point) { + $point = $this->convertToInternal($point); + } + + $wnd = [$this->getNAFPoints($points[0], 7)]; + $wndWidth = [$points[0]['nafwidth'] ?? 7]; + for ($i = 1; $i < $length; $i++) { + $wnd[] = $this->getNAFPoints($points[$i], 1); + $wndWidth[] = $points[$i]['nafwidth'] ?? 1; + } + + $naf = []; + + // comb all window NAFs + + $max = 0; + for ($i = $length - 1; $i >= 1; $i -= 2) { + $a = $i - 1; + $b = $i; + if ($wndWidth[$a] != 1 || $wndWidth[$b] != 1) { + $naf[$a] = $scalars[$a]->getNAF($wndWidth[$a]); + $naf[$b] = $scalars[$b]->getNAF($wndWidth[$b]); + $max = max(count($naf[$a]), count($naf[$b]), $max); + continue; + } + + $comb = [ + $points[$a], // 1 + null, // 3 + null, // 5 + $points[$b], // 7 + ]; + + $comb[1] = $this->addPoint($points[$a], $points[$b]); + $comb[2] = $this->addPoint($points[$a], $this->negatePoint($points[$b])); + + $index = [ + -3, /* -1 -1 */ + -1, /* -1 0 */ + -5, /* -1 1 */ + -7, /* 0 -1 */ + 0, /* 0 -1 */ + 7, /* 0 1 */ + 5, /* 1 -1 */ + 1, /* 1 0 */ + 3, /* 1 1 */ + ]; + + $jsf = self::getJSFPoints($scalars[$a], $scalars[$b]); + + $max = max(count($jsf[0]), $max); + if ($max > 0) { + $naf[$a] = array_fill(0, $max, 0); + $naf[$b] = array_fill(0, $max, 0); + } else { + $naf[$a] = []; + $naf[$b] = []; + } + + for ($j = 0; $j < $max; $j++) { + $ja = $jsf[0][$j] ?? 0; + $jb = $jsf[1][$j] ?? 0; + + $naf[$a][$j] = $index[3 * ($ja + 1) + $jb + 1]; + $naf[$b][$j] = 0; + $wnd[$a] = $comb; + } + } + + $acc = []; + $temp = [0, 0, 0, 0]; + for ($i = $max; $i >= 0; $i--) { + $k = 0; + while ($i >= 0) { + $zero = true; + for ($j = 0; $j < $length; $j++) { + $temp[$j] = $naf[$j][$i] ?? 0; + if ($temp[$j] != 0) { + $zero = false; + } + } + if (!$zero) { + break; + } + $k++; + $i--; + } + + if ($i >= 0) { + $k++; + } + while ($k--) { + $acc = $this->doublePoint($acc); + } + + if ($i < 0) { + break; + } + + for ($j = 0; $j < $length; $j++) { + $z = $temp[$j]; + $p = null; + if ($z == 0) { + continue; + } + $p = $z > 0 ? + $wnd[$j][($z - 1) >> 1] : + $this->negatePoint($wnd[$j][(-$z - 1) >> 1]); + $acc = $this->addPoint($acc, $p); + } + } + + return $this->convertToAffine($acc); + } + + /** + * Precomputes NAF points + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/curve/base.js#L351 + * + * @return list + */ + private function getNAFPoints(array $point, int $wnd): array + { + if (isset($point['naf'])) { + return $point['naf']; + } + + $res = [$point]; + $max = (1 << $wnd) - 1; + $dbl = $max == 1 ? null : $this->doublePoint($point); + for ($i = 1; $i < $max; $i++) { + $res[] = $this->addPoint($res[$i - 1], $dbl); + } + + $point['naf'] = $res; + + /* + $str = ''; + foreach ($res as $re) { + $re[0] = bin2hex($re[0]->toBytes()); + $re[1] = bin2hex($re[1]->toBytes()); + $str.= " ['$re[0]', '$re[1]'],\r\n"; + } + file_put_contents('temp.txt', $str); + exit; + */ + + return $res; + } + + /** + * Precomputes points in Joint Sparse Form + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/utils.js#L96 + * + * @return int[] + */ + private static function getJSFPoints(Integer $k1, Integer $k2): array + { + static $three; + if (!isset($three)) { + $three = new BigInteger(3); + } + + $jsf = [[], []]; + $k1 = $k1->toBigInteger(); + $k2 = $k2->toBigInteger(); + $d1 = 0; + $d2 = 0; + + while ($k1->compare(new BigInteger(-$d1)) > 0 || $k2->compare(new BigInteger(-$d2)) > 0) { + // first phase + $m14 = $k1->testBit(0) + 2 * $k1->testBit(1); + $m14 += $d1; + $m14 &= 3; + + $m24 = $k2->testBit(0) + 2 * $k2->testBit(1); + $m24 += $d2; + $m24 &= 3; + + if ($m14 == 3) { + $m14 = -1; + } + if ($m24 == 3) { + $m24 = -1; + } + + $u1 = 0; + if ($m14 & 1) { // if $m14 is odd + $m8 = $k1->testBit(0) + 2 * $k1->testBit(1) + 4 * $k1->testBit(2); + $m8 += $d1; + $m8 &= 7; + $u1 = ($m8 == 3 || $m8 == 5) && $m24 == 2 ? -$m14 : $m14; + } + $jsf[0][] = $u1; + + $u2 = 0; + if ($m24 & 1) { // if $m24 is odd + $m8 = $k2->testBit(0) + 2 * $k2->testBit(1) + 4 * $k2->testBit(2); + $m8 += $d2; + $m8 &= 7; + $u2 = ($m8 == 3 || $m8 == 5) && $m14 == 2 ? -$m24 : $m24; + } + $jsf[1][] = $u2; + + // second phase + if (2 * $d1 == $u1 + 1) { + $d1 = 1 - $d1; + } + if (2 * $d2 == $u2 + 1) { + $d2 = 1 - $d2; + } + $k1 = $k1->bitwise_rightShift(1); + $k2 = $k2->bitwise_rightShift(1); + } + + return $jsf; + } + + /** + * Returns the affine point + * + * A Jacobian Coordinate is of the form (x, y, z). + * To convert a Jacobian Coordinate to an Affine Point + * you do (x / z^2, y / z^3) + * + * @return PrimeInteger[] + */ + public function convertToAffine(array $p): array + { + if (!isset($p[2])) { + return $p; + } + [$x, $y, $z] = $p; + $z = $this->one->divide($z); + $z2 = $z->multiply($z); + return [ + $x->multiply($z2), + $y->multiply($z2)->multiply($z), + ]; + } + + /** + * Converts an affine point to a jacobian coordinate + * + * @return PrimeInteger[] + */ + public function convertToInternal(array $p): array + { + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + $p['fresh'] = true; + return $p; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php new file mode 100644 index 0000000..0c79dba --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php @@ -0,0 +1,215 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; +use phpseclib3\Math\PrimeField\Integer as PrimeInteger; + +/** + * Curves over a*x^2 + y^2 = 1 + d*x^2*y^2 + * + * @author Jim Wigginton + */ +class TwistedEdwards extends Base +{ + /** + * The modulo + * + * @var BigInteger + */ + protected $modulo; + + /** + * Cofficient for x^2 + * + * @var object + */ + protected $a; + + /** + * Cofficient for x^2*y^2 + * + * @var object + */ + protected $d; + + /** + * Base Point + * + * @var object[] + */ + protected $p; + + /** + * The number zero over the specified finite field + * + * @var object + */ + protected $zero; + + /** + * The number one over the specified finite field + * + * @var object + */ + protected $one; + + /** + * The number two over the specified finite field + * + * @var object + */ + protected $two; + + /** + * Sets the modulo + */ + public function setModulo(BigInteger $modulo): void + { + $this->modulo = $modulo; + $this->factory = new PrimeField($modulo); + $this->zero = $this->factory->newInteger(new BigInteger(0)); + $this->one = $this->factory->newInteger(new BigInteger(1)); + $this->two = $this->factory->newInteger(new BigInteger(2)); + } + + /** + * Set coefficients a and b + */ + public function setCoefficients(BigInteger $a, BigInteger $d): void + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger($a); + $this->d = $this->factory->newInteger($d); + } + + /** + * Set x and y coordinates for the base point + */ + public function setBasePoint($x, $y): void + { + switch (true) { + case !$x instanceof BigInteger && !$x instanceof PrimeInteger: + throw new UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + case !$y instanceof BigInteger && !$y instanceof PrimeInteger: + throw new UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + } + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + $x instanceof BigInteger ? $this->factory->newInteger($x) : $x, + $y instanceof BigInteger ? $this->factory->newInteger($y) : $y, + ]; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getA() + { + return $this->a; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getD() + { + return $this->d; + } + + /** + * Retrieve the base point as an array + */ + public function getBasePoint(): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Returns the affine point + * + * @return PrimeInteger[] + */ + public function convertToAffine(array $p): array + { + if (!isset($p[2])) { + return $p; + } + [$x, $y, $z] = $p; + $z = $this->one->divide($z); + return [ + $x->multiply($z), + $y->multiply($z), + ]; + } + + /** + * Returns the modulo + */ + public function getModulo(): BigInteger + { + return $this->modulo; + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p): bool + { + [$x, $y] = $p; + $x2 = $x->multiply($x); + $y2 = $y->multiply($y); + + $lhs = $this->a->multiply($x2)->add($y2); + $rhs = $this->d->multiply($x2)->multiply($y2)->add($this->one); + + return $lhs->equals($rhs); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Curve25519.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Curve25519.php new file mode 100644 index 0000000..2413a06 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Curve25519.php @@ -0,0 +1,80 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery; +use phpseclib3\Exception\RangeException; +use phpseclib3\Math\BigInteger; + +class Curve25519 extends Montgomery +{ + public function __construct() + { + // 2^255 - 19 + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED', 16)); + $this->a24 = $this->factory->newInteger(new BigInteger('121666')); + $this->p = [$this->factory->newInteger(new BigInteger(9))]; + // 2^252 + 0x14def9dea2f79cd65812631a5cf5d3ed + $this->setOrder(new BigInteger('1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED', 16)); + + /* + $this->setCoefficients( + new BigInteger('486662'), // a + ); + $this->setBasePoint( + new BigInteger(9), + new BigInteger('14781619447589544791020593568409986887264606134616475288964881837755586237401') + ); + */ + } + + /** + * Multiply a point on the curve by a scalar + * + * Modifies the scalar as described at https://tools.ietf.org/html/rfc7748#page-8 + */ + public function multiplyPoint(array $p, BigInteger $d): array + { + //$r = strrev(sodium_crypto_scalarmult($d->toBytes(), strrev($p[0]->toBytes()))); + //return [$this->factory->newInteger(new BigInteger($r, 256))]; + + $d = $d->toBytes(); + $d &= "\xF8" . str_repeat("\xFF", 30) . "\x7F"; + $d = strrev($d); + $d |= "\x40"; + $d = new BigInteger($d, -256); + + return parent::multiplyPoint($p, $d); + } + + /** + * Creates a random scalar multiplier + */ + public function createRandomMultiplier(): BigInteger + { + return BigInteger::random(256); + } + + /** + * Performs range check + */ + public function rangeCheck(BigInteger $x): void + { + if ($x->getLength() > 256 || $x->isNegative()) { + throw new RangeException('x must be a positive integer less than 256 bytes in length'); + } + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Curve448.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Curve448.php new file mode 100644 index 0000000..14e4aaf --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Curve448.php @@ -0,0 +1,91 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery; +use phpseclib3\Exception\RangeException; +use phpseclib3\Math\BigInteger; + +class Curve448 extends Montgomery +{ + public function __construct() + { + // 2^448 - 2^224 - 1 + $this->setModulo(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF', + 16 + )); + $this->a24 = $this->factory->newInteger(new BigInteger('39081')); + $this->p = [$this->factory->newInteger(new BigInteger(5))]; + // 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d + $this->setOrder(new BigInteger( + '3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + '7CCA23E9C44EDB49AED63690216CC2728DC58F552378C292AB5844F3', + 16 + )); + + /* + $this->setCoefficients( + new BigInteger('156326'), // a + ); + $this->setBasePoint( + new BigInteger(5), + new BigInteger( + '355293926785568175264127502063783334808976399387714271831880898' . + '435169088786967410002932673765864550910142774147268105838985595290' . + '606362') + ); + */ + } + + /** + * Multiply a point on the curve by a scalar + * + * Modifies the scalar as described at https://tools.ietf.org/html/rfc7748#page-8 + */ + public function multiplyPoint(array $p, BigInteger $d): array + { + //$r = strrev(sodium_crypto_scalarmult($d->toBytes(), strrev($p[0]->toBytes()))); + //return [$this->factory->newInteger(new BigInteger($r, 256))]; + + $d = $d->toBytes(); + $d[0] = $d[0] & "\xFC"; + $d = strrev($d); + $d |= "\x80"; + $d = new BigInteger($d, 256); + + return parent::multiplyPoint($p, $d); + } + + /** + * Creates a random scalar multiplier + */ + public function createRandomMultiplier(): BigInteger + { + return BigInteger::random(446); + } + + /** + * Performs range check + */ + public function rangeCheck(BigInteger $x): void + { + if ($x->getLength() > 448 || $x->isNegative()) { + throw new RangeException('x must be a positive integer less than 446 bytes in length'); + } + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Ed25519.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Ed25519.php new file mode 100644 index 0000000..308e2d4 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Ed25519.php @@ -0,0 +1,330 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; + +class Ed25519 extends TwistedEdwards +{ + public const HASH = 'sha512'; + /* + Per https://tools.ietf.org/html/rfc8032#page-6 EdDSA has several parameters, one of which is b: + + 2. An integer b with 2^(b-1) > p. EdDSA public keys have exactly b + bits, and EdDSA signatures have exactly 2*b bits. b is + recommended to be a multiple of 8, so public key and signature + lengths are an integral number of octets. + + SIZE corresponds to b + */ + public const SIZE = 32; + + public function __construct() + { + // 2^255 - 19 + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED', 16)); + $this->setCoefficients( + // -1 + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC', 16), // a + // -121665/121666 + new BigInteger('52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3', 16) // d + ); + $this->setBasePoint( + new BigInteger('216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A', 16), + new BigInteger('6666666666666666666666666666666666666666666666666666666666666658', 16) + ); + $this->setOrder(new BigInteger('1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED', 16)); + // algorithm 14.47 from http://cacr.uwaterloo.ca/hac/about/chap14.pdf#page=16 + /* + $this->setReduction(function($x) { + $parts = $x->bitwise_split(255); + $className = $this->className; + + if (count($parts) > 2) { + list(, $r) = $x->divide($className::$modulo); + return $r; + } + + $zero = new BigInteger(); + $c = new BigInteger(19); + + switch (count($parts)) { + case 2: + list($qi, $ri) = $parts; + break; + case 1: + $qi = $zero; + list($ri) = $parts; + break; + case 0: + return $zero; + } + $r = $ri; + + while ($qi->compare($zero) > 0) { + $temp = $qi->multiply($c)->bitwise_split(255); + if (count($temp) == 2) { + list($qi, $ri) = $temp; + } else { + $qi = $zero; + list($ri) = $temp; + } + $r = $r->add($ri); + } + + while ($r->compare($className::$modulo) > 0) { + $r = $r->subtract($className::$modulo); + } + return $r; + }); + */ + } + + /** + * Recover X from Y + * + * Implements steps 2-4 at https://tools.ietf.org/html/rfc8032#section-5.1.3 + * + * Used by EC\Keys\Common.php + * + * @param boolean $sign + * @return object[] + */ + public function recoverX(BigInteger $y, bool $sign): array + { + $y = $this->factory->newInteger($y); + + $y2 = $y->multiply($y); + $u = $y2->subtract($this->one); + $v = $this->d->multiply($y2)->add($this->one); + $x2 = $u->divide($v); + if ($x2->equals($this->zero)) { + if ($sign) { + throw new RuntimeException('Unable to recover X coordinate (x2 = 0)'); + } + return clone $this->zero; + } + // find the square root + /* we don't do $x2->squareRoot() because, quoting from + https://tools.ietf.org/html/rfc8032#section-5.1.1: + + "For point decoding or "decompression", square roots modulo p are + needed. They can be computed using the Tonelli-Shanks algorithm or + the special case for p = 5 (mod 8). To find a square root of a, + first compute the candidate root x = a^((p+3)/8) (mod p)." + */ + $exp = $this->getModulo()->add(new BigInteger(3)); + $exp = $exp->bitwise_rightShift(3); + $x = $x2->pow($exp); + + // If v x^2 = -u (mod p), set x <-- x * 2^((p-1)/4), which is a square root. + if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) { + $temp = $this->getModulo()->subtract(new BigInteger(1)); + $temp = $temp->bitwise_rightShift(2); + $temp = $this->two->pow($temp); + $x = $x->multiply($temp); + if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) { + throw new RuntimeException('Unable to recover X coordinate'); + } + } + if ($x->isOdd() != $sign) { + $x = $x->negate(); + } + + return [$x, $y]; + } + + /** + * Extract Secret Scalar + * + * Implements steps 1-3 at https://tools.ietf.org/html/rfc8032#section-5.1.5 + * + * Used by the various key handlers + * + * @return array + */ + public function extractSecret(string $str) + { + if (strlen($str) != 32) { + throw new LengthException('Private Key should be 32-bytes long'); + } + // 1. Hash the 32-byte private key using SHA-512, storing the digest in + // a 64-octet large buffer, denoted h. Only the lower 32 bytes are + // used for generating the public key. + $hash = new Hash('sha512'); + $h = $hash->hash($str); + $h = substr($h, 0, 32); + // 2. Prune the buffer: The lowest three bits of the first octet are + // cleared, the highest bit of the last octet is cleared, and the + // second highest bit of the last octet is set. + $h[0] = $h[0] & chr(0xF8); + $h = strrev($h); + $h[0] = ($h[0] & chr(0x3F)) | chr(0x40); + // 3. Interpret the buffer as the little-endian integer, forming a + // secret scalar s. + $dA = new BigInteger($h, 256); + + return [ + 'dA' => $dA, + 'secret' => $str, + ]; + } + + /** + * Encode a point as a string + */ + public function encodePoint(array $point): string + { + [$x, $y] = $point; + $y = $y->toBytes(); + $y[0] = $y[0] & chr(0x7F); + if ($x->isOdd()) { + $y[0] = $y[0] | chr(0x80); + } + $y = strrev($y); + + return $y; + } + + /** + * Creates a random scalar multiplier + */ + public function createRandomMultiplier(): BigInteger + { + return $this->extractSecret(Random::string(32))['dA']; + } + + /** + * Converts an affine point to an extended homogeneous coordinate + * + * From https://tools.ietf.org/html/rfc8032#section-5.1.4 : + * + * A point (x,y) is represented in extended homogeneous coordinates (X, Y, Z, T), + * with x = X/Z, y = Y/Z, x * y = T/Z. + * + * @return Integer[] + */ + public function convertToInternal(array $p): array + { + if (empty($p)) { + return [clone $this->zero, clone $this->one, clone $this->one, clone $this->zero]; + } + + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + $p[3] = $p[0]->multiply($p[1]); + + return $p; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + if (!isset($p[2])) { + throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + // from https://tools.ietf.org/html/rfc8032#page-12 + + [$x1, $y1, $z1, $t1] = $p; + + $a = $x1->multiply($x1); + $b = $y1->multiply($y1); + $c = $this->two->multiply($z1)->multiply($z1); + $h = $a->add($b); + $temp = $x1->add($y1); + $e = $h->subtract($temp->multiply($temp)); + $g = $a->subtract($b); + $f = $c->add($g); + + $x3 = $e->multiply($f); + $y3 = $g->multiply($h); + $t3 = $e->multiply($h); + $z3 = $f->multiply($g); + + return [$x3, $y3, $z3, $t3]; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + if (!isset($p[2]) || !isset($q[2])) { + throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + return !$p[1]->equals($q[1]) ? [] : $this->doublePoint($p); + } + + // from https://tools.ietf.org/html/rfc8032#page-12 + + [$x1, $y1, $z1, $t1] = $p; + [$x2, $y2, $z2, $t2] = $q; + + $a = $y1->subtract($x1)->multiply($y2->subtract($x2)); + $b = $y1->add($x1)->multiply($y2->add($x2)); + $c = $t1->multiply($this->two)->multiply($this->d)->multiply($t2); + $d = $z1->multiply($this->two)->multiply($z2); + $e = $b->subtract($a); + $f = $d->subtract($c); + $g = $d->add($c); + $h = $b->add($a); + + $x3 = $e->multiply($f); + $y3 = $g->multiply($h); + $t3 = $e->multiply($h); + $z3 = $f->multiply($g); + + return [$x3, $y3, $z3, $t3]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Ed448.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Ed448.php new file mode 100644 index 0000000..7d9331f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/Ed448.php @@ -0,0 +1,268 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField\Integer; + +class Ed448 extends TwistedEdwards +{ + public const HASH = 'shake256-912'; + public const SIZE = 57; + + public function __construct() + { + // 2^448 - 2^224 - 1 + $this->setModulo(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF', + 16 + )); + $this->setCoefficients( + new BigInteger(1), + // -39081 + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6756', 16) + ); + $this->setBasePoint( + new BigInteger('4F1970C66BED0DED221D15A622BF36DA9E146570470F1767EA6DE324' . + 'A3D3A46412AE1AF72AB66511433B80E18B00938E2626A82BC70CC05E', 16), + new BigInteger('693F46716EB6BC248876203756C9C7624BEA73736CA3984087789C1E' . + '05A0C2D73AD3FF1CE67C39C4FDBD132C4ED7C8AD9808795BF230FA14', 16) + ); + $this->setOrder(new BigInteger( + '3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + '7CCA23E9C44EDB49AED63690216CC2728DC58F552378C292AB5844F3', + 16 + )); + } + + /** + * Recover X from Y + * + * Implements steps 2-4 at https://tools.ietf.org/html/rfc8032#section-5.2.3 + * + * Used by EC\Keys\Common.php + * + * @param boolean $sign + * @return object[] + */ + public function recoverX(BigInteger $y, bool $sign): array + { + $y = $this->factory->newInteger($y); + + $y2 = $y->multiply($y); + $u = $y2->subtract($this->one); + $v = $this->d->multiply($y2)->subtract($this->one); + $x2 = $u->divide($v); + if ($x2->equals($this->zero)) { + if ($sign) { + throw new RuntimeException('Unable to recover X coordinate (x2 = 0)'); + } + return clone $this->zero; + } + // find the square root + $exp = $this->getModulo()->add(new BigInteger(1)); + $exp = $exp->bitwise_rightShift(2); + $x = $x2->pow($exp); + + if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) { + throw new RuntimeException('Unable to recover X coordinate'); + } + if ($x->isOdd() != $sign) { + $x = $x->negate(); + } + + return [$x, $y]; + } + + /** + * Extract Secret Scalar + * + * Implements steps 1-3 at https://tools.ietf.org/html/rfc8032#section-5.2.5 + * + * Used by the various key handlers + * + * @return array + */ + public function extractSecret(string $str) + { + if (strlen($str) != 57) { + throw new LengthException('Private Key should be 57-bytes long'); + } + // 1. Hash the 57-byte private key using SHAKE256(x, 114), storing the + // digest in a 114-octet large buffer, denoted h. Only the lower 57 + // bytes are used for generating the public key. + $hash = new Hash('shake256-912'); + $h = $hash->hash($str); + $h = substr($h, 0, 57); + // 2. Prune the buffer: The two least significant bits of the first + // octet are cleared, all eight bits the last octet are cleared, and + // the highest bit of the second to last octet is set. + $h[0] = $h[0] & chr(0xFC); + $h = strrev($h); + $h[0] = "\0"; + $h[1] = $h[1] | chr(0x80); + // 3. Interpret the buffer as the little-endian integer, forming a + // secret scalar s. + $dA = new BigInteger($h, 256); + + return [ + 'dA' => $dA, + 'secret' => $str, + ]; + } + + /** + * Encode a point as a string + */ + public function encodePoint(array $point): string + { + [$x, $y] = $point; + $y = "\0" . $y->toBytes(); + if ($x->isOdd()) { + $y[0] = $y[0] | chr(0x80); + } + $y = strrev($y); + + return $y; + } + + /** + * Creates a random scalar multiplier + */ + public function createRandomMultiplier(): BigInteger + { + return $this->extractSecret(Random::string(57))['dA']; + } + + /** + * Converts an affine point to an extended homogeneous coordinate + * + * From https://tools.ietf.org/html/rfc8032#section-5.2.4 : + * + * A point (x,y) is represented in extended homogeneous coordinates (X, Y, Z, T), + * with x = X/Z, y = Y/Z, x * y = T/Z. + * + * @return Integer[] + */ + public function convertToInternal(array $p): array + { + if (empty($p)) { + return [clone $this->zero, clone $this->one, clone $this->one]; + } + + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + + return $p; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + if (!isset($p[2])) { + throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + // from https://tools.ietf.org/html/rfc8032#page-18 + + [$x1, $y1, $z1] = $p; + + $b = $x1->add($y1); + $b = $b->multiply($b); + $c = $x1->multiply($x1); + $d = $y1->multiply($y1); + $e = $c->add($d); + $h = $z1->multiply($z1); + $j = $e->subtract($this->two->multiply($h)); + + $x3 = $b->subtract($e)->multiply($j); + $y3 = $c->subtract($d)->multiply($e); + $z3 = $e->multiply($j); + + return [$x3, $y3, $z3]; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q): array + { + if (!isset($this->factory)) { + throw new RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + if (!isset($p[2]) || !isset($q[2])) { + throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + return !$p[1]->equals($q[1]) ? [] : $this->doublePoint($p); + } + + // from https://tools.ietf.org/html/rfc8032#page-17 + + [$x1, $y1, $z1] = $p; + [$x2, $y2, $z2] = $q; + + $a = $z1->multiply($z2); + $b = $a->multiply($a); + $c = $x1->multiply($x2); + $d = $y1->multiply($y2); + $e = $this->d->multiply($c)->multiply($d); + $f = $b->subtract($e); + $g = $b->add($e); + $h = $x1->add($y1)->multiply($x2->add($y2)); + + $x3 = $a->multiply($f)->multiply($h->subtract($c)->subtract($d)); + $y3 = $a->multiply($g)->multiply($d->subtract($c)); + $z3 = $f->multiply($g); + + return [$x3, $y3, $z3]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP160r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP160r1.php new file mode 100644 index 0000000..f4d7e6f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP160r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP160r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('E95E4A5F737059DC60DFC7AD95B3D8139515620F', 16)); + $this->setCoefficients( + new BigInteger('340E7BE2A280EB74E2BE61BADA745D97E8F7C300', 16), + new BigInteger('1E589A8595423412134FAA2DBDEC95C8D8675E58', 16) + ); + $this->setBasePoint( + new BigInteger('BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3', 16), + new BigInteger('1667CB477A1A8EC338F94741669C976316DA6321', 16) + ); + $this->setOrder(new BigInteger('E95E4A5F737059DC60DF5991D45029409E60FC09', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP160t1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP160t1.php new file mode 100644 index 0000000..a87807b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP160t1.php @@ -0,0 +1,49 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP160t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('E95E4A5F737059DC60DFC7AD95B3D8139515620F', 16)); + $this->setCoefficients( + new BigInteger('E95E4A5F737059DC60DFC7AD95B3D8139515620C', 16), // eg. -3 + new BigInteger('7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380', 16) + ); + $this->setBasePoint( + new BigInteger('B199B13B9B34EFC1397E64BAEB05ACC265FF2378', 16), + new BigInteger('ADD6718B7C7C1961F0991B842443772152C9E0AD', 16) + ); + $this->setOrder(new BigInteger('E95E4A5F737059DC60DF5991D45029409E60FC09', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP192r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP192r1.php new file mode 100644 index 0000000..be90648 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP192r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP192r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297', 16)); + $this->setCoefficients( + new BigInteger('6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF', 16), + new BigInteger('469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9', 16) + ); + $this->setBasePoint( + new BigInteger('C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6', 16), + new BigInteger('14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F', 16) + ); + $this->setOrder(new BigInteger('C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP192t1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP192t1.php new file mode 100644 index 0000000..da2fb13 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP192t1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP192t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297', 16)); + $this->setCoefficients( + new BigInteger('C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294', 16), // eg. -3 + new BigInteger('13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79', 16) + ); + $this->setBasePoint( + new BigInteger('3AE9E58C82F63C30282E1FE7BBF43FA72C446AF6F4618129', 16), + new BigInteger('097E2C5667C2223A902AB5CA449D0084B7E5B3DE7CCC01C9', 16) + ); + $this->setOrder(new BigInteger('C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP224r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP224r1.php new file mode 100644 index 0000000..fc146e5 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP224r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP224r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF', 16)); + $this->setCoefficients( + new BigInteger('68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43', 16), + new BigInteger('2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B', 16) + ); + $this->setBasePoint( + new BigInteger('0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D', 16), + new BigInteger('58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD', 16) + ); + $this->setOrder(new BigInteger('D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP224t1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP224t1.php new file mode 100644 index 0000000..8460f8a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP224t1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP224t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF', 16)); + $this->setCoefficients( + new BigInteger('D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC', 16), // eg. -3 + new BigInteger('4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D', 16) + ); + $this->setBasePoint( + new BigInteger('6AB1E344CE25FF3896424E7FFE14762ECB49F8928AC0C76029B4D580', 16), + new BigInteger('0374E9F5143E568CD23F3F4D7C0D4B1E41C8CC0D1C6ABD5F1A46DB4C', 16) + ); + $this->setOrder(new BigInteger('D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP256r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP256r1.php new file mode 100644 index 0000000..7137ae9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP256r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP256r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377', 16)); + $this->setCoefficients( + new BigInteger('7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9', 16), + new BigInteger('26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6', 16) + ); + $this->setBasePoint( + new BigInteger('8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262', 16), + new BigInteger('547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997', 16) + ); + $this->setOrder(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP256t1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP256t1.php new file mode 100644 index 0000000..dd67116 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP256t1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP256t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377', 16)); + $this->setCoefficients( + new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374', 16), // eg. -3 + new BigInteger('662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04', 16) + ); + $this->setBasePoint( + new BigInteger('A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4', 16), + new BigInteger('2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE', 16) + ); + $this->setOrder(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP320r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP320r1.php new file mode 100644 index 0000000..7d24665 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP320r1.php @@ -0,0 +1,42 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP320r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F9' . + '2B9EC7893EC28FCD412B1F1B32E27', 16)); + $this->setCoefficients( + new BigInteger('3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F4' . + '92F375A97D860EB4', 16), + new BigInteger('520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD88453981' . + '6F5EB4AC8FB1F1A6', 16) + ); + $this->setBasePoint( + new BigInteger('43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C7' . + '10AF8D0D39E20611', 16), + new BigInteger('14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7' . + 'D35245D1692E8EE1', 16) + ); + $this->setOrder(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D4' . + '82EC7EE8658E98691555B44C59311', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP320t1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP320t1.php new file mode 100644 index 0000000..33a8939 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP320t1.php @@ -0,0 +1,42 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP320t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F9' . + '2B9EC7893EC28FCD412B1F1B32E27', 16)); + $this->setCoefficients( + new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28' . + 'FCD412B1F1B32E24', 16), // eg. -3 + new BigInteger('A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CE' . + 'B5B4FEF422340353', 16) + ); + $this->setBasePoint( + new BigInteger('925BE9FB01AFC6FB4D3E7D4990010F813408AB106C4F09CB7EE07868CC136FFF' . + '3357F624A21BED52', 16), + new BigInteger('63BA3A7A27483EBF6671DBEF7ABB30EBEE084E58A0B077AD42A5A0989D1EE71B' . + '1B9BC0455FB0D2C3', 16) + ); + $this->setOrder(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D4' . + '82EC7EE8658E98691555B44C59311', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP384r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP384r1.php new file mode 100644 index 0000000..98eb32a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP384r1.php @@ -0,0 +1,60 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP384r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A7' . + '1874700133107EC53', + 16 + )); + $this->setCoefficients( + new BigInteger( + '7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503' . + 'AD4EB04A8C7DD22CE2826', + 16 + ), + new BigInteger( + '4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DB' . + 'C9943AB78696FA504C11', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D' . + '646AAEF87B2E247D4AF1E', + 16 + ), + new BigInteger( + '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E464621779' . + '1811142820341263C5315', + 16 + ) + ); + $this->setOrder(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC31' . + '03B883202E9046565', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP384t1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP384t1.php new file mode 100644 index 0000000..c9acbca --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP384t1.php @@ -0,0 +1,60 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP384t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A7' . + '1874700133107EC53', + 16 + )); + $this->setCoefficients( + new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901' . + 'D1A71874700133107EC50', + 16 + ), // eg. -3 + new BigInteger( + '7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B8' . + '8805CED70355A33B471EE', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '18DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946' . + 'A5F54D8D0AA2F418808CC', + 16 + ), + new BigInteger( + '25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC' . + '2B2912675BF5B9E582928', + 16 + ) + ); + $this->setOrder(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC31' . + '03B883202E9046565', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP512r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP512r1.php new file mode 100644 index 0000000..475ddfd --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP512r1.php @@ -0,0 +1,60 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP512r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC' . + '66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3', + 16 + )); + $this->setCoefficients( + new BigInteger( + '7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA82' . + '53AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA', + 16 + ), + new BigInteger( + '3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C' . + '1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D' . + '0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822', + 16 + ), + new BigInteger( + '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5' . + 'F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892', + 16 + ) + ); + $this->setOrder(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA' . + '92619418661197FAC10471DB1D381085DDADDB58796829CA90069', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP512t1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP512t1.php new file mode 100644 index 0000000..e9db26b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/brainpoolP512t1.php @@ -0,0 +1,60 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP512t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC' . + '66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3', + 16 + )); + $this->setCoefficients( + new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC' . + '66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F0', + 16 + ), // eg. -3 + new BigInteger( + '7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA23049' . + '76540F6450085F2DAE145C22553B465763689180EA2571867423E', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CD' . + 'B3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA', + 16 + ), + new BigInteger( + '5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEE' . + 'F216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332', + 16 + ) + ); + $this->setOrder(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA' . + '92619418661197FAC10471DB1D381085DDADDB58796829CA90069', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistb233.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistb233.php new file mode 100644 index 0000000..7182336 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistb233.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistb233 extends sect233r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistb409.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistb409.php new file mode 100644 index 0000000..e6eadbc --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistb409.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistb409 extends sect409r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk163.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk163.php new file mode 100644 index 0000000..ae06c5f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk163.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk163 extends sect163k1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk233.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk233.php new file mode 100644 index 0000000..22f4de0 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk233.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk233 extends sect233k1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk283.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk283.php new file mode 100644 index 0000000..3515fe6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk283.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk283 extends sect283k1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk409.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk409.php new file mode 100644 index 0000000..c33e11c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistk409.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk409 extends sect409k1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp192.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp192.php new file mode 100644 index 0000000..0999dd8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp192.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp192 extends secp192r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp224.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp224.php new file mode 100644 index 0000000..732ed6c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp224.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp224 extends secp224r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp256.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp256.php new file mode 100644 index 0000000..b63cebf --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp256.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp256 extends secp256r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp384.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp384.php new file mode 100644 index 0000000..0c48d9f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp384.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp384 extends secp384r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp521.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp521.php new file mode 100644 index 0000000..f6b7fc8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistp521.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp521 extends secp521r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistt571.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistt571.php new file mode 100644 index 0000000..eec6570 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/nistt571.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistt571 extends sect571k1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v1.php new file mode 100644 index 0000000..c60477c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v1.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class prime192v1 extends secp192r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v2.php new file mode 100644 index 0000000..1f94ace --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v2.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime192v2 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC', 16), + new BigInteger('CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953', 16) + ); + $this->setBasePoint( + new BigInteger('EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A', 16), + new BigInteger('6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v3.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v3.php new file mode 100644 index 0000000..b5ba457 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime192v3.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime192v3 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC', 16), + new BigInteger('22123DC2395A05CAA7423DAECCC94760A7D462256BD56916', 16) + ); + $this->setBasePoint( + new BigInteger('7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896', 16), + new BigInteger('38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v1.php new file mode 100644 index 0000000..73b8acb --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime239v1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC', 16), + new BigInteger('6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A', 16) + ); + $this->setBasePoint( + new BigInteger('0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF', 16), + new BigInteger('7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE', 16) + ); + $this->setOrder(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v2.php new file mode 100644 index 0000000..cf5ab8d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v2.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime239v2 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC', 16), + new BigInteger('617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C', 16) + ); + $this->setBasePoint( + new BigInteger('38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7', 16), + new BigInteger('5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA', 16) + ); + $this->setOrder(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v3.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v3.php new file mode 100644 index 0000000..8ce2095 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime239v3.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime239v3 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC', 16), + new BigInteger('255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E', 16) + ); + $this->setBasePoint( + new BigInteger('6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A', 16), + new BigInteger('1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3', 16) + ); + $this->setOrder(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime256v1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime256v1.php new file mode 100644 index 0000000..905c18e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/prime256v1.php @@ -0,0 +1,20 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +final class prime256v1 extends secp256r1 +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp112r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp112r1.php new file mode 100644 index 0000000..686c2dc --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp112r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp112r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('DB7C2ABF62E35E668076BEAD208B', 16)); + $this->setCoefficients( + new BigInteger('DB7C2ABF62E35E668076BEAD2088', 16), + new BigInteger('659EF8BA043916EEDE8911702B22', 16) + ); + $this->setBasePoint( + new BigInteger('09487239995A5EE76B55F9C2F098', 16), + new BigInteger('A89CE5AF8724C0A23E0E0FF77500', 16) + ); + $this->setOrder(new BigInteger('DB7C2ABF62E35E7628DFAC6561C5', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp112r2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp112r2.php new file mode 100644 index 0000000..104dbcf --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp112r2.php @@ -0,0 +1,37 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp112r2 extends Prime +{ + public function __construct() + { + // same modulo as secp112r1 + $this->setModulo(new BigInteger('DB7C2ABF62E35E668076BEAD208B', 16)); + $this->setCoefficients( + new BigInteger('6127C24C05F38A0AAAF65C0EF02C', 16), + new BigInteger('51DEF1815DB5ED74FCC34C85D709', 16) + ); + $this->setBasePoint( + new BigInteger('4BA30AB5E892B4E1649DD0928643', 16), + new BigInteger('ADCD46F5882E3747DEF36E956E97', 16) + ); + $this->setOrder(new BigInteger('36DF0AAFD8B8D7597CA10520D04B', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp128r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp128r1.php new file mode 100644 index 0000000..7866ad4 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp128r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp128r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC', 16), + new BigInteger('E87579C11079F43DD824993C2CEE5ED3', 16) + ); + $this->setBasePoint( + new BigInteger('161FF7528B899B2D0C28607CA52C5B86', 16), + new BigInteger('CF5AC8395BAFEB13C02DA292DDED7A83', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFE0000000075A30D1B9038A115', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp128r2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp128r2.php new file mode 100644 index 0000000..cf88530 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp128r2.php @@ -0,0 +1,37 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp128r2 extends Prime +{ + public function __construct() + { + // same as secp128r1 + $this->setModulo(new BigInteger('FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('D6031998D1B3BBFEBF59CC9BBFF9AEE1', 16), + new BigInteger('5EEEFCA380D02919DC2C6558BB6D8A5D', 16) + ); + $this->setBasePoint( + new BigInteger('7B6AA5D85E572983E6FB32A7CDEBC140', 16), + new BigInteger('27B6916A894D3AEE7106FE805FC34B44', 16) + ); + $this->setOrder(new BigInteger('3FFFFFFF7FFFFFFFBE0024720613B5A3', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160k1.php new file mode 100644 index 0000000..f86aa1a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160k1.php @@ -0,0 +1,48 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +class secp160k1 extends KoblitzPrime +{ + public function __construct() + { + // same as secp160r2 + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73', 16)); + $this->setCoefficients( + new BigInteger('0000000000000000000000000000000000000000', 16), + new BigInteger('0000000000000000000000000000000000000007', 16) + ); + $this->setBasePoint( + new BigInteger('3B4C382CE37AA192A4019E763036F4F5DD4D7EBB', 16), + new BigInteger('938CF935318FDCED6BC28286531733C3F03C4FEE', 16) + ); + $this->setOrder(new BigInteger('0100000000000000000001B8FA16DFAB9ACA16B6B3', 16)); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('0096341F1138933BC2F505', -16), + 'b' => new BigInteger('FF6E9D0418C67BB8D5F562', -16), + ]; + $this->basis[] = [ + 'a' => new BigInteger('01BDCB3A09AAAABEAFF4A8', -16), + 'b' => new BigInteger('04D12329FF0EF498EA67', -16), + ]; + $this->beta = $this->factory->newInteger(new BigInteger('645B7345A143464942CC46D7CF4D5D1E1E6CBB68', -16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160r1.php new file mode 100644 index 0000000..7b84e0d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp160r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC', 16), + new BigInteger('1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45', 16) + ); + $this->setBasePoint( + new BigInteger('4A96B5688EF573284664698968C38BB913CBFC82', 16), + new BigInteger('23A628553168947D59DCC912042351377AC5FB32', 16) + ); + $this->setOrder(new BigInteger('0100000000000000000001F4C8F927AED3CA752257', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160r2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160r2.php new file mode 100644 index 0000000..6cab3cd --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp160r2.php @@ -0,0 +1,37 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp160r2 extends Prime +{ + public function __construct() + { + // same as secp160k1 + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70', 16), + new BigInteger('B4E134D3FB59EB8BAB57274904664D5AF50388BA', 16) + ); + $this->setBasePoint( + new BigInteger('52DCB034293A117E1F4FF11B30F7199D3144CE6D', 16), + new BigInteger('FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E', 16) + ); + $this->setOrder(new BigInteger('0100000000000000000000351EE786A818F3A1A16B', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp192k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp192k1.php new file mode 100644 index 0000000..0515e0b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp192k1.php @@ -0,0 +1,47 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +class secp192k1 extends KoblitzPrime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37', 16)); + $this->setCoefficients( + new BigInteger('000000000000000000000000000000000000000000000000', 16), + new BigInteger('000000000000000000000000000000000000000000000003', 16) + ); + $this->setBasePoint( + new BigInteger('DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D', 16), + new BigInteger('9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D', 16)); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('00B3FB3400DEC5C4ADCEB8655C', -16), + 'b' => new BigInteger('8EE96418CCF4CFC7124FDA0F', -16), + ]; + $this->basis[] = [ + 'a' => new BigInteger('01D90D03E8F096B9948B20F0A9', -16), + 'b' => new BigInteger('42E49819ABBA9474E1083F6B', -16), + ]; + $this->beta = $this->factory->newInteger(new BigInteger('447A96E6C647963E2F7809FEAAB46947F34B0AA3CA0BBA74', -16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp192r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp192r1.php new file mode 100644 index 0000000..5dc8edb --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp192r1.php @@ -0,0 +1,80 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp192r1 extends Prime +{ + public function __construct() + { + $modulo = new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF', 16); + $this->setModulo($modulo); + + // algorithm 2.27 from http://diamond.boisestate.edu/~liljanab/MATH308/GuideToECC.pdf#page=66 + /* in theory this should be faster than regular modular reductions save for one small issue. + to convert to / from base-2**8 with BCMath you have to call bcmul() and bcdiv() a lot. + to convert to / from base-2**8 with PHP64 you have to call base256_rshift() a lot. + in short, converting to / from base-2**8 is pretty expensive and that expense is + enough to offset whatever else might be gained by a simplified reduction algorithm. + now, if PHP supported unsigned integers things might be different. no bit-shifting + would be required for the PHP engine and it'd be a lot faster. but as is, BigInteger + uses base-2**31 or base-2**26 depending on whether or not the system is has a 32-bit + or a 64-bit OS. + */ + /* + $m_length = $this->getLengthInBytes(); + $this->setReduction(function($c) use ($m_length) { + $cBytes = $c->toBytes(); + $className = $this->className; + + if (strlen($cBytes) > 2 * $m_length) { + list(, $r) = $c->divide($className::$modulo); + return $r; + } + + $c = str_pad($cBytes, 48, "\0", STR_PAD_LEFT); + $c = array_reverse(str_split($c, 8)); + + $null = "\0\0\0\0\0\0\0\0"; + $s1 = new BigInteger($c[2] . $c[1] . $c[0], 256); + $s2 = new BigInteger($null . $c[3] . $c[3], 256); + $s3 = new BigInteger($c[4] . $c[4] . $null, 256); + $s4 = new BigInteger($c[5] . $c[5] . $c[5], 256); + + $r = $s1->add($s2)->add($s3)->add($s4); + while ($r->compare($className::$modulo) >= 0) { + $r = $r->subtract($className::$modulo); + } + + return $r; + }); + */ + + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC', 16), + new BigInteger('64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1', 16) + ); + $this->setBasePoint( + new BigInteger('188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012', 16), + new BigInteger('07192B95FFC8DA78631011ED6B24CDD573F977A11E794811', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp224k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp224k1.php new file mode 100644 index 0000000..4796a56 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp224k1.php @@ -0,0 +1,47 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +class secp224k1 extends KoblitzPrime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D', 16)); + $this->setCoefficients( + new BigInteger('00000000000000000000000000000000000000000000000000000000', 16), + new BigInteger('00000000000000000000000000000000000000000000000000000005', 16) + ); + $this->setBasePoint( + new BigInteger('A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C', 16), + new BigInteger('7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5', 16) + ); + $this->setOrder(new BigInteger('010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7', 16)); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('00B8ADF1378A6EB73409FA6C9C637D', -16), + 'b' => new BigInteger('94730F82B358A3776A826298FA6F', -16), + ]; + $this->basis[] = [ + 'a' => new BigInteger('01DCE8D2EC6184CAF0A972769FCC8B', -16), + 'b' => new BigInteger('4D2100BA3DC75AAB747CCF355DEC', -16), + ]; + $this->beta = $this->factory->newInteger(new BigInteger('01F178FFA4B17C89E6F73AECE2AAD57AF4C0A748B63C830947B27E04', -16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp224r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp224r1.php new file mode 100644 index 0000000..278ced4 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp224r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp224r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE', 16), + new BigInteger('B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4', 16) + ); + $this->setBasePoint( + new BigInteger('B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21', 16), + new BigInteger('BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp256k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp256k1.php new file mode 100644 index 0000000..8ec9e3a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp256k1.php @@ -0,0 +1,51 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +//use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +//class secp256k1 extends Prime +class secp256k1 extends KoblitzPrime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F', 16)); + $this->setCoefficients( + new BigInteger('0000000000000000000000000000000000000000000000000000000000000000', 16), + new BigInteger('0000000000000000000000000000000000000000000000000000000000000007', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141', 16)); + $this->setBasePoint( + new BigInteger('79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798', 16), + new BigInteger('483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8', 16) + ); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('3086D221A7D46BCDE86C90E49284EB15', -16), + 'b' => new BigInteger('FF1BBC8129FEF177D790AB8056F5401B3D', -16), + ]; + $this->basis[] = [ + 'a' => new BigInteger('114CA50F7A8E2F3F657C1108D9D44CFD8', -16), + 'b' => new BigInteger('3086D221A7D46BCDE86C90E49284EB15', -16), + ]; + $this->beta = $this->factory->newInteger(new BigInteger('7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE', -16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp256r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp256r1.php new file mode 100644 index 0000000..ddd6b07 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp256r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp256r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC', 16), + new BigInteger('5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B', 16) + ); + $this->setBasePoint( + new BigInteger('6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296', 16), + new BigInteger('4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp384r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp384r1.php new file mode 100644 index 0000000..abf748a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp384r1.php @@ -0,0 +1,54 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp384r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF', + 16 + )); + $this->setCoefficients( + new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC', + 16 + ), + new BigInteger( + 'B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + 'AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7', + 16 + ), + new BigInteger( + '3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F', + 16 + ) + ); + $this->setOrder(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp521r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp521r1.php new file mode 100644 index 0000000..9de3a83 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/secp521r1.php @@ -0,0 +1,48 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp521r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFF', 16)); + $this->setCoefficients( + new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFC', 16), + new BigInteger('0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF1' . + '09E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B50' . + '3F00', 16) + ); + $this->setBasePoint( + new BigInteger('00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D' . + '3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5' . + 'BD66', 16), + new BigInteger('011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E' . + '662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD1' . + '6650', 16) + ); + $this->setOrder(new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E9138' . + '6409', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect113r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect113r1.php new file mode 100644 index 0000000..b2f5f27 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect113r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect113r1 extends Binary +{ + public function __construct() + { + $this->setModulo(113, 9, 0); + $this->setCoefficients( + '003088250CA6E7C7FE649CE85820F7', + '00E8BEE4D3E2260744188BE0E9C723' + ); + $this->setBasePoint( + '009D73616F35F4AB1407D73562C10F', + '00A52830277958EE84D1315ED31886' + ); + $this->setOrder(new BigInteger('0100000000000000D9CCEC8A39E56F', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect113r2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect113r2.php new file mode 100644 index 0000000..531ccd6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect113r2.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect113r2 extends Binary +{ + public function __construct() + { + $this->setModulo(113, 9, 0); + $this->setCoefficients( + '00689918DBEC7E5A0DD6DFC0AA55C7', + '0095E9A9EC9B297BD4BF36E059184F' + ); + $this->setBasePoint( + '01A57A6A7B26CA5EF52FCDB8164797', + '00B3ADC94ED1FE674C06E695BABA1D' + ); + $this->setOrder(new BigInteger('010000000000000108789B2496AF93', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect131r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect131r1.php new file mode 100644 index 0000000..e6d2f4f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect131r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect131r1 extends Binary +{ + public function __construct() + { + $this->setModulo(131, 8, 3, 2, 0); + $this->setCoefficients( + '07A11B09A76B562144418FF3FF8C2570B8', + '0217C05610884B63B9C6C7291678F9D341' + ); + $this->setBasePoint( + '0081BAF91FDF9833C40F9C181343638399', + '078C6E7EA38C001F73C8134B1B4EF9E150' + ); + $this->setOrder(new BigInteger('0400000000000000023123953A9464B54D', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect131r2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect131r2.php new file mode 100644 index 0000000..6c8da6a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect131r2.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect131r2 extends Binary +{ + public function __construct() + { + $this->setModulo(131, 8, 3, 2, 0); + $this->setCoefficients( + '03E5A88919D7CAFCBF415F07C2176573B2', + '04B8266A46C55657AC734CE38F018F2192' + ); + $this->setBasePoint( + '0356DCD8F2F95031AD652D23951BB366A8', + '0648F06D867940A5366D9E265DE9EB240F' + ); + $this->setOrder(new BigInteger('0400000000000000016954A233049BA98F', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163k1.php new file mode 100644 index 0000000..95b5ad3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163k1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect163k1 extends Binary +{ + public function __construct() + { + $this->setModulo(163, 7, 6, 3, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000001', + '000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8', + '0289070FB05D38FF58321F2E800536D538CCDAA3D9' + ); + $this->setOrder(new BigInteger('04000000000000000000020108A2E0CC0D99F8A5EF', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163r1.php new file mode 100644 index 0000000..a73e2b3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect163r1 extends Binary +{ + public function __construct() + { + $this->setModulo(163, 7, 6, 3, 0); + $this->setCoefficients( + '07B6882CAAEFA84F9554FF8428BD88E246D2782AE2', + '0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9' + ); + $this->setBasePoint( + '0369979697AB43897789566789567F787A7876A654', + '00435EDB42EFAFB2989D51FEFCE3C80988F41FF883' + ); + $this->setOrder(new BigInteger('03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163r2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163r2.php new file mode 100644 index 0000000..3c09aae --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect163r2.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect163r2 extends Binary +{ + public function __construct() + { + $this->setModulo(163, 7, 6, 3, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000001', + '020A601907B8C953CA1481EB10512F78744A3205FD' + ); + $this->setBasePoint( + '03F0EBA16286A2D57EA0991168D4994637E8343E36', + '00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1' + ); + $this->setOrder(new BigInteger('040000000000000000000292FE77E70C12A4234C33', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect193r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect193r1.php new file mode 100644 index 0000000..3ae056a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect193r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect193r1 extends Binary +{ + public function __construct() + { + $this->setModulo(193, 15, 0); + $this->setCoefficients( + '0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01', + '00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814' + ); + $this->setBasePoint( + '01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1', + '0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05' + ); + $this->setOrder(new BigInteger('01000000000000000000000000C7F34A778F443ACC920EBA49', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect193r2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect193r2.php new file mode 100644 index 0000000..6625f16 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect193r2.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect193r2 extends Binary +{ + public function __construct() + { + $this->setModulo(193, 15, 0); + $this->setCoefficients( + '0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B', + '00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE' + ); + $this->setBasePoint( + '00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F', + '01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C' + ); + $this->setOrder(new BigInteger('010000000000000000000000015AAB561B005413CCD4EE99D5', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect233k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect233k1.php new file mode 100644 index 0000000..f2f5035 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect233k1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect233k1 extends Binary +{ + public function __construct() + { + $this->setModulo(233, 74, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126', + '01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3' + ); + $this->setOrder(new BigInteger('8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect233r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect233r1.php new file mode 100644 index 0000000..459a477 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect233r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect233r1 extends Binary +{ + public function __construct() + { + $this->setModulo(233, 74, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000001', + '0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD' + ); + $this->setBasePoint( + '00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B', + '01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052' + ); + $this->setOrder(new BigInteger('01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect239k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect239k1.php new file mode 100644 index 0000000..f7c1ce6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect239k1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect239k1 extends Binary +{ + public function __construct() + { + $this->setModulo(239, 158, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC', + '76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA' + ); + $this->setOrder(new BigInteger('2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect283k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect283k1.php new file mode 100644 index 0000000..f9dac72 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect283k1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect283k1 extends Binary +{ + public function __construct() + { + $this->setModulo(283, 12, 7, 5, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836', + '01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259' + ); + $this->setOrder(new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect283r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect283r1.php new file mode 100644 index 0000000..a22d460 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect283r1.php @@ -0,0 +1,36 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect283r1 extends Binary +{ + public function __construct() + { + $this->setModulo(283, 12, 7, 5, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000001', + '027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5' + ); + $this->setBasePoint( + '05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053', + '03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4' + ); + $this->setOrder(new BigInteger('03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307', 16)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect409k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect409k1.php new file mode 100644 index 0000000..abb3bb2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect409k1.php @@ -0,0 +1,40 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect409k1 extends Binary +{ + public function __construct() + { + $this->setModulo(409, 87, 0); + $this->setCoefficients( + '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', + '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746', + '01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B' + ); + $this->setOrder(new BigInteger( + '7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F' . + '83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect409r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect409r1.php new file mode 100644 index 0000000..03a92db --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect409r1.php @@ -0,0 +1,40 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect409r1 extends Binary +{ + public function __construct() + { + $this->setModulo(409, 87, 0); + $this->setCoefficients( + '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001', + '0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F' + ); + $this->setBasePoint( + '015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7', + '0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706' + ); + $this->setOrder(new BigInteger( + '010000000000000000000000000000000000000000000000000001E2' . + 'AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect571k1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect571k1.php new file mode 100644 index 0000000..06901bb --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect571k1.php @@ -0,0 +1,44 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect571k1 extends Binary +{ + public function __construct() + { + $this->setModulo(571, 10, 5, 2, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000000' . + '000000000000000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000000000000000000' . + '000000000000000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709584' . + '93B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972', + '0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0' . + 'AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3' + ); + $this->setOrder(new BigInteger( + '020000000000000000000000000000000000000000000000000000000000000000000000' . + '131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect571r1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect571r1.php new file mode 100644 index 0000000..3d79f9e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Curves/sect571r1.php @@ -0,0 +1,44 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect571r1 extends Binary +{ + public function __construct() + { + $this->setModulo(571, 10, 5, 2, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000000' . + '000000000000000000000000000000000000000000000000000000000000000000000001', + '02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD' . + '8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A' + ); + $this->setBasePoint( + '0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950' . + 'F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19', + '037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43' . + 'BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B' + ); + $this->setOrder(new BigInteger( + '03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'E661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47', + 16 + )); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/Common.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/Common.php new file mode 100644 index 0000000..4695a14 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/Common.php @@ -0,0 +1,547 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Binary as BinaryCurve; +use phpseclib3\Crypt\EC\BaseCurves\Prime as PrimeCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * Generic EC Key Parsing Helper functions + * + * @author Jim Wigginton + */ +trait Common +{ + /** + * Curve OIDs + * + * @var array + */ + private static $curveOIDs = []; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Use Named Curves + * + * @var bool + */ + private static $useNamedCurves = true; + + /** + * Initialize static variables + */ + private static function initialize_static_variables(): void + { + if (empty(self::$curveOIDs)) { + // the sec* curves are from the standards for efficient cryptography group + // sect* curves are curves over binary finite fields + // secp* curves are curves over prime finite fields + // sec*r* curves are regular curves; sec*k* curves are koblitz curves + // brainpool*r* curves are regular prime finite field curves + // brainpool*t* curves are twisted versions of the brainpool*r* curves + self::$curveOIDs = [ + 'prime192v1' => '1.2.840.10045.3.1.1', // J.5.1, example 1 (aka secp192r1) + 'prime192v2' => '1.2.840.10045.3.1.2', // J.5.1, example 2 + 'prime192v3' => '1.2.840.10045.3.1.3', // J.5.1, example 3 + 'prime239v1' => '1.2.840.10045.3.1.4', // J.5.2, example 1 + 'prime239v2' => '1.2.840.10045.3.1.5', // J.5.2, example 2 + 'prime239v3' => '1.2.840.10045.3.1.6', // J.5.2, example 3 + 'prime256v1' => '1.2.840.10045.3.1.7', // J.5.3, example 1 (aka secp256r1) + + // https://tools.ietf.org/html/rfc5656#section-10 + 'nistp256' => '1.2.840.10045.3.1.7', // aka secp256r1 + 'nistp384' => '1.3.132.0.34', // aka secp384r1 + 'nistp521' => '1.3.132.0.35', // aka secp521r1 + + 'nistk163' => '1.3.132.0.1', // aka sect163k1 + 'nistp192' => '1.2.840.10045.3.1.1', // aka secp192r1 + 'nistp224' => '1.3.132.0.33', // aka secp224r1 + 'nistk233' => '1.3.132.0.26', // aka sect233k1 + 'nistb233' => '1.3.132.0.27', // aka sect233r1 + 'nistk283' => '1.3.132.0.16', // aka sect283k1 + 'nistk409' => '1.3.132.0.36', // aka sect409k1 + 'nistb409' => '1.3.132.0.37', // aka sect409r1 + 'nistt571' => '1.3.132.0.38', // aka sect571k1 + + // from https://tools.ietf.org/html/rfc5915 + 'secp192r1' => '1.2.840.10045.3.1.1', // aka prime192v1 + 'sect163k1' => '1.3.132.0.1', + 'sect163r2' => '1.3.132.0.15', + 'secp224r1' => '1.3.132.0.33', + 'sect233k1' => '1.3.132.0.26', + 'sect233r1' => '1.3.132.0.27', + 'secp256r1' => '1.2.840.10045.3.1.7', // aka prime256v1 + 'sect283k1' => '1.3.132.0.16', + 'sect283r1' => '1.3.132.0.17', + 'secp384r1' => '1.3.132.0.34', + 'sect409k1' => '1.3.132.0.36', + 'sect409r1' => '1.3.132.0.37', + 'secp521r1' => '1.3.132.0.35', + 'sect571k1' => '1.3.132.0.38', + 'sect571r1' => '1.3.132.0.39', + // from http://www.secg.org/SEC2-Ver-1.0.pdf + 'secp112r1' => '1.3.132.0.6', + 'secp112r2' => '1.3.132.0.7', + 'secp128r1' => '1.3.132.0.28', + 'secp128r2' => '1.3.132.0.29', + 'secp160k1' => '1.3.132.0.9', + 'secp160r1' => '1.3.132.0.8', + 'secp160r2' => '1.3.132.0.30', + 'secp192k1' => '1.3.132.0.31', + 'secp224k1' => '1.3.132.0.32', + 'secp256k1' => '1.3.132.0.10', + + 'sect113r1' => '1.3.132.0.4', + 'sect113r2' => '1.3.132.0.5', + 'sect131r1' => '1.3.132.0.22', + 'sect131r2' => '1.3.132.0.23', + 'sect163r1' => '1.3.132.0.2', + 'sect193r1' => '1.3.132.0.24', + 'sect193r2' => '1.3.132.0.25', + 'sect239k1' => '1.3.132.0.3', + + // from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977&rep=rep1&type=pdf#page=36 + /* + 'c2pnb163v1' => '1.2.840.10045.3.0.1', // J.4.1, example 1 + 'c2pnb163v2' => '1.2.840.10045.3.0.2', // J.4.1, example 2 + 'c2pnb163v3' => '1.2.840.10045.3.0.3', // J.4.1, example 3 + 'c2pnb172w1' => '1.2.840.10045.3.0.4', // J.4.2, example 1 + 'c2tnb191v1' => '1.2.840.10045.3.0.5', // J.4.3, example 1 + 'c2tnb191v2' => '1.2.840.10045.3.0.6', // J.4.3, example 2 + 'c2tnb191v3' => '1.2.840.10045.3.0.7', // J.4.3, example 3 + 'c2onb191v4' => '1.2.840.10045.3.0.8', // J.4.3, example 4 + 'c2onb191v5' => '1.2.840.10045.3.0.9', // J.4.3, example 5 + 'c2pnb208w1' => '1.2.840.10045.3.0.10', // J.4.4, example 1 + 'c2tnb239v1' => '1.2.840.10045.3.0.11', // J.4.5, example 1 + 'c2tnb239v2' => '1.2.840.10045.3.0.12', // J.4.5, example 2 + 'c2tnb239v3' => '1.2.840.10045.3.0.13', // J.4.5, example 3 + 'c2onb239v4' => '1.2.840.10045.3.0.14', // J.4.5, example 4 + 'c2onb239v5' => '1.2.840.10045.3.0.15', // J.4.5, example 5 + 'c2pnb272w1' => '1.2.840.10045.3.0.16', // J.4.6, example 1 + 'c2pnb304w1' => '1.2.840.10045.3.0.17', // J.4.7, example 1 + 'c2tnb359v1' => '1.2.840.10045.3.0.18', // J.4.8, example 1 + 'c2pnb368w1' => '1.2.840.10045.3.0.19', // J.4.9, example 1 + 'c2tnb431r1' => '1.2.840.10045.3.0.20', // J.4.10, example 1 + */ + + // http://www.ecc-brainpool.org/download/Domain-parameters.pdf + // https://tools.ietf.org/html/rfc5639 + 'brainpoolP160r1' => '1.3.36.3.3.2.8.1.1.1', + 'brainpoolP160t1' => '1.3.36.3.3.2.8.1.1.2', + 'brainpoolP192r1' => '1.3.36.3.3.2.8.1.1.3', + 'brainpoolP192t1' => '1.3.36.3.3.2.8.1.1.4', + 'brainpoolP224r1' => '1.3.36.3.3.2.8.1.1.5', + 'brainpoolP224t1' => '1.3.36.3.3.2.8.1.1.6', + 'brainpoolP256r1' => '1.3.36.3.3.2.8.1.1.7', + 'brainpoolP256t1' => '1.3.36.3.3.2.8.1.1.8', + 'brainpoolP320r1' => '1.3.36.3.3.2.8.1.1.9', + 'brainpoolP320t1' => '1.3.36.3.3.2.8.1.1.10', + 'brainpoolP384r1' => '1.3.36.3.3.2.8.1.1.11', + 'brainpoolP384t1' => '1.3.36.3.3.2.8.1.1.12', + 'brainpoolP512r1' => '1.3.36.3.3.2.8.1.1.13', + 'brainpoolP512t1' => '1.3.36.3.3.2.8.1.1.14', + ]; + ASN1::loadOIDs([ + 'prime-field' => '1.2.840.10045.1.1', + 'characteristic-two-field' => '1.2.840.10045.1.2', + 'characteristic-two-basis' => '1.2.840.10045.1.2.3', + // per http://www.secg.org/SEC1-Ver-1.0.pdf#page=84, gnBasis "not used here" + 'gnBasis' => '1.2.840.10045.1.2.3.1', // NULL + 'tpBasis' => '1.2.840.10045.1.2.3.2', // Trinomial + 'ppBasis' => '1.2.840.10045.1.2.3.3', // Pentanomial + ] + self::$curveOIDs); + } + } + + /** + * Explicitly set the curve + * + * If the key contains an implicit curve phpseclib needs the curve + * to be explicitly provided + */ + public static function setImplicitCurve(BaseCurve $curve): void + { + self::$implicitCurve = $curve; + } + + /** + * Returns an instance of \phpseclib3\Crypt\EC\BaseCurves\Base based + * on the curve parameters + * + * @return BaseCurve|false + */ + protected static function loadCurveByParam(array $params) + { + if (count($params) > 1) { + throw new RuntimeException('No parameters are present'); + } + if (isset($params['namedCurve'])) { + $curve = '\phpseclib3\Crypt\EC\Curves\\' . $params['namedCurve']; + if (!class_exists($curve)) { + throw new UnsupportedCurveException('Named Curve of ' . $params['namedCurve'] . ' is not supported'); + } + return new $curve(); + } + if (isset($params['implicitCurve'])) { + if (!isset(self::$implicitCurve)) { + throw new RuntimeException('Implicit curves can be provided by calling setImplicitCurve'); + } + return self::$implicitCurve; + } + if (isset($params['specifiedCurve'])) { + $data = $params['specifiedCurve']; + switch ($data['fieldID']['fieldType']) { + case 'prime-field': + $curve = new PrimeCurve(); + $curve->setModulo($data['fieldID']['parameters']); + $curve->setCoefficients( + new BigInteger($data['curve']['a'], 256), + new BigInteger($data['curve']['b'], 256) + ); + $point = self::extractPoint("\0" . $data['base'], $curve); + $curve->setBasePoint(...$point); + $curve->setOrder($data['order']); + return $curve; + case 'characteristic-two-field': + $curve = new BinaryCurve(); + $params = ASN1::decodeBER($data['fieldID']['parameters']); + $params = ASN1::asn1map($params[0], Maps\Characteristic_two::MAP); + $modulo = [(int) $params['m']->toString()]; + switch ($params['basis']) { + case 'tpBasis': + $modulo[] = (int) $params['parameters']->toString(); + break; + case 'ppBasis': + $temp = ASN1::decodeBER($params['parameters']); + $temp = ASN1::asn1map($temp[0], Maps\Pentanomial::MAP); + $modulo[] = (int) $temp['k3']->toString(); + $modulo[] = (int) $temp['k2']->toString(); + $modulo[] = (int) $temp['k1']->toString(); + } + $modulo[] = 0; + $curve->setModulo(...$modulo); + $len = ceil($modulo[0] / 8); + $curve->setCoefficients( + Strings::bin2hex($data['curve']['a']), + Strings::bin2hex($data['curve']['b']) + ); + $point = self::extractPoint("\0" . $data['base'], $curve); + $curve->setBasePoint(...$point); + $curve->setOrder($data['order']); + return $curve; + default: + throw new UnsupportedCurveException('Field Type of ' . $data['fieldID']['fieldType'] . ' is not supported'); + } + } + throw new RuntimeException('No valid parameters are present'); + } + + /** + * Extract points from a string + * + * Supports both compressed and uncompressed points + * + * @return object[] + */ + public static function extractPoint(string $str, BaseCurve $curve): array + { + if ($curve instanceof TwistedEdwardsCurve) { + // first step of point deciding as discussed at the following URL's: + // https://tools.ietf.org/html/rfc8032#section-5.1.3 + // https://tools.ietf.org/html/rfc8032#section-5.2.3 + $y = $str; + $y = strrev($y); + $sign = (bool) (ord($y[0]) & 0x80); + $y[0] = $y[0] & chr(0x7F); + $y = new BigInteger($y, 256); + if ($y->compare($curve->getModulo()) >= 0) { + throw new RuntimeException('The Y coordinate should not be >= the modulo'); + } + $point = $curve->recoverX($y, $sign); + if (!$curve->verifyPoint($point)) { + throw new RuntimeException('Unable to verify that point exists on curve'); + } + return $point; + } + + // the first byte of a bit string represents the number of bits in the last byte that are to be ignored but, + // currently, bit strings wanting a non-zero amount of bits trimmed are not supported + if (($val = Strings::shift($str)) != "\0") { + throw new UnexpectedValueException('extractPoint expects the first byte to be null - not ' . Strings::bin2hex($val)); + } + if ($str == "\0") { + return []; + } + + $keylen = strlen($str); + $order = $curve->getLengthInBytes(); + // point compression is being used + if ($keylen == $order + 1) { + return $curve->derivePoint($str); + } + + // point compression is not being used + if ($keylen == 2 * $order + 1) { + preg_match("#(.)(.{{$order}})(.{{$order}})#s", $str, $matches); + [, $w, $x, $y] = $matches; + if ($w != "\4") { + throw new UnexpectedValueException('The first byte of an uncompressed point should be 04 - not ' . Strings::bin2hex($val)); + } + $point = [ + $curve->convertInteger(new BigInteger($x, 256)), + $curve->convertInteger(new BigInteger($y, 256)), + ]; + + if (!$curve->verifyPoint($point)) { + throw new RuntimeException('Unable to verify that point exists on curve'); + } + + return $point; + } + + throw new UnexpectedValueException('The string representation of the points is not of an appropriate length'); + } + + /** + * Encode Parameters + * + * @param bool $returnArray optional + * @param array $options optional + * @return string|false + * @todo Maybe at some point this could be moved to __toString() for each of the curves? + */ + private static function encodeParameters(BaseCurve $curve, bool $returnArray = false, array $options = []) + { + $useNamedCurves = $options['namedCurve'] ?? self::$useNamedCurves; + + $reflect = new \ReflectionClass($curve); + $name = $reflect->getShortName(); + if ($useNamedCurves) { + if (isset(self::$curveOIDs[$name])) { + if ($reflect->isFinal()) { + $reflect = $reflect->getParentClass(); + $name = $reflect->getShortName(); + } + return $returnArray ? + ['namedCurve' => $name] : + ASN1::encodeDER(['namedCurve' => $name], Maps\ECParameters::MAP); + } + foreach (new \DirectoryIterator(__DIR__ . '/../../Curves/') as $file) { + if ($file->getExtension() != 'php') { + continue; + } + $testName = $file->getBasename('.php'); + $class = 'phpseclib3\Crypt\EC\Curves\\' . $testName; + $reflect = new \ReflectionClass($class); + if ($reflect->isFinal()) { + continue; + } + $candidate = new $class(); + switch ($name) { + case 'Prime': + if (!$candidate instanceof PrimeCurve) { + break; + } + if (!$candidate->getModulo()->equals($curve->getModulo())) { + break; + } + if ($candidate->getA()->toBytes() != $curve->getA()->toBytes()) { + break; + } + if ($candidate->getB()->toBytes() != $curve->getB()->toBytes()) { + break; + } + + [$candidateX, $candidateY] = $candidate->getBasePoint(); + [$curveX, $curveY] = $curve->getBasePoint(); + if ($candidateX->toBytes() != $curveX->toBytes()) { + break; + } + if ($candidateY->toBytes() != $curveY->toBytes()) { + break; + } + + return $returnArray ? + ['namedCurve' => $testName] : + ASN1::encodeDER(['namedCurve' => $testName], Maps\ECParameters::MAP); + case 'Binary': + if (!$candidate instanceof BinaryCurve) { + break; + } + if ($candidate->getModulo() != $curve->getModulo()) { + break; + } + if ($candidate->getA()->toBytes() != $curve->getA()->toBytes()) { + break; + } + if ($candidate->getB()->toBytes() != $curve->getB()->toBytes()) { + break; + } + + [$candidateX, $candidateY] = $candidate->getBasePoint(); + [$curveX, $curveY] = $curve->getBasePoint(); + if ($candidateX->toBytes() != $curveX->toBytes()) { + break; + } + if ($candidateY->toBytes() != $curveY->toBytes()) { + break; + } + + return $returnArray ? + ['namedCurve' => $testName] : + ASN1::encodeDER(['namedCurve' => $testName], Maps\ECParameters::MAP); + } + } + } + + $order = $curve->getOrder(); + // we could try to calculate the order thusly: + // https://crypto.stackexchange.com/a/27914/4520 + // https://en.wikipedia.org/wiki/Schoof%E2%80%93Elkies%E2%80%93Atkin_algorithm + if (!$order) { + throw new RuntimeException('Specified Curves need the order to be specified'); + } + $point = $curve->getBasePoint(); + $x = $point[0]->toBytes(); + $y = $point[1]->toBytes(); + + if ($curve instanceof PrimeCurve) { + /* + * valid versions are: + * + * ecdpVer1: + * - neither the curve or the base point are generated verifiably randomly. + * ecdpVer2: + * - curve and base point are generated verifiably at random and curve.seed is present + * ecdpVer3: + * - base point is generated verifiably at random but curve is not. curve.seed is present + */ + // other (optional) parameters can be calculated using the methods discused at + // https://crypto.stackexchange.com/q/28947/4520 + $data = [ + 'version' => 'ecdpVer1', + 'fieldID' => [ + 'fieldType' => 'prime-field', + 'parameters' => $curve->getModulo(), + ], + 'curve' => [ + 'a' => $curve->getA()->toBytes(), + 'b' => $curve->getB()->toBytes(), + ], + 'base' => "\4" . $x . $y, + 'order' => $order, + ]; + + return $returnArray ? + ['specifiedCurve' => $data] : + ASN1::encodeDER(['specifiedCurve' => $data], Maps\ECParameters::MAP); + } + if ($curve instanceof BinaryCurve) { + $modulo = $curve->getModulo(); + $basis = count($modulo); + $m = array_shift($modulo); + array_pop($modulo); // the last parameter should always be 0 + //rsort($modulo); + switch ($basis) { + case 3: + $basis = 'tpBasis'; + $modulo = new BigInteger($modulo[0]); + break; + case 5: + $basis = 'ppBasis'; + // these should be in strictly ascending order (hence the commented out rsort above) + $modulo = [ + 'k1' => new BigInteger($modulo[2]), + 'k2' => new BigInteger($modulo[1]), + 'k3' => new BigInteger($modulo[0]), + ]; + $modulo = ASN1::encodeDER($modulo, Maps\Pentanomial::MAP); + $modulo = new ASN1\Element($modulo); + } + $params = ASN1::encodeDER([ + 'm' => new BigInteger($m), + 'basis' => $basis, + 'parameters' => $modulo, + ], Maps\Characteristic_two::MAP); + $params = new ASN1\Element($params); + $a = ltrim($curve->getA()->toBytes(), "\0"); + if (!strlen($a)) { + $a = "\0"; + } + $b = ltrim($curve->getB()->toBytes(), "\0"); + if (!strlen($b)) { + $b = "\0"; + } + $data = [ + 'version' => 'ecdpVer1', + 'fieldID' => [ + 'fieldType' => 'characteristic-two-field', + 'parameters' => $params, + ], + 'curve' => [ + 'a' => $a, + 'b' => $b, + ], + 'base' => "\4" . $x . $y, + 'order' => $order, + ]; + + return $returnArray ? + ['specifiedCurve' => $data] : + ASN1::encodeDER(['specifiedCurve' => $data], Maps\ECParameters::MAP); + } + + throw new UnsupportedCurveException('Curve cannot be serialized'); + } + + /** + * Use Specified Curve + * + * A specified curve has all the coefficients, the base points, etc, explicitely included. + * A specified curve is a more verbose way of representing a curve + */ + public static function useSpecifiedCurve(): void + { + self::$useNamedCurves = false; + } + + /** + * Use Named Curve + * + * A named curve does not include any parameters. It is up to the EC parameters to + * know what the coefficients, the base points, etc, are from the name of the curve. + * A named curve is a more concise way of representing a curve + */ + public static function useNamedCurve(): void + { + self::$useNamedCurves = true; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/JWK.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/JWK.php new file mode 100644 index 0000000..601aee6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/JWK.php @@ -0,0 +1,184 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\JWK as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Curves\secp256k1; +use phpseclib3\Crypt\EC\Curves\secp256r1; +use phpseclib3\Crypt\EC\Curves\secp384r1; +use phpseclib3\Crypt\EC\Curves\secp521r1; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; + +/** + * JWK Formatted EC Handler + * + * @author Jim Wigginton + */ +abstract class JWK extends Progenitor +{ + use Common; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $key = parent::loadHelper($key); + + switch ($key->kty) { + case 'EC': + switch ($key->crv) { + case 'P-256': + case 'P-384': + case 'P-521': + case 'secp256k1': + break; + default: + throw new UnsupportedCurveException('Only P-256, P-384, P-521 and secp256k1 curves are accepted (' . $key->crv . ' provided)'); + } + break; + case 'OKP': + switch ($key->crv) { + case 'Ed25519': + case 'Ed448': + break; + default: + throw new UnsupportedCurveException('Only Ed25519 and Ed448 curves are accepted (' . $key->crv . ' provided)'); + } + break; + default: + throw new \Exception('Only EC and OKP JWK keys are supported'); + } + + $curve = '\phpseclib3\Crypt\EC\Curves\\' . str_replace('P-', 'nistp', $key->crv); + $curve = new $curve(); + + if ($curve instanceof TwistedEdwardsCurve) { + $QA = self::extractPoint(Strings::base64url_decode($key->x), $curve); + if (!isset($key->d)) { + return compact('curve', 'QA'); + } + $arr = $curve->extractSecret(Strings::base64url_decode($key->d)); + return compact('curve', 'QA') + $arr; + } + + $QA = [ + $curve->convertInteger(new BigInteger(Strings::base64url_decode($key->x), 256)), + $curve->convertInteger(new BigInteger(Strings::base64url_decode($key->y), 256)), + ]; + + if (!$curve->verifyPoint($QA)) { + throw new \RuntimeException('Unable to verify that point exists on curve'); + } + + if (!isset($key->d)) { + return compact('curve', 'QA'); + } + + $dA = new BigInteger(Strings::base64url_decode($key->d), 256); + + $curve->rangeCheck($dA); + + return compact('curve', 'dA', 'QA'); + } + + /** + * Returns the alias that corresponds to a curve + * + * @return string + */ + private static function getAlias(BaseCurve $curve) + { + switch (true) { + case $curve instanceof secp256r1: + return 'P-256'; + case $curve instanceof secp384r1: + return 'P-384'; + case $curve instanceof secp521r1: + return 'P-521'; + case $curve instanceof secp256k1: + return 'secp256k1'; + } + + $reflect = new \ReflectionClass($curve); + $curveName = $reflect->isFinal() ? + $reflect->getParentClass()->getShortName() : + $reflect->getShortName(); + throw new UnsupportedCurveException("$curveName is not a supported curve"); + } + + /** + * Return the array superstructure for an EC public key + * + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + */ + private static function savePublicKeyHelper(BaseCurve $curve, array $publicKey): array + { + if ($curve instanceof TwistedEdwardsCurve) { + return [ + 'kty' => 'OKP', + 'crv' => $curve instanceof Ed25519 ? 'Ed25519' : 'Ed448', + 'x' => Strings::base64url_encode($curve->encodePoint($publicKey)), + ]; + } + + return [ + 'kty' => 'EC', + 'crv' => self::getAlias($curve), + 'x' => Strings::base64url_encode($publicKey[0]->toBytes()), + 'y' => Strings::base64url_encode($publicKey[1]->toBytes()), + ]; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []): string + { + $key = self::savePublicKeyHelper($curve, $publicKey); + + return self::wrapKey($key, $options); + } + + /** + * Convert a private key to the appropriate format. + * + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + */ + public static function savePrivateKey( + BigInteger $privateKey, + BaseCurve $curve, + array $publicKey, + ?string $secret = null, + ?string $password = null, + array $options = [] + ): string { + $key = self::savePublicKeyHelper($curve, $publicKey); + $key['d'] = $curve instanceof TwistedEdwardsCurve ? $secret : $privateKey->toBytes(); + $key['d'] = Strings::base64url_encode($key['d']); + + return self::wrapKey($key, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php new file mode 100644 index 0000000..dedaa25 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php @@ -0,0 +1,93 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Curve448; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * Montgomery Curve Private Key Handler + * + * @author Jim Wigginton + */ +abstract class MontgomeryPrivate +{ + /** + * Is invisible flag + */ + public const IS_INVISIBLE = true; + + /** + * Break a public or private key down into its constituent components + */ + public static function load(string $key, ?string $password = null): array + { + switch (strlen($key)) { + case 32: + $curve = new Curve25519(); + break; + case 56: + $curve = new Curve448(); + break; + default: + throw new LengthException('The only supported lengths are 32 and 56'); + } + + $components = ['curve' => $curve]; + $components['dA'] = new BigInteger($key, 256); + $curve->rangeCheck($components['dA']); + // note that EC::getEncodedCoordinates does some additional "magic" (it does strrev on the result) + $components['QA'] = $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param Integer[] $publicKey + */ + public static function savePublicKey(MontgomeryCurve $curve, array $publicKey): string + { + return strrev($publicKey[0]->toBytes()); + } + + /** + * Convert a private key to the appropriate format. + * + * @param Integer[] $publicKey + */ + public static function savePrivateKey(BigInteger $privateKey, MontgomeryCurve $curve, array $publicKey, ?string $password = null): string + { + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('MontgomeryPrivate private keys do not support encryption'); + } + + return $privateKey->toBytes(); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPublic.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPublic.php new file mode 100644 index 0000000..5d2afd1 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPublic.php @@ -0,0 +1,68 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Curve448; +use phpseclib3\Exception\LengthException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * Montgomery Public Key Handler + * + * @author Jim Wigginton + */ +abstract class MontgomeryPublic +{ + /** + * Is invisible flag + */ + public const IS_INVISIBLE = true; + + /** + * Break a public or private key down into its constituent components + */ + public static function load(string $key, ?string $password = null): array + { + switch (strlen($key)) { + case 32: + $curve = new Curve25519(); + break; + case 56: + $curve = new Curve448(); + break; + default: + throw new LengthException('The only supported lengths are 32 and 56'); + } + + $components = ['curve' => $curve]; + $components['QA'] = [$components['curve']->convertInteger(new BigInteger(strrev($key), 256))]; + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param Integer[] $publicKey + */ + public static function savePublicKey(MontgomeryCurve $curve, array $publicKey): string + { + return strrev($publicKey[0]->toBytes()); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..4de4e5b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/OpenSSH.php @@ -0,0 +1,208 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\OpenSSH as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * OpenSSH Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH extends Progenitor +{ + use Common; + + /** + * Supported Key Types + * + * @var array + */ + protected static $types = [ + 'ecdsa-sha2-nistp256', + 'ecdsa-sha2-nistp384', + 'ecdsa-sha2-nistp521', + 'ssh-ed25519', + ]; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $parsed = parent::load($key, $password); + + if (isset($parsed['paddedKey'])) { + $paddedKey = $parsed['paddedKey']; + [$type] = Strings::unpackSSH2('s', $paddedKey); + if ($type != $parsed['type']) { + throw new RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])"); + } + if ($type == 'ssh-ed25519') { + [, $key, $comment] = Strings::unpackSSH2('sss', $paddedKey); + $key = libsodium::load($key); + $key['comment'] = $comment; + return $key; + } + [$curveName, $publicKey, $privateKey, $comment] = Strings::unpackSSH2('ssis', $paddedKey); + $curve = self::loadCurveByParam(['namedCurve' => $curveName]); + $curve->rangeCheck($privateKey); + return [ + 'curve' => $curve, + 'dA' => $privateKey, + 'QA' => self::extractPoint("\0$publicKey", $curve), + 'comment' => $comment, + ]; + } + + if ($parsed['type'] == 'ssh-ed25519') { + if (Strings::shift($parsed['publicKey'], 4) != "\0\0\0\x20") { + throw new RuntimeException('Length of ssh-ed25519 key should be 32'); + } + + $curve = new Ed25519(); + $qa = self::extractPoint($parsed['publicKey'], $curve); + } else { + [$curveName, $publicKey] = Strings::unpackSSH2('ss', $parsed['publicKey']); + $curveName = '\phpseclib3\Crypt\EC\Curves\\' . $curveName; + $curve = new $curveName(); + + $qa = self::extractPoint("\0" . $publicKey, $curve); + } + + return [ + 'curve' => $curve, + 'QA' => $qa, + 'comment' => $parsed['comment'], + ]; + } + + /** + * Returns the alias that corresponds to a curve + */ + private static function getAlias(BaseCurve $curve): string + { + self::initialize_static_variables(); + + $reflect = new \ReflectionClass($curve); + $name = $reflect->getShortName(); + + $oid = self::$curveOIDs[$name]; + $aliases = array_filter(self::$curveOIDs, fn ($v) => $v == $oid); + $aliases = array_keys($aliases); + + for ($i = 0; $i < count($aliases); $i++) { + if (in_array('ecdsa-sha2-' . $aliases[$i], self::$types)) { + $alias = $aliases[$i]; + break; + } + } + + if (!isset($alias)) { + throw new UnsupportedCurveException($name . ' is not a curve that the OpenSSH plugin supports'); + } + + return $alias; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param Integer[] $publicKey + * @param array $options optional + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []): string + { + $comment = $options['comment'] ?? self::$comment; + + if ($curve instanceof Ed25519) { + $key = Strings::packSSH2('ss', 'ssh-ed25519', $curve->encodePoint($publicKey)); + + if ($options['binary'] ?? self::$binary) { + return $key; + } + + $key = 'ssh-ed25519 ' . base64_encode($key) . ' ' . $comment; + return $key; + } + + $alias = self::getAlias($curve); + + $points = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + $key = Strings::packSSH2('sss', 'ecdsa-sha2-' . $alias, $alias, $points); + + if ($options['binary'] ?? self::$binary) { + return $key; + } + + $key = 'ecdsa-sha2-' . $alias . ' ' . base64_encode($key) . ' ' . $comment; + + return $key; + } + + /** + * Convert a private key to the appropriate format. + * + * @param Ed25519 $curve + * @param Integer[] $publicKey + * @param string|false $password + * @param array $options optional + */ + public static function savePrivateKey( + BigInteger $privateKey, + BaseCurve $curve, + array $publicKey, + ?string $secret = null, + ?string $password = null, + array $options = [] + ): string { + if ($curve instanceof Ed25519) { + if (!isset($secret)) { + throw new RuntimeException('Private Key does not have a secret set'); + } + if (strlen($secret) != 32) { + throw new RuntimeException('Private Key secret is not of the correct length'); + } + + $pubKey = $curve->encodePoint($publicKey); + + $publicKey = Strings::packSSH2('ss', 'ssh-ed25519', $pubKey); + $privateKey = Strings::packSSH2('sss', 'ssh-ed25519', $pubKey, $secret . $pubKey); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } + + $alias = self::getAlias($curve); + + $points = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + $publicKey = self::savePublicKey($curve, $publicKey, ['binary' => true]); + + $privateKey = Strings::packSSH2('sssi', 'ecdsa-sha2-' . $alias, $alias, $points, $privateKey); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PKCS1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..eeb91d8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PKCS1.php @@ -0,0 +1,189 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * "PKCS1" (RFC5915) Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + use Common; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + self::initialize_static_variables(); + + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (strpos($key, 'BEGIN EC PARAMETERS') && strpos($key, 'BEGIN EC PRIVATE KEY')) { + $components = []; + + preg_match('#-*BEGIN EC PRIVATE KEY-*[^-]*-*END EC PRIVATE KEY-*#s', $key, $matches); + $decoded = parent::load($matches[0], $password); + $decoded = ASN1::decodeBER($decoded); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + + $ecPrivate = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP); + if (!is_array($ecPrivate)) { + throw new RuntimeException('Unable to perform ASN1 mapping'); + } + + if (isset($ecPrivate['parameters'])) { + $components['curve'] = self::loadCurveByParam($ecPrivate['parameters']); + } + + preg_match('#-*BEGIN EC PARAMETERS-*[^-]*-*END EC PARAMETERS-*#s', $key, $matches); + $decoded = parent::load($matches[0], ''); + $decoded = ASN1::decodeBER($decoded); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + $ecParams = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP); + if (!is_array($ecParams)) { + throw new RuntimeException('Unable to perform ASN1 mapping'); + } + $ecParams = self::loadCurveByParam($ecParams); + + // comparing $ecParams and $components['curve'] directly won't work because they'll have different Math\Common\FiniteField classes + // even if the modulo is the same + if (isset($components['curve']) && self::encodeParameters($ecParams, false, []) != self::encodeParameters($components['curve'], false, [])) { + throw new RuntimeException('EC PARAMETERS does not correspond to EC PRIVATE KEY'); + } + + if (!isset($components['curve'])) { + $components['curve'] = $ecParams; + } + + $components['dA'] = new BigInteger($ecPrivate['privateKey'], 256); + $components['curve']->rangeCheck($components['dA']); + $components['QA'] = isset($ecPrivate['publicKey']) ? + self::extractPoint($ecPrivate['publicKey'], $components['curve']) : + $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + + $key = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP); + if (is_array($key)) { + return ['curve' => self::loadCurveByParam($key)]; + } + + $key = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP); + if (!is_array($key)) { + throw new RuntimeException('Unable to perform ASN1 mapping'); + } + if (!isset($key['parameters'])) { + throw new RuntimeException('Key cannot be loaded without parameters'); + } + + $components = []; + $components['curve'] = self::loadCurveByParam($key['parameters']); + $components['dA'] = new BigInteger($key['privateKey'], 256); + $components['QA'] = isset($ecPrivate['publicKey']) ? + self::extractPoint($ecPrivate['publicKey'], $components['curve']) : + $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Convert EC parameters to the appropriate format + */ + public static function saveParameters(BaseCurve $curve, array $options = []): string + { + self::initialize_static_variables(); + + if ($curve instanceof TwistedEdwardsCurve || $curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('TwistedEdwards and Montgomery Curves are not supported'); + } + + $key = self::encodeParameters($curve, false, $options); + + return "-----BEGIN EC PARAMETERS-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END EC PARAMETERS-----\r\n"; + } + + /** + * Convert a private key to the appropriate format. + * + * @param Integer[] $publicKey + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, ?string $secret = null, ?string $password = null, array $options = []): string + { + self::initialize_static_variables(); + + if ($curve instanceof TwistedEdwardsCurve || $curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('TwistedEdwards Curves are not supported'); + } + + $publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + $key = [ + 'version' => 'ecPrivkeyVer1', + 'privateKey' => $privateKey->toBytes(), + 'parameters' => new ASN1\Element(self::encodeParameters($curve)), + 'publicKey' => "\0" . $publicKey, + ]; + + $key = ASN1::encodeDER($key, Maps\ECPrivateKey::MAP); + + return self::wrapPrivateKey($key, 'EC', $password, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..f6f608d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php @@ -0,0 +1,228 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Curves\Ed448; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * PKCS#8 Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + use Common; + + /** + * OID Name + * + * @var array + */ + public const OID_NAME = ['id-ecPublicKey', 'id-Ed25519', 'id-Ed448']; + + /** + * OID Value + * + * @var string + */ + public const OID_VALUE = ['1.2.840.10045.2.1', '1.3.101.112', '1.3.101.113']; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + // initialize_static_variables() is defined in both the trait and the parent class + // when it's defined in two places it's the traits one that's called + // the parent one is needed, as well, but the parent one is called by other methods + // in the parent class as needed and in the context of the parent it's the parent + // one that's called + self::initialize_static_variables(); + + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'privateKey' : 'publicKey'; + + switch ($key[$type . 'Algorithm']['algorithm']) { + case 'id-Ed25519': + case 'id-Ed448': + return self::loadEdDSA($key); + } + + $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + $params = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP); + if (!$params) { + throw new RuntimeException('Unable to decode the parameters using Maps\ECParameters'); + } + + $components = []; + $components['curve'] = self::loadCurveByParam($params); + + if ($type == 'publicKey') { + $components['QA'] = self::extractPoint("\0" . $key['publicKey'], $components['curve']); + + return $components; + } + + $decoded = ASN1::decodeBER($key['privateKey']); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + $key = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP); + if (isset($key['parameters']) && $params != $key['parameters']) { + throw new RuntimeException('The PKCS8 parameter field does not match the private key parameter field'); + } + + $components['dA'] = new BigInteger($key['privateKey'], 256); + $components['curve']->rangeCheck($components['dA']); + $components['QA'] = isset($key['publicKey']) ? + self::extractPoint($key['publicKey'], $components['curve']) : + $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Break a public or private EdDSA key down into its constituent components + */ + private static function loadEdDSA(array $key): array + { + $components = []; + + if (isset($key['privateKey'])) { + $components['curve'] = $key['privateKeyAlgorithm']['algorithm'] == 'id-Ed25519' ? new Ed25519() : new Ed448(); + $expected = chr(ASN1::TYPE_OCTET_STRING) . ASN1::encodeLength($components['curve']::SIZE); + if (substr($key['privateKey'], 0, 2) != $expected) { + throw new RuntimeException( + 'The first two bytes of the ' . + $key['privateKeyAlgorithm']['algorithm'] . + ' private key field should be 0x' . bin2hex($expected) + ); + } + $arr = $components['curve']->extractSecret(substr($key['privateKey'], 2)); + $components['dA'] = $arr['dA']; + $components['secret'] = $arr['secret']; + } + + if (isset($key['publicKey'])) { + if (!isset($components['curve'])) { + $components['curve'] = $key['publicKeyAlgorithm']['algorithm'] == 'id-Ed25519' ? new Ed25519() : new Ed448(); + } + + $components['QA'] = self::extractPoint($key['publicKey'], $components['curve']); + } + + if (isset($key['privateKey']) && !isset($components['QA'])) { + $components['QA'] = $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + } + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param Integer[] $publicKey + * @param array $options optional + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []): string + { + self::initialize_static_variables(); + + if ($curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('Montgomery Curves are not supported'); + } + + if ($curve instanceof TwistedEdwardsCurve) { + return self::wrapPublicKey( + $curve->encodePoint($publicKey), + null, + $curve instanceof Ed25519 ? 'id-Ed25519' : 'id-Ed448' + ); + } + + $params = new ASN1\Element(self::encodeParameters($curve, false, $options)); + + $key = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + return self::wrapPublicKey($key, $params, 'id-ecPublicKey'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param Integer[] $publicKey + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, ?string $secret = null, ?string $password = null, array $options = []): string + { + self::initialize_static_variables(); + + if ($curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('Montgomery Curves are not supported'); + } + + if ($curve instanceof TwistedEdwardsCurve) { + return self::wrapPrivateKey( + chr(ASN1::TYPE_OCTET_STRING) . ASN1::encodeLength($curve::SIZE) . $secret, + [], + null, + $password, + $curve instanceof Ed25519 ? 'id-Ed25519' : 'id-Ed448' + ); + } + + $publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + $params = new ASN1\Element(self::encodeParameters($curve, false, $options)); + + $key = [ + 'version' => 'ecPrivkeyVer1', + 'privateKey' => $privateKey->toBytes(), + //'parameters' => $params, + 'publicKey' => "\0" . $publicKey, + ]; + + $key = ASN1::encodeDER($key, Maps\ECPrivateKey::MAP); + + return self::wrapPrivateKey($key, [], $params, $password, 'id-ecPublicKey', '', $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..88d3e1a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php @@ -0,0 +1,135 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PuTTY as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * PuTTY Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY extends Progenitor +{ + use Common; + + /** + * Public Handler + * + * @var string + */ + public const PUBLIC_HANDLER = 'phpseclib3\Crypt\EC\Formats\Keys\OpenSSH'; + + /** + * Supported Key Types + * + * @var array + */ + protected static $types = [ + 'ecdsa-sha2-nistp256', + 'ecdsa-sha2-nistp384', + 'ecdsa-sha2-nistp521', + 'ssh-ed25519', + ]; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + * @param string|false $password + * @return array|false + */ + public static function load($key, $password) + { + $components = parent::load($key, $password); + if (!isset($components['private'])) { + return $components; + } + + $private = $components['private']; + + $temp = Strings::base64_encode(Strings::packSSH2('s', $components['type']) . $components['public']); + $components = OpenSSH::load($components['type'] . ' ' . $temp . ' ' . $components['comment']); + + if ($components['curve'] instanceof TwistedEdwardsCurve) { + if (Strings::shift($private, 4) != "\0\0\0\x20") { + throw new RuntimeException('Length of ssh-ed25519 key should be 32'); + } + $arr = $components['curve']->extractSecret($private); + $components['dA'] = $arr['dA']; + $components['secret'] = $arr['secret']; + } else { + [$components['dA']] = Strings::unpackSSH2('i', $private); + $components['curve']->rangeCheck($components['dA']); + } + + return $components; + } + + /** + * Convert a private key to the appropriate format. + * + * @param Integer[] $publicKey + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, ?string $secret = null, ?string $password = null, array $options = []): string + { + self::initialize_static_variables(); + + $public = explode(' ', OpenSSH::savePublicKey($curve, $publicKey)); + $name = $public[0]; + $public = Strings::base64_decode($public[1]); + [, $length] = unpack('N', Strings::shift($public, 4)); + Strings::shift($public, $length); + + // PuTTY pads private keys with a null byte per the following: + // https://github.com/github/putty/blob/a3d14d77f566a41fc61dfdc5c2e0e384c9e6ae8b/sshecc.c#L1926 + if (!$curve instanceof TwistedEdwardsCurve) { + $private = $privateKey->toBytes(); + if (!(strlen($privateKey->toBits()) & 7)) { + $private = "\0$private"; + } + } + + $private = $curve instanceof TwistedEdwardsCurve ? + Strings::packSSH2('s', $secret) : + Strings::packSSH2('s', $private); + + return self::wrapPrivateKey($public, $private, $name, $password, $options); + } + + /** + * Convert an EC public key to the appropriate format + * + * @param FiniteField[] $publicKey + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey): string + { + $public = explode(' ', OpenSSH::savePublicKey($curve, $publicKey)); + $type = $public[0]; + $public = Strings::base64_decode($public[1]); + [, $length] = unpack('N', Strings::shift($public, 4)); + Strings::shift($public, $length); + + return self::wrapPublicKey($public, $type); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/XML.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/XML.php new file mode 100644 index 0000000..0152e49 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/XML.php @@ -0,0 +1,471 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\Prime as PrimeCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * XML Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class XML +{ + use Common; + + /** + * Default namespace + * + * @var string + */ + private static $namespace; + + /** + * Flag for using RFC4050 syntax + * + * @var bool + */ + private static $rfc4050 = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + self::initialize_static_variables(); + + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (!class_exists('DOMDocument')) { + throw new BadConfigurationException('The dom extension is not setup correctly on this system'); + } + + $use_errors = libxml_use_internal_errors(true); + + $temp = self::isolateNamespace($key, 'http://www.w3.org/2009/xmldsig11#'); + if ($temp) { + $key = $temp; + } + + $temp = self::isolateNamespace($key, 'http://www.w3.org/2001/04/xmldsig-more#'); + if ($temp) { + $key = $temp; + } + + $dom = new \DOMDocument(); + if (substr($key, 0, 5) != '' . $key . ''; + } + + if (!$dom->loadXML($key)) { + libxml_use_internal_errors($use_errors); + throw new UnexpectedValueException('Key does not appear to contain XML'); + } + $xpath = new \DOMXPath($dom); + libxml_use_internal_errors($use_errors); + $curve = self::loadCurveByParam($xpath); + + $pubkey = self::query($xpath, 'publickey', 'Public Key is not present'); + + $QA = self::query($xpath, 'ecdsakeyvalue')->length ? + self::extractPointRFC4050($xpath, $curve) : + self::extractPoint("\0" . $pubkey, $curve); + + libxml_use_internal_errors($use_errors); + + return compact('curve', 'QA'); + } + + /** + * Case-insensitive xpath query + * + * @param string|null $error optional + * @param bool $decode optional + * @return \DOMNodeList|string + */ + private static function query(\DOMXPath $xpath, string $name, ?string $error = null, bool $decode = true) + { + $query = '/'; + $names = explode('/', $name); + foreach ($names as $name) { + $query .= "/*[translate(local-name(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='$name']"; + } + $result = $xpath->query($query); + if (!isset($error)) { + return $result; + } + + if (!$result->length) { + throw new RuntimeException($error); + } + return $decode ? self::decodeValue($result->item(0)->textContent) : $result->item(0)->textContent; + } + + /** + * Finds the first element in the relevant namespace, strips the namespacing and returns the XML for that element. + */ + private static function isolateNamespace(string $xml, string $ns) + { + $dom = new \DOMDocument(); + if (!$dom->loadXML($xml)) { + return false; + } + $xpath = new \DOMXPath($dom); + $nodes = $xpath->query("//*[namespace::*[.='$ns'] and not(../namespace::*[.='$ns'])]"); + if (!$nodes->length) { + return false; + } + $node = $nodes->item(0); + $ns_name = $node->lookupPrefix($ns); + if ($ns_name) { + $node->removeAttributeNS($ns, $ns_name); + } + return $dom->saveXML($node); + } + + /** + * Decodes the value + */ + private static function decodeValue(string $value): string + { + return Strings::base64_decode(str_replace(["\r", "\n", ' ', "\t"], '', $value)); + } + + /** + * Extract points from an XML document + * + * @return object[] + */ + private static function extractPointRFC4050(\DOMXPath $xpath, BaseCurve $curve): array + { + $x = self::query($xpath, 'publickey/x'); + $y = self::query($xpath, 'publickey/y'); + if (!$x->length || !$x->item(0)->hasAttribute('Value')) { + throw new RuntimeException('Public Key / X coordinate not found'); + } + if (!$y->length || !$y->item(0)->hasAttribute('Value')) { + throw new RuntimeException('Public Key / Y coordinate not found'); + } + $point = [ + $curve->convertInteger(new BigInteger($x->item(0)->getAttribute('Value'))), + $curve->convertInteger(new BigInteger($y->item(0)->getAttribute('Value'))), + ]; + if (!$curve->verifyPoint($point)) { + throw new RuntimeException('Unable to verify that point exists on curve'); + } + return $point; + } + + /** + * Returns an instance of \phpseclib3\Crypt\EC\BaseCurves\Base based + * on the curve parameters + * + * @return BaseCurve|false + */ + private static function loadCurveByParam(\DOMXPath $xpath) + { + $namedCurve = self::query($xpath, 'namedcurve'); + if ($namedCurve->length == 1) { + $oid = $namedCurve->item(0)->getAttribute('URN'); + $oid = preg_replace('#[^\d.]#', '', $oid); + $name = array_search($oid, self::$curveOIDs); + if ($name === false) { + throw new UnsupportedCurveException('Curve with OID of ' . $oid . ' is not supported'); + } + + $curve = '\phpseclib3\Crypt\EC\Curves\\' . $name; + if (!class_exists($curve)) { + throw new UnsupportedCurveException('Named Curve of ' . $name . ' is not supported'); + } + return new $curve(); + } + + $params = self::query($xpath, 'explicitparams'); + if ($params->length) { + return self::loadCurveByParamRFC4050($xpath); + } + + $params = self::query($xpath, 'ecparameters'); + if (!$params->length) { + throw new RuntimeException('No parameters are present'); + } + + $fieldTypes = [ + 'prime-field' => ['fieldid/prime/p'], + 'gnb' => ['fieldid/gnb/m'], + 'tnb' => ['fieldid/tnb/k'], + 'pnb' => ['fieldid/pnb/k1', 'fieldid/pnb/k2', 'fieldid/pnb/k3'], + 'unknown' => [], + ]; + + foreach ($fieldTypes as $type => $queries) { + foreach ($queries as $query) { + $result = self::query($xpath, $query); + if (!$result->length) { + continue 2; + } + $param = preg_replace('#.*/#', '', $query); + $$param = self::decodeValue($result->item(0)->textContent); + } + break; + } + + $a = self::query($xpath, 'curve/a', 'A coefficient is not present'); + $b = self::query($xpath, 'curve/b', 'B coefficient is not present'); + $base = self::query($xpath, 'base', 'Base point is not present'); + $order = self::query($xpath, 'order', 'Order is not present'); + + switch ($type) { + case 'prime-field': + $curve = new PrimeCurve(); + $curve->setModulo(new BigInteger($p, 256)); + $curve->setCoefficients( + new BigInteger($a, 256), + new BigInteger($b, 256) + ); + $point = self::extractPoint("\0" . $base, $curve); + $curve->setBasePoint(...$point); + $curve->setOrder(new BigInteger($order, 256)); + return $curve; + case 'gnb': + case 'tnb': + case 'pnb': + default: + throw new UnsupportedCurveException('Field Type of ' . $type . ' is not supported'); + } + } + + /** + * Returns an instance of \phpseclib3\Crypt\EC\BaseCurves\Base based + * on the curve parameters + * + * @return BaseCurve|false + */ + private static function loadCurveByParamRFC4050(\DOMXPath $xpath) + { + $fieldTypes = [ + 'prime-field' => ['primefieldparamstype/p'], + 'unknown' => [], + ]; + + foreach ($fieldTypes as $type => $queries) { + foreach ($queries as $query) { + $result = self::query($xpath, $query); + if (!$result->length) { + continue 2; + } + $param = preg_replace('#.*/#', '', $query); + $$param = $result->item(0)->textContent; + } + break; + } + + $a = self::query($xpath, 'curveparamstype/a', 'A coefficient is not present', false); + $b = self::query($xpath, 'curveparamstype/b', 'B coefficient is not present', false); + $x = self::query($xpath, 'basepointparams/basepoint/ecpointtype/x', 'Base Point X is not present', false); + $y = self::query($xpath, 'basepointparams/basepoint/ecpointtype/y', 'Base Point Y is not present', false); + $order = self::query($xpath, 'order', 'Order is not present', false); + + switch ($type) { + case 'prime-field': + $curve = new PrimeCurve(); + + $p = str_replace(["\r", "\n", ' ', "\t"], '', $p); + $curve->setModulo(new BigInteger($p)); + + $a = str_replace(["\r", "\n", ' ', "\t"], '', $a); + $b = str_replace(["\r", "\n", ' ', "\t"], '', $b); + $curve->setCoefficients( + new BigInteger($a), + new BigInteger($b) + ); + + $x = str_replace(["\r", "\n", ' ', "\t"], '', $x); + $y = str_replace(["\r", "\n", ' ', "\t"], '', $y); + $curve->setBasePoint( + new BigInteger($x), + new BigInteger($y) + ); + + $order = str_replace(["\r", "\n", ' ', "\t"], '', $order); + $curve->setOrder(new BigInteger($order)); + return $curve; + default: + throw new UnsupportedCurveException('Field Type of ' . $type . ' is not supported'); + } + } + + /** + * Sets the namespace. dsig11 is the most common one. + * + * Set to null to unset. Used only for creating public keys. + */ + public static function setNamespace(string $namespace): void + { + self::$namespace = $namespace; + } + + /** + * Uses the XML syntax specified in https://tools.ietf.org/html/rfc4050 + */ + public static function enableRFC4050Syntax(): void + { + self::$rfc4050 = true; + } + + /** + * Uses the XML syntax specified in https://www.w3.org/TR/xmldsig-core/#sec-ECParameters + */ + public static function disableRFC4050Syntax(): void + { + self::$rfc4050 = false; + } + + /** + * Convert a public key to the appropriate format + * + * @param Integer[] $publicKey + * @param array $options optional + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []): string + { + self::initialize_static_variables(); + + if ($curve instanceof TwistedEdwardsCurve || $curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('TwistedEdwards and Montgomery Curves are not supported'); + } + + if (empty(static::$namespace)) { + $pre = $post = ''; + } else { + $pre = static::$namespace . ':'; + $post = ':' . static::$namespace; + } + + if (self::$rfc4050) { + return '<' . $pre . 'ECDSAKeyValue xmlns' . $post . '="http://www.w3.org/2001/04/xmldsig-more#">' . "\r\n" . + self::encodeXMLParameters($curve, $pre, $options) . "\r\n" . + '<' . $pre . 'PublicKey>' . "\r\n" . + '<' . $pre . 'X Value="' . $publicKey[0] . '" />' . "\r\n" . + '<' . $pre . 'Y Value="' . $publicKey[1] . '" />' . "\r\n" . + '' . "\r\n" . + ''; + } + + $publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + return '<' . $pre . 'ECDSAKeyValue xmlns' . $post . '="http://www.w3.org/2009/xmldsig11#">' . "\r\n" . + self::encodeXMLParameters($curve, $pre, $options) . "\r\n" . + '<' . $pre . 'PublicKey>' . Strings::base64_encode($publicKey) . '' . "\r\n" . + ''; + } + + /** + * Encode Parameters + * + * @param array $options optional + * @return string|false + */ + private static function encodeXMLParameters(BaseCurve $curve, string $pre, array $options = []) + { + $result = self::encodeParameters($curve, true, $options); + + if (isset($result['namedCurve'])) { + $namedCurve = '<' . $pre . 'NamedCurve URI="urn:oid:' . self::$curveOIDs[$result['namedCurve']] . '" />'; + return self::$rfc4050 ? + '' . str_replace('URI', 'URN', $namedCurve) . '' : + $namedCurve; + } + + if (self::$rfc4050) { + $xml = '<' . $pre . 'ExplicitParams>' . "\r\n" . + '<' . $pre . 'FieldParams>' . "\r\n"; + $temp = $result['specifiedCurve']; + switch ($temp['fieldID']['fieldType']) { + case 'prime-field': + $xml .= '<' . $pre . 'PrimeFieldParamsType>' . "\r\n" . + '<' . $pre . 'P>' . $temp['fieldID']['parameters'] . '' . "\r\n" . + '' . "\r\n"; + $a = $curve->getA(); + $b = $curve->getB(); + [$x, $y] = $curve->getBasePoint(); + break; + default: + throw new UnsupportedCurveException('Field Type of ' . $temp['fieldID']['fieldType'] . ' is not supported'); + } + $xml .= '' . "\r\n" . + '<' . $pre . 'CurveParamsType>' . "\r\n" . + '<' . $pre . 'A>' . $a . '' . "\r\n" . + '<' . $pre . 'B>' . $b . '' . "\r\n" . + '' . "\r\n" . + '<' . $pre . 'BasePointParams>' . "\r\n" . + '<' . $pre . 'BasePoint>' . "\r\n" . + '<' . $pre . 'ECPointType>' . "\r\n" . + '<' . $pre . 'X>' . $x . '' . "\r\n" . + '<' . $pre . 'Y>' . $y . '' . "\r\n" . + '' . "\r\n" . + '' . "\r\n" . + '<' . $pre . 'Order>' . $curve->getOrder() . '' . "\r\n" . + '' . "\r\n" . + '' . "\r\n"; + + return $xml; + } + + if (isset($result['specifiedCurve'])) { + $xml = '<' . $pre . 'ECParameters>' . "\r\n" . + '<' . $pre . 'FieldID>' . "\r\n"; + $temp = $result['specifiedCurve']; + switch ($temp['fieldID']['fieldType']) { + case 'prime-field': + $xml .= '<' . $pre . 'Prime>' . "\r\n" . + '<' . $pre . 'P>' . Strings::base64_encode($temp['fieldID']['parameters']->toBytes()) . '' . "\r\n" . + '' . "\r\n" ; + break; + default: + throw new UnsupportedCurveException('Field Type of ' . $temp['fieldID']['fieldType'] . ' is not supported'); + } + $xml .= '' . "\r\n" . + '<' . $pre . 'Curve>' . "\r\n" . + '<' . $pre . 'A>' . Strings::base64_encode($temp['curve']['a']) . '' . "\r\n" . + '<' . $pre . 'B>' . Strings::base64_encode($temp['curve']['b']) . '' . "\r\n" . + '' . "\r\n" . + '<' . $pre . 'Base>' . Strings::base64_encode($temp['base']) . '' . "\r\n" . + '<' . $pre . 'Order>' . Strings::base64_encode($temp['order']) . '' . "\r\n" . + ''; + return $xml; + } + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/libsodium.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/libsodium.php new file mode 100644 index 0000000..d4cd529 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Keys/libsodium.php @@ -0,0 +1,108 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; + +/** + * libsodium Key Handler + * + * @author Jim Wigginton + */ +abstract class libsodium +{ + use Common; + + /** + * Is invisible flag + */ + public const IS_INVISIBLE = true; + + /** + * Break a public or private key down into its constituent components + */ + public static function load(string $key, ?string $password = null): array + { + switch (strlen($key)) { + case 32: + $public = $key; + break; + case 64: + $private = substr($key, 0, 32); + $public = substr($key, -32); + break; + case 96: + $public = substr($key, -32); + if (substr($key, 32, 32) != $public) { + throw new RuntimeException('Keys with 96 bytes should have the 2nd and 3rd set of 32 bytes match'); + } + $private = substr($key, 0, 32); + break; + default: + throw new RuntimeException('libsodium keys need to either be 32 bytes long, 64 bytes long or 96 bytes long'); + } + + $curve = new Ed25519(); + $components = ['curve' => $curve]; + if (isset($private)) { + $arr = $curve->extractSecret($private); + $components['dA'] = $arr['dA']; + $components['secret'] = $arr['secret']; + } + $components['QA'] = isset($public) ? + self::extractPoint($public, $curve) : + $curve->multiplyPoint($curve->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param Integer[] $publicKey + */ + public static function savePublicKey(Ed25519 $curve, array $publicKey): string + { + return $curve->encodePoint($publicKey); + } + + /** + * Convert a private key to the appropriate format. + * + * @param Integer[] $publicKey + */ + public static function savePrivateKey(BigInteger $privateKey, Ed25519 $curve, array $publicKey, ?string $secret = null, ?string $password = null): string + { + if (!isset($secret)) { + throw new RuntimeException('Private Key does not have a secret set'); + } + if (strlen($secret) != 32) { + throw new RuntimeException('Private Key secret is not of the correct length'); + } + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('libsodium private keys do not support encryption'); + } + return $secret . $curve->encodePoint($publicKey); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/ASN1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/ASN1.php new file mode 100644 index 0000000..288d004 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/ASN1.php @@ -0,0 +1,59 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\File\ASN1 as Encoder; +use phpseclib3\File\ASN1\Maps\EcdsaSigValue; +use phpseclib3\Math\BigInteger; + +/** + * ASN1 Signature Handler + * + * @author Jim Wigginton + */ +abstract class ASN1 +{ + /** + * Loads a signature + * + * @return array + */ + public static function load(string $sig) + { + if (!is_string($sig)) { + return false; + } + + $decoded = Encoder::decodeBER($sig); + if (empty($decoded)) { + return false; + } + $components = Encoder::asn1map($decoded[0], EcdsaSigValue::MAP); + + return $components; + } + + /** + * Returns a signature in the appropriate format + */ + public static function save(BigInteger $r, BigInteger $s): string + { + return Encoder::encodeDER(compact('r', 's'), EcdsaSigValue::MAP); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/IEEE.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/IEEE.php new file mode 100644 index 0000000..ae1c648 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/IEEE.php @@ -0,0 +1,64 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\Math\BigInteger; + +/** + * ASN1 Signature Handler + * + * @author Jim Wigginton + */ +abstract class IEEE +{ + /** + * Loads a signature + * + * @param string $sig + * @return array + */ + public static function load($sig) + { + if (!is_string($sig)) { + return false; + } + + $len = strlen($sig); + if ($len & 1) { + return false; + } + + $r = new BigInteger(substr($sig, 0, $len >> 1), 256); + $s = new BigInteger(substr($sig, $len >> 1), 256); + + return compact('r', 's'); + } + + /** + * Returns a signature in the appropriate format + */ + public static function save(BigInteger $r, BigInteger $s, string $curve, int $length): string + { + $r = $r->toBytes(); + $s = $s->toBytes(); + $length = (int) ceil($length / 8); + return str_pad($r, $length, "\0", STR_PAD_LEFT) . str_pad($s, $length, "\0", STR_PAD_LEFT); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/Raw.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/Raw.php new file mode 100644 index 0000000..43b2aad --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/Raw.php @@ -0,0 +1,27 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\Crypt\Common\Formats\Signature\Raw as Progenitor; + +/** + * Raw DSA Signature Handler + * + * @author Jim Wigginton + */ +abstract class Raw extends Progenitor +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/SSH2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/SSH2.php new file mode 100644 index 0000000..c380ea0 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Formats/Signature/SSH2.php @@ -0,0 +1,90 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BigInteger; + +/** + * SSH2 Signature Handler + * + * @author Jim Wigginton + */ +abstract class SSH2 +{ + /** + * Loads a signature + */ + public static function load(string $sig) + { + if (!is_string($sig)) { + return false; + } + + $result = Strings::unpackSSH2('ss', $sig); + if ($result === false) { + return false; + } + [$type, $blob] = $result; + switch ($type) { + // see https://tools.ietf.org/html/rfc5656#section-3.1.2 + case 'ecdsa-sha2-nistp256': + case 'ecdsa-sha2-nistp384': + case 'ecdsa-sha2-nistp521': + break; + default: + return false; + } + + $result = Strings::unpackSSH2('ii', $blob); + if ($result === false) { + return false; + } + + return [ + 'r' => $result[0], + 's' => $result[1], + ]; + } + + /** + * Returns a signature in the appropriate format + * + * @return string + */ + public static function save(BigInteger $r, BigInteger $s, string $curve) + { + switch ($curve) { + case 'secp256r1': + $curve = 'nistp256'; + break; + case 'secp384r1': + $curve = 'nistp384'; + break; + case 'secp521r1': + $curve = 'nistp521'; + break; + default: + return false; + } + + $blob = Strings::packSSH2('ii', $r, $s); + + return Strings::packSSH2('ss', 'ecdsa-sha2-' . $curve, $blob); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Parameters.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Parameters.php new file mode 100644 index 0000000..256177b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/Parameters.php @@ -0,0 +1,36 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC; + +use phpseclib3\Crypt\EC; + +/** + * EC Parameters + * + * @author Jim Wigginton + */ +final class Parameters extends EC +{ + /** + * Returns the parameters + * + * @param array $options optional + */ + public function toString(string $type = 'PKCS1', array $options = []): string + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + return $type::saveParameters($this->curve, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/PrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/PrivateKey.php new file mode 100644 index 0000000..5ba6e4f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/PrivateKey.php @@ -0,0 +1,274 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Formats\Keys\PKCS1; +use phpseclib3\Crypt\EC\Formats\Signature\ASN1 as ASN1Signature; +use phpseclib3\Crypt\Hash; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\Math\BigInteger; + +/** + * EC Private Key + * + * @author Jim Wigginton + */ +final class PrivateKey extends EC implements Common\PrivateKey +{ + use Common\Traits\PasswordProtected; + + /** + * Private Key dA + * + * sign() converts this to a BigInteger so one might wonder why this is a FiniteFieldInteger instead of + * a BigInteger. That's because a FiniteFieldInteger, when converted to a byte string, is null padded by + * a certain amount whereas a BigInteger isn't. + * + * @var object + */ + protected $dA; + + /** + * @var string + */ + protected $secret; + + /** + * Multiplies an encoded point by the private key + * + * Used by ECDH + */ + public function multiply(string $coordinates): string + { + if ($this->curve instanceof MontgomeryCurve) { + if ($this->curve instanceof Curve25519 && self::$engines['libsodium']) { + return sodium_crypto_scalarmult($this->dA->toBytes(), $coordinates); + } + + $point = [$this->curve->convertInteger(new BigInteger(strrev($coordinates), 256))]; + $point = $this->curve->multiplyPoint($point, $this->dA); + return strrev($point[0]->toBytes(true)); + } + if (!$this->curve instanceof TwistedEdwardsCurve) { + $coordinates = "\0$coordinates"; + } + $point = PKCS1::extractPoint($coordinates, $this->curve); + $point = $this->curve->multiplyPoint($point, $this->dA); + if ($this->curve instanceof TwistedEdwardsCurve) { + return $this->curve->encodePoint($point); + } + if (empty($point)) { + throw new RuntimeException('The infinity point is invalid'); + } + return "\4" . $point[0]->toBytes(true) . $point[1]->toBytes(true); + } + + /** + * Create a signature + * + * @see self::verify() + * @param string $message + */ + public function sign($message) + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + + $dA = $this->dA; + $order = $this->curve->getOrder(); + + $shortFormat = $this->shortFormat; + $format = $this->sigFormat; + if ($format === false) { + return false; + } + + if ($this->curve instanceof TwistedEdwardsCurve) { + if ($this->curve instanceof Ed25519 && self::$engines['libsodium'] && !isset($this->context)) { + $result = sodium_crypto_sign_detached($message, $this->withPassword()->toString('libsodium')); + return $shortFormat == 'SSH2' ? Strings::packSSH2('ss', 'ssh-' . strtolower($this->getCurve()), $result) : $result; + } + + // contexts (Ed25519ctx) are supported but prehashing (Ed25519ph) is not. + // quoting https://tools.ietf.org/html/rfc8032#section-8.5 , + // "The Ed25519ph and Ed448ph variants ... SHOULD NOT be used" + $A = $this->curve->encodePoint($this->QA); + $curve = $this->curve; + $hash = new Hash($curve::HASH); + + $secret = substr($hash->hash($this->secret), $curve::SIZE); + + if ($curve instanceof Ed25519) { + $dom = !isset($this->context) ? '' : + 'SigEd25519 no Ed25519 collisions' . "\0" . chr(strlen($this->context)) . $this->context; + } else { + $context = $this->context ?? ''; + $dom = 'SigEd448' . "\0" . chr(strlen($context)) . $context; + } + // SHA-512(dom2(F, C) || prefix || PH(M)) + $r = $hash->hash($dom . $secret . $message); + $r = strrev($r); + $r = new BigInteger($r, 256); + [, $r] = $r->divide($order); + $R = $curve->multiplyPoint($curve->getBasePoint(), $r); + $R = $curve->encodePoint($R); + $k = $hash->hash($dom . $R . $A . $message); + $k = strrev($k); + $k = new BigInteger($k, 256); + [, $k] = $k->divide($order); + $S = $k->multiply($dA)->add($r); + [, $S] = $S->divide($order); + $S = str_pad(strrev($S->toBytes()), $curve::SIZE, "\0"); + return $shortFormat == 'SSH2' ? Strings::packSSH2('ss', 'ssh-' . strtolower($this->getCurve()), $R . $S) : $R . $S; + } + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $signature = ''; + // altho PHP's OpenSSL bindings only supported EC key creation in PHP 7.1 they've long + // supported signing / verification + // we use specified curves to avoid issues with OpenSSL possibly not supporting a given named curve; + // doing this may mean some curve-specific optimizations can't be used but idk if OpenSSL even + // has curve-specific optimizations + $result = openssl_sign($message, $signature, $this->withPassword()->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash()); + + if ($result) { + if ($shortFormat == 'ASN1') { + return $signature; + } + + extract(ASN1Signature::load($signature)); + + return $this->formatSignature($r, $s); + } + } + + $e = $this->hash->hash($message); + $e = new BigInteger($e, 256); + + $Ln = $this->hash->getLength() - $order->getLength(); + $z = $Ln > 0 ? $e->bitwise_rightShift($Ln) : $e; + + while (true) { + $k = BigInteger::randomRange(self::$one, $order->subtract(self::$one)); + [$x, $y] = $this->curve->multiplyPoint($this->curve->getBasePoint(), $k); + $x = $x->toBigInteger(); + [, $r] = $x->divide($order); + if ($r->equals(self::$zero)) { + continue; + } + $kinv = $k->modInverse($order); + $temp = $z->add($dA->multiply($r)); + $temp = $kinv->multiply($temp); + [, $s] = $temp->divide($order); + if (!$s->equals(self::$zero)) { + break; + } + } + + // the following is an RFC6979 compliant implementation of deterministic ECDSA + // it's unused because it's mainly intended for use when a good CSPRNG isn't + // available. if phpseclib's CSPRNG isn't good then even key generation is + // suspect + /* + // if this were actually being used it'd probably be better if this lived in load() and createKey() + $this->q = $this->curve->getOrder(); + $dA = $this->dA->toBigInteger(); + $this->x = $dA; + + $h1 = $this->hash->hash($message); + $k = $this->computek($h1); + list($x, $y) = $this->curve->multiplyPoint($this->curve->getBasePoint(), $k); + $x = $x->toBigInteger(); + list(, $r) = $x->divide($this->q); + $kinv = $k->modInverse($this->q); + $h1 = $this->bits2int($h1); + $temp = $h1->add($dA->multiply($r)); + $temp = $kinv->multiply($temp); + list(, $s) = $temp->divide($this->q); + */ + + return $this->formatSignature($r, $s); + } + + /** + * Returns the private key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin('Keys', $type, 'savePrivateKey'); + + return $type::savePrivateKey($this->dA, $this->curve, $this->QA, $this->secret, $this->password, $options); + } + + /** + * Returns the public key + * + * @see self::getPrivateKey() + */ + public function getPublicKey() + { + $format = 'PKCS8'; + if ($this->curve instanceof MontgomeryCurve) { + $format = 'MontgomeryPublic'; + } + + $type = self::validatePlugin('Keys', $format, 'savePublicKey'); + + $key = $type::savePublicKey($this->curve, $this->QA); + $key = EC::loadFormat($format, $key); + if ($this->curve instanceof MontgomeryCurve) { + return $key; + } + $key = $key + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + if ($this->curve instanceof TwistedEdwardsCurve) { + $key = $key->withContext($this->context); + } + return $key; + } + + /** + * Returns a signature in the appropriate format + */ + private function formatSignature(BigInteger $r, BigInteger $s): string + { + $format = $this->sigFormat; + + $temp = new \ReflectionMethod($format, 'save'); + $paramCount = $temp->getNumberOfRequiredParameters(); + + // @codingStandardsIgnoreStart + switch ($paramCount) { + case 2: return $format::save($r, $s); + case 3: return $format::save($r, $s, $this->getCurve()); + case 4: return $format::save($r, $s, $this->getCurve(), $this->getLength()); + } + // @codingStandardsIgnoreEnd + + // presumably the only way you could get to this is if you were using a custom plugin + throw new UnsupportedOperationException("$format::save() has $paramCount parameters - the only valid parameter counts are 2 or 3"); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/PublicKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/PublicKey.php new file mode 100644 index 0000000..b6e619e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/EC/PublicKey.php @@ -0,0 +1,171 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\EC; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Formats\Keys\PKCS1; +use phpseclib3\Crypt\EC\Formats\Signature\ASN1 as ASN1Signature; +use phpseclib3\Crypt\Hash; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\Math\BigInteger; + +/** + * EC Public Key + * + * @author Jim Wigginton + */ +final class PublicKey extends EC implements Common\PublicKey +{ + use Common\Traits\Fingerprint; + + /** + * Verify a signature + * + * @see self::verify() + * @param string $message + * @param string $signature + */ + public function verify($message, $signature): bool + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + + $shortFormat = $this->shortFormat; + $format = $this->sigFormat; + if ($format === false) { + return false; + } + + $order = $this->curve->getOrder(); + + if ($this->curve instanceof TwistedEdwardsCurve) { + if ($shortFormat == 'SSH2') { + [, $signature] = Strings::unpackSSH2('ss', $signature); + } + + if ($this->curve instanceof Ed25519 && self::$engines['libsodium'] && !isset($this->context)) { + return sodium_crypto_sign_verify_detached($signature, $message, $this->toString('libsodium')); + } + + $curve = $this->curve; + if (strlen($signature) != 2 * $curve::SIZE) { + return false; + } + + $R = substr($signature, 0, $curve::SIZE); + $S = substr($signature, $curve::SIZE); + + try { + $R = PKCS1::extractPoint($R, $curve); + $R = $this->curve->convertToInternal($R); + } catch (\Exception $e) { + return false; + } + + $S = strrev($S); + $S = new BigInteger($S, 256); + + if ($S->compare($order) >= 0) { + return false; + } + + $A = $curve->encodePoint($this->QA); + + if ($curve instanceof Ed25519) { + $dom2 = !isset($this->context) ? '' : + 'SigEd25519 no Ed25519 collisions' . "\0" . chr(strlen($this->context)) . $this->context; + } else { + $context = $this->context ?? ''; + $dom2 = 'SigEd448' . "\0" . chr(strlen($context)) . $context; + } + + $hash = new Hash($curve::HASH); + $k = $hash->hash($dom2 . substr($signature, 0, $curve::SIZE) . $A . $message); + $k = strrev($k); + $k = new BigInteger($k, 256); + [, $k] = $k->divide($order); + + $qa = $curve->convertToInternal($this->QA); + + $lhs = $curve->multiplyPoint($curve->getBasePoint(), $S); + $rhs = $curve->multiplyPoint($qa, $k); + $rhs = $curve->addPoint($rhs, $R); + $rhs = $curve->convertToAffine($rhs); + + return $lhs[0]->equals($rhs[0]) && $lhs[1]->equals($rhs[1]); + } + + $params = $format::load($signature); + if ($params === false || count($params) != 2) { + return false; + } + extract($params); + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $sig = $format != 'ASN1' ? ASN1Signature::save($r, $s) : $signature; + + $result = openssl_verify($message, $sig, $this->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash()); + + if ($result != -1) { + return (bool) $result; + } + } + + $n_1 = $order->subtract(self::$one); + if (!$r->between(self::$one, $n_1) || !$s->between(self::$one, $n_1)) { + return false; + } + + $e = $this->hash->hash($message); + $e = new BigInteger($e, 256); + + $Ln = $this->hash->getLength() - $order->getLength(); + $z = $Ln > 0 ? $e->bitwise_rightShift($Ln) : $e; + + $w = $s->modInverse($order); + [, $u1] = $z->multiply($w)->divide($order); + [, $u2] = $r->multiply($w)->divide($order); + + $u1 = $this->curve->convertInteger($u1); + $u2 = $this->curve->convertInteger($u2); + + [$x1, $y1] = $this->curve->multiplyAddPoints( + [$this->curve->getBasePoint(), $this->QA], + [$u1, $u2] + ); + + $x1 = $x1->toBigInteger(); + [, $x1] = $x1->divide($order); + + return $x1->equals($r); + } + + /** + * Returns the public key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + return $type::savePublicKey($this->curve, $this->QA, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Hash.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Hash.php new file mode 100644 index 0000000..4fd898f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Hash.php @@ -0,0 +1,1545 @@ + + * setKey('abcdefg'); + * + * echo base64_encode($hash->hash('abcdefg')); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2015 Jim Wigginton + * @author Andreas Fischer + * @copyright 2015 Andreas Fischer + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; + +/** + * @author Jim Wigginton + * @author Andreas Fischer + */ +class Hash +{ + /** + * Padding Types + */ + public const PADDING_KECCAK = 1; + + /** + * Padding Types + */ + public const PADDING_SHA3 = 2; + + /** + * Padding Types + */ + public const PADDING_SHAKE = 3; + + /** + * Padding Type + * + * Only used by SHA3 + * + * @var int + */ + private $paddingType = 0; + + /** + * Hash Parameter + * + * @see self::setHash() + * @var int + */ + private $hashParam; + + /** + * Byte-length of hash output (Internal HMAC) + * + * @see self::setHash() + * @var int + */ + private $length; + + /** + * Hash Algorithm + * + * @see self::setHash() + * @var string + */ + private $algo; + + /** + * Key + * + * @see self::setKey() + * @var string + */ + private $key = false; + + /** + * Nonce + * + * @see self::setNonce() + * @var string + */ + private $nonce = false; + + /** + * Hash Parameters + * + * @var array + */ + private $parameters = []; + + /** + * Computed Key + * + * @see self::_computeKey() + * @var string + */ + private $computedKey = false; + + /** + * Outer XOR (Internal HMAC) + * + * Used only for sha512/* + * + * @see self::hash() + * @var string + */ + private $opad; + + /** + * Inner XOR (Internal HMAC) + * + * Used only for sha512/* + * + * @see self::hash() + * @var string + */ + private $ipad; + + /** + * Recompute AES Key + * + * Used only for umac + * + * @see self::hash() + * @var boolean + */ + private $recomputeAESKey; + + /** + * umac cipher object + * + * @see self::hash() + * @var AES + */ + private $c; + + /** + * umac pad + * + * @see self::hash() + * @var string + */ + private $pad; + + /** + * Block Size + * + * @var int + */ + private $blockSize; + + /**#@+ + * UMAC variables + * + * @var PrimeField + */ + private static $factory36; + private static $factory64; + private static $factory128; + private static $offset64; + private static $offset128; + private static $marker64; + private static $marker128; + private static $maxwordrange64; + private static $maxwordrange128; + /**#@-*/ + + /** + * Default Constructor. + */ + public function __construct(string $hash = 'sha256') + { + $this->setHash($hash); + } + + /** + * Sets the key for HMACs + * + * Keys can be of any length. + * + * @param string $key + */ + public function setKey($key = false): void + { + $this->key = $key; + $this->computeKey(); + $this->recomputeAESKey = true; + } + + /** + * Sets the nonce for UMACs + * + * Keys can be of any length. + * + * @param string $nonce + */ + public function setNonce($nonce = false): void + { + switch (true) { + case !is_string($nonce): + case strlen($nonce) > 0 && strlen($nonce) <= 16: + $this->recomputeAESKey = true; + $this->nonce = $nonce; + return; + } + + throw new LengthException('The nonce length must be between 1 and 16 bytes, inclusive'); + } + + /** + * Pre-compute the key used by the HMAC + * + * Quoting http://tools.ietf.org/html/rfc2104#section-2, "Applications that use keys longer than B bytes + * will first hash the key using H and then use the resultant L byte string as the actual key to HMAC." + * + * As documented in https://www.reddit.com/r/PHP/comments/9nct2l/symfonypolyfill_hash_pbkdf2_correct_fix_for/ + * when doing an HMAC multiple times it's faster to compute the hash once instead of computing it during + * every call + */ + private function computeKey(): void + { + if ($this->key === false) { + $this->computedKey = false; + return; + } + + if (strlen($this->key) <= $this->getBlockLengthInBytes()) { + $this->computedKey = $this->key; + return; + } + + $this->computedKey = is_array($this->algo) ? + call_user_func($this->algo, $this->key) : + hash($this->algo, $this->key, true); + } + + /** + * Gets the hash function. + * + * As set by the constructor or by the setHash() method. + * + * @return string + */ + public function getHash() + { + return $this->hashParam; + } + + /** + * Sets the hash function. + */ + public function setHash(string $hash): void + { + $oldHash = $this->hashParam; + $this->hashParam = $hash = strtolower($hash); + switch ($hash) { + case 'umac-32': + case 'umac-64': + case 'umac-96': + case 'umac-128': + if ($oldHash != $this->hashParam) { + $this->recomputeAESKey = true; + } + $this->blockSize = 128; + $this->length = abs((int) substr($hash, -3)) >> 3; + $this->algo = 'umac'; + return; + case 'md2-96': + case 'md5-96': + case 'sha1-96': + case 'sha224-96': + case 'sha256-96': + case 'sha384-96': + case 'sha512-96': + case 'sha512/224-96': + case 'sha512/256-96': + $hash = substr($hash, 0, -3); + $this->length = 12; // 96 / 8 = 12 + break; + case 'md2': + case 'md5': + $this->length = 16; + break; + case 'sha1': + $this->length = 20; + break; + case 'sha224': + case 'sha512/224': + case 'sha3-224': + $this->length = 28; + break; + case 'keccak256': + $this->paddingType = self::PADDING_KECCAK; + // fall-through + case 'sha256': + case 'sha512/256': + case 'sha3-256': + $this->length = 32; + break; + case 'sha384': + case 'sha3-384': + $this->length = 48; + break; + case 'sha512': + case 'sha3-512': + $this->length = 64; + break; + default: + if (preg_match('#^(shake(?:128|256))-(\d+)$#', $hash, $matches)) { + $this->paddingType = self::PADDING_SHAKE; + $hash = $matches[1]; + $this->length = $matches[2] >> 3; + } else { + throw new UnsupportedAlgorithmException( + "$hash is not a supported algorithm" + ); + } + } + + switch ($hash) { + case 'md2': + case 'md2-96': + $this->blockSize = 128; + break; + case 'md5-96': + case 'sha1-96': + case 'sha224-96': + case 'sha256-96': + case 'md5': + case 'sha1': + case 'sha224': + case 'sha256': + $this->blockSize = 512; + break; + case 'sha3-224': + $this->blockSize = 1152; // 1600 - 2*224 + break; + case 'sha3-256': + case 'shake256': + case 'keccak256': + $this->blockSize = 1088; // 1600 - 2*256 + break; + case 'sha3-384': + $this->blockSize = 832; // 1600 - 2*384 + break; + case 'sha3-512': + $this->blockSize = 576; // 1600 - 2*512 + break; + case 'shake128': + $this->blockSize = 1344; // 1600 - 2*128 + break; + default: + $this->blockSize = 1024; + } + + if (in_array(substr($hash, 0, 5), ['sha3-', 'shake', 'kecca'])) { + // PHP 7.1.0 introduced support for "SHA3 fixed mode algorithms": + // http://php.net/ChangeLog-7.php#7.1.0 + if (version_compare(PHP_VERSION, '7.1.0') < 0 || substr($hash, 0, 5) != 'sha3-') { + //preg_match('#(\d+)$#', $hash, $matches); + //$this->parameters['capacity'] = 2 * $matches[1]; // 1600 - $this->blockSize + //$this->parameters['rate'] = 1600 - $this->parameters['capacity']; // == $this->blockSize + if (!$this->paddingType) { + $this->paddingType = self::PADDING_SHA3; + } + $this->parameters = [ + 'capacity' => 1600 - $this->blockSize, + 'rate' => $this->blockSize, + 'length' => $this->length, + 'padding' => $this->paddingType, + ]; + $hash = ['phpseclib3\Crypt\Hash', PHP_INT_SIZE == 8 ? 'sha3_64' : 'sha3_32']; + } + } + + if ($hash == 'sha512/224' || $hash == 'sha512/256') { + // PHP 7.1.0 introduced sha512/224 and sha512/256 support: + // http://php.net/ChangeLog-7.php#7.1.0 + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + // from http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf#page=24 + $initial = $hash == 'sha512/256' ? + [ + '22312194FC2BF72C', '9F555FA3C84C64C2', '2393B86B6F53B151', '963877195940EABD', + '96283EE2A88EFFE3', 'BE5E1E2553863992', '2B0199FC2C85B8AA', '0EB72DDC81C52CA2', + ] : + [ + '8C3D37C819544DA2', '73E1996689DCD4D6', '1DFAB7AE32FF9C82', '679DD514582F9FCF', + '0F6D2B697BD44DA8', '77E36F7304C48942', '3F9D85A86A1D36C8', '1112E6AD91D692A1', + ]; + for ($i = 0; $i < 8; $i++) { + $initial[$i] = new BigInteger($initial[$i], 16); + $initial[$i]->setPrecision(64); + } + + $this->parameters = compact('initial'); + + $hash = ['phpseclib3\Crypt\Hash', 'sha512']; + } + } + + if (is_array($hash)) { + $b = $this->blockSize >> 3; + $this->ipad = str_repeat(chr(0x36), $b); + $this->opad = str_repeat(chr(0x5C), $b); + } + + $this->algo = $hash; + + $this->computeKey(); + } + + /** + * KDF: Key-Derivation Function + * + * The key-derivation function generates pseudorandom bits used to key the hash functions. + * + * @param int $index a non-negative integer less than 2^64 + * @param int $numbytes a non-negative integer less than 2^64 + * @return string string of length numbytes bytes + */ + private function kdf(int $index, int $numbytes): string + { + $this->c->setIV(pack('N4', 0, $index, 0, 1)); + + return $this->c->encrypt(str_repeat("\0", $numbytes)); + } + + /** + * PDF Algorithm + * + * @return string string of length taglen bytes. + */ + private function pdf(): string + { + $k = $this->key; + $nonce = $this->nonce; + $taglen = $this->length; + + // + // Extract and zero low bit(s) of Nonce if needed + // + if ($taglen <= 8) { + $last = strlen($nonce) - 1; + $mask = $taglen == 4 ? "\3" : "\1"; + $index = $nonce[$last] & $mask; + $nonce[$last] = $nonce[$last] ^ $index; + } + + // + // Make Nonce BLOCKLEN bytes by appending zeroes if needed + // + $nonce = str_pad($nonce, 16, "\0"); + + // + // Generate subkey, encipher and extract indexed substring + // + $kp = $this->kdf(0, 16); + $c = new AES('ctr'); + $c->disablePadding(); + $c->setKey($kp); + $c->setIV($nonce); + $t = $c->encrypt("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); + + // we could use ord() but per https://paragonie.com/blog/2016/06/constant-time-encoding-boring-cryptography-rfc-4648-and-you + // unpack() doesn't leak timing info + return $taglen <= 8 ? + substr($t, unpack('C', $index)[1] * $taglen, $taglen) : + substr($t, 0, $taglen); + } + + /** + * UHASH Algorithm + * + * @param string $m string of length less than 2^67 bits. + * @param int $taglen the integer 4, 8, 12 or 16. + * @return string string of length taglen bytes. + */ + private function uhash(string $m, int $taglen): string + { + // + // One internal iteration per 4 bytes of output + // + $iters = $taglen >> 2; + + // + // Define total key needed for all iterations using KDF. + // L1Key reuses most key material between iterations. + // + //$L1Key = $this->kdf(1, 1024 + ($iters - 1) * 16); + $L1Key = $this->kdf(1, (1024 + ($iters - 1)) * 16); + $L2Key = $this->kdf(2, $iters * 24); + $L3Key1 = $this->kdf(3, $iters * 64); + $L3Key2 = $this->kdf(4, $iters * 4); + + // + // For each iteration, extract key and do three-layer hash. + // If bytelength(M) <= 1024, then skip L2-HASH. + // + $y = ''; + for ($i = 0; $i < $iters; $i++) { + $L1Key_i = substr($L1Key, $i * 16, 1024); + $L2Key_i = substr($L2Key, $i * 24, 24); + $L3Key1_i = substr($L3Key1, $i * 64, 64); + $L3Key2_i = substr($L3Key2, $i * 4, 4); + + $a = self::L1Hash($L1Key_i, $m); + $b = strlen($m) <= 1024 ? "\0\0\0\0\0\0\0\0$a" : self::L2Hash($L2Key_i, $a); + $c = self::L3Hash($L3Key1_i, $L3Key2_i, $b); + $y .= $c; + } + + return $y; + } + + /** + * L1-HASH Algorithm + * + * The first-layer hash breaks the message into 1024-byte chunks and + * hashes each with a function called NH. Concatenating the results + * forms a string, which is up to 128 times shorter than the original. + * + * @param string $k string of length 1024 bytes. + * @param string $m string of length less than 2^67 bits. + * @return string string of length (8 * ceil(bitlength(M)/8192)) bytes. + */ + private static function L1Hash(string $k, string $m): string + { + // + // Break M into 1024 byte chunks (final chunk may be shorter) + // + $m = str_split($m, 1024); + + // + // For each chunk, except the last: endian-adjust, NH hash + // and add bit-length. Use results to build Y. + // + $length = PHP_INT_SIZE == 8 ? 1024 * 8 : new BigInteger(1024 * 8); + $y = ''; + + for ($i = 0; $i < count($m) - 1; $i++) { + $m[$i] = pack('N*', ...unpack('V*', $m[$i])); // ENDIAN-SWAP + $y .= PHP_INT_SIZE == 8 ? + static::nh64($k, $m[$i], $length) : + static::nh($k, $m[$i], $length); + } + + // + // For the last chunk: pad to 32-byte boundary, endian-adjust, + // NH hash and add bit-length. Concatenate the result to Y. + // + $length = count($m) ? strlen($m[$i]) : 0; + $pad = 32 - ($length % 32); + $pad = max(32, $length + $pad % 32); + $m[$i] = str_pad($m[$i] ?? '', $pad, "\0"); // zeropad + $m[$i] = pack('N*', ...unpack('V*', $m[$i])); // ENDIAN-SWAP + + $y .= PHP_INT_SIZE == 8 ? + static::nh64($k, $m[$i], $length * 8) : + static::nh($k, $m[$i], new BigInteger($length * 8)); + + return $y; + } + + /** + * NH Algorithm + * + * @param string $k string of length 1024 bytes. + * @param string $m string with length divisible by 32 bytes. + * @return string string of length 8 bytes. + */ + private static function nh(string $k, string $m, $length): string + { + $toUInt32 = function ($x) { + $x = new BigInteger($x, 256); + $x->setPrecision(32); + return $x; + }; + + // + // Break M and K into 4-byte chunks + // + //$t = strlen($m) >> 2; + $m = str_split($m, 4); + $t = count($m); + $k = str_split($k, 4); + $k = array_pad(array_slice($k, 0, $t), $t, 0); + + $m = array_map($toUInt32, $m); + $k = array_map($toUInt32, $k); + + // + // Perform NH hash on the chunks, pairing words for multiplication + // which are 4 apart to accommodate vector-parallelism. + // + $y = new BigInteger(); + $y->setPrecision(64); + $i = 0; + while ($i < $t) { + $temp = $m[$i]->add($k[$i]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 4]->add($k[$i + 4])); + $y = $y->add($temp); + + $temp = $m[$i + 1]->add($k[$i + 1]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 5]->add($k[$i + 5])); + $y = $y->add($temp); + + $temp = $m[$i + 2]->add($k[$i + 2]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 6]->add($k[$i + 6])); + $y = $y->add($temp); + + $temp = $m[$i + 3]->add($k[$i + 3]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 7]->add($k[$i + 7])); + $y = $y->add($temp); + + $i += 8; + } + + return $y->add($length)->toBytes(); + } + + /** + * 64-bit Multiply with 2x 32-bit ints + */ + private static function mul64(int $x, int $y): int + { + // since PHP doesn't implement unsigned integers we'll implement them with signed integers + // to do this we'll use karatsuba multiplication + + // this could be made to work on 32-bit systems with the following changes: + // $x & 0xFFFFFFFF => fmod($x, 0x100000000) + // $x >> 32 => (int) ($x / 0x100000000); + // you'd then need to casts the floats to ints after you got the carry + + $x1 = ($x >> 16) & 0xFFFF; + $x0 = $x & 0xFFFF; + + $y1 = ($y >> 16) & 0xFFFF; + $y0 = $y & 0xFFFF; + + $z2 = $x1 * $y1; // up to 32 bits long + $z0 = $x0 * $y0; // up to 32 bits long + $z1 = $x1 * $y0 + $x0 * $y1; // up to 33 bit long + // normally karatsuba multiplication calculates $z1 thusly: + //$z1 = ($x1 + $x0) * ($y0 + $y1) - $z2 - $z0; + // the idea being to eliminate one extra multiplication. for arbitrary precision math that makes sense + // but not for this purpose + + // at this point karatsuba would normally return this: + //return ($z2 << 64) + ($z1 << 32) + $z0; + // the problem is that the output could be out of range for signed 64-bit ints, + // which would cause PHP to switch to floats, which would risk losing the lower few bits + // as such we'll OR 4x 16-bit blocks together like so: + /* + ........ | ........ | ........ | ........ + upper $z2 | lower $z2 | lower $z1 | lower $z0 + | +upper $z1 | +upper $z0 | + + $carry | + $carry | | + */ + // technically upper $z1 is 17 bit - not 16 - but the most significant digit of that will + // just get added to $carry + + $a = $z0 & 0xFFFF; + $b = ($z0 >> 16) + ($z1 & 0xFFFF); + $c = ($z1 >> 16) + ($z2 & 0xFFFF) + ($b >> 16); + $b = ($b & 0xFFFF) << 16; + $d = ($z2 >> 16) + ($c >> 16); + $c = ($c & 0xFFFF) << 32; + $d = ($d & 0xFFFF) << 48; + + return $a | $b | $c | $d; + } + + /** + * 64-bit Addition with 2x 64-bit ints + */ + private static function add64(int $x, int $y): int + { + // doing $x + $y risks returning a result that's out of range for signed 64-bit ints + // in that event PHP would convert the result to a float and precision would be lost + // so we'll just add 2x 32-bit ints together like so: + /* + ........ | ........ + upper $x | lower $x + +upper $y |+lower $y + + $carry | + */ + // in theory we should be able to get this working on 32-bit PHP install + // but we'd need to return the result as a string vs an int and do fmod() + // vs "& 0xFFFFFFFF" + $x1 = $x & 0xFFFFFFFF; + $x2 = ($x >> 32) & 0xFFFFFFFF; + $y1 = $y & 0xFFFFFFFF; + $y2 = ($y >> 32) & 0xFFFFFFFF; + $a = $x1 + $y1; + $c = $a >> 32; + $b = ($x2 + $y2) & 0xFFFFFFFF; + $b = ($b + $c) << 32; + $a &= 0xFFFFFFFF; + + return $a | $b; + } + + /** + * NH Algorithm + * + * @param string $k string of length 1024 bytes. + * @param string $m string with length divisible by 32 bytes. + * @return string string of length 8 bytes. + */ + private static function nh64($k, $m, $length) + { + // + // Break M and K into 4-byte chunks + // + $k = unpack('N*', $k); + $m = unpack('N*', $m); + $t = count($m); + + // + // Perform NH hash on the chunks, pairing words for multiplication + // which are 4 apart to accommodate vector-parallelism. + // + $i = 1; + $y = 0; + while ($i <= $t) { + $temp = ($m[$i] + $k[$i]) & 0xFFFFFFFF; + $temp2 = ($m[$i + 4] + $k[$i + 4]) & 0xFFFFFFFF; + $y = self::add64($y, self::mul64($temp, $temp2)); + + $temp = ($m[$i + 1] + $k[$i + 1]) & 0xFFFFFFFF; + $temp2 = ($m[$i + 5] + $k[$i + 5]) & 0xFFFFFFFF; + $y = self::add64($y, self::mul64($temp, $temp2)); + + $temp = ($m[$i + 2] + $k[$i + 2]) & 0xFFFFFFFF; + $temp2 = ($m[$i + 6] + $k[$i + 6]) & 0xFFFFFFFF; + $y = self::add64($y, self::mul64($temp, $temp2)); + + $temp = ($m[$i + 3] + $k[$i + 3]) & 0xFFFFFFFF; + $temp2 = ($m[$i + 7] + $k[$i + 7]) & 0xFFFFFFFF; + $y = self::add64($y, self::mul64($temp, $temp2)); + + $i += 8; + } + + return pack('J', self::add64($y, $length)); + } + + /** + * L2-HASH: Second-Layer Hash + * + * The second-layer rehashes the L1-HASH output using a polynomial hash + * called POLY. If the L1-HASH output is long, then POLY is called once + * on a prefix of the L1-HASH output and called using different settings + * on the remainder. (This two-step hashing of the L1-HASH output is + * needed only if the message length is greater than 16 megabytes.) + * Careful implementation of POLY is necessary to avoid a possible + * timing attack (see Section 6.6 for more information). + * + * @param string $k string of length 24 bytes. + * @param string $m string of length less than 2^64 bytes. + * @return string string of length 16 bytes. + */ + private static function L2Hash(string $k, string $m): string + { + // + // Extract keys and restrict to special key-sets + // + $k64 = $k & "\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF"; + $k64 = new BigInteger($k64, 256); + $k128 = substr($k, 8) & "\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF"; + $k128 = new BigInteger($k128, 256); + + // + // If M is no more than 2^17 bytes, hash under 64-bit prime, + // otherwise, hash first 2^17 bytes under 64-bit prime and + // remainder under 128-bit prime. + // + if (strlen($m) <= 0x20000) { // 2^14 64-bit words + $y = self::poly(64, self::$maxwordrange64, $k64, $m); + } else { + $m_1 = substr($m, 0, 0x20000); // 1 << 17 + $m_2 = substr($m, 0x20000) . "\x80"; + $length = strlen($m_2); + $pad = 16 - ($length % 16); + $pad %= 16; + $m_2 = str_pad($m_2, $length + $pad, "\0"); // zeropad + $y = self::poly(64, self::$maxwordrange64, $k64, $m_1); + $y = str_pad($y, 16, "\0", STR_PAD_LEFT); + $y = self::poly(128, self::$maxwordrange128, $k128, $y . $m_2); + } + + return str_pad($y, 16, "\0", STR_PAD_LEFT); + } + + /** + * POLY Algorithm + * + * @param int $wordbits the integer 64 or 128. + * @param PrimeField\Integer $maxwordrange positive integer less than 2^wordbits. + * @param BigInteger $k integer in the range 0 ... prime(wordbits) - 1. + * @param string $m string with length divisible by (wordbits / 8) bytes. + * @return string in the range 0 ... prime(wordbits) - 1. + */ + private static function poly(int $wordbits, PrimeField\Integer $maxwordrange, BigInteger $k, string $m): string + { + // + // Define constants used for fixing out-of-range words + // + $wordbytes = $wordbits >> 3; + if ($wordbits == 128) { + $factory = self::$factory128; + $offset = self::$offset128; + $marker = self::$marker128; + } else { + $factory = self::$factory64; + $offset = self::$offset64; + $marker = self::$marker64; + } + + $k = $factory->newInteger($k); + + // + // Break M into chunks of length wordbytes bytes + // + $m_i = str_split($m, $wordbytes); + + // + // Each input word m is compared with maxwordrange. If not smaller + // then 'marker' and (m - offset), both in range, are hashed. + // + $y = $factory->newInteger(new BigInteger(1)); + foreach ($m_i as $m) { + $m = $factory->newInteger(new BigInteger($m, 256)); + if ($m->compare($maxwordrange) >= 0) { + $y = $k->multiply($y)->add($marker); + $y = $k->multiply($y)->add($m->subtract($offset)); + } else { + $y = $k->multiply($y)->add($m); + } + } + + return $y->toBytes(); + } + + /** + * L3-HASH: Third-Layer Hash + * + * The output from L2-HASH is 16 bytes long. This final hash function + * hashes the 16-byte string to a fixed length of 4 bytes. + * + * @param string $k1 string of length 64 bytes. + * @param string $k2 string of length 4 bytes. + * @param string $m string of length 16 bytes. + * @return string string of length 4 bytes. + */ + private static function L3Hash(string $k1, string $k2, string $m): string + { + $factory = self::$factory36; + + $y = $factory->newInteger(new BigInteger()); + for ($i = 0; $i < 8; $i++) { + $m_i = $factory->newInteger(new BigInteger(substr($m, 2 * $i, 2), 256)); + $k_i = $factory->newInteger(new BigInteger(substr($k1, 8 * $i, 8), 256)); + $y = $y->add($m_i->multiply($k_i)); + } + $y = str_pad(substr($y->toBytes(), -4), 4, "\0", STR_PAD_LEFT); + $y = $y ^ $k2; + + return $y; + } + + /** + * Compute the Hash / HMAC / UMAC. + */ + public function hash(string $text): string + { + $algo = $this->algo; + if ($algo == 'umac') { + if ($this->recomputeAESKey) { + if (!is_string($this->nonce)) { + throw new InsufficientSetupException('No nonce has been set'); + } + if (!is_string($this->key)) { + throw new InsufficientSetupException('No key has been set'); + } + if (strlen($this->key) != 16) { + throw new LengthException('Key must be 16 bytes long'); + } + + if (!isset(self::$maxwordrange64)) { + $one = new BigInteger(1); + + $prime36 = new BigInteger("\x00\x00\x00\x0F\xFF\xFF\xFF\xFB", 256); + self::$factory36 = new PrimeField($prime36); + + $prime64 = new BigInteger("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC5", 256); + self::$factory64 = new PrimeField($prime64); + + $prime128 = new BigInteger("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x61", 256); + self::$factory128 = new PrimeField($prime128); + + self::$offset64 = new BigInteger("\1\0\0\0\0\0\0\0\0", 256); + self::$offset64 = self::$factory64->newInteger(self::$offset64->subtract($prime64)); + self::$offset128 = new BigInteger("\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256); + self::$offset128 = self::$factory128->newInteger(self::$offset128->subtract($prime128)); + + self::$marker64 = self::$factory64->newInteger($prime64->subtract($one)); + self::$marker128 = self::$factory128->newInteger($prime128->subtract($one)); + + $maxwordrange64 = $one->bitwise_leftShift(64)->subtract($one->bitwise_leftShift(32)); + self::$maxwordrange64 = self::$factory64->newInteger($maxwordrange64); + + $maxwordrange128 = $one->bitwise_leftShift(128)->subtract($one->bitwise_leftShift(96)); + self::$maxwordrange128 = self::$factory128->newInteger($maxwordrange128); + } + + $this->c = new AES('ctr'); + $this->c->disablePadding(); + $this->c->setKey($this->key); + + $this->pad = $this->pdf(); + + $this->recomputeAESKey = false; + } + + $hashedmessage = $this->uhash($text, $this->length); + return $hashedmessage ^ $this->pad; + } + + if (is_array($algo)) { + if (empty($this->key) || !is_string($this->key)) { + return substr($algo($text, ...array_values($this->parameters)), 0, $this->length); + } + + // SHA3 HMACs are discussed at https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf#page=30 + + $key = str_pad($this->computedKey, $b, chr(0)); + $temp = $this->ipad ^ $key; + $temp .= $text; + $temp = substr($algo($temp, ...array_values($this->parameters)), 0, $this->length); + $output = $this->opad ^ $key; + $output .= $temp; + $output = $algo($output, ...array_values($this->parameters)); + + return substr($output, 0, $this->length); + } + + $output = !empty($this->key) || is_string($this->key) ? + hash_hmac($algo, $text, $this->computedKey, true) : + hash($algo, $text, true); + + return strlen($output) > $this->length + ? substr($output, 0, $this->length) + : $output; + } + + /** + * Returns the hash length (in bits) + */ + public function getLength(): int + { + return $this->length << 3; + } + + /** + * Returns the hash length (in bytes) + */ + public function getLengthInBytes(): int + { + return $this->length; + } + + /** + * Returns the block length (in bits) + */ + public function getBlockLength(): int + { + return $this->blockSize; + } + + /** + * Returns the block length (in bytes) + */ + public function getBlockLengthInBytes(): int + { + return $this->blockSize >> 3; + } + + /** + * Pads SHA3 based on the mode + */ + private static function sha3_pad(int $padLength, int $padType): string + { + switch ($padType) { + case self::PADDING_KECCAK: + $temp = chr(0x01) . str_repeat("\0", $padLength - 1); + $temp[$padLength - 1] = $temp[$padLength - 1] | chr(0x80); + return $temp; + case self::PADDING_SHAKE: + $temp = chr(0x1F) . str_repeat("\0", $padLength - 1); + $temp[$padLength - 1] = $temp[$padLength - 1] | chr(0x80); + return $temp; + //case self::PADDING_SHA3: + default: + // from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf#page=36 + return $padLength == 1 ? chr(0x86) : chr(0x06) . str_repeat("\0", $padLength - 2) . chr(0x80); + } + } + + /** + * Pure-PHP 32-bit implementation of SHA3 + * + * Whereas BigInteger.php's 32-bit engine works on PHP 64-bit this 32-bit implementation + * of SHA3 will *not* work on PHP 64-bit. This is because this implementation + * employees bitwise NOTs and bitwise left shifts. And the round constants only work + * on 32-bit PHP. eg. dechex(-2147483648) returns 80000000 on 32-bit PHP and + * FFFFFFFF80000000 on 64-bit PHP. Sure, we could do bitwise ANDs but that would slow + * things down. + * + * SHA512 requires BigInteger to simulate 64-bit unsigned integers because SHA2 employees + * addition whereas SHA3 just employees bitwise operators. PHP64 only supports signed + * 64-bit integers, which complicates addition, whereas that limitation isn't an issue + * for SHA3. + * + * In https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=919061#page=16 KECCAK[C] is + * defined as "the KECCAK instance with KECCAK-f[1600] as the underlying permutation and + * capacity c". This is relevant because, altho the KECCAK standard defines a mode + * (KECCAK-f[800]) designed for 32-bit machines that mode is incompatible with SHA3 + */ + private static function sha3_32(string $p, int $c, int $r, int $d, int $padType): string + { + $block_size = $r >> 3; + $padLength = $block_size - (strlen($p) % $block_size); + $num_ints = $block_size >> 2; + + $p .= static::sha3_pad($padLength, $padType); + + $n = strlen($p) / $r; // number of blocks + + $s = [ + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + ]; + + $p = str_split($p, $block_size); + + foreach ($p as $pi) { + $pi = unpack('V*', $pi); + $x = $y = 0; + for ($i = 1; $i <= $num_ints; $i += 2) { + $s[$x][$y][0] ^= $pi[$i + 1]; + $s[$x][$y][1] ^= $pi[$i]; + if (++$y == 5) { + $y = 0; + $x++; + } + } + static::processSHA3Block32($s); + } + + $z = ''; + $i = $j = 0; + while (strlen($z) < $d) { + $z .= pack('V2', $s[$i][$j][1], $s[$i][$j++][0]); + if ($j == 5) { + $j = 0; + $i++; + if ($i == 5) { + $i = 0; + static::processSHA3Block32($s); + } + } + } + + return $z; + } + + /** + * 32-bit block processing method for SHA3 + */ + private static function processSHA3Block32(array &$s): void + { + static $rotationOffsets = [ + [ 0, 1, 62, 28, 27], + [36, 44, 6, 55, 20], + [ 3, 10, 43, 25, 39], + [41, 45, 15, 21, 8], + [18, 2, 61, 56, 14], + ]; + + // the standards give these constants in hexadecimal notation. it's tempting to want to use + // that same notation, here, however, we can't, because 0x80000000, on PHP32, is a positive + // float - not the negative int that we need to be in PHP32. so we use -2147483648 instead + static $roundConstants = [ + [0, 1], + [0, 32898], + [-2147483648, 32906], + [-2147483648, -2147450880], + [0, 32907], + [0, -2147483647], + [-2147483648, -2147450751], + [-2147483648, 32777], + [0, 138], + [0, 136], + [0, -2147450871], + [0, -2147483638], + [0, -2147450741], + [-2147483648, 139], + [-2147483648, 32905], + [-2147483648, 32771], + [-2147483648, 32770], + [-2147483648, 128], + [0, 32778], + [-2147483648, -2147483638], + [-2147483648, -2147450751], + [-2147483648, 32896], + [0, -2147483647], + [-2147483648, -2147450872], + ]; + + for ($round = 0; $round < 24; $round++) { + // theta step + $parity = $rotated = []; + for ($i = 0; $i < 5; $i++) { + $parity[] = [ + $s[0][$i][0] ^ $s[1][$i][0] ^ $s[2][$i][0] ^ $s[3][$i][0] ^ $s[4][$i][0], + $s[0][$i][1] ^ $s[1][$i][1] ^ $s[2][$i][1] ^ $s[3][$i][1] ^ $s[4][$i][1], + ]; + $rotated[] = static::rotateLeft32($parity[$i], 1); + } + + $temp = [ + [$parity[4][0] ^ $rotated[1][0], $parity[4][1] ^ $rotated[1][1]], + [$parity[0][0] ^ $rotated[2][0], $parity[0][1] ^ $rotated[2][1]], + [$parity[1][0] ^ $rotated[3][0], $parity[1][1] ^ $rotated[3][1]], + [$parity[2][0] ^ $rotated[4][0], $parity[2][1] ^ $rotated[4][1]], + [$parity[3][0] ^ $rotated[0][0], $parity[3][1] ^ $rotated[0][1]], + ]; + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $s[$i][$j][0] ^= $temp[$j][0]; + $s[$i][$j][1] ^= $temp[$j][1]; + } + } + + $st = $s; + + // rho and pi steps + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $st[(2 * $i + 3 * $j) % 5][$j] = static::rotateLeft32($s[$j][$i], $rotationOffsets[$j][$i]); + } + } + + // chi step + for ($i = 0; $i < 5; $i++) { + $s[$i][0] = [ + $st[$i][0][0] ^ (~$st[$i][1][0] & $st[$i][2][0]), + $st[$i][0][1] ^ (~$st[$i][1][1] & $st[$i][2][1]), + ]; + $s[$i][1] = [ + $st[$i][1][0] ^ (~$st[$i][2][0] & $st[$i][3][0]), + $st[$i][1][1] ^ (~$st[$i][2][1] & $st[$i][3][1]), + ]; + $s[$i][2] = [ + $st[$i][2][0] ^ (~$st[$i][3][0] & $st[$i][4][0]), + $st[$i][2][1] ^ (~$st[$i][3][1] & $st[$i][4][1]), + ]; + $s[$i][3] = [ + $st[$i][3][0] ^ (~$st[$i][4][0] & $st[$i][0][0]), + $st[$i][3][1] ^ (~$st[$i][4][1] & $st[$i][0][1]), + ]; + $s[$i][4] = [ + $st[$i][4][0] ^ (~$st[$i][0][0] & $st[$i][1][0]), + $st[$i][4][1] ^ (~$st[$i][0][1] & $st[$i][1][1]), + ]; + } + + // iota step + $s[0][0][0] ^= $roundConstants[$round][0]; + $s[0][0][1] ^= $roundConstants[$round][1]; + } + } + + /** + * Rotate 32-bit int + */ + private static function rotateLeft32(array $x, int $shift): array + { + if ($shift < 32) { + [$hi, $lo] = $x; + } else { + $shift -= 32; + [$lo, $hi] = $x; + } + + return [ + ($hi << $shift) | (($lo >> (32 - $shift)) & (1 << $shift) - 1), + ($lo << $shift) | (($hi >> (32 - $shift)) & (1 << $shift) - 1), + ]; + } + + /** + * Pure-PHP 64-bit implementation of SHA3 + */ + private static function sha3_64(string $p, int $c, int $r, int $d, int $padType): string + { + $block_size = $r >> 3; + $padLength = $block_size - (strlen($p) % $block_size); + $num_ints = $block_size >> 2; + + $p .= static::sha3_pad($padLength, $padType); + + $n = strlen($p) / $r; // number of blocks + + $s = [ + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0], + ]; + + $p = str_split($p, $block_size); + + foreach ($p as $pi) { + $pi = unpack('P*', $pi); + $x = $y = 0; + foreach ($pi as $subpi) { + $s[$x][$y++] ^= $subpi; + if ($y == 5) { + $y = 0; + $x++; + } + } + static::processSHA3Block64($s); + } + + $z = ''; + $i = $j = 0; + while (strlen($z) < $d) { + $z .= pack('P', $s[$i][$j++]); + if ($j == 5) { + $j = 0; + $i++; + if ($i == 5) { + $i = 0; + static::processSHA3Block64($s); + } + } + } + + return $z; + } + + /** + * 64-bit block processing method for SHA3 + */ + private static function processSHA3Block64(array &$s): void + { + static $rotationOffsets = [ + [ 0, 1, 62, 28, 27], + [36, 44, 6, 55, 20], + [ 3, 10, 43, 25, 39], + [41, 45, 15, 21, 8], + [18, 2, 61, 56, 14], + ]; + + static $roundConstants = [ + 1, + 32898, + -9223372036854742902, + -9223372034707259392, + 32907, + 2147483649, + -9223372034707259263, + -9223372036854743031, + 138, + 136, + 2147516425, + 2147483658, + 2147516555, + -9223372036854775669, + -9223372036854742903, + -9223372036854743037, + -9223372036854743038, + -9223372036854775680, + 32778, + -9223372034707292150, + -9223372034707259263, + -9223372036854742912, + 2147483649, + -9223372034707259384, + ]; + + for ($round = 0; $round < 24; $round++) { + // theta step + $parity = []; + for ($i = 0; $i < 5; $i++) { + $parity[] = $s[0][$i] ^ $s[1][$i] ^ $s[2][$i] ^ $s[3][$i] ^ $s[4][$i]; + } + $temp = [ + $parity[4] ^ static::rotateLeft64($parity[1], 1), + $parity[0] ^ static::rotateLeft64($parity[2], 1), + $parity[1] ^ static::rotateLeft64($parity[3], 1), + $parity[2] ^ static::rotateLeft64($parity[4], 1), + $parity[3] ^ static::rotateLeft64($parity[0], 1), + ]; + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $s[$i][$j] ^= $temp[$j]; + } + } + + $st = $s; + + // rho and pi steps + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $st[(2 * $i + 3 * $j) % 5][$j] = static::rotateLeft64($s[$j][$i], $rotationOffsets[$j][$i]); + } + } + + // chi step + for ($i = 0; $i < 5; $i++) { + $s[$i] = [ + $st[$i][0] ^ (~$st[$i][1] & $st[$i][2]), + $st[$i][1] ^ (~$st[$i][2] & $st[$i][3]), + $st[$i][2] ^ (~$st[$i][3] & $st[$i][4]), + $st[$i][3] ^ (~$st[$i][4] & $st[$i][0]), + $st[$i][4] ^ (~$st[$i][0] & $st[$i][1]), + ]; + } + + // iota step + $s[0][0] ^= $roundConstants[$round]; + } + } + + /** + * Rotate 64-bit int + */ + private static function rotateLeft64(int $x, int $shift): int + { + return ($x << $shift) | (($x >> (64 - $shift)) & ((1 << $shift) - 1)); + } + + /** + * Pure-PHP implementation of SHA512 + */ + private static function sha512(string $m, array $hash): string + { + static $k; + + if (!isset($k)) { + // Initialize table of round constants + // (first 64 bits of the fractional parts of the cube roots of the first 80 primes 2..409) + $k = [ + '428a2f98d728ae22', '7137449123ef65cd', 'b5c0fbcfec4d3b2f', 'e9b5dba58189dbbc', + '3956c25bf348b538', '59f111f1b605d019', '923f82a4af194f9b', 'ab1c5ed5da6d8118', + 'd807aa98a3030242', '12835b0145706fbe', '243185be4ee4b28c', '550c7dc3d5ffb4e2', + '72be5d74f27b896f', '80deb1fe3b1696b1', '9bdc06a725c71235', 'c19bf174cf692694', + 'e49b69c19ef14ad2', 'efbe4786384f25e3', '0fc19dc68b8cd5b5', '240ca1cc77ac9c65', + '2de92c6f592b0275', '4a7484aa6ea6e483', '5cb0a9dcbd41fbd4', '76f988da831153b5', + '983e5152ee66dfab', 'a831c66d2db43210', 'b00327c898fb213f', 'bf597fc7beef0ee4', + 'c6e00bf33da88fc2', 'd5a79147930aa725', '06ca6351e003826f', '142929670a0e6e70', + '27b70a8546d22ffc', '2e1b21385c26c926', '4d2c6dfc5ac42aed', '53380d139d95b3df', + '650a73548baf63de', '766a0abb3c77b2a8', '81c2c92e47edaee6', '92722c851482353b', + 'a2bfe8a14cf10364', 'a81a664bbc423001', 'c24b8b70d0f89791', 'c76c51a30654be30', + 'd192e819d6ef5218', 'd69906245565a910', 'f40e35855771202a', '106aa07032bbd1b8', + '19a4c116b8d2d0c8', '1e376c085141ab53', '2748774cdf8eeb99', '34b0bcb5e19b48a8', + '391c0cb3c5c95a63', '4ed8aa4ae3418acb', '5b9cca4f7763e373', '682e6ff3d6b2b8a3', + '748f82ee5defb2fc', '78a5636f43172f60', '84c87814a1f0ab72', '8cc702081a6439ec', + '90befffa23631e28', 'a4506cebde82bde9', 'bef9a3f7b2c67915', 'c67178f2e372532b', + 'ca273eceea26619c', 'd186b8c721c0c207', 'eada7dd6cde0eb1e', 'f57d4f7fee6ed178', + '06f067aa72176fba', '0a637dc5a2c898a6', '113f9804bef90dae', '1b710b35131c471b', + '28db77f523047d84', '32caab7b40c72493', '3c9ebe0a15c9bebc', '431d67c49c100d4c', + '4cc5d4becb3e42b6', '597f299cfc657e2a', '5fcb6fab3ad6faec', '6c44198c4a475817', + ]; + + for ($i = 0; $i < 80; $i++) { + $k[$i] = new BigInteger($k[$i], 16); + } + } + + // Pre-processing + $length = strlen($m); + // to round to nearest 112 mod 128, we'll add 128 - (length + (128 - 112)) % 128 + $m .= str_repeat(chr(0), 128 - (($length + 16) & 0x7F)); + $m[$length] = chr(0x80); + // we don't support hashing strings 512MB long + $m .= pack('N4', 0, 0, 0, $length << 3); + + // Process the message in successive 1024-bit chunks + $chunks = str_split($m, 128); + foreach ($chunks as $chunk) { + $w = []; + for ($i = 0; $i < 16; $i++) { + $temp = new BigInteger(Strings::shift($chunk, 8), 256); + $temp->setPrecision(64); + $w[] = $temp; + } + + // Extend the sixteen 32-bit words into eighty 32-bit words + for ($i = 16; $i < 80; $i++) { + $temp = [ + $w[$i - 15]->bitwise_rightRotate(1), + $w[$i - 15]->bitwise_rightRotate(8), + $w[$i - 15]->bitwise_rightShift(7), + ]; + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = [ + $w[$i - 2]->bitwise_rightRotate(19), + $w[$i - 2]->bitwise_rightRotate(61), + $w[$i - 2]->bitwise_rightShift(6), + ]; + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $w[$i] = clone $w[$i - 16]; + $w[$i] = $w[$i]->add($s0); + $w[$i] = $w[$i]->add($w[$i - 7]); + $w[$i] = $w[$i]->add($s1); + } + + // Initialize hash value for this chunk + $a = clone $hash[0]; + $b = clone $hash[1]; + $c = clone $hash[2]; + $d = clone $hash[3]; + $e = clone $hash[4]; + $f = clone $hash[5]; + $g = clone $hash[6]; + $h = clone $hash[7]; + + // Main loop + for ($i = 0; $i < 80; $i++) { + $temp = [ + $a->bitwise_rightRotate(28), + $a->bitwise_rightRotate(34), + $a->bitwise_rightRotate(39), + ]; + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = [ + $a->bitwise_and($b), + $a->bitwise_and($c), + $b->bitwise_and($c), + ]; + $maj = $temp[0]->bitwise_xor($temp[1]); + $maj = $maj->bitwise_xor($temp[2]); + $t2 = $s0->add($maj); + + $temp = [ + $e->bitwise_rightRotate(14), + $e->bitwise_rightRotate(18), + $e->bitwise_rightRotate(41), + ]; + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $temp = [ + $e->bitwise_and($f), + $g->bitwise_and($e->bitwise_not()), + ]; + $ch = $temp[0]->bitwise_xor($temp[1]); + $t1 = $h->add($s1); + $t1 = $t1->add($ch); + $t1 = $t1->add($k[$i]); + $t1 = $t1->add($w[$i]); + + $h = clone $g; + $g = clone $f; + $f = clone $e; + $e = $d->add($t1); + $d = clone $c; + $c = clone $b; + $b = clone $a; + $a = $t1->add($t2); + } + + // Add this chunk's hash to result so far + $hash = [ + $hash[0]->add($a), + $hash[1]->add($b), + $hash[2]->add($c), + $hash[3]->add($d), + $hash[4]->add($e), + $hash[5]->add($f), + $hash[6]->add($g), + $hash[7]->add($h), + ]; + } + + // Produce the final hash value (big-endian) + // (\phpseclib3\Crypt\Hash::hash() trims the output for hashes but not for HMACs. as such, we trim the output here) + $temp = $hash[0]->toBytes() . $hash[1]->toBytes() . $hash[2]->toBytes() . $hash[3]->toBytes() . + $hash[4]->toBytes() . $hash[5]->toBytes() . $hash[6]->toBytes() . $hash[7]->toBytes(); + + return $temp; + } + + /** + * __toString() magic method + */ + public function __toString() + { + return $this->getHash(); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/PublicKeyLoader.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/PublicKeyLoader.php new file mode 100644 index 0000000..2d515a4 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/PublicKeyLoader.php @@ -0,0 +1,107 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Exception\NoKeyLoadedException; +use phpseclib3\File\X509; + +/** + * PublicKeyLoader + * + * @author Jim Wigginton + */ +abstract class PublicKeyLoader +{ + /** + * Loads a public or private key + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): AsymmetricKey + { + try { + return EC::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + try { + return RSA::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + try { + return DSA::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + try { + $x509 = new X509(); + $x509->loadX509($key); + $key = $x509->getPublicKey(); + if ($key) { + return $key; + } + } catch (\Exception $e) { + } + + throw new NoKeyLoadedException('Unable to read key'); + } + + /** + * Loads a private key + * + * @param string|array $key + */ + public static function loadPrivateKey($key, ?string $password = null): PrivateKey + { + $key = self::load($key, $password); + if (!$key instanceof PrivateKey) { + throw new NoKeyLoadedException('The key that was loaded was not a private key'); + } + return $key; + } + + /** + * Loads a public key + * + * @param string|array $key + */ + public static function loadPublicKey($key): PublicKey + { + $key = self::load($key); + if (!$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a public key'); + } + return $key; + } + + /** + * Loads parameters + * + * @param string|array $key + */ + public static function loadParameters($key): AsymmetricKey + { + $key = self::load($key); + if (!$key instanceof PrivateKey && !$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a parameter'); + } + return $key; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RC2.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RC2.php new file mode 100644 index 0000000..186d3b2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RC2.php @@ -0,0 +1,614 @@ + + * setKey('abcdefgh'); + * + * $plaintext = str_repeat('a', 1024); + * + * echo $rc2->decrypt($rc2->encrypt($plaintext)); + * ?> + * + * + * @author Patrick Monnerat + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of RC2. + */ +class RC2 extends BlockCipher +{ + /** + * Block Length of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 8; + + /** + * The Key + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::key + * @see self::setKey() + * @var string + */ + protected $key; + + /** + * The Original (unpadded) Key + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::key + * @see self::setKey() + * @see self::encrypt() + * @see self::decrypt() + * @var string + */ + private $orig_key; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\RC2::setKeyLength() + * @var int + */ + protected $key_length = 16; // = 128 bits + + /** + * The key length in bits. + * + * {@internal Should be in range [1..1024].} + * + * {@internal Changing this value after setting the key has no effect.} + * + * @see self::setKeyLength() + * @see self::setKey() + * @var int + */ + private $default_key_length = 1024; + + /** + * The key length in bits. + * + * {@internal Should be in range [1..1024].} + * + * @see self::isValidEnine() + * @see self::setKey() + * @var int + */ + private $current_key_length; + + /** + * The Key Schedule + * + * @see self::setupKey() + * @var array + */ + private $keys; + + /** + * Key expansion randomization table. + * Twice the same 256-value sequence to save a modulus in key expansion. + * + * @see self::setKey() + * @var array + */ + private static $pitable = [ + 0xD9, 0x78, 0xF9, 0xC4, 0x19, 0xDD, 0xB5, 0xED, + 0x28, 0xE9, 0xFD, 0x79, 0x4A, 0xA0, 0xD8, 0x9D, + 0xC6, 0x7E, 0x37, 0x83, 0x2B, 0x76, 0x53, 0x8E, + 0x62, 0x4C, 0x64, 0x88, 0x44, 0x8B, 0xFB, 0xA2, + 0x17, 0x9A, 0x59, 0xF5, 0x87, 0xB3, 0x4F, 0x13, + 0x61, 0x45, 0x6D, 0x8D, 0x09, 0x81, 0x7D, 0x32, + 0xBD, 0x8F, 0x40, 0xEB, 0x86, 0xB7, 0x7B, 0x0B, + 0xF0, 0x95, 0x21, 0x22, 0x5C, 0x6B, 0x4E, 0x82, + 0x54, 0xD6, 0x65, 0x93, 0xCE, 0x60, 0xB2, 0x1C, + 0x73, 0x56, 0xC0, 0x14, 0xA7, 0x8C, 0xF1, 0xDC, + 0x12, 0x75, 0xCA, 0x1F, 0x3B, 0xBE, 0xE4, 0xD1, + 0x42, 0x3D, 0xD4, 0x30, 0xA3, 0x3C, 0xB6, 0x26, + 0x6F, 0xBF, 0x0E, 0xDA, 0x46, 0x69, 0x07, 0x57, + 0x27, 0xF2, 0x1D, 0x9B, 0xBC, 0x94, 0x43, 0x03, + 0xF8, 0x11, 0xC7, 0xF6, 0x90, 0xEF, 0x3E, 0xE7, + 0x06, 0xC3, 0xD5, 0x2F, 0xC8, 0x66, 0x1E, 0xD7, + 0x08, 0xE8, 0xEA, 0xDE, 0x80, 0x52, 0xEE, 0xF7, + 0x84, 0xAA, 0x72, 0xAC, 0x35, 0x4D, 0x6A, 0x2A, + 0x96, 0x1A, 0xD2, 0x71, 0x5A, 0x15, 0x49, 0x74, + 0x4B, 0x9F, 0xD0, 0x5E, 0x04, 0x18, 0xA4, 0xEC, + 0xC2, 0xE0, 0x41, 0x6E, 0x0F, 0x51, 0xCB, 0xCC, + 0x24, 0x91, 0xAF, 0x50, 0xA1, 0xF4, 0x70, 0x39, + 0x99, 0x7C, 0x3A, 0x85, 0x23, 0xB8, 0xB4, 0x7A, + 0xFC, 0x02, 0x36, 0x5B, 0x25, 0x55, 0x97, 0x31, + 0x2D, 0x5D, 0xFA, 0x98, 0xE3, 0x8A, 0x92, 0xAE, + 0x05, 0xDF, 0x29, 0x10, 0x67, 0x6C, 0xBA, 0xC9, + 0xD3, 0x00, 0xE6, 0xCF, 0xE1, 0x9E, 0xA8, 0x2C, + 0x63, 0x16, 0x01, 0x3F, 0x58, 0xE2, 0x89, 0xA9, + 0x0D, 0x38, 0x34, 0x1B, 0xAB, 0x33, 0xFF, 0xB0, + 0xBB, 0x48, 0x0C, 0x5F, 0xB9, 0xB1, 0xCD, 0x2E, + 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, + 0x0A, 0xA6, 0x20, 0x68, 0xFE, 0x7F, 0xC1, 0xAD, + 0xD9, 0x78, 0xF9, 0xC4, 0x19, 0xDD, 0xB5, 0xED, + 0x28, 0xE9, 0xFD, 0x79, 0x4A, 0xA0, 0xD8, 0x9D, + 0xC6, 0x7E, 0x37, 0x83, 0x2B, 0x76, 0x53, 0x8E, + 0x62, 0x4C, 0x64, 0x88, 0x44, 0x8B, 0xFB, 0xA2, + 0x17, 0x9A, 0x59, 0xF5, 0x87, 0xB3, 0x4F, 0x13, + 0x61, 0x45, 0x6D, 0x8D, 0x09, 0x81, 0x7D, 0x32, + 0xBD, 0x8F, 0x40, 0xEB, 0x86, 0xB7, 0x7B, 0x0B, + 0xF0, 0x95, 0x21, 0x22, 0x5C, 0x6B, 0x4E, 0x82, + 0x54, 0xD6, 0x65, 0x93, 0xCE, 0x60, 0xB2, 0x1C, + 0x73, 0x56, 0xC0, 0x14, 0xA7, 0x8C, 0xF1, 0xDC, + 0x12, 0x75, 0xCA, 0x1F, 0x3B, 0xBE, 0xE4, 0xD1, + 0x42, 0x3D, 0xD4, 0x30, 0xA3, 0x3C, 0xB6, 0x26, + 0x6F, 0xBF, 0x0E, 0xDA, 0x46, 0x69, 0x07, 0x57, + 0x27, 0xF2, 0x1D, 0x9B, 0xBC, 0x94, 0x43, 0x03, + 0xF8, 0x11, 0xC7, 0xF6, 0x90, 0xEF, 0x3E, 0xE7, + 0x06, 0xC3, 0xD5, 0x2F, 0xC8, 0x66, 0x1E, 0xD7, + 0x08, 0xE8, 0xEA, 0xDE, 0x80, 0x52, 0xEE, 0xF7, + 0x84, 0xAA, 0x72, 0xAC, 0x35, 0x4D, 0x6A, 0x2A, + 0x96, 0x1A, 0xD2, 0x71, 0x5A, 0x15, 0x49, 0x74, + 0x4B, 0x9F, 0xD0, 0x5E, 0x04, 0x18, 0xA4, 0xEC, + 0xC2, 0xE0, 0x41, 0x6E, 0x0F, 0x51, 0xCB, 0xCC, + 0x24, 0x91, 0xAF, 0x50, 0xA1, 0xF4, 0x70, 0x39, + 0x99, 0x7C, 0x3A, 0x85, 0x23, 0xB8, 0xB4, 0x7A, + 0xFC, 0x02, 0x36, 0x5B, 0x25, 0x55, 0x97, 0x31, + 0x2D, 0x5D, 0xFA, 0x98, 0xE3, 0x8A, 0x92, 0xAE, + 0x05, 0xDF, 0x29, 0x10, 0x67, 0x6C, 0xBA, 0xC9, + 0xD3, 0x00, 0xE6, 0xCF, 0xE1, 0x9E, 0xA8, 0x2C, + 0x63, 0x16, 0x01, 0x3F, 0x58, 0xE2, 0x89, 0xA9, + 0x0D, 0x38, 0x34, 0x1B, 0xAB, 0x33, 0xFF, 0xB0, + 0xBB, 0x48, 0x0C, 0x5F, 0xB9, 0xB1, 0xCD, 0x2E, + 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, + 0x0A, 0xA6, 0x20, 0x68, 0xFE, 0x7F, 0xC1, 0xAD, + ]; + + /** + * Inverse key expansion randomization table. + * + * @see self::setKey() + * @var array + */ + private static $invpitable = [ + 0xD1, 0xDA, 0xB9, 0x6F, 0x9C, 0xC8, 0x78, 0x66, + 0x80, 0x2C, 0xF8, 0x37, 0xEA, 0xE0, 0x62, 0xA4, + 0xCB, 0x71, 0x50, 0x27, 0x4B, 0x95, 0xD9, 0x20, + 0x9D, 0x04, 0x91, 0xE3, 0x47, 0x6A, 0x7E, 0x53, + 0xFA, 0x3A, 0x3B, 0xB4, 0xA8, 0xBC, 0x5F, 0x68, + 0x08, 0xCA, 0x8F, 0x14, 0xD7, 0xC0, 0xEF, 0x7B, + 0x5B, 0xBF, 0x2F, 0xE5, 0xE2, 0x8C, 0xBA, 0x12, + 0xE1, 0xAF, 0xB2, 0x54, 0x5D, 0x59, 0x76, 0xDB, + 0x32, 0xA2, 0x58, 0x6E, 0x1C, 0x29, 0x64, 0xF3, + 0xE9, 0x96, 0x0C, 0x98, 0x19, 0x8D, 0x3E, 0x26, + 0xAB, 0xA5, 0x85, 0x16, 0x40, 0xBD, 0x49, 0x67, + 0xDC, 0x22, 0x94, 0xBB, 0x3C, 0xC1, 0x9B, 0xEB, + 0x45, 0x28, 0x18, 0xD8, 0x1A, 0x42, 0x7D, 0xCC, + 0xFB, 0x65, 0x8E, 0x3D, 0xCD, 0x2A, 0xA3, 0x60, + 0xAE, 0x93, 0x8A, 0x48, 0x97, 0x51, 0x15, 0xF7, + 0x01, 0x0B, 0xB7, 0x36, 0xB1, 0x2E, 0x11, 0xFD, + 0x84, 0x2D, 0x3F, 0x13, 0x88, 0xB3, 0x34, 0x24, + 0x1B, 0xDE, 0xC5, 0x1D, 0x4D, 0x2B, 0x17, 0x31, + 0x74, 0xA9, 0xC6, 0x43, 0x6D, 0x39, 0x90, 0xBE, + 0xC3, 0xB0, 0x21, 0x6B, 0xF6, 0x0F, 0xD5, 0x99, + 0x0D, 0xAC, 0x1F, 0x5C, 0x9E, 0xF5, 0xF9, 0x4C, + 0xD6, 0xDF, 0x89, 0xE4, 0x8B, 0xFF, 0xC7, 0xAA, + 0xE7, 0xED, 0x46, 0x25, 0xB6, 0x06, 0x5E, 0x35, + 0xB5, 0xEC, 0xCE, 0xE8, 0x6C, 0x30, 0x55, 0x61, + 0x4A, 0xFE, 0xA0, 0x79, 0x03, 0xF0, 0x10, 0x72, + 0x7C, 0xCF, 0x52, 0xA6, 0xA7, 0xEE, 0x44, 0xD3, + 0x9A, 0x57, 0x92, 0xD0, 0x5A, 0x7A, 0x41, 0x7F, + 0x0E, 0x00, 0x63, 0xF2, 0x4F, 0x05, 0x83, 0xC9, + 0xA1, 0xD4, 0xDD, 0xC4, 0x56, 0xF4, 0xD2, 0x77, + 0x81, 0x09, 0x82, 0x33, 0x9F, 0x07, 0x86, 0x75, + 0x38, 0x4E, 0x69, 0xF1, 0xAD, 0x23, 0x73, 0x87, + 0x70, 0x02, 0xC2, 0x1E, 0xB8, 0x0A, 0xFC, 0xE6, + ]; + + /** + * Default Constructor. + * + * @throws InvalidArgumentException if an invalid / unsupported mode is provided + */ + public function __construct(string $mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + protected function isValidEngineHelper(int $engine): bool + { + switch ($engine) { + case self::ENGINE_OPENSSL: + if ($this->current_key_length != 128 || strlen($this->orig_key) < 16) { + return false; + } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl_ecb = 'rc2-ecb'; + $this->cipher_name_openssl = 'rc2-' . $this->openssl_translate_mode(); + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the key length. + * + * Valid key lengths are 8 to 1024. + * Calling this function after setting the key has no effect until the next + * \phpseclib3\Crypt\RC2::setKey() call. + * + * @param int $length in bits + * @throws LengthException if the key length isn't supported + */ + public function setKeyLength(int $length): void + { + if ($length < 8 || $length > 1024) { + throw new LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys between 1 and 1024 bits, inclusive, are supported'); + } + + $this->default_key_length = $this->current_key_length = $length; + $this->explicit_key_length = $length >> 3; + } + + /** + * Returns the current key length + */ + public function getKeyLength(): int + { + return $this->current_key_length; + } + + /** + * Sets the key. + * + * Keys can be of any length. RC2, itself, uses 8 to 1024 bit keys (eg. + * strlen($key) <= 128), however, we only use the first 128 bytes if $key + * has more then 128 bytes in it, and set $key to a single null byte if + * it is empty. + * + * @throws LengthException if the key length isn't supported + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKey() + */ + public function setKey(string $key, ?int $t1 = null): void + { + $this->orig_key = $key; + + if ($t1 === null) { + $t1 = $this->default_key_length; + } + + if ($t1 < 1 || $t1 > 1024) { + throw new LengthException('Key size of ' . $t1 . ' bits is not supported by this algorithm. Only keys between 1 and 1024 bits, inclusive, are supported'); + } + + $this->current_key_length = $t1; + if (strlen($key) < 1 || strlen($key) > 128) { + throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes between 8 and 1024 bits, inclusive, are supported'); + } + + $t = strlen($key); + + // The mcrypt RC2 implementation only supports effective key length + // of 1024 bits. It is however possible to handle effective key + // lengths in range 1..1024 by expanding the key and applying + // inverse pitable mapping to the first byte before submitting it + // to mcrypt. + + // Key expansion. + $l = array_values(unpack('C*', $key)); + $t8 = ($t1 + 7) >> 3; + $tm = 0xFF >> (8 * $t8 - $t1); + + // Expand key. + $pitable = self::$pitable; + for ($i = $t; $i < 128; $i++) { + $l[$i] = $pitable[$l[$i - 1] + $l[$i - $t]]; + } + $i = 128 - $t8; + $l[$i] = $pitable[$l[$i] & $tm]; + while ($i--) { + $l[$i] = $pitable[$l[$i + 1] ^ $l[$i + $t8]]; + } + + // Prepare the key for mcrypt. + $l[0] = self::$invpitable[$l[0]]; + array_unshift($l, 'C*'); + + $this->key = pack(...$l); + $this->key_length = strlen($this->key); + $this->changed = $this->nonIVChanged = true; + $this->setEngine(); + } + + /** + * Encrypts a message. + * + * Mostly a wrapper for \phpseclib3\Crypt\Common\SymmetricKey::encrypt, with some additional OpenSSL handling code + * + * @return string $ciphertext + * @see self::decrypt() + */ + public function encrypt(string $plaintext): string + { + if ($this->engine == self::ENGINE_OPENSSL) { + $temp = $this->key; + $this->key = $this->orig_key; + $result = parent::encrypt($plaintext); + $this->key = $temp; + return $result; + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * Mostly a wrapper for \phpseclib3\Crypt\Common\SymmetricKey::decrypt, with some additional OpenSSL handling code + * + * @return string $plaintext + * @see self::encrypt() + */ + public function decrypt(string $ciphertext): string + { + if ($this->engine == self::ENGINE_OPENSSL) { + $temp = $this->key; + $this->key = $this->orig_key; + $result = parent::decrypt($ciphertext); + $this->key = $temp; + return $result; + } + + return parent::decrypt($ciphertext); + } + + /** + * Encrypts a block + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + */ + protected function encryptBlock(string $in): string + { + [$r0, $r1, $r2, $r3] = array_values(unpack('v*', $in)); + $keys = $this->keys; + $limit = 20; + $actions = [$limit => 44, 44 => 64]; + $j = 0; + + for (;;) { + // Mixing round. + $r0 = (($r0 + $keys[$j++] + ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF) << 1; + $r0 |= $r0 >> 16; + $r1 = (($r1 + $keys[$j++] + ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF) << 2; + $r1 |= $r1 >> 16; + $r2 = (($r2 + $keys[$j++] + ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF) << 3; + $r2 |= $r2 >> 16; + $r3 = (($r3 + $keys[$j++] + ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF) << 5; + $r3 |= $r3 >> 16; + + if ($j === $limit) { + if ($limit === 64) { + break; + } + + // Mashing round. + $r0 += $keys[$r3 & 0x3F]; + $r1 += $keys[$r0 & 0x3F]; + $r2 += $keys[$r1 & 0x3F]; + $r3 += $keys[$r2 & 0x3F]; + $limit = $actions[$limit]; + } + } + + return pack('vvvv', $r0, $r1, $r2, $r3); + } + + /** + * Decrypts a block + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::decryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + protected function decryptBlock(string $in): string + { + [$r0, $r1, $r2, $r3] = array_values(unpack('v*', $in)); + $keys = $this->keys; + $limit = 44; + $actions = [$limit => 20, 20 => 0]; + $j = 64; + + for (;;) { + // R-mixing round. + $r3 = ($r3 | ($r3 << 16)) >> 5; + $r3 = ($r3 - $keys[--$j] - ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF; + $r2 = ($r2 | ($r2 << 16)) >> 3; + $r2 = ($r2 - $keys[--$j] - ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF; + $r1 = ($r1 | ($r1 << 16)) >> 2; + $r1 = ($r1 - $keys[--$j] - ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF; + $r0 = ($r0 | ($r0 << 16)) >> 1; + $r0 = ($r0 - $keys[--$j] - ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF; + + if ($j === $limit) { + if ($limit === 0) { + break; + } + + // R-mashing round. + $r3 = ($r3 - $keys[$r2 & 0x3F]) & 0xFFFF; + $r2 = ($r2 - $keys[$r1 & 0x3F]) & 0xFFFF; + $r1 = ($r1 - $keys[$r0 & 0x3F]) & 0xFFFF; + $r0 = ($r0 - $keys[$r3 & 0x3F]) & 0xFFFF; + $limit = $actions[$limit]; + } + } + + return pack('vvvv', $r0, $r1, $r2, $r3); + } + + /** + * Creates the key schedule + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey(): void + { + if (!isset($this->key)) { + $this->setKey(''); + } + + // Key has already been expanded in \phpseclib3\Crypt\RC2::setKey(): + // Only the first value must be altered. + $l = unpack('Ca/Cb/v*', $this->key); + array_unshift($l, self::$pitable[$l['a']] | ($l['b'] << 8)); + unset($l['a']); + unset($l['b']); + $this->keys = $l; + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupInlineCrypt() + */ + protected function setupInlineCrypt(): void + { + // Init code for both, encrypt and decrypt. + $init_crypt = '$keys = $this->keys;'; + + $keys = $this->keys; + + // $in is the current 8 bytes block which has to be en/decrypt + $encrypt_block = $decrypt_block = ' + $in = unpack("v4", $in); + $r0 = $in[1]; + $r1 = $in[2]; + $r2 = $in[3]; + $r3 = $in[4]; + '; + + // Create code for encryption. + $limit = 20; + $actions = [$limit => 44, 44 => 64]; + $j = 0; + + for (;;) { + // Mixing round. + $encrypt_block .= ' + $r0 = (($r0 + ' . $keys[$j++] . ' + + ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF) << 1; + $r0 |= $r0 >> 16; + $r1 = (($r1 + ' . $keys[$j++] . ' + + ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF) << 2; + $r1 |= $r1 >> 16; + $r2 = (($r2 + ' . $keys[$j++] . ' + + ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF) << 3; + $r2 |= $r2 >> 16; + $r3 = (($r3 + ' . $keys[$j++] . ' + + ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF) << 5; + $r3 |= $r3 >> 16;'; + + if ($j === $limit) { + if ($limit === 64) { + break; + } + + // Mashing round. + $encrypt_block .= ' + $r0 += $keys[$r3 & 0x3F]; + $r1 += $keys[$r0 & 0x3F]; + $r2 += $keys[$r1 & 0x3F]; + $r3 += $keys[$r2 & 0x3F];'; + $limit = $actions[$limit]; + } + } + + $encrypt_block .= '$in = pack("v4", $r0, $r1, $r2, $r3);'; + + // Create code for decryption. + $limit = 44; + $actions = [$limit => 20, 20 => 0]; + $j = 64; + + for (;;) { + // R-mixing round. + $decrypt_block .= ' + $r3 = ($r3 | ($r3 << 16)) >> 5; + $r3 = ($r3 - ' . $keys[--$j] . ' - + ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF; + $r2 = ($r2 | ($r2 << 16)) >> 3; + $r2 = ($r2 - ' . $keys[--$j] . ' - + ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF; + $r1 = ($r1 | ($r1 << 16)) >> 2; + $r1 = ($r1 - ' . $keys[--$j] . ' - + ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF; + $r0 = ($r0 | ($r0 << 16)) >> 1; + $r0 = ($r0 - ' . $keys[--$j] . ' - + ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF;'; + + if ($j === $limit) { + if ($limit === 0) { + break; + } + + // R-mashing round. + $decrypt_block .= ' + $r3 = ($r3 - $keys[$r2 & 0x3F]) & 0xFFFF; + $r2 = ($r2 - $keys[$r1 & 0x3F]) & 0xFFFF; + $r1 = ($r1 - $keys[$r0 & 0x3F]) & 0xFFFF; + $r0 = ($r0 - $keys[$r3 & 0x3F]) & 0xFFFF;'; + $limit = $actions[$limit]; + } + } + + $decrypt_block .= '$in = pack("v4", $r0, $r1, $r2, $r3);'; + + // Creates the inline-crypt function + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block, + ] + ); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RC4.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RC4.php new file mode 100644 index 0000000..7f586bf --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RC4.php @@ -0,0 +1,264 @@ + + * setKey('abcdefgh'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $rc4->decrypt($rc4->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\StreamCipher; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of RC4. + * + * @author Jim Wigginton + */ +class RC4 extends StreamCipher +{ + /** + * @see \phpseclib3\Crypt\RC4::_crypt() + */ + public const ENCRYPT = 0; + + /** + * @see \phpseclib3\Crypt\RC4::_crypt() + */ + public const DECRYPT = 1; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\RC4::setKeyLength() + * @var int + */ + protected $key_length = 128; // = 1024 bits + + /** + * The Key + * + * @see self::setKey() + * @var string + */ + protected $key; + + /** + * The Key Stream for decryption and encryption + * + * @see self::setKey() + * @var array + */ + private $stream; + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + protected function isValidEngineHelper(int $engine): bool + { + if ($engine == self::ENGINE_OPENSSL) { + if ($this->continuousBuffer) { + return false; + } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl = 'rc4-40'; + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the key length + * + * Keys can be between 1 and 256 bytes long. + * + * @throws LengthException if the key length is invalid + */ + public function setKeyLength(int $length): void + { + if ($length < 8 || $length > 2048) { + throw new LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys between 1 and 256 bytes are supported'); + } + + $this->key_length = $length >> 3; + + parent::setKeyLength($length); + } + + /** + * Sets the key length + * + * Keys can be between 1 and 256 bytes long. + */ + public function setKey(string $key): void + { + $length = strlen($key); + if ($length < 1 || $length > 256) { + throw new LengthException('Key size of ' . $length . ' bytes is not supported by RC4. Keys must be between 1 and 256 bytes long'); + } + + parent::setKey($key); + } + + /** + * Encrypts a message. + * + * @return string $ciphertext + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @see self::crypt() + */ + public function encrypt(string $plaintext): string + { + if ($this->engine != self::ENGINE_INTERNAL) { + return parent::encrypt($plaintext); + } + return $this->crypt($plaintext, self::ENCRYPT); + } + + /** + * Decrypts a message. + * + * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). + * At least if the continuous buffer is disabled. + * + * @return string $plaintext + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see self::crypt() + */ + public function decrypt(string $ciphertext): string + { + if ($this->engine != self::ENGINE_INTERNAL) { + return parent::decrypt($ciphertext); + } + return $this->crypt($ciphertext, self::DECRYPT); + } + + /** + * Encrypts a block + */ + protected function encryptBlock(string $in): string + { + // RC4 does not utilize this method + return ''; + } + + /** + * Decrypts a block + */ + protected function decryptBlock(string $in): string + { + // RC4 does not utilize this method + return ''; + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupKey() + */ + protected function setupKey(): void + { + $key = $this->key; + $keyLength = strlen($key); + $keyStream = range(0, 255); + $j = 0; + for ($i = 0; $i < 256; $i++) { + $j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255; + $temp = $keyStream[$i]; + $keyStream[$i] = $keyStream[$j]; + $keyStream[$j] = $temp; + } + + $this->stream = []; + $this->stream[self::DECRYPT] = $this->stream[self::ENCRYPT] = [ + 0, // index $i + 0, // index $j + $keyStream, + ]; + } + + /** + * Encrypts or decrypts a message. + * + * @return string $text + * @see self::decrypt() + * @see self::encrypt() + */ + private function crypt(string $text, int $mode): string + { + if ($this->changed) { + $this->setup(); + } + + $stream = &$this->stream[$mode]; + if ($this->continuousBuffer) { + $i = &$stream[0]; + $j = &$stream[1]; + $keyStream = &$stream[2]; + } else { + $i = $stream[0]; + $j = $stream[1]; + $keyStream = $stream[2]; + } + + $len = strlen($text); + for ($k = 0; $k < $len; ++$k) { + $i = ($i + 1) & 255; + $ksi = $keyStream[$i]; + $j = ($j + $ksi) & 255; + $ksj = $keyStream[$j]; + + $keyStream[$i] = $ksj; + $keyStream[$j] = $ksi; + $text[$k] = $text[$k] ^ chr($keyStream[($ksj + $ksi) & 255]); + } + + return $text; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA.php new file mode 100644 index 0000000..c202425 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA.php @@ -0,0 +1,889 @@ + + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $ciphertext = $public->encrypt($plaintext); + * + * echo $private->decrypt($ciphertext); + * ?> + * + * + * Here's an example of how to create signatures and verify signatures with this library: + * + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $signature = $private->sign($plaintext); + * + * echo $public->verify($plaintext, $signature) ? 'verified' : 'unverified'; + * ?> + * + * + * One thing to consider when using this: so phpseclib uses PSS mode by default. + * Technically, id-RSASSA-PSS has a different key format than rsaEncryption. So + * should phpseclib save to the id-RSASSA-PSS format by default or the + * rsaEncryption format? For stand-alone keys I figure rsaEncryption is better + * because SSH doesn't use PSS and idk how many SSH servers would be able to + * decode an id-RSASSA-PSS key. For X.509 certificates the id-RSASSA-PSS + * format is used by default (unless you change it up to use PKCS1 instead) + * + * @author Jim Wigginton + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Crypt\RSA\PrivateKey; +use phpseclib3\Crypt\RSA\PublicKey; +use phpseclib3\Exception\InconsistentSetupException; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\OutOfRangeException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP PKCS#1 compliant implementation of RSA. + * + * @author Jim Wigginton + */ +abstract class RSA extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + public const ALGORITHM = 'RSA'; + + /** + * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding} + * (OAEP) for encryption / decryption. + * + * Uses sha256 by default + * + * @see self::setHash() + * @see self::setMGFHash() + * @see self::encrypt() + * @see self::decrypt() + */ + public const ENCRYPTION_OAEP = 1; + + /** + * Use PKCS#1 padding. + * + * Although self::PADDING_OAEP / self::PADDING_PSS offers more security, including PKCS#1 padding is necessary for purposes of backwards + * compatibility with protocols (like SSH-1) written before OAEP's introduction. + * + * @see self::encrypt() + * @see self::decrypt() + */ + public const ENCRYPTION_PKCS1 = 2; + + /** + * Do not use any padding + * + * Although this method is not recommended it can none-the-less sometimes be useful if you're trying to decrypt some legacy + * stuff, if you're trying to diagnose why an encrypted message isn't decrypting, etc. + * + * @see self::encrypt() + * @see self::decrypt() + */ + public const ENCRYPTION_NONE = 4; + + /** + * Use the Probabilistic Signature Scheme for signing + * + * Uses sha256 and 0 as the salt length + * + * @see self::setSaltLength() + * @see self::setMGFHash() + * @see self::setHash() + * @see self::sign() + * @see self::verify() + * @see self::setHash() + */ + public const SIGNATURE_PSS = 16; + + /** + * Use a relaxed version of PKCS#1 padding for signature verification + * + * @see self::sign() + * @see self::verify() + * @see self::setHash() + */ + public const SIGNATURE_RELAXED_PKCS1 = 32; + + /** + * Use PKCS#1 padding for signature verification + * + * @see self::sign() + * @see self::verify() + * @see self::setHash() + */ + public const SIGNATURE_PKCS1 = 64; + + /** + * Encryption padding mode + * + * @var int + */ + protected $encryptionPadding = self::ENCRYPTION_OAEP; + + /** + * Signature padding mode + * + * @var int + */ + protected $signaturePadding = self::SIGNATURE_PSS; + + /** + * Length of hash function output + * + * @var int + */ + protected $hLen; + + /** + * Length of salt + * + * @var int|null + */ + protected $sLen = null; + + /** + * Label + * + * @var string + */ + protected $label = ''; + + /** + * Hash function for the Mask Generation Function + * + * @var Hash + */ + protected $mgfHash; + + /** + * Length of MGF hash function output + * + * @var int + */ + protected $mgfHLen; + + /** + * Modulus (ie. n) + * + * @var BigInteger + */ + protected $modulus; + + /** + * Modulus length + * + * @var int + */ + protected $k; + + /** + * Exponent (ie. e or d) + * + * @var BigInteger + */ + protected $exponent; + + /** + * Default public exponent + * + * @var int + * @link http://en.wikipedia.org/wiki/65537_%28number%29 + */ + private static $defaultExponent = 65537; + + /** + * Enable Blinding? + * + * @var bool + */ + protected static $enableBlinding = true; + + /** + * OpenSSL configuration file name. + * + * @see self::createKey() + * @var ?string + */ + protected static $configFile; + + /** + * Smallest Prime + * + * Per , this number ought not result in primes smaller + * than 256 bits. As a consequence if the key you're trying to create is 1024 bits and you've set smallestPrime + * to 384 bits then you're going to get a 384 bit prime and a 640 bit prime (384 + 1024 % 384). At least if + * engine is set to self::ENGINE_INTERNAL. If Engine is set to self::ENGINE_OPENSSL then smallest Prime is + * ignored (ie. multi-prime RSA support is more intended as a way to speed up RSA key generation when there's + * a chance neither gmp nor OpenSSL are installed) + * + * @var int + */ + private static $smallestPrime = 4096; + + /** + * Public Exponent + * + * @var BigInteger + */ + protected $publicExponent; + + /** + * Sets the public exponent for key generation + * + * This will be 65537 unless changed. + */ + public static function setExponent(int $val): void + { + self::$defaultExponent = $val; + } + + /** + * Sets the smallest prime number in bits. Used for key generation + * + * This will be 4096 unless changed. + */ + public static function setSmallestPrime(int $val): void + { + self::$smallestPrime = $val; + } + + /** + * Sets the OpenSSL config file path + * + * Set to the empty string to use the default config file + */ + public static function setOpenSSLConfigPath(string $val): void + { + self::$configFile = $val; + } + + /** + * Create a private key + * + * The public key can be extracted from the private key + */ + public static function createKey(int $bits = 2048): PrivateKey + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + $regSize = $bits >> 1; // divide by two to see how many bits P and Q would be + if ($regSize > self::$smallestPrime) { + $num_primes = floor($bits / self::$smallestPrime); + $regSize = self::$smallestPrime; + } else { + $num_primes = 2; + } + + if ($num_primes == 2 && $bits >= 384 && self::$defaultExponent == 65537) { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + // OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum + if (self::$engines['OpenSSL']) { + $config = []; + if (self::$configFile) { + $config['config'] = self::$configFile; + } + $rsa = openssl_pkey_new(['private_key_bits' => $bits] + $config); + openssl_pkey_export($rsa, $privatekeystr, null, $config); + + // clear the buffer of error strings stemming from a minimalistic openssl.cnf + // https://github.com/php/php-src/issues/11054 talks about other errors this'll pick up + while (openssl_error_string() !== false) { + } + + return RSA::load($privatekeystr); + } + } + + static $e; + if (!isset($e)) { + $e = new BigInteger(self::$defaultExponent); + } + + $n = clone self::$one; + $exponents = $coefficients = $primes = []; + $lcm = [ + 'top' => clone self::$one, + 'bottom' => false, + ]; + + do { + for ($i = 1; $i <= $num_primes; $i++) { + if ($i != $num_primes) { + $primes[$i] = BigInteger::randomPrime($regSize); + } else { + extract(BigInteger::minMaxBits($bits)); + /** @var BigInteger $min + * @var BigInteger $max + */ + [$min] = $min->divide($n); + $min = $min->add(self::$one); + [$max] = $max->divide($n); + $primes[$i] = BigInteger::randomRangePrime($min, $max); + } + + // the first coefficient is calculated differently from the rest + // ie. instead of being $primes[1]->modInverse($primes[2]), it's $primes[2]->modInverse($primes[1]) + if ($i > 2) { + $coefficients[$i] = $n->modInverse($primes[$i]); + } + + $n = $n->multiply($primes[$i]); + + $temp = $primes[$i]->subtract(self::$one); + + // textbook RSA implementations use Euler's totient function instead of the least common multiple. + // see http://en.wikipedia.org/wiki/Euler%27s_totient_function + $lcm['top'] = $lcm['top']->multiply($temp); + $lcm['bottom'] = $lcm['bottom'] === false ? $temp : $lcm['bottom']->gcd($temp); + } + + [$temp] = $lcm['top']->divide($lcm['bottom']); + $gcd = $temp->gcd($e); + $i0 = 1; + } while (!$gcd->equals(self::$one)); + + $coefficients[2] = $primes[2]->modInverse($primes[1]); + + $d = $e->modInverse($temp); + + foreach ($primes as $i => $prime) { + $temp = $prime->subtract(self::$one); + $exponents[$i] = $e->modInverse($temp); + } + + // from : + // RSAPrivateKey ::= SEQUENCE { + // version Version, + // modulus INTEGER, -- n + // publicExponent INTEGER, -- e + // privateExponent INTEGER, -- d + // prime1 INTEGER, -- p + // prime2 INTEGER, -- q + // exponent1 INTEGER, -- d mod (p-1) + // exponent2 INTEGER, -- d mod (q-1) + // coefficient INTEGER, -- (inverse of q) mod p + // otherPrimeInfos OtherPrimeInfos OPTIONAL + // } + $privatekey = new PrivateKey(); + $privatekey->modulus = $n; + $privatekey->k = $bits >> 3; + $privatekey->publicExponent = $e; + $privatekey->exponent = $d; + $privatekey->primes = $primes; + $privatekey->exponents = $exponents; + $privatekey->coefficients = $coefficients; + + /* + $publickey = new PublicKey; + $publickey->modulus = $n; + $publickey->k = $bits >> 3; + $publickey->exponent = $e; + $publickey->publicExponent = $e; + $publickey->isPublic = true; + */ + + return $privatekey; + } + + /** + * OnLoad Handler + * + * @return PrivateKey|PublicKey|RSA + */ + protected static function onLoad(array $components) + { + $key = $components['isPublicKey'] ? + new PublicKey() : + new PrivateKey(); + + $key->modulus = $components['modulus']; + $key->publicExponent = $components['publicExponent']; + $key->k = $key->modulus->getLengthInBytes(); + + if ($components['isPublicKey'] || !isset($components['privateExponent'])) { + $key->exponent = $key->publicExponent; + } else { + $key->privateExponent = $components['privateExponent']; + $key->exponent = $key->privateExponent; + $key->primes = $components['primes']; + $key->exponents = $components['exponents']; + $key->coefficients = $components['coefficients']; + } + + if ($components['format'] == PSS::class) { + // in the X509 world RSA keys are assumed to use PKCS1 padding by default. only if the key is + // explicitly a PSS key is the use of PSS assumed. phpseclib does not work like this. phpseclib + // uses PSS padding by default. it assumes the more secure method by default and altho it provides + // for the less secure PKCS1 method you have to go out of your way to use it. this is consistent + // with the latest trends in crypto. libsodium (NaCl) is actually a little more extreme in that + // not only does it defaults to the most secure methods - it doesn't even let you choose less + // secure methods + //$key = $key->withPadding(self::SIGNATURE_PSS); + if (isset($components['hash'])) { + $key = $key->withHash($components['hash']); + } + if (isset($components['MGFHash'])) { + $key = $key->withMGFHash($components['MGFHash']); + } + if (isset($components['saltLength'])) { + $key = $key->withSaltLength($components['saltLength']); + } + } + + return $key; + } + + /** + * Initialize static variables + */ + protected static function initialize_static_variables(): void + { + if (!isset(self::$configFile)) { + self::$configFile = dirname(__FILE__) . '/../openssl.cnf'; + } + + parent::initialize_static_variables(); + } + + /** + * Constructor + * + * PublicKey and PrivateKey objects can only be created from abstract RSA class + */ + protected function __construct() + { + parent::__construct(); + + $this->hLen = $this->hash->getLengthInBytes(); + $this->mgfHash = new Hash('sha256'); + $this->mgfHLen = $this->mgfHash->getLengthInBytes(); + } + + /** + * Integer-to-Octet-String primitive + * + * See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}. + */ + protected function i2osp(BigInteger $x, int $xLen): string + { + $x = $x->toBytes(); + if (strlen($x) > $xLen) { + throw new OutOfRangeException('Resultant string length out of range'); + } + return str_pad($x, $xLen, chr(0), STR_PAD_LEFT); + } + + /** + * Octet-String-to-Integer primitive + * + * See {@link http://tools.ietf.org/html/rfc3447#section-4.2 RFC3447#section-4.2}. + */ + protected function os2ip(string $x): BigInteger + { + return new BigInteger($x, 256); + } + + /** + * EMSA-PKCS1-V1_5-ENCODE + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.2 RFC3447#section-9.2}. + * + * @throws LengthException if the intended encoded message length is too short + */ + protected function emsa_pkcs1_v1_5_encode(string $m, int $emLen): string + { + $h = $this->hash->hash($m); + + // see http://tools.ietf.org/html/rfc3447#page-43 + switch ($this->hash->getHash()) { + case 'md2': + $t = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x02\x05\x00\x04\x10"; + break; + case 'md5': + $t = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10"; + break; + case 'sha1': + $t = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14"; + break; + case 'sha256': + $t = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20"; + break; + case 'sha384': + $t = "\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30"; + break; + case 'sha512': + $t = "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40"; + break; + // from https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf#page=40 + case 'sha224': + $t = "\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x05\x00\x04\x1c"; + break; + case 'sha512/224': + $t = "\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x05\x05\x00\x04\x1c"; + break; + case 'sha512/256': + $t = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x06\x05\x00\x04\x20"; + } + $t .= $h; + $tLen = strlen($t); + + if ($emLen < $tLen + 11) { + throw new LengthException('Intended encoded message length too short'); + } + + $ps = str_repeat(chr(0xFF), $emLen - $tLen - 3); + + $em = "\0\1$ps\0$t"; + + return $em; + } + + /** + * EMSA-PKCS1-V1_5-ENCODE (without NULL) + * + * Quoting https://tools.ietf.org/html/rfc8017#page-65, + * + * "The parameters field associated with id-sha1, id-sha224, id-sha256, + * id-sha384, id-sha512, id-sha512/224, and id-sha512/256 should + * generally be omitted, but if present, it shall have a value of type + * NULL" + */ + protected function emsa_pkcs1_v1_5_encode_without_null(string $m, int $emLen): string + { + $h = $this->hash->hash($m); + + // see http://tools.ietf.org/html/rfc3447#page-43 + switch ($this->hash->getHash()) { + case 'sha1': + $t = "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14"; + break; + case 'sha256': + $t = "\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x04\x20"; + break; + case 'sha384': + $t = "\x30\x3f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x04\x30"; + break; + case 'sha512': + $t = "\x30\x4f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x04\x40"; + break; + // from https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf#page=40 + case 'sha224': + $t = "\x30\x2b\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x04\x1c"; + break; + case 'sha512/224': + $t = "\x30\x2b\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x05\x04\x1c"; + break; + case 'sha512/256': + $t = "\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x06\x04\x20"; + break; + default: + throw new UnsupportedAlgorithmException('md2 and md5 require NULLs'); + } + $t .= $h; + $tLen = strlen($t); + + if ($emLen < $tLen + 11) { + throw new LengthException('Intended encoded message length too short'); + } + + $ps = str_repeat(chr(0xFF), $emLen - $tLen - 3); + + $em = "\0\1$ps\0$t"; + + return $em; + } + + /** + * MGF1 + * + * See {@link http://tools.ietf.org/html/rfc3447#appendix-B.2.1 RFC3447#appendix-B.2.1}. + */ + protected function mgf1(string $mgfSeed, int $maskLen): string + { + // if $maskLen would yield strings larger than 4GB, PKCS#1 suggests a "Mask too long" error be output. + + $t = ''; + $count = ceil($maskLen / $this->mgfHLen); + for ($i = 0; $i < $count; $i++) { + $c = pack('N', $i); + $t .= $this->mgfHash->hash($mgfSeed . $c); + } + + return substr($t, 0, $maskLen); + } + + /** + * Returns the key size + * + * More specifically, this returns the size of the modulo in bits. + */ + public function getLength(): int + { + return !isset($this->modulus) ? 0 : $this->modulus->getLength(); + } + + /** + * Determines which hashing function should be used + * + * Used with signature production / verification and (if the encryption mode is self::PADDING_OAEP) encryption and + * decryption. + */ + public function withHash(string $hash): RSA + { + $new = clone $this; + + // \phpseclib3\Crypt\Hash supports algorithms that PKCS#1 doesn't support. md5-96 and sha1-96, for example. + switch (strtolower($hash)) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha256': + case 'sha384': + case 'sha512': + case 'sha224': + case 'sha512/224': + case 'sha512/256': + $new->hash = new Hash($hash); + break; + default: + throw new UnsupportedAlgorithmException( + 'The only supported hash algorithms are: md2, md5, sha1, sha256, sha384, sha512, sha224, sha512/224, sha512/256' + ); + } + $new->hLen = $new->hash->getLengthInBytes(); + + return $new; + } + + /** + * Determines which hashing function should be used for the mask generation function + * + * The mask generation function is used by self::PADDING_OAEP and self::PADDING_PSS and although it's + * best if Hash and MGFHash are set to the same thing this is not a requirement. + */ + public function withMGFHash(string $hash): RSA + { + $new = clone $this; + + // \phpseclib3\Crypt\Hash supports algorithms that PKCS#1 doesn't support. md5-96 and sha1-96, for example. + switch (strtolower($hash)) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha256': + case 'sha384': + case 'sha512': + case 'sha224': + case 'sha512/224': + case 'sha512/256': + $new->mgfHash = new Hash($hash); + break; + default: + throw new UnsupportedAlgorithmException( + 'The only supported hash algorithms are: md2, md5, sha1, sha256, sha384, sha512, sha224, sha512/224, sha512/256' + ); + } + $new->mgfHLen = $new->mgfHash->getLengthInBytes(); + + return $new; + } + + /** + * Returns the MGF hash algorithm currently being used + */ + public function getMGFHash(): Hash + { + return clone $this->mgfHash; + } + + /** + * Determines the salt length + * + * Used by RSA::PADDING_PSS + * + * To quote from {@link http://tools.ietf.org/html/rfc3447#page-38 RFC3447#page-38}: + * + * Typical salt lengths in octets are hLen (the length of the output + * of the hash function Hash) and 0. + */ + public function withSaltLength(?int $sLen): RSA + { + $new = clone $this; + $new->sLen = $sLen; + return $new; + } + + /** + * Returns the salt length currently being used + */ + public function getSaltLength(): int + { + return $this->sLen !== null ? $this->sLen : $this->hLen; + } + + /** + * Determines the label + * + * Used by RSA::PADDING_OAEP + * + * To quote from {@link http://tools.ietf.org/html/rfc3447#page-17 RFC3447#page-17}: + * + * Both the encryption and the decryption operations of RSAES-OAEP take + * the value of a label L as input. In this version of PKCS #1, L is + * the empty string; other uses of the label are outside the scope of + * this document. + */ + public function withLabel(string $label): RSA + { + $new = clone $this; + $new->label = $label; + return $new; + } + + /** + * Returns the label currently being used + */ + public function getLabel(): string + { + return $this->label; + } + + /** + * Determines the padding modes + * + * Example: $key->withPadding(RSA::ENCRYPTION_PKCS1 | RSA::SIGNATURE_PKCS1); + */ + public function withPadding(int $padding): RSA + { + $masks = [ + self::ENCRYPTION_OAEP, + self::ENCRYPTION_PKCS1, + self::ENCRYPTION_NONE, + ]; + $encryptedCount = 0; + $selected = 0; + foreach ($masks as $mask) { + if ($padding & $mask) { + $selected = $mask; + $encryptedCount++; + } + } + if ($encryptedCount > 1) { + throw new InconsistentSetupException('Multiple encryption padding modes have been selected; at most only one should be selected'); + } + $encryptionPadding = $selected; + + $masks = [ + self::SIGNATURE_PSS, + self::SIGNATURE_RELAXED_PKCS1, + self::SIGNATURE_PKCS1, + ]; + $signatureCount = 0; + $selected = 0; + foreach ($masks as $mask) { + if ($padding & $mask) { + $selected = $mask; + $signatureCount++; + } + } + if ($signatureCount > 1) { + throw new InconsistentSetupException('Multiple signature padding modes have been selected; at most only one should be selected'); + } + $signaturePadding = $selected; + + $new = clone $this; + if ($encryptedCount) { + $new->encryptionPadding = $encryptionPadding; + } + if ($signatureCount) { + $new->signaturePadding = $signaturePadding; + } + return $new; + } + + /** + * Returns the padding currently being used + */ + public function getPadding(): int + { + return $this->signaturePadding | $this->encryptionPadding; + } + + /** + * Returns the current engine being used + * + * OpenSSL is only used in this class (and it's subclasses) for key generation + * Even then it depends on the parameters you're using. It's not used for + * multi-prime RSA nor is it used if the key length is outside of the range + * supported by OpenSSL + * + * @see self::useInternalEngine() + * @see self::useBestEngine() + */ + public function getEngine(): string + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + return self::$engines['OpenSSL'] && self::$defaultExponent == 65537 ? + 'OpenSSL' : + 'PHP'; + } + + /** + * Enable RSA Blinding + */ + public static function enableBlinding(): void + { + static::$enableBlinding = true; + } + + /** + * Disable RSA Blinding + */ + public static function disableBlinding(): void + { + static::$enableBlinding = false; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/JWK.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/JWK.php new file mode 100644 index 0000000..78ff613 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/JWK.php @@ -0,0 +1,130 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\JWK as Progenitor; +use phpseclib3\Math\BigInteger; + +/** + * JWK Formatted RSA Handler + * + * @author Jim Wigginton + */ +abstract class JWK extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $key = parent::loadHelper($key); + + if ($key->kty != 'RSA') { + throw new \RuntimeException('Only RSA JWK keys are supported'); + } + + $count = $publicCount = 0; + $vars = ['n', 'e', 'd', 'p', 'q', 'dp', 'dq', 'qi']; + foreach ($vars as $var) { + if (!isset($key->$var) || !is_string($key->$var)) { + continue; + } + $count++; + $value = new BigInteger(Strings::base64url_decode($key->$var), 256); + switch ($var) { + case 'n': + $publicCount++; + $components['modulus'] = $value; + break; + case 'e': + $publicCount++; + $components['publicExponent'] = $value; + break; + case 'd': + $components['privateExponent'] = $value; + break; + case 'p': + $components['primes'][1] = $value; + break; + case 'q': + $components['primes'][2] = $value; + break; + case 'dp': + $components['exponents'][1] = $value; + break; + case 'dq': + $components['exponents'][2] = $value; + break; + case 'qi': + $components['coefficients'][2] = $value; + } + } + + if ($count == count($vars)) { + return $components + ['isPublicKey' => false]; + } + + if ($count == 2 && $publicCount == 2) { + return $components + ['isPublicKey' => true]; + } + + throw new \UnexpectedValueException('Key does not have an appropriate number of RSA parameters'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param string $password optional + * @param array $options optional + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string + { + if (count($primes) != 2) { + throw new \InvalidArgumentException('JWK does not support multi-prime RSA keys'); + } + + $key = [ + 'kty' => 'RSA', + 'n' => Strings::base64url_encode($n->toBytes()), + 'e' => Strings::base64url_encode($e->toBytes()), + 'd' => Strings::base64url_encode($d->toBytes()), + 'p' => Strings::base64url_encode($primes[1]->toBytes()), + 'q' => Strings::base64url_encode($primes[2]->toBytes()), + 'dp' => Strings::base64url_encode($exponents[1]->toBytes()), + 'dq' => Strings::base64url_encode($exponents[2]->toBytes()), + 'qi' => Strings::base64url_encode($coefficients[2]->toBytes()), + ]; + + return self::wrapKey($key, $options); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []): string + { + $key = [ + 'kty' => 'RSA', + 'n' => Strings::base64url_encode($n->toBytes()), + 'e' => Strings::base64url_encode($e->toBytes()), + ]; + + return self::wrapKey($key, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php new file mode 100644 index 0000000..593a253 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php @@ -0,0 +1,210 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Microsoft BLOB Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class MSBLOB +{ + /** + * Public/Private Key Pair + */ + public const PRIVATEKEYBLOB = 0x7; + /** + * Public Key + */ + public const PUBLICKEYBLOB = 0x6; + /** + * Public Key + */ + public const PUBLICKEYBLOBEX = 0xA; + /** + * RSA public key exchange algorithm + */ + public const CALG_RSA_KEYX = 0x0000A400; + /** + * RSA public key exchange algorithm + */ + public const CALG_RSA_SIGN = 0x00002400; + /** + * Public Key + */ + public const RSA1 = 0x31415352; + /** + * Private Key + */ + public const RSA2 = 0x32415352; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $key = Strings::base64_decode($key); + + if (!is_string($key)) { + throw new UnexpectedValueException('Base64 decoding produced an error'); + } + if (strlen($key) < 20) { + throw new UnexpectedValueException('Key appears to be malformed'); + } + + // PUBLICKEYSTRUC publickeystruc + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa387453(v=vs.85).aspx + extract(unpack('atype/aversion/vreserved/Valgo', Strings::shift($key, 8))); + /** + * @var string $type + * @var string $version + * @var integer $reserved + * @var integer $algo + */ + switch (ord($type)) { + case self::PUBLICKEYBLOB: + case self::PUBLICKEYBLOBEX: + $publickey = true; + break; + case self::PRIVATEKEYBLOB: + $publickey = false; + break; + default: + throw new UnexpectedValueException('Key appears to be malformed'); + } + + $components = ['isPublicKey' => $publickey]; + + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549(v=vs.85).aspx + switch ($algo) { + case self::CALG_RSA_KEYX: + case self::CALG_RSA_SIGN: + break; + default: + throw new UnexpectedValueException('Key appears to be malformed'); + } + + // RSAPUBKEY rsapubkey + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa387685(v=vs.85).aspx + // could do V for pubexp but that's unsigned 32-bit whereas some PHP installs only do signed 32-bit + extract(unpack('Vmagic/Vbitlen/a4pubexp', Strings::shift($key, 12))); + /** + * @var integer $magic + * @var integer $bitlen + * @var string $pubexp + */ + switch ($magic) { + case self::RSA2: + $components['isPublicKey'] = false; + // fall-through + case self::RSA1: + break; + default: + throw new UnexpectedValueException('Key appears to be malformed'); + } + + $baseLength = $bitlen / 16; + if (strlen($key) != 2 * $baseLength && strlen($key) != 9 * $baseLength) { + throw new UnexpectedValueException('Key appears to be malformed'); + } + + $components[$components['isPublicKey'] ? 'publicExponent' : 'privateExponent'] = new BigInteger(strrev($pubexp), 256); + // BYTE modulus[rsapubkey.bitlen/8] + $components['modulus'] = new BigInteger(strrev(Strings::shift($key, $bitlen / 8)), 256); + + if ($publickey) { + return $components; + } + + $components['isPublicKey'] = false; + + // BYTE prime1[rsapubkey.bitlen/16] + $components['primes'] = [1 => new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256)]; + // BYTE prime2[rsapubkey.bitlen/16] + $components['primes'][] = new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256); + // BYTE exponent1[rsapubkey.bitlen/16] + $components['exponents'] = [1 => new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256)]; + // BYTE exponent2[rsapubkey.bitlen/16] + $components['exponents'][] = new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256); + // BYTE coefficient[rsapubkey.bitlen/16] + $components['coefficients'] = [2 => new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256)]; + if (isset($components['privateExponent'])) { + $components['publicExponent'] = $components['privateExponent']; + } + // BYTE privateExponent[rsapubkey.bitlen/8] + $components['privateExponent'] = new BigInteger(strrev(Strings::shift($key, $bitlen / 8)), 256); + + return $components; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null): string + { + if (count($primes) != 2) { + throw new InvalidArgumentException('MSBLOB does not support multi-prime RSA keys'); + } + + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('MSBLOB private keys do not support encryption'); + } + + $n = strrev($n->toBytes()); + $e = str_pad(strrev($e->toBytes()), 4, "\0"); + $key = pack('aavV', chr(self::PRIVATEKEYBLOB), chr(2), 0, self::CALG_RSA_KEYX); + $key .= pack('VVa*', self::RSA2, 8 * strlen($n), $e); + $key .= $n; + $key .= strrev($primes[1]->toBytes()); + $key .= strrev($primes[2]->toBytes()); + $key .= strrev($exponents[1]->toBytes()); + $key .= strrev($exponents[2]->toBytes()); + $key .= strrev($coefficients[2]->toBytes()); + $key .= strrev($d->toBytes()); + + return Strings::base64_encode($key); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $n, BigInteger $e): string + { + $n = strrev($n->toBytes()); + $e = str_pad(strrev($e->toBytes()), 4, "\0"); + $key = pack('aavV', chr(self::PUBLICKEYBLOB), chr(2), 0, self::CALG_RSA_KEYX); + $key .= pack('VVa*', self::RSA1, 8 * strlen($n), $e); + $key .= $n; + + return Strings::base64_encode($key); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..2eee144 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/OpenSSH.php @@ -0,0 +1,120 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\OpenSSH as Progenitor; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; + +/** + * OpenSSH Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH extends Progenitor +{ + /** + * Supported Key Types + * + * @var array + */ + protected static $types = ['ssh-rsa']; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + $parsed = parent::load($key, $password); + + if (isset($parsed['paddedKey'])) { + [$type] = Strings::unpackSSH2('s', $parsed['paddedKey']); + if ($type != $parsed['type']) { + throw new RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])"); + } + + $primes = $coefficients = []; + + [ + $modulus, + $publicExponent, + $privateExponent, + $coefficients[2], + $primes[1], + $primes[2], + $comment, + ] = Strings::unpackSSH2('i6s', $parsed['paddedKey']); + + $temp = $primes[1]->subtract($one); + $exponents = [1 => $publicExponent->modInverse($temp)]; + $temp = $primes[2]->subtract($one); + $exponents[] = $publicExponent->modInverse($temp); + + $isPublicKey = false; + + return compact('publicExponent', 'modulus', 'privateExponent', 'primes', 'coefficients', 'exponents', 'comment', 'isPublicKey'); + } + + [$publicExponent, $modulus] = Strings::unpackSSH2('ii', $parsed['publicKey']); + + return [ + 'isPublicKey' => true, + 'modulus' => $modulus, + 'publicExponent' => $publicExponent, + 'comment' => $parsed['comment'], + ]; + } + + /** + * Convert a public key to the appropriate format + * + * @param array $options optional + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []): string + { + $RSAPublicKey = Strings::packSSH2('sii', 'ssh-rsa', $e, $n); + + if ($options['binary'] ?? self::$binary) { + return $RSAPublicKey; + } + + $comment = $options['comment'] ?? self::$comment; + $RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . $comment; + + return $RSAPublicKey; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string + { + $publicKey = self::savePublicKey($n, $e, ['binary' => true]); + $privateKey = Strings::packSSH2('si6', 'ssh-rsa', $n, $e, $d, $coefficients[2], $primes[1], $primes[2]); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PKCS1.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..15794b4 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PKCS1.php @@ -0,0 +1,152 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#1 Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + * @param string|false $password + */ + public static function load($key, ?string $password = null): array + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (str_contains($key, 'PUBLIC')) { + $components = ['isPublicKey' => true]; + } elseif (str_contains($key, 'PRIVATE')) { + $components = ['isPublicKey' => false]; + } else { + $components = []; + } + + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new RuntimeException('Unable to decode BER'); + } + + $key = ASN1::asn1map($decoded[0], Maps\RSAPrivateKey::MAP); + if (is_array($key)) { + $components += [ + 'modulus' => $key['modulus'], + 'publicExponent' => $key['publicExponent'], + 'privateExponent' => $key['privateExponent'], + 'primes' => [1 => $key['prime1'], $key['prime2']], + 'exponents' => [1 => $key['exponent1'], $key['exponent2']], + 'coefficients' => [2 => $key['coefficient']], + ]; + if ($key['version'] == 'multi') { + foreach ($key['otherPrimeInfos'] as $primeInfo) { + $components['primes'][] = $primeInfo['prime']; + $components['exponents'][] = $primeInfo['exponent']; + $components['coefficients'][] = $primeInfo['coefficient']; + } + } + if (!isset($components['isPublicKey'])) { + $components['isPublicKey'] = false; + } + return $components; + } + + $key = ASN1::asn1map($decoded[0], Maps\RSAPublicKey::MAP); + + if (!is_array($key)) { + throw new RuntimeException('Unable to perform ASN1 mapping'); + } + + if (!isset($components['isPublicKey'])) { + $components['isPublicKey'] = true; + } + + return $components + $key; + } + + /** + * Convert a private key to the appropriate format. + * + * @param string|false $password + * @param array $options optional + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string + { + $num_primes = count($primes); + $key = [ + 'version' => $num_primes == 2 ? 'two-prime' : 'multi', + 'modulus' => $n, + 'publicExponent' => $e, + 'privateExponent' => $d, + 'prime1' => $primes[1], + 'prime2' => $primes[2], + 'exponent1' => $exponents[1], + 'exponent2' => $exponents[2], + 'coefficient' => $coefficients[2], + ]; + for ($i = 3; $i <= $num_primes; $i++) { + $key['otherPrimeInfos'][] = [ + 'prime' => $primes[$i], + 'exponent' => $exponents[$i], + 'coefficient' => $coefficients[$i], + ]; + } + + $key = ASN1::encodeDER($key, Maps\RSAPrivateKey::MAP); + + return self::wrapPrivateKey($key, 'RSA', $password, $options); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $n, BigInteger $e): string + { + $key = [ + 'modulus' => $n, + 'publicExponent' => $e, + ]; + + $key = ASN1::encodeDER($key, Maps\RSAPublicKey::MAP); + + return self::wrapPublicKey($key, 'RSA'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PKCS8.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..78a776a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PKCS8.php @@ -0,0 +1,109 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + public const OID_NAME = 'rsaEncryption'; + + /** + * OID Value + * + * @var string + */ + public const OID_VALUE = '1.2.840.113549.1.1.1'; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + $key = parent::load($key, $password); + + if (isset($key['privateKey'])) { + $components['isPublicKey'] = false; + $type = 'private'; + } else { + $components['isPublicKey'] = true; + $type = 'public'; + } + + $result = $components + PKCS1::load($key[$type . 'Key']); + + if (isset($key['meta'])) { + $result['meta'] = $key['meta']; + } + + return $result; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string + { + $key = PKCS1::savePrivateKey($n, $e, $d, $primes, $exponents, $coefficients); + $key = ASN1::extractBER($key); + return self::wrapPrivateKey($key, [], null, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param array $options optional + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []): string + { + $key = PKCS1::savePublicKey($n, $e); + $key = ASN1::extractBER($key); + return self::wrapPublicKey($key, null); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PSS.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PSS.php new file mode 100644 index 0000000..eec73b2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PSS.php @@ -0,0 +1,225 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted RSA-PSS Key Handler + * + * @author Jim Wigginton + */ +abstract class PSS extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + public const OID_NAME = 'id-RSASSA-PSS'; + + /** + * OID Value + * + * @var string + */ + public const OID_VALUE = '1.2.840.113549.1.1.10'; + + /** + * OIDs loaded + * + * @var bool + */ + private static $oidsLoaded = false; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Initialize static variables + */ + private static function initialize_static_variables(): void + { + if (!self::$oidsLoaded) { + ASN1::loadOIDs([ + 'md2' => '1.2.840.113549.2.2', + 'md4' => '1.2.840.113549.2.4', + 'md5' => '1.2.840.113549.2.5', + 'id-sha1' => '1.3.14.3.2.26', + 'id-sha256' => '2.16.840.1.101.3.4.2.1', + 'id-sha384' => '2.16.840.1.101.3.4.2.2', + 'id-sha512' => '2.16.840.1.101.3.4.2.3', + 'id-sha224' => '2.16.840.1.101.3.4.2.4', + 'id-sha512/224' => '2.16.840.1.101.3.4.2.5', + 'id-sha512/256' => '2.16.840.1.101.3.4.2.6', + + 'id-mgf1' => '1.2.840.113549.1.1.8', + ]); + self::$oidsLoaded = true; + } + } + + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + self::initialize_static_variables(); + + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $components = ['isPublicKey' => str_contains($key, 'PUBLIC')]; + + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'private' : 'public'; + + $result = $components + PKCS1::load($key[$type . 'Key']); + + if (isset($key[$type . 'KeyAlgorithm']['parameters'])) { + $decoded = ASN1::decodeBER($key[$type . 'KeyAlgorithm']['parameters']); + if ($decoded === false) { + throw new UnexpectedValueException('Unable to decode parameters'); + } + $params = ASN1::asn1map($decoded[0], Maps\RSASSA_PSS_params::MAP); + } else { + $params = []; + } + + if (isset($params['maskGenAlgorithm']['parameters'])) { + $decoded = ASN1::decodeBER($params['maskGenAlgorithm']['parameters']); + if ($decoded === false) { + throw new UnexpectedValueException('Unable to decode parameters'); + } + $params['maskGenAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], Maps\HashAlgorithm::MAP); + } else { + $params['maskGenAlgorithm'] = [ + 'algorithm' => 'id-mgf1', + 'parameters' => ['algorithm' => 'id-sha1'], + ]; + } + + if (!isset($params['hashAlgorithm']['algorithm'])) { + $params['hashAlgorithm']['algorithm'] = 'id-sha1'; + } + + $result['hash'] = str_replace('id-', '', $params['hashAlgorithm']['algorithm']); + $result['MGFHash'] = str_replace('id-', '', $params['maskGenAlgorithm']['parameters']['algorithm']); + if (isset($params['saltLength'])) { + $result['saltLength'] = (int) $params['saltLength']->toString(); + } + + if (isset($key['meta'])) { + $result['meta'] = $key['meta']; + } + + return $result; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string + { + self::initialize_static_variables(); + + $key = PKCS1::savePrivateKey($n, $e, $d, $primes, $exponents, $coefficients); + $key = ASN1::extractBER($key); + $params = self::savePSSParams($options); + return self::wrapPrivateKey($key, [], $params, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param array $options optional + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []): string + { + self::initialize_static_variables(); + + $key = PKCS1::savePublicKey($n, $e); + $key = ASN1::extractBER($key); + $params = self::savePSSParams($options); + return self::wrapPublicKey($key, $params); + } + + /** + * Encodes PSS parameters + * + * @return string + */ + public static function savePSSParams(array $options) + { + /* + The trailerField field is an integer. It provides + compatibility with IEEE Std 1363a-2004 [P1363A]. The value + MUST be 1, which represents the trailer field with hexadecimal + value 0xBC. Other trailer fields, including the trailer field + composed of HashID concatenated with 0xCC that is specified in + IEEE Std 1363a, are not supported. Implementations that + perform signature generation MUST omit the trailerField field, + indicating that the default trailer field value was used. + Implementations that perform signature validation MUST + recognize both a present trailerField field with value 1 and an + absent trailerField field. + + source: https://tools.ietf.org/html/rfc4055#page-9 + */ + $params = [ + 'trailerField' => new BigInteger(1), + ]; + if (isset($options['hash'])) { + $params['hashAlgorithm']['algorithm'] = 'id-' . $options['hash']; + } + if (isset($options['MGFHash'])) { + $temp = ['algorithm' => 'id-' . $options['MGFHash']]; + $temp = ASN1::encodeDER($temp, Maps\HashAlgorithm::MAP); + $params['maskGenAlgorithm'] = [ + 'algorithm' => 'id-mgf1', + 'parameters' => new ASN1\Element($temp), + ]; + } + if (isset($options['saltLength'])) { + $params['saltLength'] = new BigInteger($options['saltLength']); + } + + return new ASN1\Element(ASN1::encodeDER($params, Maps\RSASSA_PSS_params::MAP)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PuTTY.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..fbad5ee --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/PuTTY.php @@ -0,0 +1,111 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PuTTY as Progenitor; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; + +/** + * PuTTY Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY extends Progenitor +{ + /** + * Public Handler + * + * @var string + */ + public const PUBLIC_HANDLER = 'phpseclib3\Crypt\RSA\Formats\Keys\OpenSSH'; + + /** + * Algorithm Identifier + * + * @var array + */ + protected static $types = ['ssh-rsa']; + + /** + * Break a public or private key down into its constituent components + * + * @param array|string $key + * @param string|false $password + * @return array|false + */ + public static function load($key, $password) + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + $components = parent::load($key, $password); + if (!isset($components['private'])) { + return $components; + } + extract($components); + unset($components['public'], $components['private']); + + $isPublicKey = false; + + $result = Strings::unpackSSH2('ii', $public); + if ($result === false) { + throw new UnexpectedValueException('Key appears to be malformed'); + } + [$publicExponent, $modulus] = $result; + + $result = Strings::unpackSSH2('iiii', $private); + if ($result === false) { + throw new UnexpectedValueException('Key appears to be malformed'); + } + $primes = $coefficients = []; + [$privateExponent, $primes[1], $primes[2], $coefficients[2]] = $result; + + $temp = $primes[1]->subtract($one); + $exponents = [1 => $publicExponent->modInverse($temp)]; + $temp = $primes[2]->subtract($one); + $exponents[] = $publicExponent->modInverse($temp); + + return compact('publicExponent', 'modulus', 'privateExponent', 'primes', 'coefficients', 'exponents', 'comment', 'isPublicKey'); + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string + { + if (count($primes) != 2) { + throw new InvalidArgumentException('PuTTY does not support multi-prime RSA keys'); + } + + $public = Strings::packSSH2('ii', $e, $n); + $private = Strings::packSSH2('iiii', $d, $primes[1], $primes[2], $coefficients[2]); + + return self::wrapPrivateKey($public, $private, 'ssh-rsa', $password, $options); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $n, BigInteger $e): string + { + return self::wrapPublicKey(Strings::packSSH2('ii', $e, $n), 'ssh-rsa'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/Raw.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/Raw.php new file mode 100644 index 0000000..806f9bc --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/Raw.php @@ -0,0 +1,166 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Raw RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class Raw +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key, ?string $password = null): array + { + if (!is_array($key)) { + throw new UnexpectedValueException('Key should be a array - not a ' . gettype($key)); + } + + $key = array_change_key_case($key, CASE_LOWER); + + $components = ['isPublicKey' => false]; + + foreach (['e', 'exponent', 'publicexponent', 0, 'privateexponent', 'd'] as $index) { + if (isset($key[$index])) { + $components['publicExponent'] = $key[$index]; + break; + } + } + + foreach (['n', 'modulo', 'modulus', 1] as $index) { + if (isset($key[$index])) { + $components['modulus'] = $key[$index]; + break; + } + } + + if (!isset($components['publicExponent']) || !isset($components['modulus'])) { + throw new UnexpectedValueException('Modulus / exponent not present'); + } + + if (isset($key['primes'])) { + $components['primes'] = $key['primes']; + } elseif (isset($key['p']) && isset($key['q'])) { + $indices = [ + ['p', 'q'], + ['prime1', 'prime2'], + ]; + foreach ($indices as $index) { + [$i0, $i1] = $index; + if (isset($key[$i0]) && isset($key[$i1])) { + $components['primes'] = [1 => $key[$i0], $key[$i1]]; + } + } + } + + if (isset($key['exponents'])) { + $components['exponents'] = $key['exponents']; + } else { + $indices = [ + ['dp', 'dq'], + ['exponent1', 'exponent2'], + ]; + foreach ($indices as $index) { + [$i0, $i1] = $index; + if (isset($key[$i0]) && isset($key[$i1])) { + $components['exponents'] = [1 => $key[$i0], $key[$i1]]; + } + } + } + + if (isset($key['coefficients'])) { + $components['coefficients'] = $key['coefficients']; + } else { + foreach (['inverseq', 'q\'', 'coefficient'] as $index) { + if (isset($key[$index])) { + $components['coefficients'] = [2 => $key[$index]]; + } + } + } + + if (!isset($components['primes'])) { + $components['isPublicKey'] = true; + return $components; + } + + if (!isset($components['exponents'])) { + $one = new BigInteger(1); + $temp = $components['primes'][1]->subtract($one); + $exponents = [1 => $components['publicExponent']->modInverse($temp)]; + $temp = $components['primes'][2]->subtract($one); + $exponents[] = $components['publicExponent']->modInverse($temp); + $components['exponents'] = $exponents; + } + + if (!isset($components['coefficients'])) { + $components['coefficients'] = [2 => $components['primes'][2]->modInverse($components['primes'][1])]; + } + + foreach (['privateexponent', 'd'] as $index) { + if (isset($key[$index])) { + $components['privateExponent'] = $key[$index]; + break; + } + } + + return $components; + } + + /** + * Convert a private key to the appropriate format. + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string + { + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('Raw private keys do not support encryption'); + } + + return serialize([ + 'e' => clone $e, + 'n' => clone $n, + 'd' => clone $d, + 'primes' => array_map(fn ($var) => clone $var, $primes), + 'exponents' => array_map(fn ($var) => clone $var, $exponents), + 'coefficients' => array_map(fn ($var) => clone $var, $coefficients), + ]); + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $n, BigInteger $e): array + { + return ['e' => clone $e, 'n' => clone $n]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/XML.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/XML.php new file mode 100644 index 0000000..bd0d8c7 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/Formats/Keys/XML.php @@ -0,0 +1,162 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * XML Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class XML +{ + /** + * Break a public or private key down into its constituent components + * + * @param string|array $key + */ + public static function load($key): array + { + if (!Strings::is_stringable($key)) { + throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (!class_exists('DOMDocument')) { + throw new BadConfigurationException('The dom extension is not setup correctly on this system'); + } + + $components = [ + 'isPublicKey' => false, + 'primes' => [], + 'exponents' => [], + 'coefficients' => [], + ]; + + $use_errors = libxml_use_internal_errors(true); + + $dom = new \DOMDocument(); + if (substr($key, 0, 5) != '' . $key . ''; + } + if (!$dom->loadXML($key)) { + libxml_use_internal_errors($use_errors); + throw new UnexpectedValueException('Key does not appear to contain XML'); + } + $xpath = new \DOMXPath($dom); + $keys = ['modulus', 'exponent', 'p', 'q', 'dp', 'dq', 'inverseq', 'd']; + foreach ($keys as $key) { + // $dom->getElementsByTagName($key) is case-sensitive + $temp = $xpath->query("//*[translate(local-name(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='$key']"); + if (!$temp->length) { + continue; + } + $value = new BigInteger(Strings::base64_decode($temp->item(0)->nodeValue), 256); + switch ($key) { + case 'modulus': + $components['modulus'] = $value; + break; + case 'exponent': + $components['publicExponent'] = $value; + break; + case 'p': + $components['primes'][1] = $value; + break; + case 'q': + $components['primes'][2] = $value; + break; + case 'dp': + $components['exponents'][1] = $value; + break; + case 'dq': + $components['exponents'][2] = $value; + break; + case 'inverseq': + $components['coefficients'][2] = $value; + break; + case 'd': + $components['privateExponent'] = $value; + } + } + + libxml_use_internal_errors($use_errors); + + foreach ($components as $key => $value) { + if (is_array($value) && !count($value)) { + unset($components[$key]); + } + } + + if (isset($components['modulus']) && isset($components['publicExponent'])) { + if (count($components) == 3) { + $components['isPublicKey'] = true; + } + return $components; + } + + throw new UnexpectedValueException('Modulus / exponent not present'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param string $password optional + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, string $password = ''): string + { + if (count($primes) != 2) { + throw new InvalidArgumentException('XML does not support multi-prime RSA keys'); + } + + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('XML private keys do not support encryption'); + } + + return "\r\n" . + ' ' . Strings::base64_encode($n->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($e->toBytes()) . "\r\n" . + '

' . Strings::base64_encode($primes[1]->toBytes()) . "

\r\n" . + ' ' . Strings::base64_encode($primes[2]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($exponents[1]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($exponents[2]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($coefficients[2]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($d->toBytes()) . "\r\n" . + ''; + } + + /** + * Convert a public key to the appropriate format + */ + public static function savePublicKey(BigInteger $n, BigInteger $e): string + { + return "\r\n" . + ' ' . Strings::base64_encode($n->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($e->toBytes()) . "\r\n" . + ''; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/PrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/PrivateKey.php new file mode 100644 index 0000000..08bcf45 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/PrivateKey.php @@ -0,0 +1,514 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\OutOfRangeException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Raw RSA Key Handler + * + * @author Jim Wigginton + */ +final class PrivateKey extends RSA implements Common\PrivateKey +{ + use Common\Traits\PasswordProtected; + + /** + * Primes for Chinese Remainder Theorem (ie. p and q) + * + * @var array + */ + protected $primes; + + /** + * Exponents for Chinese Remainder Theorem (ie. dP and dQ) + * + * @var array + */ + protected $exponents; + + /** + * Coefficients for Chinese Remainder Theorem (ie. qInv) + * + * @var array + */ + protected $coefficients; + + /** + * Private Exponent + * + * @var BigInteger + */ + protected $privateExponent; + + /** + * RSADP + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.2 RFC3447#section-5.1.2}. + * + * @return bool|BigInteger + */ + private function rsadp(BigInteger $c) + { + if ($c->compare(self::$zero) < 0 || $c->compare($this->modulus) > 0) { + throw new OutOfRangeException('Ciphertext representative out of range'); + } + return $this->exponentiate($c); + } + + /** + * RSASP1 + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.1 RFC3447#section-5.2.1}. + * + * @return bool|BigInteger + */ + private function rsasp1(BigInteger $m) + { + if ($m->compare(self::$zero) < 0 || $m->compare($this->modulus) > 0) { + throw new OutOfRangeException('Signature representative out of range'); + } + return $this->exponentiate($m); + } + + /** + * Exponentiate + */ + protected function exponentiate(BigInteger $x): BigInteger + { + switch (true) { + case empty($this->primes): + case $this->primes[1]->equals(self::$zero): + case empty($this->coefficients): + case $this->coefficients[2]->equals(self::$zero): + case empty($this->exponents): + case $this->exponents[1]->equals(self::$zero): + return $x->modPow($this->exponent, $this->modulus); + } + + $num_primes = count($this->primes); + + if (!static::$enableBlinding) { + $m_i = [ + 1 => $x->modPow($this->exponents[1], $this->primes[1]), + 2 => $x->modPow($this->exponents[2], $this->primes[2]), + ]; + $h = $m_i[1]->subtract($m_i[2]); + $h = $h->multiply($this->coefficients[2]); + [, $h] = $h->divide($this->primes[1]); + $m = $m_i[2]->add($h->multiply($this->primes[2])); + + $r = $this->primes[1]; + for ($i = 3; $i <= $num_primes; $i++) { + $m_i = $x->modPow($this->exponents[$i], $this->primes[$i]); + + $r = $r->multiply($this->primes[$i - 1]); + + $h = $m_i->subtract($m); + $h = $h->multiply($this->coefficients[$i]); + [, $h] = $h->divide($this->primes[$i]); + + $m = $m->add($r->multiply($h)); + } + } else { + $smallest = $this->primes[1]; + for ($i = 2; $i <= $num_primes; $i++) { + if ($smallest->compare($this->primes[$i]) > 0) { + $smallest = $this->primes[$i]; + } + } + + $r = BigInteger::randomRange(self::$one, $smallest->subtract(self::$one)); + + $m_i = [ + 1 => $this->blind($x, $r, 1), + 2 => $this->blind($x, $r, 2), + ]; + $h = $m_i[1]->subtract($m_i[2]); + $h = $h->multiply($this->coefficients[2]); + [, $h] = $h->divide($this->primes[1]); + $m = $m_i[2]->add($h->multiply($this->primes[2])); + + $r = $this->primes[1]; + for ($i = 3; $i <= $num_primes; $i++) { + $m_i = $this->blind($x, $r, $i); + + $r = $r->multiply($this->primes[$i - 1]); + + $h = $m_i->subtract($m); + $h = $h->multiply($this->coefficients[$i]); + [, $h] = $h->divide($this->primes[$i]); + + $m = $m->add($r->multiply($h)); + } + } + + return $m; + } + + /** + * Performs RSA Blinding + * + * Protects against timing attacks by employing RSA Blinding. + * Returns $x->modPow($this->exponents[$i], $this->primes[$i]) + */ + private function blind(BigInteger $x, BigInteger $r, int $i): BigInteger + { + $x = $x->multiply($r->modPow($this->publicExponent, $this->primes[$i])); + $x = $x->modPow($this->exponents[$i], $this->primes[$i]); + + $r = $r->modInverse($this->primes[$i]); + $x = $x->multiply($r); + [, $x] = $x->divide($this->primes[$i]); + + return $x; + } + + /** + * EMSA-PSS-ENCODE + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.1 RFC3447#section-9.1.1}. + * + * @throws RuntimeException on encoding error + */ + private function emsa_pss_encode(string $m, int $emBits): string + { + // if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + $emLen = ($emBits + 1) >> 3; // ie. ceil($emBits / 8) + $sLen = $this->sLen !== null ? $this->sLen : $this->hLen; + + $mHash = $this->hash->hash($m); + if ($emLen < $this->hLen + $sLen + 2) { + throw new LengthException('RSA modulus too short'); + } + + $salt = Random::string($sLen); + $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; + $h = $this->hash->hash($m2); + $ps = str_repeat(chr(0), $emLen - $sLen - $this->hLen - 2); + $db = $ps . chr(1) . $salt; + $dbMask = $this->mgf1($h, $emLen - $this->hLen - 1); // ie. stlren($db) + $maskedDB = $db ^ $dbMask; + $maskedDB[0] = ~chr(0xFF << ($emBits & 7)) & $maskedDB[0]; + $em = $maskedDB . $h . chr(0xBC); + + return $em; + } + + /** + * RSASSA-PSS-SIGN + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.1 RFC3447#section-8.1.1}. + * + * @return bool|string + */ + private function rsassa_pss_sign(string $m) + { + // EMSA-PSS encoding + + $em = $this->emsa_pss_encode($m, 8 * $this->k - 1); + + // RSA signature + + $m = $this->os2ip($em); + $s = $this->rsasp1($m); + $s = $this->i2osp($s, $this->k); + + // Output the signature S + + return $s; + } + + /** + * RSASSA-PKCS1-V1_5-SIGN + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.1 RFC3447#section-8.2.1}. + * + * @return bool|string + * @throws LengthException if the RSA modulus is too short + */ + private function rsassa_pkcs1_v1_5_sign(string $m) + { + // EMSA-PKCS1-v1_5 encoding + + // If the encoding operation outputs "intended encoded message length too short," output "RSA modulus + // too short" and stop. + try { + $em = $this->emsa_pkcs1_v1_5_encode($m, $this->k); + } catch (\LengthException $e) { + throw new LengthException('RSA modulus too short'); + } + + // RSA signature + + $m = $this->os2ip($em); + $s = $this->rsasp1($m); + $s = $this->i2osp($s, $this->k); + + // Output the signature S + + return $s; + } + + /** + * Create a signature + * + * @see self::verify() + * @param string $message + * @return string + */ + public function sign($message) + { + switch ($this->signaturePadding) { + case self::SIGNATURE_PKCS1: + case self::SIGNATURE_RELAXED_PKCS1: + return $this->rsassa_pkcs1_v1_5_sign($message); + //case self::SIGNATURE_PSS: + default: + return $this->rsassa_pss_sign($message); + } + } + + /** + * RSAES-PKCS1-V1_5-DECRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}. + * + * @return bool|string + */ + private function rsaes_pkcs1_v1_5_decrypt(string $c) + { + // Length checking + + if (strlen($c) != $this->k) { // or if k < 11 + throw new LengthException('Ciphertext representative too long'); + } + + // RSA decryption + + $c = $this->os2ip($c); + $m = $this->rsadp($c); + $em = $this->i2osp($m, $this->k); + + // EME-PKCS1-v1_5 decoding + + if (ord($em[0]) != 0 || ord($em[1]) > 2) { + throw new RuntimeException('Decryption error'); + } + + $ps = substr($em, 2, strpos($em, chr(0), 2) - 2); + $m = substr($em, strlen($ps) + 3); + + if (strlen($ps) < 8) { + throw new RuntimeException('Decryption error'); + } + + // Output M + + return $m; + } + + /** + * RSAES-OAEP-DECRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error + * messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2: + * + * Note. Care must be taken to ensure that an opponent cannot + * distinguish the different error conditions in Step 3.g, whether by + * error message or timing, or, more generally, learn partial + * information about the encoded message EM. Otherwise an opponent may + * be able to obtain useful information about the decryption of the + * ciphertext C, leading to a chosen-ciphertext attack such as the one + * observed by Manger [36]. + * + * @return bool|string + */ + private function rsaes_oaep_decrypt(string $c) + { + // Length checking + + // if $l is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + if (strlen($c) != $this->k || $this->k < 2 * $this->hLen + 2) { + throw new LengthException('Ciphertext representative too long'); + } + + // RSA decryption + + $c = $this->os2ip($c); + $m = $this->rsadp($c); + $em = $this->i2osp($m, $this->k); + + // EME-OAEP decoding + + $lHash = $this->hash->hash($this->label); + $y = ord($em[0]); + $maskedSeed = substr($em, 1, $this->hLen); + $maskedDB = substr($em, $this->hLen + 1); + $seedMask = $this->mgf1($maskedDB, $this->hLen); + $seed = $maskedSeed ^ $seedMask; + $dbMask = $this->mgf1($seed, $this->k - $this->hLen - 1); + $db = $maskedDB ^ $dbMask; + $lHash2 = substr($db, 0, $this->hLen); + $m = substr($db, $this->hLen); + $hashesMatch = hash_equals($lHash, $lHash2); + $leadingZeros = 1; + $patternMatch = 0; + $offset = 0; + for ($i = 0; $i < strlen($m); $i++) { + $patternMatch |= $leadingZeros & ($m[$i] === "\1"); + $leadingZeros &= $m[$i] === "\0"; + $offset += $patternMatch ? 0 : 1; + } + + // we do | instead of || to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation + // to protect against timing attacks + if (!$hashesMatch | !$patternMatch) { + throw new RuntimeException('Decryption error'); + } + + // Output the message M + + return substr($m, $offset + 1); + } + + /** + * Raw Encryption / Decryption + * + * Doesn't use padding and is not recommended. + * + * @return bool|string + * @throws LengthException if strlen($m) > $this->k + */ + private function raw_encrypt(string $m) + { + if (strlen($m) > $this->k) { + throw new LengthException('Ciphertext representative too long'); + } + + $temp = $this->os2ip($m); + $temp = $this->rsadp($temp); + return $this->i2osp($temp, $this->k); + } + + /** + * Decryption + * + * @return bool|string + * @see self::encrypt() + */ + public function decrypt(string $ciphertext) + { + switch ($this->encryptionPadding) { + case self::ENCRYPTION_NONE: + return $this->raw_encrypt($ciphertext); + case self::ENCRYPTION_PKCS1: + return $this->rsaes_pkcs1_v1_5_decrypt($ciphertext); + //case self::ENCRYPTION_OAEP: + default: + return $this->rsaes_oaep_decrypt($ciphertext); + } + } + + /** + * Returns the public key + */ + public function getPublicKey(): RSA + { + $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey'); + if (empty($this->modulus) || empty($this->publicExponent)) { + throw new RuntimeException('Public key components not found'); + } + + $key = $type::savePublicKey($this->modulus, $this->publicExponent); + return RSA::loadFormat('PKCS8', $key) + ->withHash($this->hash->getHash()) + ->withMGFHash($this->mgfHash->getHash()) + ->withSaltLength($this->sLen) + ->withLabel($this->label) + ->withPadding($this->signaturePadding | $this->encryptionPadding); + } + + /** + * Returns the private key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin( + 'Keys', + $type, + empty($this->primes) ? 'savePublicKey' : 'savePrivateKey' + ); + + if ($type == PSS::class) { + if ($this->signaturePadding == self::SIGNATURE_PSS) { + $options += [ + 'hash' => $this->hash->getHash(), + 'MGFHash' => $this->mgfHash->getHash(), + 'saltLength' => $this->getSaltLength(), + ]; + } else { + throw new UnsupportedFormatException('The PSS format can only be used when the signature method has been explicitly set to PSS'); + } + } + + if (empty($this->primes)) { + return $type::savePublicKey($this->modulus, $this->exponent, $options); + } + + return $type::savePrivateKey($this->modulus, $this->publicExponent, $this->exponent, $this->primes, $this->exponents, $this->coefficients, $this->password, $options); + + /* + $key = $type::savePrivateKey($this->modulus, $this->publicExponent, $this->exponent, $this->primes, $this->exponents, $this->coefficients, $this->password, $options); + if ($key !== false || count($this->primes) == 2) { + return $key; + } + + $nSize = $this->getSize() >> 1; + + $primes = [1 => clone self::$one, clone self::$one]; + $i = 1; + foreach ($this->primes as $prime) { + $primes[$i] = $primes[$i]->multiply($prime); + if ($primes[$i]->getLength() >= $nSize) { + $i++; + } + } + + $exponents = []; + $coefficients = [2 => $primes[2]->modInverse($primes[1])]; + + foreach ($primes as $i => $prime) { + $temp = $prime->subtract(self::$one); + $exponents[$i] = $this->modulus->modInverse($temp); + } + + return $type::savePrivateKey($this->modulus, $this->publicExponent, $this->exponent, $primes, $exponents, $coefficients, $this->password, $options); + */ + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/PublicKey.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/PublicKey.php new file mode 100644 index 0000000..ef9e124 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/RSA/PublicKey.php @@ -0,0 +1,491 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt\RSA; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\OutOfRangeException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps\DigestInfo; +use phpseclib3\Math\BigInteger; + +/** + * Raw RSA Key Handler + * + * @author Jim Wigginton + */ +final class PublicKey extends RSA implements Common\PublicKey +{ + use Common\Traits\Fingerprint; + + /** + * Exponentiate + */ + private function exponentiate(BigInteger $x): BigInteger + { + return $x->modPow($this->exponent, $this->modulus); + } + + /** + * RSAVP1 + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}. + * + * @return bool|BigInteger + */ + private function rsavp1(BigInteger $s) + { + if ($s->compare(self::$zero) < 0 || $s->compare($this->modulus) > 0) { + return false; + } + return $this->exponentiate($s); + } + + /** + * RSASSA-PKCS1-V1_5-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.2 RFC3447#section-8.2.2}. + * + * @throws LengthException if the RSA modulus is too short + */ + private function rsassa_pkcs1_v1_5_verify(string $m, string $s): bool + { + // Length checking + + if (strlen($s) != $this->k) { + return false; + } + + // RSA verification + + $s = $this->os2ip($s); + $m2 = $this->rsavp1($s); + if ($m2 === false) { + return false; + } + $em = $this->i2osp($m2, $this->k); + if ($em === false) { + return false; + } + + // EMSA-PKCS1-v1_5 encoding + + $exception = false; + + // If the encoding operation outputs "intended encoded message length too short," output "RSA modulus + // too short" and stop. + try { + $em2 = $this->emsa_pkcs1_v1_5_encode($m, $this->k); + $r1 = hash_equals($em, $em2); + } catch (\LengthException $e) { + $exception = true; + } + + try { + $em3 = $this->emsa_pkcs1_v1_5_encode_without_null($m, $this->k); + $r2 = hash_equals($em, $em3); + } catch (\LengthException $e) { + $exception = true; + } catch (UnsupportedAlgorithmException $e) { + $r2 = false; + } + + if ($exception) { + throw new LengthException('RSA modulus too short'); + } + + // Compare + return $r1 || $r2; + } + + /** + * RSASSA-PKCS1-V1_5-VERIFY (relaxed matching) + * + * Per {@link http://tools.ietf.org/html/rfc3447#page-43 RFC3447#page-43} PKCS1 v1.5 + * specified the use BER encoding rather than DER encoding that PKCS1 v2.0 specified. + * This means that under rare conditions you can have a perfectly valid v1.5 signature + * that fails to validate with _rsassa_pkcs1_v1_5_verify(). PKCS1 v2.1 also recommends + * that if you're going to validate these types of signatures you "should indicate + * whether the underlying BER encoding is a DER encoding and hence whether the signature + * is valid with respect to the specification given in [PKCS1 v2.0+]". so if you do + * $rsa->getLastPadding() and get RSA::PADDING_RELAXED_PKCS1 back instead of + * RSA::PADDING_PKCS1... that means BER encoding was used. + */ + private function rsassa_pkcs1_v1_5_relaxed_verify(string $m, string $s): bool + { + // Length checking + + if (strlen($s) != $this->k) { + return false; + } + + // RSA verification + + $s = $this->os2ip($s); + $m2 = $this->rsavp1($s); + if ($m2 === false) { + return false; + } + $em = $this->i2osp($m2, $this->k); + if ($em === false) { + return false; + } + + if (Strings::shift($em, 2) != "\0\1") { + return false; + } + + $em = ltrim($em, "\xFF"); + if (Strings::shift($em) != "\0") { + return false; + } + + $decoded = ASN1::decodeBER($em); + if (!is_array($decoded) || empty($decoded[0]) || strlen($em) > $decoded[0]['length']) { + return false; + } + + static $oids; + if (!isset($oids)) { + $oids = [ + 'md2' => '1.2.840.113549.2.2', + 'md4' => '1.2.840.113549.2.4', // from PKCS1 v1.5 + 'md5' => '1.2.840.113549.2.5', + 'id-sha1' => '1.3.14.3.2.26', + 'id-sha256' => '2.16.840.1.101.3.4.2.1', + 'id-sha384' => '2.16.840.1.101.3.4.2.2', + 'id-sha512' => '2.16.840.1.101.3.4.2.3', + // from PKCS1 v2.2 + 'id-sha224' => '2.16.840.1.101.3.4.2.4', + 'id-sha512/224' => '2.16.840.1.101.3.4.2.5', + 'id-sha512/256' => '2.16.840.1.101.3.4.2.6', + ]; + ASN1::loadOIDs($oids); + } + + $decoded = ASN1::asn1map($decoded[0], DigestInfo::MAP); + if (!isset($decoded) || $decoded === false) { + return false; + } + + if (!isset($oids[$decoded['digestAlgorithm']['algorithm']])) { + return false; + } + + if (isset($decoded['digestAlgorithm']['parameters']) && $decoded['digestAlgorithm']['parameters'] !== ['null' => '']) { + return false; + } + + $hash = $decoded['digestAlgorithm']['algorithm']; + $hash = substr($hash, 0, 3) == 'id-' ? + substr($hash, 3) : + $hash; + $hash = new Hash($hash); + $em = $hash->hash($m); + $em2 = $decoded['digest']; + + return hash_equals($em, $em2); + } + + /** + * EMSA-PSS-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.2 RFC3447#section-9.1.2}. + * + * @return string + */ + private function emsa_pss_verify(string $m, string $em, int $emBits) + { + // if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + $emLen = ($emBits + 7) >> 3; // ie. ceil($emBits / 8); + $sLen = $this->sLen !== null ? $this->sLen : $this->hLen; + + $mHash = $this->hash->hash($m); + if ($emLen < $this->hLen + $sLen + 2) { + return false; + } + + if ($em[-1] != chr(0xBC)) { + return false; + } + + $maskedDB = substr($em, 0, -$this->hLen - 1); + $h = substr($em, -$this->hLen - 1, $this->hLen); + $temp = chr(0xFF << ($emBits & 7)); + if ((~$maskedDB[0] & $temp) != $temp) { + return false; + } + $dbMask = $this->mgf1($h, $emLen - $this->hLen - 1); + $db = $maskedDB ^ $dbMask; + $db[0] = ~chr(0xFF << ($emBits & 7)) & $db[0]; + $temp = $emLen - $this->hLen - $sLen - 2; + if (substr($db, 0, $temp) != str_repeat(chr(0), $temp) || ord($db[$temp]) != 1) { + return false; + } + $salt = substr($db, $temp + 1); // should be $sLen long + $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; + $h2 = $this->hash->hash($m2); + return hash_equals($h, $h2); + } + + /** + * RSASSA-PSS-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.2 RFC3447#section-8.1.2}. + * + * @return bool|string + */ + private function rsassa_pss_verify(string $m, string $s) + { + // Length checking + + if (strlen($s) != $this->k) { + return false; + } + + // RSA verification + + $modBits = strlen($this->modulus->toBits()); + + $s2 = $this->os2ip($s); + $m2 = $this->rsavp1($s2); + $em = $this->i2osp($m2, $this->k); + if ($em === false) { + return false; + } + + // EMSA-PSS verification + + return $this->emsa_pss_verify($m, $em, $modBits - 1); + } + + /** + * Verifies a signature + * + * @see self::sign() + * @param string $message + * @param string $signature + * @return bool + */ + public function verify($message, $signature) + { + switch ($this->signaturePadding) { + case self::SIGNATURE_RELAXED_PKCS1: + return $this->rsassa_pkcs1_v1_5_relaxed_verify($message, $signature); + case self::SIGNATURE_PKCS1: + return $this->rsassa_pkcs1_v1_5_verify($message, $signature); + //case self::SIGNATURE_PSS: + default: + return $this->rsassa_pss_verify($message, $signature); + } + } + + /** + * RSAES-PKCS1-V1_5-ENCRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.1 RFC3447#section-7.2.1}. + * + * @param bool $pkcs15_compat optional + * @return bool|string + * @throws LengthException if strlen($m) > $this->k - 11 + */ + private function rsaes_pkcs1_v1_5_encrypt(string $m, bool $pkcs15_compat = false) + { + $mLen = strlen($m); + + // Length checking + + if ($mLen > $this->k - 11) { + throw new LengthException('Message too long'); + } + + // EME-PKCS1-v1_5 encoding + + $psLen = $this->k - $mLen - 3; + $ps = ''; + while (strlen($ps) != $psLen) { + $temp = Random::string($psLen - strlen($ps)); + $temp = str_replace("\x00", '', $temp); + $ps .= $temp; + } + $type = 2; + $em = chr(0) . chr($type) . $ps . chr(0) . $m; + + // RSA encryption + $m = $this->os2ip($em); + $c = $this->rsaep($m); + $c = $this->i2osp($c, $this->k); + + // Output the ciphertext C + + return $c; + } + + /** + * RSAES-OAEP-ENCRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.1 RFC3447#section-7.1.1} and + * {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}. + * + * @throws LengthException if strlen($m) > $this->k - 2 * $this->hLen - 2 + */ + private function rsaes_oaep_encrypt(string $m): string + { + $mLen = strlen($m); + + // Length checking + + // if $l is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + if ($mLen > $this->k - 2 * $this->hLen - 2) { + throw new LengthException('Message too long'); + } + + // EME-OAEP encoding + + $lHash = $this->hash->hash($this->label); + $ps = str_repeat(chr(0), $this->k - $mLen - 2 * $this->hLen - 2); + $db = $lHash . $ps . chr(1) . $m; + $seed = Random::string($this->hLen); + $dbMask = $this->mgf1($seed, $this->k - $this->hLen - 1); + $maskedDB = $db ^ $dbMask; + $seedMask = $this->mgf1($maskedDB, $this->hLen); + $maskedSeed = $seed ^ $seedMask; + $em = chr(0) . $maskedSeed . $maskedDB; + + // RSA encryption + + $m = $this->os2ip($em); + $c = $this->rsaep($m); + $c = $this->i2osp($c, $this->k); + + // Output the ciphertext C + + return $c; + } + + /** + * RSAEP + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.1}. + * + * @return bool|BigInteger + */ + private function rsaep(BigInteger $m) + { + if ($m->compare(self::$zero) < 0 || $m->compare($this->modulus) > 0) { + throw new OutOfRangeException('Message representative out of range'); + } + return $this->exponentiate($m); + } + + /** + * Raw Encryption / Decryption + * + * Doesn't use padding and is not recommended. + * + * @return bool|string + * @throws LengthException if strlen($m) > $this->k + */ + private function raw_encrypt(string $m) + { + if (strlen($m) > $this->k) { + throw new LengthException('Message too long'); + } + + $temp = $this->os2ip($m); + $temp = $this->rsaep($temp); + return $this->i2osp($temp, $this->k); + } + + /** + * Encryption + * + * Both self::PADDING_OAEP and self::PADDING_PKCS1 both place limits on how long $plaintext can be. + * If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will + * be concatenated together. + * + * @return bool|string + * @throws LengthException if the RSA modulus is too short + * @see self::decrypt() + */ + public function encrypt(string $plaintext) + { + switch ($this->encryptionPadding) { + case self::ENCRYPTION_NONE: + return $this->raw_encrypt($plaintext); + case self::ENCRYPTION_PKCS1: + return $this->rsaes_pkcs1_v1_5_encrypt($plaintext); + //case self::ENCRYPTION_OAEP: + default: + return $this->rsaes_oaep_encrypt($plaintext); + } + } + + /** + * Returns the public key + * + * The public key is only returned under two circumstances - if the private key had the public key embedded within it + * or if the public key was set via setPublicKey(). If the currently loaded key is supposed to be the public key this + * function won't return it since this library, for the most part, doesn't distinguish between public and private keys. + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + if ($type == PSS::class) { + if ($this->signaturePadding == self::SIGNATURE_PSS) { + $options += [ + 'hash' => $this->hash->getHash(), + 'MGFHash' => $this->mgfHash->getHash(), + 'saltLength' => $this->getSaltLength(), + ]; + } else { + throw new UnsupportedFormatException('The PSS format can only be used when the signature method has been explicitly set to PSS'); + } + } + + return $type::savePublicKey($this->modulus, $this->publicExponent, $options); + } + + /** + * Converts a public key to a private key + */ + public function asPrivateKey(): RSA + { + $new = new PrivateKey(); + $new->exponent = $this->exponent; + $new->modulus = $this->modulus; + $new->k = $this->k; + $new->format = $this->format; + return $new + ->withHash($this->hash->getHash()) + ->withMGFHash($this->mgfHash->getHash()) + ->withSaltLength($this->sLen) + ->withLabel($this->label) + ->withPadding($this->signaturePadding | $this->encryptionPadding); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Random.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Random.php new file mode 100644 index 0000000..56852e7 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Random.php @@ -0,0 +1,222 @@ + + * + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Exception\RuntimeException; + +/** + * Pure-PHP Random Number Generator + * + * @author Jim Wigginton + */ +abstract class Random +{ + /** + * Generate a random string. + * + * Although microoptimizations are generally discouraged as they impair readability this function is ripe with + * microoptimizations because this function has the potential of being called a huge number of times. + * eg. for RSA key generation. + * + * @throws RuntimeException if a symmetric cipher is needed but not loaded + */ + public static function string(int $length): string + { + if (!$length) { + return ''; + } + + try { + return random_bytes($length); + } catch (\Exception $e) { + // random_compat will throw an Exception, which in PHP 5 does not implement Throwable + } catch (\Throwable $e) { + // If a sufficient source of randomness is unavailable, random_bytes() will throw an + // object that implements the Throwable interface (Exception, TypeError, Error). + // We don't actually need to do anything here. The string() method should just continue + // as normal. Note, however, that if we don't have a sufficient source of randomness for + // random_bytes(), most of the other calls here will fail too, so we'll end up using + // the PHP implementation. + } + // at this point we have no choice but to use a pure-PHP CSPRNG + + // cascade entropy across multiple PHP instances by fixing the session and collecting all + // environmental variables, including the previous session data and the current session + // data. + // + // mt_rand seeds itself by looking at the PID and the time, both of which are (relatively) + // easy to guess at. linux uses mouse clicks, keyboard timings, etc, as entropy sources, but + // PHP isn't low level to be able to use those as sources and on a web server there's not likely + // going to be a ton of keyboard or mouse action. web servers do have one thing that we can use + // however, a ton of people visiting the website. obviously you don't want to base your seeding + // solely on parameters a potential attacker sends but (1) not everything in $_SERVER is controlled + // by the user and (2) this isn't just looking at the data sent by the current user - it's based + // on the data sent by all users. one user requests the page and a hash of their info is saved. + // another user visits the page and the serialization of their data is utilized along with the + // server environment stuff and a hash of the previous http request data (which itself utilizes + // a hash of the session data before that). certainly an attacker should be assumed to have + // full control over his own http requests. he, however, is not going to have control over + // everyone's http requests. + static $crypto = false, $v; + if ($crypto === false) { + // save old session data + $old_session_id = session_id(); + $old_use_cookies = ini_get('session.use_cookies'); + $old_session_cache_limiter = session_cache_limiter(); + $_OLD_SESSION = $_SESSION ?? false; + if ($old_session_id != '') { + session_write_close(); + } + + session_id(1); + ini_set('session.use_cookies', 0); + session_cache_limiter(''); + session_start(); + + $v = (isset($_SERVER) ? self::safe_serialize($_SERVER) : '') . + (isset($_POST) ? self::safe_serialize($_POST) : '') . + (isset($_GET) ? self::safe_serialize($_GET) : '') . + (isset($_COOKIE) ? self::safe_serialize($_COOKIE) : '') . + // as of PHP 8.1 $GLOBALS can't be accessed by reference, which eliminates + // the need for phpseclib_safe_serialize. see https://wiki.php.net/rfc/restrict_globals_usage + // for more info + serialize($GLOBALS) . + self::safe_serialize($_SESSION) . + self::safe_serialize($_OLD_SESSION); + $v = $seed = $_SESSION['seed'] = sha1($v, true); + if (!isset($_SESSION['count'])) { + $_SESSION['count'] = 0; + } + $_SESSION['count']++; + + session_write_close(); + + // restore old session data + if ($old_session_id != '') { + session_id($old_session_id); + session_start(); + ini_set('session.use_cookies', $old_use_cookies); + session_cache_limiter($old_session_cache_limiter); + } else { + if ($_OLD_SESSION !== false) { + $_SESSION = $_OLD_SESSION; + unset($_OLD_SESSION); + } else { + unset($_SESSION); + } + } + + // in SSH2 a shared secret and an exchange hash are generated through the key exchange process. + // the IV client to server is the hash of that "nonce" with the letter A and for the encryption key it's the letter C. + // if the hash doesn't produce enough a key or an IV that's long enough concat successive hashes of the + // original hash and the current hash. we'll be emulating that. for more info see the following URL: + // + // http://tools.ietf.org/html/rfc4253#section-7.2 + // + // see the is_string($crypto) part for an example of how to expand the keys + $key = sha1($seed . 'A', true); + $iv = sha1($seed . 'C', true); + + // ciphers are used as per the nist.gov link below. also, see this link: + // + // http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Designs_based_on_cryptographic_primitives + switch (true) { + case class_exists('\phpseclib3\Crypt\AES'): + $crypto = new AES('ctr'); + break; + case class_exists('\phpseclib3\Crypt\Twofish'): + $crypto = new Twofish('ctr'); + break; + case class_exists('\phpseclib3\Crypt\Blowfish'): + $crypto = new Blowfish('ctr'); + break; + case class_exists('\phpseclib3\Crypt\TripleDES'): + $crypto = new TripleDES('ctr'); + break; + case class_exists('\phpseclib3\Crypt\DES'): + $crypto = new DES('ctr'); + break; + case class_exists('\phpseclib3\Crypt\RC4'): + $crypto = new RC4(); + break; + default: + throw new RuntimeException(__CLASS__ . ' requires at least one symmetric cipher be loaded'); + } + + $crypto->setKey(substr($key, 0, $crypto->getKeyLength() >> 3)); + $crypto->setIV(substr($iv, 0, $crypto->getBlockLength() >> 3)); + $crypto->enableContinuousBuffer(); + } + + //return $crypto->encrypt(str_repeat("\0", $length)); + + // the following is based off of ANSI X9.31: + // + // http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf + // + // OpenSSL uses that same standard for it's random numbers: + // + // http://www.opensource.apple.com/source/OpenSSL/OpenSSL-38/openssl/fips-1.0/rand/fips_rand.c + // (do a search for "ANS X9.31 A.2.4") + $result = ''; + while (strlen($result) < $length) { + $i = $crypto->encrypt(microtime()); // strlen(microtime()) == 21 + $r = $crypto->encrypt($i ^ $v); // strlen($v) == 20 + $v = $crypto->encrypt($r ^ $i); // strlen($r) == 20 + $result .= $r; + } + + return substr($result, 0, $length); + } + + /** + * Safely serialize variables + * + * If a class has a private __sleep() it'll emit a warning + */ + private static function safe_serialize(&$arr): string + { + if (is_object($arr)) { + return ''; + } + if (!is_array($arr)) { + return serialize($arr); + } + // prevent circular array recursion + if (isset($arr['__phpseclib_marker'])) { + return ''; + } + $safearr = []; + $arr['__phpseclib_marker'] = true; + foreach (array_keys($arr) as $key) { + // do not recurse on the '__phpseclib_marker' key itself, for smaller memory usage + if ($key !== '__phpseclib_marker') { + $safearr[$key] = self::safe_serialize($arr[$key]); + } + } + unset($arr['__phpseclib_marker']); + return serialize($safearr); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Rijndael.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Rijndael.php new file mode 100644 index 0000000..ef49dce --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Rijndael.php @@ -0,0 +1,997 @@ + + * setKey('abcdefghijklmnop'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $rijndael->decrypt($rijndael->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2008 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\InconsistentSetupException; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of Rijndael. + * + * @author Jim Wigginton + */ +class Rijndael extends BlockCipher +{ + /** + * The Key Schedule + * + * @see self::setup() + * @var array + */ + private $w; + + /** + * The Inverse Key Schedule + * + * @see self::setup() + * @var array + */ + private $dw; + + /** + * The Block Length divided by 32 + * + * {@internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4. Exists in conjunction with $block_size + * because the encryption / decryption / key schedule creation requires this number and not $block_size. We could + * derive this from $block_size or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once.} + * + * @see self::setBlockLength() + * @var int + */ + private $Nb = 4; + + /** + * The Key Length (in bytes) + * + * {@internal The max value is 256 / 8 = 32, the min value is 128 / 8 = 16. Exists in conjunction with $Nk + * because the encryption / decryption / key schedule creation requires this number and not $key_length. We could + * derive this from $key_length or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once.} + * + * @see self::setKeyLength() + * @var int + */ + protected $key_length = 16; + + /** + * The Key Length divided by 32 + * + * @see self::setKeyLength() + * @var int + * @internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4 + */ + private $Nk = 4; + + /** + * The Number of Rounds + * + * {@internal The max value is 14, the min value is 10.} + * + * @var int + */ + private $Nr; + + /** + * Shift offsets + * + * @var array + */ + private $c; + + /** + * Holds the last used key- and block_size information + * + * @var array + */ + private $kl; + + /** + * Default Constructor. + * + * @throws InvalidArgumentException if an invalid / unsupported mode is provided + */ + public function __construct(string $mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Sets the key length. + * + * Valid key lengths are 128, 160, 192, 224, and 256. + * + * Note: phpseclib extends Rijndael (and AES) for using 160- and 224-bit keys but they are officially not defined + * and the most (if not all) implementations are not able using 160/224-bit keys but round/pad them up to + * 192/256 bits as. + * + * That said, if you want be compatible with other Rijndael and AES implementations, + * you should not setKeyLength(160) or setKeyLength(224). + * + * @throws LengthException if the key length is invalid + */ + public function setKeyLength(int $length): void + { + switch ($length) { + case 128: + case 160: + case 192: + case 224: + case 256: + $this->key_length = $length >> 3; + break; + default: + throw new LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes 128, 160, 192, 224 or 256 bits are supported'); + } + + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Rijndael supports five different key lengths + * + * @throws LengthException if the key length isn't supported + * @see setKeyLength() + */ + public function setKey(string $key): void + { + switch (strlen($key)) { + case 16: + case 20: + case 24: + case 28: + case 32: + break; + default: + throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 20, 24, 28 or 32 are supported'); + } + + parent::setKey($key); + } + + /** + * Sets the block length + * + * Valid block lengths are 128, 160, 192, 224, and 256. + */ + public function setBlockLength(int $length): void + { + switch ($length) { + case 128: + case 160: + case 192: + case 224: + case 256: + break; + default: + throw new LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes 128, 160, 192, 224 or 256 bits are supported'); + } + + $this->Nb = $length >> 5; + $this->block_size = $length >> 3; + $this->changed = $this->nonIVChanged = true; + $this->setEngine(); + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + protected function isValidEngineHelper(int $engine): bool + { + switch ($engine) { + case self::ENGINE_LIBSODIUM: + return function_exists('sodium_crypto_aead_aes256gcm_is_available') && + sodium_crypto_aead_aes256gcm_is_available() && + $this->mode == self::MODE_GCM && + $this->key_length == 32 && + $this->nonce && strlen($this->nonce) == 12 && + $this->block_size == 16; + case self::ENGINE_OPENSSL_GCM: + if (!extension_loaded('openssl')) { + return false; + } + $methods = openssl_get_cipher_methods(); + return $this->mode == self::MODE_GCM && + version_compare(PHP_VERSION, '7.1.0', '>=') && + in_array('aes-' . $this->getKeyLength() . '-gcm', $methods) && + $this->block_size == 16; + case self::ENGINE_OPENSSL: + if ($this->block_size != 16) { + return false; + } + $this->cipher_name_openssl_ecb = 'aes-' . ($this->key_length << 3) . '-ecb'; + $this->cipher_name_openssl = 'aes-' . ($this->key_length << 3) . '-' . $this->openssl_translate_mode(); + break; + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Encrypts a block + */ + protected function encryptBlock(string $in): string + { + static $tables; + if (empty($tables)) { + $tables = &$this->getTables(); + } + $t0 = $tables[0]; + $t1 = $tables[1]; + $t2 = $tables[2]; + $t3 = $tables[3]; + $sbox = $tables[4]; + + $state = []; + $words = unpack('N*', $in); + + $c = $this->c; + $w = $this->w; + $Nb = $this->Nb; + $Nr = $this->Nr; + + // addRoundKey + $wc = $Nb - 1; + foreach ($words as $word) { + $state[] = $word ^ $w[++$wc]; + } + + // fips-197.pdf#page=19, "Figure 5. Pseudo Code for the Cipher", states that this loop has four components - + // subBytes, shiftRows, mixColumns, and addRoundKey. fips-197.pdf#page=30, "Implementation Suggestions Regarding + // Various Platforms" suggests that performs enhanced implementations are described in Rijndael-ammended.pdf. + // Rijndael-ammended.pdf#page=20, "Implementation aspects / 32-bit processor", discusses such an optimization. + // Unfortunately, the description given there is not quite correct. Per aes.spec.v316.pdf#page=19 [1], + // equation (7.4.7) is supposed to use addition instead of subtraction, so we'll do that here, as well. + + // [1] http://fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.v316.pdf + $temp = []; + for ($round = 1; $round < $Nr; ++$round) { + $i = 0; // $c[0] == 0 + $j = $c[1]; + $k = $c[2]; + $l = $c[3]; + + while ($i < $Nb) { + $temp[$i] = $t0[$state[$i] >> 24 & 0x000000FF] ^ + $t1[$state[$j] >> 16 & 0x000000FF] ^ + $t2[$state[$k] >> 8 & 0x000000FF] ^ + $t3[$state[$l] & 0x000000FF] ^ + $w[++$wc]; + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + $state = $temp; + } + + // subWord + for ($i = 0; $i < $Nb; ++$i) { + $state[$i] = $sbox[$state[$i] & 0x000000FF] | + ($sbox[$state[$i] >> 8 & 0x000000FF] << 8) | + ($sbox[$state[$i] >> 16 & 0x000000FF] << 16) | + ($sbox[$state[$i] >> 24 & 0x000000FF] << 24); + } + + // shiftRows + addRoundKey + $i = 0; // $c[0] == 0 + $j = $c[1]; + $k = $c[2]; + $l = $c[3]; + while ($i < $Nb) { + $temp[$i] = ($state[$i] & intval(0xFF000000)) ^ + ($state[$j] & 0x00FF0000) ^ + ($state[$k] & 0x0000FF00) ^ + ($state[$l] & 0x000000FF) ^ + $w[$i]; + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + + return pack('N*', ...$temp); + } + + /** + * Decrypts a block + */ + protected function decryptBlock(string $in): string + { + static $invtables; + if (empty($invtables)) { + $invtables = &$this->getInvTables(); + } + $dt0 = $invtables[0]; + $dt1 = $invtables[1]; + $dt2 = $invtables[2]; + $dt3 = $invtables[3]; + $isbox = $invtables[4]; + + $state = []; + $words = unpack('N*', $in); + + $c = $this->c; + $dw = $this->dw; + $Nb = $this->Nb; + $Nr = $this->Nr; + + // addRoundKey + $wc = $Nb - 1; + foreach ($words as $word) { + $state[] = $word ^ $dw[++$wc]; + } + + $temp = []; + for ($round = $Nr - 1; $round > 0; --$round) { + $i = 0; // $c[0] == 0 + $j = $Nb - $c[1]; + $k = $Nb - $c[2]; + $l = $Nb - $c[3]; + + while ($i < $Nb) { + $temp[$i] = $dt0[$state[$i] >> 24 & 0x000000FF] ^ + $dt1[$state[$j] >> 16 & 0x000000FF] ^ + $dt2[$state[$k] >> 8 & 0x000000FF] ^ + $dt3[$state[$l] & 0x000000FF] ^ + $dw[++$wc]; + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + $state = $temp; + } + + // invShiftRows + invSubWord + addRoundKey + $i = 0; // $c[0] == 0 + $j = $Nb - $c[1]; + $k = $Nb - $c[2]; + $l = $Nb - $c[3]; + + while ($i < $Nb) { + $word = ($state[$i] & intval(0xFF000000)) | + ($state[$j] & 0x00FF0000) | + ($state[$k] & 0x0000FF00) | + ($state[$l] & 0x000000FF); + + $temp[$i] = $dw[$i] ^ ($isbox[$word & 0x000000FF] | + ($isbox[$word >> 8 & 0x000000FF] << 8) | + ($isbox[$word >> 16 & 0x000000FF] << 16) | + ($isbox[$word >> 24 & 0x000000FF] << 24)); + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + + return pack('N*', ...$temp); + } + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine and flush all $buffers + * Used (only) if $engine == self::ENGINE_INTERNAL + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setIV() + * + * - disableContinuousBuffer() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * {@internal setup() is always called before en/decryption.} + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::setKey() + * @see self::setIV() + * @see self::disableContinuousBuffer() + */ + protected function setup(): void + { + if (!$this->changed) { + return; + } + + parent::setup(); + + if (is_string($this->iv) && strlen($this->iv) != $this->block_size) { + throw new InconsistentSetupException('The IV length (' . strlen($this->iv) . ') does not match the block size (' . $this->block_size . ')'); + } + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey(): void + { + // Each number in $rcon is equal to the previous number multiplied by two in Rijndael's finite field. + // See http://en.wikipedia.org/wiki/Finite_field_arithmetic#Multiplicative_inverse + static $rcon; + + if (!isset($rcon)) { + $rcon = [0, + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, + 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000, + 0x6C000000, 0xD8000000, 0xAB000000, 0x4D000000, 0x9A000000, + 0x2F000000, 0x5E000000, 0xBC000000, 0x63000000, 0xC6000000, + 0x97000000, 0x35000000, 0x6A000000, 0xD4000000, 0xB3000000, + 0x7D000000, 0xFA000000, 0xEF000000, 0xC5000000, 0x91000000, + ]; + $rcon = array_map('intval', $rcon); + } + + if (isset($this->kl['key']) && $this->key === $this->kl['key'] && $this->key_length === $this->kl['key_length'] && $this->block_size === $this->kl['block_size']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key, 'key_length' => $this->key_length, 'block_size' => $this->block_size]; + + $this->Nk = $this->key_length >> 2; + // see Rijndael-ammended.pdf#page=44 + $this->Nr = max($this->Nk, $this->Nb) + 6; + + // shift offsets for Nb = 5, 7 are defined in Rijndael-ammended.pdf#page=44, + // "Table 8: Shift offsets in Shiftrow for the alternative block lengths" + // shift offsets for Nb = 4, 6, 8 are defined in Rijndael-ammended.pdf#page=14, + // "Table 2: Shift offsets for different block lengths" + switch ($this->Nb) { + case 4: + case 5: + case 6: + $this->c = [0, 1, 2, 3]; + break; + case 7: + $this->c = [0, 1, 2, 4]; + break; + case 8: + $this->c = [0, 1, 3, 4]; + } + + $w = array_values(unpack('N*words', $this->key)); + + $length = $this->Nb * ($this->Nr + 1); + for ($i = $this->Nk; $i < $length; $i++) { + $temp = $w[$i - 1]; + if ($i % $this->Nk == 0) { + // according to , "the size of an integer is platform-dependent". + // on a 32-bit machine, it's 32-bits, and on a 64-bit machine, it's 64-bits. on a 32-bit machine, + // 0xFFFFFFFF << 8 == 0xFFFFFF00, but on a 64-bit machine, it equals 0xFFFFFFFF00. as such, doing 'and' + // with 0xFFFFFFFF (or 0xFFFFFF00) on a 32-bit machine is unnecessary, but on a 64-bit machine, it is. + $temp = (($temp << 8) & intval(0xFFFFFF00)) | (($temp >> 24) & 0x000000FF); // rotWord + $temp = $this->subWord($temp) ^ $rcon[$i / $this->Nk]; + } elseif ($this->Nk > 6 && $i % $this->Nk == 4) { + $temp = $this->subWord($temp); + } + $w[$i] = $w[$i - $this->Nk] ^ $temp; + } + + // convert the key schedule from a vector of $Nb * ($Nr + 1) length to a matrix with $Nr + 1 rows and $Nb columns + // and generate the inverse key schedule. more specifically, + // according to (section 5.3.3), + // "The key expansion for the Inverse Cipher is defined as follows: + // 1. Apply the Key Expansion. + // 2. Apply InvMixColumn to all Round Keys except the first and the last one." + // also, see fips-197.pdf#page=27, "5.3.5 Equivalent Inverse Cipher" + [$dt0, $dt1, $dt2, $dt3] = $this->getInvTables(); + $temp = $this->w = $this->dw = []; + for ($i = $row = $col = 0; $i < $length; $i++, $col++) { + if ($col == $this->Nb) { + if ($row == 0) { + $this->dw[0] = $this->w[0]; + } else { + // subWord + invMixColumn + invSubWord = invMixColumn + $j = 0; + while ($j < $this->Nb) { + $dw = $this->subWord($this->w[$row][$j]); + $temp[$j] = $dt0[$dw >> 24 & 0x000000FF] ^ + $dt1[$dw >> 16 & 0x000000FF] ^ + $dt2[$dw >> 8 & 0x000000FF] ^ + $dt3[$dw & 0x000000FF]; + $j++; + } + $this->dw[$row] = $temp; + } + + $col = 0; + $row++; + } + $this->w[$row][$col] = $w[$i]; + } + + $this->dw[$row] = $this->w[$row]; + + // Converting to 1-dim key arrays (both ascending) + $this->dw = array_reverse($this->dw); + $w = array_pop($this->w); + $dw = array_pop($this->dw); + foreach ($this->w as $r => $wr) { + foreach ($wr as $c => $wc) { + $w[] = $wc; + $dw[] = $this->dw[$r][$c]; + } + } + $this->w = $w; + $this->dw = $dw; + } + + /** + * Performs S-Box substitutions + * + * @return array + */ + private function subWord(int $word) + { + static $sbox; + if (empty($sbox)) { + [, , , , $sbox] = self::getTables(); + } + + return $sbox[$word & 0x000000FF] | + ($sbox[$word >> 8 & 0x000000FF] << 8) | + ($sbox[$word >> 16 & 0x000000FF] << 16) | + ($sbox[$word >> 24 & 0x000000FF] << 24); + } + + /** + * Provides the mixColumns and sboxes tables + * + * @see self::encryptBlock() + * @see self::setupInlineCrypt() + * @see self::subWord() + * @return array &$tables + */ + protected function &getTables(): array + { + static $tables; + if (empty($tables)) { + // according to (section 5.2.1), + // precomputed tables can be used in the mixColumns phase. in that example, they're assigned t0...t3, so + // those are the names we'll use. + $t3 = array_map('intval', [ + // with array_map('intval', ...) we ensure we have only int's and not + // some slower floats converted by php automatically on high values + 0x6363A5C6, 0x7C7C84F8, 0x777799EE, 0x7B7B8DF6, 0xF2F20DFF, 0x6B6BBDD6, 0x6F6FB1DE, 0xC5C55491, + 0x30305060, 0x01010302, 0x6767A9CE, 0x2B2B7D56, 0xFEFE19E7, 0xD7D762B5, 0xABABE64D, 0x76769AEC, + 0xCACA458F, 0x82829D1F, 0xC9C94089, 0x7D7D87FA, 0xFAFA15EF, 0x5959EBB2, 0x4747C98E, 0xF0F00BFB, + 0xADADEC41, 0xD4D467B3, 0xA2A2FD5F, 0xAFAFEA45, 0x9C9CBF23, 0xA4A4F753, 0x727296E4, 0xC0C05B9B, + 0xB7B7C275, 0xFDFD1CE1, 0x9393AE3D, 0x26266A4C, 0x36365A6C, 0x3F3F417E, 0xF7F702F5, 0xCCCC4F83, + 0x34345C68, 0xA5A5F451, 0xE5E534D1, 0xF1F108F9, 0x717193E2, 0xD8D873AB, 0x31315362, 0x15153F2A, + 0x04040C08, 0xC7C75295, 0x23236546, 0xC3C35E9D, 0x18182830, 0x9696A137, 0x05050F0A, 0x9A9AB52F, + 0x0707090E, 0x12123624, 0x80809B1B, 0xE2E23DDF, 0xEBEB26CD, 0x2727694E, 0xB2B2CD7F, 0x75759FEA, + 0x09091B12, 0x83839E1D, 0x2C2C7458, 0x1A1A2E34, 0x1B1B2D36, 0x6E6EB2DC, 0x5A5AEEB4, 0xA0A0FB5B, + 0x5252F6A4, 0x3B3B4D76, 0xD6D661B7, 0xB3B3CE7D, 0x29297B52, 0xE3E33EDD, 0x2F2F715E, 0x84849713, + 0x5353F5A6, 0xD1D168B9, 0x00000000, 0xEDED2CC1, 0x20206040, 0xFCFC1FE3, 0xB1B1C879, 0x5B5BEDB6, + 0x6A6ABED4, 0xCBCB468D, 0xBEBED967, 0x39394B72, 0x4A4ADE94, 0x4C4CD498, 0x5858E8B0, 0xCFCF4A85, + 0xD0D06BBB, 0xEFEF2AC5, 0xAAAAE54F, 0xFBFB16ED, 0x4343C586, 0x4D4DD79A, 0x33335566, 0x85859411, + 0x4545CF8A, 0xF9F910E9, 0x02020604, 0x7F7F81FE, 0x5050F0A0, 0x3C3C4478, 0x9F9FBA25, 0xA8A8E34B, + 0x5151F3A2, 0xA3A3FE5D, 0x4040C080, 0x8F8F8A05, 0x9292AD3F, 0x9D9DBC21, 0x38384870, 0xF5F504F1, + 0xBCBCDF63, 0xB6B6C177, 0xDADA75AF, 0x21216342, 0x10103020, 0xFFFF1AE5, 0xF3F30EFD, 0xD2D26DBF, + 0xCDCD4C81, 0x0C0C1418, 0x13133526, 0xECEC2FC3, 0x5F5FE1BE, 0x9797A235, 0x4444CC88, 0x1717392E, + 0xC4C45793, 0xA7A7F255, 0x7E7E82FC, 0x3D3D477A, 0x6464ACC8, 0x5D5DE7BA, 0x19192B32, 0x737395E6, + 0x6060A0C0, 0x81819819, 0x4F4FD19E, 0xDCDC7FA3, 0x22226644, 0x2A2A7E54, 0x9090AB3B, 0x8888830B, + 0x4646CA8C, 0xEEEE29C7, 0xB8B8D36B, 0x14143C28, 0xDEDE79A7, 0x5E5EE2BC, 0x0B0B1D16, 0xDBDB76AD, + 0xE0E03BDB, 0x32325664, 0x3A3A4E74, 0x0A0A1E14, 0x4949DB92, 0x06060A0C, 0x24246C48, 0x5C5CE4B8, + 0xC2C25D9F, 0xD3D36EBD, 0xACACEF43, 0x6262A6C4, 0x9191A839, 0x9595A431, 0xE4E437D3, 0x79798BF2, + 0xE7E732D5, 0xC8C8438B, 0x3737596E, 0x6D6DB7DA, 0x8D8D8C01, 0xD5D564B1, 0x4E4ED29C, 0xA9A9E049, + 0x6C6CB4D8, 0x5656FAAC, 0xF4F407F3, 0xEAEA25CF, 0x6565AFCA, 0x7A7A8EF4, 0xAEAEE947, 0x08081810, + 0xBABAD56F, 0x787888F0, 0x25256F4A, 0x2E2E725C, 0x1C1C2438, 0xA6A6F157, 0xB4B4C773, 0xC6C65197, + 0xE8E823CB, 0xDDDD7CA1, 0x74749CE8, 0x1F1F213E, 0x4B4BDD96, 0xBDBDDC61, 0x8B8B860D, 0x8A8A850F, + 0x707090E0, 0x3E3E427C, 0xB5B5C471, 0x6666AACC, 0x4848D890, 0x03030506, 0xF6F601F7, 0x0E0E121C, + 0x6161A3C2, 0x35355F6A, 0x5757F9AE, 0xB9B9D069, 0x86869117, 0xC1C15899, 0x1D1D273A, 0x9E9EB927, + 0xE1E138D9, 0xF8F813EB, 0x9898B32B, 0x11113322, 0x6969BBD2, 0xD9D970A9, 0x8E8E8907, 0x9494A733, + 0x9B9BB62D, 0x1E1E223C, 0x87879215, 0xE9E920C9, 0xCECE4987, 0x5555FFAA, 0x28287850, 0xDFDF7AA5, + 0x8C8C8F03, 0xA1A1F859, 0x89898009, 0x0D0D171A, 0xBFBFDA65, 0xE6E631D7, 0x4242C684, 0x6868B8D0, + 0x4141C382, 0x9999B029, 0x2D2D775A, 0x0F0F111E, 0xB0B0CB7B, 0x5454FCA8, 0xBBBBD66D, 0x16163A2C, + ]); + + foreach ($t3 as $t3i) { + $t0[] = (($t3i << 24) & intval(0xFF000000)) | (($t3i >> 8) & 0x00FFFFFF); + $t1[] = (($t3i << 16) & intval(0xFFFF0000)) | (($t3i >> 16) & 0x0000FFFF); + $t2[] = (($t3i << 8) & intval(0xFFFFFF00)) | (($t3i >> 24) & 0x000000FF); + } + + $tables = [ + // The Precomputed mixColumns tables t0 - t3 + $t0, + $t1, + $t2, + $t3, + // The SubByte S-Box + [ + 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, + 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, + 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, + 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, + 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, + 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, + 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, + 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, + 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, + 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, + 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, + 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, + 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, + 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, + 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, + 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16, + ], + ]; + } + return $tables; + } + + /** + * Provides the inverse mixColumns and inverse sboxes tables + * + * @see self::decryptBlock() + * @see self::setupInlineCrypt() + * @see self::setupKey() + * @return array &$tables + */ + protected function &getInvTables(): array + { + static $tables; + if (empty($tables)) { + $dt3 = array_map('intval', [ + 0xF4A75051, 0x4165537E, 0x17A4C31A, 0x275E963A, 0xAB6BCB3B, 0x9D45F11F, 0xFA58ABAC, 0xE303934B, + 0x30FA5520, 0x766DF6AD, 0xCC769188, 0x024C25F5, 0xE5D7FC4F, 0x2ACBD7C5, 0x35448026, 0x62A38FB5, + 0xB15A49DE, 0xBA1B6725, 0xEA0E9845, 0xFEC0E15D, 0x2F7502C3, 0x4CF01281, 0x4697A38D, 0xD3F9C66B, + 0x8F5FE703, 0x929C9515, 0x6D7AEBBF, 0x5259DA95, 0xBE832DD4, 0x7421D358, 0xE0692949, 0xC9C8448E, + 0xC2896A75, 0x8E7978F4, 0x583E6B99, 0xB971DD27, 0xE14FB6BE, 0x88AD17F0, 0x20AC66C9, 0xCE3AB47D, + 0xDF4A1863, 0x1A3182E5, 0x51336097, 0x537F4562, 0x6477E0B1, 0x6BAE84BB, 0x81A01CFE, 0x082B94F9, + 0x48685870, 0x45FD198F, 0xDE6C8794, 0x7BF8B752, 0x73D323AB, 0x4B02E272, 0x1F8F57E3, 0x55AB2A66, + 0xEB2807B2, 0xB5C2032F, 0xC57B9A86, 0x3708A5D3, 0x2887F230, 0xBFA5B223, 0x036ABA02, 0x16825CED, + 0xCF1C2B8A, 0x79B492A7, 0x07F2F0F3, 0x69E2A14E, 0xDAF4CD65, 0x05BED506, 0x34621FD1, 0xA6FE8AC4, + 0x2E539D34, 0xF355A0A2, 0x8AE13205, 0xF6EB75A4, 0x83EC390B, 0x60EFAA40, 0x719F065E, 0x6E1051BD, + 0x218AF93E, 0xDD063D96, 0x3E05AEDD, 0xE6BD464D, 0x548DB591, 0xC45D0571, 0x06D46F04, 0x5015FF60, + 0x98FB2419, 0xBDE997D6, 0x4043CC89, 0xD99E7767, 0xE842BDB0, 0x898B8807, 0x195B38E7, 0xC8EEDB79, + 0x7C0A47A1, 0x420FE97C, 0x841EC9F8, 0x00000000, 0x80868309, 0x2BED4832, 0x1170AC1E, 0x5A724E6C, + 0x0EFFFBFD, 0x8538560F, 0xAED51E3D, 0x2D392736, 0x0FD9640A, 0x5CA62168, 0x5B54D19B, 0x362E3A24, + 0x0A67B10C, 0x57E70F93, 0xEE96D2B4, 0x9B919E1B, 0xC0C54F80, 0xDC20A261, 0x774B695A, 0x121A161C, + 0x93BA0AE2, 0xA02AE5C0, 0x22E0433C, 0x1B171D12, 0x090D0B0E, 0x8BC7ADF2, 0xB6A8B92D, 0x1EA9C814, + 0xF1198557, 0x75074CAF, 0x99DDBBEE, 0x7F60FDA3, 0x01269FF7, 0x72F5BC5C, 0x663BC544, 0xFB7E345B, + 0x4329768B, 0x23C6DCCB, 0xEDFC68B6, 0xE4F163B8, 0x31DCCAD7, 0x63851042, 0x97224013, 0xC6112084, + 0x4A247D85, 0xBB3DF8D2, 0xF93211AE, 0x29A16DC7, 0x9E2F4B1D, 0xB230F3DC, 0x8652EC0D, 0xC1E3D077, + 0xB3166C2B, 0x70B999A9, 0x9448FA11, 0xE9642247, 0xFC8CC4A8, 0xF03F1AA0, 0x7D2CD856, 0x3390EF22, + 0x494EC787, 0x38D1C1D9, 0xCAA2FE8C, 0xD40B3698, 0xF581CFA6, 0x7ADE28A5, 0xB78E26DA, 0xADBFA43F, + 0x3A9DE42C, 0x78920D50, 0x5FCC9B6A, 0x7E466254, 0x8D13C2F6, 0xD8B8E890, 0x39F75E2E, 0xC3AFF582, + 0x5D80BE9F, 0xD0937C69, 0xD52DA96F, 0x2512B3CF, 0xAC993BC8, 0x187DA710, 0x9C636EE8, 0x3BBB7BDB, + 0x267809CD, 0x5918F46E, 0x9AB701EC, 0x4F9AA883, 0x956E65E6, 0xFFE67EAA, 0xBCCF0821, 0x15E8E6EF, + 0xE79BD9BA, 0x6F36CE4A, 0x9F09D4EA, 0xB07CD629, 0xA4B2AF31, 0x3F23312A, 0xA59430C6, 0xA266C035, + 0x4EBC3774, 0x82CAA6FC, 0x90D0B0E0, 0xA7D81533, 0x04984AF1, 0xECDAF741, 0xCD500E7F, 0x91F62F17, + 0x4DD68D76, 0xEFB04D43, 0xAA4D54CC, 0x9604DFE4, 0xD1B5E39E, 0x6A881B4C, 0x2C1FB8C1, 0x65517F46, + 0x5EEA049D, 0x8C355D01, 0x877473FA, 0x0B412EFB, 0x671D5AB3, 0xDBD25292, 0x105633E9, 0xD647136D, + 0xD7618C9A, 0xA10C7A37, 0xF8148E59, 0x133C89EB, 0xA927EECE, 0x61C935B7, 0x1CE5EDE1, 0x47B13C7A, + 0xD2DF599C, 0xF2733F55, 0x14CE7918, 0xC737BF73, 0xF7CDEA53, 0xFDAA5B5F, 0x3D6F14DF, 0x44DB8678, + 0xAFF381CA, 0x68C43EB9, 0x24342C38, 0xA3405FC2, 0x1DC37216, 0xE2250CBC, 0x3C498B28, 0x0D9541FF, + 0xA8017139, 0x0CB3DE08, 0xB4E49CD8, 0x56C19064, 0xCB84617B, 0x32B670D5, 0x6C5C7448, 0xB85742D0, + ]); + + foreach ($dt3 as $dt3i) { + $dt0[] = (($dt3i << 24) & intval(0xFF000000)) | (($dt3i >> 8) & 0x00FFFFFF); + $dt1[] = (($dt3i << 16) & intval(0xFFFF0000)) | (($dt3i >> 16) & 0x0000FFFF); + $dt2[] = (($dt3i << 8) & intval(0xFFFFFF00)) | (($dt3i >> 24) & 0x000000FF); + }; + + $tables = [ + // The Precomputed inverse mixColumns tables dt0 - dt3 + $dt0, + $dt1, + $dt2, + $dt3, + // The inverse SubByte S-Box + [ + 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, + 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, + 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, + 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, + 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, + 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, + 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, + 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, + 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, + 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, + 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, + 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, + 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, + 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, + 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D, + ], + ]; + } + return $tables; + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupInlineCrypt() + */ + protected function setupInlineCrypt(): void + { + $w = $this->w; + $dw = $this->dw; + $init_encrypt = ''; + $init_decrypt = ''; + + $Nr = $this->Nr; + $Nb = $this->Nb; + $c = $this->c; + + // Generating encrypt code: + $init_encrypt .= ' + if (empty($tables)) { + $tables = &$this->getTables(); + } + $t0 = $tables[0]; + $t1 = $tables[1]; + $t2 = $tables[2]; + $t3 = $tables[3]; + $sbox = $tables[4]; + '; + + $s = 'e'; + $e = 's'; + $wc = $Nb - 1; + + // Preround: addRoundKey + $encrypt_block = '$in = unpack("N*", $in);' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= '$s' . $i . ' = $in[' . ($i + 1) . '] ^ ' . $w[++$wc] . ";\n"; + } + + // Mainrounds: shiftRows + subWord + mixColumns + addRoundKey + for ($round = 1; $round < $Nr; ++$round) { + [$s, $e] = [$e, $s]; + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= + '$' . $e . $i . ' = + $t0[($' . $s . $i . ' >> 24) & 0xff] ^ + $t1[($' . $s . (($i + $c[1]) % $Nb) . ' >> 16) & 0xff] ^ + $t2[($' . $s . (($i + $c[2]) % $Nb) . ' >> 8) & 0xff] ^ + $t3[ $' . $s . (($i + $c[3]) % $Nb) . ' & 0xff] ^ + ' . $w[++$wc] . ";\n"; + } + } + + // Finalround: subWord + shiftRows + addRoundKey + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= + '$' . $e . $i . ' = + $sbox[ $' . $e . $i . ' & 0xff] | + ($sbox[($' . $e . $i . ' >> 8) & 0xff] << 8) | + ($sbox[($' . $e . $i . ' >> 16) & 0xff] << 16) | + ($sbox[($' . $e . $i . ' >> 24) & 0xff] << 24);' . "\n"; + } + $encrypt_block .= '$in = pack("N*"' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= ', + ($' . $e . $i . ' & ' . ((int)0xFF000000) . ') ^ + ($' . $e . (($i + $c[1]) % $Nb) . ' & 0x00FF0000 ) ^ + ($' . $e . (($i + $c[2]) % $Nb) . ' & 0x0000FF00 ) ^ + ($' . $e . (($i + $c[3]) % $Nb) . ' & 0x000000FF ) ^ + ' . $w[$i] . "\n"; + } + $encrypt_block .= ');'; + + // Generating decrypt code: + $init_decrypt .= ' + if (empty($invtables)) { + $invtables = &$this->getInvTables(); + } + $dt0 = $invtables[0]; + $dt1 = $invtables[1]; + $dt2 = $invtables[2]; + $dt3 = $invtables[3]; + $isbox = $invtables[4]; + '; + + $s = 'e'; + $e = 's'; + $wc = $Nb - 1; + + // Preround: addRoundKey + $decrypt_block = '$in = unpack("N*", $in);' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= '$s' . $i . ' = $in[' . ($i + 1) . '] ^ ' . $dw[++$wc] . ';' . "\n"; + } + + // Mainrounds: shiftRows + subWord + mixColumns + addRoundKey + for ($round = 1; $round < $Nr; ++$round) { + [$s, $e] = [$e, $s]; + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= + '$' . $e . $i . ' = + $dt0[($' . $s . $i . ' >> 24) & 0xff] ^ + $dt1[($' . $s . (($Nb + $i - $c[1]) % $Nb) . ' >> 16) & 0xff] ^ + $dt2[($' . $s . (($Nb + $i - $c[2]) % $Nb) . ' >> 8) & 0xff] ^ + $dt3[ $' . $s . (($Nb + $i - $c[3]) % $Nb) . ' & 0xff] ^ + ' . $dw[++$wc] . ";\n"; + } + } + + // Finalround: subWord + shiftRows + addRoundKey + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= + '$' . $e . $i . ' = + $isbox[ $' . $e . $i . ' & 0xff] | + ($isbox[($' . $e . $i . ' >> 8) & 0xff] << 8) | + ($isbox[($' . $e . $i . ' >> 16) & 0xff] << 16) | + ($isbox[($' . $e . $i . ' >> 24) & 0xff] << 24);' . "\n"; + } + $decrypt_block .= '$in = pack("N*"' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= ', + ($' . $e . $i . ' & ' . ((int)0xFF000000) . ') ^ + ($' . $e . (($Nb + $i - $c[1]) % $Nb) . ' & 0x00FF0000 ) ^ + ($' . $e . (($Nb + $i - $c[2]) % $Nb) . ' & 0x0000FF00 ) ^ + ($' . $e . (($Nb + $i - $c[3]) % $Nb) . ' & 0x000000FF ) ^ + ' . $dw[$i] . "\n"; + } + $decrypt_block .= ');'; + + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => 'static $tables; static $invtables;', + 'init_encrypt' => $init_encrypt, + 'init_decrypt' => $init_decrypt, + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block, + ] + ); + } + + /** + * Encrypts a message. + * + * @see self::decrypt() + * @see parent::encrypt() + */ + public function encrypt(string $plaintext): string + { + $this->setup(); + + switch ($this->engine) { + case self::ENGINE_LIBSODIUM: + $this->newtag = sodium_crypto_aead_aes256gcm_encrypt($plaintext, $this->aad, $this->nonce, $this->key); + return Strings::shift($this->newtag, strlen($plaintext)); + case self::ENGINE_OPENSSL_GCM: + return openssl_encrypt( + $plaintext, + 'aes-' . $this->getKeyLength() . '-gcm', + $this->key, + OPENSSL_RAW_DATA, + $this->nonce, + $this->newtag, + $this->aad + ); + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * @see self::encrypt() + * @see parent::decrypt() + */ + public function decrypt(string $ciphertext): string + { + $this->setup(); + + switch ($this->engine) { + case self::ENGINE_LIBSODIUM: + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + if (strlen($this->oldtag) != 16) { + break; + } + $plaintext = sodium_crypto_aead_aes256gcm_decrypt($ciphertext . $this->oldtag, $this->aad, $this->nonce, $this->key); + if ($plaintext === false) { + $this->oldtag = false; + throw new BadDecryptionException('Error decrypting ciphertext with libsodium'); + } + return $plaintext; + case self::ENGINE_OPENSSL_GCM: + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + $plaintext = openssl_decrypt( + $ciphertext, + 'aes-' . $this->getKeyLength() . '-gcm', + $this->key, + OPENSSL_RAW_DATA, + $this->nonce, + $this->oldtag, + $this->aad + ); + if ($plaintext === false) { + $this->oldtag = false; + throw new BadDecryptionException('Error decrypting ciphertext with OpenSSL'); + } + return $plaintext; + } + + return parent::decrypt($ciphertext); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Salsa20.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Salsa20.php new file mode 100644 index 0000000..526027f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Salsa20.php @@ -0,0 +1,503 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\StreamCipher; +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of Salsa20. + * + * @author Jim Wigginton + */ +class Salsa20 extends StreamCipher +{ + /** + * Part 1 of the state + * + * @var string|false + */ + protected $p1 = false; + + /** + * Part 2 of the state + * + * @var string|false + */ + protected $p2 = false; + + /** + * Key Length (in bytes) + * + * @var int + */ + protected $key_length = 32; // = 256 bits + + /** + * @see \phpseclib3\Crypt\Salsa20::crypt() + */ + public const ENCRYPT = 0; + + /** + * @see \phpseclib3\Crypt\Salsa20::crypt() + */ + public const DECRYPT = 1; + + /** + * Encryption buffer for continuous mode + * + * @var array + */ + protected $enbuffer; + + /** + * Decryption buffer for continuous mode + * + * @var array + */ + protected $debuffer; + + /** + * Counter + * + * @var int + */ + protected $counter = 0; + + /** + * Using Generated Poly1305 Key + * + * @var boolean + */ + protected $usingGeneratedPoly1305Key = false; + + /** + * Salsa20 uses a nonce + */ + public function usesNonce(): bool + { + return true; + } + + /** + * Sets the key. + * + * @throws LengthException if the key length isn't supported + */ + public function setKey(string $key): void + { + switch (strlen($key)) { + case 16: + case 32: + break; + default: + throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16 or 32 are supported'); + } + + parent::setKey($key); + } + + /** + * Sets the nonce. + */ + public function setNonce(string $nonce): void + { + if (strlen($nonce) != 8) { + throw new LengthException('Nonce of size ' . strlen($key) . ' not supported by this algorithm. Only an 64-bit nonce is supported'); + } + + $this->nonce = $nonce; + $this->changed = true; + $this->setEngine(); + } + + /** + * Sets the counter. + */ + public function setCounter(int $counter): void + { + $this->counter = $counter; + $this->setEngine(); + } + + /** + * Creates a Poly1305 key using the method discussed in RFC8439 + * + * See https://tools.ietf.org/html/rfc8439#section-2.6.1 + */ + protected function createPoly1305Key(): void + { + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + $c = clone $this; + $c->setCounter(0); + $c->usePoly1305 = false; + $block = $c->encrypt(str_repeat("\0", 256)); + $this->setPoly1305Key(substr($block, 0, 32)); + + if ($this->counter == 0) { + $this->counter++; + } + } + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setNonce() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * @see self::setKey() + * @see self::setNonce() + * @see self::disableContinuousBuffer() + */ + protected function setup(): void + { + if (!$this->changed) { + return; + } + + $this->enbuffer = $this->debuffer = ['ciphertext' => '', 'counter' => $this->counter]; + + $this->changed = $this->nonIVChanged = false; + + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + if ($this->usePoly1305 && !isset($this->poly1305Key)) { + $this->usingGeneratedPoly1305Key = true; + $this->createPoly1305Key(); + } + + $key = $this->key; + if (strlen($key) == 16) { + $constant = 'expand 16-byte k'; + $key .= $key; + } else { + $constant = 'expand 32-byte k'; + } + + $this->p1 = substr($constant, 0, 4) . + substr($key, 0, 16) . + substr($constant, 4, 4) . + $this->nonce . + "\0\0\0\0"; + $this->p2 = substr($constant, 8, 4) . + substr($key, 16, 16) . + substr($constant, 12, 4); + } + + /** + * Setup the key (expansion) + */ + protected function setupKey(): void + { + // Salsa20 does not utilize this method + } + + /** + * Encrypts a message. + * + * @return string $ciphertext + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @see self::crypt() + */ + public function encrypt(string $plaintext): string + { + $ciphertext = $this->crypt($plaintext, self::ENCRYPT); + if (isset($this->poly1305Key)) { + $this->newtag = $this->poly1305($ciphertext); + } + return $ciphertext; + } + + /** + * Decrypts a message. + * + * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). + * At least if the continuous buffer is disabled. + * + * @return string $plaintext + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see self::crypt() + */ + public function decrypt(string $ciphertext): string + { + if (isset($this->poly1305Key)) { + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + $newtag = $this->poly1305($ciphertext); + if ($this->oldtag != substr($newtag, 0, strlen($this->oldtag))) { + $this->oldtag = false; + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + $this->oldtag = false; + } + + return $this->crypt($ciphertext, self::DECRYPT); + } + + /** + * Encrypts a block + */ + protected function encryptBlock(string $in): string + { + // Salsa20 does not utilize this method + return ''; + } + + /** + * Decrypts a block + */ + protected function decryptBlock(string $in): string + { + // Salsa20 does not utilize this method + return ''; + } + + /** + * Encrypts or decrypts a message. + * + * @return string $text + * @see self::decrypt() + * @see self::encrypt() + */ + private function crypt(string $text, int $mode): string + { + $this->setup(); + if (!$this->continuousBuffer) { + if ($this->engine == self::ENGINE_OPENSSL) { + $iv = pack('V', $this->counter) . $this->p2; + return openssl_encrypt( + $text, + $this->cipher_name_openssl, + $this->key, + OPENSSL_RAW_DATA, + $iv + ); + } + $i = $this->counter; + $blocks = str_split($text, 64); + foreach ($blocks as &$block) { + $block ^= static::salsa20($this->p1 . pack('V', $i++) . $this->p2); + } + + return implode('', $blocks); + } + + if ($mode == self::ENCRYPT) { + $buffer = &$this->enbuffer; + } else { + $buffer = &$this->debuffer; + } + if (!strlen($buffer['ciphertext'])) { + $ciphertext = ''; + } else { + $ciphertext = $text ^ Strings::shift($buffer['ciphertext'], strlen($text)); + $text = substr($text, strlen($ciphertext)); + if (!strlen($text)) { + return $ciphertext; + } + } + + $overflow = strlen($text) % 64; // & 0x3F + if ($overflow) { + $text2 = Strings::pop($text, $overflow); + if ($this->engine == self::ENGINE_OPENSSL) { + $iv = pack('V', $buffer['counter']) . $this->p2; + // at this point $text should be a multiple of 64 + $buffer['counter'] += (strlen($text) >> 6) + 1; // ie. divide by 64 + $encrypted = openssl_encrypt( + $text . str_repeat("\0", 64), + $this->cipher_name_openssl, + $this->key, + OPENSSL_RAW_DATA, + $iv + ); + $temp = Strings::pop($encrypted, 64); + } else { + $blocks = str_split($text, 64); + if (strlen($text)) { + foreach ($blocks as &$block) { + $block ^= static::salsa20($this->p1 . pack('V', $buffer['counter']++) . $this->p2); + } + } + $encrypted = implode('', $blocks); + $temp = static::salsa20($this->p1 . pack('V', $buffer['counter']++) . $this->p2); + } + $ciphertext .= $encrypted . ($text2 ^ $temp); + $buffer['ciphertext'] = substr($temp, $overflow); + } elseif (!strlen($buffer['ciphertext'])) { + if ($this->engine == self::ENGINE_OPENSSL) { + $iv = pack('V', $buffer['counter']) . $this->p2; + $buffer['counter'] += (strlen($text) >> 6); + $ciphertext .= openssl_encrypt( + $text, + $this->cipher_name_openssl, + $this->key, + OPENSSL_RAW_DATA, + $iv + ); + } else { + $blocks = str_split($text, 64); + foreach ($blocks as &$block) { + $block ^= static::salsa20($this->p1 . pack('V', $buffer['counter']++) . $this->p2); + } + $ciphertext .= implode('', $blocks); + } + } + + return $ciphertext; + } + + /** + * Left Rotate + */ + protected static function leftRotate(int $x, int $n): int + { + if (PHP_INT_SIZE == 8) { + $r1 = $x << $n; + $r1 &= 0xFFFFFFFF; + $r2 = ($x & 0xFFFFFFFF) >> (32 - $n); + } else { + $x = (int) $x; + $r1 = $x << $n; + $r2 = $x >> (32 - $n); + $r2 &= (1 << $n) - 1; + } + return $r1 | $r2; + } + + /** + * The quarterround function + */ + protected static function quarterRound(int &$a, int &$b, int &$c, int &$d): void + { + $b ^= self::leftRotate($a + $d, 7); + $c ^= self::leftRotate($b + $a, 9); + $d ^= self::leftRotate($c + $b, 13); + $a ^= self::leftRotate($d + $c, 18); + } + + /** + * The doubleround function + * + * @param int $x0 (by reference) + * @param int $x1 (by reference) + * @param int $x2 (by reference) + * @param int $x3 (by reference) + * @param int $x4 (by reference) + * @param int $x5 (by reference) + * @param int $x6 (by reference) + * @param int $x7 (by reference) + * @param int $x8 (by reference) + * @param int $x9 (by reference) + * @param int $x10 (by reference) + * @param int $x11 (by reference) + * @param int $x12 (by reference) + * @param int $x13 (by reference) + * @param int $x14 (by reference) + * @param int $x15 (by reference) + */ + protected static function doubleRound(int &$x0, int &$x1, int &$x2, int &$x3, int &$x4, int &$x5, int &$x6, int &$x7, int &$x8, int &$x9, int &$x10, int &$x11, int &$x12, int &$x13, int &$x14, int &$x15): void + { + // columnRound + static::quarterRound($x0, $x4, $x8, $x12); + static::quarterRound($x5, $x9, $x13, $x1); + static::quarterRound($x10, $x14, $x2, $x6); + static::quarterRound($x15, $x3, $x7, $x11); + // rowRound + static::quarterRound($x0, $x1, $x2, $x3); + static::quarterRound($x5, $x6, $x7, $x4); + static::quarterRound($x10, $x11, $x8, $x9); + static::quarterRound($x15, $x12, $x13, $x14); + } + + /** + * The Salsa20 hash function function + */ + protected static function salsa20(string $x) + { + $z = $x = unpack('V*', $x); + for ($i = 0; $i < 10; $i++) { + static::doubleRound($z[1], $z[2], $z[3], $z[4], $z[5], $z[6], $z[7], $z[8], $z[9], $z[10], $z[11], $z[12], $z[13], $z[14], $z[15], $z[16]); + } + + for ($i = 1; $i <= 16; $i++) { + $x[$i] += $z[$i]; + } + + return pack('V*', ...$x); + } + + /** + * Calculates Poly1305 MAC + * + * @see self::decrypt() + * @see self::encrypt() + */ + protected function poly1305(string $text): string + { + if (!$this->usingGeneratedPoly1305Key) { + return parent::poly1305($this->aad . $text); + } else { + /* + sodium_crypto_aead_chacha20poly1305_encrypt does not calculate the poly1305 tag + the same way sodium_crypto_aead_chacha20poly1305_ietf_encrypt does. you can see + how the latter encrypts it in Salsa20::encrypt(). here's how the former encrypts + it: + + $this->newtag = $this->poly1305( + $this->aad . + pack('V', strlen($this->aad)) . "\0\0\0\0" . + $ciphertext . + pack('V', strlen($ciphertext)) . "\0\0\0\0" + ); + + phpseclib opts to use the IETF construction, even when the nonce is 64-bits + instead of 96-bits + */ + return parent::poly1305( + self::nullPad128($this->aad) . + self::nullPad128($text) . + pack('V', strlen($this->aad)) . "\0\0\0\0" . + pack('V', strlen($text)) . "\0\0\0\0" + ); + } + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/TripleDES.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/TripleDES.php new file mode 100644 index 0000000..ff89501 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/TripleDES.php @@ -0,0 +1,415 @@ + + * setKey('abcdefghijklmnopqrstuvwx'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $des->decrypt($des->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of Triple DES. + * + * @author Jim Wigginton + */ +class TripleDES extends DES +{ + /** + * Encrypt / decrypt using inner chaining + * + * Inner chaining is used by SSH-1 and is generally considered to be less secure then outer chaining (self::MODE_CBC3). + */ + public const MODE_3CBC = -2; + + /** + * Encrypt / decrypt using outer chaining + * + * Outer chaining is used by SSH-2 and when the mode is set to \phpseclib3\Crypt\Common\BlockCipher::MODE_CBC. + */ + public const MODE_CBC3 = self::MODE_CBC; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\TripleDES::setKeyLength() + * @var int + */ + protected $key_length = 24; + + /** + * max possible size of $key + * + * @see self::setKey() + * @see \phpseclib3\Crypt\DES::setKey() + * @var string + */ + protected $key_length_max = 24; + + /** + * Internal flag whether using self::MODE_3CBC or not + * + * @var bool + */ + private $mode_3cbc; + + /** + * The \phpseclib3\Crypt\DES objects + * + * Used only if $mode_3cbc === true + * + * @var array + */ + private $des; + + /** + * Default Constructor. + * + * $mode could be: + * + * - ecb + * + * - cbc + * + * - ctr + * + * - cfb + * + * - ofb + * + * - 3cbc + * + * - cbc3 (same as cbc) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @see \phpseclib3\Crypt\DES::__construct() + */ + public function __construct(string $mode) + { + switch (strtolower($mode)) { + // In case of self::MODE_3CBC, we init as CRYPT_DES_MODE_CBC + // and additional flag us internally as 3CBC + case '3cbc': + parent::__construct('cbc'); + $this->mode_3cbc = true; + + // This three $des'es will do the 3CBC work (if $key > 64bits) + $this->des = [ + new DES('cbc'), + new DES('cbc'), + new DES('cbc'), + ]; + + // we're going to be doing the padding, ourselves, so disable it in the \phpseclib3\Crypt\DES objects + $this->des[0]->disablePadding(); + $this->des[1]->disablePadding(); + $this->des[2]->disablePadding(); + break; + case 'cbc3': + $mode = 'cbc'; + // fall-through + // If not 3CBC, we init as usual + default: + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + protected function isValidEngineHelper(int $engine): bool + { + if ($engine == self::ENGINE_OPENSSL) { + $this->cipher_name_openssl_ecb = 'des-ede3'; + $mode = $this->openssl_translate_mode(); + $this->cipher_name_openssl = $mode == 'ecb' ? 'des-ede3' : 'des-ede3-' . $mode; + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the initialization vector. + * + * SetIV is not required when \phpseclib3\Crypt\Common\SymmetricKey::MODE_ECB is being used. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setIV() + */ + public function setIV(string $iv): void + { + parent::setIV($iv); + if ($this->mode_3cbc) { + $this->des[0]->setIV($iv); + $this->des[1]->setIV($iv); + $this->des[2]->setIV($iv); + } + } + + /** + * Sets the key length. + * + * Valid key lengths are 128 and 192 bits. + * + * If you want to use a 64-bit key use DES.php + * + * @throws LengthException if the key length is invalid + * @see \phpseclib3\Crypt\Common\SymmetricKey:setKeyLength() + */ + public function setKeyLength(int $length): void + { + switch ($length) { + case 128: + case 192: + break; + default: + throw new LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes 128 or 192 bits are supported'); + } + + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Triple DES can use 128-bit (eg. strlen($key) == 16) or 192-bit (eg. strlen($key) == 24) keys. + * + * DES also requires that every eighth bit be a parity bit, however, we'll ignore that. + * + * @throws LengthException if the key length is invalid + * @see \phpseclib3\Crypt\DES::setKey() + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKey() + */ + public function setKey(string $key): void + { + if ($this->explicit_key_length !== false && strlen($key) != $this->explicit_key_length) { + throw new LengthException('Key length has already been set to ' . $this->explicit_key_length . ' bytes and this key is ' . strlen($key) . ' bytes'); + } + + switch (strlen($key)) { + case 16: + $key .= substr($key, 0, 8); + break; + case 24: + break; + default: + throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16 or 24 are supported'); + } + + // copied from self::setKey() + $this->key = $key; + $this->key_length = strlen($key); + $this->changed = $this->nonIVChanged = true; + $this->setEngine(); + + if ($this->mode_3cbc) { + $this->des[0]->setKey(substr($key, 0, 8)); + $this->des[1]->setKey(substr($key, 8, 8)); + $this->des[2]->setKey(substr($key, 16, 8)); + } + } + + /** + * Encrypts a message. + * + * @return string $cipertext + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + */ + public function encrypt(string $plaintext): string + { + // parent::en/decrypt() is able to do all the work for all modes and keylengths, + // except for: self::MODE_3CBC (inner chaining CBC) with a key > 64bits + + // if the key is smaller then 8, do what we'd normally do + if ($this->mode_3cbc && strlen($this->key) > 8) { + return $this->des[2]->encrypt( + $this->des[1]->decrypt( + $this->des[0]->encrypt( + $this->pad($plaintext) + ) + ) + ); + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * @return string $plaintext + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + public function decrypt(string $ciphertext): string + { + if ($this->mode_3cbc && strlen($this->key) > 8) { + return $this->unpad( + $this->des[0]->decrypt( + $this->des[1]->encrypt( + $this->des[2]->decrypt( + str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, "\0") + ) + ) + ) + ); + } + + return parent::decrypt($ciphertext); + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * + * echo $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->encrypt(substr($plaintext, 8, 8)); + * + * + * echo $des->encrypt($plaintext); + * + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * + * $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * + * + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the \phpseclib3\Crypt\DES() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::enableContinuousBuffer() + * @see self::disableContinuousBuffer() + */ + public function enableContinuousBuffer(): void + { + parent::enableContinuousBuffer(); + if ($this->mode_3cbc) { + $this->des[0]->enableContinuousBuffer(); + $this->des[1]->enableContinuousBuffer(); + $this->des[2]->enableContinuousBuffer(); + } + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::disableContinuousBuffer() + * @see self::enableContinuousBuffer() + */ + public function disableContinuousBuffer(): void + { + parent::disableContinuousBuffer(); + if ($this->mode_3cbc) { + $this->des[0]->disableContinuousBuffer(); + $this->des[1]->disableContinuousBuffer(); + $this->des[2]->disableContinuousBuffer(); + } + } + + /** + * Creates the key schedule + * + * @see \phpseclib3\Crypt\DES::setupKey() + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey(): void + { + switch (true) { + // if $key <= 64bits we configure our internal pure-php cipher engine + // to act as regular [1]DES, not as 3DES. mcrypt.so::tripledes does the same. + case strlen($this->key) <= 8: + $this->des_rounds = 1; + break; + + // otherwise, if $key > 64bits, we configure our engine to work as 3DES. + default: + $this->des_rounds = 3; + + // (only) if 3CBC is used we have, of course, to setup the $des[0-2] keys also separately. + if ($this->mode_3cbc) { + $this->des[0]->setupKey(); + $this->des[1]->setupKey(); + $this->des[2]->setupKey(); + + // because $des[0-2] will, now, do all the work we can return here + // not need unnecessary stress parent::setupKey() with our, now unused, $key. + return; + } + } + // setup our key + parent::setupKey(); + } + + /** + * Sets the internal crypt engine + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setPreferredEngine() + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + public function setPreferredEngine(string $engine): void + { + if ($this->mode_3cbc) { + $this->des[0]->setPreferredEngine($engine); + $this->des[1]->setPreferredEngine($engine); + $this->des[2]->setPreferredEngine($engine); + } + + parent::setPreferredEngine($engine); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Crypt/Twofish.php b/qa-tool/htdocs/oidc/phpseclib/Crypt/Twofish.php new file mode 100644 index 0000000..b9c02d9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Crypt/Twofish.php @@ -0,0 +1,793 @@ + + * setKey('12345678901234567890123456789012'); + * + * $plaintext = str_repeat('a', 1024); + * + * echo $twofish->decrypt($twofish->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\LengthException; + +/** + * Pure-PHP implementation of Twofish. + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + */ +class Twofish extends BlockCipher +{ + /** + * Q-Table + * + * @var array + */ + private static $q0 = [ + 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, + 0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38, + 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, + 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, + 0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23, + 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, + 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, + 0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61, + 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, + 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, + 0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66, + 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, + 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, + 0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71, + 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, + 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, + 0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2, + 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, + 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, + 0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF, + 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, + 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, + 0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A, + 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, + 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, + 0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D, + 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, + 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, + 0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8, + 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, + 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, + 0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0, + ]; + + /** + * Q-Table + * + * @var array + */ + private static $q1 = [ + 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, + 0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B, + 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, + 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, + 0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D, + 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, + 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, + 0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51, + 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, + 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, + 0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70, + 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, + 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, + 0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2, + 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, + 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, + 0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3, + 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, + 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, + 0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9, + 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, + 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, + 0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19, + 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, + 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, + 0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69, + 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, + 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, + 0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB, + 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, + 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, + 0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91, + ]; + + /** + * M-Table + * + * @var array + */ + private static $m0 = [ + 0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, 0xE2E22BFB, 0x9E9EFAC8, + 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, + 0x3C3C57D6, 0x93938A32, 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, + 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, 0xB0B0B306, 0x7575DE3F, + 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, + 0xAEAE2C6D, 0x7F7FABC1, 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, + 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, 0x3131272C, 0x808065A3, + 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, + 0x2A2A3638, 0xC4C49CB0, 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, + 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, 0x6767C027, 0xE9E9AF8C, + 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, + 0x29294CCA, 0xF0F035E3, 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, + 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, 0xC8C81DC3, 0x9999FFCC, + 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, + 0xB5B53D79, 0x09090F0C, 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, + 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, 0xEDEDD07A, 0x4343FC17, + 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, + 0x5656E70B, 0xE3E3DA72, 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, + 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, 0x8181942A, 0x91910149, + 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, + 0x7878AEC5, 0xC5C56D39, 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, + 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, 0x55559DF9, 0x7E7E5A48, + 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, + 0x0606F48D, 0x404086E5, 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, + 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, 0x2D2D333C, 0x3030D6A5, + 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, + 0xD9D97929, 0x8686912E, 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, + 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, 0xC1C112CF, 0x8585EBDC, + 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, + 0xABABA212, 0x6F6F3EA2, 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, + 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, 0x04047FF6, 0x272746C2, + 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91, + ]; + + /** + * M-Table + * + * @var array + */ + private static $m1 = [ + 0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, 0xA3658080, 0x76DFE4E4, + 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, + 0x0D54E6E6, 0xC6432020, 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, + 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, 0x94B1FBFB, 0x485A7E7E, + 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, + 0x1945FDFD, 0x5BA33A3A, 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, + 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, 0x9B53AAAA, 0x7C635D5D, + 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, + 0xC0F09090, 0x8CAFE9E9, 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, + 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, 0xB499C3C3, 0xF1975B5B, + 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, + 0xCCFF9999, 0x95EA1414, 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, + 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, 0xBF7E9595, 0xBA207D7D, + 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, + 0x81FB0F0F, 0x793DB5B5, 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, + 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, 0x86135050, 0xE730F7F7, + 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, + 0x410B9F9F, 0x7B8B0202, 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, + 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, 0xB1C72B2B, 0xAB6F8E8E, + 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, + 0x91EF1313, 0x85FE0808, 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, + 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, 0x6929A9A9, 0x647D4F4F, + 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, + 0xAC87D1D1, 0x7F8E0505, 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, + 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, 0x4C5F7979, 0x02B6B7B7, + 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, + 0x57AC3333, 0xC718CFCF, 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, + 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, 0x99E51D1D, 0x34392323, + 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, + 0xC8FA9E9E, 0xA882D6D6, 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, + 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, 0x0FE25151, 0x00000000, + 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8, + ]; + + /** + * M-Table + * + * @var array + */ + private static $m2 = [ + 0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, 0xE2FBE22B, 0x9EC89EFA, + 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, + 0x3CD63C57, 0x9332938A, 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, + 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, 0xB006B0B3, 0x753F75DE, + 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, + 0xAE6DAE2C, 0x7FC17FAB, 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, + 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, 0x312C3127, 0x80A38065, + 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, + 0x2A382A36, 0xC4B0C49C, 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, + 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, 0x672767C0, 0xE98CE9AF, + 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, + 0x29CA294C, 0xF0E3F035, 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, + 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, 0xC8C3C81D, 0x99CC99FF, + 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, + 0xB579B53D, 0x090C090F, 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, + 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, 0xED7AEDD0, 0x431743FC, + 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, + 0x560B56E7, 0xE372E3DA, 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, + 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, 0x812A8194, 0x91499101, + 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, + 0x78C578AE, 0xC539C56D, 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, + 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, 0x55F9559D, 0x7E487E5A, + 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, + 0x068D06F4, 0x40E54086, 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, + 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, 0x2D3C2D33, 0x30A530D6, + 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, + 0xD929D979, 0x862E8691, 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, + 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, 0xC1CFC112, 0x85DC85EB, + 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, + 0xAB12ABA2, 0x6FA26F3E, 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, + 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, 0x04F6047F, 0x27C22746, + 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF, + ]; + + /** + * M-Table + * + * @var array + */ + private static $m3 = [ + 0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, 0x6580A365, 0xDFE476DF, + 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, + 0x54E60D54, 0x4320C643, 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, + 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, 0xB1FB94B1, 0x5A7E485A, + 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, + 0x45FD1945, 0xA33A5BA3, 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, + 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, 0x53AA9B53, 0x635D7C63, + 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, + 0xF090C0F0, 0xAFE98CAF, 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, + 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, 0x99C3B499, 0x975BF197, + 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, + 0xFF99CCFF, 0xEA1495EA, 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, + 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, 0x7E95BF7E, 0x207DBA20, + 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, + 0xFB0F81FB, 0x3DB5793D, 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, + 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, 0x13508613, 0x30F7E730, + 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, + 0x0B9F410B, 0x8B027B8B, 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, + 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, 0xC72BB1C7, 0x6F8EAB6F, + 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, + 0xEF1391EF, 0xFE0885FE, 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, + 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, 0x29A96929, 0x7D4F647D, + 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, + 0x87D1AC87, 0x8E057F8E, 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, + 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, 0x5F794C5F, 0xB6B702B6, + 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, + 0xAC3357AC, 0x18CFC718, 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, + 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, 0xE51D99E5, 0x39233439, + 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, + 0xFA9EC8FA, 0x82D6A882, 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, + 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, 0xE2510FE2, 0x00000000, + 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8, + ]; + + /** + * The Key Schedule Array + * + * @var array + */ + private $K = []; + + /** + * The Key depended S-Table 0 + * + * @var array + */ + private $S0 = []; + + /** + * The Key depended S-Table 1 + * + * @var array + */ + private $S1 = []; + + /** + * The Key depended S-Table 2 + * + * @var array + */ + private $S2 = []; + + /** + * The Key depended S-Table 3 + * + * @var array + */ + private $S3 = []; + + /** + * Holds the last used key + * + * @var array + */ + private $kl; + + /** + * The Key Length (in bytes) + * + * @see Crypt_Twofish::setKeyLength() + * @var int + */ + protected $key_length = 16; + + /** + * Default Constructor. + * + * @throws BadModeException if an invalid / unsupported mode is provided + */ + public function __construct(string $mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Initialize Static Variables + */ + protected static function initialize_static_variables(): void + { + if (is_float(self::$m3[0])) { + self::$m0 = array_map('intval', self::$m0); + self::$m1 = array_map('intval', self::$m1); + self::$m2 = array_map('intval', self::$m2); + self::$m3 = array_map('intval', self::$m3); + self::$q0 = array_map('intval', self::$q0); + self::$q1 = array_map('intval', self::$q1); + } + + parent::initialize_static_variables(); + } + + /** + * Sets the key length. + * + * Valid key lengths are 128, 192 or 256 bits + */ + public function setKeyLength(int $length): void + { + switch ($length) { + case 128: + case 192: + case 256: + break; + default: + throw new LengthException('Key of size ' . $length . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported'); + } + + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Rijndael supports five different key lengths + * + * @throws LengthException if the key length isn't supported + * @see setKeyLength() + */ + public function setKey(string $key): void + { + switch (strlen($key)) { + case 16: + case 24: + case 32: + break; + default: + throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported'); + } + + parent::setKey($key); + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupKey() + */ + protected function setupKey(): void + { + if (isset($this->kl['key']) && $this->key === $this->kl['key']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key]; + + /* Key expanding and generating the key-depended s-boxes */ + $le_longs = unpack('V*', $this->key); + $key = unpack('C*', $this->key); + $m0 = self::$m0; + $m1 = self::$m1; + $m2 = self::$m2; + $m3 = self::$m3; + $q0 = self::$q0; + $q1 = self::$q1; + + $K = $S0 = $S1 = $S2 = $S3 = []; + + switch (strlen($this->key)) { + case 16: + [$s7, $s6, $s5, $s4] = $this->mdsrem($le_longs[1], $le_longs[2]); + [$s3, $s2, $s1, $s0] = $this->mdsrem($le_longs[3], $le_longs[4]); + for ($i = 0, $j = 1; $i < 40; $i += 2, $j += 2) { + $A = $m0[$q0[$q0[$i] ^ $key[ 9]] ^ $key[1]] ^ + $m1[$q0[$q1[$i] ^ $key[10]] ^ $key[2]] ^ + $m2[$q1[$q0[$i] ^ $key[11]] ^ $key[3]] ^ + $m3[$q1[$q1[$i] ^ $key[12]] ^ $key[4]]; + $B = $m0[$q0[$q0[$j] ^ $key[13]] ^ $key[5]] ^ + $m1[$q0[$q1[$j] ^ $key[14]] ^ $key[6]] ^ + $m2[$q1[$q0[$j] ^ $key[15]] ^ $key[7]] ^ + $m3[$q1[$q1[$j] ^ $key[16]] ^ $key[8]]; + $B = ($B << 8) | ($B >> 24 & 0xff); + $A += $B; + $K[] = $A; + $A += $B; + $K[] = ($A << 9 | $A >> 23 & 0x1ff); + } + for ($i = 0; $i < 256; ++$i) { + $S0[$i] = $m0[$q0[$q0[$i] ^ $s4] ^ $s0]; + $S1[$i] = $m1[$q0[$q1[$i] ^ $s5] ^ $s1]; + $S2[$i] = $m2[$q1[$q0[$i] ^ $s6] ^ $s2]; + $S3[$i] = $m3[$q1[$q1[$i] ^ $s7] ^ $s3]; + } + break; + case 24: + [$sb, $sa, $s9, $s8] = $this->mdsrem($le_longs[1], $le_longs[2]); + [$s7, $s6, $s5, $s4] = $this->mdsrem($le_longs[3], $le_longs[4]); + [$s3, $s2, $s1, $s0] = $this->mdsrem($le_longs[5], $le_longs[6]); + for ($i = 0, $j = 1; $i < 40; $i += 2, $j += 2) { + $A = $m0[$q0[$q0[$q1[$i] ^ $key[17]] ^ $key[ 9]] ^ $key[1]] ^ + $m1[$q0[$q1[$q1[$i] ^ $key[18]] ^ $key[10]] ^ $key[2]] ^ + $m2[$q1[$q0[$q0[$i] ^ $key[19]] ^ $key[11]] ^ $key[3]] ^ + $m3[$q1[$q1[$q0[$i] ^ $key[20]] ^ $key[12]] ^ $key[4]]; + $B = $m0[$q0[$q0[$q1[$j] ^ $key[21]] ^ $key[13]] ^ $key[5]] ^ + $m1[$q0[$q1[$q1[$j] ^ $key[22]] ^ $key[14]] ^ $key[6]] ^ + $m2[$q1[$q0[$q0[$j] ^ $key[23]] ^ $key[15]] ^ $key[7]] ^ + $m3[$q1[$q1[$q0[$j] ^ $key[24]] ^ $key[16]] ^ $key[8]]; + $B = ($B << 8) | ($B >> 24 & 0xff); + $A += $B; + $K[] = $A; + $A += $B; + $K[] = ($A << 9 | $A >> 23 & 0x1ff); + } + for ($i = 0; $i < 256; ++$i) { + $S0[$i] = $m0[$q0[$q0[$q1[$i] ^ $s8] ^ $s4] ^ $s0]; + $S1[$i] = $m1[$q0[$q1[$q1[$i] ^ $s9] ^ $s5] ^ $s1]; + $S2[$i] = $m2[$q1[$q0[$q0[$i] ^ $sa] ^ $s6] ^ $s2]; + $S3[$i] = $m3[$q1[$q1[$q0[$i] ^ $sb] ^ $s7] ^ $s3]; + } + break; + default: // 32 + [$sf, $se, $sd, $sc] = $this->mdsrem($le_longs[1], $le_longs[2]); + [$sb, $sa, $s9, $s8] = $this->mdsrem($le_longs[3], $le_longs[4]); + [$s7, $s6, $s5, $s4] = $this->mdsrem($le_longs[5], $le_longs[6]); + [$s3, $s2, $s1, $s0] = $this->mdsrem($le_longs[7], $le_longs[8]); + for ($i = 0, $j = 1; $i < 40; $i += 2, $j += 2) { + $A = $m0[$q0[$q0[$q1[$q1[$i] ^ $key[25]] ^ $key[17]] ^ $key[ 9]] ^ $key[1]] ^ + $m1[$q0[$q1[$q1[$q0[$i] ^ $key[26]] ^ $key[18]] ^ $key[10]] ^ $key[2]] ^ + $m2[$q1[$q0[$q0[$q0[$i] ^ $key[27]] ^ $key[19]] ^ $key[11]] ^ $key[3]] ^ + $m3[$q1[$q1[$q0[$q1[$i] ^ $key[28]] ^ $key[20]] ^ $key[12]] ^ $key[4]]; + $B = $m0[$q0[$q0[$q1[$q1[$j] ^ $key[29]] ^ $key[21]] ^ $key[13]] ^ $key[5]] ^ + $m1[$q0[$q1[$q1[$q0[$j] ^ $key[30]] ^ $key[22]] ^ $key[14]] ^ $key[6]] ^ + $m2[$q1[$q0[$q0[$q0[$j] ^ $key[31]] ^ $key[23]] ^ $key[15]] ^ $key[7]] ^ + $m3[$q1[$q1[$q0[$q1[$j] ^ $key[32]] ^ $key[24]] ^ $key[16]] ^ $key[8]]; + $B = ($B << 8) | ($B >> 24 & 0xff); + $A += $B; + $K[] = $A; + $A += $B; + $K[] = ($A << 9 | $A >> 23 & 0x1ff); + } + for ($i = 0; $i < 256; ++$i) { + $S0[$i] = $m0[$q0[$q0[$q1[$q1[$i] ^ $sc] ^ $s8] ^ $s4] ^ $s0]; + $S1[$i] = $m1[$q0[$q1[$q1[$q0[$i] ^ $sd] ^ $s9] ^ $s5] ^ $s1]; + $S2[$i] = $m2[$q1[$q0[$q0[$q0[$i] ^ $se] ^ $sa] ^ $s6] ^ $s2]; + $S3[$i] = $m3[$q1[$q1[$q0[$q1[$i] ^ $sf] ^ $sb] ^ $s7] ^ $s3]; + } + } + + $this->K = $K; + $this->S0 = $S0; + $this->S1 = $S1; + $this->S2 = $S2; + $this->S3 = $S3; + } + + /** + * _mdsrem function using by the twofish cipher algorithm + */ + private function mdsrem(int $A, int $B): array + { + // No gain by unrolling this loop. + for ($i = 0; $i < 8; ++$i) { + // Get most significant coefficient. + $t = 0xff & ($B >> 24); + + // Shift the others up. + $B = ($B << 8) | (0xff & ($A >> 24)); + $A <<= 8; + + $u = $t << 1; + + // Subtract the modular polynomial on overflow. + if ($t & 0x80) { + $u ^= 0x14d; + } + + // Remove t * (a * x^2 + 1). + $B ^= $t ^ ($u << 16); + + // Form u = a*t + t/a = t*(a + 1/a). + $u ^= 0x7fffffff & ($t >> 1); + + // Add the modular polynomial on underflow. + if ($t & 0x01) { + $u ^= 0xa6 ; + } + + // Remove t * (a + 1/a) * (x^3 + x). + $B ^= ($u << 24) | ($u << 8); + } + + return [ + 0xff & $B >> 24, + 0xff & $B >> 16, + 0xff & $B >> 8, + 0xff & $B, ]; + } + + /** + * Encrypts a block + */ + protected function encryptBlock(string $in): string + { + $S0 = $this->S0; + $S1 = $this->S1; + $S2 = $this->S2; + $S3 = $this->S3; + $K = $this->K; + + $in = unpack("V4", $in); + $R0 = $K[0] ^ $in[1]; + $R1 = $K[1] ^ $in[2]; + $R2 = $K[2] ^ $in[3]; + $R3 = $K[3] ^ $in[4]; + + $ki = 7; + while ($ki < 39) { + $t0 = $S0[ $R0 & 0xff] ^ + $S1[($R0 >> 8) & 0xff] ^ + $S2[($R0 >> 16) & 0xff] ^ + $S3[($R0 >> 24) & 0xff]; + $t1 = $S0[($R1 >> 24) & 0xff] ^ + $S1[ $R1 & 0xff] ^ + $S2[($R1 >> 8) & 0xff] ^ + $S3[($R1 >> 16) & 0xff]; + $R2 ^= $t0 + $t1 + $K[++$ki]; + $R2 = ($R2 >> 1 & 0x7fffffff) | ($R2 << 31); + $R3 = ((($R3 >> 31) & 1) | ($R3 << 1)) ^ ($t0 + ($t1 << 1) + $K[++$ki]); + + $t0 = $S0[ $R2 & 0xff] ^ + $S1[($R2 >> 8) & 0xff] ^ + $S2[($R2 >> 16) & 0xff] ^ + $S3[($R2 >> 24) & 0xff]; + $t1 = $S0[($R3 >> 24) & 0xff] ^ + $S1[ $R3 & 0xff] ^ + $S2[($R3 >> 8) & 0xff] ^ + $S3[($R3 >> 16) & 0xff]; + $R0 ^= $t0 + $t1 + $K[++$ki]; + $R0 = ($R0 >> 1 & 0x7fffffff) | ($R0 << 31); + $R1 = ((($R1 >> 31) & 1) | ($R1 << 1)) ^ ($t0 + ($t1 << 1) + $K[++$ki]); + } + + // @codingStandardsIgnoreStart + return pack( + "V4", + $K[4] ^ $R2, + $K[5] ^ $R3, + $K[6] ^ $R0, + $K[7] ^ $R1 + ); + // @codingStandardsIgnoreEnd + } + + /** + * Decrypts a block + */ + protected function decryptBlock(string $in): string + { + $S0 = $this->S0; + $S1 = $this->S1; + $S2 = $this->S2; + $S3 = $this->S3; + $K = $this->K; + + $in = unpack("V4", $in); + $R0 = $K[4] ^ $in[1]; + $R1 = $K[5] ^ $in[2]; + $R2 = $K[6] ^ $in[3]; + $R3 = $K[7] ^ $in[4]; + + $ki = 40; + while ($ki > 8) { + $t0 = $S0[$R0 & 0xff] ^ + $S1[$R0 >> 8 & 0xff] ^ + $S2[$R0 >> 16 & 0xff] ^ + $S3[$R0 >> 24 & 0xff]; + $t1 = $S0[$R1 >> 24 & 0xff] ^ + $S1[$R1 & 0xff] ^ + $S2[$R1 >> 8 & 0xff] ^ + $S3[$R1 >> 16 & 0xff]; + $R3 ^= $t0 + ($t1 << 1) + $K[--$ki]; + $R3 = $R3 >> 1 & 0x7fffffff | $R3 << 31; + $R2 = ($R2 >> 31 & 0x1 | $R2 << 1) ^ ($t0 + $t1 + $K[--$ki]); + + $t0 = $S0[$R2 & 0xff] ^ + $S1[$R2 >> 8 & 0xff] ^ + $S2[$R2 >> 16 & 0xff] ^ + $S3[$R2 >> 24 & 0xff]; + $t1 = $S0[$R3 >> 24 & 0xff] ^ + $S1[$R3 & 0xff] ^ + $S2[$R3 >> 8 & 0xff] ^ + $S3[$R3 >> 16 & 0xff]; + $R1 ^= $t0 + ($t1 << 1) + $K[--$ki]; + $R1 = $R1 >> 1 & 0x7fffffff | $R1 << 31; + $R0 = ($R0 >> 31 & 0x1 | $R0 << 1) ^ ($t0 + $t1 + $K[--$ki]); + } + + // @codingStandardsIgnoreStart + return pack( + "V4", + $K[0] ^ $R2, + $K[1] ^ $R3, + $K[2] ^ $R0, + $K[3] ^ $R1 + ); + // @codingStandardsIgnoreEnd + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupInlineCrypt() + */ + protected function setupInlineCrypt(): void + { + $K = $this->K; + $init_crypt = ' + static $S0, $S1, $S2, $S3; + if (!$S0) { + for ($i = 0; $i < 256; ++$i) { + $S0[] = (int)$this->S0[$i]; + $S1[] = (int)$this->S1[$i]; + $S2[] = (int)$this->S2[$i]; + $S3[] = (int)$this->S3[$i]; + } + } + '; + + // Generating encrypt code: + $encrypt_block = ' + $in = unpack("V4", $in); + $R0 = ' . $K[0] . ' ^ $in[1]; + $R1 = ' . $K[1] . ' ^ $in[2]; + $R2 = ' . $K[2] . ' ^ $in[3]; + $R3 = ' . $K[3] . ' ^ $in[4]; + '; + for ($ki = 7, $i = 0; $i < 8; ++$i) { + $encrypt_block .= ' + $t0 = $S0[ $R0 & 0xff] ^ + $S1[($R0 >> 8) & 0xff] ^ + $S2[($R0 >> 16) & 0xff] ^ + $S3[($R0 >> 24) & 0xff]; + $t1 = $S0[($R1 >> 24) & 0xff] ^ + $S1[ $R1 & 0xff] ^ + $S2[($R1 >> 8) & 0xff] ^ + $S3[($R1 >> 16) & 0xff]; + $R2^= $t0 + $t1 + ' . $K[++$ki] . '; + $R2 = ($R2 >> 1 & 0x7fffffff) | ($R2 << 31); + $R3 = ((($R3 >> 31) & 1) | ($R3 << 1)) ^ ($t0 + ($t1 << 1) + ' . $K[++$ki] . '); + + $t0 = $S0[ $R2 & 0xff] ^ + $S1[($R2 >> 8) & 0xff] ^ + $S2[($R2 >> 16) & 0xff] ^ + $S3[($R2 >> 24) & 0xff]; + $t1 = $S0[($R3 >> 24) & 0xff] ^ + $S1[ $R3 & 0xff] ^ + $S2[($R3 >> 8) & 0xff] ^ + $S3[($R3 >> 16) & 0xff]; + $R0^= $t0 + $t1 + ' . $K[++$ki] . '; + $R0 = ($R0 >> 1 & 0x7fffffff) | ($R0 << 31); + $R1 = ((($R1 >> 31) & 1) | ($R1 << 1)) ^ ($t0 + ($t1 << 1) + ' . $K[++$ki] . '); + '; + } + $encrypt_block .= ' + $in = pack("V4", ' . $K[4] . ' ^ $R2, + ' . $K[5] . ' ^ $R3, + ' . $K[6] . ' ^ $R0, + ' . $K[7] . ' ^ $R1); + '; + + // Generating decrypt code: + $decrypt_block = ' + $in = unpack("V4", $in); + $R0 = ' . $K[4] . ' ^ $in[1]; + $R1 = ' . $K[5] . ' ^ $in[2]; + $R2 = ' . $K[6] . ' ^ $in[3]; + $R3 = ' . $K[7] . ' ^ $in[4]; + '; + for ($ki = 40, $i = 0; $i < 8; ++$i) { + $decrypt_block .= ' + $t0 = $S0[$R0 & 0xff] ^ + $S1[$R0 >> 8 & 0xff] ^ + $S2[$R0 >> 16 & 0xff] ^ + $S3[$R0 >> 24 & 0xff]; + $t1 = $S0[$R1 >> 24 & 0xff] ^ + $S1[$R1 & 0xff] ^ + $S2[$R1 >> 8 & 0xff] ^ + $S3[$R1 >> 16 & 0xff]; + $R3^= $t0 + ($t1 << 1) + ' . $K[--$ki] . '; + $R3 = $R3 >> 1 & 0x7fffffff | $R3 << 31; + $R2 = ($R2 >> 31 & 0x1 | $R2 << 1) ^ ($t0 + $t1 + ' . $K[--$ki] . '); + + $t0 = $S0[$R2 & 0xff] ^ + $S1[$R2 >> 8 & 0xff] ^ + $S2[$R2 >> 16 & 0xff] ^ + $S3[$R2 >> 24 & 0xff]; + $t1 = $S0[$R3 >> 24 & 0xff] ^ + $S1[$R3 & 0xff] ^ + $S2[$R3 >> 8 & 0xff] ^ + $S3[$R3 >> 16 & 0xff]; + $R1^= $t0 + ($t1 << 1) + ' . $K[--$ki] . '; + $R1 = $R1 >> 1 & 0x7fffffff | $R1 << 31; + $R0 = ($R0 >> 31 & 0x1 | $R0 << 1) ^ ($t0 + $t1 + ' . $K[--$ki] . '); + '; + } + $decrypt_block .= ' + $in = pack("V4", ' . $K[0] . ' ^ $R2, + ' . $K[1] . ' ^ $R3, + ' . $K[2] . ' ^ $R0, + ' . $K[3] . ' ^ $R1); + '; + + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'init_encrypt' => '', + 'init_decrypt' => '', + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block, + ] + ); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/BadConfigurationException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/BadConfigurationException.php new file mode 100644 index 0000000..55972c8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/BadConfigurationException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * BadConfigurationException + * + * @author Jim Wigginton + */ +class BadConfigurationException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/BadDecryptionException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/BadDecryptionException.php new file mode 100644 index 0000000..6a36691 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/BadDecryptionException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * BadDecryptionException + * + * @author Jim Wigginton + */ +class BadDecryptionException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/BadFunctionCallException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/BadFunctionCallException.php new file mode 100644 index 0000000..f061238 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/BadFunctionCallException.php @@ -0,0 +1,9 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * BadModeException + * + * @author Jim Wigginton + */ +class BadModeException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/ConnectionClosedException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/ConnectionClosedException.php new file mode 100644 index 0000000..1f70011 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/ConnectionClosedException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * ConnectionClosedException + * + * @author Jim Wigginton + */ +class ConnectionClosedException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/ExceptionInterface.php b/qa-tool/htdocs/oidc/phpseclib/Exception/ExceptionInterface.php new file mode 100644 index 0000000..7784cec --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/ExceptionInterface.php @@ -0,0 +1,12 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * FileNotFoundException + * + * @author Jim Wigginton + */ +class FileNotFoundException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/InconsistentSetupException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/InconsistentSetupException.php new file mode 100644 index 0000000..886a9ba --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/InconsistentSetupException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * InconsistentSetupException + * + * @author Jim Wigginton + */ +class InconsistentSetupException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/InsufficientSetupException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/InsufficientSetupException.php new file mode 100644 index 0000000..f1f13be --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/InsufficientSetupException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * InsufficientSetupException + * + * @author Jim Wigginton + */ +class InsufficientSetupException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/InvalidArgumentException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/InvalidArgumentException.php new file mode 100644 index 0000000..ae9ed1d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/InvalidArgumentException.php @@ -0,0 +1,9 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * NoKeyLoadedException + * + * @author Jim Wigginton + */ +class NoKeyLoadedException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/NoSupportedAlgorithmsException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/NoSupportedAlgorithmsException.php new file mode 100644 index 0000000..e1e2ef9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/NoSupportedAlgorithmsException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * NoSupportedAlgorithmsException + * + * @author Jim Wigginton + */ +class NoSupportedAlgorithmsException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/OutOfBoundsException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/OutOfBoundsException.php new file mode 100644 index 0000000..98c2c95 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/OutOfBoundsException.php @@ -0,0 +1,9 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * UnableToConnectException + * + * @author Jim Wigginton + */ +class UnableToConnectException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/UnexpectedValueException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/UnexpectedValueException.php new file mode 100644 index 0000000..11def9c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/UnexpectedValueException.php @@ -0,0 +1,9 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * UnsupportedAlgorithmException + * + * @author Jim Wigginton + */ +class UnsupportedAlgorithmException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedCurveException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedCurveException.php new file mode 100644 index 0000000..3a2e5f5 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedCurveException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * UnsupportedCurveException + * + * @author Jim Wigginton + */ +class UnsupportedCurveException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedFormatException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedFormatException.php new file mode 100644 index 0000000..f1b6c19 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedFormatException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * UnsupportedFormatException + * + * @author Jim Wigginton + */ +class UnsupportedFormatException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedOperationException.php b/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedOperationException.php new file mode 100644 index 0000000..f0dc018 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Exception/UnsupportedOperationException.php @@ -0,0 +1,25 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Exception; + +/** + * UnsupportedOperationException + * + * @author Jim Wigginton + */ +class UnsupportedOperationException extends \RuntimeException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ANSI.php b/qa-tool/htdocs/oidc/phpseclib/File/ANSI.php new file mode 100644 index 0000000..d07a17c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ANSI.php @@ -0,0 +1,532 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File; + +/** + * Pure-PHP ANSI Decoder + * + * @author Jim Wigginton + */ +class ANSI +{ + /** + * Max Width + * + * @var int + */ + private $max_x; + + /** + * Max Height + * + * @var int + */ + private $max_y; + + /** + * Max History + * + * @var int + */ + private $max_history; + + /** + * History + * + * @var array + */ + private $history; + + /** + * History Attributes + * + * @var array + */ + private $history_attrs; + + /** + * Current Column + * + * @var int + */ + private $x; + + /** + * Current Row + * + * @var int + */ + private $y; + + /** + * Old Column + * + * @var int + */ + private $old_x; + + /** + * Old Row + * + * @var int + */ + private $old_y; + + /** + * An empty attribute cell + * + * @var object + */ + private $base_attr_cell; + + /** + * The current attribute cell + * + * @var object + */ + private $attr_cell; + + /** + * An empty attribute row + * + * @var array + */ + private $attr_row; + + /** + * The current screen text + * + * @var list + */ + private $screen; + + /** + * The current screen attributes + * + * @var array + */ + private $attrs; + + /** + * Current ANSI code + * + * @var string + */ + private $ansi; + + /** + * Tokenization + * + * @var array + */ + private $tokenization; + + /** + * Default Constructor. + * + * @return ANSI + */ + public function __construct() + { + $attr_cell = new \stdClass(); + $attr_cell->bold = false; + $attr_cell->underline = false; + $attr_cell->blink = false; + $attr_cell->background = 'black'; + $attr_cell->foreground = 'white'; + $attr_cell->reverse = false; + $this->base_attr_cell = clone $attr_cell; + $this->attr_cell = clone $attr_cell; + + $this->setHistory(200); + $this->setDimensions(80, 24); + } + + /** + * Set terminal width and height + * + * Resets the screen as well + */ + public function setDimensions(int $x, int $y): void + { + $this->max_x = $x - 1; + $this->max_y = $y - 1; + $this->x = $this->y = 0; + $this->history = $this->history_attrs = []; + $this->attr_row = array_fill(0, $this->max_x + 2, $this->base_attr_cell); + $this->screen = array_fill(0, $this->max_y + 1, ''); + $this->attrs = array_fill(0, $this->max_y + 1, $this->attr_row); + $this->ansi = ''; + } + + /** + * Set the number of lines that should be logged past the terminal height + */ + public function setHistory(int $history): void + { + $this->max_history = $history; + } + + /** + * Load a string + */ + public function loadString(string $source): void + { + $this->setDimensions($this->max_x + 1, $this->max_y + 1); + $this->appendString($source); + } + + /** + * Appdend a string + */ + public function appendString(string $source): void + { + $this->tokenization = ['']; + for ($i = 0; $i < strlen($source); $i++) { + if (strlen($this->ansi)) { + $this->ansi .= $source[$i]; + $chr = ord($source[$i]); + // http://en.wikipedia.org/wiki/ANSI_escape_code#Sequence_elements + // single character CSI's not currently supported + switch (true) { + case $this->ansi == "\x1B=": + $this->ansi = ''; + continue 2; + case strlen($this->ansi) == 2 && $chr >= 64 && $chr <= 95 && $chr != ord('['): + case strlen($this->ansi) > 2 && $chr >= 64 && $chr <= 126: + break; + default: + continue 2; + } + $this->tokenization[] = $this->ansi; + $this->tokenization[] = ''; + // http://ascii-table.com/ansi-escape-sequences-vt-100.php + switch ($this->ansi) { + case "\x1B[H": // Move cursor to upper left corner + $this->old_x = $this->x; + $this->old_y = $this->y; + $this->x = $this->y = 0; + break; + case "\x1B[J": // Clear screen from cursor down + $this->history = array_merge($this->history, array_slice(array_splice($this->screen, $this->y + 1), 0, $this->old_y)); + $this->screen = array_merge($this->screen, array_fill($this->y, $this->max_y, '')); + + $this->history_attrs = array_merge($this->history_attrs, array_slice(array_splice($this->attrs, $this->y + 1), 0, $this->old_y)); + $this->attrs = array_merge($this->attrs, array_fill($this->y, $this->max_y, $this->attr_row)); + + if (count($this->history) == $this->max_history) { + array_shift($this->history); + array_shift($this->history_attrs); + } + // fall-through + case "\x1B[K": // Clear screen from cursor right + $this->screen[$this->y] = substr($this->screen[$this->y], 0, $this->x); + + array_splice($this->attrs[$this->y], $this->x + 1, $this->max_x - $this->x, array_fill($this->x, $this->max_x - ($this->x - 1), $this->base_attr_cell)); + break; + case "\x1B[2K": // Clear entire line + $this->screen[$this->y] = str_repeat(' ', $this->x); + $this->attrs[$this->y] = $this->attr_row; + break; + case "\x1B[?1h": // set cursor key to application + case "\x1B[?25h": // show the cursor + case "\x1B(B": // set united states g0 character set + break; + case "\x1BE": // Move to next line + $this->newLine(); + $this->x = 0; + break; + default: + switch (true) { + case preg_match('#\x1B\[(\d+)B#', $this->ansi, $match): // Move cursor down n lines + $this->old_y = $this->y; + $this->y += (int) $match[1]; + break; + case preg_match('#\x1B\[(\d+);(\d+)H#', $this->ansi, $match): // Move cursor to screen location v,h + $this->old_x = $this->x; + $this->old_y = $this->y; + $this->x = $match[2] - 1; + $this->y = (int) $match[1] - 1; + break; + case preg_match('#\x1B\[(\d+)C#', $this->ansi, $match): // Move cursor right n lines + $this->old_x = $this->x; + $this->x += $match[1]; + break; + case preg_match('#\x1B\[(\d+)D#', $this->ansi, $match): // Move cursor left n lines + $this->old_x = $this->x; + $this->x -= $match[1]; + if ($this->x < 0) { + $this->x = 0; + } + break; + case preg_match('#\x1B\[(\d+);(\d+)r#', $this->ansi, $match): // Set top and bottom lines of a window + break; + case preg_match('#\x1B\[(\d*(?:;\d*)*)m#', $this->ansi, $match): // character attributes + $attr_cell = &$this->attr_cell; + $mods = explode(';', $match[1]); + foreach ($mods as $mod) { + switch ($mod) { + case '': + case '0': // Turn off character attributes + $attr_cell = clone $this->base_attr_cell; + break; + case '1': // Turn bold mode on + $attr_cell->bold = true; + break; + case '4': // Turn underline mode on + $attr_cell->underline = true; + break; + case '5': // Turn blinking mode on + $attr_cell->blink = true; + break; + case '7': // Turn reverse video on + $attr_cell->reverse = !$attr_cell->reverse; + $temp = $attr_cell->background; + $attr_cell->background = $attr_cell->foreground; + $attr_cell->foreground = $temp; + break; + default: // set colors + //$front = $attr_cell->reverse ? &$attr_cell->background : &$attr_cell->foreground; + $front = &$attr_cell->{ $attr_cell->reverse ? 'background' : 'foreground' }; + //$back = $attr_cell->reverse ? &$attr_cell->foreground : &$attr_cell->background; + $back = &$attr_cell->{ $attr_cell->reverse ? 'foreground' : 'background' }; + switch ($mod) { + // @codingStandardsIgnoreStart + case '30': $front = 'black'; break; + case '31': $front = 'red'; break; + case '32': $front = 'green'; break; + case '33': $front = 'yellow'; break; + case '34': $front = 'blue'; break; + case '35': $front = 'magenta'; break; + case '36': $front = 'cyan'; break; + case '37': $front = 'white'; break; + + case '40': $back = 'black'; break; + case '41': $back = 'red'; break; + case '42': $back = 'green'; break; + case '43': $back = 'yellow'; break; + case '44': $back = 'blue'; break; + case '45': $back = 'magenta'; break; + case '46': $back = 'cyan'; break; + case '47': $back = 'white'; break; + // @codingStandardsIgnoreEnd + + default: + //user_error('Unsupported attribute: ' . $mod); + $this->ansi = ''; + break 2; + } + } + } + break; + default: + //user_error("{$this->ansi} is unsupported\r\n"); + } + } + $this->ansi = ''; + continue; + } + + $this->tokenization[count($this->tokenization) - 1] .= $source[$i]; + switch ($source[$i]) { + case "\r": + $this->x = 0; + break; + case "\n": + $this->newLine(); + break; + case "\x08": // backspace + if ($this->x) { + $this->x--; + $this->attrs[$this->y][$this->x] = clone $this->base_attr_cell; + $this->screen[$this->y] = substr_replace( + $this->screen[$this->y], + $source[$i], + $this->x, + 1 + ); + } + break; + case "\x0F": // shift + break; + case "\x1B": // start ANSI escape code + $this->tokenization[count($this->tokenization) - 1] = substr($this->tokenization[count($this->tokenization) - 1], 0, -1); + //if (!strlen($this->tokenization[count($this->tokenization) - 1])) { + // array_pop($this->tokenization); + //} + $this->ansi .= "\x1B"; + break; + default: + $this->attrs[$this->y][$this->x] = clone $this->attr_cell; + if ($this->x > strlen($this->screen[$this->y])) { + $this->screen[$this->y] = str_repeat(' ', $this->x); + } + $this->screen[$this->y] = substr_replace( + $this->screen[$this->y], + $source[$i], + $this->x, + 1 + ); + + if ($this->x > $this->max_x) { + $this->x = 0; + $this->newLine(); + } else { + $this->x++; + } + } + } + } + + /** + * Add a new line + * + * Also update the $this->screen and $this->history buffers + */ + private function newLine(): void + { + //if ($this->y < $this->max_y) { + // $this->y++; + //} + + while ($this->y >= $this->max_y) { + $this->history = array_merge($this->history, [array_shift($this->screen)]); + $this->screen[] = ''; + + $this->history_attrs = array_merge($this->history_attrs, [array_shift($this->attrs)]); + $this->attrs[] = $this->attr_row; + + if (count($this->history) >= $this->max_history) { + array_shift($this->history); + array_shift($this->history_attrs); + } + + $this->y--; + } + $this->y++; + } + + /** + * Returns the current coordinate without preformating + */ + private function processCoordinate(\stdClass $last_attr, \stdClass $cur_attr, string $char): string + { + $output = ''; + + if ($last_attr != $cur_attr) { + $close = $open = ''; + if ($last_attr->foreground != $cur_attr->foreground) { + if ($cur_attr->foreground != 'white') { + $open .= ''; + } + if ($last_attr->foreground != 'white') { + $close = '' . $close; + } + } + if ($last_attr->background != $cur_attr->background) { + if ($cur_attr->background != 'black') { + $open .= ''; + } + if ($last_attr->background != 'black') { + $close = '' . $close; + } + } + if ($last_attr->bold != $cur_attr->bold) { + if ($cur_attr->bold) { + $open .= ''; + } else { + $close = '' . $close; + } + } + if ($last_attr->underline != $cur_attr->underline) { + if ($cur_attr->underline) { + $open .= ''; + } else { + $close = '' . $close; + } + } + if ($last_attr->blink != $cur_attr->blink) { + if ($cur_attr->blink) { + $open .= ''; + } else { + $close = '' . $close; + } + } + $output .= $close . $open; + } + + $output .= htmlspecialchars($char); + + return $output; + } + + /** + * Returns the current screen without preformating + */ + private function getScreenHelper(): string + { + $output = ''; + $last_attr = $this->base_attr_cell; + for ($i = 0; $i <= $this->max_y; $i++) { + for ($j = 0; $j <= $this->max_x; $j++) { + $cur_attr = $this->attrs[$i][$j]; + $output .= $this->processCoordinate($last_attr, $cur_attr, $this->screen[$i][$j] ?? ''); + $last_attr = $this->attrs[$i][$j]; + } + $output .= "\r\n"; + } + $output = substr($output, 0, -2); + // close any remaining open tags + $output .= $this->processCoordinate($last_attr, $this->base_attr_cell, ''); + return rtrim($output); + } + + /** + * Returns the current screen + */ + public function getScreen(): string + { + return '
' . $this->getScreenHelper() . '
'; + } + + /** + * Returns the current screen and the x previous lines + */ + public function getHistory(): string + { + $scrollback = ''; + $last_attr = $this->base_attr_cell; + for ($i = 0; $i < count($this->history); $i++) { + for ($j = 0; $j <= $this->max_x + 1; $j++) { + $cur_attr = $this->history_attrs[$i][$j]; + $scrollback .= $this->processCoordinate($last_attr, $cur_attr, $this->history[$i][$j] ?? ''); + $last_attr = $this->history_attrs[$i][$j]; + } + $scrollback .= "\r\n"; + } + $base_attr_cell = $this->base_attr_cell; + $this->base_attr_cell = $last_attr; + $scrollback .= $this->getScreen(); + $this->base_attr_cell = $base_attr_cell; + + return '
' . $scrollback . '
'; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1.php new file mode 100644 index 0000000..3eb746a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1.php @@ -0,0 +1,1478 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\File\ASN1\Element; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP ASN.1 Parser + * + * @author Jim Wigginton + */ +abstract class ASN1 +{ + // Tag Classes + // http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=12 + public const CLASS_UNIVERSAL = 0; + public const CLASS_APPLICATION = 1; + public const CLASS_CONTEXT_SPECIFIC = 2; + public const CLASS_PRIVATE = 3; + + // Tag Classes + // http://www.obj-sys.com/asn1tutorial/node124.html + public const TYPE_BOOLEAN = 1; + public const TYPE_INTEGER = 2; + public const TYPE_BIT_STRING = 3; + public const TYPE_OCTET_STRING = 4; + public const TYPE_NULL = 5; + public const TYPE_OBJECT_IDENTIFIER = 6; + //const TYPE_OBJECT_DESCRIPTOR = 7; + //const TYPE_INSTANCE_OF = 8; // EXTERNAL + public const TYPE_REAL = 9; + public const TYPE_ENUMERATED = 10; + //const TYPE_EMBEDDED = 11; + public const TYPE_UTF8_STRING = 12; + //const TYPE_RELATIVE_OID = 13; + public const TYPE_SEQUENCE = 16; // SEQUENCE OF + public const TYPE_SET = 17; // SET OF + + // More Tag Classes + // http://www.obj-sys.com/asn1tutorial/node10.html + public const TYPE_NUMERIC_STRING = 18; + public const TYPE_PRINTABLE_STRING = 19; + public const TYPE_TELETEX_STRING = 20; // T61String + public const TYPE_VIDEOTEX_STRING = 21; + public const TYPE_IA5_STRING = 22; + public const TYPE_UTC_TIME = 23; + public const TYPE_GENERALIZED_TIME = 24; + public const TYPE_GRAPHIC_STRING = 25; + public const TYPE_VISIBLE_STRING = 26; // ISO646String + public const TYPE_GENERAL_STRING = 27; + public const TYPE_UNIVERSAL_STRING = 28; + //const TYPE_CHARACTER_STRING = 29; + public const TYPE_BMP_STRING = 30; + + // Tag Aliases + // These tags are kinda place holders for other tags. + public const TYPE_CHOICE = -1; + public const TYPE_ANY = -2; + + /** + * ASN.1 object identifiers + * + * @var array + * @link http://en.wikipedia.org/wiki/Object_identifier + */ + private static $oids = []; + + /** + * ASN.1 object identifier reverse mapping + * + * @var array + */ + private static $reverseOIDs = []; + + /** + * Default date format + * + * @var string + * @link http://php.net/class.datetime + */ + private static $format = 'D, d M Y H:i:s O'; + + /** + * Filters + * + * If the mapping type is self::TYPE_ANY what do we actually encode it as? + * + * @var array + * @see self::encode_der() + */ + private static $filters; + + /** + * Current Location of most recent ASN.1 encode process + * + * Useful for debug purposes + * + * @var array + * @see self::encode_der() + */ + private static $location; + + /** + * DER Encoded String + * + * In case we need to create ASN1\Element object's.. + * + * @var string + * @see self::decodeDER() + */ + private static $encoded; + + /** + * Type mapping table for the ANY type. + * + * Structured or unknown types are mapped to a \phpseclib3\File\ASN1\Element. + * Unambiguous types get the direct mapping (int/real/bool). + * Others are mapped as a choice, with an extra indexing level. + * + * @var array + */ + public const ANY_MAP = [ + self::TYPE_BOOLEAN => true, + self::TYPE_INTEGER => true, + self::TYPE_BIT_STRING => 'bitString', + self::TYPE_OCTET_STRING => 'octetString', + self::TYPE_NULL => 'null', + self::TYPE_OBJECT_IDENTIFIER => 'objectIdentifier', + self::TYPE_REAL => true, + self::TYPE_ENUMERATED => 'enumerated', + self::TYPE_UTF8_STRING => 'utf8String', + self::TYPE_NUMERIC_STRING => 'numericString', + self::TYPE_PRINTABLE_STRING => 'printableString', + self::TYPE_TELETEX_STRING => 'teletexString', + self::TYPE_VIDEOTEX_STRING => 'videotexString', + self::TYPE_IA5_STRING => 'ia5String', + self::TYPE_UTC_TIME => 'utcTime', + self::TYPE_GENERALIZED_TIME => 'generalTime', + self::TYPE_GRAPHIC_STRING => 'graphicString', + self::TYPE_VISIBLE_STRING => 'visibleString', + self::TYPE_GENERAL_STRING => 'generalString', + self::TYPE_UNIVERSAL_STRING => 'universalString', + //self::TYPE_CHARACTER_STRING => 'characterString', + self::TYPE_BMP_STRING => 'bmpString', + ]; + + /** + * String type to character size mapping table. + * + * Non-convertable types are absent from this table. + * size == 0 indicates variable length encoding. + * + * @var array + */ + public const STRING_TYPE_SIZE = [ + self::TYPE_UTF8_STRING => 0, + self::TYPE_BMP_STRING => 2, + self::TYPE_UNIVERSAL_STRING => 4, + self::TYPE_PRINTABLE_STRING => 1, + self::TYPE_TELETEX_STRING => 1, + self::TYPE_IA5_STRING => 1, + self::TYPE_VISIBLE_STRING => 1, + ]; + + /** + * Parse BER-encoding + * + * Serves a similar purpose to openssl's asn1parse + * + * @param Element|string $encoded + */ + public static function decodeBER($encoded): ?array + { + if ($encoded instanceof Element) { + $encoded = $encoded->element; + } + + self::$encoded = $encoded; + + $decoded = self::decode_ber($encoded); + if ($decoded === false) { + return null; + } + + return [$decoded]; + } + + /** + * Parse BER-encoding (Helper function) + * + * Sometimes we want to get the BER encoding of a particular tag. $start lets us do that without having to reencode. + * $encoded is passed by reference for the recursive calls done for self::TYPE_BIT_STRING and + * self::TYPE_OCTET_STRING. In those cases, the indefinite length is used. + * + * @return array|bool + */ + private static function decode_ber(string $encoded, int $start = 0, int $encoded_pos = 0) + { + $current = ['start' => $start]; + + if (!isset($encoded[$encoded_pos])) { + return false; + } + $type = ord($encoded[$encoded_pos++]); + $startOffset = 1; + + $constructed = ($type >> 5) & 1; + + $tag = $type & 0x1F; + if ($tag == 0x1F) { + $tag = 0; + // process septets (since the eighth bit is ignored, it's not an octet) + do { + if (!isset($encoded[$encoded_pos])) { + return false; + } + $temp = ord($encoded[$encoded_pos++]); + $startOffset++; + $loop = $temp >> 7; + $tag <<= 7; + $temp &= 0x7F; + // "bits 7 to 1 of the first subsequent octet shall not all be zero" + if ($startOffset == 2 && $temp == 0) { + return false; + } + $tag |= $temp; + } while ($loop); + } + + $start += $startOffset; + + // Length, as discussed in paragraph 8.1.3 of X.690-0207.pdf#page=13 + if (!isset($encoded[$encoded_pos])) { + return false; + } + $length = ord($encoded[$encoded_pos++]); + $start++; + if ($length == 0x80) { // indefinite length + // "[A sender shall] use the indefinite form (see 8.1.3.6) if the encoding is constructed and is not all + // immediately available." -- paragraph 8.1.3.2.c + $length = strlen($encoded) - $encoded_pos; + } elseif ($length & 0x80) { // definite length, long form + // technically, the long form of the length can be represented by up to 126 octets (bytes), but we'll only + // support it up to four. + $length &= 0x7F; + $temp = substr($encoded, $encoded_pos, $length); + $encoded_pos += $length; + // tags of indefinte length don't really have a header length; this length includes the tag + $current += ['headerlength' => $length + 2]; + $start += $length; + extract(unpack('Nlength', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4))); + /** @var integer $length */ + } else { + $current += ['headerlength' => 2]; + } + + if ($length > (strlen($encoded) - $encoded_pos)) { + return false; + } + + $content = substr($encoded, $encoded_pos, $length); + $content_pos = 0; + + // at this point $length can be overwritten. it's only accurate for definite length things as is + + /* Class is UNIVERSAL, APPLICATION, PRIVATE, or CONTEXT-SPECIFIC. The UNIVERSAL class is restricted to the ASN.1 + built-in types. It defines an application-independent data type that must be distinguishable from all other + data types. The other three classes are user defined. The APPLICATION class distinguishes data types that + have a wide, scattered use within a particular presentation context. PRIVATE distinguishes data types within + a particular organization or country. CONTEXT-SPECIFIC distinguishes members of a sequence or set, the + alternatives of a CHOICE, or universally tagged set members. Only the class number appears in braces for this + data type; the term CONTEXT-SPECIFIC does not appear. + + -- http://www.obj-sys.com/asn1tutorial/node12.html */ + $class = ($type >> 6) & 3; + switch ($class) { + case self::CLASS_APPLICATION: + case self::CLASS_PRIVATE: + case self::CLASS_CONTEXT_SPECIFIC: + if (!$constructed) { + return [ + 'type' => $class, + 'constant' => $tag, + 'content' => $content, + 'length' => $length + $start - $current['start'], + ] + $current; + } + + $newcontent = []; + $remainingLength = $length; + while ($remainingLength > 0) { + $temp = self::decode_ber($content, $start, $content_pos); + if ($temp === false) { + break; + } + $length = $temp['length']; + // end-of-content octets - see paragraph 8.1.5 + if (substr($content, $content_pos + $length, 2) == "\0\0") { + $length += 2; + $start += $length; + $newcontent[] = $temp; + break; + } + $start += $length; + $remainingLength -= $length; + $newcontent[] = $temp; + $content_pos += $length; + } + + return [ + 'type' => $class, + 'constant' => $tag, + // the array encapsulation is for BC with the old format + 'content' => $newcontent, + // the only time when $content['headerlength'] isn't defined is when the length is indefinite. + // the absence of $content['headerlength'] is how we know if something is indefinite or not. + // technically, it could be defined to be 2 and then another indicator could be used but whatever. + 'length' => $start - $current['start'], + ] + $current; + } + + $current += ['type' => $tag]; + + // decode UNIVERSAL tags + switch ($tag) { + case self::TYPE_BOOLEAN: + // "The contents octets shall consist of a single octet." -- paragraph 8.2.1 + if ($constructed || strlen($content) != 1) { + return false; + } + $current['content'] = (bool) ord($content[$content_pos]); + break; + case self::TYPE_INTEGER: + case self::TYPE_ENUMERATED: + if ($constructed) { + return false; + } + $current['content'] = new BigInteger(substr($content, $content_pos), -256); + break; + case self::TYPE_REAL: // not currently supported + return false; + case self::TYPE_BIT_STRING: + // The initial octet shall encode, as an unsigned binary integer with bit 1 as the least significant bit, + // the number of unused bits in the final subsequent octet. The number shall be in the range zero to + // seven. + if (!$constructed) { + $current['content'] = substr($content, $content_pos); + } else { + $temp = self::decode_ber($content, $start, $content_pos); + if ($temp === false) { + return false; + } + $length -= (strlen($content) - $content_pos); + $last = count($temp) - 1; + for ($i = 0; $i < $last; $i++) { + // all subtags should be bit strings + if ($temp[$i]['type'] != self::TYPE_BIT_STRING) { + return false; + } + $current['content'] .= substr($temp[$i]['content'], 1); + } + // all subtags should be bit strings + if ($temp[$last]['type'] != self::TYPE_BIT_STRING) { + return false; + } + $current['content'] = $temp[$last]['content'][0] . $current['content'] . substr($temp[$i]['content'], 1); + } + break; + case self::TYPE_OCTET_STRING: + if (!$constructed) { + $current['content'] = substr($content, $content_pos); + } else { + $current['content'] = ''; + $length = 0; + while (substr($content, $content_pos, 2) != "\0\0") { + $temp = self::decode_ber($content, $length + $start, $content_pos); + if ($temp === false) { + return false; + } + $content_pos += $temp['length']; + // all subtags should be octet strings + if ($temp['type'] != self::TYPE_OCTET_STRING) { + return false; + } + $current['content'] .= $temp['content']; + $length += $temp['length']; + } + if (substr($content, $content_pos, 2) == "\0\0") { + $length += 2; // +2 for the EOC + } + } + break; + case self::TYPE_NULL: + // "The contents octets shall not contain any octets." -- paragraph 8.8.2 + if ($constructed || strlen($content)) { + return false; + } + break; + case self::TYPE_SEQUENCE: + case self::TYPE_SET: + if (!$constructed) { + return false; + } + $offset = 0; + $current['content'] = []; + $content_len = strlen($content); + while ($content_pos < $content_len) { + // if indefinite length construction was used and we have an end-of-content string next + // see paragraphs 8.1.1.3, 8.1.3.2, 8.1.3.6, 8.1.5, and (for an example) 8.6.4.2 + if (!isset($current['headerlength']) && substr($content, $content_pos, 2) == "\0\0") { + $length = $offset + 2; // +2 for the EOC + break 2; + } + $temp = self::decode_ber($content, $start + $offset, $content_pos); + if ($temp === false) { + return false; + } + $content_pos += $temp['length']; + $current['content'][] = $temp; + $offset += $temp['length']; + } + break; + case self::TYPE_OBJECT_IDENTIFIER: + if ($constructed) { + return false; + } + $current['content'] = self::decodeOID(substr($content, $content_pos)); + if ($current['content'] === false) { + return false; + } + break; + /* Each character string type shall be encoded as if it had been declared: + [UNIVERSAL x] IMPLICIT OCTET STRING + + -- X.690-0207.pdf#page=23 (paragraph 8.21.3) + + Per that, we're not going to do any validation. If there are any illegal characters in the string, + we don't really care */ + case self::TYPE_NUMERIC_STRING: + // 0,1,2,3,4,5,6,7,8,9, and space + case self::TYPE_PRINTABLE_STRING: + // Upper and lower case letters, digits, space, apostrophe, left/right parenthesis, plus sign, comma, + // hyphen, full stop, solidus, colon, equal sign, question mark + case self::TYPE_TELETEX_STRING: + // The Teletex character set in CCITT's T61, space, and delete + // see http://en.wikipedia.org/wiki/Teletex#Character_sets + case self::TYPE_VIDEOTEX_STRING: + // The Videotex character set in CCITT's T.100 and T.101, space, and delete + case self::TYPE_VISIBLE_STRING: + // Printing character sets of international ASCII, and space + case self::TYPE_IA5_STRING: + // International Alphabet 5 (International ASCII) + case self::TYPE_GRAPHIC_STRING: + // All registered G sets, and space + case self::TYPE_GENERAL_STRING: + // All registered C and G sets, space and delete + case self::TYPE_UTF8_STRING: + // ???? + case self::TYPE_BMP_STRING: + if ($constructed) { + return false; + } + $current['content'] = substr($content, $content_pos); + break; + case self::TYPE_UTC_TIME: + case self::TYPE_GENERALIZED_TIME: + if ($constructed) { + return false; + } + $current['content'] = self::decodeTime(substr($content, $content_pos), $tag); + break; + default: + return false; + } + + $start += $length; + + // ie. length is the length of the full TLV encoding - it's not just the length of the value + return $current + ['length' => $start - $current['start']]; + } + + /** + * ASN.1 Map + * + * Provides an ASN.1 semantic mapping ($mapping) from a parsed BER-encoding to a human readable format. + * + * "Special" mappings may be applied on a per tag-name basis via $special. + * + * @param array|bool $decoded + * @return array|bool|Element|string|null + */ + public static function asn1map(array $decoded, array $mapping, array $special = []) + { + if (isset($mapping['explicit']) && is_array($decoded['content'])) { + $decoded = $decoded['content'][0]; + } + + switch (true) { + case $mapping['type'] == self::TYPE_ANY: + $intype = $decoded['type']; + // !isset(self::ANY_MAP[$intype]) produces a fatal error on PHP 5.6 + if (isset($decoded['constant']) || !array_key_exists($intype, self::ANY_MAP) || (ord(self::$encoded[$decoded['start']]) & 0x20)) { + return new Element(substr(self::$encoded, $decoded['start'], $decoded['length'])); + } + $inmap = self::ANY_MAP[$intype]; + if (is_string($inmap)) { + return [$inmap => self::asn1map($decoded, ['type' => $intype] + $mapping, $special)]; + } + break; + case $mapping['type'] == self::TYPE_CHOICE: + foreach ($mapping['children'] as $key => $option) { + switch (true) { + case isset($option['constant']) && $option['constant'] == $decoded['constant']: + case !isset($option['constant']) && $option['type'] == $decoded['type']: + $value = self::asn1map($decoded, $option, $special); + break; + case !isset($option['constant']) && $option['type'] == self::TYPE_CHOICE: + $v = self::asn1map($decoded, $option, $special); + if (isset($v)) { + $value = $v; + } + } + if (isset($value)) { + if (isset($special[$key])) { + $value = $special[$key]($value); + } + return [$key => $value]; + } + } + return null; + case isset($mapping['implicit']): + case isset($mapping['explicit']): + case $decoded['type'] == $mapping['type']: + break; + default: + // if $decoded['type'] and $mapping['type'] are both strings, but different types of strings, + // let it through + switch (true) { + case $decoded['type'] < 18: // self::TYPE_NUMERIC_STRING == 18 + case $decoded['type'] > 30: // self::TYPE_BMP_STRING == 30 + case $mapping['type'] < 18: + case $mapping['type'] > 30: + return null; + } + } + + if (isset($mapping['implicit'])) { + $decoded['type'] = $mapping['type']; + } + + switch ($decoded['type']) { + case self::TYPE_SEQUENCE: + $map = []; + + // ignore the min and max + if (isset($mapping['min']) && isset($mapping['max'])) { + $child = $mapping['children']; + foreach ($decoded['content'] as $content) { + if (($map[] = self::asn1map($content, $child, $special)) === null) { + return null; + } + } + + return $map; + } + + $n = count($decoded['content']); + $i = 0; + + foreach ($mapping['children'] as $key => $child) { + $maymatch = $i < $n; // Match only existing input. + if ($maymatch) { + $temp = $decoded['content'][$i]; + + if ($child['type'] != self::TYPE_CHOICE) { + // Get the mapping and input class & constant. + $childClass = $tempClass = self::CLASS_UNIVERSAL; + $constant = null; + if (isset($temp['constant'])) { + $tempClass = $temp['type']; + } + if (isset($child['class'])) { + $childClass = $child['class']; + $constant = $child['cast']; + } elseif (isset($child['constant'])) { + $childClass = self::CLASS_CONTEXT_SPECIFIC; + $constant = $child['constant']; + } + + if (isset($constant) && isset($temp['constant'])) { + // Can only match if constants and class match. + $maymatch = $constant == $temp['constant'] && $childClass == $tempClass; + } else { + // Can only match if no constant expected and type matches or is generic. + $maymatch = !isset($child['constant']) && array_search($child['type'], [$temp['type'], self::TYPE_ANY, self::TYPE_CHOICE]) !== false; + } + } + } + + if ($maymatch) { + // Attempt submapping. + $candidate = self::asn1map($temp, $child, $special); + $maymatch = $candidate !== null; + } + + if ($maymatch) { + // Got the match: use it. + if (isset($special[$key])) { + $candidate = $special[$key]($candidate); + } + $map[$key] = $candidate; + $i++; + } elseif (isset($child['default'])) { + $map[$key] = $child['default']; + } elseif (!isset($child['optional'])) { + return null; // Syntax error. + } + } + + // Fail mapping if all input items have not been consumed. + return $i < $n ? null : $map; + + // the main diff between sets and sequences is the encapsulation of the foreach in another for loop + case self::TYPE_SET: + $map = []; + + // ignore the min and max + if (isset($mapping['min']) && isset($mapping['max'])) { + $child = $mapping['children']; + foreach ($decoded['content'] as $content) { + if (($map[] = self::asn1map($content, $child, $special)) === null) { + return null; + } + } + + return $map; + } + + for ($i = 0; $i < count($decoded['content']); $i++) { + $temp = $decoded['content'][$i]; + $tempClass = self::CLASS_UNIVERSAL; + if (isset($temp['constant'])) { + $tempClass = $temp['type']; + } + + foreach ($mapping['children'] as $key => $child) { + if (isset($map[$key])) { + continue; + } + $maymatch = true; + if ($child['type'] != self::TYPE_CHOICE) { + $childClass = self::CLASS_UNIVERSAL; + $constant = null; + if (isset($child['class'])) { + $childClass = $child['class']; + $constant = $child['cast']; + } elseif (isset($child['constant'])) { + $childClass = self::CLASS_CONTEXT_SPECIFIC; + $constant = $child['constant']; + } + + if (isset($constant) && isset($temp['constant'])) { + // Can only match if constants and class match. + $maymatch = $constant == $temp['constant'] && $childClass == $tempClass; + } else { + // Can only match if no constant expected and type matches or is generic. + $maymatch = !isset($child['constant']) && array_search($child['type'], [$temp['type'], self::TYPE_ANY, self::TYPE_CHOICE]) !== false; + } + } + + if ($maymatch) { + // Attempt submapping. + $candidate = self::asn1map($temp, $child, $special); + $maymatch = $candidate !== null; + } + + if (!$maymatch) { + break; + } + + // Got the match: use it. + if (isset($special[$key])) { + $candidate = $special[$key]($candidate); + } + $map[$key] = $candidate; + break; + } + } + + foreach ($mapping['children'] as $key => $child) { + if (!isset($map[$key])) { + if (isset($child['default'])) { + $map[$key] = $child['default']; + } elseif (!isset($child['optional'])) { + return null; + } + } + } + return $map; + case self::TYPE_OBJECT_IDENTIFIER: + return self::$oids[$decoded['content']] ?? $decoded['content']; + case self::TYPE_UTC_TIME: + case self::TYPE_GENERALIZED_TIME: + // for explicitly tagged optional stuff + if (is_array($decoded['content'])) { + $decoded['content'] = $decoded['content'][0]['content']; + } + // for implicitly tagged optional stuff + // in theory, doing isset($mapping['implicit']) would work but malformed certs do exist + // in the wild that OpenSSL decodes without issue so we'll support them as well + if (!is_object($decoded['content'])) { + $decoded['content'] = self::decodeTime($decoded['content'], $decoded['type']); + } + return $decoded['content'] ? $decoded['content']->format(self::$format) : false; + case self::TYPE_BIT_STRING: + if (isset($mapping['mapping'])) { + $offset = ord($decoded['content'][0]); + $size = (strlen($decoded['content']) - 1) * 8 - $offset; + /* + From X.680-0207.pdf#page=46 (21.7): + + "When a "NamedBitList" is used in defining a bitstring type ASN.1 encoding rules are free to add (or remove) + arbitrarily any trailing 0 bits to (or from) values that are being encoded or decoded. Application designers should + therefore ensure that different semantics are not associated with such values which differ only in the number of trailing + 0 bits." + */ + $bits = count($mapping['mapping']) == $size ? [] : array_fill(0, count($mapping['mapping']) - $size, false); + for ($i = strlen($decoded['content']) - 1; $i > 0; $i--) { + $current = ord($decoded['content'][$i]); + for ($j = $offset; $j < 8; $j++) { + $bits[] = (bool) ($current & (1 << $j)); + } + $offset = 0; + } + $values = []; + $map = array_reverse($mapping['mapping']); + foreach ($map as $i => $value) { + if ($bits[$i]) { + $values[] = $value; + } + } + return $values; + } + // fall-through + case self::TYPE_OCTET_STRING: + return $decoded['content']; + case self::TYPE_NULL: + return ''; + case self::TYPE_BOOLEAN: + case self::TYPE_NUMERIC_STRING: + case self::TYPE_PRINTABLE_STRING: + case self::TYPE_TELETEX_STRING: + case self::TYPE_VIDEOTEX_STRING: + case self::TYPE_IA5_STRING: + case self::TYPE_GRAPHIC_STRING: + case self::TYPE_VISIBLE_STRING: + case self::TYPE_GENERAL_STRING: + case self::TYPE_UNIVERSAL_STRING: + case self::TYPE_UTF8_STRING: + case self::TYPE_BMP_STRING: + return $decoded['content']; + case self::TYPE_INTEGER: + case self::TYPE_ENUMERATED: + $temp = $decoded['content']; + if (isset($mapping['implicit'])) { + $temp = new BigInteger($decoded['content'], -256); + } + if (isset($mapping['mapping'])) { + $temp = (int) $temp->toString(); + return $mapping['mapping'][$temp] ?? + false; + } + return $temp; + } + } + + /** + * DER-decode the length + * + * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See + * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. + */ + public static function decodeLength(string &$string): int + { + $length = ord(Strings::shift($string)); + if ($length & 0x80) { // definite length, long form + $length &= 0x7F; + $temp = Strings::shift($string, $length); + [, $length] = unpack('N', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4)); + } + return $length; + } + + /** + * ASN.1 Encode + * + * DER-encodes an ASN.1 semantic mapping ($mapping). Some libraries would probably call this function + * an ASN.1 compiler. + * + * "Special" mappings can be applied via $special. + * + * @param Element|string|array $source + * @return string + */ + public static function encodeDER($source, array $mapping, array $special = []) + { + self::$location = []; + return self::encode_der($source, $mapping, null, $special); + } + + /** + * ASN.1 Encode (Helper function) + * + * @param Element|string|array|null $source + * @param string|int|null $idx + * @return string + */ + private static function encode_der($source, array $mapping, $idx = null, array $special = []) + { + if ($source instanceof Element) { + return $source->element; + } + + // do not encode (implicitly optional) fields with value set to default + if (isset($mapping['default']) && $source === $mapping['default']) { + return ''; + } + + if (isset($idx)) { + if (isset($special[$idx])) { + $source = $special[$idx]($source); + } + self::$location[] = $idx; + } + + $tag = $mapping['type']; + + switch ($tag) { + case self::TYPE_SET: // Children order is not important, thus process in sequence. + case self::TYPE_SEQUENCE: + $tag |= 0x20; // set the constructed bit + + // ignore the min and max + if (isset($mapping['min']) && isset($mapping['max'])) { + $value = []; + $child = $mapping['children']; + + foreach ($source as $content) { + $temp = self::encode_der($content, $child, null, $special); + if ($temp === false) { + return false; + } + $value[] = $temp; + } + /* "The encodings of the component values of a set-of value shall appear in ascending order, the encodings being compared + as octet strings with the shorter components being padded at their trailing end with 0-octets. + NOTE - The padding octets are for comparison purposes only and do not appear in the encodings." + + -- sec 11.6 of http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ + if ($mapping['type'] == self::TYPE_SET) { + sort($value); + } + $value = implode('', $value); + break; + } + + $value = ''; + foreach ($mapping['children'] as $key => $child) { + if (!array_key_exists($key, $source)) { + if (!isset($child['optional'])) { + return false; + } + continue; + } + + $temp = self::encode_der($source[$key], $child, $key, $special); + if ($temp === false) { + return false; + } + + // An empty child encoding means it has been optimized out. + // Else we should have at least one tag byte. + if ($temp === '') { + continue; + } + + // if isset($child['constant']) is true then isset($child['optional']) should be true as well + if (isset($child['constant'])) { + /* + From X.680-0207.pdf#page=58 (30.6): + + "The tagging construction specifies explicit tagging if any of the following holds: + ... + c) the "Tag Type" alternative is used and the value of "TagDefault" for the module is IMPLICIT TAGS or + AUTOMATIC TAGS, but the type defined by "Type" is an untagged choice type, an untagged open type, or + an untagged "DummyReference" (see ITU-T Rec. X.683 | ISO/IEC 8824-4, 8.3)." + */ + if (isset($child['explicit']) || $child['type'] == self::TYPE_CHOICE) { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | 0x20 | $child['constant']); + $temp = $subtag . self::encodeLength(strlen($temp)) . $temp; + } else { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | (ord($temp[0]) & 0x20) | $child['constant']); + $temp = $subtag . substr($temp, 1); + } + } + $value .= $temp; + } + break; + case self::TYPE_CHOICE: + $temp = false; + + foreach ($mapping['children'] as $key => $child) { + if (!isset($source[$key])) { + continue; + } + + $temp = self::encode_der($source[$key], $child, $key, $special); + if ($temp === false) { + return false; + } + + // An empty child encoding means it has been optimized out. + // Else we should have at least one tag byte. + if ($temp === '') { + continue; + } + + $tag = ord($temp[0]); + + // if isset($child['constant']) is true then isset($child['optional']) should be true as well + if (isset($child['constant'])) { + if (isset($child['explicit']) || $child['type'] == self::TYPE_CHOICE) { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | 0x20 | $child['constant']); + $temp = $subtag . self::encodeLength(strlen($temp)) . $temp; + } else { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | (ord($temp[0]) & 0x20) | $child['constant']); + $temp = $subtag . substr($temp, 1); + } + } + } + + if (isset($idx)) { + array_pop(self::$location); + } + + if ($temp && isset($mapping['cast'])) { + $temp[0] = chr(($mapping['class'] << 6) | ($tag & 0x20) | $mapping['cast']); + } + + return $temp; + case self::TYPE_INTEGER: + case self::TYPE_ENUMERATED: + if (!isset($mapping['mapping'])) { + if (is_numeric($source)) { + $source = new BigInteger($source); + } + $value = $source->toBytes(true); + } else { + $value = array_search($source, $mapping['mapping']); + if ($value === false) { + return false; + } + $value = new BigInteger($value); + $value = $value->toBytes(true); + } + if (!strlen($value)) { + $value = chr(0); + } + break; + case self::TYPE_UTC_TIME: + case self::TYPE_GENERALIZED_TIME: + $format = $mapping['type'] == self::TYPE_UTC_TIME ? 'y' : 'Y'; + $format .= 'mdHis'; + // if $source does _not_ include timezone information within it then assume that the timezone is GMT + $date = new \DateTime($source, new \DateTimeZone('GMT')); + // if $source _does_ include timezone information within it then convert the time to GMT + $date->setTimezone(new \DateTimeZone('GMT')); + $value = $date->format($format) . 'Z'; + break; + case self::TYPE_BIT_STRING: + if (isset($mapping['mapping'])) { + $bits = array_fill(0, count($mapping['mapping']), 0); + $size = 0; + for ($i = 0; $i < count($mapping['mapping']); $i++) { + if (in_array($mapping['mapping'][$i], $source)) { + $bits[$i] = 1; + $size = $i; + } + } + + if (isset($mapping['min']) && $mapping['min'] >= 1 && $size < $mapping['min']) { + $size = $mapping['min'] - 1; + } + + $offset = 8 - (($size + 1) & 7); + $offset = $offset !== 8 ? $offset : 0; + + $value = chr($offset); + + for ($i = $size + 1; $i < count($mapping['mapping']); $i++) { + unset($bits[$i]); + } + + $bits = implode('', array_pad($bits, $size + $offset + 1, 0)); + $bytes = explode(' ', rtrim(chunk_split($bits, 8, ' '))); + foreach ($bytes as $byte) { + $value .= chr(bindec($byte)); + } + + break; + } + // fall-through + case self::TYPE_OCTET_STRING: + /* The initial octet shall encode, as an unsigned binary integer with bit 1 as the least significant bit, + the number of unused bits in the final subsequent octet. The number shall be in the range zero to seven. + + -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=16 */ + $value = $source; + break; + case self::TYPE_OBJECT_IDENTIFIER: + $value = self::encodeOID($source); + break; + case self::TYPE_ANY: + $loc = self::$location; + if (isset($idx)) { + array_pop(self::$location); + } + + switch (true) { + case !isset($source): + return self::encode_der(null, ['type' => self::TYPE_NULL] + $mapping, null, $special); + case is_int($source): + case $source instanceof BigInteger: + return self::encode_der($source, ['type' => self::TYPE_INTEGER] + $mapping, null, $special); + case is_float($source): + return self::encode_der($source, ['type' => self::TYPE_REAL] + $mapping, null, $special); + case is_bool($source): + return self::encode_der($source, ['type' => self::TYPE_BOOLEAN] + $mapping, null, $special); + case is_array($source) && count($source) == 1: + $typename = implode('', array_keys($source)); + $outtype = array_search($typename, self::ANY_MAP, true); + if ($outtype !== false) { + return self::encode_der($source[$typename], ['type' => $outtype] + $mapping, null, $special); + } + } + + $filters = self::$filters; + foreach ($loc as $part) { + if (!isset($filters[$part])) { + $filters = false; + break; + } + $filters = $filters[$part]; + } + if ($filters === false) { + throw new RuntimeException('No filters defined for ' . implode('/', $loc)); + } + return self::encode_der($source, $filters + $mapping, null, $special); + case self::TYPE_NULL: + $value = ''; + break; + case self::TYPE_NUMERIC_STRING: + case self::TYPE_TELETEX_STRING: + case self::TYPE_PRINTABLE_STRING: + case self::TYPE_UNIVERSAL_STRING: + case self::TYPE_UTF8_STRING: + case self::TYPE_BMP_STRING: + case self::TYPE_IA5_STRING: + case self::TYPE_VISIBLE_STRING: + case self::TYPE_VIDEOTEX_STRING: + case self::TYPE_GRAPHIC_STRING: + case self::TYPE_GENERAL_STRING: + $value = $source; + break; + case self::TYPE_BOOLEAN: + $value = $source ? "\xFF" : "\x00"; + break; + default: + throw new RuntimeException('Mapping provides no type definition for ' . implode('/', self::$location)); + } + + if (isset($idx)) { + array_pop(self::$location); + } + + if (isset($mapping['cast'])) { + if (isset($mapping['explicit']) || $mapping['type'] == self::TYPE_CHOICE) { + $value = chr($tag) . self::encodeLength(strlen($value)) . $value; + $tag = ($mapping['class'] << 6) | 0x20 | $mapping['cast']; + } else { + $tag = ($mapping['class'] << 6) | (ord($temp[0]) & 0x20) | $mapping['cast']; + } + } + + return chr($tag) . self::encodeLength(strlen((string) $value)) . $value; + } + + /** + * BER-decode the OID + * + * Called by _decode_ber() + * + * @return string + */ + public static function decodeOID(string $content) + { + static $eighty; + if (!$eighty) { + $eighty = new BigInteger(80); + } + + $oid = []; + $pos = 0; + $len = strlen($content); + // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55 + if ($len > 4096) { + //throw new \RuntimeException("Object identifier size is limited to 4096 bytes ($len bytes present)"); + return false; + } + + if (ord($content[$len - 1]) & 0x80) { + return false; + } + + $n = new BigInteger(); + while ($pos < $len) { + $temp = ord($content[$pos++]); + $n = $n->bitwise_leftShift(7); + $n = $n->bitwise_or(new BigInteger($temp & 0x7F)); + if (~$temp & 0x80) { + $oid[] = $n; + $n = new BigInteger(); + } + } + $part1 = array_shift($oid); + $first = floor(ord($content[0]) / 40); + /* + "This packing of the first two object identifier components recognizes that only three values are allocated from the root + node, and at most 39 subsequent values from nodes reached by X = 0 and X = 1." + + -- https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=22 + */ + if ($first <= 2) { // ie. 0 <= ord($content[0]) < 120 (0x78) + array_unshift($oid, ord($content[0]) % 40); + array_unshift($oid, $first); + } else { + array_unshift($oid, $part1->subtract($eighty)); + array_unshift($oid, 2); + } + + return implode('.', $oid); + } + + /** + * DER-encode the OID + * + * Called by _encode_der() + */ + public static function encodeOID(string $source): string + { + static $mask, $zero, $forty; + if (!$mask) { + $mask = new BigInteger(0x7F); + $zero = new BigInteger(); + $forty = new BigInteger(40); + } + + if (!preg_match('#(?:\d+\.)+#', $source)) { + $oid = self::$reverseOIDs[$source] ?? false; + } else { + $oid = $source; + } + if ($oid === false) { + throw new RuntimeException('Invalid OID'); + } + + $parts = explode('.', $oid); + $part1 = array_shift($parts); + $part2 = array_shift($parts); + + $first = new BigInteger($part1); + $first = $first->multiply($forty); + $first = $first->add(new BigInteger($part2)); + + array_unshift($parts, $first->toString()); + + $value = ''; + foreach ($parts as $part) { + if (!$part) { + $temp = "\0"; + } else { + $temp = ''; + $part = new BigInteger($part); + while (!$part->equals($zero)) { + $submask = $part->bitwise_and($mask); + $submask->setPrecision(8); + $temp = (chr(0x80) | $submask->toBytes()) . $temp; + $part = $part->bitwise_rightShift(7); + } + $temp[-1] = $temp[-1] & chr(0x7F); + } + $value .= $temp; + } + + return $value; + } + + /** + * BER-decode the time + * + * Called by _decode_ber() and in the case of implicit tags asn1map(). + * + * @return \DateTime|false + */ + private static function decodeTime(string $content, int $tag) + { + /* UTCTime: + http://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 + http://www.obj-sys.com/asn1tutorial/node15.html + + GeneralizedTime: + http://tools.ietf.org/html/rfc5280#section-4.1.2.5.2 + http://www.obj-sys.com/asn1tutorial/node14.html */ + + $format = 'YmdHis'; + + if ($tag == self::TYPE_UTC_TIME) { + // https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=28 says "the seconds + // element shall always be present" but none-the-less I've seen X509 certs where it isn't and if the + // browsers parse it phpseclib ought to too + if (preg_match('#^(\d{10})(Z|[+-]\d{4})$#', $content, $matches)) { + $content = $matches[1] . '00' . $matches[2]; + } + $prefix = substr($content, 0, 2) >= 50 ? '19' : '20'; + $content = $prefix . $content; + } elseif (str_contains($content, '.')) { + $format .= '.u'; + } + + if ($content[-1] == 'Z') { + $content = substr($content, 0, -1) . '+0000'; + } + + if (str_contains($content, '-') || str_contains($content, '+')) { + $format .= 'O'; + } + + // error supression isn't necessary as of PHP 7.0: + // http://php.net/manual/en/migration70.other-changes.php + return @\DateTime::createFromFormat($format, $content); + } + + /** + * Set the time format + * + * Sets the time / date format for asn1map(). + */ + public static function setTimeFormat(string $format): void + { + self::$format = $format; + } + + /** + * Load OIDs + * + * Load the relevant OIDs for a particular ASN.1 semantic mapping. + * Previously loaded OIDs are retained. + */ + public static function loadOIDs(array $oids): void + { + self::$reverseOIDs += $oids; + self::$oids = array_flip(self::$reverseOIDs); + } + + /** + * Set filters + * + * See \phpseclib3\File\X509, etc, for an example. + * Previously loaded filters are not retained. + */ + public static function setFilters(array $filters): void + { + self::$filters = $filters; + } + + /** + * String type conversion + * + * This is a lazy conversion, dealing only with character size. + * No real conversion table is used. + * + * @return string + */ + public static function convert(string $in, int $from = self::TYPE_UTF8_STRING, int $to = self::TYPE_UTF8_STRING) + { + // isset(self::STRING_TYPE_SIZE[$from] returns a fatal error on PHP 5.6 + if (!array_key_exists($from, self::STRING_TYPE_SIZE) || !array_key_exists($to, self::STRING_TYPE_SIZE)) { + return false; + } + $insize = self::STRING_TYPE_SIZE[$from]; + $outsize = self::STRING_TYPE_SIZE[$to]; + $inlength = strlen($in); + $out = ''; + + for ($i = 0; $i < $inlength;) { + if ($inlength - $i < $insize) { + return false; + } + + // Get an input character as a 32-bit value. + $c = ord($in[$i++]); + switch (true) { + case $insize == 4: + $c = ($c << 8) | ord($in[$i++]); + $c = ($c << 8) | ord($in[$i++]); + // fall-through + case $insize == 2: + $c = ($c << 8) | ord($in[$i++]); + // fall-through + case $insize == 1: + break; + case ($c & 0x80) == 0x00: + break; + case ($c & 0x40) == 0x00: + return false; + default: + $bit = 6; + do { + if ($bit > 25 || $i >= $inlength || (ord($in[$i]) & 0xC0) != 0x80) { + return false; + } + $c = ($c << 6) | (ord($in[$i++]) & 0x3F); + $bit += 5; + $mask = 1 << $bit; + } while ($c & $bit); + $c &= $mask - 1; + break; + } + + // Convert and append the character to output string. + $v = ''; + switch (true) { + case $outsize == 4: + $v .= chr($c & 0xFF); + $c >>= 8; + $v .= chr($c & 0xFF); + $c >>= 8; + // fall-through + case $outsize == 2: + $v .= chr($c & 0xFF); + $c >>= 8; + // fall-through + case $outsize == 1: + $v .= chr($c & 0xFF); + $c >>= 8; + if ($c) { + return false; + } + break; + case ($c & (PHP_INT_SIZE == 8 ? 0x80000000 : (1 << 31))) != 0: + return false; + case $c >= 0x04000000: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x04000000; + // fall-through + case $c >= 0x00200000: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x00200000; + // fall-through + case $c >= 0x00010000: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x00010000; + // fall-through + case $c >= 0x00000800: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x00000800; + // fall-through + case $c >= 0x00000080: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x000000C0; + // fall-through + default: + $v .= chr($c); + break; + } + $out .= strrev($v); + } + return $out; + } + + /** + * Extract raw BER from Base64 encoding + */ + public static function extractBER(string $str): string + { + /* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them + * above and beyond the ceritificate. + * ie. some may have the following preceding the -----BEGIN CERTIFICATE----- line: + * + * Bag Attributes + * localKeyID: 01 00 00 00 + * subject=/O=organization/OU=org unit/CN=common name + * issuer=/O=organization/CN=common name + */ + if (strlen($str) > ini_get('pcre.backtrack_limit')) { + $temp = $str; + } else { + $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1); + $temp = preg_replace('#-+END.*[\r\n ]*.*#ms', '', $temp, 1); + } + // remove new lines + $temp = str_replace(["\r", "\n", ' '], '', $temp); + // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff + $temp = preg_replace('#^-+[^-]+-+|-+[^-]+-+$#', '', $temp); + $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Strings::base64_decode($temp) : false; + return $temp != false ? $temp : $str; + } + + /** + * DER-encode the length + * + * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See + * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. + */ + public static function encodeLength(int $length): string + { + if ($length <= 0x7F) { + return chr($length); + } + + $temp = ltrim(pack('N', $length), chr(0)); + return pack('Ca*', 0x80 | strlen($temp), $temp); + } + + /** + * Returns the OID corresponding to a name + * + * What's returned in the associative array returned by loadX509() (or load*()) is either a name or an OID if + * no OID to name mapping is available. The problem with this is that what may be an unmapped OID in one version + * of phpseclib may not be unmapped in the next version, so apps that are looking at this OID may not be able + * to work from version to version. + * + * This method will return the OID if a name is passed to it and if no mapping is avialable it'll assume that + * what's being passed to it already is an OID and return that instead. A few examples. + * + * getOID('2.16.840.1.101.3.4.2.1') == '2.16.840.1.101.3.4.2.1' + * getOID('id-sha256') == '2.16.840.1.101.3.4.2.1' + * getOID('zzz') == 'zzz' + */ + public static function getOID(string $name): string + { + return self::$reverseOIDs[$name] ?? $name; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Element.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Element.php new file mode 100644 index 0000000..ae74af3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Element.php @@ -0,0 +1,44 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1; + +/** + * ASN.1 Raw Element + * + * An ASN.1 ANY mapping will return an ASN1\Element object. Use of this object + * will also bypass the normal encoding rules in ASN1::encodeDER() + * + * @author Jim Wigginton + */ +class Element +{ + /** + * Raw element value + * + * @var string + */ + public $element; + + /** + * Constructor + * + * @return Element + */ + public function __construct(string $encoded) + { + $this->element = $encoded; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AccessDescription.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AccessDescription.php new file mode 100644 index 0000000..1c996c9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AccessDescription.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AccessDescription + * + * @author Jim Wigginton + */ +abstract class AccessDescription +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'accessMethod' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'accessLocation' => GeneralName::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AdministrationDomainName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AdministrationDomainName.php new file mode 100644 index 0000000..19b7245 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AdministrationDomainName.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AdministrationDomainName + * + * @author Jim Wigginton + */ +abstract class AdministrationDomainName +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + // if class isn't present it's assumed to be \phpseclib3\File\ASN1::CLASS_UNIVERSAL or + // (if constant is present) \phpseclib3\File\ASN1::CLASS_CONTEXT_SPECIFIC + 'class' => ASN1::CLASS_APPLICATION, + 'cast' => 2, + 'children' => [ + 'numeric' => ['type' => ASN1::TYPE_NUMERIC_STRING], + 'printable' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AlgorithmIdentifier.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AlgorithmIdentifier.php new file mode 100644 index 0000000..db7e593 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AlgorithmIdentifier.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AlgorithmIdentifier + * + * @author Jim Wigginton + */ +abstract class AlgorithmIdentifier +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'algorithm' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'parameters' => [ + 'type' => ASN1::TYPE_ANY, + 'optional' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AnotherName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AnotherName.php new file mode 100644 index 0000000..987da45 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AnotherName.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AnotherName + * + * @author Jim Wigginton + */ +abstract class AnotherName +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type-id' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'value' => [ + 'type' => ASN1::TYPE_ANY, + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Attribute.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Attribute.php new file mode 100644 index 0000000..9ddde34 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Attribute.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Attribute + * + * @author Jim Wigginton + */ +abstract class Attribute +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type' => AttributeType::MAP, + 'value' => [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => -1, + 'children' => AttributeValue::MAP, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeType.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeType.php new file mode 100644 index 0000000..190d425 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeType.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AttributeType + * + * @author Jim Wigginton + */ +abstract class AttributeType +{ + public const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeTypeAndValue.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeTypeAndValue.php new file mode 100644 index 0000000..a4ee969 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeTypeAndValue.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AttributeTypeAndValue + * + * @author Jim Wigginton + */ +abstract class AttributeTypeAndValue +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type' => AttributeType::MAP, + 'value' => AttributeValue::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeValue.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeValue.php new file mode 100644 index 0000000..aa267f9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AttributeValue.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AttributeValue + * + * @author Jim Wigginton + */ +abstract class AttributeValue +{ + public const MAP = ['type' => ASN1::TYPE_ANY]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Attributes.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Attributes.php new file mode 100644 index 0000000..a3417db --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Attributes.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Attributes + * + * @author Jim Wigginton + */ +abstract class Attributes +{ + public const MAP = [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => -1, + 'children' => Attribute::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AuthorityInfoAccessSyntax.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AuthorityInfoAccessSyntax.php new file mode 100644 index 0000000..39198d8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AuthorityInfoAccessSyntax.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AuthorityInfoAccessSyntax + * + * @author Jim Wigginton + */ +abstract class AuthorityInfoAccessSyntax +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => AccessDescription::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AuthorityKeyIdentifier.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AuthorityKeyIdentifier.php new file mode 100644 index 0000000..8654105 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/AuthorityKeyIdentifier.php @@ -0,0 +1,47 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AuthorityKeyIdentifier + * + * @author Jim Wigginton + */ +abstract class AuthorityKeyIdentifier +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'keyIdentifier' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + KeyIdentifier::MAP, + 'authorityCertIssuer' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + GeneralNames::MAP, + 'authorityCertSerialNumber' => [ + 'constant' => 2, + 'optional' => true, + 'implicit' => true, + ] + CertificateSerialNumber::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BaseDistance.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BaseDistance.php new file mode 100644 index 0000000..a19d04e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BaseDistance.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BaseDistance + * + * @author Jim Wigginton + */ +abstract class BaseDistance +{ + public const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BasicConstraints.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BasicConstraints.php new file mode 100644 index 0000000..850b136 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BasicConstraints.php @@ -0,0 +1,41 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BasicConstraints + * + * @author Jim Wigginton + */ +abstract class BasicConstraints +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'cA' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'optional' => true, + 'default' => false, + ], + 'pathLenConstraint' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttribute.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttribute.php new file mode 100644 index 0000000..ef32fd8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttribute.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BuiltInDomainDefinedAttribute + * + * @author Jim Wigginton + */ +abstract class BuiltInDomainDefinedAttribute +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + 'value' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttributes.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttributes.php new file mode 100644 index 0000000..009981d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttributes.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BuiltInDomainDefinedAttributes + * + * @author Jim Wigginton + */ +abstract class BuiltInDomainDefinedAttributes +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => 4, // ub-domain-defined-attributes + 'children' => BuiltInDomainDefinedAttribute::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInStandardAttributes.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInStandardAttributes.php new file mode 100644 index 0000000..01a0409 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/BuiltInStandardAttributes.php @@ -0,0 +1,69 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BuiltInStandardAttributes + * + * @author Jim Wigginton + */ +abstract class BuiltInStandardAttributes +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'country-name' => ['optional' => true] + CountryName::MAP, + 'administration-domain-name' => ['optional' => true] + AdministrationDomainName::MAP, + 'network-address' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + NetworkAddress::MAP, + 'terminal-identifier' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + TerminalIdentifier::MAP, + 'private-domain-name' => [ + 'constant' => 2, + 'optional' => true, + 'explicit' => true, + ] + PrivateDomainName::MAP, + 'organization-name' => [ + 'constant' => 3, + 'optional' => true, + 'implicit' => true, + ] + OrganizationName::MAP, + 'numeric-user-identifier' => [ + 'constant' => 4, + 'optional' => true, + 'implicit' => true, + ] + NumericUserIdentifier::MAP, + 'personal-name' => [ + 'constant' => 5, + 'optional' => true, + 'implicit' => true, + ] + PersonalName::MAP, + 'organizational-unit-names' => [ + 'constant' => 6, + 'optional' => true, + 'implicit' => true, + ] + OrganizationalUnitNames::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CPSuri.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CPSuri.php new file mode 100644 index 0000000..3da7a0c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CPSuri.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CPSuri + * + * @author Jim Wigginton + */ +abstract class CPSuri +{ + public const MAP = ['type' => ASN1::TYPE_IA5_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLDistributionPoints.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLDistributionPoints.php new file mode 100644 index 0000000..c0621b3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLDistributionPoints.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CRLDistributionPoints + * + * @author Jim Wigginton + */ +abstract class CRLDistributionPoints +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => DistributionPoint::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLNumber.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLNumber.php new file mode 100644 index 0000000..d928487 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLNumber.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CRLNumber + * + * @author Jim Wigginton + */ +abstract class CRLNumber +{ + public const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLReason.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLReason.php new file mode 100644 index 0000000..02f32ac --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CRLReason.php @@ -0,0 +1,43 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CRLReason + * + * @author Jim Wigginton + */ +abstract class CRLReason +{ + public const MAP = [ + 'type' => ASN1::TYPE_ENUMERATED, + 'mapping' => [ + 'unspecified', + 'keyCompromise', + 'cACompromise', + 'affiliationChanged', + 'superseded', + 'cessationOfOperation', + 'certificateHold', + // Value 7 is not used. + 8 => 'removeFromCRL', + 'privilegeWithdrawn', + 'aACompromise', + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertPolicyId.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertPolicyId.php new file mode 100644 index 0000000..326467e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertPolicyId.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertPolicyId + * + * @author Jim Wigginton + */ +abstract class CertPolicyId +{ + public const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Certificate.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Certificate.php new file mode 100644 index 0000000..2f72c86 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Certificate.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Certificate + * + * @author Jim Wigginton + */ +abstract class Certificate +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'tbsCertificate' => TBSCertificate::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateIssuer.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateIssuer.php new file mode 100644 index 0000000..e1df76a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateIssuer.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +/** + * CertificateIssuer + * + * @author Jim Wigginton + */ +abstract class CertificateIssuer +{ + public const MAP = GeneralNames::MAP; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateList.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateList.php new file mode 100644 index 0000000..e8c9208 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateList.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificateList + * + * @author Jim Wigginton + */ +abstract class CertificateList +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'tbsCertList' => TBSCertList::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificatePolicies.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificatePolicies.php new file mode 100644 index 0000000..989f363 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificatePolicies.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificatePolicies + * + * @author Jim Wigginton + */ +abstract class CertificatePolicies +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => PolicyInformation::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateSerialNumber.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateSerialNumber.php new file mode 100644 index 0000000..cffb059 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificateSerialNumber.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificateSerialNumber + * + * @author Jim Wigginton + */ +abstract class CertificateSerialNumber +{ + public const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificationRequest.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificationRequest.php new file mode 100644 index 0000000..2c1b91b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificationRequest.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificationRequest + * + * @author Jim Wigginton + */ +abstract class CertificationRequest +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'certificationRequestInfo' => CertificationRequestInfo::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificationRequestInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificationRequestInfo.php new file mode 100644 index 0000000..0baf128 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CertificationRequestInfo.php @@ -0,0 +1,43 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificationRequestInfo + * + * @author Jim Wigginton + */ +abstract class CertificationRequestInfo +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1'], + ], + 'subject' => Name::MAP, + 'subjectPKInfo' => SubjectPublicKeyInfo::MAP, + 'attributes' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + Attributes::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Characteristic_two.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Characteristic_two.php new file mode 100644 index 0000000..5cf10e1 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Characteristic_two.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Characteristic_two + * + * @author Jim Wigginton + */ +abstract class Characteristic_two +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'm' => ['type' => ASN1::TYPE_INTEGER], // field size 2**m + 'basis' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'parameters' => [ + 'type' => ASN1::TYPE_ANY, + 'optional' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CountryName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CountryName.php new file mode 100644 index 0000000..d4ce9cd --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/CountryName.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CountryName + * + * @author Jim Wigginton + */ +abstract class CountryName +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + // if class isn't present it's assumed to be \phpseclib3\File\ASN1::CLASS_UNIVERSAL or + // (if constant is present) \phpseclib3\File\ASN1::CLASS_CONTEXT_SPECIFIC + 'class' => ASN1::CLASS_APPLICATION, + 'cast' => 1, + 'children' => [ + 'x121-dcc-code' => ['type' => ASN1::TYPE_NUMERIC_STRING], + 'iso-3166-alpha2-code' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Curve.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Curve.php new file mode 100644 index 0000000..961d47d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Curve.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Curve + * + * @author Jim Wigginton + */ +abstract class Curve +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'a' => FieldElement::MAP, + 'b' => FieldElement::MAP, + 'seed' => [ + 'type' => ASN1::TYPE_BIT_STRING, + 'optional' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DHParameter.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DHParameter.php new file mode 100644 index 0000000..5381e31 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DHParameter.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DHParameter + * + * @author Jim Wigginton + */ +abstract class DHParameter +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'prime' => ['type' => ASN1::TYPE_INTEGER], + 'base' => ['type' => ASN1::TYPE_INTEGER], + 'privateValueLength' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAParams.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAParams.php new file mode 100644 index 0000000..c9bb4ff --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAParams.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DSAParams + * + * @author Jim Wigginton + */ +abstract class DSAParams +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'p' => ['type' => ASN1::TYPE_INTEGER], + 'q' => ['type' => ASN1::TYPE_INTEGER], + 'g' => ['type' => ASN1::TYPE_INTEGER], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAPrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAPrivateKey.php new file mode 100644 index 0000000..423029c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAPrivateKey.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DSAPrivateKey + * + * @author Jim Wigginton + */ +abstract class DSAPrivateKey +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => ['type' => ASN1::TYPE_INTEGER], + 'p' => ['type' => ASN1::TYPE_INTEGER], + 'q' => ['type' => ASN1::TYPE_INTEGER], + 'g' => ['type' => ASN1::TYPE_INTEGER], + 'y' => ['type' => ASN1::TYPE_INTEGER], + 'x' => ['type' => ASN1::TYPE_INTEGER], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAPublicKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAPublicKey.php new file mode 100644 index 0000000..3842c39 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DSAPublicKey.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DSAPublicKey + * + * @author Jim Wigginton + */ +abstract class DSAPublicKey +{ + public const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DigestInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DigestInfo.php new file mode 100644 index 0000000..6a6a448 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DigestInfo.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DigestInfo + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class DigestInfo +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'digestAlgorithm' => AlgorithmIdentifier::MAP, + 'digest' => ['type' => ASN1::TYPE_OCTET_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DirectoryString.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DirectoryString.php new file mode 100644 index 0000000..b92f04f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DirectoryString.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DirectoryString + * + * @author Jim Wigginton + */ +abstract class DirectoryString +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'teletexString' => ['type' => ASN1::TYPE_TELETEX_STRING], + 'printableString' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + 'universalString' => ['type' => ASN1::TYPE_UNIVERSAL_STRING], + 'utf8String' => ['type' => ASN1::TYPE_UTF8_STRING], + 'bmpString' => ['type' => ASN1::TYPE_BMP_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DisplayText.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DisplayText.php new file mode 100644 index 0000000..99fbd8f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DisplayText.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DisplayText + * + * @author Jim Wigginton + */ +abstract class DisplayText +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'ia5String' => ['type' => ASN1::TYPE_IA5_STRING], + 'visibleString' => ['type' => ASN1::TYPE_VISIBLE_STRING], + 'bmpString' => ['type' => ASN1::TYPE_BMP_STRING], + 'utf8String' => ['type' => ASN1::TYPE_UTF8_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DistributionPoint.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DistributionPoint.php new file mode 100644 index 0000000..d9cc611 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DistributionPoint.php @@ -0,0 +1,47 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DistributionPoint + * + * @author Jim Wigginton + */ +abstract class DistributionPoint +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'distributionPoint' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + ] + DistributionPointName::MAP, + 'reasons' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + ReasonFlags::MAP, + 'cRLIssuer' => [ + 'constant' => 2, + 'optional' => true, + 'implicit' => true, + ] + GeneralNames::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DistributionPointName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DistributionPointName.php new file mode 100644 index 0000000..e65eaf2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DistributionPointName.php @@ -0,0 +1,42 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DistributionPointName + * + * @author Jim Wigginton + */ +abstract class DistributionPointName +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'fullName' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + GeneralNames::MAP, + 'nameRelativeToCRLIssuer' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + RelativeDistinguishedName::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DssSigValue.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DssSigValue.php new file mode 100644 index 0000000..60bc9fa --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/DssSigValue.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DssSigValue + * + * @author Jim Wigginton + */ +abstract class DssSigValue +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'r' => ['type' => ASN1::TYPE_INTEGER], + 's' => ['type' => ASN1::TYPE_INTEGER], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECParameters.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECParameters.php new file mode 100644 index 0000000..63a8650 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECParameters.php @@ -0,0 +1,47 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ECParameters + * + * ECParameters ::= CHOICE { + * namedCurve OBJECT IDENTIFIER + * -- implicitCurve NULL + * -- specifiedCurve SpecifiedECDomain + * } + * -- implicitCurve and specifiedCurve MUST NOT be used in PKIX. + * -- Details for SpecifiedECDomain can be found in [X9.62]. + * -- Any future additions to this CHOICE should be coordinated + * -- with ANSI X9. + * + * @author Jim Wigginton + */ +abstract class ECParameters +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'namedCurve' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'implicitCurve' => ['type' => ASN1::TYPE_NULL], + 'specifiedCurve' => SpecifiedECDomain::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECPoint.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECPoint.php new file mode 100644 index 0000000..530ebcf --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECPoint.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ECPoint + * + * @author Jim Wigginton + */ +abstract class ECPoint +{ + public const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECPrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECPrivateKey.php new file mode 100644 index 0000000..e446629 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ECPrivateKey.php @@ -0,0 +1,50 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ECPrivateKey + * + * @author Jim Wigginton + */ +abstract class ECPrivateKey +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => [1 => 'ecPrivkeyVer1'], + ], + 'privateKey' => ['type' => ASN1::TYPE_OCTET_STRING], + 'parameters' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + ] + ECParameters::MAP, + 'publicKey' => [ + 'type' => ASN1::TYPE_BIT_STRING, + 'constant' => 1, + 'optional' => true, + 'explicit' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EDIPartyName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EDIPartyName.php new file mode 100644 index 0000000..9014097 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EDIPartyName.php @@ -0,0 +1,44 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EDIPartyName + * + * @author Jim Wigginton + */ +abstract class EDIPartyName +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'nameAssigner' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + DirectoryString::MAP, + // partyName is technically required but \phpseclib3\File\ASN1 doesn't currently support non-optional constants and + // setting it to optional gets the job done in any event. + 'partyName' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + DirectoryString::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EcdsaSigValue.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EcdsaSigValue.php new file mode 100644 index 0000000..0bd080c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EcdsaSigValue.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EcdsaSigValue + * + * @author Jim Wigginton + */ +abstract class EcdsaSigValue +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'r' => ['type' => ASN1::TYPE_INTEGER], + 's' => ['type' => ASN1::TYPE_INTEGER], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EncryptedData.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EncryptedData.php new file mode 100644 index 0000000..45835ce --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EncryptedData.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EncryptedData + * + * @author Jim Wigginton + */ +abstract class EncryptedData +{ + public const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EncryptedPrivateKeyInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EncryptedPrivateKeyInfo.php new file mode 100644 index 0000000..484ab24 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/EncryptedPrivateKeyInfo.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EncryptedPrivateKeyInfo + * + * @author Jim Wigginton + */ +abstract class EncryptedPrivateKeyInfo +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'encryptionAlgorithm' => AlgorithmIdentifier::MAP, + 'encryptedData' => EncryptedData::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtKeyUsageSyntax.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtKeyUsageSyntax.php new file mode 100644 index 0000000..2488345 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtKeyUsageSyntax.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ExtKeyUsageSyntax + * + * @author Jim Wigginton + */ +abstract class ExtKeyUsageSyntax +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => KeyPurposeId::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Extension.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Extension.php new file mode 100644 index 0000000..a0f3141 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Extension.php @@ -0,0 +1,45 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Extension + * + * A certificate using system MUST reject the certificate if it encounters + * a critical extension it does not recognize; however, a non-critical + * extension may be ignored if it is not recognized. + * + * http://tools.ietf.org/html/rfc5280#section-4.2 + * + * @author Jim Wigginton + */ +abstract class Extension +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'extnId' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'critical' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'optional' => true, + 'default' => false, + ], + 'extnValue' => ['type' => ASN1::TYPE_OCTET_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtensionAttribute.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtensionAttribute.php new file mode 100644 index 0000000..8afb707 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtensionAttribute.php @@ -0,0 +1,44 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ExtensionAttribute + * + * @author Jim Wigginton + */ +abstract class ExtensionAttribute +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'extension-attribute-type' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ], + 'extension-attribute-value' => [ + 'type' => ASN1::TYPE_ANY, + 'constant' => 1, + 'optional' => true, + 'explicit' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtensionAttributes.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtensionAttributes.php new file mode 100644 index 0000000..e69f48b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ExtensionAttributes.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ExtensionAttributes + * + * @author Jim Wigginton + */ +abstract class ExtensionAttributes +{ + public const MAP = [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => 256, // ub-extension-attributes + 'children' => ExtensionAttribute::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Extensions.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Extensions.php new file mode 100644 index 0000000..6e9e98c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Extensions.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Extensions + * + * @author Jim Wigginton + */ +abstract class Extensions +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + // technically, it's MAX, but we'll assume anything < 0 is MAX + 'max' => -1, + // if 'children' isn't an array then 'min' and 'max' must be defined + 'children' => Extension::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/FieldElement.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/FieldElement.php new file mode 100644 index 0000000..0c755b3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/FieldElement.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * FieldElement + * + * @author Jim Wigginton + */ +abstract class FieldElement +{ + public const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/FieldID.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/FieldID.php new file mode 100644 index 0000000..bfd557c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/FieldID.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * FieldID + * + * @author Jim Wigginton + */ +abstract class FieldID +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'fieldType' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'parameters' => [ + 'type' => ASN1::TYPE_ANY, + 'optional' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralName.php new file mode 100644 index 0000000..aaa5625 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralName.php @@ -0,0 +1,82 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralName + * + * @author Jim Wigginton + */ +abstract class GeneralName +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'otherName' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + AnotherName::MAP, + 'rfc822Name' => [ + 'type' => ASN1::TYPE_IA5_STRING, + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ], + 'dNSName' => [ + 'type' => ASN1::TYPE_IA5_STRING, + 'constant' => 2, + 'optional' => true, + 'implicit' => true, + ], + 'x400Address' => [ + 'constant' => 3, + 'optional' => true, + 'implicit' => true, + ] + ORAddress::MAP, + 'directoryName' => [ + 'constant' => 4, + 'optional' => true, + 'explicit' => true, + ] + Name::MAP, + 'ediPartyName' => [ + 'constant' => 5, + 'optional' => true, + 'implicit' => true, + ] + EDIPartyName::MAP, + 'uniformResourceIdentifier' => [ + 'type' => ASN1::TYPE_IA5_STRING, + 'constant' => 6, + 'optional' => true, + 'implicit' => true, + ], + 'iPAddress' => [ + 'type' => ASN1::TYPE_OCTET_STRING, + 'constant' => 7, + 'optional' => true, + 'implicit' => true, + ], + 'registeredID' => [ + 'type' => ASN1::TYPE_OBJECT_IDENTIFIER, + 'constant' => 8, + 'optional' => true, + 'implicit' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralNames.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralNames.php new file mode 100644 index 0000000..6f0ddbe --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralNames.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralNames + * + * @author Jim Wigginton + */ +abstract class GeneralNames +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => GeneralName::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralSubtree.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralSubtree.php new file mode 100644 index 0000000..4b4e929 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralSubtree.php @@ -0,0 +1,44 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralSubtree + * + * @author Jim Wigginton + */ +abstract class GeneralSubtree +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'base' => GeneralName::MAP, + 'minimum' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + 'default' => '0', + ] + BaseDistance::MAP, + 'maximum' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + BaseDistance::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralSubtrees.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralSubtrees.php new file mode 100644 index 0000000..620fa3e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/GeneralSubtrees.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralSubtrees + * + * @author Jim Wigginton + */ +abstract class GeneralSubtrees +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => GeneralSubtree::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/HashAlgorithm.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/HashAlgorithm.php new file mode 100644 index 0000000..dd65c70 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/HashAlgorithm.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +/** + * HashAglorithm + * + * @author Jim Wigginton + */ +abstract class HashAlgorithm +{ + public const MAP = AlgorithmIdentifier::MAP; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/HoldInstructionCode.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/HoldInstructionCode.php new file mode 100644 index 0000000..8f49914 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/HoldInstructionCode.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * HoldInstructionCode + * + * @author Jim Wigginton + */ +abstract class HoldInstructionCode +{ + public const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/InvalidityDate.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/InvalidityDate.php new file mode 100644 index 0000000..6d7af45 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/InvalidityDate.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * InvalidityDate + * + * @author Jim Wigginton + */ +abstract class InvalidityDate +{ + public const MAP = ['type' => ASN1::TYPE_GENERALIZED_TIME]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/IssuerAltName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/IssuerAltName.php new file mode 100644 index 0000000..d4c69dd --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/IssuerAltName.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +/** + * IssuerAltName + * + * @author Jim Wigginton + */ +abstract class IssuerAltName +{ + public const MAP = GeneralNames::MAP; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/IssuingDistributionPoint.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/IssuingDistributionPoint.php new file mode 100644 index 0000000..47f60c8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/IssuingDistributionPoint.php @@ -0,0 +1,70 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * IssuingDistributionPoint + * + * @author Jim Wigginton + */ +abstract class IssuingDistributionPoint +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'distributionPoint' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + ] + DistributionPointName::MAP, + 'onlyContainsUserCerts' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 1, + 'optional' => true, + 'default' => false, + 'implicit' => true, + ], + 'onlyContainsCACerts' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 2, + 'optional' => true, + 'default' => false, + 'implicit' => true, + ], + 'onlySomeReasons' => [ + 'constant' => 3, + 'optional' => true, + 'implicit' => true, + ] + ReasonFlags::MAP, + 'indirectCRL' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 4, + 'optional' => true, + 'default' => false, + 'implicit' => true, + ], + 'onlyContainsAttributeCerts' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 5, + 'optional' => true, + 'default' => false, + 'implicit' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyIdentifier.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyIdentifier.php new file mode 100644 index 0000000..753050e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyIdentifier.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * KeyIdentifier + * + * @author Jim Wigginton + */ +abstract class KeyIdentifier +{ + public const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyPurposeId.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyPurposeId.php new file mode 100644 index 0000000..f82705c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyPurposeId.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * KeyPurposeId + * + * @author Jim Wigginton + */ +abstract class KeyPurposeId +{ + public const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyUsage.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyUsage.php new file mode 100644 index 0000000..3b028aa --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/KeyUsage.php @@ -0,0 +1,41 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * KeyUsage + * + * @author Jim Wigginton + */ +abstract class KeyUsage +{ + public const MAP = [ + 'type' => ASN1::TYPE_BIT_STRING, + 'mapping' => [ + 'digitalSignature', + 'nonRepudiation', + 'keyEncipherment', + 'dataEncipherment', + 'keyAgreement', + 'keyCertSign', + 'cRLSign', + 'encipherOnly', + 'decipherOnly', + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/MaskGenAlgorithm.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/MaskGenAlgorithm.php new file mode 100644 index 0000000..097a35d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/MaskGenAlgorithm.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +/** + * MaskGenAglorithm + * + * @author Jim Wigginton + */ +abstract class MaskGenAlgorithm +{ + public const MAP = AlgorithmIdentifier::MAP; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Name.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Name.php new file mode 100644 index 0000000..0b7740a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Name.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Name + * + * @author Jim Wigginton + */ +abstract class Name +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'rdnSequence' => RDNSequence::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NameConstraints.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NameConstraints.php new file mode 100644 index 0000000..bf8e199 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NameConstraints.php @@ -0,0 +1,42 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NameConstraints + * + * @author Jim Wigginton + */ +abstract class NameConstraints +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'permittedSubtrees' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + GeneralSubtrees::MAP, + 'excludedSubtrees' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + GeneralSubtrees::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NetworkAddress.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NetworkAddress.php new file mode 100644 index 0000000..582820f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NetworkAddress.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NetworkAddress + * + * @author Jim Wigginton + */ +abstract class NetworkAddress +{ + public const MAP = ['type' => ASN1::TYPE_NUMERIC_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NoticeReference.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NoticeReference.php new file mode 100644 index 0000000..58778dd --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NoticeReference.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NoticeReference + * + * @author Jim Wigginton + */ +abstract class NoticeReference +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'organization' => DisplayText::MAP, + 'noticeNumbers' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => 200, + 'children' => ['type' => ASN1::TYPE_INTEGER], + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NumericUserIdentifier.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NumericUserIdentifier.php new file mode 100644 index 0000000..caaae97 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/NumericUserIdentifier.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NumericUserIdentifier + * + * @author Jim Wigginton + */ +abstract class NumericUserIdentifier +{ + public const MAP = ['type' => ASN1::TYPE_NUMERIC_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ORAddress.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ORAddress.php new file mode 100644 index 0000000..a3ccde9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ORAddress.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ORAddress + * + * @author Jim Wigginton + */ +abstract class ORAddress +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'built-in-standard-attributes' => BuiltInStandardAttributes::MAP, + 'built-in-domain-defined-attributes' => ['optional' => true] + BuiltInDomainDefinedAttributes::MAP, + 'extension-attributes' => ['optional' => true] + ExtensionAttributes::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OneAsymmetricKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OneAsymmetricKey.php new file mode 100644 index 0000000..366b403 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OneAsymmetricKey.php @@ -0,0 +1,50 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OneAsymmetricKey + * + * @author Jim Wigginton + */ +abstract class OneAsymmetricKey +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1', 'v2'], + ], + 'privateKeyAlgorithm' => AlgorithmIdentifier::MAP, + 'privateKey' => PrivateKey::MAP, + 'attributes' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + Attributes::MAP, + 'publicKey' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + PublicKey::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OrganizationName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OrganizationName.php new file mode 100644 index 0000000..2f87c3b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OrganizationName.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OrganizationName + * + * @author Jim Wigginton + */ +abstract class OrganizationName +{ + public const MAP = ['type' => ASN1::TYPE_PRINTABLE_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OrganizationalUnitNames.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OrganizationalUnitNames.php new file mode 100644 index 0000000..247a3c3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OrganizationalUnitNames.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OrganizationalUnitNames + * + * @author Jim Wigginton + */ +abstract class OrganizationalUnitNames +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => 4, // ub-organizational-units + 'children' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OtherPrimeInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OtherPrimeInfo.php new file mode 100644 index 0000000..2edf22f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OtherPrimeInfo.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OtherPrimeInfo + * + * @author Jim Wigginton + */ +abstract class OtherPrimeInfo +{ + // version must be multi if otherPrimeInfos present + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'prime' => ['type' => ASN1::TYPE_INTEGER], // ri + 'exponent' => ['type' => ASN1::TYPE_INTEGER], // di + 'coefficient' => ['type' => ASN1::TYPE_INTEGER], // ti + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OtherPrimeInfos.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OtherPrimeInfos.php new file mode 100644 index 0000000..4953dd8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/OtherPrimeInfos.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OtherPrimeInfos + * + * @author Jim Wigginton + */ +abstract class OtherPrimeInfos +{ + // version must be multi if otherPrimeInfos present + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => OtherPrimeInfo::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBEParameter.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBEParameter.php new file mode 100644 index 0000000..cd1c88a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBEParameter.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBEParameter + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBEParameter +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'salt' => ['type' => ASN1::TYPE_OCTET_STRING], + 'iterationCount' => ['type' => ASN1::TYPE_INTEGER], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBES2params.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBES2params.php new file mode 100644 index 0000000..415b6f7 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBES2params.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBES2params + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBES2params +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'keyDerivationFunc' => AlgorithmIdentifier::MAP, + 'encryptionScheme' => AlgorithmIdentifier::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBKDF2params.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBKDF2params.php new file mode 100644 index 0000000..d3d089a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBKDF2params.php @@ -0,0 +1,43 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBKDF2params + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBKDF2params +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + // technically, this is a CHOICE in RFC2898 but the other "choice" is, currently, more of a placeholder + // in the RFC + 'salt' => ['type' => ASN1::TYPE_OCTET_STRING], + 'iterationCount' => ['type' => ASN1::TYPE_INTEGER], + 'keyLength' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true, + ], + 'prf' => AlgorithmIdentifier::MAP + ['optional' => true], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBMAC1params.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBMAC1params.php new file mode 100644 index 0000000..ee114b6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PBMAC1params.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBMAC1params + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBMAC1params +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'keyDerivationFunc' => AlgorithmIdentifier::MAP, + 'messageAuthScheme' => AlgorithmIdentifier::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PKCS9String.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PKCS9String.php new file mode 100644 index 0000000..e5b3806 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PKCS9String.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PKCS9String + * + * @author Jim Wigginton + */ +abstract class PKCS9String +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'ia5String' => ['type' => ASN1::TYPE_IA5_STRING], + 'directoryString' => DirectoryString::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Pentanomial.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Pentanomial.php new file mode 100644 index 0000000..48a4b77 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Pentanomial.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Pentanomial + * + * @author Jim Wigginton + */ +abstract class Pentanomial +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'k1' => ['type' => ASN1::TYPE_INTEGER], // k1 > 0 + 'k2' => ['type' => ASN1::TYPE_INTEGER], // k2 > k1 + 'k3' => ['type' => ASN1::TYPE_INTEGER], // k3 > h2 + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PersonalName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PersonalName.php new file mode 100644 index 0000000..d84c858 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PersonalName.php @@ -0,0 +1,56 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PersonalName + * + * @author Jim Wigginton + */ +abstract class PersonalName +{ + public const MAP = [ + 'type' => ASN1::TYPE_SET, + 'children' => [ + 'surname' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ], + 'given-name' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ], + 'initials' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 2, + 'optional' => true, + 'implicit' => true, + ], + 'generation-qualifier' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 3, + 'optional' => true, + 'implicit' => true, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyInformation.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyInformation.php new file mode 100644 index 0000000..d735eb6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyInformation.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyInformation + * + * @author Jim Wigginton + */ +abstract class PolicyInformation +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'policyIdentifier' => CertPolicyId::MAP, + 'policyQualifiers' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 0, + 'max' => -1, + 'optional' => true, + 'children' => PolicyQualifierInfo::MAP, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyMappings.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyMappings.php new file mode 100644 index 0000000..ab29466 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyMappings.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyMappings + * + * @author Jim Wigginton + */ +abstract class PolicyMappings +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'issuerDomainPolicy' => CertPolicyId::MAP, + 'subjectDomainPolicy' => CertPolicyId::MAP, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyQualifierId.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyQualifierId.php new file mode 100644 index 0000000..5557505 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyQualifierId.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyQualifierId + * + * @author Jim Wigginton + */ +abstract class PolicyQualifierId +{ + public const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyQualifierInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyQualifierInfo.php new file mode 100644 index 0000000..3f9de69 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PolicyQualifierInfo.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyQualifierInfo + * + * @author Jim Wigginton + */ +abstract class PolicyQualifierInfo +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'policyQualifierId' => PolicyQualifierId::MAP, + 'qualifier' => ['type' => ASN1::TYPE_ANY], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PostalAddress.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PostalAddress.php new file mode 100644 index 0000000..77c95b6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PostalAddress.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PostalAddress + * + * @author Jim Wigginton + */ +abstract class PostalAddress +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'optional' => true, + 'min' => 1, + 'max' => -1, + 'children' => DirectoryString::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Prime_p.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Prime_p.php new file mode 100644 index 0000000..4209140 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Prime_p.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Prime_p + * + * @author Jim Wigginton + */ +abstract class Prime_p +{ + public const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateDomainName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateDomainName.php new file mode 100644 index 0000000..efb21a3 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateDomainName.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateDomainName + * + * @author Jim Wigginton + */ +abstract class PrivateDomainName +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'numeric' => ['type' => ASN1::TYPE_NUMERIC_STRING], + 'printable' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKey.php new file mode 100644 index 0000000..c7f8f92 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKey.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateKey + * + * @author Jim Wigginton + */ +abstract class PrivateKey +{ + public const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKeyInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKeyInfo.php new file mode 100644 index 0000000..84146b8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKeyInfo.php @@ -0,0 +1,43 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateKeyInfo + * + * @author Jim Wigginton + */ +abstract class PrivateKeyInfo +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1'], + ], + 'privateKeyAlgorithm' => AlgorithmIdentifier::MAP, + 'privateKey' => PrivateKey::MAP, + 'attributes' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + ] + Attributes::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKeyUsagePeriod.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKeyUsagePeriod.php new file mode 100644 index 0000000..2c78812 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PrivateKeyUsagePeriod.php @@ -0,0 +1,42 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateKeyUsagePeriod + * + * @author Jim Wigginton + */ +abstract class PrivateKeyUsagePeriod +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'notBefore' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + 'type' => ASN1::TYPE_GENERALIZED_TIME, ], + 'notAfter' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + 'type' => ASN1::TYPE_GENERALIZED_TIME, ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKey.php new file mode 100644 index 0000000..576f1e6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKey.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PublicKey + * + * @author Jim Wigginton + */ +abstract class PublicKey +{ + public const MAP = ['type' => ASN1::TYPE_BIT_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKeyAndChallenge.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKeyAndChallenge.php new file mode 100644 index 0000000..d725c58 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKeyAndChallenge.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PublicKeyAndChallenge + * + * @author Jim Wigginton + */ +abstract class PublicKeyAndChallenge +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'spki' => SubjectPublicKeyInfo::MAP, + 'challenge' => ['type' => ASN1::TYPE_IA5_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKeyInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKeyInfo.php new file mode 100644 index 0000000..0bf91cc --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/PublicKeyInfo.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PublicKeyInfo + * + * this format is not formally defined anywhere but is none-the-less the form you + * get when you do "openssl rsa -in private.pem -outform PEM -pubout" + * + * @author Jim Wigginton + */ +abstract class PublicKeyInfo +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'publicKeyAlgorithm' => AlgorithmIdentifier::MAP, + 'publicKey' => ['type' => ASN1::TYPE_BIT_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RC2CBCParameter.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RC2CBCParameter.php new file mode 100644 index 0000000..22b8096 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RC2CBCParameter.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RC2CBCParameter + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class RC2CBCParameter +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'rc2ParametersVersion' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true, + ], + 'iv' => ['type' => ASN1::TYPE_OCTET_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RDNSequence.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RDNSequence.php new file mode 100644 index 0000000..9c3a398 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RDNSequence.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RDNSequence + * + * In practice, RDNs containing multiple name-value pairs (called "multivalued RDNs") are rare, + * but they can be useful at times when either there is no unique attribute in the entry or you + * want to ensure that the entry's DN contains some useful identifying information. + * + * - https://www.opends.org/wiki/page/DefinitionRelativeDistinguishedName + * + * @author Jim Wigginton + */ +abstract class RDNSequence +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + // RDNSequence does not define a min or a max, which means it doesn't have one + 'min' => 0, + 'max' => -1, + 'children' => RelativeDistinguishedName::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSAPrivateKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSAPrivateKey.php new file mode 100644 index 0000000..3084a5e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSAPrivateKey.php @@ -0,0 +1,46 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RSAPrivateKey + * + * @author Jim Wigginton + */ +abstract class RSAPrivateKey +{ + // version must be multi if otherPrimeInfos present + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['two-prime', 'multi'], + ], + 'modulus' => ['type' => ASN1::TYPE_INTEGER], // n + 'publicExponent' => ['type' => ASN1::TYPE_INTEGER], // e + 'privateExponent' => ['type' => ASN1::TYPE_INTEGER], // d + 'prime1' => ['type' => ASN1::TYPE_INTEGER], // p + 'prime2' => ['type' => ASN1::TYPE_INTEGER], // q + 'exponent1' => ['type' => ASN1::TYPE_INTEGER], // d mod (p-1) + 'exponent2' => ['type' => ASN1::TYPE_INTEGER], // d mod (q-1) + 'coefficient' => ['type' => ASN1::TYPE_INTEGER], // (inverse of q) mod p + 'otherPrimeInfos' => OtherPrimeInfos::MAP + ['optional' => true], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSAPublicKey.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSAPublicKey.php new file mode 100644 index 0000000..5ac03f5 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSAPublicKey.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RSAPublicKey + * + * @author Jim Wigginton + */ +abstract class RSAPublicKey +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'modulus' => ['type' => ASN1::TYPE_INTEGER], + 'publicExponent' => ['type' => ASN1::TYPE_INTEGER], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSASSA_PSS_params.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSASSA_PSS_params.php new file mode 100644 index 0000000..b640d3b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RSASSA_PSS_params.php @@ -0,0 +1,60 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RSASSA_PSS_params + * + * @author Jim Wigginton + */ +abstract class RSASSA_PSS_params +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'hashAlgorithm' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + //'default' => 'sha1Identifier' + ] + HashAlgorithm::MAP, + 'maskGenAlgorithm' => [ + 'constant' => 1, + 'optional' => true, + 'explicit' => true, + //'default' => 'mgf1SHA1Identifier' + ] + MaskGenAlgorithm::MAP, + 'saltLength' => [ + 'type' => ASN1::TYPE_INTEGER, + 'constant' => 2, + 'optional' => true, + 'explicit' => true, + 'default' => 20, + ], + 'trailerField' => [ + 'type' => ASN1::TYPE_INTEGER, + 'constant' => 3, + 'optional' => true, + 'explicit' => true, + 'default' => 1, + ], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ReasonFlags.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ReasonFlags.php new file mode 100644 index 0000000..6b9600c --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/ReasonFlags.php @@ -0,0 +1,41 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ReasonFlags + * + * @author Jim Wigginton + */ +abstract class ReasonFlags +{ + public const MAP = [ + 'type' => ASN1::TYPE_BIT_STRING, + 'mapping' => [ + 'unused', + 'keyCompromise', + 'cACompromise', + 'affiliationChanged', + 'superseded', + 'cessationOfOperation', + 'certificateHold', + 'privilegeWithdrawn', + 'aACompromise', + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RelativeDistinguishedName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RelativeDistinguishedName.php new file mode 100644 index 0000000..3e14f2e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RelativeDistinguishedName.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RelativeDistinguishedName + * + * In practice, RDNs containing multiple name-value pairs (called "multivalued RDNs") are rare, + * but they can be useful at times when either there is no unique attribute in the entry or you + * want to ensure that the entry's DN contains some useful identifying information. + * + * - https://www.opends.org/wiki/page/DefinitionRelativeDistinguishedName + * + * @author Jim Wigginton + */ +abstract class RelativeDistinguishedName +{ + public const MAP = [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => -1, + 'children' => AttributeTypeAndValue::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RevokedCertificate.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RevokedCertificate.php new file mode 100644 index 0000000..f96c632 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/RevokedCertificate.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RevokedCertificate + * + * @author Jim Wigginton + */ +abstract class RevokedCertificate +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'userCertificate' => CertificateSerialNumber::MAP, + 'revocationDate' => Time::MAP, + 'crlEntryExtensions' => [ + 'optional' => true, + ] + Extensions::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SignedPublicKeyAndChallenge.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SignedPublicKeyAndChallenge.php new file mode 100644 index 0000000..efb33a9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SignedPublicKeyAndChallenge.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SignedPublicKeyAndChallenge + * + * @author Jim Wigginton + */ +abstract class SignedPublicKeyAndChallenge +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'publicKeyAndChallenge' => PublicKeyAndChallenge::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SpecifiedECDomain.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SpecifiedECDomain.php new file mode 100644 index 0000000..e958a9b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SpecifiedECDomain.php @@ -0,0 +1,47 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SpecifiedECDomain + * + * @author Jim Wigginton + */ +abstract class SpecifiedECDomain +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => [1 => 'ecdpVer1', 'ecdpVer2', 'ecdpVer3'], + ], + 'fieldID' => FieldID::MAP, + 'curve' => Curve::MAP, + 'base' => ECPoint::MAP, + 'order' => ['type' => ASN1::TYPE_INTEGER], + 'cofactor' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true, + ], + 'hash' => ['optional' => true] + HashAlgorithm::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectAltName.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectAltName.php new file mode 100644 index 0000000..7fa74c2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectAltName.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +/** + * SubjectAltName + * + * @author Jim Wigginton + */ +abstract class SubjectAltName +{ + public const MAP = GeneralNames::MAP; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectDirectoryAttributes.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectDirectoryAttributes.php new file mode 100644 index 0000000..7cd72ec --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectDirectoryAttributes.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SubjectDirectoryAttributes + * + * @author Jim Wigginton + */ +abstract class SubjectDirectoryAttributes +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => Attribute::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php new file mode 100644 index 0000000..967d58b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SubjectInfoAccessSyntax + * + * @author Jim Wigginton + */ +abstract class SubjectInfoAccessSyntax +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => AccessDescription::MAP, + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectPublicKeyInfo.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectPublicKeyInfo.php new file mode 100644 index 0000000..aeedc74 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/SubjectPublicKeyInfo.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SubjectPublicKeyInfo + * + * @author Jim Wigginton + */ +abstract class SubjectPublicKeyInfo +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'algorithm' => AlgorithmIdentifier::MAP, + 'subjectPublicKey' => ['type' => ASN1::TYPE_BIT_STRING], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TBSCertList.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TBSCertList.php new file mode 100644 index 0000000..dbfc01f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TBSCertList.php @@ -0,0 +1,56 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * TBSCertList + * + * @author Jim Wigginton + */ +abstract class TBSCertList +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1', 'v2', 'v3'], + 'optional' => true, + 'default' => 'v2', + ], + 'signature' => AlgorithmIdentifier::MAP, + 'issuer' => Name::MAP, + 'thisUpdate' => Time::MAP, + 'nextUpdate' => [ + 'optional' => true, + ] + Time::MAP, + 'revokedCertificates' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'optional' => true, + 'min' => 0, + 'max' => -1, + 'children' => RevokedCertificate::MAP, + ], + 'crlExtensions' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + ] + Extensions::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TBSCertificate.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TBSCertificate.php new file mode 100644 index 0000000..08a6258 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TBSCertificate.php @@ -0,0 +1,67 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * TBSCertificate + * + * @author Jim Wigginton + */ +abstract class TBSCertificate +{ + // assert($TBSCertificate['children']['signature'] == $Certificate['children']['signatureAlgorithm']) + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + // technically, default implies optional, but we'll define it as being optional, none-the-less, just to + // reenforce that fact + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + 'mapping' => ['v1', 'v2', 'v3'], + 'default' => 'v1', + ], + 'serialNumber' => CertificateSerialNumber::MAP, + 'signature' => AlgorithmIdentifier::MAP, + 'issuer' => Name::MAP, + 'validity' => Validity::MAP, + 'subject' => Name::MAP, + 'subjectPublicKeyInfo' => SubjectPublicKeyInfo::MAP, + // implicit means that the T in the TLV structure is to be rewritten, regardless of the type + 'issuerUniqueID' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + UniqueIdentifier::MAP, + 'subjectUniqueID' => [ + 'constant' => 2, + 'optional' => true, + 'implicit' => true, + ] + UniqueIdentifier::MAP, + // doesn't use the EXPLICIT keyword but if + // it's not IMPLICIT, it's EXPLICIT + 'extensions' => [ + 'constant' => 3, + 'optional' => true, + 'explicit' => true, + ] + Extensions::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TerminalIdentifier.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TerminalIdentifier.php new file mode 100644 index 0000000..3153a99 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/TerminalIdentifier.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * TerminalIdentifier + * + * @author Jim Wigginton + */ +abstract class TerminalIdentifier +{ + public const MAP = ['type' => ASN1::TYPE_PRINTABLE_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Time.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Time.php new file mode 100644 index 0000000..431d1e1 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Time.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Time + * + * @author Jim Wigginton + */ +abstract class Time +{ + public const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'utcTime' => ['type' => ASN1::TYPE_UTC_TIME], + 'generalTime' => ['type' => ASN1::TYPE_GENERALIZED_TIME], + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Trinomial.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Trinomial.php new file mode 100644 index 0000000..46c525d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Trinomial.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Trinomial + * + * @author Jim Wigginton + */ +abstract class Trinomial +{ + public const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/UniqueIdentifier.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/UniqueIdentifier.php new file mode 100644 index 0000000..37e4be7 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/UniqueIdentifier.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * UniqueIdentifier + * + * @author Jim Wigginton + */ +abstract class UniqueIdentifier +{ + public const MAP = ['type' => ASN1::TYPE_BIT_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/UserNotice.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/UserNotice.php new file mode 100644 index 0000000..1f172b9 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/UserNotice.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * UserNotice + * + * @author Jim Wigginton + */ +abstract class UserNotice +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'noticeRef' => [ + 'optional' => true, + 'implicit' => true, + ] + NoticeReference::MAP, + 'explicitText' => [ + 'optional' => true, + 'implicit' => true, + ] + DisplayText::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Validity.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Validity.php new file mode 100644 index 0000000..095796f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/Validity.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Validity + * + * @author Jim Wigginton + */ +abstract class Validity +{ + public const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'notBefore' => Time::MAP, + 'notAfter' => Time::MAP, + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_ca_policy_url.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_ca_policy_url.php new file mode 100644 index 0000000..8ee94ac --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_ca_policy_url.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * netscape_ca_policy_url + * + * @author Jim Wigginton + */ +abstract class netscape_ca_policy_url +{ + public const MAP = ['type' => ASN1::TYPE_IA5_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_cert_type.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_cert_type.php new file mode 100644 index 0000000..bfaa638 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_cert_type.php @@ -0,0 +1,42 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * netscape_cert_type + * + * mapping is from + * + * @author Jim Wigginton + */ +abstract class netscape_cert_type +{ + public const MAP = [ + 'type' => ASN1::TYPE_BIT_STRING, + 'mapping' => [ + 'SSLClient', + 'SSLServer', + 'Email', + 'ObjectSigning', + 'Reserved', + 'SSLCA', + 'EmailCA', + 'ObjectSigningCA', + ], + ]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_comment.php b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_comment.php new file mode 100644 index 0000000..fd7f0ca --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/ASN1/Maps/netscape_comment.php @@ -0,0 +1,28 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * netscape_comment + * + * @author Jim Wigginton + */ +abstract class netscape_comment +{ + public const MAP = ['type' => ASN1::TYPE_IA5_STRING]; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/File/X509.php b/qa-tool/htdocs/oidc/phpseclib/File/X509.php new file mode 100644 index 0000000..6b2cd68 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/File/X509.php @@ -0,0 +1,3811 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\File; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\PublicKeyLoader; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\File\ASN1\Element; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP X.509 Parser + * + * @author Jim Wigginton + */ +class X509 +{ + /** + * Flag to only accept signatures signed by certificate authorities + * + * Not really used anymore but retained all the same to suppress E_NOTICEs from old installs + */ + public const VALIDATE_SIGNATURE_BY_CA = 1; + + /** + * Return internal array representation + * + * @see \phpseclib3\File\X509::getDN() + */ + public const DN_ARRAY = 0; + /** + * Return string + * + * @see \phpseclib3\File\X509::getDN() + */ + public const DN_STRING = 1; + /** + * Return ASN.1 name string + * + * @see \phpseclib3\File\X509::getDN() + */ + public const DN_ASN1 = 2; + /** + * Return OpenSSL compatible array + * + * @see \phpseclib3\File\X509::getDN() + */ + public const DN_OPENSSL = 3; + /** + * Return canonical ASN.1 RDNs string + * + * @see \phpseclib3\File\X509::getDN() + */ + public const DN_CANON = 4; + /** + * Return name hash for file indexing + * + * @see \phpseclib3\File\X509::getDN() + */ + public const DN_HASH = 5; + + /** + * Save as PEM + * + * ie. a base64-encoded PEM with a header and a footer + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + */ + public const FORMAT_PEM = 0; + /** + * Save as DER + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + */ + public const FORMAT_DER = 1; + /** + * Save as a SPKAC + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + * + * Only works on CSRs. Not currently supported. + */ + public const FORMAT_SPKAC = 2; + /** + * Auto-detect the format + * + * Used only by the load*() functions + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + */ + public const FORMAT_AUTO_DETECT = 3; + + /** + * Attribute value disposition. + * If disposition is >= 0, this is the index of the target value. + */ + public const ATTR_ALL = -1; // All attribute values (array). + public const ATTR_APPEND = -2; // Add a value. + public const ATTR_REPLACE = -3; // Clear first, then add a value. + + /** + * Distinguished Name + * + * @var array + */ + private $dn; + + /** + * Public key + * + * @var string|PublicKey + */ + private $publicKey; + + /** + * Private key + * + * @var string|PrivateKey + */ + private $privateKey; + + /** + * The certificate authorities + * + * @var array + */ + private $CAs = []; + + /** + * The currently loaded certificate + * + * @var array + */ + private $currentCert; + + /** + * The signature subject + * + * There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally + * encoded so we take save the portion of the original cert that the signature would have made for. + * + * @var string + */ + private $signatureSubject; + + /** + * Certificate Start Date + * + * @var string + */ + private $startDate; + + /** + * Certificate End Date + * + * @var string|Element + */ + private $endDate; + + /** + * Serial Number + * + * @var string + */ + private $serialNumber; + + /** + * Key Identifier + * + * See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and + * {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}. + * + * @var string + */ + private $currentKeyIdentifier; + + /** + * CA Flag + * + * @var bool + */ + private $caFlag = false; + + /** + * SPKAC Challenge + * + * @var string + */ + private $challenge; + + /** + * @var array + */ + private $extensionValues = []; + + /** + * OIDs loaded + * + * @var bool + */ + private static $oidsLoaded = false; + + /** + * Recursion Limit + * + * @var int + */ + private static $recur_limit = 5; + + /** + * URL fetch flag + * + * @var bool + */ + private static $disable_url_fetch = false; + + /** + * @var array + */ + private static $extensions = []; + + /** + * @var ?array + */ + private $ipAddresses = null; + + /** + * @var ?array + */ + private $domains = null; + + public function __construct() + { + // Explicitly Tagged Module, 1988 Syntax + // http://tools.ietf.org/html/rfc5280#appendix-A.1 + + if (!self::$oidsLoaded) { + // OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2 + ASN1::loadOIDs([ + //'id-pkix' => '1.3.6.1.5.5.7', + //'id-pe' => '1.3.6.1.5.5.7.1', + //'id-qt' => '1.3.6.1.5.5.7.2', + //'id-kp' => '1.3.6.1.5.5.7.3', + //'id-ad' => '1.3.6.1.5.5.7.48', + 'id-qt-cps' => '1.3.6.1.5.5.7.2.1', + 'id-qt-unotice' => '1.3.6.1.5.5.7.2.2', + 'id-ad-ocsp' => '1.3.6.1.5.5.7.48.1', + 'id-ad-caIssuers' => '1.3.6.1.5.5.7.48.2', + 'id-ad-timeStamping' => '1.3.6.1.5.5.7.48.3', + 'id-ad-caRepository' => '1.3.6.1.5.5.7.48.5', + //'id-at' => '2.5.4', + 'id-at-name' => '2.5.4.41', + 'id-at-surname' => '2.5.4.4', + 'id-at-givenName' => '2.5.4.42', + 'id-at-initials' => '2.5.4.43', + 'id-at-generationQualifier' => '2.5.4.44', + 'id-at-commonName' => '2.5.4.3', + 'id-at-localityName' => '2.5.4.7', + 'id-at-stateOrProvinceName' => '2.5.4.8', + 'id-at-organizationName' => '2.5.4.10', + 'id-at-organizationalUnitName' => '2.5.4.11', + 'id-at-title' => '2.5.4.12', + 'id-at-description' => '2.5.4.13', + 'id-at-dnQualifier' => '2.5.4.46', + 'id-at-countryName' => '2.5.4.6', + 'id-at-serialNumber' => '2.5.4.5', + 'id-at-pseudonym' => '2.5.4.65', + 'id-at-postalCode' => '2.5.4.17', + 'id-at-streetAddress' => '2.5.4.9', + 'id-at-uniqueIdentifier' => '2.5.4.45', + 'id-at-role' => '2.5.4.72', + 'id-at-postalAddress' => '2.5.4.16', + 'jurisdictionOfIncorporationCountryName' => '1.3.6.1.4.1.311.60.2.1.3', + 'jurisdictionOfIncorporationStateOrProvinceName' => '1.3.6.1.4.1.311.60.2.1.2', + 'jurisdictionLocalityName' => '1.3.6.1.4.1.311.60.2.1.1', + 'id-at-businessCategory' => '2.5.4.15', + + //'id-domainComponent' => '0.9.2342.19200300.100.1.25', + //'pkcs-9' => '1.2.840.113549.1.9', + 'pkcs-9-at-emailAddress' => '1.2.840.113549.1.9.1', + //'id-ce' => '2.5.29', + 'id-ce-authorityKeyIdentifier' => '2.5.29.35', + 'id-ce-subjectKeyIdentifier' => '2.5.29.14', + 'id-ce-keyUsage' => '2.5.29.15', + 'id-ce-privateKeyUsagePeriod' => '2.5.29.16', + 'id-ce-certificatePolicies' => '2.5.29.32', + //'anyPolicy' => '2.5.29.32.0', + + 'id-ce-policyMappings' => '2.5.29.33', + + 'id-ce-subjectAltName' => '2.5.29.17', + 'id-ce-issuerAltName' => '2.5.29.18', + 'id-ce-subjectDirectoryAttributes' => '2.5.29.9', + 'id-ce-basicConstraints' => '2.5.29.19', + 'id-ce-nameConstraints' => '2.5.29.30', + 'id-ce-policyConstraints' => '2.5.29.36', + 'id-ce-cRLDistributionPoints' => '2.5.29.31', + 'id-ce-extKeyUsage' => '2.5.29.37', + //'anyExtendedKeyUsage' => '2.5.29.37.0', + 'id-kp-serverAuth' => '1.3.6.1.5.5.7.3.1', + 'id-kp-clientAuth' => '1.3.6.1.5.5.7.3.2', + 'id-kp-codeSigning' => '1.3.6.1.5.5.7.3.3', + 'id-kp-emailProtection' => '1.3.6.1.5.5.7.3.4', + 'id-kp-timeStamping' => '1.3.6.1.5.5.7.3.8', + 'id-kp-OCSPSigning' => '1.3.6.1.5.5.7.3.9', + 'id-ce-inhibitAnyPolicy' => '2.5.29.54', + 'id-ce-freshestCRL' => '2.5.29.46', + 'id-pe-authorityInfoAccess' => '1.3.6.1.5.5.7.1.1', + 'id-pe-subjectInfoAccess' => '1.3.6.1.5.5.7.1.11', + 'id-ce-cRLNumber' => '2.5.29.20', + 'id-ce-issuingDistributionPoint' => '2.5.29.28', + 'id-ce-deltaCRLIndicator' => '2.5.29.27', + 'id-ce-cRLReasons' => '2.5.29.21', + 'id-ce-certificateIssuer' => '2.5.29.29', + 'id-ce-holdInstructionCode' => '2.5.29.23', + //'holdInstruction' => '1.2.840.10040.2', + 'id-holdinstruction-none' => '1.2.840.10040.2.1', + 'id-holdinstruction-callissuer' => '1.2.840.10040.2.2', + 'id-holdinstruction-reject' => '1.2.840.10040.2.3', + 'id-ce-invalidityDate' => '2.5.29.24', + + 'rsaEncryption' => '1.2.840.113549.1.1.1', + 'md2WithRSAEncryption' => '1.2.840.113549.1.1.2', + 'md5WithRSAEncryption' => '1.2.840.113549.1.1.4', + 'sha1WithRSAEncryption' => '1.2.840.113549.1.1.5', + 'sha224WithRSAEncryption' => '1.2.840.113549.1.1.14', + 'sha256WithRSAEncryption' => '1.2.840.113549.1.1.11', + 'sha384WithRSAEncryption' => '1.2.840.113549.1.1.12', + 'sha512WithRSAEncryption' => '1.2.840.113549.1.1.13', + + 'id-ecPublicKey' => '1.2.840.10045.2.1', + 'ecdsa-with-SHA1' => '1.2.840.10045.4.1', + // from https://tools.ietf.org/html/rfc5758#section-3.2 + 'ecdsa-with-SHA224' => '1.2.840.10045.4.3.1', + 'ecdsa-with-SHA256' => '1.2.840.10045.4.3.2', + 'ecdsa-with-SHA384' => '1.2.840.10045.4.3.3', + 'ecdsa-with-SHA512' => '1.2.840.10045.4.3.4', + + 'id-dsa' => '1.2.840.10040.4.1', + 'id-dsa-with-sha1' => '1.2.840.10040.4.3', + // from https://tools.ietf.org/html/rfc5758#section-3.1 + 'id-dsa-with-sha224' => '2.16.840.1.101.3.4.3.1', + 'id-dsa-with-sha256' => '2.16.840.1.101.3.4.3.2', + + // from https://tools.ietf.org/html/rfc8410: + 'id-Ed25519' => '1.3.101.112', + 'id-Ed448' => '1.3.101.113', + + 'id-RSASSA-PSS' => '1.2.840.113549.1.1.10', + + //'id-sha224' => '2.16.840.1.101.3.4.2.4', + //'id-sha256' => '2.16.840.1.101.3.4.2.1', + //'id-sha384' => '2.16.840.1.101.3.4.2.2', + //'id-sha512' => '2.16.840.1.101.3.4.2.3', + //'id-GostR3411-94-with-GostR3410-94' => '1.2.643.2.2.4', + //'id-GostR3411-94-with-GostR3410-2001' => '1.2.643.2.2.3', + //'id-GostR3410-2001' => '1.2.643.2.2.20', + //'id-GostR3410-94' => '1.2.643.2.2.19', + // Netscape Object Identifiers from "Netscape Certificate Extensions" + 'netscape' => '2.16.840.1.113730', + 'netscape-cert-extension' => '2.16.840.1.113730.1', + 'netscape-cert-type' => '2.16.840.1.113730.1.1', + 'netscape-comment' => '2.16.840.1.113730.1.13', + 'netscape-ca-policy-url' => '2.16.840.1.113730.1.8', + // the following are X.509 extensions not supported by phpseclib + 'id-pe-logotype' => '1.3.6.1.5.5.7.1.12', + 'entrustVersInfo' => '1.2.840.113533.7.65.0', + 'verisignPrivate' => '2.16.840.1.113733.1.6.9', + // for Certificate Signing Requests + // see http://tools.ietf.org/html/rfc2985 + 'pkcs-9-at-unstructuredName' => '1.2.840.113549.1.9.2', // PKCS #9 unstructured name + 'pkcs-9-at-challengePassword' => '1.2.840.113549.1.9.7', // Challenge password for certificate revocations + 'pkcs-9-at-extensionRequest' => '1.2.840.113549.1.9.14', // Certificate extension request + ]); + } + } + + /** + * Load X.509 certificate + * + * Returns an associative array describing the X.509 cert or a false if the cert failed to load + * + * @param array|string $cert + */ + public function loadX509($cert, int $mode = self::FORMAT_AUTO_DETECT) + { + if (is_array($cert) && isset($cert['tbsCertificate'])) { + unset($this->currentCert); + unset($this->currentKeyIdentifier); + $this->dn = $cert['tbsCertificate']['subject']; + if (!isset($this->dn)) { + return false; + } + $this->currentCert = $cert; + + $currentKeyIdentifier = $this->getExtension('id-ce-subjectKeyIdentifier'); + $this->currentKeyIdentifier = is_string($currentKeyIdentifier) ? $currentKeyIdentifier : null; + + unset($this->signatureSubject); + + return $cert; + } + + if ($mode != self::FORMAT_DER) { + $newcert = ASN1::extractBER($cert); + if ($mode == self::FORMAT_PEM && $cert == $newcert) { + return false; + } + $cert = $newcert; + } + + if ($cert === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($cert); + + if ($decoded) { + $x509 = ASN1::asn1map($decoded[0], Maps\Certificate::MAP); + } + if (!isset($x509) || $x509 === false) { + $this->currentCert = false; + return false; + } + + $this->signatureSubject = substr($cert, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + if ($this->isSubArrayValid($x509, 'tbsCertificate/extensions')) { + $this->mapInExtensions($x509, 'tbsCertificate/extensions'); + } + $this->mapInDNs($x509, 'tbsCertificate/issuer/rdnSequence'); + $this->mapInDNs($x509, 'tbsCertificate/subject/rdnSequence'); + + $key = $x509['tbsCertificate']['subjectPublicKeyInfo']; + $key = ASN1::encodeDER($key, Maps\SubjectPublicKeyInfo::MAP); + $x509['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'] = + "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + + $this->currentCert = $x509; + $this->dn = $x509['tbsCertificate']['subject']; + + $currentKeyIdentifier = $this->getExtension('id-ce-subjectKeyIdentifier'); + $this->currentKeyIdentifier = is_string($currentKeyIdentifier) ? $currentKeyIdentifier : null; + + return $x509; + } + + /** + * Save X.509 certificate + * + * @return string|false + */ + public function saveX509(array $cert, int $format = self::FORMAT_PEM) + { + if (!is_array($cert) || !isset($cert['tbsCertificate'])) { + return false; + } + + switch (true) { + // "case !$a: case !$b: break; default: whatever();" is the same thing as "if ($a && $b) whatever()" + case !($algorithm = $this->subArray($cert, 'tbsCertificate/subjectPublicKeyInfo/algorithm/algorithm')): + case is_object($cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): + break; + default: + $cert['tbsCertificate']['subjectPublicKeyInfo'] = new Element( + base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])) + ); + } + + if ($algorithm == 'rsaEncryption') { + $cert['signatureAlgorithm']['parameters'] = null; + $cert['tbsCertificate']['signature']['parameters'] = null; + } + + $filters = []; + $type_utf8_string = ['type' => ASN1::TYPE_UTF8_STRING]; + $filters['tbsCertificate']['signature']['parameters'] = $type_utf8_string; + $filters['tbsCertificate']['signature']['issuer']['rdnSequence']['value'] = $type_utf8_string; + $filters['tbsCertificate']['issuer']['rdnSequence']['value'] = $type_utf8_string; + $filters['tbsCertificate']['subject']['rdnSequence']['value'] = $type_utf8_string; + $filters['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = $type_utf8_string; + $filters['signatureAlgorithm']['parameters'] = $type_utf8_string; + $filters['authorityCertIssuer']['directoryName']['rdnSequence']['value'] = $type_utf8_string; + //$filters['policyQualifiers']['qualifier'] = $type_utf8_string; + $filters['distributionPoint']['fullName']['directoryName']['rdnSequence']['value'] = $type_utf8_string; + $filters['directoryName']['rdnSequence']['value'] = $type_utf8_string; + + foreach (self::$extensions as $extension) { + $filters['tbsCertificate']['extensions'][] = $extension; + } + + /* in the case of policyQualifiers/qualifier, the type has to be \phpseclib3\File\ASN1::TYPE_IA5_STRING. + \phpseclib3\File\ASN1::TYPE_PRINTABLE_STRING will cause OpenSSL's X.509 parser to spit out random + characters. + */ + $filters['policyQualifiers']['qualifier'] + = ['type' => ASN1::TYPE_IA5_STRING]; + + ASN1::setFilters($filters); + + $this->mapOutExtensions($cert, 'tbsCertificate/extensions'); + $this->mapOutDNs($cert, 'tbsCertificate/issuer/rdnSequence'); + $this->mapOutDNs($cert, 'tbsCertificate/subject/rdnSequence'); + + $cert = ASN1::encodeDER($cert, Maps\Certificate::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $cert; + // case self::FORMAT_PEM: + default: + return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(Strings::base64_encode($cert), 64) . '-----END CERTIFICATE-----'; + } + } + + /** + * Map extension values from octet string to extension-specific internal + * format. + */ + private function mapInExtensions(array &$root, string $path): void + { + $extensions = &$this->subArrayUnchecked($root, $path); + + if ($extensions) { + for ($i = 0; $i < count($extensions); $i++) { + $id = $extensions[$i]['extnId']; + $value = &$extensions[$i]['extnValue']; + /* [extnValue] contains the DER encoding of an ASN.1 value + corresponding to the extension type identified by extnID */ + $map = $this->getMapping($id); + if (!is_bool($map)) { + $decoder = $id == 'id-ce-nameConstraints' ? + [static::class, 'decodeNameConstraintIP'] : + [static::class, 'decodeIP']; + $decoded = ASN1::decodeBER($value); + if (!$decoded) { + continue; + } + $mapped = ASN1::asn1map($decoded[0], $map, ['iPAddress' => $decoder]); + $value = $mapped === false ? $decoded[0] : $mapped; + + if ($id == 'id-ce-certificatePolicies') { + for ($j = 0; $j < count($value); $j++) { + if (!isset($value[$j]['policyQualifiers'])) { + continue; + } + for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) { + $subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId']; + $map = $this->getMapping($subid); + $subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier']; + if ($map !== false) { + $decoded = ASN1::decodeBER($subvalue); + if (!$decoded) { + continue; + } + $mapped = ASN1::asn1map($decoded[0], $map); + $subvalue = $mapped === false ? $decoded[0] : $mapped; + } + } + } + } + } + } + } + } + + /** + * Map extension values from extension-specific internal format to + * octet string. + */ + private function mapOutExtensions(array &$root, string $path): void + { + $extensions = &$this->subArray($root, $path, !empty($this->extensionValues)); + + foreach ($this->extensionValues as $id => $data) { + extract($data); + $newext = [ + 'extnId' => $id, + 'extnValue' => $value, + 'critical' => $critical, + ]; + if ($replace) { + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + $extensions[$key] = $newext; + continue 2; + } + } + } + $extensions[] = $newext; + } + + if (is_array($extensions)) { + $size = count($extensions); + for ($i = 0; $i < $size; $i++) { + if ($extensions[$i] instanceof Element) { + continue; + } + + $id = $extensions[$i]['extnId']; + $value = &$extensions[$i]['extnValue']; + + switch ($id) { + case 'id-ce-certificatePolicies': + for ($j = 0; $j < count($value); $j++) { + if (!isset($value[$j]['policyQualifiers'])) { + continue; + } + for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) { + $subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId']; + $map = $this->getMapping($subid); + $subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier']; + if ($map !== false) { + // by default \phpseclib3\File\ASN1 will try to render qualifier as a \phpseclib3\File\ASN1::TYPE_IA5_STRING since it's + // actual type is \phpseclib3\File\ASN1::TYPE_ANY + $subvalue = new Element(ASN1::encodeDER($subvalue, $map)); + } + } + } + break; + case 'id-ce-authorityKeyIdentifier': // use 00 as the serial number instead of an empty string + if (isset($value['authorityCertSerialNumber'])) { + if ($value['authorityCertSerialNumber']->toBytes() == '') { + $temp = chr((ASN1::CLASS_CONTEXT_SPECIFIC << 6) | 2) . "\1\0"; + $value['authorityCertSerialNumber'] = new Element($temp); + } + } + } + + /* [extnValue] contains the DER encoding of an ASN.1 value + corresponding to the extension type identified by extnID */ + $map = $this->getMapping($id); + if (is_bool($map)) { + if (!$map) { + //user_error($id . ' is not a currently supported extension'); + unset($extensions[$i]); + } + } else { + $value = ASN1::encodeDER($value, $map, ['iPAddress' => [static::class, 'encodeIP']]); + } + } + } + } + + /** + * Map attribute values from ANY type to attribute-specific internal + * format. + * + * @param array $root (by reference) + */ + private function mapInAttributes(array &$root, string $path): void + { + $attributes = &$this->subArray($root, $path); + + if (is_array($attributes)) { + for ($i = 0; $i < count($attributes); $i++) { + $id = $attributes[$i]['type']; + /* $value contains the DER encoding of an ASN.1 value + corresponding to the attribute type identified by type */ + $map = $this->getMapping($id); + if (is_array($attributes[$i]['value'])) { + $values = &$attributes[$i]['value']; + for ($j = 0; $j < count($values); $j++) { + $value = ASN1::encodeDER($values[$j], Maps\AttributeValue::MAP); + $decoded = ASN1::decodeBER($value); + if (!is_bool($map)) { + if (!$decoded) { + continue; + } + $mapped = ASN1::asn1map($decoded[0], $map); + if ($mapped !== false) { + $values[$j] = $mapped; + } + if ($id == 'pkcs-9-at-extensionRequest' && $this->isSubArrayValid($values, (string) $j)) { + $this->mapInExtensions($values, (string) $j); + } + } elseif ($map) { + $values[$j] = $value; + } + } + } + } + } + } + + /** + * Map attribute values from attribute-specific internal format to + * ANY type. + * + * @param array $root (by reference) + */ + private function mapOutAttributes(array &$root, string $path): void + { + $attributes = &$this->subArray($root, $path); + + if (is_array($attributes)) { + $size = count($attributes); + for ($i = 0; $i < $size; $i++) { + /* [value] contains the DER encoding of an ASN.1 value + corresponding to the attribute type identified by type */ + $id = $attributes[$i]['type']; + $map = $this->getMapping($id); + if ($map === false) { + //user_error($id . ' is not a currently supported attribute', E_USER_NOTICE); + unset($attributes[$i]); + } elseif (is_array($attributes[$i]['value'])) { + $values = &$attributes[$i]['value']; + for ($j = 0; $j < count($values); $j++) { + switch ($id) { + case 'pkcs-9-at-extensionRequest': + $this->mapOutExtensions($values, $j); + break; + } + + if (!is_bool($map)) { + $temp = ASN1::encodeDER($values[$j], $map); + $decoded = ASN1::decodeBER($temp); + if (!$decoded) { + continue; + } + $values[$j] = ASN1::asn1map($decoded[0], Maps\AttributeValue::MAP); + } + } + } + } + } + } + + /** + * Map DN values from ANY type to DN-specific internal + * format. + */ + private function mapInDNs(array &$root, string $path): void + { + $dns = &$this->subArray($root, $path); + + if (is_array($dns)) { + for ($i = 0; $i < count($dns); $i++) { + for ($j = 0; $j < count($dns[$i]); $j++) { + $type = $dns[$i][$j]['type']; + $value = &$dns[$i][$j]['value']; + if (is_object($value) && $value instanceof Element) { + $map = $this->getMapping($type); + if (!is_bool($map)) { + $decoded = ASN1::decodeBER($value); + if (!$decoded) { + continue; + } + $value = ASN1::asn1map($decoded[0], $map); + } + } + } + } + } + } + + /** + * Map DN values from DN-specific internal format to + * ANY type. + * + * @param array $root (by reference) + */ + private function mapOutDNs(array &$root, string $path): void + { + $dns = &$this->subArray($root, $path); + + if (is_array($dns)) { + $size = count($dns); + for ($i = 0; $i < $size; $i++) { + for ($j = 0; $j < count($dns[$i]); $j++) { + $type = $dns[$i][$j]['type']; + $value = &$dns[$i][$j]['value']; + if (is_object($value) && $value instanceof Element) { + continue; + } + + $map = $this->getMapping($type); + if (!is_bool($map)) { + $value = new Element(ASN1::encodeDER($value, $map)); + } + } + } + } + } + + /** + * Associate an extension ID to an extension mapping + */ + private function getMapping(string $extnId) + { + if (!is_string($extnId)) { // eg. if it's a \phpseclib3\File\ASN1\Element object + return true; + } + + if (isset(self::$extensions[$extnId])) { + return self::$extensions[$extnId]; + } + + switch ($extnId) { + case 'id-ce-keyUsage': + return Maps\KeyUsage::MAP; + case 'id-ce-basicConstraints': + return Maps\BasicConstraints::MAP; + case 'id-ce-subjectKeyIdentifier': + return Maps\KeyIdentifier::MAP; + case 'id-ce-cRLDistributionPoints': + return Maps\CRLDistributionPoints::MAP; + case 'id-ce-authorityKeyIdentifier': + return Maps\AuthorityKeyIdentifier::MAP; + case 'id-ce-certificatePolicies': + return Maps\CertificatePolicies::MAP; + case 'id-ce-extKeyUsage': + return Maps\ExtKeyUsageSyntax::MAP; + case 'id-pe-authorityInfoAccess': + return Maps\AuthorityInfoAccessSyntax::MAP; + case 'id-ce-subjectAltName': + return Maps\SubjectAltName::MAP; + case 'id-ce-subjectDirectoryAttributes': + return Maps\SubjectDirectoryAttributes::MAP; + case 'id-ce-privateKeyUsagePeriod': + return Maps\PrivateKeyUsagePeriod::MAP; + case 'id-ce-issuerAltName': + return Maps\IssuerAltName::MAP; + case 'id-ce-policyMappings': + return Maps\PolicyMappings::MAP; + case 'id-ce-nameConstraints': + return Maps\NameConstraints::MAP; + + case 'netscape-cert-type': + return Maps\netscape_cert_type::MAP; + case 'netscape-comment': + return Maps\netscape_comment::MAP; + case 'netscape-ca-policy-url': + return Maps\netscape_ca_policy_url::MAP; + + // since id-qt-cps isn't a constructed type it will have already been decoded as a string by the time it gets + // back around to asn1map() and we don't want it decoded again. + //case 'id-qt-cps': + // return Maps\CPSuri::MAP; + case 'id-qt-unotice': + return Maps\UserNotice::MAP; + + // the following OIDs are unsupported but we don't want them to give notices when calling saveX509(). + case 'id-pe-logotype': // http://www.ietf.org/rfc/rfc3709.txt + case 'entrustVersInfo': + // http://support.microsoft.com/kb/287547 + case '1.3.6.1.4.1.311.20.2': // szOID_ENROLL_CERTTYPE_EXTENSION + case '1.3.6.1.4.1.311.21.1': // szOID_CERTSRV_CA_VERSION + // "SET Secure Electronic Transaction Specification" + // http://www.maithean.com/docs/set_bk3.pdf + case '2.23.42.7.0': // id-set-hashedRootKey + // "Certificate Transparency" + // https://tools.ietf.org/html/rfc6962 + case '1.3.6.1.4.1.11129.2.4.2': + // "Qualified Certificate statements" + // https://tools.ietf.org/html/rfc3739#section-3.2.6 + case '1.3.6.1.5.5.7.1.3': + return true; + + // CSR attributes + case 'pkcs-9-at-unstructuredName': + return Maps\PKCS9String::MAP; + case 'pkcs-9-at-challengePassword': + return Maps\DirectoryString::MAP; + case 'pkcs-9-at-extensionRequest': + return Maps\Extensions::MAP; + + // CRL extensions. + case 'id-ce-cRLNumber': + return Maps\CRLNumber::MAP; + case 'id-ce-deltaCRLIndicator': + return Maps\CRLNumber::MAP; + case 'id-ce-issuingDistributionPoint': + return Maps\IssuingDistributionPoint::MAP; + case 'id-ce-freshestCRL': + return Maps\CRLDistributionPoints::MAP; + case 'id-ce-cRLReasons': + return Maps\CRLReason::MAP; + case 'id-ce-invalidityDate': + return Maps\InvalidityDate::MAP; + case 'id-ce-certificateIssuer': + return Maps\CertificateIssuer::MAP; + case 'id-ce-holdInstructionCode': + return Maps\HoldInstructionCode::MAP; + case 'id-at-postalAddress': + return Maps\PostalAddress::MAP; + } + + return false; + } + + /** + * Load an X.509 certificate as a certificate authority + */ + public function loadCA(string $cert): bool + { + $olddn = $this->dn; + $oldcert = $this->currentCert; + $oldsigsubj = $this->signatureSubject; + $oldkeyid = $this->currentKeyIdentifier; + + $cert = $this->loadX509($cert); + if (!$cert) { + $this->dn = $olddn; + $this->currentCert = $oldcert; + $this->signatureSubject = $oldsigsubj; + $this->currentKeyIdentifier = $oldkeyid; + + return false; + } + + /* From RFC5280 "PKIX Certificate and CRL Profile": + + If the keyUsage extension is present, then the subject public key + MUST NOT be used to verify signatures on certificates or CRLs unless + the corresponding keyCertSign or cRLSign bit is set. */ + //$keyUsage = $this->getExtension('id-ce-keyUsage'); + //if ($keyUsage && !in_array('keyCertSign', $keyUsage)) { + // return false; + //} + + /* From RFC5280 "PKIX Certificate and CRL Profile": + + The cA boolean indicates whether the certified public key may be used + to verify certificate signatures. If the cA boolean is not asserted, + then the keyCertSign bit in the key usage extension MUST NOT be + asserted. If the basic constraints extension is not present in a + version 3 certificate, or the extension is present but the cA boolean + is not asserted, then the certified public key MUST NOT be used to + verify certificate signatures. */ + //$basicConstraints = $this->getExtension('id-ce-basicConstraints'); + //if (!$basicConstraints || !$basicConstraints['cA']) { + // return false; + //} + + $this->CAs[] = $cert; + + $this->dn = $olddn; + $this->currentCert = $oldcert; + $this->signatureSubject = $oldsigsubj; + + return true; + } + + /** + * Validate an X.509 certificate against a URL + * + * From RFC2818 "HTTP over TLS": + * + * Matching is performed using the matching rules specified by + * [RFC2459]. If more than one identity of a given type is present in + * the certificate (e.g., more than one dNSName name, a match in any one + * of the set is considered acceptable.) Names may contain the wildcard + * character * which is considered to match any single domain name + * component or component fragment. E.g., *.a.com matches foo.a.com but + * not bar.foo.a.com. f*.com matches foo.com but not bar.com. + */ + public function validateURL(string $url): bool + { + if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { + return false; + } + + $components = parse_url($url); + if (!isset($components['host'])) { + return false; + } + + if ($names = $this->getExtension('id-ce-subjectAltName')) { + foreach ($names as $name) { + foreach ($name as $key => $value) { + $value = preg_quote($value); + $value = str_replace('\*', '[^.]*', $value); + switch ($key) { + case 'dNSName': + /* From RFC2818 "HTTP over TLS": + + If a subjectAltName extension of type dNSName is present, that MUST + be used as the identity. Otherwise, the (most specific) Common Name + field in the Subject field of the certificate MUST be used. Although + the use of the Common Name is existing practice, it is deprecated and + Certification Authorities are encouraged to use the dNSName instead. */ + if (preg_match('#^' . $value . '$#', $components['host'])) { + return true; + } + break; + case 'iPAddress': + /* From RFC2818 "HTTP over TLS": + + In some cases, the URI is specified as an IP address rather than a + hostname. In this case, the iPAddress subjectAltName must be present + in the certificate and must exactly match the IP in the URI. */ + if (preg_match('#(?:\d{1-3}\.){4}#', $components['host'] . '.') && preg_match('#^' . $value . '$#', $components['host'])) { + return true; + } + } + } + } + return false; + } + + if ($value = $this->getDNProp('id-at-commonName')) { + $value = str_replace(['.', '*'], ['\.', '[^.]*'], $value[0]); + return preg_match('#^' . $value . '$#', $components['host']) === 1; + } + + return false; + } + + /** + * Validate a date + * + * If $date isn't defined it is assumed to be the current date. + * + * @param \DateTimeInterface|string $date optional + */ + public function validateDate($date = null): bool + { + if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { + return false; + } + + if (!isset($date)) { + $date = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + } + + $notBefore = $this->currentCert['tbsCertificate']['validity']['notBefore']; + $notBefore = $notBefore['generalTime'] ?? $notBefore['utcTime']; + + $notAfter = $this->currentCert['tbsCertificate']['validity']['notAfter']; + $notAfter = $notAfter['generalTime'] ?? $notAfter['utcTime']; + + if (is_string($date)) { + $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); + } + + $notBefore = new \DateTimeImmutable($notBefore, new \DateTimeZone(@date_default_timezone_get())); + $notAfter = new \DateTimeImmutable($notAfter, new \DateTimeZone(@date_default_timezone_get())); + + return $date >= $notBefore && $date <= $notAfter; + } + + /** + * Fetches a URL + * + * @return bool|string + */ + private static function fetchURL(string $url) + { + if (self::$disable_url_fetch) { + return false; + } + + $parts = parse_url($url); + $data = ''; + switch ($parts['scheme']) { + case 'http': + $fsock = @fsockopen($parts['host'], $parts['port'] ?? 80); + if (!$fsock) { + return false; + } + $path = $parts['path']; + if (isset($parts['query'])) { + $path .= '?' . $parts['query']; + } + fwrite($fsock, "GET $path HTTP/1.0\r\n"); + fwrite($fsock, "Host: $parts[host]\r\n\r\n"); + $line = fgets($fsock, 1024); + if (strlen($line) < 3) { + return false; + } + preg_match('#HTTP/1.\d (\d{3})#', $line, $temp); + if ($temp[1] != '200') { + return false; + } + + // skip the rest of the headers in the http response + while (!feof($fsock) && fgets($fsock, 1024) != "\r\n") { + } + + while (!feof($fsock)) { + $temp = fread($fsock, 1024); + if ($temp === false) { + return false; + } + $data .= $temp; + } + + break; + //case 'ftp': + //case 'ldap': + //default: + } + + return $data; + } + + /** + * Validates an intermediate cert as identified via authority info access extension + * + * See https://tools.ietf.org/html/rfc4325 for more info + */ + private function testForIntermediate(bool $caonly, int $count): bool + { + $opts = $this->getExtension('id-pe-authorityInfoAccess'); + if (!is_array($opts)) { + return false; + } + foreach ($opts as $opt) { + if ($opt['accessMethod'] == 'id-ad-caIssuers') { + // accessLocation is a GeneralName. GeneralName fields support stuff like email addresses, IP addresses, LDAP, + // etc, but we're only supporting URI's. URI's and LDAP are the only thing https://tools.ietf.org/html/rfc4325 + // discusses + if (isset($opt['accessLocation']['uniformResourceIdentifier'])) { + $url = $opt['accessLocation']['uniformResourceIdentifier']; + break; + } + } + } + + if (!isset($url)) { + return false; + } + + $cert = static::fetchURL($url); + if (!is_string($cert)) { + return false; + } + + $parent = new static(); + $parent->CAs = $this->CAs; + /* + "Conforming applications that support HTTP or FTP for accessing + certificates MUST be able to accept .cer files and SHOULD be able + to accept .p7c files." -- https://tools.ietf.org/html/rfc4325 + + A .p7c file is 'a "certs-only" CMS message as specified in RFC 2797" + + These are currently unsupported + */ + if (!is_array($parent->loadX509($cert))) { + return false; + } + + if (!$parent->validateSignatureCountable($caonly, ++$count)) { + return false; + } + + $this->CAs[] = $parent->currentCert; + //$this->loadCA($cert); + + return true; + } + + /** + * Validate a signature + * + * Works on X.509 certs, CSR's and CRL's. + * Returns true if the signature is verified, false if it is not correct or null on error + * + * By default returns false for self-signed certs. Call validateSignature(false) to make this support + * self-signed. + * + * The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}. + * + * @param bool $caonly optional + */ + public function validateSignature(bool $caonly = true): ?bool + { + return $this->validateSignatureCountable($caonly, 0); + } + + /** + * Validate a signature + * + * Performs said validation whilst keeping track of how many times validation method is called + */ + private function validateSignatureCountable(bool $caonly, int $count): ?bool + { + if (!is_array($this->currentCert) || !isset($this->signatureSubject)) { + return null; + } + + if ($count == self::$recur_limit) { + return false; + } + + /* TODO: + "emailAddress attribute values are not case-sensitive (e.g., "subscriber@example.com" is the same as "SUBSCRIBER@EXAMPLE.COM")." + -- http://tools.ietf.org/html/rfc5280#section-4.1.2.6 + + implement pathLenConstraint in the id-ce-basicConstraints extension */ + + switch (true) { + case isset($this->currentCert['tbsCertificate']): + // self-signed cert + switch (true) { + case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertificate']['issuer'] === $this->currentCert['tbsCertificate']['subject']: + case defined('FILE_X509_IGNORE_TYPE') && $this->getIssuerDN(self::DN_STRING) === $this->getDN(self::DN_STRING): + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier'); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier'); + switch (true) { + case !is_array($authorityKey): + case !$subjectKeyID: + case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + $signingCert = $this->currentCert; // working cert + } + } + + if (!empty($this->CAs)) { + for ($i = 0; $i < count($this->CAs); $i++) { + // even if the cert is a self-signed one we still want to see if it's a CA; + // if not, we'll conditionally return an error + $ca = $this->CAs[$i]; + switch (true) { + case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertificate']['issuer'] === $ca['tbsCertificate']['subject']: + case defined('FILE_X509_IGNORE_TYPE') && $this->getDN(self::DN_STRING, $this->currentCert['tbsCertificate']['issuer']) === $this->getDN(self::DN_STRING, $ca['tbsCertificate']['subject']): + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier'); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca); + switch (true) { + case !is_array($authorityKey): + case !$subjectKeyID: + case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && !$authorityKey['authorityCertSerialNumber']->equals($ca['tbsCertificate']['serialNumber'])) { + break 2; // serial mismatch - check other ca + } + $signingCert = $ca; // working cert + break 3; + } + } + } + if (count($this->CAs) == $i && $caonly) { + return $this->testForIntermediate($caonly, $count) && $this->validateSignature($caonly); + } + } elseif (!isset($signingCert) || $caonly) { + return $this->testForIntermediate($caonly, $count) && $this->validateSignature($caonly); + } + return $this->validateSignatureHelper( + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'], + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + case isset($this->currentCert['certificationRequestInfo']): + return $this->validateSignatureHelper( + $this->currentCert['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm'], + $this->currentCert['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + case isset($this->currentCert['publicKeyAndChallenge']): + return $this->validateSignatureHelper( + $this->currentCert['publicKeyAndChallenge']['spki']['algorithm']['algorithm'], + $this->currentCert['publicKeyAndChallenge']['spki']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + case isset($this->currentCert['tbsCertList']): + if (!empty($this->CAs)) { + for ($i = 0; $i < count($this->CAs); $i++) { + $ca = $this->CAs[$i]; + switch (true) { + case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertList']['issuer'] === $ca['tbsCertificate']['subject']: + case defined('FILE_X509_IGNORE_TYPE') && $this->getDN(self::DN_STRING, $this->currentCert['tbsCertList']['issuer']) === $this->getDN(self::DN_STRING, $ca['tbsCertificate']['subject']): + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier'); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca); + switch (true) { + case !is_array($authorityKey): + case !$subjectKeyID: + case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && !$authorityKey['authorityCertSerialNumber']->equals($ca['tbsCertificate']['serialNumber'])) { + break 2; // serial mismatch - check other ca + } + $signingCert = $ca; // working cert + break 3; + } + } + } + } + if (!isset($signingCert)) { + return false; + } + return $this->validateSignatureHelper( + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'], + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + default: + return false; + } + } + + /** + * Validates a signature + * + * Returns true if the signature is verified and false if it is not correct. + * If the algorithms are unsupposed an exception is thrown. + * + * @throws UnsupportedAlgorithmException if the algorithm is unsupported + */ + private function validateSignatureHelper(string $publicKeyAlgorithm, string $publicKey, string $signatureAlgorithm, string $signature, string $signatureSubject): bool + { + switch ($publicKeyAlgorithm) { + case 'id-RSASSA-PSS': + $key = RSA::loadFormat('PSS', $publicKey); + break; + case 'rsaEncryption': + $key = RSA::loadFormat('PKCS8', $publicKey); + switch ($signatureAlgorithm) { + case 'id-RSASSA-PSS': + break; + case 'md2WithRSAEncryption': + case 'md5WithRSAEncryption': + case 'sha1WithRSAEncryption': + case 'sha224WithRSAEncryption': + case 'sha256WithRSAEncryption': + case 'sha384WithRSAEncryption': + case 'sha512WithRSAEncryption': + $key = $key + ->withHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm)) + ->withPadding(RSA::SIGNATURE_PKCS1); + break; + default: + throw new UnsupportedAlgorithmException('Signature algorithm unsupported'); + } + break; + case 'id-Ed25519': + case 'id-Ed448': + $key = EC::loadFormat('PKCS8', $publicKey); + break; + case 'id-ecPublicKey': + $key = EC::loadFormat('PKCS8', $publicKey); + switch ($signatureAlgorithm) { + case 'ecdsa-with-SHA1': + case 'ecdsa-with-SHA224': + case 'ecdsa-with-SHA256': + case 'ecdsa-with-SHA384': + case 'ecdsa-with-SHA512': + $key = $key + ->withHash(preg_replace('#^ecdsa-with-#', '', strtolower($signatureAlgorithm))); + break; + default: + throw new UnsupportedAlgorithmException('Signature algorithm unsupported'); + } + break; + case 'id-dsa': + $key = DSA::loadFormat('PKCS8', $publicKey); + switch ($signatureAlgorithm) { + case 'id-dsa-with-sha1': + case 'id-dsa-with-sha224': + case 'id-dsa-with-sha256': + $key = $key + ->withHash(preg_replace('#^id-dsa-with-#', '', strtolower($signatureAlgorithm))); + break; + default: + throw new UnsupportedAlgorithmException('Signature algorithm unsupported'); + } + break; + default: + throw new UnsupportedAlgorithmException('Public key algorithm unsupported'); + } + + return $key->verify($signatureSubject, $signature); + } + + /** + * Sets the recursion limit + * + * When validating a signature it may be necessary to download intermediate certs from URI's. + * An intermediate cert that linked to itself would result in an infinite loop so to prevent + * that we set a recursion limit. A negative number means that there is no recursion limit. + */ + public static function setRecurLimit(int $count): void + { + self::$recur_limit = $count; + } + + /** + * Prevents URIs from being automatically retrieved + */ + public static function disableURLFetch(): void + { + self::$disable_url_fetch = true; + } + + /** + * Allows URIs to be automatically retrieved + */ + public static function enableURLFetch(): void + { + self::$disable_url_fetch = false; + } + + /** + * Decodes an IP address + * + * Takes in a base64 encoded "blob" and returns a human readable IP address + */ + public static function decodeIP(string $ip): string + { + return inet_ntop($ip); + } + + /** + * Decodes an IP address in a name constraints extension + * + * Takes in a base64 encoded "blob" and returns a human readable IP address / mask + */ + public static function decodeNameConstraintIP(string $ip): array + { + $size = strlen($ip) >> 1; + $mask = substr($ip, $size); + $ip = substr($ip, 0, $size); + return [inet_ntop($ip), inet_ntop($mask)]; + } + + /** + * Encodes an IP address + * + * Takes a human readable IP address into a base64-encoded "blob" + * + * @param string|array $ip + */ + public static function encodeIP($ip): string + { + return is_string($ip) ? + inet_pton($ip) : + inet_pton($ip[0]) . inet_pton($ip[1]); + } + + /** + * "Normalizes" a Distinguished Name property + */ + private function translateDNProp(string $propName) + { + switch (strtolower($propName)) { + case 'jurisdictionofincorporationcountryname': + case 'jurisdictioncountryname': + case 'jurisdictionc': + return 'jurisdictionOfIncorporationCountryName'; + case 'jurisdictionofincorporationstateorprovincename': + case 'jurisdictionstateorprovincename': + case 'jurisdictionst': + return 'jurisdictionOfIncorporationStateOrProvinceName'; + case 'jurisdictionlocalityname': + case 'jurisdictionl': + return 'jurisdictionLocalityName'; + case 'id-at-businesscategory': + case 'businesscategory': + return 'id-at-businessCategory'; + case 'id-at-countryname': + case 'countryname': + case 'c': + return 'id-at-countryName'; + case 'id-at-organizationname': + case 'organizationname': + case 'o': + return 'id-at-organizationName'; + case 'id-at-dnqualifier': + case 'dnqualifier': + return 'id-at-dnQualifier'; + case 'id-at-commonname': + case 'commonname': + case 'cn': + return 'id-at-commonName'; + case 'id-at-stateorprovincename': + case 'stateorprovincename': + case 'state': + case 'province': + case 'provincename': + case 'st': + return 'id-at-stateOrProvinceName'; + case 'id-at-localityname': + case 'localityname': + case 'l': + return 'id-at-localityName'; + case 'id-emailaddress': + case 'emailaddress': + return 'pkcs-9-at-emailAddress'; + case 'id-at-serialnumber': + case 'serialnumber': + return 'id-at-serialNumber'; + case 'id-at-postalcode': + case 'postalcode': + return 'id-at-postalCode'; + case 'id-at-streetaddress': + case 'streetaddress': + return 'id-at-streetAddress'; + case 'id-at-name': + case 'name': + return 'id-at-name'; + case 'id-at-givenname': + case 'givenname': + return 'id-at-givenName'; + case 'id-at-surname': + case 'surname': + case 'sn': + return 'id-at-surname'; + case 'id-at-initials': + case 'initials': + return 'id-at-initials'; + case 'id-at-generationqualifier': + case 'generationqualifier': + return 'id-at-generationQualifier'; + case 'id-at-organizationalunitname': + case 'organizationalunitname': + case 'ou': + return 'id-at-organizationalUnitName'; + case 'id-at-pseudonym': + case 'pseudonym': + return 'id-at-pseudonym'; + case 'id-at-title': + case 'title': + return 'id-at-title'; + case 'id-at-description': + case 'description': + return 'id-at-description'; + case 'id-at-role': + case 'role': + return 'id-at-role'; + case 'id-at-uniqueidentifier': + case 'uniqueidentifier': + case 'x500uniqueidentifier': + return 'id-at-uniqueIdentifier'; + case 'postaladdress': + case 'id-at-postaladdress': + return 'id-at-postalAddress'; + default: + return false; + } + } + + /** + * Set a Distinguished Name property + * + * @param string $type optional + */ + public function setDNProp(string $propName, $propValue, string $type = 'utf8String'): bool + { + if (empty($this->dn)) { + $this->dn = ['rdnSequence' => []]; + } + + if (($propName = $this->translateDNProp($propName)) === false) { + return false; + } + + foreach ((array) $propValue as $v) { + if (!is_array($v) && isset($type)) { + $v = [$type => $v]; + } + $this->dn['rdnSequence'][] = [ + [ + 'type' => $propName, + 'value' => $v, + ], + ]; + } + + return true; + } + + /** + * Remove Distinguished Name properties + */ + public function removeDNProp(string $propName): void + { + if (empty($this->dn)) { + return; + } + + if (($propName = $this->translateDNProp($propName)) === false) { + return; + } + + $dn = &$this->dn['rdnSequence']; + $size = count($dn); + for ($i = 0; $i < $size; $i++) { + if ($dn[$i][0]['type'] == $propName) { + unset($dn[$i]); + } + } + + $dn = array_values($dn); + // fix for https://bugs.php.net/75433 affecting PHP 7.2 + if (!isset($dn[0])) { + $dn = array_splice($dn, 0, 0); + } + } + + /** + * Get Distinguished Name properties + */ + public function getDNProp(string $propName, ?array $dn = null, bool $withType = false) + { + if (!isset($dn)) { + $dn = $this->dn; + } + + if (empty($dn)) { + return false; + } + + if (($propName = $this->translateDNProp($propName)) === false) { + return false; + } + + $filters = []; + $filters['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $this->mapOutDNs($dn, 'rdnSequence'); + $dn = $dn['rdnSequence']; + $result = []; + for ($i = 0; $i < count($dn); $i++) { + if ($dn[$i][0]['type'] == $propName) { + $v = $dn[$i][0]['value']; + if (!$withType) { + if (is_array($v)) { + foreach ($v as $type => $s) { + $type = array_search($type, ASN1::ANY_MAP); + if ($type !== false && array_key_exists($type, ASN1::STRING_TYPE_SIZE)) { + $s = ASN1::convert($s, $type); + if ($s !== false) { + $v = $s; + break; + } + } + } + if (is_array($v)) { + $v = array_pop($v); // Always strip data type. + } + } elseif (is_object($v) && $v instanceof Element) { + $map = $this->getMapping($propName); + if (!is_bool($map)) { + $decoded = ASN1::decodeBER($v); + if (!$decoded) { + return false; + } + $v = ASN1::asn1map($decoded[0], $map); + } + } + } + $result[] = $v; + } + } + + return $result; + } + + /** + * Set a Distinguished Name + * + * @param bool $merge optional + * @param string $type optional + */ + public function setDN($dn, bool $merge = false, string $type = 'utf8String'): bool + { + if (!$merge) { + $this->dn = null; + } + + if (is_array($dn)) { + if (isset($dn['rdnSequence'])) { + $this->dn = $dn; // No merge here. + return true; + } + + // handles stuff generated by openssl_x509_parse() + foreach ($dn as $prop => $value) { + if (!$this->setDNProp($prop, $value, $type)) { + return false; + } + } + return true; + } + + // handles everything else + $results = preg_split('#((?:^|, *|/)(?:C=|O=|OU=|CN=|L=|ST=|SN=|postalCode=|streetAddress=|emailAddress=|serialNumber=|organizationalUnitName=|title=|description=|role=|x500UniqueIdentifier=|postalAddress=))#', $dn, -1, PREG_SPLIT_DELIM_CAPTURE); + for ($i = 1; $i < count($results); $i += 2) { + $prop = trim($results[$i], ', =/'); + $value = $results[$i + 1]; + if (!$this->setDNProp($prop, $value, $type)) { + return false; + } + } + + return true; + } + + /** + * Get the Distinguished Name for a certificates subject + * + * @param mixed $format optional + * @param array|null $dn optional + * @return array|bool|string + */ + public function getDN($format = self::DN_ARRAY, ?array $dn = null) + { + if (!isset($dn)) { + $dn = isset($this->currentCert['tbsCertList']) ? $this->currentCert['tbsCertList']['issuer'] : $this->dn; + } + + switch ((int) $format) { + case self::DN_ARRAY: + return $dn; + case self::DN_ASN1: + $filters = []; + $filters['rdnSequence']['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $this->mapOutDNs($dn, 'rdnSequence'); + return ASN1::encodeDER($dn, Maps\Name::MAP); + case self::DN_CANON: + // No SEQUENCE around RDNs and all string values normalized as + // trimmed lowercase UTF-8 with all spacing as one blank. + // constructed RDNs will not be canonicalized + $filters = []; + $filters['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $result = ''; + $this->mapOutDNs($dn, 'rdnSequence'); + foreach ($dn['rdnSequence'] as $rdn) { + foreach ($rdn as $i => $attr) { + $attr = &$rdn[$i]; + if (is_array($attr['value'])) { + foreach ($attr['value'] as $type => $v) { + $type = array_search($type, ASN1::ANY_MAP, true); + if ($type !== false && array_key_exists($type, ASN1::STRING_TYPE_SIZE)) { + $v = ASN1::convert($v, $type); + if ($v !== false) { + $v = preg_replace('/\s+/', ' ', $v); + $attr['value'] = strtolower(trim($v)); + break; + } + } + } + } + } + $result .= ASN1::encodeDER($rdn, Maps\RelativeDistinguishedName::MAP); + } + return $result; + case self::DN_HASH: + $dn = $this->getDN(self::DN_CANON, $dn); + $hash = new Hash('sha1'); + $hash = $hash->hash($dn); + extract(unpack('Vhash', $hash)); + return strtolower(Strings::bin2hex(pack('N', $hash))); + } + + // Default is to return a string. + $start = true; + $output = ''; + + $result = []; + $filters = []; + $filters['rdnSequence']['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $this->mapOutDNs($dn, 'rdnSequence'); + + foreach ($dn['rdnSequence'] as $field) { + $prop = $field[0]['type']; + $value = $field[0]['value']; + + $delim = ', '; + switch ($prop) { + case 'id-at-countryName': + $desc = 'C'; + break; + case 'id-at-stateOrProvinceName': + $desc = 'ST'; + break; + case 'id-at-organizationName': + $desc = 'O'; + break; + case 'id-at-organizationalUnitName': + $desc = 'OU'; + break; + case 'id-at-commonName': + $desc = 'CN'; + break; + case 'id-at-localityName': + $desc = 'L'; + break; + case 'id-at-surname': + $desc = 'SN'; + break; + case 'id-at-uniqueIdentifier': + $delim = '/'; + $desc = 'x500UniqueIdentifier'; + break; + case 'id-at-postalAddress': + $delim = '/'; + $desc = 'postalAddress'; + break; + default: + $delim = '/'; + $desc = preg_replace('#.+-([^-]+)$#', '$1', $prop); + } + + if (!$start) { + $output .= $delim; + } + if (is_array($value)) { + foreach ($value as $type => $v) { + $type = array_search($type, ASN1::ANY_MAP, true); + if ($type !== false && array_key_exists($type, ASN1::STRING_TYPE_SIZE)) { + $v = ASN1::convert($v, $type); + if ($v !== false) { + $value = $v; + break; + } + } + } + if (is_array($value)) { + $value = array_pop($value); // Always strip data type. + } + } elseif (is_object($value) && $value instanceof Element) { + $callback = fn ($x) => '\x' . bin2hex($x[0]); + $value = strtoupper(preg_replace_callback('#[^\x20-\x7E]#', $callback, $value->element)); + } + $output .= $desc . '=' . $value; + $result[$desc] = isset($result[$desc]) ? + array_merge((array) $result[$desc], [$value]) : + $value; + $start = false; + } + + return $format == self::DN_OPENSSL ? $result : $output; + } + + /** + * Get the Distinguished Name for a certificate/crl issuer + * + * @param int $format optional + */ + public function getIssuerDN(int $format = self::DN_ARRAY) + { + switch (true) { + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDN($format, $this->currentCert['tbsCertificate']['issuer']); + case isset($this->currentCert['tbsCertList']): + return $this->getDN($format, $this->currentCert['tbsCertList']['issuer']); + } + + return false; + } + + /** + * Get the Distinguished Name for a certificate/csr subject + * Alias of getDN() + * + * @param int $format optional + */ + public function getSubjectDN(int $format = self::DN_ARRAY) + { + switch (true) { + case !empty($this->dn): + return $this->getDN($format); + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDN($format, $this->currentCert['tbsCertificate']['subject']); + case isset($this->currentCert['certificationRequestInfo']): + return $this->getDN($format, $this->currentCert['certificationRequestInfo']['subject']); + } + + return false; + } + + /** + * Get an individual Distinguished Name property for a certificate/crl issuer + * + * @param bool $withType optional + */ + public function getIssuerDNProp(string $propName, bool $withType = false) + { + switch (true) { + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDNProp($propName, $this->currentCert['tbsCertificate']['issuer'], $withType); + case isset($this->currentCert['tbsCertList']): + return $this->getDNProp($propName, $this->currentCert['tbsCertList']['issuer'], $withType); + } + + return false; + } + + /** + * Get an individual Distinguished Name property for a certificate/csr subject + * + * @param bool $withType optional + */ + public function getSubjectDNProp(string $propName, bool $withType = false) + { + switch (true) { + case !empty($this->dn): + return $this->getDNProp($propName, null, $withType); + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDNProp($propName, $this->currentCert['tbsCertificate']['subject'], $withType); + case isset($this->currentCert['certificationRequestInfo']): + return $this->getDNProp($propName, $this->currentCert['certificationRequestInfo']['subject'], $withType); + } + + return false; + } + + /** + * Get the certificate chain for the current cert + */ + public function getChain() + { + $chain = [$this->currentCert]; + + if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { + return false; + } + while (true) { + $currentCert = $chain[count($chain) - 1]; + for ($i = 0; $i < count($this->CAs); $i++) { + $ca = $this->CAs[$i]; + if ($currentCert['tbsCertificate']['issuer'] === $ca['tbsCertificate']['subject']) { + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier', $currentCert); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca); + switch (true) { + case !is_array($authorityKey): + case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + if ($currentCert === $ca) { + break 3; + } + $chain[] = $ca; + break 2; + } + } + } + if ($i == count($this->CAs)) { + break; + } + } + foreach ($chain as $key => $value) { + $chain[$key] = new X509(); + $chain[$key]->loadX509($value); + } + return $chain; + } + + /** + * Returns the current cert + * + * @return array|bool + */ + public function &getCurrentCert() + { + return $this->currentCert; + } + + /** + * Set public key + * + * Key needs to be a \phpseclib3\Crypt\RSA object + */ + public function setPublicKey(PublicKey $key): void + { + $this->publicKey = $key; + } + + /** + * Set private key + * + * Key needs to be a \phpseclib3\Crypt\RSA object + */ + public function setPrivateKey(PrivateKey $key): void + { + $this->privateKey = $key; + } + + /** + * Set challenge + * + * Used for SPKAC CSR's + */ + public function setChallenge(string $challenge): void + { + $this->challenge = $challenge; + } + + /** + * Gets the public key + * + * Returns a \phpseclib3\Crypt\RSA object or a false. + */ + public function getPublicKey() + { + if (isset($this->publicKey)) { + return $this->publicKey; + } + + if (isset($this->currentCert) && is_array($this->currentCert)) { + $paths = [ + 'tbsCertificate/subjectPublicKeyInfo', + 'certificationRequestInfo/subjectPKInfo', + 'publicKeyAndChallenge/spki', + ]; + foreach ($paths as $path) { + $keyinfo = $this->subArray($this->currentCert, $path); + if (!empty($keyinfo)) { + break; + } + } + } + if (empty($keyinfo)) { + return false; + } + + $key = $keyinfo['subjectPublicKey']; + + switch ($keyinfo['algorithm']['algorithm']) { + case 'id-RSASSA-PSS': + return RSA::loadFormat('PSS', $key); + case 'rsaEncryption': + return RSA::loadFormat('PKCS8', $key)->withPadding(RSA::SIGNATURE_PKCS1); + case 'id-ecPublicKey': + case 'id-Ed25519': + case 'id-Ed448': + return EC::loadFormat('PKCS8', $key); + case 'id-dsa': + return DSA::loadFormat('PKCS8', $key); + } + + return false; + } + + /** + * Load a Certificate Signing Request + */ + public function loadCSR(string $csr, int $mode = self::FORMAT_AUTO_DETECT) + { + if (is_array($csr) && isset($csr['certificationRequestInfo'])) { + unset($this->currentCert); + unset($this->currentKeyIdentifier); + unset($this->signatureSubject); + $this->dn = $csr['certificationRequestInfo']['subject']; + if (!isset($this->dn)) { + return false; + } + + $this->currentCert = $csr; + return $csr; + } + + // see http://tools.ietf.org/html/rfc2986 + + if ($mode != self::FORMAT_DER) { + $newcsr = ASN1::extractBER($csr); + if ($mode == self::FORMAT_PEM && $csr == $newcsr) { + return false; + } + $csr = $newcsr; + } + $orig = $csr; + + if ($csr === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($csr); + + if (!$decoded) { + $this->currentCert = false; + return false; + } + + $csr = ASN1::asn1map($decoded[0], Maps\CertificationRequest::MAP); + if (!isset($csr) || $csr === false) { + $this->currentCert = false; + return false; + } + + $this->mapInAttributes($csr, 'certificationRequestInfo/attributes'); + $this->mapInDNs($csr, 'certificationRequestInfo/subject/rdnSequence'); + + $this->dn = $csr['certificationRequestInfo']['subject']; + + $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + $key = $csr['certificationRequestInfo']['subjectPKInfo']; + $key = ASN1::encodeDER($key, Maps\SubjectPublicKeyInfo::MAP); + $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'] = + "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + + $this->currentKeyIdentifier = null; + $this->currentCert = $csr; + + $this->publicKey = null; + $this->publicKey = $this->getPublicKey(); + + return $csr; + } + + /** + * Save CSR request + * + * @return string|false + */ + public function saveCSR(array $csr, int $format = self::FORMAT_PEM) + { + if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) { + return false; + } + + switch (true) { + case !($algorithm = $this->subArray($csr, 'certificationRequestInfo/subjectPKInfo/algorithm/algorithm')): + case is_object($csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): + break; + default: + $csr['certificationRequestInfo']['subjectPKInfo'] = new Element( + base64_decode(preg_replace('#-.+-|[\r\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])) + ); + } + + $filters = []; + $filters['certificationRequestInfo']['subject']['rdnSequence']['value'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + + ASN1::setFilters($filters); + + $this->mapOutDNs($csr, 'certificationRequestInfo/subject/rdnSequence'); + $this->mapOutAttributes($csr, 'certificationRequestInfo/attributes'); + $csr = ASN1::encodeDER($csr, Maps\CertificationRequest::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $csr; + // case self::FORMAT_PEM: + default: + return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(Strings::base64_encode($csr), 64) . '-----END CERTIFICATE REQUEST-----'; + } + } + + /** + * Load a SPKAC CSR + * + * SPKAC's are produced by the HTML5 keygen element: + * + * https://developer.mozilla.org/en-US/docs/HTML/Element/keygen + */ + public function loadSPKAC(string $spkac) + { + if (is_array($spkac) && isset($spkac['publicKeyAndChallenge'])) { + unset($this->currentCert); + unset($this->currentKeyIdentifier); + unset($this->signatureSubject); + $this->currentCert = $spkac; + return $spkac; + } + + // see http://www.w3.org/html/wg/drafts/html/master/forms.html#signedpublickeyandchallenge + + // OpenSSL produces SPKAC's that are preceded by the string SPKAC= + $temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac); + $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Strings::base64_decode($temp) : false; + if ($temp != false) { + $spkac = $temp; + } + $orig = $spkac; + + if ($spkac === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($spkac); + + if (!$decoded) { + $this->currentCert = false; + return false; + } + + $spkac = ASN1::asn1map($decoded[0], Maps\SignedPublicKeyAndChallenge::MAP); + + if (!isset($spkac) || !is_array($spkac)) { + $this->currentCert = false; + return false; + } + + $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + $key = $spkac['publicKeyAndChallenge']['spki']; + $key = ASN1::encodeDER($key, Maps\SubjectPublicKeyInfo::MAP); + $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'] = + "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + + $this->currentKeyIdentifier = null; + $this->currentCert = $spkac; + + $this->publicKey = null; + $this->publicKey = $this->getPublicKey(); + + return $spkac; + } + + /** + * Save a SPKAC CSR request + * + * @param int $format optional + * @return string|false + */ + public function saveSPKAC(array $spkac, int $format = self::FORMAT_PEM) + { + if (!is_array($spkac) || !isset($spkac['publicKeyAndChallenge'])) { + return false; + } + + $algorithm = $this->subArray($spkac, 'publicKeyAndChallenge/spki/algorithm/algorithm'); + switch (true) { + case !$algorithm: + case is_object($spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']): + break; + default: + $spkac['publicKeyAndChallenge']['spki'] = new Element( + base64_decode(preg_replace('#-.+-|[\r\n]#', '', $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'])) + ); + } + + $spkac = ASN1::encodeDER($spkac, Maps\SignedPublicKeyAndChallenge::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $spkac; + // case self::FORMAT_PEM: + default: + // OpenSSL's implementation of SPKAC requires the SPKAC be preceded by SPKAC= and since there are pretty much + // no other SPKAC decoders phpseclib will use that same format + return 'SPKAC=' . Strings::base64_encode($spkac); + } + } + + /** + * Load a Certificate Revocation List + */ + public function loadCRL(string $crl, int $mode = self::FORMAT_AUTO_DETECT) + { + if (is_array($crl) && isset($crl['tbsCertList'])) { + $this->currentCert = $crl; + unset($this->signatureSubject); + return $crl; + } + + if ($mode != self::FORMAT_DER) { + $newcrl = ASN1::extractBER($crl); + if ($mode == self::FORMAT_PEM && $crl == $newcrl) { + return false; + } + $crl = $newcrl; + } + $orig = $crl; + + if ($crl === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($crl); + + if (!$decoded) { + $this->currentCert = false; + return false; + } + + $crl = ASN1::asn1map($decoded[0], Maps\CertificateList::MAP); + if (!isset($crl) || $crl === false) { + $this->currentCert = false; + return false; + } + + $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + $this->mapInDNs($crl, 'tbsCertList/issuer/rdnSequence'); + if ($this->isSubArrayValid($crl, 'tbsCertList/crlExtensions')) { + $this->mapInExtensions($crl, 'tbsCertList/crlExtensions'); + } + if ($this->isSubArrayValid($crl, 'tbsCertList/revokedCertificates')) { + $rclist_ref = &$this->subArrayUnchecked($crl, 'tbsCertList/revokedCertificates'); + if ($rclist_ref) { + $rclist = $crl['tbsCertList']['revokedCertificates']; + foreach ($rclist as $i => $extension) { + if ($this->isSubArrayValid($rclist, "$i/crlEntryExtensions")) { + $this->mapInExtensions($rclist_ref, "$i/crlEntryExtensions"); + } + } + } + } + + $this->currentKeyIdentifier = null; + $this->currentCert = $crl; + + return $crl; + } + + /** + * Save Certificate Revocation List. + * + * @param int $format optional + * @return string + */ + public function saveCRL(array $crl, int $format = self::FORMAT_PEM) + { + if (!is_array($crl) || !isset($crl['tbsCertList'])) { + return false; + } + + $filters = []; + $filters['tbsCertList']['issuer']['rdnSequence']['value'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + $filters['tbsCertList']['signature']['parameters'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + $filters['signatureAlgorithm']['parameters'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + + if (empty($crl['tbsCertList']['signature']['parameters'])) { + $filters['tbsCertList']['signature']['parameters'] + = ['type' => ASN1::TYPE_NULL]; + } + + if (empty($crl['signatureAlgorithm']['parameters'])) { + $filters['signatureAlgorithm']['parameters'] + = ['type' => ASN1::TYPE_NULL]; + } + + ASN1::setFilters($filters); + + $this->mapOutDNs($crl, 'tbsCertList/issuer/rdnSequence'); + $this->mapOutExtensions($crl, 'tbsCertList/crlExtensions'); + $rclist = &$this->subArray($crl, 'tbsCertList/revokedCertificates'); + if (is_array($rclist)) { + foreach ($rclist as $i => $extension) { + $this->mapOutExtensions($rclist, "$i/crlEntryExtensions"); + } + } + + $crl = ASN1::encodeDER($crl, Maps\CertificateList::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $crl; + // case self::FORMAT_PEM: + default: + return "-----BEGIN X509 CRL-----\r\n" . chunk_split(Strings::base64_encode($crl), 64) . '-----END X509 CRL-----'; + } + } + + /** + * Helper function to build a time field according to RFC 3280 section + * - 4.1.2.5 Validity + * - 5.1.2.4 This Update + * - 5.1.2.5 Next Update + * - 5.1.2.6 Revoked Certificates + * by choosing utcTime iff year of date given is before 2050 and generalTime else. + * + * @param Element|string $date in format date('D, d M Y H:i:s O') + * @return array|Element + */ + private function timeField($date) + { + if ($date instanceof Element) { + return $date; + } + $dateObj = new \DateTimeImmutable($date, new \DateTimeZone('GMT')); + $year = $dateObj->format('Y'); // the same way ASN1.php parses this + if ($year < 2050) { + return ['utcTime' => $date]; + } else { + return ['generalTime' => $date]; + } + } + + /** + * Sign an X.509 certificate + * + * $issuer's private key needs to be loaded. + * $subject can be either an existing X.509 cert (if you want to resign it), + * a CSR or something with the DN and public key explicitly set. + */ + public function sign(X509 $issuer, X509 $subject) + { + if (!is_object($issuer->privateKey) || empty($issuer->dn)) { + return false; + } + + if (isset($subject->publicKey) && !($subjectPublicKey = $subject->formatSubjectPublicKey())) { + return false; + } + + $currentCert = $this->currentCert ?? null; + $signatureSubject = $this->signatureSubject ?? null; + $signatureAlgorithm = self::identifySignatureAlgorithm($issuer->privateKey); + + if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) { + $this->currentCert = $subject->currentCert; + $this->currentCert['tbsCertificate']['signature'] = $signatureAlgorithm; + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + + if (!empty($this->startDate)) { + $this->currentCert['tbsCertificate']['validity']['notBefore'] = $this->timeField($this->startDate); + } + if (!empty($this->endDate)) { + $this->currentCert['tbsCertificate']['validity']['notAfter'] = $this->timeField($this->endDate); + } + if (!empty($this->serialNumber)) { + $this->currentCert['tbsCertificate']['serialNumber'] = $this->serialNumber; + } + if (!empty($subject->dn)) { + $this->currentCert['tbsCertificate']['subject'] = $subject->dn; + } + if (!empty($subject->publicKey)) { + $this->currentCert['tbsCertificate']['subjectPublicKeyInfo'] = $subjectPublicKey; + } + $this->removeExtension('id-ce-authorityKeyIdentifier'); + if (isset($subject->domains)) { + $this->removeExtension('id-ce-subjectAltName'); + } + } elseif (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertList'])) { + return false; + } else { + if (!isset($subject->publicKey)) { + return false; + } + + $startDate = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + $startDate = !empty($this->startDate) ? $this->startDate : $startDate->format('D, d M Y H:i:s O'); + + $endDate = new \DateTimeImmutable('+1 year', new \DateTimeZone(@date_default_timezone_get())); + $endDate = !empty($this->endDate) ? $this->endDate : $endDate->format('D, d M Y H:i:s O'); + + /* "The serial number MUST be a positive integer" + "Conforming CAs MUST NOT use serialNumber values longer than 20 octets." + -- https://tools.ietf.org/html/rfc5280#section-4.1.2.2 + + for the integer to be positive the leading bit needs to be 0 hence the + application of a bitmap + */ + $serialNumber = !empty($this->serialNumber) ? + $this->serialNumber : + new BigInteger(Random::string(20) & ("\x7F" . str_repeat("\xFF", 19)), 256); + + $this->currentCert = [ + 'tbsCertificate' => + [ + 'version' => 'v3', + 'serialNumber' => $serialNumber, // $this->setSerialNumber() + 'signature' => $signatureAlgorithm, + 'issuer' => false, // this is going to be overwritten later + 'validity' => [ + 'notBefore' => $this->timeField($startDate), // $this->setStartDate() + 'notAfter' => $this->timeField($endDate), // $this->setEndDate() + ], + 'subject' => $subject->dn, + 'subjectPublicKeyInfo' => $subjectPublicKey, + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false, // this is going to be overwritten later + ]; + + // Copy extensions from CSR. + $csrexts = $subject->getAttribute('pkcs-9-at-extensionRequest', 0); + + if (!empty($csrexts)) { + $this->currentCert['tbsCertificate']['extensions'] = $csrexts; + } + } + + $this->currentCert['tbsCertificate']['issuer'] = $issuer->dn; + + if (isset($issuer->currentKeyIdentifier)) { + $this->setExtension('id-ce-authorityKeyIdentifier', [ + //'authorityCertIssuer' => array( + // array( + // 'directoryName' => $issuer->dn + // ) + //), + 'keyIdentifier' => $issuer->currentKeyIdentifier, + ]); + //$extensions = &$this->currentCert['tbsCertificate']['extensions']; + //if (isset($issuer->serialNumber)) { + // $extensions[count($extensions) - 1]['authorityCertSerialNumber'] = $issuer->serialNumber; + //} + //unset($extensions); + } + + if (isset($subject->currentKeyIdentifier)) { + $this->setExtension('id-ce-subjectKeyIdentifier', $subject->currentKeyIdentifier); + } + + $altName = []; + + if (isset($subject->domains) && count($subject->domains)) { + $altName = array_map(['\phpseclib3\File\X509', 'dnsName'], $subject->domains); + } + + if (isset($subject->ipAddresses) && count($subject->ipAddresses)) { + // should an IP address appear as the CN if no domain name is specified? idk + //$ips = count($subject->domains) ? $subject->ipAddresses : array_slice($subject->ipAddresses, 1); + $ipAddresses = []; + foreach ($subject->ipAddresses as $ipAddress) { + $encoded = $subject->ipAddress($ipAddress); + if ($encoded !== false) { + $ipAddresses[] = $encoded; + } + } + if (count($ipAddresses)) { + $altName = array_merge($altName, $ipAddresses); + } + } + + if (!empty($altName)) { + $this->setExtension('id-ce-subjectAltName', $altName); + } + + if ($this->caFlag) { + $keyUsage = $this->getExtension('id-ce-keyUsage'); + if (!$keyUsage) { + $keyUsage = []; + } + + $this->setExtension( + 'id-ce-keyUsage', + array_values(array_unique(array_merge($keyUsage, ['cRLSign', 'keyCertSign']))) + ); + + $basicConstraints = $this->getExtension('id-ce-basicConstraints'); + if (!$basicConstraints) { + $basicConstraints = []; + } + + $this->setExtension( + 'id-ce-basicConstraints', + array_merge(['cA' => true], $basicConstraints), + true + ); + + if (!isset($subject->currentKeyIdentifier)) { + $this->setExtension('id-ce-subjectKeyIdentifier', $this->computeKeyIdentifier($this->currentCert), false, false); + } + } + + // resync $this->signatureSubject + // save $tbsCertificate in case there are any \phpseclib3\File\ASN1\Element objects in it + $tbsCertificate = $this->currentCert['tbsCertificate']; + $this->loadX509($this->saveX509($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $issuer->privateKey->sign($this->signatureSubject); + $result['tbsCertificate'] = $tbsCertificate; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Sign a CSR + */ + public function signCSR() + { + if (!is_object($this->privateKey) || empty($this->dn)) { + return false; + } + + $origPublicKey = $this->publicKey; + $this->publicKey = $this->privateKey->getPublicKey(); + $publicKey = $this->formatSubjectPublicKey(); + $this->publicKey = $origPublicKey; + + $currentCert = $this->currentCert ?? null; + $signatureSubject = $this->signatureSubject ?? null; + $signatureAlgorithm = self::identifySignatureAlgorithm($this->privateKey); + + if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['certificationRequestInfo'])) { + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + if (!empty($this->dn)) { + $this->currentCert['certificationRequestInfo']['subject'] = $this->dn; + } + $this->currentCert['certificationRequestInfo']['subjectPKInfo'] = $publicKey; + } else { + $this->currentCert = [ + 'certificationRequestInfo' => + [ + 'version' => 'v1', + 'subject' => $this->dn, + 'subjectPKInfo' => $publicKey, + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false, // this is going to be overwritten later + ]; + } + + // resync $this->signatureSubject + // save $certificationRequestInfo in case there are any \phpseclib3\File\ASN1\Element objects in it + $certificationRequestInfo = $this->currentCert['certificationRequestInfo']; + $this->loadCSR($this->saveCSR($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $this->privateKey->sign($this->signatureSubject); + $result['certificationRequestInfo'] = $certificationRequestInfo; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Sign a SPKAC + */ + public function signSPKAC() + { + if (!is_object($this->privateKey)) { + return false; + } + + $origPublicKey = $this->publicKey; + $this->publicKey = $this->privateKey->getPublicKey(); + $publicKey = $this->formatSubjectPublicKey(); + $this->publicKey = $origPublicKey; + + $currentCert = $this->currentCert ?? null; + $signatureSubject = $this->signatureSubject ?? null; + $signatureAlgorithm = self::identifySignatureAlgorithm($this->privateKey); + + // re-signing a SPKAC seems silly but since everything else supports re-signing why not? + if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['publicKeyAndChallenge'])) { + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + $this->currentCert['publicKeyAndChallenge']['spki'] = $publicKey; + if (!empty($this->challenge)) { + // the bitwise AND ensures that the output is a valid IA5String + $this->currentCert['publicKeyAndChallenge']['challenge'] = $this->challenge & str_repeat("\x7F", strlen($this->challenge)); + } + } else { + $this->currentCert = [ + 'publicKeyAndChallenge' => + [ + 'spki' => $publicKey, + // quoting , + // "A challenge string that is submitted along with the public key. Defaults to an empty string if not specified." + // both Firefox and OpenSSL ("openssl spkac -key private.key") behave this way + // we could alternatively do this instead if we ignored the specs: + // Random::string(8) & str_repeat("\x7F", 8) + 'challenge' => !empty($this->challenge) ? $this->challenge : '', + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false, // this is going to be overwritten later + ]; + } + + // resync $this->signatureSubject + // save $publicKeyAndChallenge in case there are any \phpseclib3\File\ASN1\Element objects in it + $publicKeyAndChallenge = $this->currentCert['publicKeyAndChallenge']; + $this->loadSPKAC($this->saveSPKAC($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $this->privateKey->sign($this->signatureSubject); + $result['publicKeyAndChallenge'] = $publicKeyAndChallenge; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Sign a CRL + * + * $issuer's private key needs to be loaded. + */ + public function signCRL(X509 $issuer, X509 $crl) + { + if (!is_object($issuer->privateKey) || empty($issuer->dn)) { + return false; + } + + $currentCert = $this->currentCert ?? null; + $signatureSubject = $this->signatureSubject ?? null; + $signatureAlgorithm = self::identifySignatureAlgorithm($issuer->privateKey); + + $thisUpdate = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + $thisUpdate = !empty($this->startDate) ? $this->startDate : $thisUpdate->format('D, d M Y H:i:s O'); + + if (isset($crl->currentCert) && is_array($crl->currentCert) && isset($crl->currentCert['tbsCertList'])) { + $this->currentCert = $crl->currentCert; + $this->currentCert['tbsCertList']['signature'] = $signatureAlgorithm; + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + } else { + $this->currentCert = [ + 'tbsCertList' => + [ + 'version' => 'v2', + 'signature' => $signatureAlgorithm, + 'issuer' => false, // this is going to be overwritten later + 'thisUpdate' => $this->timeField($thisUpdate), // $this->setStartDate() + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false, // this is going to be overwritten later + ]; + } + + $tbsCertList = &$this->currentCert['tbsCertList']; + $tbsCertList['issuer'] = $issuer->dn; + $tbsCertList['thisUpdate'] = $this->timeField($thisUpdate); + + if (!empty($this->endDate)) { + $tbsCertList['nextUpdate'] = $this->timeField($this->endDate); // $this->setEndDate() + } else { + unset($tbsCertList['nextUpdate']); + } + + if (!empty($this->serialNumber)) { + $crlNumber = $this->serialNumber; + } else { + $crlNumber = $this->getExtension('id-ce-cRLNumber'); + // "The CRL number is a non-critical CRL extension that conveys a + // monotonically increasing sequence number for a given CRL scope and + // CRL issuer. This extension allows users to easily determine when a + // particular CRL supersedes another CRL." + // -- https://tools.ietf.org/html/rfc5280#section-5.2.3 + $crlNumber = $crlNumber !== false ? $crlNumber->add(new BigInteger(1)) : null; + } + + $this->removeExtension('id-ce-authorityKeyIdentifier'); + $this->removeExtension('id-ce-issuerAltName'); + + // Be sure version >= v2 if some extension found. + $version = $tbsCertList['version'] ?? 0; + if (!$version) { + if (!empty($tbsCertList['crlExtensions'])) { + $version = 1; // v2. + } elseif (!empty($tbsCertList['revokedCertificates'])) { + foreach ($tbsCertList['revokedCertificates'] as $cert) { + if (!empty($cert['crlEntryExtensions'])) { + $version = 1; // v2. + } + } + } + + if ($version) { + $tbsCertList['version'] = $version; + } + } + + // Store additional extensions. + if (!empty($tbsCertList['version'])) { // At least v2. + if (!empty($crlNumber)) { + $this->setExtension('id-ce-cRLNumber', $crlNumber); + } + + if (isset($issuer->currentKeyIdentifier)) { + $this->setExtension('id-ce-authorityKeyIdentifier', [ + //'authorityCertIssuer' => array( + // ] + // 'directoryName' => $issuer->dn + // ] + //), + 'keyIdentifier' => $issuer->currentKeyIdentifier, + ]); + //$extensions = &$tbsCertList['crlExtensions']; + //if (isset($issuer->serialNumber)) { + // $extensions[count($extensions) - 1]['authorityCertSerialNumber'] = $issuer->serialNumber; + //} + //unset($extensions); + } + + $issuerAltName = $this->getExtension('id-ce-subjectAltName', $issuer->currentCert); + + if ($issuerAltName !== false) { + $this->setExtension('id-ce-issuerAltName', $issuerAltName); + } + } + + if (empty($tbsCertList['revokedCertificates'])) { + unset($tbsCertList['revokedCertificates']); + } + + unset($tbsCertList); + + // resync $this->signatureSubject + // save $tbsCertList in case there are any \phpseclib3\File\ASN1\Element objects in it + $tbsCertList = $this->currentCert['tbsCertList']; + $this->loadCRL($this->saveCRL($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $issuer->privateKey->sign($this->signatureSubject); + $result['tbsCertList'] = $tbsCertList; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Identify signature algorithm from key settings + * + * @throws UnsupportedAlgorithmException if the algorithm is unsupported + */ + private static function identifySignatureAlgorithm(PrivateKey $key): array + { + if ($key instanceof RSA) { + if ($key->getPadding() & RSA::SIGNATURE_PSS) { + $r = PSS::load($key->withPassword()->toString('PSS')); + return [ + 'algorithm' => 'id-RSASSA-PSS', + 'parameters' => PSS::savePSSParams($r), + ]; + } + switch ($key->getHash()) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha224': + case 'sha256': + case 'sha384': + case 'sha512': + return ['algorithm' => $key->getHash()->__toString() . 'WithRSAEncryption']; + } + throw new UnsupportedAlgorithmException('The only supported hash algorithms for RSA are: md2, md5, sha1, sha224, sha256, sha384, sha512'); + } + + if ($key instanceof DSA) { + switch ($key->getHash()) { + case 'sha1': + case 'sha224': + case 'sha256': + return ['algorithm' => 'id-dsa-with-' . $key->getHash()->__toString()]; + } + throw new UnsupportedAlgorithmException('The only supported hash algorithms for DSA are: sha1, sha224, sha256'); + } + + if ($key instanceof EC) { + switch ($key->getCurve()) { + case 'Ed25519': + case 'Ed448': + return ['algorithm' => 'id-' . $key->getCurve()]; + } + switch ($key->getHash()) { + case 'sha1': + case 'sha224': + case 'sha256': + case 'sha384': + case 'sha512': + return ['algorithm' => 'ecdsa-with-' . strtoupper($key->getHash()->__toString())]; + } + throw new UnsupportedAlgorithmException('The only supported hash algorithms for EC are: sha1, sha224, sha256, sha384, sha512'); + } + + throw new UnsupportedAlgorithmException('The only supported public key classes are: RSA, DSA, EC'); + } + + /** + * Set certificate start date + * + * @param \DateTimeInterface|string $date + */ + public function setStartDate($date): void + { + if (!is_object($date) || !($date instanceof \DateTimeInterface)) { + $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); + } + + $this->startDate = $date->format('D, d M Y H:i:s O'); + } + + /** + * Set certificate end date + * + * @param \DateTimeInterface|string $date + */ + public function setEndDate($date): void + { + /* + To indicate that a certificate has no well-defined expiration date, + the notAfter SHOULD be assigned the GeneralizedTime value of + 99991231235959Z. + + -- http://tools.ietf.org/html/rfc5280#section-4.1.2.5 + */ + if (is_string($date) && strtolower($date) === 'lifetime') { + $temp = '99991231235959Z'; + $temp = chr(ASN1::TYPE_GENERALIZED_TIME) . ASN1::encodeLength(strlen($temp)) . $temp; + $this->endDate = new Element($temp); + } else { + if (!is_object($date) || !($date instanceof \DateTimeInterface)) { + $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); + } + + $this->endDate = $date->format('D, d M Y H:i:s O'); + } + } + + /** + * Set Serial Number + * + * @param int $base optional + */ + public function setSerialNumber(string $serial, int $base = -256): void + { + $this->serialNumber = new BigInteger($serial, $base); + } + + /** + * Turns the certificate into a certificate authority + */ + public function makeCA(): void + { + $this->caFlag = true; + } + + /** + * Check for validity of subarray + * + * This is intended for use in conjunction with _subArrayUnchecked(), + * implementing the checks included in _subArray() but without copying + * a potentially large array by passing its reference by-value to is_array(). + */ + private function isSubArrayValid(array $root, string $path): bool + { + if (!is_array($root)) { + return false; + } + + foreach (explode('/', $path) as $i) { + if (!is_array($root)) { + return false; + } + + if (!isset($root[$i])) { + return true; + } + + $root = $root[$i]; + } + + return true; + } + + /** + * Get a reference to a subarray + * + * This variant of _subArray() does no is_array() checking, + * so $root should be checked with _isSubArrayValid() first. + * + * This is here for performance reasons: + * Passing a reference (i.e. $root) by-value (i.e. to is_array()) + * creates a copy. If $root is an especially large array, this is expensive. + * + * @param string $path absolute path with / as component separator + * @param bool $create optional + * @return array|false + */ + private function &subArrayUnchecked(array &$root, string $path, bool $create = false) + { + $false = false; + + foreach (explode('/', $path) as $i) { + if (!isset($root[$i])) { + if (!$create) { + return $false; + } + + $root[$i] = []; + } + + $root = &$root[$i]; + } + + return $root; + } + + /** + * Get a reference to a subarray + * + * @param string $path absolute path with / as component separator + * @param bool $create optional + * @return array|false + */ + private function &subArray(?array &$root, string $path, bool $create = false) + { + $false = false; + + if (!is_array($root)) { + return $false; + } + + foreach (explode('/', $path) as $i) { + if (!is_array($root)) { + return $false; + } + + if (!isset($root[$i])) { + if (!$create) { + return $false; + } + + $root[$i] = []; + } + + $root = &$root[$i]; + } + + return $root; + } + + /** + * Get a reference to an extension subarray + * + * @param string|null $path optional absolute path with / as component separator + * @param bool $create optional + * @return array|false + */ + private function &extensions(?array &$root, ?string $path = null, bool $create = false) + { + if (!isset($root)) { + $root = $this->currentCert; + } + + switch (true) { + case !empty($path): + case !is_array($root): + break; + case isset($root['tbsCertificate']): + $path = 'tbsCertificate/extensions'; + break; + case isset($root['tbsCertList']): + $path = 'tbsCertList/crlExtensions'; + break; + case isset($root['certificationRequestInfo']): + $pth = 'certificationRequestInfo/attributes'; + $attributes = &$this->subArray($root, $pth, $create); + + if (is_array($attributes)) { + foreach ($attributes as $key => $value) { + if ($value['type'] == 'pkcs-9-at-extensionRequest') { + $path = "$pth/$key/value/0"; + break 2; + } + } + if ($create) { + $key = count($attributes); + $attributes[] = ['type' => 'pkcs-9-at-extensionRequest', 'value' => []]; + $path = "$pth/$key/value/0"; + } + } + break; + } + + $extensions = &$this->subArray($root, $path, $create); + + if (!is_array($extensions)) { + $false = false; + return $false; + } + + return $extensions; + } + + /** + * Remove an Extension + * + * @param string|null $path optional + */ + private function removeExtensionHelper(string $id, ?string $path = null): bool + { + $extensions = &$this->extensions($this->currentCert, $path); + + if (!is_array($extensions)) { + return false; + } + + $result = false; + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + unset($extensions[$key]); + $result = true; + } + } + + $extensions = array_values($extensions); + // fix for https://bugs.php.net/75433 affecting PHP 7.2 + if (!isset($extensions[0])) { + $extensions = array_splice($extensions, 0, 0); + } + return $result; + } + + /** + * Get an Extension + * + * Returns the extension if it exists and false if not + * + * @param array|null $cert optional + * @param string|null $path optional + */ + private function getExtensionHelper(string $id, ?array $cert = null, ?string $path = null) + { + $extensions = $this->extensions($cert, $path); + + if (!is_array($extensions)) { + return false; + } + + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + return $value['extnValue']; + } + } + + return false; + } + + /** + * Returns a list of all extensions in use + * + * @param array|null $cert optional + * @param string|null $path optional + */ + private function getExtensionsHelper(?array $cert = null, ?string $path = null): array + { + $exts = $this->extensions($cert, $path); + $extensions = []; + + if (is_array($exts)) { + foreach ($exts as $extension) { + $extensions[] = $extension['extnId']; + } + } + + return $extensions; + } + + /** + * Set an Extension + * + * @param bool $critical optional + * @param bool $replace optional + * @param string|null $path optional + */ + private function setExtensionHelper(string $id, $value, bool $critical = false, bool $replace = true, ?string $path = null): bool + { + $extensions = &$this->extensions($this->currentCert, $path, true); + + if (!is_array($extensions)) { + return false; + } + + $newext = ['extnId' => $id, 'critical' => $critical, 'extnValue' => $value]; + + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + if (!$replace) { + return false; + } + + $extensions[$key] = $newext; + return true; + } + } + + $extensions[] = $newext; + return true; + } + + /** + * Remove a certificate, CSR or CRL Extension + */ + public function removeExtension(string $id): bool + { + return $this->removeExtensionHelper($id); + } + + /** + * Get a certificate, CSR or CRL Extension + * + * Returns the extension if it exists and false if not + * + * @param array|null $cert optional + */ + public function getExtension(string $id, ?array $cert = null, ?string $path = null) + { + return $this->getExtensionHelper($id, $cert, $path); + } + + /** + * Returns a list of all extensions in use in certificate, CSR or CRL + * + * @param array|null $cert optional + * @param string|null $path optional + */ + public function getExtensions(?array $cert = null, ?string $path = null): array + { + return $this->getExtensionsHelper($cert, $path); + } + + /** + * Set a certificate, CSR or CRL Extension + * + * @param bool $critical optional + * @param bool $replace optional + */ + public function setExtension(string $id, $value, bool $critical = false, bool $replace = true): bool + { + return $this->setExtensionHelper($id, $value, $critical, $replace); + } + + /** + * Remove a CSR attribute. + * + * @param int $disposition optional + */ + public function removeAttribute(string $id, int $disposition = self::ATTR_ALL): bool + { + $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes'); + + if (!is_array($attributes)) { + return false; + } + + $result = false; + foreach ($attributes as $key => $attribute) { + if ($attribute['type'] == $id) { + $n = count($attribute['value']); + switch (true) { + case $disposition == self::ATTR_APPEND: + case $disposition == self::ATTR_REPLACE: + return false; + case $disposition >= $n: + $disposition -= $n; + break; + case $disposition == self::ATTR_ALL: + case $n == 1: + unset($attributes[$key]); + $result = true; + break; + default: + unset($attributes[$key]['value'][$disposition]); + $attributes[$key]['value'] = array_values($attributes[$key]['value']); + $result = true; + break; + } + if ($result && $disposition != self::ATTR_ALL) { + break; + } + } + } + + $attributes = array_values($attributes); + return $result; + } + + /** + * Get a CSR attribute + * + * Returns the attribute if it exists and false if not + * + * @param int $disposition optional + * @param array|null $csr optional + */ + public function getAttribute(string $id, int $disposition = self::ATTR_ALL, ?array $csr = null) + { + if (empty($csr)) { + $csr = $this->currentCert; + } + + $attributes = $this->subArray($csr, 'certificationRequestInfo/attributes'); + + if (!is_array($attributes)) { + return false; + } + + foreach ($attributes as $key => $attribute) { + if ($attribute['type'] == $id) { + $n = count($attribute['value']); + switch (true) { + case $disposition == self::ATTR_APPEND: + case $disposition == self::ATTR_REPLACE: + return false; + case $disposition == self::ATTR_ALL: + return $attribute['value']; + case $disposition >= $n: + $disposition -= $n; + break; + default: + return $attribute['value'][$disposition]; + } + } + } + + return false; + } + + /** + * Returns a list of all CSR attributes in use + * + * @param array|null $csr optional + */ + public function getAttributes(?array $csr = null): array + { + if (empty($csr)) { + $csr = $this->currentCert; + } + + $attributes = $this->subArray($csr, 'certificationRequestInfo/attributes'); + $attrs = []; + + if (is_array($attributes)) { + foreach ($attributes as $attribute) { + $attrs[] = $attribute['type']; + } + } + + return $attrs; + } + + /** + * Set a CSR attribute + * + * @param int $disposition optional + */ + public function setAttribute(string $id, $value, int $disposition = self::ATTR_ALL): bool + { + $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes', true); + + if (!is_array($attributes)) { + return false; + } + + switch ($disposition) { + case self::ATTR_REPLACE: + $disposition = self::ATTR_APPEND; + // fall-through + case self::ATTR_ALL: + $this->removeAttribute($id); + break; + } + + foreach ($attributes as $key => $attribute) { + if ($attribute['type'] == $id) { + $n = count($attribute['value']); + switch (true) { + case $disposition == self::ATTR_APPEND: + $last = $key; + break; + case $disposition >= $n: + $disposition -= $n; + break; + default: + $attributes[$key]['value'][$disposition] = $value; + return true; + } + } + } + + switch (true) { + case $disposition >= 0: + return false; + case isset($last): + $attributes[$last]['value'][] = $value; + break; + default: + $attributes[] = ['type' => $id, 'value' => $disposition == self::ATTR_ALL ? $value : [$value]]; + break; + } + + return true; + } + + /** + * Sets the subject key identifier + * + * This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions. + */ + public function setKeyIdentifier(string $value): void + { + if (empty($value)) { + unset($this->currentKeyIdentifier); + } else { + $this->currentKeyIdentifier = $value; + } + } + + /** + * Compute a public key identifier. + * + * Although key identifiers may be set to any unique value, this function + * computes key identifiers from public key according to the two + * recommended methods (4.2.1.2 RFC 3280). + * Highly polymorphic: try to accept all possible forms of key: + * - Key object + * - \phpseclib3\File\X509 object with public or private key defined + * - Certificate or CSR array + * - \phpseclib3\File\ASN1\Element object + * - PEM or DER string + * + * @param mixed $key optional + * @param int $method optional + * @return string binary key identifier + */ + public function computeKeyIdentifier($key = null, int $method = 1) + { + if (is_null($key)) { + $key = $this; + } + + switch (true) { + case is_string($key): + break; + case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): + return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method); + case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): + return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method); + case !is_object($key): + return false; + case $key instanceof Element: + // Assume the element is a bitstring-packed key. + $decoded = ASN1::decodeBER($key->element); + if (!$decoded) { + return false; + } + $raw = ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_BIT_STRING]); + if (empty($raw)) { + return false; + } + // If the key is private, compute identifier from its corresponding public key. + $key = PublicKeyLoader::load($raw); + if ($key instanceof PrivateKey) { // If private. + return $this->computeKeyIdentifier($key, $method); + } + $key = $raw; // Is a public key. + break; + case $key instanceof X509: + if (isset($key->publicKey)) { + return $this->computeKeyIdentifier($key->publicKey, $method); + } + if (isset($key->privateKey)) { + return $this->computeKeyIdentifier($key->privateKey, $method); + } + if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) { + return $this->computeKeyIdentifier($key->currentCert, $method); + } + return false; + default: // Should be a key object (i.e.: \phpseclib3\Crypt\RSA). + $key = $key->getPublicKey(); + break; + } + + // If in PEM format, convert to binary. + $key = ASN1::extractBER(is_string($key) ? $key : $key->__toString()); + + // Now we have the key string: compute its sha-1 sum. + $hash = new Hash('sha1'); + $hash = $hash->hash($key); + + if ($method == 2) { + $hash = substr($hash, -8); + $hash[0] = chr((ord($hash[0]) & 0x0F) | 0x40); + } + + return $hash; + } + + /** + * Format a public key as appropriate + * + * @return array|false + */ + private function formatSubjectPublicKey() + { + $format = $this->publicKey instanceof RSA && ($this->publicKey->getPadding() & RSA::SIGNATURE_PSS) ? + 'PSS' : + 'PKCS8'; + + $publicKey = base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->toString($format))); + + $decoded = ASN1::decodeBER($publicKey); + if (!$decoded) { + return false; + } + $mapped = ASN1::asn1map($decoded[0], Maps\SubjectPublicKeyInfo::MAP); + if (!is_array($mapped)) { + return false; + } + + $mapped['subjectPublicKey'] = $this->publicKey->toString($format); + + return $mapped; + } + + /** + * Set the domain name's which the cert is to be valid for + */ + public function setDomain(...$domains): void + { + $this->domains = $domains; + $this->removeDNProp('id-at-commonName'); + $this->setDNProp('id-at-commonName', $this->domains[0]); + } + + /** + * Set the IP Addresses's which the cert is to be valid for + * + * @param mixed[] ...$ipAddresses + */ + public function setIPAddress(...$ipAddresses): void + { + $this->ipAddresses = $ipAddresses; + /* + if (!isset($this->domains)) { + $this->removeDNProp('id-at-commonName'); + $this->setDNProp('id-at-commonName', $this->ipAddresses[0]); + } + */ + } + + /** + * Helper function to build domain array + */ + private static function dnsName(string $domain): array + { + return ['dNSName' => $domain]; + } + + /** + * Helper function to build IP Address array + * + * (IPv6 is not currently supported) + */ + private function iPAddress(string $address): array + { + return ['iPAddress' => $address]; + } + + /** + * Get the index of a revoked certificate. + * + * @param bool $create optional + * @return int|false + */ + private function revokedCertificate(array &$rclist, string $serial, bool $create = false) + { + $serial = new BigInteger($serial); + + foreach ($rclist as $i => $rc) { + if (!($serial->compare($rc['userCertificate']))) { + return $i; + } + } + + if (!$create) { + return false; + } + + $i = count($rclist); + $revocationDate = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + $rclist[] = ['userCertificate' => $serial, + 'revocationDate' => $this->timeField($revocationDate->format('D, d M Y H:i:s O')), ]; + return $i; + } + + /** + * Revoke a certificate. + * + * @param string|null $date optional + */ + public function revoke(string $serial, ?string $date = null): bool + { + if (isset($this->currentCert['tbsCertList'])) { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) { + if ($this->revokedCertificate($rclist, $serial) === false) { // If not yet revoked + if (($i = $this->revokedCertificate($rclist, $serial, true)) !== false) { + if (!empty($date)) { + $rclist[$i]['revocationDate'] = $this->timeField($date); + } + + return true; + } + } + } + } + + return false; + } + + /** + * Unrevoke a certificate. + */ + public function unrevoke(string $serial): bool + { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + unset($rclist[$i]); + $rclist = array_values($rclist); + return true; + } + } + + return false; + } + + /** + * Get a revoked certificate. + */ + public function getRevoked(string $serial) + { + if (is_array($rclist = $this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $rclist[$i]; + } + } + + return false; + } + + /** + * List revoked certificates + * + * @param array|null $crl optional + * @return array|bool + */ + public function listRevoked(?array $crl = null) + { + if (!isset($crl)) { + $crl = $this->currentCert; + } + + if (!isset($crl['tbsCertList'])) { + return false; + } + + $result = []; + + if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) { + foreach ($rclist as $rc) { + $result[] = $rc['userCertificate']->toString(); + } + } + + return $result; + } + + /** + * Remove a Revoked Certificate Extension + */ + public function removeRevokedCertificateExtension(string $serial, string $id): bool + { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $this->removeExtensionHelper($id, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + + return false; + } + + /** + * Get a Revoked Certificate Extension + * + * Returns the extension if it exists and false if not + * + * @param array|null $crl optional + */ + public function getRevokedCertificateExtension(string $serial, string $id, ?array $crl = null) + { + if (!isset($crl)) { + $crl = $this->currentCert; + } + + if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $this->getExtension($id, $crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + + return false; + } + + /** + * Returns a list of all extensions in use for a given revoked certificate + * + * @param array|null $crl optional + * @return array|bool + */ + public function getRevokedCertificateExtensions(string $serial, ?array $crl = null) + { + if (!isset($crl)) { + $crl = $this->currentCert; + } + + if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $this->getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + + return false; + } + + /** + * Set a Revoked Certificate Extension + * + * @param bool $critical optional + * @param bool $replace optional + */ + public function setRevokedCertificateExtension(string $serial, string $id, $value, bool $critical = false, bool $replace = true): bool + { + if (isset($this->currentCert['tbsCertList'])) { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) { + if (($i = $this->revokedCertificate($rclist, $serial, true)) !== false) { + return $this->setExtensionHelper($id, $value, $critical, $replace, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + } + + return false; + } + + /** + * Register the mapping for a custom/unsupported extension. + */ + public static function registerExtension(string $id, array $mapping): void + { + if (isset(self::$extensions[$id]) && self::$extensions[$id] !== $mapping) { + throw new RuntimeException( + 'Extension ' . $id . ' has already been defined with a different mapping.' + ); + } + + self::$extensions[$id] = $mapping; + } + + /** + * Register the mapping for a custom/unsupported extension. + */ + public static function getRegisteredExtension(string $id): ?array + { + return self::$extensions[$id] ?? null; + } + + /** + * Register the mapping for a custom/unsupported extension. + */ + public function setExtensionValue(string $id, $value, bool $critical = false, bool $replace = false): void + { + $this->extensionValues[$id] = compact('critical', 'replace', 'value'); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger.php new file mode 100644 index 0000000..831ddd7 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger.php @@ -0,0 +1,773 @@ + + * add($b); + * + * echo $c->toString(); // outputs 5 + * ?> + * + * + * @author Jim Wigginton + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +declare(strict_types=1); + +namespace phpseclib3\Math; + +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger\Engines\Engine; + +/** + * Pure-PHP arbitrary precision integer arithmetic library. Supports base-2, base-10, base-16, and base-256 + * numbers. + * + * @author Jim Wigginton + */ +class BigInteger implements \JsonSerializable +{ + /** + * Main Engine + * + * @var class-string + */ + private static $mainEngine; + + /** + * Selected Engines + * + * @var list + */ + private static $engines; + + /** + * The actual BigInteger object + * + * @var object + */ + private $value; + + /** + * Mode independent value used for serialization. + * + * @see self::__sleep() + * @see self::__wakeup() + * @var string + */ + private $hex; + + /** + * Precision (used only for serialization) + * + * @see self::__sleep() + * @see self::__wakeup() + * @var int + */ + private $precision; + + /** + * Sets engine type. + * + * Throws an exception if the type is invalid + * + * @param list $modexps optional + */ + public static function setEngine(string $main, array $modexps = ['DefaultEngine']): void + { + self::$engines = []; + + $fqmain = 'phpseclib3\\Math\\BigInteger\\Engines\\' . $main; + if (!class_exists($fqmain) || !method_exists($fqmain, 'isValidEngine')) { + throw new InvalidArgumentException("$main is not a valid engine"); + } + if (!$fqmain::isValidEngine()) { + throw new BadConfigurationException("$main is not setup correctly on this system"); + } + /** @var class-string $fqmain */ + self::$mainEngine = $fqmain; + + $found = false; + foreach ($modexps as $modexp) { + try { + $fqmain::setModExpEngine($modexp); + $found = true; + break; + } catch (\Exception $e) { + } + } + + if (!$found) { + throw new BadConfigurationException("No valid modular exponentiation engine found for $main"); + } + + self::$engines = [$main, $modexp]; + } + + /** + * Returns the engine type + * + * @return string[] + */ + public static function getEngine(): array + { + self::initialize_static_variables(); + + return self::$engines; + } + + /** + * Initialize static variables + */ + private static function initialize_static_variables(): void + { + if (!isset(self::$mainEngine)) { + $engines = [ + ['GMP', ['DefaultEngine']], + ['PHP64', ['OpenSSL']], + ['BCMath', ['OpenSSL']], + ['PHP32', ['OpenSSL']], + ['PHP64', ['DefaultEngine']], + ['PHP32', ['DefaultEngine']], + ]; + + foreach ($engines as $engine) { + try { + self::setEngine($engine[0], $engine[1]); + return; + } catch (\Exception $e) { + } + } + + throw new UnexpectedValueException('No valid BigInteger found. This is only possible when JIT is enabled on Windows and neither the GMP or BCMath extensions are available so either disable JIT or install GMP / BCMath'); + } + } + + /** + * Converts base-2, base-10, base-16, and binary strings (base-256) to BigIntegers. + * + * If the second parameter - $base - is negative, then it will be assumed that the number's are encoded using + * two's compliment. The sole exception to this is -10, which is treated the same as 10 is. + * + * @param string|int|Engine $x Base-10 number or base-$base number if $base set. + */ + public function __construct($x = 0, int $base = 10) + { + self::initialize_static_variables(); + + if ($x instanceof self::$mainEngine) { + $this->value = clone $x; + } elseif ($x instanceof Engine) { + $this->value = new static("$x"); + $this->value->setPrecision($x->getPrecision()); + } else { + $this->value = new self::$mainEngine($x, $base); + } + } + + /** + * Converts a BigInteger to a base-10 number. + */ + public function toString(): string + { + return $this->value->toString(); + } + + /** + * __toString() magic method + */ + public function __toString() + { + return (string)$this->value; + } + + /** + * __debugInfo() magic method + * + * Will be called, automatically, when print_r() or var_dump() are called + */ + public function __debugInfo() + { + return $this->value->__debugInfo(); + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + */ + public function toBytes(bool $twos_compliment = false): string + { + return $this->value->toBytes($twos_compliment); + } + + /** + * Converts a BigInteger to a hex string (eg. base-16). + */ + public function toHex(bool $twos_compliment = false): string + { + return $this->value->toHex($twos_compliment); + } + + /** + * Converts a BigInteger to a bit string (eg. base-2). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + */ + public function toBits(bool $twos_compliment = false): string + { + return $this->value->toBits($twos_compliment); + } + + /** + * Adds two BigIntegers. + */ + public function add(BigInteger $y): BigInteger + { + return new static($this->value->add($y->value)); + } + + /** + * Subtracts two BigIntegers. + */ + public function subtract(BigInteger $y): BigInteger + { + return new static($this->value->subtract($y->value)); + } + + /** + * Multiplies two BigIntegers + */ + public function multiply(BigInteger $x): BigInteger + { + return new static($this->value->multiply($x->value)); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * Here's an example: + * + * divide($b); + * + * echo $quotient->toString(); // outputs 0 + * echo "\r\n"; + * echo $remainder->toString(); // outputs 10 + * ?> + * + * + * @return BigInteger[] + */ + public function divide(BigInteger $y): array + { + [$q, $r] = $this->value->divide($y->value); + return [ + new static($q), + new static($r), + ]; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + */ + public function modInverse(BigInteger $n): BigInteger + { + return new static($this->value->modInverse($n->value)); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * @return BigInteger[] + */ + public function extendedGCD(BigInteger $n): array + { + extract($this->value->extendedGCD($n->value)); + /** + * @var BigInteger $gcd + * @var BigInteger $x + * @var BigInteger $y + */ + return [ + 'gcd' => new static($gcd), + 'x' => new static($x), + 'y' => new static($y), + ]; + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + */ + public function gcd(BigInteger $n): BigInteger + { + return new static($this->value->gcd($n->value)); + } + + /** + * Absolute value. + */ + public function abs(): BigInteger + { + return new static($this->value->abs()); + } + + /** + * Set Precision + * + * Some bitwise operations give different results depending on the precision being used. Examples include left + * shift, not, and rotates. + */ + public function setPrecision(int $bits): void + { + $this->value->setPrecision($bits); + } + + /** + * Get Precision + * + * Returns the precision if it exists, false if it doesn't + * + * @return int|bool + */ + public function getPrecision() + { + return $this->value->getPrecision(); + } + + /** + * Serialize + * + * Will be called, automatically, when serialize() is called on a BigInteger object. + * + * __sleep() / __wakeup() have been around since PHP 4.0 + * + * \Serializable was introduced in PHP 5.1 and deprecated in PHP 8.1: + * https://wiki.php.net/rfc/phase_out_serializable + * + * __serialize() / __unserialize() were introduced in PHP 7.4: + * https://wiki.php.net/rfc/custom_object_serialization + * + * @return array + */ + public function __sleep() + { + $this->hex = $this->toHex(true); + $vars = ['hex']; + if ($this->getPrecision() > 0) { + $vars[] = 'precision'; + } + return $vars; + } + + /** + * Serialize + * + * Will be called, automatically, when unserialize() is called on a BigInteger object. + */ + public function __wakeup(): void + { + $temp = new static($this->hex, -16); + $this->value = $temp->value; + if ($this->precision > 0) { + // recalculate $this->bitmask + $this->setPrecision($this->precision); + } + } + + /** + * JSON Serialize + * + * Will be called, automatically, when json_encode() is called on a BigInteger object. + * + * @return array{hex: string, precision?: int] + */ + #[\ReturnTypeWillChange] + public function jsonSerialize(): array + { + $result = ['hex' => $this->toHex(true)]; + if ($this->precision > 0) { + $result['precision'] = $this->getPrecision(); + } + return $result; + } + + /** + * Performs modular exponentiation. + */ + public function powMod(BigInteger $e, BigInteger $n): BigInteger + { + return new static($this->value->powMod($e->value, $n->value)); + } + + /** + * Performs modular exponentiation. + */ + public function modPow(BigInteger $e, BigInteger $n): BigInteger + { + return new static($this->value->modPow($e->value, $n->value)); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this + * is demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(BigInteger $y): int + { + return $this->value->compare($y->value); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + */ + public function equals(BigInteger $x): bool + { + return $this->value->equals($x->value); + } + + /** + * Logical Not + */ + public function bitwise_not(): BigInteger + { + return new static($this->value->bitwise_not()); + } + + /** + * Logical And + */ + public function bitwise_and(BigInteger $x): BigInteger + { + return new static($this->value->bitwise_and($x->value)); + } + + /** + * Logical Or + */ + public function bitwise_or(BigInteger $x): BigInteger + { + return new static($this->value->bitwise_or($x->value)); + } + + /** + * Logical Exclusive Or + */ + public function bitwise_xor(BigInteger $x): BigInteger + { + return new static($this->value->bitwise_xor($x->value)); + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + */ + public function bitwise_rightShift(int $shift): BigInteger + { + return new static($this->value->bitwise_rightShift($shift)); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + */ + public function bitwise_leftShift(int $shift): BigInteger + { + return new static($this->value->bitwise_leftShift($shift)); + } + + /** + * Logical Left Rotate + * + * Instead of the top x bits being dropped they're appended to the shifted bit string. + */ + public function bitwise_leftRotate(int $shift): BigInteger + { + return new static($this->value->bitwise_leftRotate($shift)); + } + + /** + * Logical Right Rotate + * + * Instead of the bottom x bits being dropped they're prepended to the shifted bit string. + */ + public function bitwise_rightRotate(int $shift): BigInteger + { + return new static($this->value->bitwise_rightRotate($shift)); + } + + /** + * Returns the smallest and largest n-bit number + * + * @return BigInteger[] + */ + public static function minMaxBits(int $bits): array + { + self::initialize_static_variables(); + + $class = self::$mainEngine; + extract($class::minMaxBits($bits)); + /** @var BigInteger $min + * @var BigInteger $max + */ + return [ + 'min' => new static($min), + 'max' => new static($max), + ]; + } + + /** + * Return the size of a BigInteger in bits + */ + public function getLength(): int + { + return $this->value->getLength(); + } + + /** + * Return the size of a BigInteger in bytes + */ + public function getLengthInBytes(): int + { + return $this->value->getLengthInBytes(); + } + + /** + * Generates a random number of a certain size + * + * Bit length is equal to $size + */ + public static function random(int $size): BigInteger + { + self::initialize_static_variables(); + + $class = self::$mainEngine; + return new static($class::random($size)); + } + + /** + * Generates a random prime number of a certain size + * + * Bit length is equal to $size + */ + public static function randomPrime(int $size): BigInteger + { + self::initialize_static_variables(); + + $class = self::$mainEngine; + return new static($class::randomPrime($size)); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @return false|BigInteger + */ + public static function randomRangePrime(BigInteger $min, BigInteger $max) + { + $class = self::$mainEngine; + return new static($class::randomRangePrime($min->value, $max->value)); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + */ + public static function randomRange(BigInteger $min, BigInteger $max): BigInteger + { + $class = self::$mainEngine; + return new static($class::randomRange($min->value, $max->value)); + } + + /** + * Checks a numer to see if it's prime + * + * Assuming the $t parameter is not set, this function has an error rate of 2**-80. The main motivation for the + * $t parameter is distributability. BigInteger::randomPrime() can be distributed across multiple pageloads + * on a website instead of just one. + * + * @param int|bool $t + */ + public function isPrime($t = false): bool + { + return $this->value->isPrime($t); + } + + /** + * Calculates the nth root of a biginteger. + * + * Returns the nth root of a positive biginteger, where n defaults to 2 + * + * @param int $n optional + */ + public function root(int $n = 2): BigInteger + { + return new static($this->value->root($n)); + } + + /** + * Performs exponentiation. + */ + public function pow(BigInteger $n): BigInteger + { + return new static($this->value->pow($n->value)); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + */ + public static function min(BigInteger ...$nums): BigInteger + { + $class = self::$mainEngine; + $nums = array_map(fn ($num) => $num->value, $nums); + return new static($class::min(...$nums)); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + */ + public static function max(BigInteger ...$nums): BigInteger + { + $class = self::$mainEngine; + $nums = array_map(fn ($num) => $num->value, $nums); + return new static($class::max(...$nums)); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + */ + public function between(BigInteger $min, BigInteger $max): bool + { + return $this->value->between($min->value, $max->value); + } + + /** + * Clone + */ + public function __clone() + { + $this->value = clone $this->value; + } + + /** + * Is Odd? + */ + public function isOdd(): bool + { + return $this->value->isOdd(); + } + + /** + * Tests if a bit is set + */ + public function testBit(int $x): bool + { + return $this->value->testBit($x); + } + + /** + * Is Negative? + */ + public function isNegative(): bool + { + return $this->value->isNegative(); + } + + /** + * Negate + * + * Given $k, returns -$k + */ + public function negate(): BigInteger + { + return new static($this->value->negate()); + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + */ + public static function scan1divide(BigInteger $r): int + { + $class = self::$mainEngine; + return $class::scan1divide($r->value); + } + + /** + * Create Recurring Modulo Function + * + * Sometimes it may be desirable to do repeated modulos with the same number outside of + * modular exponentiation + * + * @return callable + */ + public function createRecurringModuloFunction() + { + $func = $this->value->createRecurringModuloFunction(); + return fn (BigInteger $x) => new static($func($x->value)); + } + + /** + * Bitwise Split + * + * Splits BigInteger's into chunks of $split bits + * + * @return BigInteger[] + */ + public function bitwise_split(int $split): array + { + return array_map(fn ($val) => new static($val), $this->value->bitwise_split($split)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath.php new file mode 100644 index 0000000..76ccc5e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath.php @@ -0,0 +1,607 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; + +/** + * BCMath Engine. + * + * @author Jim Wigginton + */ +class BCMath extends Engine +{ + /** + * Can Bitwise operations be done fast? + * + * @see parent::bitwise_leftRotate() + * @see parent::bitwise_rightRotate() + */ + public const FAST_BITWISE = false; + + /** + * Engine Directory + * + * @see parent::setModExpEngine + */ + public const ENGINE_DIR = 'BCMath'; + + /** + * Test for engine validity + * + * @see parent::__construct() + */ + public static function isValidEngine(): bool + { + return extension_loaded('bcmath'); + } + + /** + * Default constructor + * + * @param mixed $x integer Base-10 number or base-$base number if $base set. + * @see parent::__construct() + */ + public function __construct($x = 0, int $base = 10) + { + if (!isset(static::$isValidEngine[static::class])) { + static::$isValidEngine[static::class] = self::isValidEngine(); + } + if (!static::$isValidEngine[static::class]) { + throw new BadConfigurationException('BCMath is not setup correctly on this system'); + } + + $this->value = '0'; + + parent::__construct($x, $base); + } + + /** + * Initialize a BCMath BigInteger Engine instance + * + * @see parent::__construct() + */ + protected function initialize(int $base): void + { + switch (abs($base)) { + case 256: + // round $len to the nearest 4 + $len = (strlen($this->value) + 3) & ~3; + + $x = str_pad($this->value, $len, chr(0), STR_PAD_LEFT); + + $this->value = '0'; + for ($i = 0; $i < $len; $i += 4) { + $this->value = bcmul($this->value, '4294967296', 0); // 4294967296 == 2**32 + $this->value = bcadd( + $this->value, + (string) (0x1000000 * ord($x[$i]) + ((ord($x[$i + 1]) << 16) | (ord($x[$i + 2]) << 8) | ord($x[$i + 3]))), + 0 + ); + } + + if ($this->is_negative) { + $this->value = '-' . $this->value; + } + break; + case 16: + $x = (strlen($this->value) & 1) ? '0' . $this->value : $this->value; + $temp = new self(Strings::hex2bin($x), 256); + $this->value = $this->is_negative ? '-' . $temp->value : $temp->value; + $this->is_negative = false; + break; + case 10: + // explicitly casting $x to a string is necessary, here, since doing $x[0] on -1 yields different + // results then doing it on '-1' does (modInverse does $x[0]) + $this->value = $this->value === '-' ? '0' : (string)$this->value; + } + } + + /** + * Converts a BigInteger to a base-10 number. + */ + public function toString(): string + { + if ($this->value === '0') { + return '0'; + } + + return ltrim($this->value, '0'); + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + */ + public function toBytes(bool $twos_compliment = false): string + { + if ($twos_compliment) { + return $this->toBytesHelper(); + } + + $value = ''; + $current = $this->value; + + if ($current[0] == '-') { + $current = substr($current, 1); + } + + while (bccomp($current, '0', 0) > 0) { + $temp = bcmod($current, '16777216'); + $value = chr($temp >> 16) . chr($temp >> 8) . chr((int) $temp) . $value; + $current = bcdiv($current, '16777216', 0); + } + + return $this->precision > 0 ? + substr(str_pad($value, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) : + ltrim($value, chr(0)); + } + + /** + * Adds two BigIntegers. + */ + public function add(BCMath $y): BCMath + { + $temp = new self(); + $temp->value = bcadd($this->value, $y->value); + + return $this->normalize($temp); + } + + /** + * Subtracts two BigIntegers. + */ + public function subtract(BCMath $y): BCMath + { + $temp = new self(); + $temp->value = bcsub($this->value, $y->value); + + return $this->normalize($temp); + } + + /** + * Multiplies two BigIntegers. + */ + public function multiply(BCMath $x): BCMath + { + $temp = new self(); + $temp->value = bcmul($this->value, $x->value); + + return $this->normalize($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @return array{static, static} + */ + public function divide(BCMath $y): array + { + $quotient = new self(); + $remainder = new self(); + + $quotient->value = bcdiv($this->value, $y->value, 0); + $remainder->value = bcmod($this->value, $y->value); + + if ($remainder->value[0] == '-') { + $remainder->value = bcadd($remainder->value, $y->value[0] == '-' ? substr($y->value, 1) : $y->value, 0); + } + + return [$this->normalize($quotient), $this->normalize($remainder)]; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * @return false|BCMath + */ + public function modInverse(BCMath $n) + { + return $this->modInverseHelper($n); + } + + /** + * Calculates the greatest common divisor and Bezout's identity. + * + * Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that + * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which + * combination is returned is dependent upon which mode is in use. See + * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information. + * + * @return array{gcd: static, x: static, y: static} + */ + public function extendedGCD(BCMath $n): array + { + // it might be faster to use the binary xGCD algorithim here, as well, but (1) that algorithim works + // best when the base is a power of 2 and (2) i don't think it'd make much difference, anyway. as is, + // the basic extended euclidean algorithim is what we're using. + + $u = $this->value; + $v = $n->value; + + $a = '1'; + $b = '0'; + $c = '0'; + $d = '1'; + + while (bccomp($v, '0', 0) != 0) { + $q = bcdiv($u, $v, 0); + + $temp = $u; + $u = $v; + $v = bcsub($temp, bcmul($v, $q, 0), 0); + + $temp = $a; + $a = $c; + $c = bcsub($temp, bcmul($a, $q, 0), 0); + + $temp = $b; + $b = $d; + $d = bcsub($temp, bcmul($b, $q, 0), 0); + } + + return [ + 'gcd' => $this->normalize(new static($u)), + 'x' => $this->normalize(new static($a)), + 'y' => $this->normalize(new static($b)), + ]; + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + */ + public function gcd(BCMath $n): BCMath + { + extract($this->extendedGCD($n)); + /** @var BCMath $gcd */ + return $gcd; + } + + /** + * Absolute value. + */ + public function abs(): BCMath + { + $temp = new static(); + $temp->value = strlen($this->value) && $this->value[0] == '-' ? + substr($this->value, 1) : + $this->value; + + return $temp; + } + + /** + * Logical And + */ + public function bitwise_and(BCMath $x): BCMath + { + return $this->bitwiseAndHelper($x); + } + + /** + * Logical Or + */ + public function bitwise_or(BCMath $x): BCMath + { + return $this->bitwiseOrHelper($x); + } + + /** + * Logical Exclusive Or + */ + public function bitwise_xor(BCMath $x): BCMath + { + return $this->bitwiseXorHelper($x); + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + */ + public function bitwise_rightShift(int $shift): BCMath + { + $temp = new static(); + $temp->value = bcdiv($this->value, bcpow('2', (string)$shift, 0), 0); + + return $this->normalize($temp); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + */ + public function bitwise_leftShift(int $shift): BCMath + { + $temp = new static(); + $temp->value = bcmul($this->value, bcpow('2', (string) $shift, 0), 0); + + return $this->normalize($temp); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this + * is demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(BCMath $y): int + { + return bccomp($this->value, $y->value, 0); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + */ + public function equals(BCMath $x): bool + { + return $this->value == $x->value; + } + + /** + * Performs modular exponentiation. + */ + public function modPow(BCMath $e, BCMath $n): BCMath + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + */ + public function powMod(BCMath $e, BCMath $n): BCMath + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + */ + protected function powModInner(BCMath $e, BCMath $n): BCMath + { + try { + $class = static::$modexpEngine[static::class]; + return $class::powModHelper($this, $e, $n, static::class); + } catch (\Exception $err) { + return BCMath\DefaultEngine::powModHelper($this, $e, $n, static::class); + } + } + + /** + * Normalize + * + * Removes leading zeros and truncates (if necessary) to maintain the appropriate precision + */ + protected function normalize(BCMath $result): BCMath + { + $result->precision = $this->precision; + $result->bitmask = $this->bitmask; + + if ($result->bitmask !== false) { + $result->value = bcmod($result->value, $result->bitmask->value); + } + + return $result; + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @return false|BCMath + */ + public static function randomRangePrime(BCMath $min, BCMath $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + */ + public static function randomRange(BCMath $min, BCMath $max): BCMath + { + return self::randomRangeHelper($min, $max); + } + + /** + * Make the current number odd + * + * If the current number is odd it'll be unchanged. If it's even, one will be added to it. + * + * @see self::randomPrime() + */ + protected function make_odd(): void + { + if (!$this->isOdd()) { + $this->value = bcadd($this->value, '1'); + } + } + + /** + * Test the number against small primes. + * + * @see self::isPrime() + */ + protected function testSmallPrimes(): bool + { + if ($this->value === '1') { + return false; + } + if ($this->value === '2') { + return true; + } + if ($this->value[-1] % 2 == 0) { + return false; + } + + $value = $this->value; + + foreach (self::PRIMES as $prime) { + $r = bcmod($this->value, (string)$prime); + if ($r == '0') { + return $this->value == $prime; + } + } + + return true; + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + * + * @see self::isPrime() + */ + public static function scan1divide(BCMath $r): int + { + $r_value = &$r->value; + $s = 0; + // if $n was 1, $r would be 0 and this would be an infinite loop, hence our $this->equals(static::$one[static::class]) check earlier + while ($r_value[-1] % 2 == 0) { + $r_value = bcdiv($r_value, '2', 0); + ++$s; + } + + return $s; + } + + /** + * Performs exponentiation. + */ + public function pow(BCMath $n): BCMath + { + $temp = new self(); + $temp->value = bcpow($this->value, $n->value); + + return $this->normalize($temp); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + */ + public static function min(BCMath ...$nums): BCMath + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + */ + public static function max(BCMath ...$nums): BCMath + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + */ + public function between(BCMath $min, BCMath $max): bool + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } + + /** + * Set Bitmask + * + * @see self::setPrecision() + */ + protected static function setBitmask(int $bits): Engine + { + $temp = parent::setBitmask($bits); + return $temp->add(static::$one[static::class]); + } + + /** + * Is Odd? + */ + public function isOdd(): bool + { + return $this->value[-1] % 2 == 1; + } + + /** + * Tests if a bit is set + */ + public function testBit($x): bool + { + return bccomp( + bcmod($this->value, bcpow('2', $x + 1, 0)), + bcpow('2', $x, 0), + 0 + ) >= 0; + } + + /** + * Is Negative? + */ + public function isNegative(): bool + { + return strlen($this->value) && $this->value[0] == '-'; + } + + /** + * Negate + * + * Given $k, returns -$k + */ + public function negate(): BCMath + { + $temp = clone $this; + + if (!strlen($temp->value)) { + return $temp; + } + + $temp->value = $temp->value[0] == '-' ? + substr($this->value, 1) : + '-' . $this->value; + + return $temp; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Base.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Base.php new file mode 100644 index 0000000..7bca0b2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Base.php @@ -0,0 +1,89 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\BCMath; + +/** + * Sliding Window Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Base extends BCMath +{ + /** + * Cache constants + * + * $cache[self::VARIABLE] tells us whether or not the cached data is still valid. + */ + public const VARIABLE = 0; + /** + * $cache[self::DATA] contains the cached data. + */ + public const DATA = 1; + + /** + * Test for engine validity + */ + public static function isValidEngine(): bool + { + return static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + */ + protected static function powModHelper(BCMath $x, BCMath $e, BCMath $n, string $class): BCMath + { + if (empty($e->value)) { + $temp = new $class(); + $temp->value = '1'; + return $x->normalize($temp); + } + + return $x->normalize(static::slidingWindow($x, $e, $n, $class)); + } + + /** + * Modular reduction preparation + * + * @see self::slidingWindow() + */ + protected static function prepareReduce(string $x, string $n, string $class): string + { + return static::reduce($x, $n); + } + + /** + * Modular multiply + * + * @see self::slidingWindow() + */ + protected static function multiplyReduce(string $x, string $y, string $n, string $class): string + { + return static::reduce(bcmul($x, $y), $n); + } + + /** + * Modular square + * + * @see self::slidingWindow() + */ + protected static function squareReduce(string $x, string $n, string $class): string + { + return static::reduce(bcmul($x, $x), $n); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/BuiltIn.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/BuiltIn.php new file mode 100644 index 0000000..fede15d --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/BuiltIn.php @@ -0,0 +1,37 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\BCMath; + +/** + * Built-In BCMath Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class BuiltIn extends BCMath +{ + /** + * Performs modular exponentiation. + */ + protected static function powModHelper(BCMath $x, BCMath $e, BCMath $n): BCMath + { + $temp = new BCMath(); + $temp->value = bcpowmod($x->value, $e->value, $n->value); + + return $x->normalize($temp); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/DefaultEngine.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/DefaultEngine.php new file mode 100644 index 0000000..cda01c8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/DefaultEngine.php @@ -0,0 +1,27 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\BCMath\Reductions\Barrett; + +/** + * PHP Default Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class DefaultEngine extends Barrett +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/OpenSSL.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/OpenSSL.php new file mode 100644 index 0000000..4476283 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/OpenSSL.php @@ -0,0 +1,27 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\OpenSSL as Progenitor; + +/** + * OpenSSL Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class OpenSSL extends Progenitor +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php new file mode 100644 index 0000000..0abff0f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php @@ -0,0 +1,179 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\BCMath\Reductions; + +use phpseclib3\Math\BigInteger\Engines\BCMath\Base; + +/** + * PHP Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Barrett extends Base +{ + /** + * Cache constants + * + * $cache[self::VARIABLE] tells us whether or not the cached data is still valid. + */ + public const VARIABLE = 0; + /** + * $cache[self::DATA] contains the cached data. + */ + public const DATA = 1; + + /** + * Barrett Modular Reduction + * + * See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=14 HAC 14.3.3} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=165 MPM 6.2.5} for more information. Modified slightly, + * so as not to require negative numbers (initially, this script didn't support negative numbers). + * + * Employs "folding", as described at + * {@link http://www.cosic.esat.kuleuven.be/publications/thesis-149.pdf#page=66 thesis-149.pdf#page=66}. To quote from + * it, "the idea [behind folding] is to find a value x' such that x (mod m) = x' (mod m), with x' being smaller than x." + * + * Unfortunately, the "Barrett Reduction with Folding" algorithm described in thesis-149.pdf is not, as written, all that + * usable on account of (1) its not using reasonable radix points as discussed in + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=162 MPM 6.2.2} and (2) the fact that, even with reasonable + * radix points, it only works when there are an even number of digits in the denominator. The reason for (2) is that + * (x >> 1) + (x >> 1) != x / 2 + x / 2. If x is even, they're the same, but if x is odd, they're not. See the in-line + * comments for details. + */ + protected static function reduce(string $n, string $m): string + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [], + ]; + + $m_length = strlen($m); + + if (strlen($n) >= 2 * $m_length) { + return bcmod($n, $m); + } + + // if (m.length >> 1) + 2 <= m.length then m is too small and n can't be reduced + if ($m_length < 5) { + return self::regularBarrett($n, $m); + } + // n = 2 * m.length + + if (($key = array_search($m, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $m; + + $lhs = '1' . str_repeat('0', $m_length + ($m_length >> 1)); + $u = bcdiv($lhs, $m, 0); + $m1 = bcsub($lhs, bcmul($u, $m)); + + $cache[self::DATA][] = [ + 'u' => $u, // m.length >> 1 (technically (m.length >> 1) + 1) + 'm1' => $m1, // m.length + ]; + } else { + extract($cache[self::DATA][$key]); + } + + $cutoff = $m_length + ($m_length >> 1); + + $lsd = substr($n, -$cutoff); + $msd = substr($n, 0, -$cutoff); + + $temp = bcmul($msd, $m1); // m.length + (m.length >> 1) + $n = bcadd($lsd, $temp); // m.length + (m.length >> 1) + 1 (so basically we're adding two same length numbers) + //if ($m_length & 1) { + // return self::regularBarrett($n, $m); + //} + + // (m.length + (m.length >> 1) + 1) - (m.length - 1) == (m.length >> 1) + 2 + $temp = substr($n, 0, -$m_length + 1); + // if even: ((m.length >> 1) + 2) + (m.length >> 1) == m.length + 2 + // if odd: ((m.length >> 1) + 2) + (m.length >> 1) == (m.length - 1) + 2 == m.length + 1 + $temp = bcmul($temp, $u); + // if even: (m.length + 2) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + 1 + // if odd: (m.length + 1) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + $temp = substr($temp, 0, -($m_length >> 1) - 1); + // if even: (m.length - (m.length >> 1) + 1) + m.length = 2 * m.length - (m.length >> 1) + 1 + // if odd: (m.length - (m.length >> 1)) + m.length = 2 * m.length - (m.length >> 1) + $temp = bcmul($temp, $m); + + // at this point, if m had an odd number of digits, we'd be subtracting a 2 * m.length - (m.length >> 1) digit + // number from a m.length + (m.length >> 1) + 1 digit number. ie. there'd be an extra digit and the while loop + // following this comment would loop a lot (hence our calling _regularBarrett() in that situation). + + $result = bcsub($n, $temp); + + //if (bccomp($result, '0') < 0) { + if ($result[0] == '-') { + $temp = '1' . str_repeat('0', $m_length + 1); + $result = bcadd($result, $temp); + } + + while (bccomp($result, $m) >= 0) { + $result = bcsub($result, $m); + } + + return $result; + } + + /** + * (Regular) Barrett Modular Reduction + * + * For numbers with more than four digits BigInteger::_barrett() is faster. The difference between that and this + * is that this function does not fold the denominator into a smaller form. + */ + private static function regularBarrett(string $x, string $n): string + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [], + ]; + + $n_length = strlen($n); + + if (strlen($x) > 2 * $n_length) { + return bcmod($x, $n); + } + + if (($key = array_search($n, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $n; + $lhs = '1' . str_repeat('0', 2 * $n_length); + $cache[self::DATA][] = bcdiv($lhs, $n, 0); + } + + $temp = substr($x, 0, -$n_length + 1); + $temp = bcmul($temp, $cache[self::DATA][$key]); + $temp = substr($temp, 0, -$n_length - 1); + + $r1 = substr($x, -$n_length - 1); + $r2 = substr(bcmul($temp, $n), -$n_length - 1); + $result = bcsub($r1, $r2); + + //if (bccomp($result, '0') < 0) { + if ($result[0] == '-') { + $q = '1' . str_repeat('0', $n_length + 1); + $result = bcadd($result, $q); + } + + while (bccomp($result, $n) >= 0) { + $result = bcsub($result, $n); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php new file mode 100644 index 0000000..a703ea5 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php @@ -0,0 +1,104 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\BCMath\Reductions; + +use phpseclib3\Math\BigInteger\Engines\BCMath; +use phpseclib3\Math\BigInteger\Engines\BCMath\Base; + +/** + * PHP Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class EvalBarrett extends Base +{ + /** + * Custom Reduction Function + * + * @see self::generateCustomReduction + */ + private static $custom_reduction; + + /** + * Barrett Modular Reduction + * + * This calls a dynamically generated loop unrolled function that's specific to a given modulo. + * Array lookups are avoided as are if statements testing for how many bits the host OS supports, etc. + */ + protected static function reduce(string $n, string $m): string + { + $inline = self::$custom_reduction; + return $inline($n); + } + + /** + * Generate Custom Reduction + * + * @return callable|void + */ + protected static function generateCustomReduction(BCMath $m, string $class) + { + $m_length = strlen($m); + + if ($m_length < 5) { + $code = 'return bcmod($x, $n);'; + eval('$func = function ($n) { ' . $code . '};'); + self::$custom_reduction = $func; + return; + } + + $lhs = '1' . str_repeat('0', $m_length + ($m_length >> 1)); + $u = bcdiv($lhs, $m, 0); + $m1 = bcsub($lhs, bcmul($u, $m)); + + $cutoff = $m_length + ($m_length >> 1); + + $m = "'$m'"; + $u = "'$u'"; + $m1 = "'$m1'"; + + $code = ' + $lsd = substr($n, -' . $cutoff . '); + $msd = substr($n, 0, -' . $cutoff . '); + + $temp = bcmul($msd, ' . $m1 . '); + $n = bcadd($lsd, $temp); + + $temp = substr($n, 0, ' . (-$m_length + 1) . '); + $temp = bcmul($temp, ' . $u . '); + $temp = substr($temp, 0, ' . (-($m_length >> 1) - 1) . '); + $temp = bcmul($temp, ' . $m . '); + + $result = bcsub($n, $temp); + + if ($result[0] == \'-\') { + $temp = \'1' . str_repeat('0', $m_length + 1) . '\'; + $result = bcadd($result, $temp); + } + + while (bccomp($result, ' . $m . ') >= 0) { + $result = bcsub($result, ' . $m . '); + } + + return $result;'; + + eval('$func = function ($n) { ' . $code . '};'); + + self::$custom_reduction = $func; + + return $func; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/Engine.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/Engine.php new file mode 100644 index 0000000..bc6636b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/Engine.php @@ -0,0 +1,1219 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Math\BigInteger; + +/** + * Base Engine. + * + * @author Jim Wigginton + */ +abstract class Engine implements \JsonSerializable +{ + /* final */ protected const PRIMES = [ + 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, + 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, + 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, + 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, + 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, + 953, 967, 971, 977, 983, 991, 997, + ]; + + /** + * BigInteger(0) + * + * @var array, static> + */ + protected static $zero = []; + + /** + * BigInteger(1) + * + * @var array, static> + */ + protected static $one = []; + + /** + * BigInteger(2) + * + * @var array, static> + */ + protected static $two = []; + + /** + * Modular Exponentiation Engine + * + * @var array, class-string> + */ + protected static $modexpEngine; + + /** + * Engine Validity Flag + * + * @var array, bool> + */ + protected static $isValidEngine; + + /** + * Holds the BigInteger's value + * + * @var \GMP|string|array|int + */ + protected $value; + + /** + * Holds the BigInteger's sign + * + * @var bool + */ + protected $is_negative = false; + + /** + * Precision + * + * @see static::setPrecision() + * @var int + */ + protected $precision = -1; + + /** + * Precision Bitmask + * + * @see static::setPrecision() + * @var static|false + */ + protected $bitmask = false; + + /** + * Recurring Modulo Function + * + * @var callable + */ + protected $reduce; + + /** + * Mode independent value used for serialization. + * + * @see self::__sleep() + * @see self::__wakeup() + * @var string + */ + protected $hex; + + /** + * Default constructor + * + * @param int|numeric-string $x integer Base-10 number or base-$base number if $base set. + */ + public function __construct($x = 0, int $base = 10) + { + if (!array_key_exists(static::class, static::$zero)) { + static::$zero[static::class] = null; // Placeholder to prevent infinite loop. + static::$zero[static::class] = new static(0); + static::$one[static::class] = new static(1); + static::$two[static::class] = new static(2); + } + + // '0' counts as empty() but when the base is 256 '0' is equal to ord('0') or 48 + // '0' is the only value like this per http://php.net/empty + if (empty($x) && (abs($base) != 256 || $x !== '0')) { + return; + } + + switch ($base) { + case -256: + case 256: + if ($base == -256 && (ord($x[0]) & 0x80)) { + $this->value = ~$x; + $this->is_negative = true; + } else { + $this->value = $x; + $this->is_negative = false; + } + + $this->initialize($base); + + if ($this->is_negative) { + $temp = $this->add(new static('-1')); + $this->value = $temp->value; + } + break; + case -16: + case 16: + if ($base > 0 && $x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = preg_replace('#^(?:0x)?([A-Fa-f0-9]*).*#s', '$1', $x); + + $is_negative = false; + if ($base < 0 && hexdec($x[0]) >= 8) { + $this->is_negative = $is_negative = true; + $x = Strings::bin2hex(~Strings::hex2bin($x)); + } + + $this->value = $x; + $this->initialize($base); + + if ($is_negative) { + $temp = $this->add(new static('-1')); + $this->value = $temp->value; + } + break; + case -10: + case 10: + // (?value = preg_replace('#(?value) || $this->value == '-') { + $this->value = '0'; + } + $this->initialize($base); + break; + case -2: + case 2: + if ($base > 0 && $x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = preg_replace('#^([01]*).*#s', '$1', $x); + + $temp = new static(Strings::bits2bin($x), 128 * $base); // ie. either -16 or +16 + $this->value = $temp->value; + if ($temp->is_negative) { + $this->is_negative = true; + } + + break; + default: + // base not supported, so we'll let $this == 0 + } + } + + /** + * Sets engine type. + * + * Throws an exception if the type is invalid + * + * @param class-string $engine + */ + public static function setModExpEngine(string $engine): void + { + $fqengine = '\\phpseclib3\\Math\\BigInteger\\Engines\\' . static::ENGINE_DIR . '\\' . $engine; + if (!class_exists($fqengine) || !method_exists($fqengine, 'isValidEngine')) { + throw new InvalidArgumentException("$engine is not a valid engine"); + } + if (!$fqengine::isValidEngine()) { + throw new BadConfigurationException("$engine is not setup correctly on this system"); + } + static::$modexpEngine[static::class] = $fqengine; + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + */ + protected function toBytesHelper(): string + { + $comparison = $this->compare(new static()); + if ($comparison == 0) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $temp = $comparison < 0 ? $this->add(new static(1)) : $this; + $bytes = $temp->toBytes(); + + if (!strlen($bytes)) { // eg. if the number we're trying to convert is -1 + $bytes = chr(0); + } + + if (ord($bytes[0]) & 0x80) { + $bytes = chr(0) . $bytes; + } + + return $comparison < 0 ? ~$bytes : $bytes; + } + + /** + * Converts a BigInteger to a hex string (eg. base-16). + */ + public function toHex(bool $twos_compliment = false): string + { + return Strings::bin2hex($this->toBytes($twos_compliment)); + } + + /** + * Converts a BigInteger to a bit string (eg. base-2). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + */ + public function toBits(bool $twos_compliment = false): string + { + $hex = $this->toBytes($twos_compliment); + $bits = Strings::bin2bits($hex); + + $result = $this->precision > 0 ? substr($bits, -$this->precision) : ltrim($bits, '0'); + + if ($twos_compliment && $this->compare(new static()) > 0 && $this->precision <= 0) { + return '0' . $result; + } + + return $result; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * {@internal See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=21 HAC 14.64} for more information.} + * + * @return static|false + */ + protected function modInverseHelper(Engine $n) + { + // $x mod -$n == $x mod $n. + $n = $n->abs(); + + if ($this->compare(static::$zero[static::class]) < 0) { + $temp = $this->abs(); + $temp = $temp->modInverse($n); + return $this->normalize($n->subtract($temp)); + } + + extract($this->extendedGCD($n)); + /** + * @var Engine $gcd + * @var Engine $x + */ + + if (!$gcd->equals(static::$one[static::class])) { + return false; + } + + $x = $x->compare(static::$zero[static::class]) < 0 ? $x->add($n) : $x; + + return $this->compare(static::$zero[static::class]) < 0 ? $this->normalize($n->subtract($x)) : $this->normalize($x); + } + + /** + * Serialize + * + * Will be called, automatically, when serialize() is called on a BigInteger object. + * + * @return array + */ + public function __sleep() + { + $this->hex = $this->toHex(true); + $vars = ['hex']; + if ($this->precision > 0) { + $vars[] = 'precision'; + } + return $vars; + } + + /** + * Serialize + * + * Will be called, automatically, when unserialize() is called on a BigInteger object. + */ + public function __wakeup(): void + { + $temp = new static($this->hex, -16); + $this->value = $temp->value; + $this->is_negative = $temp->is_negative; + if ($this->precision > 0) { + // recalculate $this->bitmask + $this->setPrecision($this->precision); + } + } + + /** + * JSON Serialize + * + * Will be called, automatically, when json_encode() is called on a BigInteger object. + * + * @return array{hex: string, precision?: int] + */ + #[\ReturnTypeWillChange] + public function jsonSerialize(): array + { + $result = ['hex' => $this->toHex(true)]; + if ($this->precision > 0) { + $result['precision'] = $this->precision; + } + return $result; + } + + /** + * Converts a BigInteger to a base-10 number. + * + * @return string + */ + public function __toString() + { + return $this->toString(); + } + + /** + * __debugInfo() magic method + * + * Will be called, automatically, when print_r() or var_dump() are called + * + * @return array + */ + public function __debugInfo() + { + $result = [ + 'value' => '0x' . $this->toHex(true), + 'engine' => basename(static::class), + ]; + return $this->precision > 0 ? $result + ['precision' => $this->precision] : $result; + } + + /** + * Set Precision + * + * Some bitwise operations give different results depending on the precision being used. Examples include left + * shift, not, and rotates. + */ + public function setPrecision(int $bits): void + { + if ($bits < 1) { + $this->precision = -1; + $this->bitmask = false; + + return; + } + $this->precision = $bits; + $this->bitmask = static::setBitmask($bits); + + $temp = $this->normalize($this); + $this->value = $temp->value; + } + + /** + * Get Precision + * + * Returns the precision if it exists, -1 if it doesn't + */ + public function getPrecision(): int + { + return $this->precision; + } + + /** + * Set Bitmask + * + * @return static + * @see self::setPrecision() + */ + protected static function setBitmask(int $bits): Engine + { + return new static(chr((1 << ($bits & 0x7)) - 1) . str_repeat(chr(0xFF), $bits >> 3), 256); + } + + /** + * Logical Not + * + * @return Engine|string + */ + public function bitwise_not() + { + // calculuate "not" without regard to $this->precision + // (will always result in a smaller number. ie. ~1 isn't 1111 1110 - it's 0) + $temp = $this->toBytes(); + if ($temp == '') { + return $this->normalize(static::$zero[static::class]); + } + $pre_msb = decbin(ord($temp[0])); + $temp = ~$temp; + $msb = decbin(ord($temp[0])); + if (strlen($msb) == 8) { + $msb = substr($msb, strpos($msb, '0')); + } + $temp[0] = chr(bindec($msb)); + + // see if we need to add extra leading 1's + $current_bits = strlen($pre_msb) + 8 * strlen($temp) - 8; + $new_bits = $this->precision - $current_bits; + if ($new_bits <= 0) { + return $this->normalize(new static($temp, 256)); + } + + // generate as many leading 1's as we need to. + $leading_ones = chr((1 << ($new_bits & 0x7)) - 1) . str_repeat(chr(0xFF), $new_bits >> 3); + + self::base256_lshift($leading_ones, $current_bits); + + $temp = str_pad($temp, strlen($leading_ones), chr(0), STR_PAD_LEFT); + + return $this->normalize(new static($leading_ones | $temp, 256)); + } + + /** + * Logical Left Shift + * + * Shifts binary strings $shift bits, essentially multiplying by 2**$shift. + */ + protected static function base256_lshift(string &$x, int $shift): void + { + if ($shift == 0) { + return; + } + + $num_bytes = $shift >> 3; // eg. floor($shift/8) + $shift &= 7; // eg. $shift % 8 + + $carry = 0; + for ($i = strlen($x) - 1; $i >= 0; --$i) { + $temp = ord($x[$i]) << $shift | $carry; + $x[$i] = chr($temp); + $carry = $temp >> 8; + } + $carry = ($carry != 0) ? chr($carry) : ''; + $x = $carry . $x . str_repeat(chr(0), $num_bytes); + } + + /** + * Logical Left Rotate + * + * Instead of the top x bits being dropped they're appended to the shifted bit string. + */ + public function bitwise_leftRotate(int $shift): Engine + { + $bits = $this->toBytes(); + + if ($this->precision > 0) { + $precision = $this->precision; + if (static::FAST_BITWISE) { + $mask = $this->bitmask->toBytes(); + } else { + $mask = $this->bitmask->subtract(new static(1)); + $mask = $mask->toBytes(); + } + } else { + $temp = ord($bits[0]); + for ($i = 0; $temp >> $i; ++$i) { + } + $precision = 8 * strlen($bits) - 8 + $i; + $mask = chr((1 << ($precision & 0x7)) - 1) . str_repeat(chr(0xFF), $precision >> 3); + } + + if ($shift < 0) { + $shift += $precision; + } + $shift %= $precision; + + if (!$shift) { + return clone $this; + } + + $left = $this->bitwise_leftShift($shift); + $left = $left->bitwise_and(new static($mask, 256)); + $right = $this->bitwise_rightShift($precision - $shift); + $result = static::FAST_BITWISE ? $left->bitwise_or($right) : $left->add($right); + return $this->normalize($result); + } + + /** + * Logical Right Rotate + * + * Instead of the bottom x bits being dropped they're prepended to the shifted bit string. + */ + public function bitwise_rightRotate(int $shift): Engine + { + return $this->bitwise_leftRotate(-$shift); + } + + /** + * Returns the smallest and largest n-bit number + * + * @return array{min: static, max: static} + */ + public static function minMaxBits(int $bits): array + { + $bytes = $bits >> 3; + $min = str_repeat(chr(0), $bytes); + $max = str_repeat(chr(0xFF), $bytes); + $msb = $bits & 7; + if ($msb) { + $min = chr(1 << ($msb - 1)) . $min; + $max = chr((1 << $msb) - 1) . $max; + } else { + $min[0] = chr(0x80); + } + return [ + 'min' => new static($min, 256), + 'max' => new static($max, 256), + ]; + } + + /** + * Return the size of a BigInteger in bits + */ + public function getLength(): int + { + return strlen($this->toBits()); + } + + /** + * Return the size of a BigInteger in bytes + */ + public function getLengthInBytes(): int + { + return (int) ceil($this->getLength() / 8); + } + + /** + * Performs some pre-processing for powMod + * + * @return static|false + */ + protected function powModOuter(Engine $e, Engine $n) + { + $n = $this->bitmask !== false && $this->bitmask->compare($n) < 0 ? $this->bitmask : $n->abs(); + + if ($e->compare(new static()) < 0) { + $e = $e->abs(); + + $temp = $this->modInverse($n); + if ($temp === false) { + return false; + } + + return $this->normalize($temp->powModInner($e, $n)); + } + + if ($this->compare($n) > 0) { + [, $temp] = $this->divide($n); + return $temp->powModInner($e, $n); + } + + return $this->powModInner($e, $n); + } + + /** + * Sliding Window k-ary Modular Exponentiation + * + * Based on {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=27 HAC 14.85} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=210 MPM 7.7}. In a departure from those algorithims, + * however, this function performs a modular reduction after every multiplication and squaring operation. + * As such, this function has the same preconditions that the reductions being used do. + * + * @template T of Engine + * @param class-string $class + * @return T + */ + protected static function slidingWindow(Engine $x, Engine $e, Engine $n, string $class) + { + static $window_ranges = [7, 25, 81, 241, 673, 1793]; // from BigInteger.java's oddModPow function + //static $window_ranges = [0, 7, 36, 140, 450, 1303, 3529]; // from MPM 7.3.1 + + $e_bits = $e->toBits(); + $e_length = strlen($e_bits); + + // calculate the appropriate window size. + // $window_size == 3 if $window_ranges is between 25 and 81, for example. + for ($i = 0, $window_size = 1; $i < count($window_ranges) && $e_length > $window_ranges[$i]; ++$window_size, ++$i) { + } + + $n_value = $n->value; + + if (method_exists(static::class, 'generateCustomReduction')) { + static::generateCustomReduction($n, $class); + } + + // precompute $this^0 through $this^$window_size + $powers = []; + $powers[1] = static::prepareReduce($x->value, $n_value, $class); + $powers[2] = static::squareReduce($powers[1], $n_value, $class); + + // we do every other number since substr($e_bits, $i, $j+1) (see below) is supposed to end + // in a 1. ie. it's supposed to be odd. + $temp = 1 << ($window_size - 1); + for ($i = 1; $i < $temp; ++$i) { + $i2 = $i << 1; + $powers[$i2 + 1] = static::multiplyReduce($powers[$i2 - 1], $powers[2], $n_value, $class); + } + + $result = new $class(1); + $result = static::prepareReduce($result->value, $n_value, $class); + + for ($i = 0; $i < $e_length;) { + if (!$e_bits[$i]) { + $result = static::squareReduce($result, $n_value, $class); + ++$i; + } else { + for ($j = $window_size - 1; $j > 0; --$j) { + if (!empty($e_bits[$i + $j])) { + break; + } + } + + // eg. the length of substr($e_bits, $i, $j + 1) + for ($k = 0; $k <= $j; ++$k) { + $result = static::squareReduce($result, $n_value, $class); + } + + $result = static::multiplyReduce($result, $powers[bindec(substr($e_bits, $i, $j + 1))], $n_value, $class); + + $i += $j + 1; + } + } + + $temp = new $class(); + $temp->value = static::reduce($result, $n_value, $class); + + return $temp; + } + + /** + * Generates a random number of a certain size + * + * Bit length is equal to $size + */ + public static function random(int $size): Engine + { + extract(static::minMaxBits($size)); + /** + * @var BigInteger $min + * @var BigInteger $max + */ + return static::randomRange($min, $max); + } + + /** + * Generates a random prime number of a certain size + * + * Bit length is equal to $size + */ + public static function randomPrime(int $size): Engine + { + extract(static::minMaxBits($size)); + /** + * @var static $min + * @var static $max + */ + return static::randomRangePrime($min, $max); + } + + /** + * Performs some pre-processing for randomRangePrime + * + * @return static|false + */ + protected static function randomRangePrimeOuter(Engine $min, Engine $max) + { + $compare = $max->compare($min); + + if (!$compare) { + return $min->isPrime() ? $min : false; + } elseif ($compare < 0) { + // if $min is bigger then $max, swap $min and $max + $temp = $max; + $max = $min; + $min = $temp; + } + + $length = $max->getLength(); + if ($length > 8196) { + throw new \RuntimeException("Generation of random prime numbers larger than 8196 has been disabled ($length)"); + } + + $x = static::randomRange($min, $max); + + return static::randomRangePrimeInner($x, $min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + */ + protected static function randomRangeHelper(Engine $min, Engine $max): Engine + { + $compare = $max->compare($min); + + if (!$compare) { + return $min; + } elseif ($compare < 0) { + // if $min is bigger then $max, swap $min and $max + $temp = $max; + $max = $min; + $min = $temp; + } + + if (!isset(static::$one[static::class])) { + static::$one[static::class] = new static(1); + } + + $max = $max->subtract($min->subtract(static::$one[static::class])); + + $size = strlen(ltrim($max->toBytes(), chr(0))); + + /* + doing $random % $max doesn't work because some numbers will be more likely to occur than others. + eg. if $max is 140 and $random's max is 255 then that'd mean both $random = 5 and $random = 145 + would produce 5 whereas the only value of random that could produce 139 would be 139. ie. + not all numbers would be equally likely. some would be more likely than others. + + creating a whole new random number until you find one that is within the range doesn't work + because, for sufficiently small ranges, the likelihood that you'd get a number within that range + would be pretty small. eg. with $random's max being 255 and if your $max being 1 the probability + would be pretty high that $random would be greater than $max. + + phpseclib works around this using the technique described here: + + http://crypto.stackexchange.com/questions/5708/creating-a-small-number-from-a-cryptographically-secure-random-string + */ + $random_max = new static(chr(1) . str_repeat("\0", $size), 256); + $random = new static(Random::string($size), 256); + + [$max_multiple] = $random_max->divide($max); + $max_multiple = $max_multiple->multiply($max); + + while ($random->compare($max_multiple) >= 0) { + $random = $random->subtract($max_multiple); + $random_max = $random_max->subtract($max_multiple); + $random = $random->bitwise_leftShift(8); + $random = $random->add(new static(Random::string(1), 256)); + $random_max = $random_max->bitwise_leftShift(8); + [$max_multiple] = $random_max->divide($max); + $max_multiple = $max_multiple->multiply($max); + } + [, $random] = $random->divide($max); + + return $random->add($min); + } + + /** + * Performs some post-processing for randomRangePrime + * + * @return static|false + */ + protected static function randomRangePrimeInner(Engine $x, Engine $min, Engine $max) + { + if (!isset(static::$two[static::class])) { + static::$two[static::class] = new static('2'); + } + + $x->make_odd(); + if ($x->compare($max) > 0) { + // if $x > $max then $max is even and if $min == $max then no prime number exists between the specified range + if ($min->equals($max)) { + return false; + } + $x = clone $min; + $x->make_odd(); + } + + $initial_x = clone $x; + + while (true) { + if ($x->isPrime()) { + return $x; + } + + $x = $x->add(static::$two[static::class]); + + if ($x->compare($max) > 0) { + $x = clone $min; + if ($x->equals(static::$two[static::class])) { + return $x; + } + $x->make_odd(); + } + + if ($x->equals($initial_x)) { + return false; + } + } + } + + /** + * Sets the $t parameter for primality testing + */ + protected function setupIsPrime(): int + { + $length = $this->getLengthInBytes(); + + // see HAC 4.49 "Note (controlling the error probability)" + // @codingStandardsIgnoreStart + if ($length >= 163) { $t = 2; } // floor(1300 / 8) + else if ($length >= 106) { $t = 3; } // floor( 850 / 8) + else if ($length >= 81 ) { $t = 4; } // floor( 650 / 8) + else if ($length >= 68 ) { $t = 5; } // floor( 550 / 8) + else if ($length >= 56 ) { $t = 6; } // floor( 450 / 8) + else if ($length >= 50 ) { $t = 7; } // floor( 400 / 8) + else if ($length >= 43 ) { $t = 8; } // floor( 350 / 8) + else if ($length >= 37 ) { $t = 9; } // floor( 300 / 8) + else if ($length >= 31 ) { $t = 12; } // floor( 250 / 8) + else if ($length >= 25 ) { $t = 15; } // floor( 200 / 8) + else if ($length >= 18 ) { $t = 18; } // floor( 150 / 8) + else { $t = 27; } + // @codingStandardsIgnoreEnd + + return $t; + } + + /** + * Tests Primality + * + * Uses the {@link http://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test Miller-Rabin primality test}. + * See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=8 HAC 4.24} for more info. + */ + protected function testPrimality(int $t): bool + { + if (!$this->testSmallPrimes()) { + return false; + } + + $n = clone $this; + $n_1 = $n->subtract(static::$one[static::class]); + $n_2 = $n->subtract(static::$two[static::class]); + + $r = clone $n_1; + $s = static::scan1divide($r); + + for ($i = 0; $i < $t; ++$i) { + $a = static::randomRange(static::$two[static::class], $n_2); + $y = $a->modPow($r, $n); + + if (!$y->equals(static::$one[static::class]) && !$y->equals($n_1)) { + for ($j = 1; $j < $s && !$y->equals($n_1); ++$j) { + $y = $y->modPow(static::$two[static::class], $n); + if ($y->equals(static::$one[static::class])) { + return false; + } + } + + if (!$y->equals($n_1)) { + return false; + } + } + } + + return true; + } + + /** + * Checks a numer to see if it's prime + * + * Assuming the $t parameter is not set, this function has an error rate of 2**-80. The main motivation for the + * $t parameter is distributability. BigInteger::randomPrime() can be distributed across multiple pageloads + * on a website instead of just one. + * + * @param int|bool $t + */ + public function isPrime($t = false): bool + { + // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is + // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is + // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest + // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on + $length = $this->getLength(); + if ($length > 8196) { + throw new \RuntimeException("Primality testing is not supported for numbers larger than 8196 bits ($length)"); + } + + if (!$t) { + $t = $this->setupIsPrime(); + } + return $this->testPrimality($t); + } + + /** + * Performs a few preliminary checks on root + */ + protected function rootHelper(int $n): Engine + { + if ($n < 1) { + return clone static::$zero[static::class]; + } // we want positive exponents + if ($this->compare(static::$one[static::class]) < 0) { + return clone static::$zero[static::class]; + } // we want positive numbers + if ($this->compare(static::$two[static::class]) < 0) { + return clone static::$one[static::class]; + } // n-th root of 1 or 2 is 1 + + return $this->rootInner($n); + } + + /** + * Calculates the nth root of a biginteger. + * + * Returns the nth root of a positive biginteger, where n defaults to 2 + * + * {@internal This function is based off of {@link http://mathforum.org/library/drmath/view/52605.html this page} and {@link http://stackoverflow.com/questions/11242920/calculating-nth-root-with-bcmath-in-php this stackoverflow question}.} + */ + protected function rootInner(int $n): Engine + { + $n = new static($n); + + // g is our guess number + $g = static::$two[static::class]; + // while (g^n < num) g=g*2 + while ($g->pow($n)->compare($this) < 0) { + $g = $g->multiply(static::$two[static::class]); + } + // if (g^n==num) num is a power of 2, we're lucky, end of job + // == 0 bccomp(bcpow($g, $n), $n->value)==0 + if ($g->pow($n)->equals($this) > 0) { + $root = $g; + return $this->normalize($root); + } + + // if we're here num wasn't a power of 2 :( + $og = $g; // og means original guess and here is our upper bound + $g = $g->divide(static::$two[static::class])[0]; // g is set to be our lower bound + $step = $og->subtract($g)->divide(static::$two[static::class])[0]; // step is the half of upper bound - lower bound + $g = $g->add($step); // we start at lower bound + step , basically in the middle of our interval + + // while step>1 + + while ($step->compare(static::$one[static::class]) == 1) { + $guess = $g->pow($n); + $step = $step->divide(static::$two[static::class])[0]; + $comp = $guess->compare($this); // compare our guess with real number + switch ($comp) { + case -1: // if guess is lower we add the new step + $g = $g->add($step); + break; + case 1: // if guess is higher we sub the new step + $g = $g->subtract($step); + break; + case 0: // if guess is exactly the num we're done, we return the value + $root = $g; + break 2; + } + } + + if ($comp == 1) { + $g = $g->subtract($step); + } + + // whatever happened, g is the closest guess we can make so return it + $root = $g; + + return $this->normalize($root); + } + + /** + * Calculates the nth root of a biginteger. + */ + public function root(int $n = 2): Engine + { + return $this->rootHelper($n); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + */ + protected static function minHelper(array $nums): Engine + { + if (count($nums) == 1) { + return $nums[0]; + } + $min = $nums[0]; + for ($i = 1; $i < count($nums); $i++) { + $min = $min->compare($nums[$i]) > 0 ? $nums[$i] : $min; + } + return $min; + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + */ + protected static function maxHelper(array $nums): Engine + { + if (count($nums) == 1) { + return $nums[0]; + } + $max = $nums[0]; + for ($i = 1; $i < count($nums); $i++) { + $max = $max->compare($nums[$i]) < 0 ? $nums[$i] : $max; + } + return $max; + } + + /** + * Create Recurring Modulo Function + * + * Sometimes it may be desirable to do repeated modulos with the same number outside of + * modular exponentiation + */ + public function createRecurringModuloFunction(): \Closure + { + $class = static::class; + + $fqengine = !method_exists(static::$modexpEngine[static::class], 'reduce') ? + '\\phpseclib3\\Math\\BigInteger\\Engines\\' . static::ENGINE_DIR . '\\DefaultEngine' : + static::$modexpEngine[static::class]; + if (method_exists($fqengine, 'generateCustomReduction')) { + $func = $fqengine::generateCustomReduction($this, static::class); + return eval('return function(' . static::class . ' $x) use ($func, $class) { + $r = new $class(); + $r->value = $func($x->value); + return $r; + };'); + } + $n = $this->value; + return eval('return function(' . static::class . ' $x) use ($n, $fqengine, $class) { + $r = new $class(); + $r->value = $fqengine::reduce($x->value, $n, $class); + return $r; + };'); + } + + /** + * Calculates the greatest common divisor and Bezout's identity. + * + * @return array{gcd: Engine, x: Engine, y: Engine} + */ + protected function extendedGCDHelper(Engine $n): array + { + $u = clone $this; + $v = clone $n; + + $one = new static(1); + $zero = new static(); + + $a = clone $one; + $b = clone $zero; + $c = clone $zero; + $d = clone $one; + + while (!$v->equals($zero)) { + [$q] = $u->divide($v); + + $temp = $u; + $u = $v; + $v = $temp->subtract($v->multiply($q)); + + $temp = $a; + $a = $c; + $c = $temp->subtract($a->multiply($q)); + + $temp = $b; + $b = $d; + $d = $temp->subtract($b->multiply($q)); + } + + return [ + 'gcd' => $u, + 'x' => $a, + 'y' => $b, + ]; + } + + /** + * Bitwise Split + * + * Splits BigInteger's into chunks of $split bits + * + * @return Engine[] + */ + public function bitwise_split(int $split): array + { + if ($split < 1) { + throw new RuntimeException('Offset must be greater than 1'); + } + + $mask = static::$one[static::class]->bitwise_leftShift($split)->subtract(static::$one[static::class]); + + $num = clone $this; + + $vals = []; + while (!$num->equals(static::$zero[static::class])) { + $vals[] = $num->bitwise_and($mask); + $num = $num->bitwise_rightShift($split); + } + + return array_reverse($vals); + } + + /** + * Logical And + */ + protected function bitwiseAndHelper(Engine $x): Engine + { + $left = $this->toBytes(true); + $right = $x->toBytes(true); + + $length = max(strlen($left), strlen($right)); + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + + return $this->normalize(new static($left & $right, -256)); + } + + /** + * Logical Or + */ + protected function bitwiseOrHelper(Engine $x): Engine + { + $left = $this->toBytes(true); + $right = $x->toBytes(true); + + $length = max(strlen($left), strlen($right)); + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + + return $this->normalize(new static($left | $right, -256)); + } + + /** + * Logical Exclusive Or + */ + protected function bitwiseXorHelper(Engine $x): Engine + { + $left = $this->toBytes(true); + $right = $x->toBytes(true); + + $length = max(strlen($left), strlen($right)); + + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + return $this->normalize(new static($left ^ $right, -256)); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/GMP.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/GMP.php new file mode 100644 index 0000000..544d20f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/GMP.php @@ -0,0 +1,591 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Exception\BadConfigurationException; + +/** + * GMP Engine. + * + * @author Jim Wigginton + */ +class GMP extends Engine +{ + /** + * Can Bitwise operations be done fast? + * + * @see parent::bitwise_leftRotate() + * @see parent::bitwise_rightRotate() + */ + public const FAST_BITWISE = true; + + /** + * Engine Directory + * + * @see parent::setModExpEngine + */ + public const ENGINE_DIR = 'GMP'; + + /** + * Test for engine validity + * + * @see parent::__construct() + */ + public static function isValidEngine(): bool + { + return extension_loaded('gmp'); + } + + /** + * Default constructor + * + * @param mixed $x integer Base-10 number or base-$base number if $base set. + * @see parent::__construct() + */ + public function __construct($x = 0, int $base = 10) + { + if (!isset(static::$isValidEngine[static::class])) { + static::$isValidEngine[static::class] = self::isValidEngine(); + } + if (!static::$isValidEngine[static::class]) { + throw new BadConfigurationException('GMP is not setup correctly on this system'); + } + + if ($x instanceof \GMP) { + $this->value = $x; + return; + } + + $this->value = gmp_init(0); + + parent::__construct($x, $base); + } + + /** + * Initialize a GMP BigInteger Engine instance + * + * @see parent::__construct() + */ + protected function initialize(int $base): void + { + switch (abs($base)) { + case 256: + $this->value = gmp_import($this->value); + if ($this->is_negative) { + $this->value = -$this->value; + } + break; + case 16: + $temp = $this->is_negative ? '-0x' . $this->value : '0x' . $this->value; + $this->value = gmp_init($temp); + break; + case 10: + $this->value = gmp_init($this->value ?? '0'); + } + } + + /** + * Converts a BigInteger to a base-10 number. + */ + public function toString(): string + { + return (string)$this->value; + } + + /** + * Converts a BigInteger to a bit string (eg. base-2). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + */ + public function toBits(bool $twos_compliment = false): string + { + $hex = $this->toHex($twos_compliment); + + $bits = gmp_strval(gmp_init($hex, 16), 2); + + if ($this->precision > 0) { + $bits = substr($bits, -$this->precision); + } + + if ($twos_compliment && $this->compare(new static()) > 0 && $this->precision <= 0) { + return '0' . $bits; + } + + return $bits; + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + */ + public function toBytes(bool $twos_compliment = false): string + { + if ($twos_compliment) { + return $this->toBytesHelper(); + } + + if (gmp_cmp($this->value, gmp_init(0)) == 0) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $temp = gmp_export($this->value); + + return $this->precision > 0 ? + substr(str_pad($temp, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) : + ltrim($temp, chr(0)); + } + + /** + * Adds two BigIntegers. + */ + public function add(GMP $y): GMP + { + $temp = new self(); + $temp->value = $this->value + $y->value; + + return $this->normalize($temp); + } + + /** + * Subtracts two BigIntegers. + */ + public function subtract(GMP $y): GMP + { + $temp = new self(); + $temp->value = $this->value - $y->value; + + return $this->normalize($temp); + } + + /** + * Multiplies two BigIntegers. + */ + public function multiply(GMP $x): GMP + { + $temp = new self(); + $temp->value = $this->value * $x->value; + + return $this->normalize($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @return array{GMP, GMP} + */ + public function divide(GMP $y): array + { + $quotient = new self(); + $remainder = new self(); + + [$quotient->value, $remainder->value] = gmp_div_qr($this->value, $y->value); + + if (gmp_sign($remainder->value) < 0) { + $remainder->value = $remainder->value + gmp_abs($y->value); + } + + return [$this->normalize($quotient), $this->normalize($remainder)]; + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this + * is demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(GMP $y): int + { + $r = gmp_cmp($this->value, $y->value); + if ($r < -1) { + $r = -1; + } + if ($r > 1) { + $r = 1; + } + return $r; + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + */ + public function equals(GMP $x): bool + { + return $this->value == $x->value; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * @return false|GMP + */ + public function modInverse(GMP $n) + { + $temp = new self(); + $temp->value = gmp_invert($this->value, $n->value); + + return $temp->value === false ? false : $this->normalize($temp); + } + + /** + * Calculates the greatest common divisor and Bezout's identity. + * + * Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that + * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which + * combination is returned is dependent upon which mode is in use. See + * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information. + * + * @return GMP[] + */ + public function extendedGCD(GMP $n): array + { + extract(gmp_gcdext($this->value, $n->value)); + + return [ + 'gcd' => $this->normalize(new self($g)), + 'x' => $this->normalize(new self($s)), + 'y' => $this->normalize(new self($t)), + ]; + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + */ + public function gcd(GMP $n): GMP + { + $r = gmp_gcd($this->value, $n->value); + return $this->normalize(new self($r)); + } + + /** + * Absolute value. + */ + public function abs(): GMP + { + $temp = new self(); + $temp->value = gmp_abs($this->value); + + return $temp; + } + + /** + * Logical And + */ + public function bitwise_and(GMP $x): GMP + { + $temp = new self(); + $temp->value = $this->value & $x->value; + + return $this->normalize($temp); + } + + /** + * Logical Or + */ + public function bitwise_or(GMP $x): GMP + { + $temp = new self(); + $temp->value = $this->value | $x->value; + + return $this->normalize($temp); + } + + /** + * Logical Exclusive Or + */ + public function bitwise_xor(GMP $x): GMP + { + $temp = new self(); + $temp->value = $this->value ^ $x->value; + + return $this->normalize($temp); + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + */ + public function bitwise_rightShift(int $shift): GMP + { + // 0xFFFFFFFF >> 2 == -1 (on 32-bit systems) + // gmp_init('0xFFFFFFFF') >> 2 == gmp_init('0x3FFFFFFF') + + $temp = new self(); + $temp->value = $this->value >> $shift; + + return $this->normalize($temp); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + */ + public function bitwise_leftShift(int $shift): GMP + { + $temp = new self(); + $temp->value = $this->value << $shift; + + return $this->normalize($temp); + } + + /** + * Performs modular exponentiation. + */ + public function modPow(GMP $e, GMP $n): GMP + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + */ + public function powMod(GMP $e, GMP $n): GMP + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + */ + protected function powModInner(GMP $e, GMP $n): GMP + { + $class = static::$modexpEngine[static::class]; + return $class::powModHelper($this, $e, $n); + } + + /** + * Normalize + * + * Removes leading zeros and truncates (if necessary) to maintain the appropriate precision + */ + protected function normalize(GMP $result): GMP + { + $result->precision = $this->precision; + $result->bitmask = $this->bitmask; + + if ($result->bitmask !== false) { + $flip = $result->value < 0; + if ($flip) { + $result->value = -$result->value; + } + $result->value = $result->value & $result->bitmask->value; + if ($flip) { + $result->value = -$result->value; + } + } + + return $result; + } + + /** + * Performs some post-processing for randomRangePrime + * + * @return GMP + */ + protected static function randomRangePrimeInner(Engine $x, Engine $min, Engine $max) + { + $p = gmp_nextprime($x->value); + + if ($p <= $max->value) { + return new self($p); + } + + if ($min->value != $x->value) { + $x = new self($x->value - 1); + } + + return self::randomRangePrime($min, $x); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @return false|GMP + */ + public static function randomRangePrime(GMP $min, GMP $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + */ + public static function randomRange(GMP $min, GMP $max): GMP + { + return self::randomRangeHelper($min, $max); + } + + /** + * Make the current number odd + * + * If the current number is odd it'll be unchanged. If it's even, one will be added to it. + * + * @see self::randomPrime() + */ + protected function make_odd(): void + { + gmp_setbit($this->value, 0); + } + + /** + * Tests Primality + */ + protected function testPrimality(int $t): bool + { + return gmp_prob_prime($this->value, $t) != 0; + } + + /** + * Calculates the nth root of a biginteger. + * + * Returns the nth root of a positive biginteger, where n defaults to 2 + */ + protected function rootInner(int $n): GMP + { + $root = new self(); + $root->value = gmp_root($this->value, $n); + return $this->normalize($root); + } + + /** + * Performs exponentiation. + */ + public function pow(GMP $n): GMP + { + $temp = new self(); + $temp->value = $this->value ** $n->value; + + return $this->normalize($temp); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + */ + public static function min(GMP ...$nums): GMP + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + */ + public static function max(GMP ...$nums): GMP + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + */ + public function between(GMP $min, GMP $max): bool + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } + + /** + * Create Recurring Modulo Function + * + * Sometimes it may be desirable to do repeated modulos with the same number outside of + * modular exponentiation + */ + public function createRecurringModuloFunction(): \Closure + { + $temp = $this->value; + return fn (GMP $x) => new GMP($x->value % $temp); + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + */ + public static function scan1divide(GMP $r): int + { + $s = gmp_scan1($r->value, 0); + $r->value >>= $s; + return $s; + } + + /** + * Is Odd? + */ + public function isOdd(): bool + { + return gmp_testbit($this->value, 0); + } + + /** + * Tests if a bit is set + */ + public function testBit($x): bool + { + return gmp_testbit($this->value, $x); + } + + /** + * Is Negative? + */ + public function isNegative(): bool + { + return gmp_sign($this->value) == -1; + } + + /** + * Negate + * + * Given $k, returns -$k + */ + public function negate(): GMP + { + $temp = clone $this; + $temp->value = -$this->value; + + return $temp; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/GMP/DefaultEngine.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/GMP/DefaultEngine.php new file mode 100644 index 0000000..f879413 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/GMP/DefaultEngine.php @@ -0,0 +1,37 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\GMP; + +use phpseclib3\Math\BigInteger\Engines\GMP; + +/** + * GMP Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class DefaultEngine extends GMP +{ + /** + * Performs modular exponentiation. + */ + protected static function powModHelper(GMP $x, GMP $e, GMP $n): GMP + { + $temp = new GMP(); + $temp->value = gmp_powm($x->value, $e->value, $n->value); + + return $x->normalize($temp); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/OpenSSL.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/OpenSSL.php new file mode 100644 index 0000000..14509b5 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/OpenSSL.php @@ -0,0 +1,65 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Crypt\RSA\Formats\Keys\PKCS8; +use phpseclib3\Exception\OutOfRangeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; + +/** + * OpenSSL Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class OpenSSL +{ + /** + * Test for engine validity + */ + public static function isValidEngine(): bool + { + return extension_loaded('openssl') && static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + */ + public static function powModHelper(Engine $x, Engine $e, Engine $n): Engine + { + if ($n->getLengthInBytes() < 31 || $n->getLengthInBytes() > 16384) { + throw new OutOfRangeException('Only modulo between 31 and 16384 bits are accepted'); + } + + $key = PKCS8::savePublicKey( + new BigInteger($n), + new BigInteger($e) + ); + + $plaintext = str_pad($x->toBytes(), $n->getLengthInBytes(), "\0", STR_PAD_LEFT); + + // this is easily prone to failure. if the modulo is a multiple of 2 or 3 or whatever it + // won't work and you'll get a "failure: error:0906D06C:PEM routines:PEM_read_bio:no start line" + // error. i suppose, for even numbers, we could do what PHP\Montgomery.php does, but then what + // about odd numbers divisible by 3, by 5, etc? + if (!openssl_public_encrypt($plaintext, $result, $key, OPENSSL_NO_PADDING)) { + throw new UnexpectedValueException(openssl_error_string()); + } + + $class = $x::class; + return new $class($result, 256); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP.php new file mode 100644 index 0000000..2d3aff1 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP.php @@ -0,0 +1,1265 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\RuntimeException; + +/** + * Pure-PHP Engine. + * + * @author Jim Wigginton + */ +abstract class PHP extends Engine +{ + /**#@+ + * Array constants + * + * Rather than create a thousands and thousands of new BigInteger objects in repeated function calls to add() and + * multiply() or whatever, we'll just work directly on arrays, taking them in as parameters and returning them. + * + */ + /** + * $result[self::VALUE] contains the value. + */ + public const VALUE = 0; + /** + * $result[self::SIGN] contains the sign. + */ + public const SIGN = 1; + /**#@-*/ + + /** + * Karatsuba Cutoff + * + * At what point do we switch between Karatsuba multiplication and schoolbook long multiplication? + */ + public const KARATSUBA_CUTOFF = 25; + + /** + * Can Bitwise operations be done fast? + * + * @see parent::bitwise_leftRotate() + * @see parent::bitwise_rightRotate() + */ + public const FAST_BITWISE = true; + + /** + * Engine Directory + * + * @see parent::setModExpEngine + */ + public const ENGINE_DIR = 'PHP'; + + /** + * Default constructor + * + * @param mixed $x integer Base-10 number or base-$base number if $base set. + * @return PHP + * @see parent::__construct() + */ + public function __construct($x = 0, int $base = 10) + { + if (!isset(static::$isValidEngine[static::class])) { + static::$isValidEngine[static::class] = static::isValidEngine(); + } + if (!static::$isValidEngine[static::class]) { + throw new BadConfigurationException(static::class . ' is not setup correctly on this system'); + } + + $this->value = []; + parent::__construct($x, $base); + } + + /** + * Initialize a PHP BigInteger Engine instance + * + * @see parent::__construct() + */ + protected function initialize(int $base): void + { + switch (abs($base)) { + case 16: + $x = (strlen($this->value) & 1) ? '0' . $this->value : $this->value; + $temp = new static(Strings::hex2bin($x), 256); + $this->value = $temp->value; + break; + case 10: + $temp = new static(); + + $multiplier = new static(); + $multiplier->value = [static::MAX10]; + + $x = $this->value; + + if ($x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = str_pad( + $x, + strlen($x) + ((static::MAX10LEN - 1) * strlen($x)) % static::MAX10LEN, + '0', + STR_PAD_LEFT + ); + while (strlen($x)) { + $temp = $temp->multiply($multiplier); + $temp = $temp->add(new static($this->int2bytes((int) substr($x, 0, static::MAX10LEN)), 256)); + $x = substr($x, static::MAX10LEN); + } + + $this->value = $temp->value; + } + } + + /** + * Pads strings so that unpack may be used on them + */ + protected function pad(string $str): string + { + $length = strlen($str); + + $pad = 4 - (strlen($str) % 4); + + return str_pad($str, $length + $pad, "\0", STR_PAD_LEFT); + } + + /** + * Converts a BigInteger to a base-10 number. + */ + public function toString(): string + { + if (!count($this->value)) { + return '0'; + } + + $temp = clone $this; + $temp->bitmask = false; + $temp->is_negative = false; + + $divisor = new static(); + $divisor->value = [static::MAX10]; + $result = ''; + while (count($temp->value)) { + [$temp, $mod] = $temp->divide($divisor); + $result = str_pad( + (string) $mod->value[0] ?? '', + static::MAX10LEN, + '0', + STR_PAD_LEFT + ) . $result; + } + $result = ltrim($result, '0'); + if (empty($result)) { + $result = '0'; + } + + if ($this->is_negative) { + $result = '-' . $result; + } + + return $result; + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + */ + public function toBytes(bool $twos_compliment = false): string + { + if ($twos_compliment) { + return $this->toBytesHelper(); + } + + if (!count($this->value)) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $result = $this->bitwise_small_split(8); + $result = implode('', array_map('chr', $result)); + + return $this->precision > 0 ? + str_pad( + substr($result, -(($this->precision + 7) >> 3)), + ($this->precision + 7) >> 3, + chr(0), + STR_PAD_LEFT + ) : + $result; + } + + /** + * Performs addition. + */ + protected static function addHelper(array $x_value, bool $x_negative, array $y_value, bool $y_negative): array + { + $x_size = count($x_value); + $y_size = count($y_value); + + if ($x_size == 0) { + return [ + self::VALUE => $y_value, + self::SIGN => $y_negative, + ]; + } elseif ($y_size == 0) { + return [ + self::VALUE => $x_value, + self::SIGN => $x_negative, + ]; + } + + // subtract, if appropriate + if ($x_negative != $y_negative) { + if ($x_value == $y_value) { + return [ + self::VALUE => [], + self::SIGN => false, + ]; + } + + $temp = self::subtractHelper($x_value, false, $y_value, false); + $temp[self::SIGN] = self::compareHelper($x_value, false, $y_value, false) > 0 ? + $x_negative : $y_negative; + + return $temp; + } + + if ($x_size < $y_size) { + $size = $x_size; + $value = $y_value; + } else { + $size = $y_size; + $value = $x_value; + } + + $value[count($value)] = 0; // just in case the carry adds an extra digit + + $carry = 0; + for ($i = 0, $j = 1; $j < $size; $i += 2, $j += 2) { + //$sum = $x_value[$j] * static::BASE_FULL + $x_value[$i] + $y_value[$j] * static::BASE_FULL + $y_value[$i] + $carry; + $sum = ($x_value[$j] + $y_value[$j]) * static::BASE_FULL + $x_value[$i] + $y_value[$i] + $carry; + $carry = $sum >= static::MAX_DIGIT2; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1 + $sum = $carry ? $sum - static::MAX_DIGIT2 : $sum; + + $temp = static::BASE === 26 ? intval($sum / 0x4000000) : ($sum >> 31); + + $value[$i] = (int)($sum - static::BASE_FULL * $temp); // eg. a faster alternative to fmod($sum, 0x4000000) + $value[$j] = $temp; + } + + if ($j == $size) { // ie. if $y_size is odd + $sum = $x_value[$i] + $y_value[$i] + $carry; + $carry = $sum >= static::BASE_FULL; + $value[$i] = $carry ? $sum - static::BASE_FULL : $sum; + ++$i; // ie. let $i = $j since we've just done $value[$i] + } + + if ($carry) { + for (; $value[$i] == static::MAX_DIGIT; ++$i) { + $value[$i] = 0; + } + ++$value[$i]; + } + + return [ + self::VALUE => self::trim($value), + self::SIGN => $x_negative, + ]; + } + + /** + * Performs subtraction. + */ + public static function subtractHelper(array $x_value, bool $x_negative, array $y_value, bool $y_negative): array + { + $x_size = count($x_value); + $y_size = count($y_value); + + if ($x_size == 0) { + return [ + self::VALUE => $y_value, + self::SIGN => !$y_negative, + ]; + } elseif ($y_size == 0) { + return [ + self::VALUE => $x_value, + self::SIGN => $x_negative, + ]; + } + + // add, if appropriate (ie. -$x - +$y or +$x - -$y) + if ($x_negative != $y_negative) { + $temp = self::addHelper($x_value, false, $y_value, false); + $temp[self::SIGN] = $x_negative; + + return $temp; + } + + $diff = self::compareHelper($x_value, $x_negative, $y_value, $y_negative); + + if (!$diff) { + return [ + self::VALUE => [], + self::SIGN => false, + ]; + } + + // switch $x and $y around, if appropriate. + if ((!$x_negative && $diff < 0) || ($x_negative && $diff > 0)) { + $temp = $x_value; + $x_value = $y_value; + $y_value = $temp; + + $x_negative = !$x_negative; + + $x_size = count($x_value); + $y_size = count($y_value); + } + + // at this point, $x_value should be at least as big as - if not bigger than - $y_value + + $carry = 0; + for ($i = 0, $j = 1; $j < $y_size; $i += 2, $j += 2) { + $sum = ($x_value[$j] - $y_value[$j]) * static::BASE_FULL + $x_value[$i] - $y_value[$i] - $carry; + + $carry = $sum < 0; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1 + $sum = $carry ? $sum + static::MAX_DIGIT2 : $sum; + + $temp = static::BASE === 26 ? intval($sum / 0x4000000) : ($sum >> 31); + + $x_value[$i] = (int)($sum - static::BASE_FULL * $temp); + $x_value[$j] = $temp; + } + + if ($j == $y_size) { // ie. if $y_size is odd + $sum = $x_value[$i] - $y_value[$i] - $carry; + $carry = $sum < 0; + $x_value[$i] = $carry ? $sum + static::BASE_FULL : $sum; + ++$i; + } + + if ($carry) { + for (; !$x_value[$i]; ++$i) { + $x_value[$i] = static::MAX_DIGIT; + } + --$x_value[$i]; + } + + return [ + self::VALUE => self::trim($x_value), + self::SIGN => $x_negative, + ]; + } + + /** + * Performs multiplication. + */ + protected static function multiplyHelper(array $x_value, bool $x_negative, array $y_value, bool $y_negative): array + { + //if ( $x_value == $y_value ) { + // return [ + // self::VALUE => self::square($x_value), + // self::SIGN => $x_sign != $y_value + // ]; + //} + + $x_length = count($x_value); + $y_length = count($y_value); + + if (!$x_length || !$y_length) { // a 0 is being multiplied + return [ + self::VALUE => [], + self::SIGN => false, + ]; + } + + return [ + self::VALUE => min($x_length, $y_length) < 2 * self::KARATSUBA_CUTOFF ? + self::trim(self::regularMultiply($x_value, $y_value)) : + self::trim(self::karatsuba($x_value, $y_value)), + self::SIGN => $x_negative != $y_negative, + ]; + } + + /** + * Performs Karatsuba multiplication on two BigIntegers + * + * See {@link http://en.wikipedia.org/wiki/Karatsuba_algorithm Karatsuba algorithm} and + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=120 MPM 5.2.3}. + */ + private static function karatsuba(array $x_value, array $y_value): array + { + $m = min(count($x_value) >> 1, count($y_value) >> 1); + + if ($m < self::KARATSUBA_CUTOFF) { + return self::regularMultiply($x_value, $y_value); + } + + $x1 = array_slice($x_value, $m); + $x0 = array_slice($x_value, 0, $m); + $y1 = array_slice($y_value, $m); + $y0 = array_slice($y_value, 0, $m); + + $z2 = self::karatsuba($x1, $y1); + $z0 = self::karatsuba($x0, $y0); + + $z1 = self::addHelper($x1, false, $x0, false); + $temp = self::addHelper($y1, false, $y0, false); + $z1 = self::karatsuba($z1[self::VALUE], $temp[self::VALUE]); + $temp = self::addHelper($z2, false, $z0, false); + $z1 = self::subtractHelper($z1, false, $temp[self::VALUE], false); + + $z2 = array_merge(array_fill(0, 2 * $m, 0), $z2); + $z1[self::VALUE] = array_merge(array_fill(0, $m, 0), $z1[self::VALUE]); + + $xy = self::addHelper($z2, false, $z1[self::VALUE], $z1[self::SIGN]); + $xy = self::addHelper($xy[self::VALUE], $xy[self::SIGN], $z0, false); + + return $xy[self::VALUE]; + } + + /** + * Performs long multiplication on two BigIntegers + * + * Modeled after 'multiply' in MutableBigInteger.java. + */ + protected static function regularMultiply(array $x_value, array $y_value): array + { + $x_length = count($x_value); + $y_length = count($y_value); + + if (!$x_length || !$y_length) { // a 0 is being multiplied + return []; + } + + $product_value = self::array_repeat(0, $x_length + $y_length); + + // the following for loop could be removed if the for loop following it + // (the one with nested for loops) initially set $i to 0, but + // doing so would also make the result in one set of unnecessary adds, + // since on the outermost loops first pass, $product->value[$k] is going + // to always be 0 + + $carry = 0; + for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0 + $temp = $x_value[$j] * $y_value[0] + $carry; // $product_value[$k] == 0 + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$j] = (int)($temp - static::BASE_FULL * $carry); + } + + $product_value[$j] = $carry; + + // the above for loop is what the previous comment was talking about. the + // following for loop is the "one with nested for loops" + for ($i = 1; $i < $y_length; ++$i) { + $carry = 0; + + for ($j = 0, $k = $i; $j < $x_length; ++$j, ++$k) { + $temp = $product_value[$k] + $x_value[$j] * $y_value[$i] + $carry; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$k] = (int)($temp - static::BASE_FULL * $carry); + } + + $product_value[$k] = $carry; + } + + return $product_value; + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @return array{static, static} + * @internal This function is based off of + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=9 HAC 14.20}. + */ + protected function divideHelper(PHP $y): array + { + if (count($y->value) == 1) { + [$q, $r] = $this->divide_digit($this->value, $y->value[0]); + $quotient = new static(); + $remainder = new static(); + $quotient->value = $q; + $remainder->value = [$r]; + $quotient->is_negative = $this->is_negative != $y->is_negative; + return [$this->normalize($quotient), $this->normalize($remainder)]; + } + + $x = clone $this; + $y = clone $y; + + $x_sign = $x->is_negative; + $y_sign = $y->is_negative; + + $x->is_negative = $y->is_negative = false; + + $diff = $x->compare($y); + + if (!$diff) { + $temp = new static(); + $temp->value = [1]; + $temp->is_negative = $x_sign != $y_sign; + return [$this->normalize($temp), $this->normalize(static::$zero[static::class])]; + } + + if ($diff < 0) { + // if $x is negative, "add" $y. + if ($x_sign) { + $x = $y->subtract($x); + } + return [$this->normalize(static::$zero[static::class]), $this->normalize($x)]; + } + + // normalize $x and $y as described in HAC 14.23 / 14.24 + $msb = $y->value[count($y->value) - 1]; + for ($shift = 0; !($msb & static::MSB); ++$shift) { + $msb <<= 1; + } + $x->lshift($shift); + $y->lshift($shift); + $y_value = &$y->value; + + $x_max = count($x->value) - 1; + $y_max = count($y->value) - 1; + + $quotient = new static(); + $quotient_value = &$quotient->value; + $quotient_value = self::array_repeat(0, $x_max - $y_max + 1); + + static $temp, $lhs, $rhs; + if (!isset($temp)) { + $temp = new static(); + $lhs = new static(); + $rhs = new static(); + } + if (static::class != $temp::class) { + $temp = new static(); + $lhs = new static(); + $rhs = new static(); + } + $temp_value = &$temp->value; + $rhs_value = &$rhs->value; + + // $temp = $y << ($x_max - $y_max-1) in base 2**26 + $temp_value = array_merge(self::array_repeat(0, $x_max - $y_max), $y_value); + + while ($x->compare($temp) >= 0) { + // calculate the "common residue" + ++$quotient_value[$x_max - $y_max]; + $x = $x->subtract($temp); + $x_max = count($x->value) - 1; + } + + for ($i = $x_max; $i >= $y_max + 1; --$i) { + $x_value = &$x->value; + $x_window = [ + $x_value[$i] ?? 0, + $x_value[$i - 1] ?? 0, + $x_value[$i - 2] ?? 0, + ]; + $y_window = [ + $y_value[$y_max], + ($y_max > 0) ? $y_value[$y_max - 1] : 0, + ]; + + $q_index = $i - $y_max - 1; + if ($x_window[0] == $y_window[0]) { + $quotient_value[$q_index] = static::MAX_DIGIT; + } else { + $quotient_value[$q_index] = self::safe_divide( + $x_window[0] * static::BASE_FULL + $x_window[1], + $y_window[0] + ); + } + + $temp_value = [$y_window[1], $y_window[0]]; + + $lhs->value = [$quotient_value[$q_index]]; + $lhs = $lhs->multiply($temp); + + $rhs_value = [$x_window[2], $x_window[1], $x_window[0]]; + + while ($lhs->compare($rhs) > 0) { + --$quotient_value[$q_index]; + + $lhs->value = [$quotient_value[$q_index]]; + $lhs = $lhs->multiply($temp); + } + + $adjust = self::array_repeat(0, $q_index); + $temp_value = [$quotient_value[$q_index]]; + $temp = $temp->multiply($y); + $temp_value = &$temp->value; + if (count($temp_value)) { + $temp_value = array_merge($adjust, $temp_value); + } + + $x = $x->subtract($temp); + + if ($x->compare(static::$zero[static::class]) < 0) { + $temp_value = array_merge($adjust, $y_value); + $x = $x->add($temp); + + --$quotient_value[$q_index]; + } + + $x_max = count($x_value) - 1; + } + + // unnormalize the remainder + $x->rshift($shift); + + $quotient->is_negative = $x_sign != $y_sign; + + // calculate the "common residue", if appropriate + if ($x_sign) { + $y->rshift($shift); + $x = $y->subtract($x); + } + + return [$this->normalize($quotient), $this->normalize($x)]; + } + + /** + * Divides a BigInteger by a regular integer + * + * abc / x = a00 / x + b0 / x + c / x + */ + private static function divide_digit(array $dividend, int $divisor): array + { + $carry = 0; + $result = []; + + for ($i = count($dividend) - 1; $i >= 0; --$i) { + $temp = static::BASE_FULL * $carry + (int) $dividend[$i]; + $result[$i] = self::safe_divide($temp, $divisor); + $carry = (int)($temp - $divisor * $result[$i]); + } + + return [$result, $carry]; + } + + /** + * Single digit division + * + * Even if int64 is being used the division operator will return a float64 value + * if the dividend is not evenly divisible by the divisor. Since a float64 doesn't + * have the precision of int64 this is a problem so, when int64 is being used, + * we'll guarantee that the dividend is divisible by first subtracting the remainder. + */ + private static function safe_divide(int $x, int $y): int + { + if (static::BASE === 26) { + return (int)($x / $y); + } + + // static::BASE === 31 + /** @var int */ + return ($x - ($x % $y)) / $y; + } + + /** + * Convert an array / boolean to a PHP BigInteger object + * + * @return static + */ + protected function convertToObj(array $arr): PHP + { + $result = new static(); + $result->value = $arr[self::VALUE]; + $result->is_negative = $arr[self::SIGN]; + + return $this->normalize($result); + } + + /** + * Normalize + * + * Removes leading zeros and truncates (if necessary) to maintain the appropriate precision + * + * @return static + */ + protected function normalize(PHP $result): PHP + { + $result->precision = $this->precision; + $result->bitmask = $this->bitmask; + + $value = &$result->value; + + if (!count($value)) { + $result->is_negative = false; + return $result; + } + + $value = static::trim($value); + + if (!empty($result->bitmask->value)) { + $length = min(count($value), count($result->bitmask->value)); + $value = array_slice($value, 0, $length); + + for ($i = 0; $i < $length; ++$i) { + $value[$i] = $value[$i] & $result->bitmask->value[$i]; + } + + $value = static::trim($value); + } + + return $result; + } + + /** + * Compares two numbers. + * + * @see static::compare() + */ + protected static function compareHelper(array $x_value, bool $x_negative, array $y_value, bool $y_negative): int + { + if ($x_negative != $y_negative) { + return (!$x_negative && $y_negative) ? 1 : -1; + } + + $result = $x_negative ? -1 : 1; + + if (count($x_value) != count($y_value)) { + return (count($x_value) > count($y_value)) ? $result : -$result; + } + $size = max(count($x_value), count($y_value)); + + $x_value = array_pad($x_value, $size, 0); + $y_value = array_pad($y_value, $size, 0); + + for ($i = count($x_value) - 1; $i >= 0; --$i) { + if ($x_value[$i] != $y_value[$i]) { + return ($x_value[$i] > $y_value[$i]) ? $result : -$result; + } + } + + return 0; + } + + /** + * Absolute value. + */ + public function abs(): PHP + { + $temp = new static(); + $temp->value = $this->value; + + return $temp; + } + + /** + * Trim + * + * Removes leading zeros + * + * @param list $value + * @return list + */ + protected static function trim(array $value): array + { + for ($i = count($value) - 1; $i >= 0; --$i) { + if ($value[$i]) { + break; + } + unset($value[$i]); + } + + return $value; + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + */ + public function bitwise_rightShift(int $shift): PHP + { + $temp = new static(); + + // could just replace lshift with this, but then all lshift() calls would need to be rewritten + // and I don't want to do that... + $temp->value = $this->value; + $temp->rshift($shift); + + return $this->normalize($temp); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + */ + public function bitwise_leftShift(int $shift): PHP + { + $temp = new static(); + // could just replace _rshift with this, but then all _lshift() calls would need to be rewritten + // and I don't want to do that... + $temp->value = $this->value; + $temp->lshift($shift); + + return $this->normalize($temp); + } + + /** + * Converts 32-bit integers to bytes. + */ + private static function int2bytes(int $x): string + { + return ltrim(pack('N', $x), chr(0)); + } + + /** + * Array Repeat + */ + protected static function array_repeat(int $input, int $multiplier): array + { + return $multiplier ? array_fill(0, $multiplier, $input) : []; + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits. + */ + protected function lshift(int $shift): void + { + if ($shift == 0) { + return; + } + + $num_digits = (int)($shift / static::BASE); + $shift %= static::BASE; + $shift = 1 << $shift; + + $carry = 0; + + for ($i = 0; $i < count($this->value); ++$i) { + $temp = $this->value[$i] * $shift + $carry; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $this->value[$i] = (int)($temp - $carry * static::BASE_FULL); + } + + if ($carry) { + $this->value[count($this->value)] = $carry; + } + + while ($num_digits--) { + array_unshift($this->value, 0); + } + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits. + */ + protected function rshift(int $shift): void + { + if ($shift == 0) { + return; + } + + $num_digits = (int)($shift / static::BASE); + $shift %= static::BASE; + $carry_shift = static::BASE - $shift; + $carry_mask = (1 << $shift) - 1; + + if ($num_digits) { + $this->value = array_slice($this->value, $num_digits); + } + + $carry = 0; + + for ($i = count($this->value) - 1; $i >= 0; --$i) { + $temp = $this->value[$i] >> $shift | $carry; + $carry = ($this->value[$i] & $carry_mask) << $carry_shift; + $this->value[$i] = $temp; + } + + $this->value = static::trim($this->value); + } + + /** + * Performs modular exponentiation. + */ + protected function powModInner(PHP $e, PHP $n): PHP + { + try { + $class = static::$modexpEngine[static::class]; + return $class::powModHelper($this, $e, $n, static::class); + } catch (\Exception $err) { + return PHP\DefaultEngine::powModHelper($this, $e, $n, static::class); + } + } + + /** + * Performs squaring + * + * @param list $x + * @return list + */ + protected static function square(array $x): array + { + return count($x) < 2 * self::KARATSUBA_CUTOFF ? + self::trim(self::baseSquare($x)) : + self::trim(self::karatsubaSquare($x)); + } + + /** + * Performs traditional squaring on two BigIntegers + * + * Squaring can be done faster than multiplying a number by itself can be. See + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=7 HAC 14.2.4} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=141 MPM 5.3} for more information. + */ + protected static function baseSquare(array $value): array + { + if (empty($value)) { + return []; + } + $square_value = self::array_repeat(0, 2 * count($value)); + + for ($i = 0, $max_index = count($value) - 1; $i <= $max_index; ++$i) { + $i2 = $i << 1; + + $temp = $square_value[$i2] + $value[$i] * $value[$i]; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $square_value[$i2] = (int)($temp - static::BASE_FULL * $carry); + + // note how we start from $i+1 instead of 0 as we do in multiplication. + for ($j = $i + 1, $k = $i2 + 1; $j <= $max_index; ++$j, ++$k) { + $temp = $square_value[$k] + 2 * $value[$j] * $value[$i] + $carry; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $square_value[$k] = (int)($temp - static::BASE_FULL * $carry); + } + + // the following line can yield values larger 2**15. at this point, PHP should switch + // over to floats. + $square_value[$i + $max_index + 1] = $carry; + } + + return $square_value; + } + + /** + * Performs Karatsuba "squaring" on two BigIntegers + * + * See {@link http://en.wikipedia.org/wiki/Karatsuba_algorithm Karatsuba algorithm} and + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=151 MPM 5.3.4}. + */ + protected static function karatsubaSquare(array $value): array + { + $m = count($value) >> 1; + + if ($m < self::KARATSUBA_CUTOFF) { + return self::baseSquare($value); + } + + $x1 = array_slice($value, $m); + $x0 = array_slice($value, 0, $m); + + $z2 = self::karatsubaSquare($x1); + $z0 = self::karatsubaSquare($x0); + + $z1 = self::addHelper($x1, false, $x0, false); + $z1 = self::karatsubaSquare($z1[self::VALUE]); + $temp = self::addHelper($z2, false, $z0, false); + $z1 = self::subtractHelper($z1, false, $temp[self::VALUE], false); + + $z2 = array_merge(array_fill(0, 2 * $m, 0), $z2); + $z1[self::VALUE] = array_merge(array_fill(0, $m, 0), $z1[self::VALUE]); + + $xx = self::addHelper($z2, false, $z1[self::VALUE], $z1[self::SIGN]); + $xx = self::addHelper($xx[self::VALUE], $xx[self::SIGN], $z0, false); + + return $xx[self::VALUE]; + } + + /** + * Make the current number odd + * + * If the current number is odd it'll be unchanged. If it's even, one will be added to it. + * + * @see self::randomPrime() + */ + protected function make_odd(): void + { + $this->value[0] |= 1; + } + + /** + * Test the number against small primes. + * + * @see self::isPrime() + */ + protected function testSmallPrimes(): bool + { + if ($this->value == [1]) { + return false; + } + if ($this->value == [2]) { + return true; + } + if (~$this->value[0] & 1) { + return false; + } + + $value = $this->value; + foreach (static::PRIMES as $prime) { + [, $r] = self::divide_digit($value, $prime); + if (!$r) { + return count($value) == 1 && $value[0] == $prime; + } + } + + return true; + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + * + * @return int + * @see self::isPrime() + */ + public static function scan1divide(PHP $r) + { + $r_value = &$r->value; + for ($i = 0, $r_length = count($r_value); $i < $r_length; ++$i) { + $temp = ~$r_value[$i] & static::MAX_DIGIT; + for ($j = 1; ($temp >> $j) & 1; ++$j) { + } + if ($j <= static::BASE) { + break; + } + } + $s = static::BASE * $i + $j; + $r->rshift($s); + return $s; + } + + /** + * Performs exponentiation. + */ + protected function powHelper(PHP $n): PHP + { + if ($n->compare(static::$zero[static::class]) == 0) { + return new static(1); + } // n^0 = 1 + + $temp = clone $this; + while (!$n->equals(static::$one[static::class])) { + $temp = $temp->multiply($this); + $n = $n->subtract(static::$one[static::class]); + } + + return $temp; + } + + /** + * Is Odd? + */ + public function isOdd(): bool + { + return (bool)($this->value[0] & 1); + } + + /** + * Tests if a bit is set + */ + public function testBit($x): bool + { + $digit = (int) floor($x / static::BASE); + $bit = $x % static::BASE; + + if (!isset($this->value[$digit])) { + return false; + } + + return (bool)($this->value[$digit] & (1 << $bit)); + } + + /** + * Is Negative? + */ + public function isNegative(): bool + { + return $this->is_negative; + } + + /** + * Negate + * + * Given $k, returns -$k + * + * @return static + */ + public function negate(): PHP + { + $temp = clone $this; + $temp->is_negative = !$temp->is_negative; + + return $temp; + } + + /** + * Bitwise Split + * + * Splits BigInteger's into chunks of $split bits + * + * @return list + */ + public function bitwise_split(int $split): array + { + if ($split < 1) { + throw new RuntimeException('Offset must be greater than 1'); + } + + $width = (int)($split / static::BASE); + if (!$width) { + $arr = $this->bitwise_small_split($split); + return array_map(function ($digit) { + $temp = new static(); + $temp->value = $digit != 0 ? [$digit] : []; + return $temp; + }, $arr); + } + + $vals = []; + $val = $this->value; + + $i = $overflow = 0; + $len = count($val); + while ($i < $len) { + $digit = []; + if (!$overflow) { + $digit = array_slice($val, $i, $width); + $i += $width; + $overflow = $split % static::BASE; + if ($overflow) { + $mask = (1 << $overflow) - 1; + $temp = $val[$i] ?? 0; + $digit[] = $temp & $mask; + } + } else { + $remaining = static::BASE - $overflow; + $tempsplit = $split - $remaining; + $tempwidth = (int)($tempsplit / static::BASE + 1); + $digit = array_slice($val, $i, $tempwidth); + $i += $tempwidth; + $tempoverflow = $tempsplit % static::BASE; + if ($tempoverflow) { + $tempmask = (1 << $tempoverflow) - 1; + $temp = $val[$i] ?? 0; + $digit[] = $temp & $tempmask; + } + $newbits = 0; + for ($j = count($digit) - 1; $j >= 0; $j--) { + $temp = $digit[$j] & $mask; + $digit[$j] = ($digit[$j] >> $overflow) | ($newbits << $remaining); + $newbits = $temp; + } + $overflow = $tempoverflow; + $mask = $tempmask; + } + $temp = new static(); + $temp->value = static::trim($digit); + $vals[] = $temp; + } + + return array_reverse($vals); + } + + /** + * Bitwise Split where $split < static::BASE + * + * @return list + */ + private function bitwise_small_split(int $split): array + { + $vals = []; + $val = $this->value; + + $mask = (1 << $split) - 1; + + $i = $overflow = 0; + $len = count($val); + $val[] = 0; + $remaining = static::BASE; + while ($i != $len) { + $digit = $val[$i] & $mask; + $val[$i] >>= $split; + if (!$overflow) { + $remaining -= $split; + $overflow = $split <= $remaining ? 0 : $split - $remaining; + + if (!$remaining) { + $i++; + $remaining = static::BASE; + $overflow = 0; + } + } elseif (++$i != $len) { + $tempmask = (1 << $overflow) - 1; + $digit |= ($val[$i] & $tempmask) << $remaining; + $val[$i] >>= $overflow; + $remaining = static::BASE - $overflow; + $overflow = $split <= $remaining ? 0 : $split - $remaining; + } + + $vals[] = $digit; + } + + while ($vals[count($vals) - 1] == 0) { + unset($vals[count($vals) - 1]); + } + + return array_reverse($vals); + } + + /** + * @return bool + */ + protected static function testJITOnWindows() + { + // see https://github.com/php/php-src/issues/11917 + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' && function_exists('opcache_get_status') && PHP_VERSION_ID < 80213 && !defined('PHPSECLIB_ALLOW_JIT')) { + $status = opcache_get_status(); + if ($status && isset($status['jit']) && $status['jit']['enabled'] && $status['jit']['on']) { + return true; + } + } + return false; + } + + /** + * Return the size of a BigInteger in bits + */ + public function getLength(): int + { + $max = count($this->value) - 1; + return $max != -1 ? + $max * static::BASE + intval(ceil(log($this->value[$max] + 1, 2))) : + 0; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Base.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Base.php new file mode 100644 index 0000000..cc4da2a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Base.php @@ -0,0 +1,122 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\PHP; + +/** + * PHP Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Base extends PHP +{ + /** + * Cache constants + * + * $cache[self::VARIABLE] tells us whether or not the cached data is still valid. + */ + public const VARIABLE = 0; + /** + * $cache[self::DATA] contains the cached data. + */ + public const DATA = 1; + + /** + * Test for engine validity + */ + public static function isValidEngine(): bool + { + return static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + * + * The most naive approach to modular exponentiation has very unreasonable requirements, and + * and although the approach involving repeated squaring does vastly better, it, too, is impractical + * for our purposes. The reason being that division - by far the most complicated and time-consuming + * of the basic operations (eg. +,-,*,/) - occurs multiple times within it. + * + * Modular reductions resolve this issue. Although an individual modular reduction takes more time + * then an individual division, when performed in succession (with the same modulo), they're a lot faster. + * + * The two most commonly used modular reductions are Barrett and Montgomery reduction. Montgomery reduction, + * although faster, only works when the gcd of the modulo and of the base being used is 1. In RSA, when the + * base is a power of two, the modulo - a product of two primes - is always going to have a gcd of 1 (because + * the product of two odd numbers is odd), but what about when RSA isn't used? + * + * In contrast, Barrett reduction has no such constraint. As such, some bigint implementations perform a + * Barrett reduction after every operation in the modpow function. Others perform Barrett reductions when the + * modulo is even and Montgomery reductions when the modulo is odd. BigInteger.java's modPow method, however, + * uses a trick involving the Chinese Remainder Theorem to factor the even modulo into two numbers - one odd and + * the other, a power of two - and recombine them, later. This is the method that this modPow function uses. + * {@link http://islab.oregonstate.edu/papers/j34monex.pdf Montgomery Reduction with Even Modulus} elaborates. + */ + protected static function powModHelper(PHP $x, PHP $e, PHP $n, string $class): PHP + { + if (empty($e->value)) { + $temp = new $class(); + $temp->value = [1]; + return $x->normalize($temp); + } + + if ($e->value == [1]) { + [, $temp] = $x->divide($n); + return $x->normalize($temp); + } + + if ($e->value == [2]) { + $temp = new $class(); + $temp->value = $class::square($x->value); + [, $temp] = $temp->divide($n); + return $x->normalize($temp); + } + + return $x->normalize(static::slidingWindow($x, $e, $n, $class)); + } + + /** + * Modular reduction preparation + * + * @see self::slidingWindow() + */ + protected static function prepareReduce(array $x, array $n, string $class): array + { + return static::reduce($x, $n, $class); + } + + /** + * Modular multiply + * + * @see self::slidingWindow() + */ + protected static function multiplyReduce(array $x, array $y, array $n, string $class): array + { + $temp = $class::multiplyHelper($x, false, $y, false); + return static::reduce($temp[self::VALUE], $n, $class); + } + + /** + * Modular square + * + * @see self::slidingWindow() + */ + protected static function squareReduce(array $x, array $n, string $class): array + { + return static::reduce($class::square($x), $n, $class); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/DefaultEngine.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/DefaultEngine.php new file mode 100644 index 0000000..fdce27f --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/DefaultEngine.php @@ -0,0 +1,27 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\PHP\Reductions\EvalBarrett; + +/** + * PHP Default Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class DefaultEngine extends EvalBarrett +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php new file mode 100644 index 0000000..40ddb0a --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php @@ -0,0 +1,86 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\Engine; +use phpseclib3\Math\BigInteger\Engines\PHP; +use phpseclib3\Math\BigInteger\Engines\PHP\Reductions\PowerOfTwo; + +/** + * PHP Montgomery Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Montgomery extends Base +{ + /** + * Test for engine validity + */ + public static function isValidEngine(): bool + { + return static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + * + * @template T of Engine + * @param class-string $class + * @return T + */ + protected static function slidingWindow(Engine $x, Engine $e, Engine $n, string $class) + { + // is the modulo odd? + if ($n->value[0] & 1) { + return parent::slidingWindow($x, $e, $n, $class); + } + // if it's not, it's even + + // find the lowest set bit (eg. the max pow of 2 that divides $n) + for ($i = 0; $i < count($n->value); ++$i) { + if ($n->value[$i]) { + $temp = decbin($n->value[$i]); + $j = strlen($temp) - strrpos($temp, '1') - 1; + $j += $class::BASE * $i; + break; + } + } + // at this point, 2^$j * $n/(2^$j) == $n + + $mod1 = clone $n; + $mod1->rshift($j); + $mod2 = new $class(); + $mod2->value = [1]; + $mod2->lshift($j); + + $part1 = $mod1->value != [1] ? parent::slidingWindow($x, $e, $mod1, $class) : new $class(); + $part2 = PowerOfTwo::slidingWindow($x, $e, $mod2, $class); + + $y1 = $mod2->modInverse($mod1); + $y2 = $mod1->modInverse($mod2); + + $result = $part1->multiply($mod2); + $result = $result->multiply($y1); + + $temp = $part2->multiply($mod1); + $temp = $temp->multiply($y2); + + $result = $result->add($temp); + [, $result] = $result->divide($n); + + return $result; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/OpenSSL.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/OpenSSL.php new file mode 100644 index 0000000..7b721c7 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/OpenSSL.php @@ -0,0 +1,27 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\OpenSSL as Progenitor; + +/** + * OpenSSL Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class OpenSSL extends Progenitor +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Barrett.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Barrett.php new file mode 100644 index 0000000..aeecb9b --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Barrett.php @@ -0,0 +1,268 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP; +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Barrett extends Base +{ + /** + * Barrett Modular Reduction + * + * See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=14 HAC 14.3.3} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=165 MPM 6.2.5} for more information. Modified slightly, + * so as not to require negative numbers (initially, this script didn't support negative numbers). + * + * Employs "folding", as described at + * {@link http://www.cosic.esat.kuleuven.be/publications/thesis-149.pdf#page=66 thesis-149.pdf#page=66}. To quote from + * it, "the idea [behind folding] is to find a value x' such that x (mod m) = x' (mod m), with x' being smaller than x." + * + * Unfortunately, the "Barrett Reduction with Folding" algorithm described in thesis-149.pdf is not, as written, all that + * usable on account of (1) its not using reasonable radix points as discussed in + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=162 MPM 6.2.2} and (2) the fact that, even with reasonable + * radix points, it only works when there are an even number of digits in the denominator. The reason for (2) is that + * (x >> 1) + (x >> 1) != x / 2 + x / 2. If x is even, they're the same, but if x is odd, they're not. See the in-line + * comments for details. + * + * @param class-string $class + */ + protected static function reduce(array $n, array $m, string $class): array + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [], + ]; + + $m_length = count($m); + + // if (self::compareHelper($n, $static::square($m)) >= 0) { + if (count($n) >= 2 * $m_length) { + $lhs = new $class(); + $rhs = new $class(); + $lhs->value = $n; + $rhs->value = $m; + [, $temp] = $lhs->divide($rhs); + return $temp->value; + } + + // if (m.length >> 1) + 2 <= m.length then m is too small and n can't be reduced + if ($m_length < 5) { + return self::regularBarrett($n, $m, $class); + } + // n = 2 * m.length + + if (($key = array_search($m, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $m; + + $lhs = new $class(); + $lhs_value = &$lhs->value; + $lhs_value = self::array_repeat(0, $m_length + ($m_length >> 1)); + $lhs_value[] = 1; + $rhs = new $class(); + $rhs->value = $m; + + [$u, $m1] = $lhs->divide($rhs); + $u = $u->value; + $m1 = $m1->value; + + $cache[self::DATA][] = [ + 'u' => $u, // m.length >> 1 (technically (m.length >> 1) + 1) + 'm1' => $m1, // m.length + ]; + } else { + extract($cache[self::DATA][$key]); + } + + $cutoff = $m_length + ($m_length >> 1); + $lsd = array_slice($n, 0, $cutoff); // m.length + (m.length >> 1) + $msd = array_slice($n, $cutoff); // m.length >> 1 + + $lsd = self::trim($lsd); + $temp = $class::multiplyHelper($msd, false, $m1, false); // m.length + (m.length >> 1) + $n = $class::addHelper($lsd, false, $temp[self::VALUE], false); // m.length + (m.length >> 1) + 1 (so basically we're adding two same length numbers) + //if ($m_length & 1) { + // return self::regularBarrett($n[self::VALUE], $m, $class); + //} + + // (m.length + (m.length >> 1) + 1) - (m.length - 1) == (m.length >> 1) + 2 + $temp = array_slice($n[self::VALUE], $m_length - 1); + // if even: ((m.length >> 1) + 2) + (m.length >> 1) == m.length + 2 + // if odd: ((m.length >> 1) + 2) + (m.length >> 1) == (m.length - 1) + 2 == m.length + 1 + $temp = $class::multiplyHelper($temp, false, $u, false); + // if even: (m.length + 2) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + 1 + // if odd: (m.length + 1) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + $temp = array_slice($temp[self::VALUE], ($m_length >> 1) + 1); + // if even: (m.length - (m.length >> 1) + 1) + m.length = 2 * m.length - (m.length >> 1) + 1 + // if odd: (m.length - (m.length >> 1)) + m.length = 2 * m.length - (m.length >> 1) + $temp = $class::multiplyHelper($temp, false, $m, false); + + // at this point, if m had an odd number of digits, we'd be subtracting a 2 * m.length - (m.length >> 1) digit + // number from a m.length + (m.length >> 1) + 1 digit number. ie. there'd be an extra digit and the while loop + // following this comment would loop a lot (hence our calling _regularBarrett() in that situation). + + $result = $class::subtractHelper($n[self::VALUE], false, $temp[self::VALUE], false); + + while (self::compareHelper($result[self::VALUE], $result[self::SIGN], $m, false) >= 0) { + $result = $class::subtractHelper($result[self::VALUE], $result[self::SIGN], $m, false); + } + + return $result[self::VALUE]; + } + + /** + * (Regular) Barrett Modular Reduction + * + * For numbers with more than four digits BigInteger::_barrett() is faster. The difference between that and this + * is that this function does not fold the denominator into a smaller form. + */ + private static function regularBarrett(array $x, array $n, string $class): array + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [], + ]; + + $n_length = count($n); + + if (count($x) > 2 * $n_length) { + $lhs = new $class(); + $rhs = new $class(); + $lhs->value = $x; + $rhs->value = $n; + [, $temp] = $lhs->divide($rhs); + return $temp->value; + } + + if (($key = array_search($n, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $n; + $lhs = new $class(); + $lhs_value = &$lhs->value; + $lhs_value = self::array_repeat(0, 2 * $n_length); + $lhs_value[] = 1; + $rhs = new $class(); + $rhs->value = $n; + [$temp, ] = $lhs->divide($rhs); // m.length + $cache[self::DATA][] = $temp->value; + } + + // 2 * m.length - (m.length - 1) = m.length + 1 + $temp = array_slice($x, $n_length - 1); + // (m.length + 1) + m.length = 2 * m.length + 1 + $temp = $class::multiplyHelper($temp, false, $cache[self::DATA][$key], false); + // (2 * m.length + 1) - (m.length - 1) = m.length + 2 + $temp = array_slice($temp[self::VALUE], $n_length + 1); + + // m.length + 1 + $result = array_slice($x, 0, $n_length + 1); + // m.length + 1 + $temp = self::multiplyLower($temp, false, $n, false, $n_length + 1, $class); + // $temp == array_slice($class::regularMultiply($temp, false, $n, false)->value, 0, $n_length + 1) + + if (self::compareHelper($result, false, $temp[self::VALUE], $temp[self::SIGN]) < 0) { + $corrector_value = self::array_repeat(0, $n_length + 1); + $corrector_value[count($corrector_value)] = 1; + $result = $class::addHelper($result, false, $corrector_value, false); + $result = $result[self::VALUE]; + } + + // at this point, we're subtracting a number with m.length + 1 digits from another number with m.length + 1 digits + $result = $class::subtractHelper($result, false, $temp[self::VALUE], $temp[self::SIGN]); + while (self::compareHelper($result[self::VALUE], $result[self::SIGN], $n, false) > 0) { + $result = $class::subtractHelper($result[self::VALUE], $result[self::SIGN], $n, false); + } + + return $result[self::VALUE]; + } + + /** + * Performs long multiplication up to $stop digits + * + * If you're going to be doing array_slice($product->value, 0, $stop), some cycles can be saved. + * + * @see self::regularBarrett() + */ + private static function multiplyLower(array $x_value, bool $x_negative, array $y_value, bool $y_negative, int $stop, string $class): array + { + $x_length = count($x_value); + $y_length = count($y_value); + + if (!$x_length || !$y_length) { // a 0 is being multiplied + return [ + self::VALUE => [], + self::SIGN => false, + ]; + } + + if ($x_length < $y_length) { + $temp = $x_value; + $x_value = $y_value; + $y_value = $temp; + + $x_length = count($x_value); + $y_length = count($y_value); + } + + $product_value = self::array_repeat(0, $x_length + $y_length); + + // the following for loop could be removed if the for loop following it + // (the one with nested for loops) initially set $i to 0, but + // doing so would also make the result in one set of unnecessary adds, + // since on the outermost loops first pass, $product->value[$k] is going + // to always be 0 + + $carry = 0; + + for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0, $k = $i + $temp = $x_value[$j] * $y_value[0] + $carry; // $product_value[$k] == 0 + $carry = $class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$j] = (int) ($temp - $class::BASE_FULL * $carry); + } + + if ($j < $stop) { + $product_value[$j] = $carry; + } + + // the above for loop is what the previous comment was talking about. the + // following for loop is the "one with nested for loops" + + for ($i = 1; $i < $y_length; ++$i) { + $carry = 0; + + for ($j = 0, $k = $i; $j < $x_length && $k < $stop; ++$j, ++$k) { + $temp = $product_value[$k] + $x_value[$j] * $y_value[$i] + $carry; + $carry = $class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$k] = (int) ($temp - $class::BASE_FULL * $carry); + } + + if ($k < $stop) { + $product_value[$k] = $carry; + } + } + + return [ + self::VALUE => self::trim($product_value), + self::SIGN => $x_negative != $y_negative, + ]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Classic.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Classic.php new file mode 100644 index 0000000..537a9d2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Classic.php @@ -0,0 +1,39 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Classic Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Classic extends Base +{ + /** + * Regular Division + */ + protected static function reduce(array $x, array $n, string $class): array + { + $lhs = new $class(); + $lhs->value = $x; + $rhs = new $class(); + $rhs->value = $n; + [, $temp] = $lhs->divide($rhs); + return $temp->value; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php new file mode 100644 index 0000000..fee7ad2 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php @@ -0,0 +1,444 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP; +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Dynamic Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class EvalBarrett extends Base +{ + /** + * Custom Reduction Function + * + * @see self::generateCustomReduction + */ + private static $custom_reduction; + + /** + * Barrett Modular Reduction + * + * This calls a dynamically generated loop unrolled function that's specific to a given modulo. + * Array lookups are avoided as are if statements testing for how many bits the host OS supports, etc. + */ + protected static function reduce(array $n, array $m, string $class): array + { + $inline = self::$custom_reduction; + return $inline($n); + } + + /** + * Generate Custom Reduction + */ + protected static function generateCustomReduction(PHP $m, string $class): callable + { + $m_length = count($m->value); + + if ($m_length < 5) { + $code = ' + $lhs = new ' . $class . '(); + $lhs->value = $x; + $rhs = new ' . $class . '(); + $rhs->value = [' . + implode(',', array_map(self::class . '::float2string', $m->value)) . ']; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + '; + eval('$func = function ($x) { ' . $code . '};'); + self::$custom_reduction = $func; + //self::$custom_reduction = \Closure::bind($func, $m, $class); + return $func; + } + + $lhs = new $class(); + $lhs_value = &$lhs->value; + + $lhs_value = self::array_repeat(0, $m_length + ($m_length >> 1)); + $lhs_value[] = 1; + $rhs = new $class(); + + [$u, $m1] = $lhs->divide($m); + + if ($class::BASE != 26) { + $u = $u->value; + } else { + $lhs_value = self::array_repeat(0, 2 * $m_length); + $lhs_value[] = 1; + $rhs = new $class(); + + [$u] = $lhs->divide($m); + $u = $u->value; + } + + $m = $m->value; + $m1 = $m1->value; + + $cutoff = count($m) + (count($m) >> 1); + + $code = ' + if (count($n) >= ' . (2 * count($m)) . ') { + $lhs = new ' . $class . '(); + $rhs = new ' . $class . '(); + $lhs->value = $n; + $rhs->value = [' . + implode(',', array_map(self::class . '::float2string', $m)) . ']; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + $lsd = array_slice($n, 0, ' . $cutoff . '); + $msd = array_slice($n, ' . $cutoff . ');'; + + $code .= self::generateInlineTrim('msd'); + $code .= self::generateInlineMultiply('msd', $m1, 'temp', $class); + $code .= self::generateInlineAdd('lsd', 'temp', 'n', $class); + + $code .= '$temp = array_slice($n, ' . (count($m) - 1) . ');'; + $code .= self::generateInlineMultiply('temp', $u, 'temp2', $class); + $code .= self::generateInlineTrim('temp2'); + + $code .= $class::BASE == 26 ? + '$temp = array_slice($temp2, ' . (count($m) + 1) . ');' : + '$temp = array_slice($temp2, ' . ((count($m) >> 1) + 1) . ');'; + $code .= self::generateInlineMultiply('temp', $m, 'temp2', $class); + $code .= self::generateInlineTrim('temp2'); + + /* + if ($class::BASE == 26) { + $code.= '$n = array_slice($n, 0, ' . (count($m) + 1) . '); + $temp2 = array_slice($temp2, 0, ' . (count($m) + 1) . ');'; + } + */ + + $code .= self::generateInlineSubtract2('n', 'temp2', 'temp', $class); + + $subcode = self::generateInlineSubtract1('temp', $m, 'temp2', $class); + $subcode .= '$temp = $temp2;'; + + $code .= self::generateInlineCompare($m, 'temp', $subcode); + + $code .= 'return $temp;'; + + eval('$func = function ($n) { ' . $code . '};'); + + self::$custom_reduction = $func; + + return $func; + + //self::$custom_reduction = \Closure::bind($func, $m, $class); + } + + /** + * Inline Trim + * + * Removes leading zeros + */ + private static function generateInlineTrim(string $name): string + { + return ' + for ($i = count($' . $name . ') - 1; $i >= 0; --$i) { + if ($' . $name . '[$i]) { + break; + } + unset($' . $name . '[$i]); + }'; + } + + /** + * Inline Multiply (unknown, known) + */ + private static function generateInlineMultiply(string $input, array $arr, string $output, string $class): string + { + if (!count($arr)) { + return 'return [];'; + } + + $regular = ' + $length = count($' . $input . '); + if (!$length) { + $' . $output . ' = []; + }else{ + $' . $output . ' = array_fill(0, $length + ' . count($arr) . ', 0); + $carry = 0;'; + + for ($i = 0; $i < count($arr); $i++) { + $regular .= ' + $subtemp = $' . $input . '[0] * ' . $arr[$i]; + $regular .= $i ? ' + $carry;' : ';'; + + $regular .= '$carry = '; + $regular .= $class::BASE === 26 ? + 'intval($subtemp / 0x4000000);' : + '$subtemp >> 31;'; + $regular .= + '$' . $output . '[' . $i . '] = '; + if ($class::BASE === 26) { + $regular .= '(int) ('; + } + $regular .= '$subtemp - ' . $class::BASE_FULL . ' * $carry'; + $regular .= $class::BASE === 26 ? ');' : ';'; + } + + $regular .= '$' . $output . '[' . count($arr) . '] = $carry;'; + + $regular .= ' + for ($i = 1; $i < $length; ++$i) {'; + + for ($j = 0; $j < count($arr); $j++) { + $regular .= $j ? '$k++;' : '$k = $i;'; + $regular .= ' + $subtemp = $' . $output . '[$k] + $' . $input . '[$i] * ' . $arr[$j]; + $regular .= $j ? ' + $carry;' : ';'; + + $regular .= '$carry = '; + $regular .= $class::BASE === 26 ? + 'intval($subtemp / 0x4000000);' : + '$subtemp >> 31;'; + $regular .= + '$' . $output . '[$k] = '; + if ($class::BASE === 26) { + $regular .= '(int) ('; + } + $regular .= '$subtemp - ' . $class::BASE_FULL . ' * $carry'; + $regular .= $class::BASE === 26 ? ');' : ';'; + } + + $regular .= '$' . $output . '[++$k] = $carry; $carry = 0;'; + + $regular .= '}}'; + + //if (count($arr) < 2 * self::KARATSUBA_CUTOFF) { + //} + + return $regular; + } + + /** + * Inline Addition + */ + private static function generateInlineAdd(string $x, string $y, string $result, string $class): string + { + $code = ' + $length = max(count($' . $x . '), count($' . $y . ')); + $' . $result . ' = array_pad($' . $x . ', $length + 1, 0); + $_' . $y . ' = array_pad($' . $y . ', $length, 0); + $carry = 0; + for ($i = 0, $j = 1; $j < $length; $i+=2, $j+=2) { + $sum = ($' . $result . '[$j] + $_' . $y . '[$j]) * ' . $class::BASE_FULL . ' + + $' . $result . '[$i] + $_' . $y . '[$i] + + $carry; + $carry = $sum >= ' . self::float2string($class::MAX_DIGIT2) . '; + $sum = $carry ? $sum - ' . self::float2string($class::MAX_DIGIT2) . ' : $sum;'; + + $code .= $class::BASE === 26 ? + '$upper = intval($sum / 0x4000000); $' . $result . '[$i] = (int) ($sum - ' . $class::BASE_FULL . ' * $upper);' : + '$upper = $sum >> 31; $' . $result . '[$i] = $sum - ' . $class::BASE_FULL . ' * $upper;'; + $code .= ' + $' . $result . '[$j] = $upper; + } + if ($j == $length) { + $sum = $' . $result . '[$i] + $_' . $y . '[$i] + $carry; + $carry = $sum >= ' . self::float2string($class::BASE_FULL) . '; + $' . $result . '[$i] = $carry ? $sum - ' . self::float2string($class::BASE_FULL) . ' : $sum; + ++$i; + } + if ($carry) { + for (; $' . $result . '[$i] == ' . $class::MAX_DIGIT . '; ++$i) { + $' . $result . '[$i] = 0; + } + ++$' . $result . '[$i]; + }'; + $code .= self::generateInlineTrim($result); + + return $code; + } + + /** + * Inline Subtraction 2 + * + * For when $known is more digits than $unknown. This is the harder use case to optimize for. + */ + private static function generateInlineSubtract2(string $known, string $unknown, string $result, string $class): string + { + $code = ' + $' . $result . ' = $' . $known . '; + $carry = 0; + $size = count($' . $unknown . '); + for ($i = 0, $j = 1; $j < $size; $i+= 2, $j+= 2) { + $sum = ($' . $known . '[$j] - $' . $unknown . '[$j]) * ' . $class::BASE_FULL . ' + $' . $known . '[$i] + - $' . $unknown . '[$i] + - $carry; + $carry = $sum < 0; + if ($carry) { + $sum+= ' . self::float2string($class::MAX_DIGIT2) . '; + } + $subtemp = '; + $code .= $class::BASE === 26 ? + 'intval($sum / 0x4000000);' : + '$sum >> 31;'; + $code .= '$' . $result . '[$i] = '; + if ($class::BASE === 26) { + $code .= '(int) ('; + } + $code .= '$sum - ' . $class::BASE_FULL . ' * $subtemp'; + if ($class::BASE === 26) { + $code .= ')'; + } + $code .= '; + $' . $result . '[$j] = $subtemp; + } + if ($j == $size) { + $sum = $' . $known . '[$i] - $' . $unknown . '[$i] - $carry; + $carry = $sum < 0; + $' . $result . '[$i] = $carry ? $sum + ' . $class::BASE_FULL . ' : $sum; + ++$i; + } + + if ($carry) { + for (; !$' . $result . '[$i]; ++$i) { + $' . $result . '[$i] = ' . $class::MAX_DIGIT . '; + } + --$' . $result . '[$i]; + }'; + + $code .= self::generateInlineTrim($result); + + return $code; + } + + /** + * Inline Subtraction 1 + * + * For when $unknown is more digits than $known. This is the easier use case to optimize for. + */ + private static function generateInlineSubtract1(string $unknown, array $known, string $result, string $class): string + { + $code = '$' . $result . ' = $' . $unknown . ';'; + for ($i = 0, $j = 1; $j < count($known); $i += 2, $j += 2) { + $code .= '$sum = $' . $unknown . '[' . $j . '] * ' . $class::BASE_FULL . ' + $' . $unknown . '[' . $i . '] - '; + $code .= self::float2string($known[$j] * $class::BASE_FULL + $known[$i]); + if ($i != 0) { + $code .= ' - $carry'; + } + + $code .= '; + if ($carry = $sum < 0) { + $sum+= ' . self::float2string($class::MAX_DIGIT2) . '; + } + $subtemp = '; + $code .= $class::BASE === 26 ? + 'intval($sum / 0x4000000);' : + '$sum >> 31;'; + $code .= ' + $' . $result . '[' . $i . '] = '; + if ($class::BASE === 26) { + $code .= ' (int) ('; + } + $code .= '$sum - ' . $class::BASE_FULL . ' * $subtemp'; + if ($class::BASE === 26) { + $code .= ')'; + } + $code .= '; + $' . $result . '[' . $j . '] = $subtemp;'; + } + + $code .= '$i = ' . $i . ';'; + + if ($j == count($known)) { + $code .= ' + $sum = $' . $unknown . '[' . $i . '] - ' . $known[$i] . ' - $carry; + $carry = $sum < 0; + $' . $result . '[' . $i . '] = $carry ? $sum + ' . $class::BASE_FULL . ' : $sum; + ++$i;'; + } + + $code .= ' + if ($carry) { + for (; !$' . $result . '[$i]; ++$i) { + $' . $result . '[$i] = ' . $class::MAX_DIGIT . '; + } + --$' . $result . '[$i]; + }'; + $code .= self::generateInlineTrim($result); + + return $code; + } + + /** + * Inline Comparison + * + * If $unknown >= $known then loop + */ + private static function generateInlineCompare(array $known, string $unknown, string $subcode): string + { + $uniqid = uniqid(); + $code = 'loop_' . $uniqid . ': + $clength = count($' . $unknown . '); + switch (true) { + case $clength < ' . count($known) . ': + goto end_' . $uniqid . '; + case $clength > ' . count($known) . ':'; + for ($i = count($known) - 1; $i >= 0; $i--) { + $code .= ' + case $' . $unknown . '[' . $i . '] > ' . $known[$i] . ': + goto subcode_' . $uniqid . '; + case $' . $unknown . '[' . $i . '] < ' . $known[$i] . ': + goto end_' . $uniqid . ';'; + } + $code .= ' + default: + // do subcode + } + + subcode_' . $uniqid . ':' . $subcode . ' + goto loop_' . $uniqid . '; + + end_' . $uniqid . ':'; + + return $code; + } + + /** + * Convert a float to a string + * + * If you do echo floatval(pow(2, 52)) you'll get 4.6116860184274E+18. It /can/ be displayed without a loss of + * precision but displayed in this way there will be precision loss, hence the need for this method. + * + * @param int|float $num + */ + private static function float2string($num): string + { + if (!is_float($num)) { + return (string) $num; + } + + if ($num < 0) { + return '-' . self::float2string(abs($num)); + } + + $temp = ''; + while ($num) { + $temp = fmod($num, 10) . $temp; + $num = floor($num / 10); + } + + return $temp; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Montgomery.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Montgomery.php new file mode 100644 index 0000000..d7a38b6 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Montgomery.php @@ -0,0 +1,114 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP\Montgomery as Progenitor; + +/** + * PHP Montgomery Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Montgomery extends Progenitor +{ + /** + * Prepare a number for use in Montgomery Modular Reductions + */ + protected static function prepareReduce(array $x, array $n, string $class): array + { + $lhs = new $class(); + $lhs->value = array_merge(self::array_repeat(0, count($n)), $x); + $rhs = new $class(); + $rhs->value = $n; + + [, $temp] = $lhs->divide($rhs); + return $temp->value; + } + + /** + * Montgomery Multiply + * + * Interleaves the montgomery reduction and long multiplication algorithms together as described in + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36} + */ + protected static function reduce(array $x, array $n, string $class): array + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [], + ]; + + if (($key = array_search($n, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $x; + $cache[self::DATA][] = self::modInverse67108864($n, $class); + } + + $k = count($n); + + $result = [self::VALUE => $x]; + + for ($i = 0; $i < $k; ++$i) { + $temp = $result[self::VALUE][$i] * $cache[self::DATA][$key]; + $temp = $temp - $class::BASE_FULL * ($class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31)); + $temp = $class::regularMultiply([$temp], $n); + $temp = array_merge(self::array_repeat(0, $i), $temp); + $result = $class::addHelper($result[self::VALUE], false, $temp, false); + } + + $result[self::VALUE] = array_slice($result[self::VALUE], $k); + + if (self::compareHelper($result, false, $n, false) >= 0) { + $result = $class::subtractHelper($result[self::VALUE], false, $n, false); + } + + return $result[self::VALUE]; + } + + /** + * Modular Inverse of a number mod 2**26 (eg. 67108864) + * + * Based off of the bnpInvDigit function implemented and justified in the following URL: + * + * {@link http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js} + * + * The following URL provides more info: + * + * {@link http://groups.google.com/group/sci.crypt/msg/7a137205c1be7d85} + * + * As for why we do all the bitmasking... strange things can happen when converting from floats to ints. For + * instance, on some computers, var_dump((int) -4294967297) yields int(-1) and on others, it yields + * int(-2147483648). To avoid problems stemming from this, we use bitmasks to guarantee that ints aren't + * auto-converted to floats. The outermost bitmask is present because without it, there's no guarantee that + * the "residue" returned would be the so-called "common residue". We use fmod, in the last step, because the + * maximum possible $x is 26 bits and the maximum $result is 16 bits. Thus, we have to be able to handle up to + * 40 bits, which only 64-bit floating points will support. + * + * Thanks to Pedro Gimeno Fortea for input! + */ + protected static function modInverse67108864(array $x, string $class): int // 2**26 == 67,108,864 + { + $x = -$x[0]; + $result = $x & 0x3; // x**-1 mod 2**2 + $result = ($result * (2 - $x * $result)) & 0xF; // x**-1 mod 2**4 + $result = ($result * (2 - ($x & 0xFF) * $result)) & 0xFF; // x**-1 mod 2**8 + $result = ($result * ((2 - ($x & 0xFFFF) * $result) & 0xFFFF)) & 0xFFFF; // x**-1 mod 2**16 + $result = $class::BASE == 26 ? + fmod($result * (2 - fmod($x * $result, $class::BASE_FULL)), $class::BASE_FULL) : // x**-1 mod 2**26 + ($result * (2 - ($x * $result) % $class::BASE_FULL)) % $class::BASE_FULL; + return $result & $class::MAX_DIGIT; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/MontgomeryMult.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/MontgomeryMult.php new file mode 100644 index 0000000..03877c0 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/MontgomeryMult.php @@ -0,0 +1,74 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP; + +/** + * PHP Montgomery Modular Exponentiation Engine with interleaved multiplication + * + * @author Jim Wigginton + */ +abstract class MontgomeryMult extends Montgomery +{ + /** + * Montgomery Multiply + * + * Interleaves the montgomery reduction and long multiplication algorithms together as described in + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36} + * + * @param class-string $class + * @see self::_prepMontgomery() + * @see self::_montgomery() + */ + public static function multiplyReduce(array $x, array $y, array $m, string $class): array + { + // the following code, although not callable, can be run independently of the above code + // although the above code performed better in my benchmarks the following could might + // perform better under different circumstances. in lieu of deleting it it's just been + // made uncallable + + static $cache = [ + self::VARIABLE => [], + self::DATA => [], + ]; + + if (($key = array_search($m, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $m; + $cache[self::DATA][] = self::modInverse67108864($m, $class); + } + + $n = max(count($x), count($y), count($m)); + $x = array_pad($x, $n, 0); + $y = array_pad($y, $n, 0); + $m = array_pad($m, $n, 0); + $a = [self::VALUE => self::array_repeat(0, $n + 1)]; + for ($i = 0; $i < $n; ++$i) { + $temp = $a[self::VALUE][0] + $x[$i] * $y[0]; + $temp = $temp - $class::BASE_FULL * ($class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31)); + $temp = $temp * $cache[self::DATA][$key]; + $temp = $temp - $class::BASE_FULL * ($class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31)); + $temp = $class::addHelper($class::regularMultiply([$x[$i]], $y), false, $class::regularMultiply([$temp], $m), false); + $a = $class::addHelper($a[self::VALUE], false, $temp[self::VALUE], false); + $a[self::VALUE] = array_slice($a[self::VALUE], 1); + } + if (self::compareHelper($a[self::VALUE], false, $m, false) >= 0) { + $a = $class::subtractHelper($a[self::VALUE], false, $m, false); + } + return $a[self::VALUE]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/PowerOfTwo.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/PowerOfTwo.php new file mode 100644 index 0000000..16caf01 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP/Reductions/PowerOfTwo.php @@ -0,0 +1,51 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Power Of Two Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class PowerOfTwo extends Base +{ + /** + * Prepare a number for use in Montgomery Modular Reductions + */ + protected static function prepareReduce(array $x, array $n, string $class): array + { + return self::reduce($x, $n, $class); + } + + /** + * Power Of Two Reduction + */ + protected static function reduce(array $x, array $n, string $class): array + { + $lhs = new $class(); + $lhs->value = $x; + $rhs = new $class(); + $rhs->value = $n; + + $temp = new $class(); + $temp->value = [1]; + + $result = $lhs->bitwise_and($rhs->subtract($temp)); + return $result->value; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP32.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP32.php new file mode 100644 index 0000000..21c4084 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP32.php @@ -0,0 +1,317 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines; + +/** + * Pure-PHP 32-bit Engine. + * + * Uses 64-bit floats if int size is 4 bits + * + * @author Jim Wigginton + */ +class PHP32 extends PHP +{ + // Constants used by PHP.php + public const BASE = 26; + public const BASE_FULL = 0x4000000; + public const MAX_DIGIT = 0x3FFFFFF; + public const MSB = 0x2000000; + + /** + * MAX10 in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + public const MAX10 = 10000000; + + /** + * MAX10LEN in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + public const MAX10LEN = 7; + public const MAX_DIGIT2 = 4503599627370496; + + /** + * Initialize a PHP32 BigInteger Engine instance + * + * @see parent::initialize() + */ + protected function initialize(int $base): void + { + if ($base != 256 && $base != -256) { + parent::initialize($base); + return; + } + + $val = $this->value; + $this->value = []; + $vals = &$this->value; + $i = strlen($val); + if (!$i) { + return; + } + + while (true) { + $i -= 4; + if ($i < 0) { + if ($i == -4) { + break; + } + $val = substr($val, 0, 4 + $i); + $val = str_pad($val, 4, "\0", STR_PAD_LEFT); + if ($val == "\0\0\0\0") { + break; + } + $i = 0; + } + [, $digit] = unpack('N', substr($val, $i, 4)); + if ($digit < 0) { + $digit += 0xFFFFFFFF + 1; + } + $step = count($vals) & 3; + if ($step) { + $digit = (int) floor($digit / 2 ** (2 * $step)); + } + if ($step != 3) { + $digit = (int) fmod($digit, static::BASE_FULL); + $i++; + } + $vals[] = $digit; + } + while (end($vals) === 0) { + array_pop($vals); + } + reset($vals); + } + + /** + * Test for engine validity + * + * @see parent::__construct() + */ + public static function isValidEngine(): bool + { + return PHP_INT_SIZE >= 4 && !self::testJITOnWindows(); + } + + /** + * Adds two BigIntegers. + */ + public function add(PHP32 $y): PHP32 + { + $temp = self::addHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Subtracts two BigIntegers. + */ + public function subtract(PHP32 $y): PHP32 + { + $temp = self::subtractHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Multiplies two BigIntegers. + */ + public function multiply(PHP32 $y): PHP32 + { + $temp = self::multiplyHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @return array{PHP32, PHP32} + */ + public function divide(PHP32 $y): array + { + return $this->divideHelper($y); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @return false|PHP32 + */ + public function modInverse(PHP32 $n) + { + return $this->modInverseHelper($n); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @return PHP32[] + */ + public function extendedGCD(PHP32 $n): array + { + return $this->extendedGCDHelper($n); + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + */ + public function gcd(PHP32 $n): PHP32 + { + return $this->extendedGCD($n)['gcd']; + } + + /** + * Logical And + */ + public function bitwise_and(PHP32 $x): PHP32 + { + return $this->bitwiseAndHelper($x); + } + + /** + * Logical Or + */ + public function bitwise_or(PHP32 $x): PHP32 + { + return $this->bitwiseOrHelper($x); + } + + /** + * Logical Exclusive Or + */ + public function bitwise_xor(PHP32 $x): PHP32 + { + return $this->bitwiseXorHelper($x); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this is + * demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(PHP32 $y): int + { + return $this->compareHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + */ + public function equals(PHP32 $x): bool + { + return $this->value === $x->value && $this->is_negative == $x->is_negative; + } + + /** + * Performs modular exponentiation. + */ + public function modPow(PHP32 $e, PHP32 $n): PHP32 + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + */ + public function powMod(PHP32 $e, PHP32 $n): PHP32 + { + return $this->powModOuter($e, $n); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @return false|PHP32 + */ + public static function randomRangePrime(PHP32 $min, PHP32 $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + */ + public static function randomRange(PHP32 $min, PHP32 $max): PHP32 + { + return self::randomRangeHelper($min, $max); + } + + /** + * Performs exponentiation. + */ + public function pow(PHP32 $n): PHP32 + { + return $this->powHelper($n); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + */ + public static function min(PHP32 ...$nums): PHP32 + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + */ + public static function max(PHP32 ...$nums): PHP32 + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + */ + public function between(PHP32 $min, PHP32 $max): bool + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP64.php b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP64.php new file mode 100644 index 0000000..7c4ee54 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BigInteger/Engines/PHP64.php @@ -0,0 +1,320 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BigInteger\Engines; + +/** + * Pure-PHP 64-bit Engine. + * + * Uses 64-bit integers if int size is 8 bits + * + * @author Jim Wigginton + */ +class PHP64 extends PHP +{ + // Constants used by PHP.php + public const BASE = 31; + public const BASE_FULL = 0x80000000; + public const MAX_DIGIT = 0x7FFFFFFF; + public const MSB = 0x40000000; + + /** + * MAX10 in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + public const MAX10 = 1000000000; + + /** + * MAX10LEN in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + public const MAX10LEN = 9; + public const MAX_DIGIT2 = 4611686018427387904; + + /** + * Initialize a PHP64 BigInteger Engine instance + * + * @see parent::initialize() + */ + protected function initialize(int $base): void + { + if ($base != 256 && $base != -256) { + parent::initialize($base); + return; + } + + $val = $this->value; + $this->value = []; + $vals = &$this->value; + $i = strlen($val); + if (!$i) { + return; + } + + while (true) { + $i -= 4; + if ($i < 0) { + if ($i == -4) { + break; + } + $val = substr($val, 0, 4 + $i); + $val = str_pad($val, 4, "\0", STR_PAD_LEFT); + if ($val == "\0\0\0\0") { + break; + } + $i = 0; + } + [, $digit] = unpack('N', substr($val, $i, 4)); + $step = count($vals) & 7; + if (!$step) { + $digit &= static::MAX_DIGIT; + $i++; + } else { + $shift = 8 - $step; + $digit >>= $shift; + $shift = 32 - $shift; + $digit &= (1 << $shift) - 1; + $temp = $i > 0 ? ord($val[$i - 1]) : 0; + $digit |= ($temp << $shift) & 0x7F000000; + } + $vals[] = $digit; + } + while (end($vals) === 0) { + array_pop($vals); + } + reset($vals); + } + + /** + * Test for engine validity + * + * @see parent::__construct() + */ + public static function isValidEngine(): bool + { + return PHP_INT_SIZE >= 8 && !self::testJITOnWindows(); + } + + /** + * Adds two BigIntegers. + */ + public function add(PHP64 $y): PHP64 + { + $temp = self::addHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Subtracts two BigIntegers. + */ + public function subtract(PHP64 $y): PHP64 + { + $temp = self::subtractHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Multiplies two BigIntegers. + */ + public function multiply(PHP64 $y): PHP64 + { + $temp = self::multiplyHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @return array{PHP64, PHP64} + */ + public function divide(PHP64 $y): array + { + return $this->divideHelper($y); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @return false|PHP64 + */ + public function modInverse(PHP64 $n) + { + return $this->modInverseHelper($n); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @return PHP64[] + */ + public function extendedGCD(PHP64 $n): array + { + return $this->extendedGCDHelper($n); + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + */ + public function gcd(PHP64 $n): PHP64 + { + return $this->extendedGCD($n)['gcd']; + } + + /** + * Logical And + */ + public function bitwise_and(PHP64 $x): PHP64 + { + return $this->bitwiseAndHelper($x); + } + + /** + * Logical Or + */ + public function bitwise_or(PHP64 $x): PHP64 + { + return $this->bitwiseOrHelper($x); + } + + /** + * Logical Exclusive Or + */ + public function bitwise_xor(PHP64 $x): PHP64 + { + return $this->bitwiseXorHelper($x); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this is + * demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(PHP64 $y): int + { + return parent::compareHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + */ + public function equals(PHP64 $x): bool + { + return $this->value === $x->value && $this->is_negative == $x->is_negative; + } + + /** + * Performs modular exponentiation. + */ + public function modPow(PHP64 $e, PHP64 $n): PHP64 + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + * + * @return PHP64|false + */ + public function powMod(PHP64 $e, PHP64 $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @return false|PHP64 + */ + public static function randomRangePrime(PHP64 $min, PHP64 $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + */ + public static function randomRange(PHP64 $min, PHP64 $max): PHP64 + { + return self::randomRangeHelper($min, $max); + } + + /** + * Performs exponentiation. + */ + public function pow(PHP64 $n): PHP64 + { + return $this->powHelper($n); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + */ + public static function min(PHP64 ...$nums): PHP64 + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + */ + public static function max(PHP64 ...$nums): PHP64 + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + */ + public function between(PHP64 $min, PHP64 $max): bool + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BinaryField.php b/qa-tool/htdocs/oidc/phpseclib/Math/BinaryField.php new file mode 100644 index 0000000..ef92142 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BinaryField.php @@ -0,0 +1,192 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +declare(strict_types=1); + +namespace phpseclib3\Math; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\OutOfBoundsException; +use phpseclib3\Math\BinaryField\Integer; +use phpseclib3\Math\Common\FiniteField; + +/** + * Binary Finite Fields + * + * @author Jim Wigginton + */ +class BinaryField extends FiniteField +{ + /** + * Instance Counter + * + * @var int + */ + private static $instanceCounter = 0; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** @var BigInteger */ + private $randomMax; + + /** + * Default constructor + */ + public function __construct(...$indices) + { + $m = array_shift($indices); + if ($m > 571) { + /* sect571r1 and sect571k1 are the largest binary curves that https://www.secg.org/sec2-v2.pdf defines + altho theoretically there may be legit reasons to use binary finite fields with larger degrees + imposing a limit on the maximum size is both reasonable and precedented. in particular, + http://tools.ietf.org/html/rfc4253#section-6.1 (The Secure Shell (SSH) Transport Layer Protocol) says + "implementations SHOULD check that the packet length is reasonable in order for the implementation to + avoid denial of service and/or buffer overflow attacks" */ + throw new OutOfBoundsException('Degrees larger than 571 are not supported'); + } + $val = str_repeat('0', $m) . '1'; + foreach ($indices as $index) { + $val[$index] = '1'; + } + $modulo = static::base2ToBase256(strrev($val)); + + $mStart = 2 * $m - 2; + $t = (int) ceil($m / 8); + $finalMask = chr((1 << ($m % 8)) - 1); + if ($finalMask == "\0") { + $finalMask = "\xFF"; + } + $bitLen = $mStart + 1; + $pad = (int) ceil($bitLen / 8); + $h = $bitLen & 7; + $h = $h ? 8 - $h : 0; + + $r = rtrim(substr($val, 0, -1), '0'); + $u = [static::base2ToBase256(strrev($r))]; + for ($i = 1; $i < 8; $i++) { + $u[] = static::base2ToBase256(strrev(str_repeat('0', $i) . $r)); + } + + // implements algorithm 2.40 (in section 2.3.5) in "Guide to Elliptic Curve Cryptography" + // with W = 8 + $reduce = function ($c) use ($u, $mStart, $m, $t, $finalMask, $pad, $h) { + $c = str_pad($c, $pad, "\0", STR_PAD_LEFT); + for ($i = $mStart; $i >= $m;) { + $g = $h >> 3; + $mask = $h & 7; + $mask = $mask ? 1 << (7 - $mask) : 0x80; + for (; $mask > 0; $mask >>= 1, $i--, $h++) { + if (ord($c[$g]) & $mask) { + $temp = $i - $m; + $j = $temp >> 3; + $k = $temp & 7; + $t1 = $j ? substr($c, 0, -$j) : $c; + $length = strlen($t1); + if ($length) { + $t2 = str_pad($u[$k], $length, "\0", STR_PAD_LEFT); + $temp = $t1 ^ $t2; + $c = $j ? substr_replace($c, $temp, 0, $length) : $temp; + } + } + } + } + $c = substr($c, -$t); + if (strlen($c) == $t) { + $c[0] = $c[0] & $finalMask; + } + return ltrim($c, "\0"); + }; + + $this->instanceID = self::$instanceCounter++; + Integer::setModulo($this->instanceID, $modulo); + Integer::setRecurringModuloFunction($this->instanceID, $reduce); + + $this->randomMax = new BigInteger($modulo, 2); + } + + /** + * Returns an instance of a dynamically generated PrimeFieldInteger class + * + * @param BigInteger|string $num + */ + public function newInteger($num): Integer + { + return new Integer($this->instanceID, $num instanceof BigInteger ? $num->toBytes() : $num); + } + + /** + * Returns an integer on the finite field between one and the prime modulo + */ + public function randomInteger(): Integer + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + return new Integer($this->instanceID, BigInteger::randomRange($one, $this->randomMax)->toBytes()); + } + + /** + * Returns the length of the modulo in bytes + */ + public function getLengthInBytes(): int + { + return strlen(Integer::getModulo($this->instanceID)); + } + + /** + * Returns the length of the modulo in bits + */ + public function getLength(): int + { + return strlen(Integer::getModulo($this->instanceID)) << 3; + } + + /** + * Converts a base-2 string to a base-256 string + */ + public static function base2ToBase256(string $x, ?int $size = null): string + { + $str = Strings::bits2bin($x); + + $pad = strlen($x) >> 3; + if (strlen($x) & 3) { + $pad++; + } + $str = str_pad($str, $pad, "\0", STR_PAD_LEFT); + if (isset($size)) { + $str = str_pad($str, $size, "\0", STR_PAD_LEFT); + } + + return $str; + } + + /** + * Converts a base-256 string to a base-2 string + */ + public static function base256ToBase2(string $x): string + { + if (function_exists('gmp_import')) { + return gmp_strval(gmp_import($x), 2); + } + + return Strings::bin2bits($x); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/BinaryField/Integer.php b/qa-tool/htdocs/oidc/phpseclib/Math/BinaryField/Integer.php new file mode 100644 index 0000000..ea3b208 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/BinaryField/Integer.php @@ -0,0 +1,489 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +declare(strict_types=1); + +namespace phpseclib3\Math\BinaryField; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\BinaryField; +use phpseclib3\Math\Common\FiniteField\Integer as Base; + +/** + * Binary Finite Fields + * + * @author Jim Wigginton + */ +class Integer extends Base +{ + /** + * Holds the BinaryField's value + * + * @var string + */ + protected $value; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** + * Holds the PrimeField's modulo + * + * @var array + */ + protected static $modulo; + + /** + * Holds a pre-generated function to perform modulo reductions + * + * @var callable[] + */ + protected static $reduce; + + /** + * Default constructor + */ + public function __construct($instanceID, $num = '') + { + $this->instanceID = $instanceID; + if (!strlen($num)) { + $this->value = ''; + } else { + $reduce = static::$reduce[$instanceID]; + $this->value = $reduce($num); + } + } + + /** + * Set the modulo for a given instance + */ + public static function setModulo(int $instanceID, string $modulo): void + { + static::$modulo[$instanceID] = $modulo; + } + + /** + * Set the modulo for a given instance + */ + public static function setRecurringModuloFunction($instanceID, callable $function): void + { + static::$reduce[$instanceID] = $function; + } + + /** + * Tests a parameter to see if it's of the right instance + * + * Throws an exception if the incorrect class is being utilized + */ + private static function checkInstance(self $x, self $y): void + { + if ($x->instanceID != $y->instanceID) { + throw new UnexpectedValueException('The instances of the two BinaryField\Integer objects do not match'); + } + } + + /** + * Tests the equality of two numbers. + */ + public function equals(self $x): bool + { + static::checkInstance($this, $x); + + return $this->value == $x->value; + } + + /** + * Compares two numbers. + */ + public function compare(self $x): int + { + static::checkInstance($this, $x); + + $a = $this->value; + $b = $x->value; + + $length = max(strlen($a), strlen($b)); + + $a = str_pad($a, $length, "\0", STR_PAD_LEFT); + $b = str_pad($b, $length, "\0", STR_PAD_LEFT); + + return strcmp($a, $b); + } + + /** + * Returns the degree of the polynomial + * + * @return int + */ + private static function deg(string $x) + { + $x = ltrim($x, "\0"); + $xbit = decbin(ord($x[0])); + $xlen = $xbit == '0' ? 0 : strlen($xbit); + $len = strlen($x); + if (!$len) { + return -1; + } + return 8 * strlen($x) - 9 + $xlen; + } + + /** + * Perform polynomial division + * + * @return string[] + * @link https://en.wikipedia.org/wiki/Polynomial_greatest_common_divisor#Euclidean_division + */ + private static function polynomialDivide(string $x, string $y): array + { + // in wikipedia's description of the algorithm, lc() is the leading coefficient. over a binary field that's + // always going to be 1. + + $q = chr(0); + $d = static::deg($y); + $r = $x; + while (($degr = static::deg($r)) >= $d) { + $s = '1' . str_repeat('0', $degr - $d); + $s = BinaryField::base2ToBase256($s); + $length = max(strlen($s), strlen($q)); + $q = !isset($q) ? $s : + str_pad($q, $length, "\0", STR_PAD_LEFT) ^ + str_pad($s, $length, "\0", STR_PAD_LEFT); + $s = static::polynomialMultiply($s, $y); + $length = max(strlen($r), strlen($s)); + $r = str_pad($r, $length, "\0", STR_PAD_LEFT) ^ + str_pad($s, $length, "\0", STR_PAD_LEFT); + } + + return [ltrim($q, "\0"), ltrim($r, "\0")]; + } + + /** + * Perform polynomial multiplation in the traditional way + * + * @link https://en.wikipedia.org/wiki/Finite_field_arithmetic#Multiplication + */ + private static function regularPolynomialMultiply(string $x, string $y): string + { + $precomputed = [ltrim($x, "\0")]; + $x = strrev(BinaryField::base256ToBase2($x)); + $y = strrev(BinaryField::base256ToBase2($y)); + if (strlen($x) == strlen($y)) { + $length = strlen($x); + } else { + $length = max(strlen($x), strlen($y)); + $x = str_pad($x, $length, '0'); + $y = str_pad($y, $length, '0'); + } + $result = str_repeat('0', 2 * $length - 1); + $result = BinaryField::base2ToBase256($result); + $size = strlen($result); + $x = strrev($x); + + // precompute left shift 1 through 7 + for ($i = 1; $i < 8; $i++) { + $precomputed[$i] = BinaryField::base2ToBase256($x . str_repeat('0', $i)); + } + for ($i = 0; $i < strlen($y); $i++) { + if ($y[$i] == '1') { + $temp = $precomputed[$i & 7] . str_repeat("\0", $i >> 3); + $result ^= str_pad($temp, $size, "\0", STR_PAD_LEFT); + } + } + + return $result; + } + + /** + * Perform polynomial multiplation + * + * Uses karatsuba multiplication to reduce x-bit multiplications to a series of 32-bit multiplications + * + * @link https://en.wikipedia.org/wiki/Karatsuba_algorithm + */ + private static function polynomialMultiply(string $x, string $y): string + { + if (strlen($x) == strlen($y)) { + $length = strlen($x); + } else { + $length = max(strlen($x), strlen($y)); + $x = str_pad($x, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y, $length, "\0", STR_PAD_LEFT); + } + + switch (true) { + case PHP_INT_SIZE == 8 && $length <= 4: + return $length != 4 ? + self::subMultiply(str_pad($x, 4, "\0", STR_PAD_LEFT), str_pad($y, 4, "\0", STR_PAD_LEFT)) : + self::subMultiply($x, $y); + case PHP_INT_SIZE == 4 || $length > 32: + return self::regularPolynomialMultiply($x, $y); + } + + $m = $length >> 1; + + $x1 = substr($x, 0, -$m); + $x0 = substr($x, -$m); + $y1 = substr($y, 0, -$m); + $y0 = substr($y, -$m); + + $z2 = self::polynomialMultiply($x1, $y1); + $z0 = self::polynomialMultiply($x0, $y0); + $z1 = self::polynomialMultiply( + self::subAdd2($x1, $x0), + self::subAdd2($y1, $y0) + ); + + $z1 = self::subAdd3($z1, $z2, $z0); + + $xy = self::subAdd3( + $z2 . str_repeat("\0", 2 * $m), + $z1 . str_repeat("\0", $m), + $z0 + ); + + return ltrim($xy, "\0"); + } + + /** + * Perform polynomial multiplication on 2x 32-bit numbers, returning + * a 64-bit number + * + * @link https://www.bearssl.org/constanttime.html#ghash-for-gcm + */ + private static function subMultiply(string $x, string $y): string + { + $x = unpack('N', $x)[1]; + $y = unpack('N', $y)[1]; + + $x0 = $x & 0x11111111; + $x1 = $x & 0x22222222; + $x2 = $x & 0x44444444; + $x3 = $x & 0x88888888; + + $y0 = $y & 0x11111111; + $y1 = $y & 0x22222222; + $y2 = $y & 0x44444444; + $y3 = $y & 0x88888888; + + $z0 = ($x0 * $y0) ^ ($x1 * $y3) ^ ($x2 * $y2) ^ ($x3 * $y1); + $z1 = ($x0 * $y1) ^ ($x1 * $y0) ^ ($x2 * $y3) ^ ($x3 * $y2); + $z2 = ($x0 * $y2) ^ ($x1 * $y1) ^ ($x2 * $y0) ^ ($x3 * $y3); + $z3 = ($x0 * $y3) ^ ($x1 * $y2) ^ ($x2 * $y1) ^ ($x3 * $y0); + + $z0 &= 0x1111111111111111; + $z1 &= 0x2222222222222222; + $z2 &= 0x4444444444444444; + $z3 &= -8608480567731124088; // 0x8888888888888888 gets interpreted as a float + + $z = $z0 | $z1 | $z2 | $z3; + + return pack('J', $z); + } + + /** + * Adds two numbers + */ + private static function subAdd2(string $x, string $y): string + { + $length = max(strlen($x), strlen($y)); + $x = str_pad($x, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y, $length, "\0", STR_PAD_LEFT); + return $x ^ $y; + } + + /** + * Adds three numbers + */ + private static function subAdd3(string $x, string $y, $z): string + { + $length = max(strlen($x), strlen($y), strlen($z)); + $x = str_pad($x, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y, $length, "\0", STR_PAD_LEFT); + $z = str_pad($z, $length, "\0", STR_PAD_LEFT); + return $x ^ $y ^ $z; + } + + /** + * Adds two BinaryFieldIntegers. + * + * @return static + */ + public function add(self $y): Integer + { + static::checkInstance($this, $y); + + $length = strlen(static::$modulo[$this->instanceID]); + + $x = str_pad($this->value, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y->value, $length, "\0", STR_PAD_LEFT); + + return new static($this->instanceID, $x ^ $y); + } + + /** + * Subtracts two BinaryFieldIntegers. + * + * @return static + */ + public function subtract(self $x): Integer + { + return $this->add($x); + } + + /** + * Multiplies two BinaryFieldIntegers. + * + * @return static + */ + public function multiply(self $y): Integer + { + static::checkInstance($this, $y); + + return new static($this->instanceID, static::polynomialMultiply($this->value, $y->value)); + } + + /** + * Returns the modular inverse of a BinaryFieldInteger + * + * @return static + */ + public function modInverse(): Integer + { + $remainder0 = static::$modulo[$this->instanceID]; + $remainder1 = $this->value; + + if ($remainder1 == '') { + return new static($this->instanceID); + } + + $aux0 = "\0"; + $aux1 = "\1"; + while ($remainder1 != "\1") { + [$q, $r] = static::polynomialDivide($remainder0, $remainder1); + $remainder0 = $remainder1; + $remainder1 = $r; + // the auxiliary in row n is given by the sum of the auxiliary in + // row n-2 and the product of the quotient and the auxiliary in row + // n-1 + $temp = static::polynomialMultiply($aux1, $q); + $aux = str_pad($aux0, strlen($temp), "\0", STR_PAD_LEFT) ^ + str_pad($temp, strlen($aux0), "\0", STR_PAD_LEFT); + $aux0 = $aux1; + $aux1 = $aux; + } + + $temp = new static($this->instanceID); + $temp->value = ltrim($aux1, "\0"); + return $temp; + } + + /** + * Divides two PrimeFieldIntegers. + * + * @return static + */ + public function divide(self $x): Integer + { + static::checkInstance($this, $x); + + $x = $x->modInverse(); + return $this->multiply($x); + } + + /** + * Negate + * + * A negative number can be written as 0-12. With modulos, 0 is the same thing as the modulo + * so 0-12 is the same thing as modulo-12 + * + * @return object + */ + public function negate() + { + $x = str_pad($this->value, strlen(static::$modulo[$this->instanceID]), "\0", STR_PAD_LEFT); + + return new static($this->instanceID, $x ^ static::$modulo[$this->instanceID]); + } + + /** + * Returns the modulo + */ + public static function getModulo(int $instanceID): string + { + return static::$modulo[$instanceID]; + } + + /** + * Converts an Integer to a byte string (eg. base-256). + */ + public function toBytes(): string + { + return str_pad($this->value, strlen(static::$modulo[$this->instanceID]), "\0", STR_PAD_LEFT); + } + + /** + * Converts an Integer to a hex string (eg. base-16). + */ + public function toHex(): string + { + return Strings::bin2hex($this->toBytes()); + } + + /** + * Converts an Integer to a bit string (eg. base-2). + */ + public function toBits(): string + { + //return str_pad(BinaryField::base256ToBase2($this->value), strlen(static::$modulo[$this->instanceID]), '0', STR_PAD_LEFT); + return BinaryField::base256ToBase2($this->value); + } + + /** + * Converts an Integer to a BigInteger + * + * @return string + */ + public function toBigInteger() + { + return new BigInteger($this->value, 256); + } + + /** + * __toString() magic method + */ + public function __toString() + { + return (string) $this->toBigInteger(); + } + + /** + * __debugInfo() magic method + */ + public function __debugInfo() + { + return ['value' => $this->toHex()]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/Common/FiniteField.php b/qa-tool/htdocs/oidc/phpseclib/Math/Common/FiniteField.php new file mode 100644 index 0000000..6e097c8 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/Common/FiniteField.php @@ -0,0 +1,24 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math\Common; + +/** + * Finite Fields + * + * @author Jim Wigginton + */ +abstract class FiniteField +{ +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/Common/FiniteField/Integer.php b/qa-tool/htdocs/oidc/phpseclib/Math/Common/FiniteField/Integer.php new file mode 100644 index 0000000..615a03e --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/Common/FiniteField/Integer.php @@ -0,0 +1,44 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math\Common\FiniteField; + +/** + * Finite Field Integer + * + * @author Jim Wigginton + */ +abstract class Integer implements \JsonSerializable +{ + /** + * JSON Serialize + * + * Will be called, automatically, when json_encode() is called on a BigInteger object. + * + * PHP Serialize isn't supported because unserializing would require the factory be + * serialized as well and that just sounds like too much + * + * @return array{hex: string} + */ + #[\ReturnTypeWillChange] + public function jsonSerialize(): array + { + return ['hex' => $this->toHex(true)]; + } + + /** + * Converts an Integer to a hex string (eg. base-16). + */ + abstract public function toHex(): string; +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/PrimeField.php b/qa-tool/htdocs/oidc/phpseclib/Math/PrimeField.php new file mode 100644 index 0000000..289cfcb --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/PrimeField.php @@ -0,0 +1,110 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +declare(strict_types=1); + +namespace phpseclib3\Math; + +use phpseclib3\Math\Common\FiniteField; +use phpseclib3\Math\PrimeField\Integer; + +/** + * Prime Finite Fields + * + * @author Jim Wigginton + */ +class PrimeField extends FiniteField +{ + /** + * Instance Counter + * + * @var int + */ + private static $instanceCounter = 0; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** + * Default constructor + */ + public function __construct(BigInteger $modulo) + { + if (!$modulo->isPrime()) { + throw new \phpseclib3\Exception\UnexpectedValueException('PrimeField requires a prime number be passed to the constructor'); + } + + $this->instanceID = self::$instanceCounter++; + Integer::setModulo($this->instanceID, $modulo); + Integer::setRecurringModuloFunction($this->instanceID, $modulo->createRecurringModuloFunction()); + } + + /** + * Use a custom defined modular reduction function + */ + public function setReduction(\Closure $func): void + { + $this->reduce = $func->bindTo($this, $this); + } + + /** + * Returns an instance of a dynamically generated PrimeFieldInteger class + */ + public function newInteger(BigInteger $num): Integer + { + return new Integer($this->instanceID, $num); + } + + /** + * Returns an integer on the finite field between one and the prime modulo + */ + public function randomInteger(): Integer + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + return new Integer($this->instanceID, BigInteger::randomRange($one, Integer::getModulo($this->instanceID))); + } + + /** + * Returns the length of the modulo in bytes + */ + public function getLengthInBytes(): int + { + return Integer::getModulo($this->instanceID)->getLengthInBytes(); + } + + /** + * Returns the length of the modulo in bits + */ + public function getLength(): int + { + return Integer::getModulo($this->instanceID)->getLength(); + } + + /** + * Destructor + */ + public function __destruct() + { + Integer::cleanupCache($this->instanceID); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Math/PrimeField/Integer.php b/qa-tool/htdocs/oidc/phpseclib/Math/PrimeField/Integer.php new file mode 100644 index 0000000..5e5ec75 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Math/PrimeField/Integer.php @@ -0,0 +1,395 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math\PrimeField; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer as Base; + +/** + * Prime Finite Fields + * + * @author Jim Wigginton + */ +class Integer extends Base +{ + /** + * Holds the PrimeField's value + * + * @var BigInteger + */ + protected $value; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** + * Holds the PrimeField's modulo + * + * @var array + */ + protected static $modulo; + + /** + * Holds a pre-generated function to perform modulo reductions + * + * @var array + */ + protected static $reduce; + + /** + * Zero + * + * @var BigInteger + */ + protected static $zero; + + /** + * Default constructor + */ + public function __construct(int $instanceID, ?BigInteger $num = null) + { + $this->instanceID = $instanceID; + if (!isset($num)) { + $this->value = clone static::$zero[static::class]; + } else { + $reduce = static::$reduce[$instanceID]; + $this->value = $reduce($num); + } + } + + /** + * Set the modulo for a given instance + */ + public static function setModulo(int $instanceID, BigInteger $modulo): void + { + static::$modulo[$instanceID] = $modulo; + } + + /** + * Set the modulo for a given instance + */ + public static function setRecurringModuloFunction(int $instanceID, callable $function): void + { + static::$reduce[$instanceID] = $function; + if (!isset(static::$zero[static::class])) { + static::$zero[static::class] = new BigInteger(); + } + } + + /** + * Delete the modulo for a given instance + */ + public static function cleanupCache(int $instanceID): void + { + unset(static::$modulo[$instanceID]); + unset(static::$reduce[$instanceID]); + } + + /** + * Returns the modulo + */ + public static function getModulo(int $instanceID): BigInteger + { + return static::$modulo[$instanceID]; + } + + /** + * Tests a parameter to see if it's of the right instance + * + * Throws an exception if the incorrect class is being utilized + */ + public static function checkInstance(self $x, self $y): void + { + if ($x->instanceID != $y->instanceID) { + throw new UnexpectedValueException('The instances of the two PrimeField\Integer objects do not match'); + } + } + + /** + * Tests the equality of two numbers. + */ + public function equals(self $x): bool + { + static::checkInstance($this, $x); + + return $this->value->equals($x->value); + } + + /** + * Compares two numbers. + */ + public function compare(self $x): int + { + static::checkInstance($this, $x); + + return $this->value->compare($x->value); + } + + /** + * Adds two PrimeFieldIntegers. + * + * @return static + */ + public function add(self $x): Integer + { + static::checkInstance($this, $x); + + $temp = new static($this->instanceID); + $temp->value = $this->value->add($x->value); + if ($temp->value->compare(static::$modulo[$this->instanceID]) >= 0) { + $temp->value = $temp->value->subtract(static::$modulo[$this->instanceID]); + } + + return $temp; + } + + /** + * Subtracts two PrimeFieldIntegers. + * + * @return static + */ + public function subtract(self $x): Integer + { + static::checkInstance($this, $x); + + $temp = new static($this->instanceID); + $temp->value = $this->value->subtract($x->value); + if ($temp->value->isNegative()) { + $temp->value = $temp->value->add(static::$modulo[$this->instanceID]); + } + + return $temp; + } + + /** + * Multiplies two PrimeFieldIntegers. + * + * @return static + */ + public function multiply(self $x): Integer + { + static::checkInstance($this, $x); + + return new static($this->instanceID, $this->value->multiply($x->value)); + } + + /** + * Divides two PrimeFieldIntegers. + * + * @return static + */ + public function divide(self $x): Integer + { + static::checkInstance($this, $x); + + $denominator = $x->value->modInverse(static::$modulo[$this->instanceID]); + return new static($this->instanceID, $this->value->multiply($denominator)); + } + + /** + * Performs power operation on a PrimeFieldInteger. + * + * @return static + */ + public function pow(BigInteger $x): Integer + { + $temp = new static($this->instanceID); + $temp->value = $this->value->powMod($x, static::$modulo[$this->instanceID]); + + return $temp; + } + + /** + * Calculates the square root + * + * @link https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm + * @return static|false + */ + public function squareRoot() + { + static $one, $two; + if (!isset($one)) { + $one = new BigInteger(1); + $two = new BigInteger(2); + } + $reduce = static::$reduce[$this->instanceID]; + $p_1 = static::$modulo[$this->instanceID]->subtract($one); + $q = clone $p_1; + $s = BigInteger::scan1divide($q); + [$pow] = $p_1->divide($two); + for ($z = $one; !$z->equals(static::$modulo[$this->instanceID]); $z = $z->add($one)) { + $temp = $z->powMod($pow, static::$modulo[$this->instanceID]); + if ($temp->equals($p_1)) { + break; + } + } + + $m = new BigInteger($s); + $c = $z->powMod($q, static::$modulo[$this->instanceID]); + $t = $this->value->powMod($q, static::$modulo[$this->instanceID]); + [$temp] = $q->add($one)->divide($two); + $r = $this->value->powMod($temp, static::$modulo[$this->instanceID]); + + while (!$t->equals($one)) { + for ($i = clone $one; $i->compare($m) < 0; $i = $i->add($one)) { + if ($t->powMod($two->pow($i), static::$modulo[$this->instanceID])->equals($one)) { + break; + } + } + + if ($i->compare($m) == 0) { + return false; + } + $b = $c->powMod($two->pow($m->subtract($i)->subtract($one)), static::$modulo[$this->instanceID]); + $m = $i; + $c = $reduce($b->multiply($b)); + $t = $reduce($t->multiply($c)); + $r = $reduce($r->multiply($b)); + } + + return new static($this->instanceID, $r); + } + + /** + * Is Odd? + */ + public function isOdd(): bool + { + return $this->value->isOdd(); + } + + /** + * Negate + * + * A negative number can be written as 0-12. With modulos, 0 is the same thing as the modulo + * so 0-12 is the same thing as modulo-12 + * + * @return static + */ + public function negate(): Integer + { + return new static($this->instanceID, static::$modulo[$this->instanceID]->subtract($this->value)); + } + + /** + * Converts an Integer to a byte string (eg. base-256). + */ + public function toBytes(): string + { + if (isset(static::$modulo[$this->instanceID])) { + $length = static::$modulo[$this->instanceID]->getLengthInBytes(); + return str_pad($this->value->toBytes(), $length, "\0", STR_PAD_LEFT); + } + return $this->value->toBytes(); + } + + /** + * Converts an Integer to a hex string (eg. base-16). + */ + public function toHex(): string + { + return Strings::bin2hex($this->toBytes()); + } + + /** + * Converts an Integer to a bit string (eg. base-2). + */ + public function toBits(): string + { + // return $this->value->toBits(); + static $length; + if (!isset($length)) { + $length = static::$modulo[$this->instanceID]->getLength(); + } + + return str_pad($this->value->toBits(), $length, '0', STR_PAD_LEFT); + } + + /** + * Returns the w-ary non-adjacent form (wNAF) + * + * @param int $w optional + * @return array + */ + public function getNAF(int $w = 1): array + { + $w++; + + $mask = new BigInteger((1 << $w) - 1); + $sub = new BigInteger(1 << $w); + //$sub = new BigInteger(1 << ($w - 1)); + $d = $this->toBigInteger(); + $d_i = []; + + $i = 0; + while ($d->compare(static::$zero[static::class]) > 0) { + if ($d->isOdd()) { + // start mods + + $bigInteger = $d->testBit($w - 1) ? + $d->bitwise_and($mask)->subtract($sub) : + //$sub->subtract($d->bitwise_and($mask)) : + $d->bitwise_and($mask); + // end mods + $d = $d->subtract($bigInteger); + $d_i[$i] = (int) $bigInteger->toString(); + } else { + $d_i[$i] = 0; + } + $shift = !$d->equals(static::$zero[static::class]) && $d->bitwise_and($mask)->equals(static::$zero[static::class]) ? $w : 1; // $w or $w + 1? + $d = $d->bitwise_rightShift($shift); + while (--$shift > 0) { + $d_i[++$i] = 0; + } + $i++; + } + + return $d_i; + } + + /** + * Converts an Integer to a BigInteger + */ + public function toBigInteger(): BigInteger + { + return clone $this->value; + } + + /** + * __toString() magic method + * + * @return string + */ + public function __toString() + { + return (string) $this->value; + } + + /** + * __debugInfo() magic method + * + * @return array + */ + public function __debugInfo() + { + return ['value' => $this->toHex()]; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Net/SFTP.php b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP.php new file mode 100644 index 0000000..0d48da1 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP.php @@ -0,0 +1,3348 @@ + + * login('username', 'password')) { + * exit('Login Failed'); + * } + * + * echo $sftp->pwd() . "\r\n"; + * $sftp->put('filename.ext', 'hello, world!'); + * print_r($sftp->nlist()); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Net; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadFunctionCallException; +use phpseclib3\Exception\FileNotFoundException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Net\SFTP\Attribute; +use phpseclib3\Net\SFTP\FileType; +use phpseclib3\Net\SFTP\OpenFlag; +use phpseclib3\Net\SFTP\OpenFlag5; +use phpseclib3\Net\SFTP\PacketType; +use phpseclib3\Net\SFTP\PacketType as SFTPPacketType; +use phpseclib3\Net\SFTP\StatusCode; +use phpseclib3\Net\SSH2\MessageType as SSH2MessageType; + +/** + * Pure-PHP implementations of SFTP. + * + * @author Jim Wigginton + */ +class SFTP extends SSH2 +{ + /** + * SFTP channel constant + * + * \phpseclib3\Net\SSH2::exec() uses 0 and \phpseclib3\Net\SSH2::read() / \phpseclib3\Net\SSH2::write() use 1. + * + * @see \phpseclib3\Net\SSH2::send_channel_packet() + * @see \phpseclib3\Net\SSH2::get_channel_packet() + */ + public const CHANNEL = 0x100; + + /** + * Reads data from a local file. + * + * @see \phpseclib3\Net\SFTP::put() + */ + public const SOURCE_LOCAL_FILE = 1; + /** + * Reads data from a string. + * + * @see \phpseclib3\Net\SFTP::put() + */ + // this value isn't really used anymore but i'm keeping it reserved for historical reasons + public const SOURCE_STRING = 2; + /** + * Reads data from callback: + * function callback($length) returns string to proceed, null for EOF + * + * @see \phpseclib3\Net\SFTP::put() + */ + public const SOURCE_CALLBACK = 16; + /** + * Resumes an upload + * + * @see \phpseclib3\Net\SFTP::put() + */ + public const RESUME = 4; + /** + * Append a local file to an already existing remote file + * + * @see \phpseclib3\Net\SFTP::put() + */ + public const RESUME_START = 8; + + /** + * The Request ID + * + * The request ID exists in the off chance that a packet is sent out-of-order. Of course, this library doesn't support + * concurrent actions, so it's somewhat academic, here. + * + * @see self::_send_sftp_packet() + */ + private bool $use_request_id = false; + + /** + * The Packet Type + * + * The request ID exists in the off chance that a packet is sent out-of-order. Of course, this library doesn't support + * concurrent actions, so it's somewhat academic, here. + * + * @see self::_get_sftp_packet() + */ + private int $packet_type = -1; + + /** + * Packet Buffer + * + * @see self::_get_sftp_packet() + */ + private string $packet_buffer = ''; + + /** + * Extensions supported by the server + * + * @see self::_initChannel() + */ + private array $extensions = []; + + /** + * Server SFTP version + * + * @see self::_initChannel() + */ + private int $version; + + /** + * Default Server SFTP version + * + * @see self::_initChannel() + */ + private int $defaultVersion; + + /** + * Preferred SFTP version + * + * @see self::_initChannel() + */ + private int $preferredVersion = 3; + + /** + * Current working directory + * + * @see self::realpath() + * @see self::chdir() + */ + private string|bool $pwd = false; + + /** + * Packet Type Log + * + * @see self::getLog() + */ + private array $packet_type_log = []; + + /** + * Packet Log + * + * @see self::getLog() + */ + private array $packet_log = []; + + /** + * Real-time log file pointer + * + * @see self::_append_log() + * @var resource|closed-resource + */ + private $realtime_log_file; + + /** + * Real-time log file size + * + * @see self::_append_log() + */ + private int $realtime_log_size; + + /** + * Real-time log file wrap boolean + * + * @see self::_append_log() + */ + private bool $realtime_log_wrap; + + /** + * Current log size + * + * Should never exceed self::LOG_MAX_SIZE + */ + private int $log_size; + + /** + * Error information + * + * @see self::getSFTPErrors() + * @see self::getLastSFTPError() + */ + private array $sftp_errors = []; + + /** + * Stat Cache + * + * Rather than always having to open a directory and close it immediately there after to see if a file is a directory + * we'll cache the results. + * + * @see self::_update_stat_cache() + * @see self::_remove_from_stat_cache() + * @see self::_query_stat_cache() + */ + private array $stat_cache = []; + + /** + * Max SFTP Packet Size + * + * @see self::__construct() + * @see self::get() + */ + private int $max_sftp_packet; + + /** + * Stat Cache Flag + * + * @see self::disableStatCache() + * @see self::enableStatCache() + */ + private bool $use_stat_cache = true; + + /** + * Sort Options + * + * @see self::_comparator() + * @see self::setListOrder() + */ + private array $sortOptions = []; + + /** + * Canonicalization Flag + * + * Determines whether or not paths should be canonicalized before being + * passed on to the remote server. + * + * @see self::enablePathCanonicalization() + * @see self::disablePathCanonicalization() + * @see self::realpath() + */ + private bool $canonicalize_paths = true; + + /** + * Request Buffers + * + * @see self::_get_sftp_packet() + */ + private array $requestBuffer = []; + + /** + * Preserve timestamps on file downloads / uploads + * + * @see self::get() + * @see self::put() + */ + private bool $preserveTime = false; + + /** + * Arbitrary Length Packets Flag + * + * Determines whether or not packets of any length should be allowed, + * in cases where the server chooses the packet length (such as + * directory listings). By default, packets are only allowed to be + * 256 * 1024 bytes (SFTP_MAX_MSG_LENGTH from OpenSSH's sftp-common.h) + * + * @see self::enableArbitraryLengthPackets() + * @see self::_get_sftp_packet() + */ + private bool $allow_arbitrary_length_packets = false; + + /** + * Was the last packet due to the channels being closed or not? + * + * @see self::get() + * @see self::get_sftp_packet() + */ + private bool $channel_close = false; + + /** + * Has the SFTP channel been partially negotiated? + */ + private bool $partial_init = false; + + private int $queueSize = 32; + private int $uploadQueueSize = 1024; + + /** + * Default Constructor. + * + * Connects to an SFTP server + */ + public function __construct($host, int $port = 22, int $timeout = 10) + { + parent::__construct($host, $port, $timeout); + + $this->max_sftp_packet = 1 << 15; + + if (defined('NET_SFTP_QUEUE_SIZE')) { + $this->queueSize = NET_SFTP_QUEUE_SIZE; + } + if (defined('NET_SFTP_UPLOAD_QUEUE_SIZE')) { + $this->uploadQueueSize = NET_SFTP_UPLOAD_QUEUE_SIZE; + } + } + + /** + * Check a few things before SFTP functions are called + */ + private function precheck(): bool + { + if (!($this->bitmap & SSH2::MASK_LOGIN)) { + return false; + } + + if ($this->pwd === false) { + return $this->init_sftp_connection(); + } + + return true; + } + + /** + * Partially initialize an SFTP connection + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + private function partial_init_sftp_connection(): bool + { + $response = $this->open_channel(self::CHANNEL, true); + if ($response === true && $this->isTimeout()) { + return false; + } + + $packet = Strings::packSSH2( + 'CNsbs', + SSH2MessageType::CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL], + 'subsystem', + true, + 'sftp' + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL] = SSH2MessageType::CHANNEL_REQUEST; + + $response = $this->get_channel_packet(self::CHANNEL, true); + if ($response === false) { + // from PuTTY's psftp.exe + $command = "test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server\n" . + "test -x /usr/local/lib/sftp-server && exec /usr/local/lib/sftp-server\n" . + "exec sftp-server"; + // we don't do $this->exec($command, false) because exec() operates on a different channel and plus the SSH_MSG_CHANNEL_OPEN that exec() does + // is redundant + $packet = Strings::packSSH2( + 'CNsCs', + SSH2MessageType::CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL], + 'exec', + 1, + $command + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL] = SSH2MessageType::CHANNEL_REQUEST; + + $response = $this->get_channel_packet(self::CHANNEL, true); + if ($response === false) { + return false; + } + } elseif ($response === true && $this->isTimeout()) { + return false; + } + + $this->channel_status[self::CHANNEL] = SSH2MessageType::CHANNEL_DATA; + $this->send_sftp_packet(SFTPPacketType::INIT, "\0\0\0\3"); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::VERSION) { + throw new UnexpectedValueException( + 'Expected PacketType::VERSION. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + $this->use_request_id = true; + + [$this->defaultVersion] = Strings::unpackSSH2('N', $response); + while (!empty($response)) { + [$key, $value] = Strings::unpackSSH2('ss', $response); + $this->extensions[$key] = $value; + } + + $this->partial_init = true; + + return true; + } + + /** + * (Re)initializes the SFTP channel + */ + private function init_sftp_connection(): bool + { + if (!$this->partial_init && !$this->partial_init_sftp_connection()) { + return false; + } + + /* + A Note on SFTPv4/5/6 support: + states the following: + + "If the client wishes to interoperate with servers that support noncontiguous version + numbers it SHOULD send '3'" + + Given that the server only sends its version number after the client has already done so, the above + seems to be suggesting that v3 should be the default version. This makes sense given that v3 is the + most popular. + + states the following; + + "If the server did not send the "versions" extension, or the version-from-list was not included, the + server MAY send a status response describing the failure, but MUST then close the channel without + processing any further requests." + + So what do you do if you have a client whose initial SSH_FXP_INIT packet says it implements v3 and + a server whose initial SSH_FXP_VERSION reply says it implements v4 and only v4? If it only implements + v4, the "versions" extension is likely not going to have been sent so version re-negotiation as discussed + in draft-ietf-secsh-filexfer-13 would be quite impossible. As such, what \phpseclib3\Net\SFTP would do is close the + channel and reopen it with a new and updated SSH_FXP_INIT packet. + */ + $this->version = $this->defaultVersion; + if (isset($this->extensions['versions']) && (!$this->preferredVersion || $this->preferredVersion != $this->version)) { + $versions = explode(',', $this->extensions['versions']); + $supported = [6, 5, 4]; + if ($this->preferredVersion) { + $supported = array_diff($supported, [$this->preferredVersion]); + array_unshift($supported, $this->preferredVersion); + } + foreach ($supported as $ver) { + if (in_array($ver, $versions)) { + if ($ver === $this->version) { + break; + } + $this->version = (int) $ver; + $packet = Strings::packSSH2('ss', 'version-select', "$ver"); + $this->send_sftp_packet(SFTPPacketType::EXTENDED, $packet); + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + throw new UnexpectedValueException( + 'Expected StatusCode::OK. ' + . ' Got ' . $status + ); + } + break; + } + } + } + + /* + SFTPv4+ defines a 'newline' extension. SFTPv3 seems to have unofficial support for it via 'newline@vandyke.com', + however, I'm not sure what 'newline@vandyke.com' is supposed to do (the fact that it's unofficial means that it's + not in the official SFTPv3 specs) and 'newline@vandyke.com' / 'newline' are likely not drop-in substitutes for + one another due to the fact that 'newline' comes with a SSH_FXF_TEXT bitmask whereas it seems unlikely that + 'newline@vandyke.com' would. + */ + /* + if (isset($this->extensions['newline@vandyke.com'])) { + $this->extensions['newline'] = $this->extensions['newline@vandyke.com']; + unset($this->extensions['newline@vandyke.com']); + } + */ + if ($this->version < 2 || $this->version > 6) { + return false; + } + + $this->pwd = true; + try { + $this->pwd = $this->realpath('.'); + } catch (\UnexpectedValueException $e) { + if (!$this->canonicalize_paths) { + throw $e; + } + $this->canonicalize_paths = false; + $this->reset_sftp(); + return $this->init_sftp_connection(); + } + + $this->update_stat_cache($this->pwd, []); + + return true; + } + + /** + * Disable the stat cache + */ + public function disableStatCache(): void + { + $this->use_stat_cache = false; + } + + /** + * Enable the stat cache + */ + public function enableStatCache(): void + { + $this->use_stat_cache = true; + } + + /** + * Clear the stat cache + */ + public function clearStatCache(): void + { + $this->stat_cache = []; + } + + /** + * Enable path canonicalization + */ + public function enablePathCanonicalization(): void + { + $this->canonicalize_paths = true; + } + + /** + * Disable path canonicalization + * + * If this is enabled then $sftp->pwd() will not return the canonicalized absolute path + */ + public function disablePathCanonicalization(): void + { + $this->canonicalize_paths = false; + } + + /** + * Enable arbitrary length packets + */ + public function enableArbitraryLengthPackets(): void + { + $this->allow_arbitrary_length_packets = true; + } + + /** + * Disable arbitrary length packets + */ + public function disableArbitraryLengthPackets(): void + { + $this->allow_arbitrary_length_packets = false; + } + + /** + * Returns the current directory name + * + * @return string|bool + */ + public function pwd() + { + if (!$this->precheck()) { + return false; + } + + return $this->pwd; + } + + /** + * Logs errors + */ + private function logError(string $response, int $status = -1): void + { + if ($status == -1) { + [$status] = Strings::unpackSSH2('N', $response); + } + + $error = StatusCode::getConstantNameByValue($status); + + if ($this->version > 2) { + [$message] = Strings::unpackSSH2('s', $response); + $this->sftp_errors[] = "$error: $message"; + } else { + $this->sftp_errors[] = $error; + } + } + + /** + * Canonicalize the Server-Side Path Name + * + * SFTP doesn't provide a mechanism by which the current working directory can be changed, so we'll emulate it. Returns + * the absolute (canonicalized) path. + * + * If canonicalize_paths has been disabled using disablePathCanonicalization(), $path is returned as-is. + * + * @throws UnexpectedValueException on receipt of unexpected packets + * @see self::chdir() + * @see self::disablePathCanonicalization() + */ + public function realpath(string $path) + { + if ($this->precheck() === false) { + return false; + } + + if (!$this->canonicalize_paths) { + if ($this->pwd === true) { + return '.'; + } + if (!strlen($path) || $path[0] != '/') { + $path = $this->pwd . '/' . $path; + } + $parts = explode('/', $path); + $afterPWD = $beforePWD = []; + foreach ($parts as $part) { + switch ($part) { + //case '': // some SFTP servers /require/ double /'s. see https://github.com/phpseclib/phpseclib/pull/1137 + case '.': + break; + case '..': + if (!empty($afterPWD)) { + array_pop($afterPWD); + } else { + $beforePWD[] = '..'; + } + break; + default: + $afterPWD[] = $part; + } + } + $beforePWD = count($beforePWD) ? implode('/', $beforePWD) : '.'; + return $beforePWD . '/' . implode('/', $afterPWD); + } + + if ($this->pwd === true) { + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.9 + $this->send_sftp_packet(SFTPPacketType::REALPATH, Strings::packSSH2('s', $path)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::NAME: + // although SSH_FXP_NAME is implemented differently in SFTPv3 than it is in SFTPv4+, the following + // should work on all SFTP versions since the only part of the SSH_FXP_NAME packet the following looks + // at is the first part and that part is defined the same in SFTP versions 3 through 6. + [, $filename] = Strings::unpackSSH2('Ns', $response); + return $filename; + case SFTPPacketType::STATUS: + $this->logError($response); + return false; + default: + throw new UnexpectedValueException( + 'Expected PacketType::NAME or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + } + + if (!strlen($path) || $path[0] != '/') { + $path = $this->pwd . '/' . $path; + } + + $path = explode('/', $path); + $new = []; + foreach ($path as $dir) { + if (!strlen($dir)) { + continue; + } + switch ($dir) { + case '..': + array_pop($new); + // fall-through + case '.': + break; + default: + $new[] = $dir; + } + } + + return '/' . implode('/', $new); + } + + /** + * Changes the current directory + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function chdir(string $dir): bool + { + if (!$this->precheck()) { + return false; + } + + // assume current dir if $dir is empty + if ($dir === '') { + $dir = './'; + // suffix a slash if needed + } elseif ($dir[-1] != '/') { + $dir .= '/'; + } + + $dir = $this->realpath($dir); + + // confirm that $dir is, in fact, a valid directory + if ($this->use_stat_cache && is_array($this->query_stat_cache($dir))) { + $this->pwd = $dir; + return true; + } + + // we could do a stat on the alleged $dir to see if it's a directory but that doesn't tell us + // the currently logged in user has the appropriate permissions or not. maybe you could see if + // the file's uid / gid match the currently logged in user's uid / gid but how there's no easy + // way to get those with SFTP + + $this->send_sftp_packet(SFTPPacketType::OPENDIR, Strings::packSSH2('s', $dir)); + + // see \phpseclib3\Net\SFTP::nlist() for a more thorough explanation of the following + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::HANDLE: + $handle = substr($response, 4); + break; + case SFTPPacketType::STATUS: + $this->logError($response); + return false; + default: + throw new UnexpectedValueException( + 'Expected PacketType::HANDLE or PacketType::STATUS' . + 'Got packet type: ' . $this->packet_type + ); + } + + if (!$this->close_handle($handle)) { + return false; + } + + $this->update_stat_cache($dir, []); + + $this->pwd = $dir; + return true; + } + + /** + * Returns a list of files in the given directory + * + * @return array|false + */ + public function nlist(string $dir = '.', bool $recursive = false) + { + return $this->nlist_helper($dir, $recursive, ''); + } + + /** + * Helper method for nlist + * + * @return array|false + */ + private function nlist_helper(string $dir, bool $recursive, string $relativeDir) + { + $files = $this->readlist($dir, false); + + // If we get an int back, then that is an "unexpected" status. + // We do not have a file list, so return false. + if (is_int($files)) { + return false; + } + + if (!$recursive || $files === false) { + return $files; + } + + $result = []; + foreach ($files as $value) { + if ($value == '.' || $value == '..') { + $result[] = $relativeDir . $value; + continue; + } + if (is_array($this->query_stat_cache($this->realpath($dir . '/' . $value)))) { + $temp = $this->nlist_helper($dir . '/' . $value, true, $relativeDir . $value . '/'); + $temp = is_array($temp) ? $temp : []; + $result = array_merge($result, $temp); + } else { + $result[] = $relativeDir . $value; + } + } + + return $result; + } + + /** + * Returns a detailed list of files in the given directory + * + * @return array|false + */ + public function rawlist(string $dir = '.', bool $recursive = false) + { + $files = $this->readlist($dir, true); + + // If we get an int back, then that is an "unexpected" status. + // We do not have a file list, so return false. + if (is_int($files)) { + return false; + } + + if (!$recursive || $files === false) { + return $files; + } + + static $depth = 0; + + foreach ($files as $key => $value) { + if ($depth != 0 && $key == '..') { + unset($files[$key]); + continue; + } + $is_directory = false; + if ($key != '.' && $key != '..') { + if ($this->use_stat_cache) { + $is_directory = is_array($this->query_stat_cache($this->realpath($dir . '/' . $key))); + } else { + $stat = $this->lstat($dir . '/' . $key); + $is_directory = $stat && $stat['type'] === FileType::DIRECTORY; + } + } + + if ($is_directory) { + $depth++; + $files[$key] = $this->rawlist($dir . '/' . $key, true); + $depth--; + } else { + $files[$key] = (object) $value; + } + } + + return $files; + } + + /** + * Reads a list, be it detailed or not, of files in the given directory + * + * @return array|int|false array of files, integer status (if known) or false if something else is wrong + * @throws UnexpectedValueException on receipt of unexpected packets + */ + private function readlist(string $dir, bool $raw = true): array|int|false + { + if (!$this->precheck()) { + return false; + } + + $dir = $this->realpath($dir . '/'); + if ($dir === false) { + return false; + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.1.2 + $this->send_sftp_packet(SFTPPacketType::OPENDIR, Strings::packSSH2('s', $dir)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::HANDLE: + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.2 + // since 'handle' is the last field in the SSH_FXP_HANDLE packet, we'll just remove the first four bytes that + // represent the length of the string and leave it at that + $handle = substr($response, 4); + break; + case SFTPPacketType::STATUS: + // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + [$status] = Strings::unpackSSH2('N', $response); + $this->logError($response, $status); + return $status; + default: + throw new UnexpectedValueException( + 'Expected PacketType::HANDLE or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + $this->update_stat_cache($dir, []); + + $contents = []; + while (true) { + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.2.2 + // why multiple SSH_FXP_READDIR packets would be sent when the response to a single one can span arbitrarily many + // SSH_MSG_CHANNEL_DATA messages is not known to me. + $this->send_sftp_packet(SFTPPacketType::READDIR, Strings::packSSH2('s', $handle)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::NAME: + [$count] = Strings::unpackSSH2('N', $response); + for ($i = 0; $i < $count; $i++) { + [$shortname] = Strings::unpackSSH2('s', $response); + // SFTPv4 "removed the long filename from the names structure-- it can now be + // built from information available in the attrs structure." + if ($this->version < 4) { + [$longname] = Strings::unpackSSH2('s', $response); + } + $attributes = $this->parseAttributes($response); + if (!isset($attributes['type']) && $this->version < 4) { + $fileType = $this->parseLongname($longname); + if ($fileType) { + $attributes['type'] = $fileType; + } + } + $contents[$shortname] = $attributes + ['filename' => $shortname]; + + if (isset($attributes['type']) && $attributes['type'] == FileType::DIRECTORY && ($shortname != '.' && $shortname != '..')) { + $this->update_stat_cache($dir . '/' . $shortname, []); + } else { + if ($shortname == '..') { + $temp = $this->realpath($dir . '/..') . '/.'; + } else { + $temp = $dir . '/' . $shortname; + } + $this->update_stat_cache($temp, (object) ['lstat' => $attributes]); + } + // SFTPv6 has an optional boolean end-of-list field, but we'll ignore that, since the + // final SSH_FXP_STATUS packet should tell us that, already. + } + break; + case SFTPPacketType::STATUS: + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::EOF) { + $this->logError($response, $status); + return $status; + } + break 2; + default: + throw new UnexpectedValueException( + 'Expected PacketType::NAME or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + } + + if (!$this->close_handle($handle)) { + return false; + } + + if (count($this->sortOptions)) { + uasort($contents, [&$this, 'comparator']); + } + + return $raw ? $contents : array_map('strval', array_keys($contents)); + } + + /** + * Compares two rawlist entries using parameters set by setListOrder() + * + * Intended for use with uasort() + */ + private function comparator(array $a, array $b): ?int + { + switch (true) { + case $a['filename'] === '.' || $b['filename'] === '.': + if ($a['filename'] === $b['filename']) { + return 0; + } + return $a['filename'] === '.' ? -1 : 1; + case $a['filename'] === '..' || $b['filename'] === '..': + if ($a['filename'] === $b['filename']) { + return 0; + } + return $a['filename'] === '..' ? -1 : 1; + case isset($a['type']) && $a['type'] === FileType::DIRECTORY: + if (!isset($b['type'])) { + return 1; + } + if ($b['type'] !== $a['type']) { + return -1; + } + break; + case isset($b['type']) && $b['type'] === FileType::DIRECTORY: + return 1; + } + foreach ($this->sortOptions as $sort => $order) { + if (!isset($a[$sort]) || !isset($b[$sort])) { + if (isset($a[$sort])) { + return -1; + } + if (isset($b[$sort])) { + return 1; + } + return 0; + } + switch ($sort) { + case 'filename': + $result = strcasecmp($a['filename'], $b['filename']); + if ($result) { + return $order === SORT_DESC ? -$result : $result; + } + break; + case 'mode': + $a[$sort] &= 0o7777; + $b[$sort] &= 0o7777; + // fall-through + default: + if ($a[$sort] === $b[$sort]) { + break; + } + return $order === SORT_ASC ? $a[$sort] - $b[$sort] : $b[$sort] - $a[$sort]; + } + } + return null; + } + + /** + * Defines how nlist() and rawlist() will be sorted - if at all. + * + * If sorting is enabled directories and files will be sorted independently with + * directories appearing before files in the resultant array that is returned. + * + * Any parameter returned by stat is a valid sort parameter for this function. + * Filename comparisons are case insensitive. + * + * Examples: + * + * $sftp->setListOrder('filename', SORT_ASC); + * $sftp->setListOrder('size', SORT_DESC, 'filename', SORT_ASC); + * $sftp->setListOrder(true); + * Separates directories from files but doesn't do any sorting beyond that + * $sftp->setListOrder(); + * Don't do any sort of sorting + * + * @param string ...$args + */ + public function setListOrder(...$args): void + { + $this->sortOptions = []; + if (empty($args)) { + return; + } + $len = count($args) & 0x7FFFFFFE; + for ($i = 0; $i < $len; $i += 2) { + $this->sortOptions[$args[$i]] = $args[$i + 1]; + } + if (!count($this->sortOptions)) { + $this->sortOptions = ['bogus' => true]; + } + } + + /** + * Save files / directories to cache + */ + private function update_stat_cache(string $path, $value): void + { + if ($this->use_stat_cache === false) { + return; + } + + // preg_replace('#^/|/(?=/)|/$#', '', $dir) == str_replace('//', '/', trim($path, '/')) + $dirs = explode('/', preg_replace('#^/|/(?=/)|/$#', '', $path)); + + $temp = &$this->stat_cache; + $max = count($dirs) - 1; + foreach ($dirs as $i => $dir) { + // if $temp is an object that means one of two things. + // 1. a file was deleted and changed to a directory behind phpseclib's back + // 2. it's a symlink. when lstat is done it's unclear what it's a symlink to + if (is_object($temp)) { + $temp = []; + } + if (!isset($temp[$dir])) { + $temp[$dir] = []; + } + if ($i === $max) { + if (is_object($temp[$dir]) && is_object($value)) { + if (!isset($value->stat) && isset($temp[$dir]->stat)) { + $value->stat = $temp[$dir]->stat; + } + if (!isset($value->lstat) && isset($temp[$dir]->lstat)) { + $value->lstat = $temp[$dir]->lstat; + } + } + $temp[$dir] = $value; + break; + } + $temp = &$temp[$dir]; + } + } + + /** + * Remove files / directories from cache + */ + private function remove_from_stat_cache(string $path): bool + { + $dirs = explode('/', preg_replace('#^/|/(?=/)|/$#', '', $path)); + + $temp = &$this->stat_cache; + $max = count($dirs) - 1; + foreach ($dirs as $i => $dir) { + if (!is_array($temp)) { + return false; + } + if ($i === $max) { + unset($temp[$dir]); + return true; + } + if (!isset($temp[$dir])) { + return false; + } + $temp = &$temp[$dir]; + } + } + + /** + * Checks cache for path + * + * Mainly used by file_exists + */ + private function query_stat_cache(string $path) + { + $dirs = explode('/', preg_replace('#^/|/(?=/)|/$#', '', $path)); + + $temp = &$this->stat_cache; + foreach ($dirs as $dir) { + if (!is_array($temp)) { + return null; + } + if (!isset($temp[$dir])) { + return null; + } + $temp = &$temp[$dir]; + } + return $temp; + } + + /** + * Returns general information about a file. + * + * Returns an array on success and false otherwise. + * + * @return array|false + */ + public function stat(string $filename) + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + if ($this->use_stat_cache) { + $result = $this->query_stat_cache($filename); + if (is_array($result) && isset($result['.']) && isset($result['.']->stat)) { + return $result['.']->stat; + } + if (is_object($result) && isset($result->stat)) { + return $result->stat; + } + } + + $stat = $this->stat_helper($filename, SFTPPacketType::STAT); + if ($stat === false) { + $this->remove_from_stat_cache($filename); + return false; + } + if (isset($stat['type'])) { + if ($stat['type'] == FileType::DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['stat' => $stat]); + return $stat; + } + + $pwd = $this->pwd; + $stat['type'] = $this->chdir($filename) ? + FileType::DIRECTORY : + FileType::REGULAR; + $this->pwd = $pwd; + + if ($stat['type'] == FileType::DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['stat' => $stat]); + + return $stat; + } + + /** + * Returns general information about a file or symbolic link. + * + * Returns an array on success and false otherwise. + * + * @return array|false + */ + public function lstat(string $filename) + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + if ($this->use_stat_cache) { + $result = $this->query_stat_cache($filename); + if (is_array($result) && isset($result['.']) && isset($result['.']->lstat)) { + return $result['.']->lstat; + } + if (is_object($result) && isset($result->lstat)) { + return $result->lstat; + } + } + + $lstat = $this->stat_helper($filename, SFTPPacketType::LSTAT); + if ($lstat === false) { + $this->remove_from_stat_cache($filename); + return false; + } + if (isset($lstat['type'])) { + if ($lstat['type'] == FileType::DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['lstat' => $lstat]); + return $lstat; + } + + $stat = $this->stat_helper($filename, SFTPPacketType::STAT); + + if ($lstat != $stat) { + $lstat = array_merge($lstat, ['type' => FileType::SYMLINK]); + $this->update_stat_cache($filename, (object) ['lstat' => $lstat]); + return $stat; + } + + $pwd = $this->pwd; + $lstat['type'] = $this->chdir($filename) ? + FileType::DIRECTORY : + FileType::REGULAR; + $this->pwd = $pwd; + + if ($lstat['type'] == FileType::DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['lstat' => $lstat]); + + return $lstat; + } + + /** + * Returns general information about a file or symbolic link + * + * Determines information without calling \phpseclib3\Net\SFTP::realpath(). + * The second parameter can be either PacketType::STAT or PacketType::LSTAT. + * + * @return array|false + * @throws UnexpectedValueException on receipt of unexpected packets + */ + private function stat_helper(string $filename, int $type) + { + // SFTPv4+ adds an additional 32-bit integer field - flags - to the following: + $packet = Strings::packSSH2('s', $filename); + $this->send_sftp_packet($type, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::ATTRS: + return $this->parseAttributes($response); + case SFTPPacketType::STATUS: + $this->logError($response); + return false; + } + + throw new UnexpectedValueException( + 'Expected PacketType::ATTRS or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + /** + * Truncates a file to a given length + */ + public function truncate(string $filename, int $new_size): bool + { + $attr = Strings::packSSH2('NQ', Attribute::SIZE, $new_size); + + return $this->setstat($filename, $attr, false); + } + + /** + * Sets access and modification time of file. + * + * If the file does not exist, it will be created. + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function touch(string $filename, ?int $time = null, ?int $atime = null): bool + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + if (!isset($time)) { + $time = time(); + } + if (!isset($atime)) { + $atime = $time; + } + + $attr = $this->version < 4 ? + pack('N3', Attribute::ACCESSTIME, $atime, $time) : + Strings::packSSH2('NQ2', Attribute::ACCESSTIME | Attribute::MODIFYTIME, $atime, $time); + + $packet = Strings::packSSH2('s', $filename); + $packet .= $this->version >= 5 ? + pack('N2', 0, OpenFlag5::OPEN_EXISTING) : + pack('N', OpenFlag::WRITE | OpenFlag::CREATE | OpenFlag::EXCL); + $packet .= $attr; + + $this->send_sftp_packet(SFTPPacketType::OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::HANDLE: + return $this->close_handle(substr($response, 4)); + case SFTPPacketType::STATUS: + $this->logError($response); + break; + default: + throw new UnexpectedValueException( + 'Expected PacketType::HANDLE or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + return $this->setstat($filename, $attr, false); + } + + /** + * Changes file or directory owner + * + * $uid should be an int for SFTPv3 and a string for SFTPv4+. Ideally the string + * would be of the form "user@dns_domain" but it does not need to be. + * `$sftp->getSupportedVersions()['version']` will return the specific version + * that's being used. + * + * Returns true on success or false on error. + * + * @param int|string $uid + */ + public function chown(string $filename, $uid, bool $recursive = false): bool + { + /* + quoting , + + "To avoid a representation that is tied to a particular underlying + implementation at the client or server, the use of UTF-8 strings has + been chosen. The string should be of the form "user@dns_domain". + This will allow for a client and server that do not use the same + local representation the ability to translate to a common syntax that + can be interpreted by both. In the case where there is no + translation available to the client or server, the attribute value + must be constructed without the "@"." + + phpseclib _could_ auto append the dns_domain to $uid BUT what if it shouldn't + have one? phpseclib would have no way of knowing so rather than guess phpseclib + will just use whatever value the user provided + */ + + $attr = $this->version < 4 ? + // quoting , + // "if the owner or group is specified as -1, then that ID is not changed" + pack('N3', Attribute::UIDGID, $uid, -1) : + // quoting , + // "If either the owner or group field is zero length, the field should be + // considered absent, and no change should be made to that specific field + // during a modification operation" + Strings::packSSH2('Nss', Attribute::OWNERGROUP, $uid, ''); + + return $this->setstat($filename, $attr, $recursive); + } + + /** + * Changes file or directory group + * + * $gid should be an int for SFTPv3 and a string for SFTPv4+. Ideally the string + * would be of the form "user@dns_domain" but it does not need to be. + * `$sftp->getSupportedVersions()['version']` will return the specific version + * that's being used. + * + * Returns true on success or false on error. + * + * @param int|string $gid + */ + public function chgrp(string $filename, $gid, bool $recursive = false): bool + { + $attr = $this->version < 4 ? + pack('N3', Attribute::UIDGID, -1, $gid) : + Strings::packSSH2('Nss', Attribute::OWNERGROUP, '', $gid); + + return $this->setstat($filename, $attr, $recursive); + } + + /** + * Set permissions on a file. + * + * Returns the new file permissions on success or false on error. + * If $recursive is true than this just returns true or false. + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function chmod(int $mode, string $filename, bool $recursive = false) + { + if (is_string($mode) && is_int($filename)) { + $temp = $mode; + $mode = $filename; + $filename = $temp; + } + + $attr = pack('N2', Attribute::PERMISSIONS, $mode & 0o7777); + if (!$this->setstat($filename, $attr, $recursive)) { + return false; + } + if ($recursive) { + return true; + } + + $filename = $this->realpath($filename); + // rather than return what the permissions *should* be, we'll return what they actually are. this will also + // tell us if the file actually exists. + // incidentally, SFTPv4+ adds an additional 32-bit integer field - flags - to the following: + $packet = pack('Na*', strlen($filename), $filename); + $this->send_sftp_packet(SFTPPacketType::STAT, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::ATTRS: + $attrs = $this->parseAttributes($response); + return $attrs['mode']; + case SFTPPacketType::STATUS: + $this->logError($response); + return false; + } + + throw new UnexpectedValueException( + 'Expected PacketType::ATTRS or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + /** + * Sets information about a file + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + private function setstat(string $filename, string $attr, bool $recursive): bool + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + $this->remove_from_stat_cache($filename); + + if ($recursive) { + $i = 0; + $result = $this->setstat_recursive($filename, $attr, $i); + $this->read_put_responses($i); + return $result; + } + + $packet = Strings::packSSH2('s', $filename); + $packet .= $this->version >= 4 ? + pack('a*Ca*', substr($attr, 0, 4), FileType::UNKNOWN, substr($attr, 4)) : + $attr; + $this->send_sftp_packet(SFTPPacketType::SETSTAT, $packet); + + /* + "Because some systems must use separate system calls to set various attributes, it is possible that a failure + response will be returned, but yet some of the attributes may be have been successfully modified. If possible, + servers SHOULD avoid this situation; however, clients MUST be aware that this is possible." + + -- http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.6 + */ + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + return false; + } + + return true; + } + + /** + * Recursively sets information on directories on the SFTP server + * + * Minimizes directory lookups and SSH_FXP_STATUS requests for speed. + */ + private function setstat_recursive(string $path, string $attr, int &$i): bool + { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + $entries = $this->readlist($path, true); + + if ($entries === false || is_int($entries)) { + return $this->setstat($path, $attr, false); + } + + // normally $entries would have at least . and .. but it might not if the directories + // permissions didn't allow reading + if (empty($entries)) { + return false; + } + + unset($entries['.'], $entries['..']); + foreach ($entries as $filename => $props) { + if (!isset($props['type'])) { + return false; + } + + $temp = $path . '/' . $filename; + if ($props['type'] == FileType::DIRECTORY) { + if (!$this->setstat_recursive($temp, $attr, $i)) { + return false; + } + } else { + $packet = Strings::packSSH2('s', $temp); + $packet .= $this->version >= 4 ? + pack('Ca*', FileType::UNKNOWN, $attr) : + $attr; + $this->send_sftp_packet(SFTPPacketType::SETSTAT, $packet); + + $i++; + + if ($i >= $this->queueSize) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + } + } + + $packet = Strings::packSSH2('s', $path); + $packet .= $this->version >= 4 ? + pack('Ca*', FileType::UNKNOWN, $attr) : + $attr; + $this->send_sftp_packet(SFTPPacketType::SETSTAT, $packet); + + $i++; + + if ($i >= $this->queueSize) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + + return true; + } + + /** + * Return the target of a symbolic link + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function readlink(string $link) + { + if (!$this->precheck()) { + return false; + } + + $link = $this->realpath($link); + + $this->send_sftp_packet(SFTPPacketType::READLINK, Strings::packSSH2('s', $link)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::NAME: + break; + case SFTPPacketType::STATUS: + $this->logError($response); + return false; + default: + throw new UnexpectedValueException( + 'Expected PacketType::NAME or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + [$count] = Strings::unpackSSH2('N', $response); + // the file isn't a symlink + if (!$count) { + return false; + } + + [$filename] = Strings::unpackSSH2('s', $response); + + return $filename; + } + + /** + * Create a symlink + * + * symlink() creates a symbolic link to the existing target with the specified name link. + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function symlink(string $target, string $link): bool + { + if (!$this->precheck()) { + return false; + } + + //$target = $this->realpath($target); + $link = $this->realpath($link); + + /* quoting https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-09#section-12.1 : + + Changed the SYMLINK packet to be LINK and give it the ability to + create hard links. Also change it's packet number because many + implementation implemented SYMLINK with the arguments reversed. + Hopefully the new argument names make it clear which way is which. + */ + if ($this->version == 6) { + $type = SFTPPacketType::LINK; + $packet = Strings::packSSH2('ssC', $link, $target, 1); + } else { + $type = SFTPPacketType::SYMLINK; + /* quoting http://bxr.su/OpenBSD/usr.bin/ssh/PROTOCOL#347 : + + 3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK + + When OpenSSH's sftp-server was implemented, the order of the arguments + to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately, + the reversal was not noticed until the server was widely deployed. Since + fixing this to follow the specification would cause incompatibility, the + current order was retained. For correct operation, clients should send + SSH_FXP_SYMLINK as follows: + + uint32 id + string targetpath + string linkpath */ + $packet = substr($this->server_identifier, 0, 15) == 'SSH-2.0-OpenSSH' ? + Strings::packSSH2('ss', $target, $link) : + Strings::packSSH2('ss', $link, $target); + } + $this->send_sftp_packet($type, $packet); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + return false; + } + + return true; + } + + /** + * Creates a directory. + */ + public function mkdir(string $dir, int $mode = -1, bool $recursive = false): bool + { + if (!$this->precheck()) { + return false; + } + + $dir = $this->realpath($dir); + + if ($recursive) { + $dirs = explode('/', preg_replace('#/(?=/)|/$#', '', $dir)); + if (empty($dirs[0])) { + array_shift($dirs); + $dirs[0] = '/' . $dirs[0]; + } + for ($i = 0; $i < count($dirs); $i++) { + $temp = array_slice($dirs, 0, $i + 1); + $temp = implode('/', $temp); + $result = $this->mkdir_helper($temp, $mode); + } + return $result; + } + + return $this->mkdir_helper($dir, $mode); + } + + /** + * Helper function for directory creation + */ + private function mkdir_helper(string $dir, int $mode): bool + { + // send SSH_FXP_MKDIR without any attributes (that's what the \0\0\0\0 is doing) + $this->send_sftp_packet(SFTPPacketType::MKDIR, Strings::packSSH2('s', $dir) . "\0\0\0\0"); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + return false; + } + + if ($mode !== -1) { + $this->chmod($mode, $dir); + } + + return true; + } + + /** + * Removes a directory. + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function rmdir(string $dir): bool + { + if (!$this->precheck()) { + return false; + } + + $dir = $this->realpath($dir); + if ($dir === false) { + return false; + } + + $this->send_sftp_packet(SFTPPacketType::RMDIR, Strings::packSSH2('s', $dir)); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED? + $this->logError($response, $status); + return false; + } + + $this->remove_from_stat_cache($dir); + // the following will do a soft delete, which would be useful if you deleted a file + // and then tried to do a stat on the deleted file. the above, in contrast, does + // a hard delete + //$this->update_stat_cache($dir, false); + + return true; + } + + /** + * Uploads a file to the SFTP server. + * + * By default, \phpseclib3\Net\SFTP::put() does not read from the local filesystem. $data is dumped directly into $remote_file. + * So, for example, if you set $data to 'filename.ext' and then do \phpseclib3\Net\SFTP::get(), you will get a file, twelve bytes + * long, containing 'filename.ext' as its contents. + * + * Setting $mode to self::SOURCE_LOCAL_FILE will change the above behavior. With self::SOURCE_LOCAL_FILE, $remote_file will + * contain as many bytes as filename.ext does on your local filesystem. If your filename.ext is 1MB then that is how + * large $remote_file will be, as well. + * + * Setting $mode to self::SOURCE_CALLBACK will use $data as callback function, which gets only one parameter -- number + * of bytes to return, and returns a string if there is some data or null if there is no more data + * + * If $data is a resource then it'll be used as a resource instead. + * + * Currently, only binary mode is supported. As such, if the line endings need to be adjusted, you will need to take + * care of that, yourself. + * + * $mode can take an additional two parameters - self::RESUME and self::RESUME_START. These are bitwise AND'd with + * $mode. So if you want to resume upload of a 300mb file on the local file system you'd set $mode to the following: + * + * self::SOURCE_LOCAL_FILE | self::RESUME + * + * If you wanted to simply append the full contents of a local file to the full contents of a remote file you'd replace + * self::RESUME with self::RESUME_START. + * + * If $mode & (self::RESUME | self::RESUME_START) then self::RESUME_START will be assumed. + * + * $start and $local_start give you more fine grained control over this process and take precident over self::RESUME + * when they're non-negative. ie. $start could let you write at the end of a file (like self::RESUME) or in the middle + * of one. $local_start could let you start your reading from the end of a file (like self::RESUME_START) or in the + * middle of one. + * + * Setting $local_start to > 0 or $mode | self::RESUME_START doesn't do anything unless $mode | self::SOURCE_LOCAL_FILE. + * + * {@internal ASCII mode for SFTPv4/5/6 can be supported by adding a new function - \phpseclib3\Net\SFTP::setMode().} + * + * @param resource|array|string $data + * @throws UnexpectedValueException on receipt of unexpected packets + * @throws BadFunctionCallException if you're uploading via a callback and the callback function is invalid + * @throws FileNotFoundException if you're uploading via a file and the file doesn't exist + */ + public function put(string $remote_file, $data, int $mode = self::SOURCE_STRING, int $start = -1, int $local_start = -1, ?callable $progressCallback = null): bool + { + if (!$this->precheck()) { + return false; + } + + $remote_file = $this->realpath($remote_file); + if ($remote_file === false) { + return false; + } + + $this->remove_from_stat_cache($remote_file); + + if ($this->version >= 5) { + $flags = OpenFlag5::OPEN_OR_CREATE; + } else { + $flags = OpenFlag::WRITE | OpenFlag::CREATE; + // according to the SFTP specs, OpenFlag::APPEND should "force all writes to append data at the end of the file." + // in practice, it doesn't seem to do that. + //$flags|= ($mode & self::RESUME) ? OpenFlag::APPEND : OpenFlag::TRUNCATE; + } + + if ($start >= 0) { + $offset = $start; + } elseif ($mode & (self::RESUME | self::RESUME_START)) { + // if OpenFlag::APPEND worked as it should _size() wouldn't need to be called + $stat = $this->stat($remote_file); + $offset = $stat !== false && $stat['size'] ? $stat['size'] : 0; + } else { + $offset = 0; + if ($this->version >= 5) { + $flags = OpenFlag5::CREATE_TRUNCATE; + } else { + $flags |= OpenFlag::TRUNCATE; + } + } + + $this->remove_from_stat_cache($remote_file); + + $packet = Strings::packSSH2('s', $remote_file); + $packet .= $this->version >= 5 ? + pack('N3', 0, $flags, 0) : + pack('N2', $flags, 0); + $this->send_sftp_packet(SFTPPacketType::OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::HANDLE: + $handle = substr($response, 4); + break; + case SFTPPacketType::STATUS: + $this->logError($response); + return false; + default: + throw new UnexpectedValueException( + 'Expected PacketType::HANDLE or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.2.3 + $dataCallback = false; + switch (true) { + case $mode & self::SOURCE_CALLBACK: + if (!is_callable($data)) { + throw new BadFunctionCallException("\$data should be is_callable() if you specify SOURCE_CALLBACK flag"); + } + $dataCallback = $data; + // do nothing + break; + case is_resource($data): + $mode = $mode & ~self::SOURCE_LOCAL_FILE; + $info = stream_get_meta_data($data); + if (isset($info['wrapper_type']) && $info['wrapper_type'] == 'PHP' && $info['stream_type'] == 'Input') { + $fp = fopen('php://memory', 'w+'); + stream_copy_to_stream($data, $fp); + rewind($fp); + } else { + $fp = $data; + } + break; + case $mode & self::SOURCE_LOCAL_FILE: + if (!is_file($data)) { + throw new FileNotFoundException("$data is not a valid file"); + } + $fp = @fopen($data, 'rb'); + if (!$fp) { + return false; + } + } + + if (isset($fp)) { + $stat = fstat($fp); + $size = !empty($stat) ? $stat['size'] : 0; + + if ($local_start >= 0) { + fseek($fp, $local_start); + $size -= $local_start; + } elseif ($mode & self::RESUME) { + fseek($fp, $offset); + $size -= $offset; + } + } elseif ($dataCallback) { + $size = 0; + } else { + $size = strlen($data); + } + + $sent = 0; + $size = $size < 0 ? ($size & 0x7FFFFFFF) + 0x80000000 : $size; + + $sftp_packet_size = $this->max_sftp_packet; + // make the SFTP packet be exactly the SFTP packet size by including the bytes in the PacketType::WRITE packets "header" + $sftp_packet_size -= strlen($handle) + 25; + $i = $j = 0; + while ($dataCallback || ($size === 0 || $sent < $size)) { + if ($dataCallback) { + $temp = $dataCallback($sftp_packet_size); + if (is_null($temp)) { + break; + } + } else { + $temp = isset($fp) ? fread($fp, $sftp_packet_size) : substr($data, $sent, $sftp_packet_size); + if ($temp === false || $temp === '') { + break; + } + } + + $subtemp = $offset + $sent; + $packet = pack('Na*N3a*', strlen($handle), $handle, $subtemp / 4294967296, $subtemp, strlen($temp), $temp); + try { + $this->send_sftp_packet(SFTPPacketType::WRITE, $packet, $j); + } catch (\Exception $e) { + if ($mode & self::SOURCE_LOCAL_FILE) { + fclose($fp); + } + throw $e; + } + $sent += strlen($temp); + if (is_callable($progressCallback)) { + $progressCallback($sent); + } + + $i++; + $j++; + if ($i == $this->uploadQueueSize) { + if (!$this->read_put_responses($i)) { + $i = 0; + break; + } + $i = 0; + } + } + + $result = $this->close_handle($handle); + + if (!$this->read_put_responses($i)) { + if ($mode & self::SOURCE_LOCAL_FILE) { + fclose($fp); + } + $this->close_handle($handle); + return false; + } + + if ($mode & SFTP::SOURCE_LOCAL_FILE) { + if (isset($fp) && is_resource($fp)) { + fclose($fp); + } + + if ($this->preserveTime) { + $stat = stat($data); + $attr = $this->version < 4 ? + pack('N3', Attribute::ACCESSTIME, $stat['atime'], $stat['mtime']) : + Strings::packSSH2('NQ2', Attribute::ACCESSTIME | Attribute::MODIFYTIME, $stat['atime'], $stat['mtime']); + if (!$this->setstat($remote_file, $attr, false)) { + throw new RuntimeException('Error setting file time'); + } + } + } + + return $result; + } + + /** + * Reads multiple successive SSH_FXP_WRITE responses + * + * Sending an SSH_FXP_WRITE packet and immediately reading its response isn't as efficient as blindly sending out $i + * SSH_FXP_WRITEs, in succession, and then reading $i responses. + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + private function read_put_responses(int $i): bool + { + while ($i--) { + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + break; + } + } + + return $i < 0; + } + + /** + * Close handle + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + private function close_handle(string $handle): bool + { + $this->send_sftp_packet(SFTPPacketType::CLOSE, pack('Na*', strlen($handle), $handle)); + + // "The client MUST release all resources associated with the handle regardless of the status." + // -- http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.1.3 + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + return false; + } + + return true; + } + + /** + * Downloads a file from the SFTP server. + * + * Returns a string containing the contents of $remote_file if $local_file is left undefined or a boolean false if + * the operation was unsuccessful. If $local_file is defined, returns true or false depending on the success of the + * operation. + * + * $offset and $length can be used to download files in chunks. + * + * @param string|bool|resource|callable $local_file + * @return string|bool + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function get(string $remote_file, $local_file = false, int $offset = 0, int $length = -1, ?callable $progressCallback = null) + { + if (!$this->precheck()) { + return false; + } + + $remote_file = $this->realpath($remote_file); + if ($remote_file === false) { + return false; + } + + $packet = Strings::packSSH2('s', $remote_file); + $packet .= $this->version >= 5 ? + pack('N3', 0, OpenFlag5::OPEN_EXISTING, 0) : + pack('N2', OpenFlag::READ, 0); + $this->send_sftp_packet(SFTPPacketType::OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::HANDLE: + $handle = substr($response, 4); + break; + case SFTPPacketType::STATUS: // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + $this->logError($response); + return false; + default: + throw new UnexpectedValueException( + 'Expected PacketType::HANDLE or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + if (is_resource($local_file)) { + $fp = $local_file; + $stat = fstat($fp); + $res_offset = $stat['size']; + } else { + $res_offset = 0; + if ($local_file !== false && !is_callable($local_file)) { + $fp = fopen($local_file, 'wb'); + if (!$fp) { + return false; + } + } else { + $content = ''; + } + } + + $fclose_check = $local_file !== false && !is_callable($local_file) && !is_resource($local_file); + + $start = $offset; + $read = 0; + while (true) { + $i = 0; + + while ($i < $this->queueSize && ($length < 0 || $read < $length)) { + $tempoffset = $start + $read; + + $packet_size = $length > 0 ? min($this->max_sftp_packet, $length - $read) : $this->max_sftp_packet; + + $packet = Strings::packSSH2('sN3', $handle, $tempoffset / 4294967296, $tempoffset, $packet_size); + try { + $this->send_sftp_packet(SFTPPacketType::READ, $packet, $i); + } catch (\Exception $e) { + if ($fclose_check) { + fclose($fp); + } + throw $e; + } + $packet = null; + $read += $packet_size; + $i++; + } + + if (!$i) { + break; + } + + $packets_sent = $i - 1; + + $clear_responses = false; + while ($i > 0) { + $i--; + + if ($clear_responses) { + $this->get_sftp_packet($packets_sent - $i); + continue; + } else { + $response = $this->get_sftp_packet($packets_sent - $i); + } + + switch ($this->packet_type) { + case SFTPPacketType::DATA: + $temp = substr($response, 4); + $offset += strlen($temp); + if ($local_file === false) { + $content .= $temp; + } elseif (is_callable($local_file)) { + $local_file($temp); + } else { + fwrite($fp, $temp); + } + if (is_callable($progressCallback)) { + call_user_func($progressCallback, $offset); + } + $temp = null; + break; + case SFTPPacketType::STATUS: + // could, in theory, return false if !strlen($content) but we'll hold off for the time being + $this->logError($response); + $clear_responses = true; // don't break out of the loop yet, so we can read the remaining responses + break; + default: + if ($fclose_check) { + fclose($fp); + } + if ($this->channel_close) { + $this->partial_init = false; + $this->init_sftp_connection(); + return false; + } else { + throw new UnexpectedValueException( + 'Expected PacketType::DATA or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + } + $response = null; + } + + if ($clear_responses) { + break; + } + } + + if ($fclose_check) { + fclose($fp); + + if ($this->preserveTime) { + $stat = $this->stat($remote_file); + touch($local_file, $stat['mtime'], $stat['atime']); + } + } + + if (!$this->close_handle($handle)) { + return false; + } + + // if $content isn't set that means a file was written to + return $content ?? true; + } + + /** + * Deletes a file on the SFTP server. + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function delete(string $path, bool $recursive = true): bool + { + if (!$this->precheck()) { + return false; + } + + if (is_object($path)) { + // It's an object. Cast it as string before we check anything else. + $path = (string) $path; + } + + if (!is_string($path) || $path == '') { + return false; + } + + $path = $this->realpath($path); + if ($path === false) { + return false; + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.3 + $this->send_sftp_packet(SFTPPacketType::REMOVE, pack('Na*', strlen($path), $path)); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + // if $status isn't SSH_FX_OK it's probably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + if (!$recursive) { + return false; + } + + $i = 0; + $result = $this->delete_recursive($path, $i); + $this->read_put_responses($i); + return $result; + } + + $this->remove_from_stat_cache($path); + + return true; + } + + /** + * Recursively deletes directories on the SFTP server + * + * Minimizes directory lookups and SSH_FXP_STATUS requests for speed. + */ + private function delete_recursive(string $path, int &$i): bool + { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + $entries = $this->readlist($path, true); + + // The folder does not exist at all, so we cannot delete it. + if ($entries === StatusCode::NO_SUCH_FILE) { + return false; + } + + // Normally $entries would have at least . and .. but it might not if the directories + // permissions didn't allow reading. If this happens then default to an empty list of files. + if ($entries === false || is_int($entries)) { + $entries = []; + } + + unset($entries['.'], $entries['..']); + foreach ($entries as $filename => $props) { + if (!isset($props['type'])) { + return false; + } + + $temp = $path . '/' . $filename; + if ($props['type'] == FileType::DIRECTORY) { + if (!$this->delete_recursive($temp, $i)) { + return false; + } + } else { + $this->send_sftp_packet(SFTPPacketType::REMOVE, Strings::packSSH2('s', $temp)); + $this->remove_from_stat_cache($temp); + + $i++; + + if ($i >= $this->queueSize) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + } + } + + $this->send_sftp_packet(SFTPPacketType::RMDIR, Strings::packSSH2('s', $path)); + $this->remove_from_stat_cache($path); + + $i++; + + if ($i >= $this->queueSize) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + + return true; + } + + /** + * Checks whether a file or directory exists + */ + public function file_exists(string $path): bool + { + if ($this->use_stat_cache) { + if (!$this->precheck()) { + return false; + } + + $path = $this->realpath($path); + + $result = $this->query_stat_cache($path); + + if (isset($result)) { + // return true if $result is an array or if it's an stdClass object + return $result !== false; + } + } + + return $this->stat($path) !== false; + } + + /** + * Tells whether the filename is a directory + */ + public function is_dir(string $path): bool + { + $result = $this->get_stat_cache_prop($path, 'type'); + if ($result === false) { + return false; + } + return $result === FileType::DIRECTORY; + } + + /** + * Tells whether the filename is a regular file + */ + public function is_file(string $path): bool + { + $result = $this->get_stat_cache_prop($path, 'type'); + if ($result === false) { + return false; + } + return $result === FileType::REGULAR; + } + + /** + * Tells whether the filename is a symbolic link + */ + public function is_link(string $path): bool + { + $result = $this->get_lstat_cache_prop($path, 'type'); + if ($result === false) { + return false; + } + return $result === FileType::SYMLINK; + } + + /** + * Tells whether a file exists and is readable + */ + public function is_readable(string $path): bool + { + if (!$this->precheck()) { + return false; + } + + $packet = Strings::packSSH2('sNN', $this->realpath($path), OpenFlag::READ, 0); + $this->send_sftp_packet(SFTPPacketType::OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::HANDLE: + return true; + case SFTPPacketType::STATUS: // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + return false; + default: + throw new UnexpectedValueException( + 'Expected PacketType::HANDLE or PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + } + + /** + * Tells whether the filename is writable + */ + public function is_writable(string $path): bool + { + if (!$this->precheck()) { + return false; + } + + $packet = Strings::packSSH2('sNN', $this->realpath($path), OpenFlag::WRITE, 0); + $this->send_sftp_packet(SFTPPacketType::OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case SFTPPacketType::HANDLE: + return true; + case SFTPPacketType::STATUS: // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + return false; + default: + throw new UnexpectedValueException( + 'Expected SSH_FXP_HANDLE or SSH_FXP_STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + } + + /** + * Tells whether the filename is writeable + * + * Alias of is_writable + */ + public function is_writeable(string $path): bool + { + return $this->is_writable($path); + } + + /** + * Gets last access time of file + */ + public function fileatime(string $path) + { + return $this->get_stat_cache_prop($path, 'atime'); + } + + /** + * Gets file modification time + */ + public function filemtime(string $path) + { + return $this->get_stat_cache_prop($path, 'mtime'); + } + + /** + * Gets file permissions + */ + public function fileperms(string $path) + { + return $this->get_stat_cache_prop($path, 'mode'); + } + + /** + * Gets file owner + */ + public function fileowner(string $path) + { + return $this->get_stat_cache_prop($path, 'uid'); + } + + /** + * Gets file group + */ + public function filegroup(string $path) + { + return $this->get_stat_cache_prop($path, 'gid'); + } + + /** + * Recursively go through rawlist() output to get the total filesize + */ + private static function recursiveFilesize(array $files): int + { + $size = 0; + foreach ($files as $name => $file) { + if ($name == '.' || $name == '..') { + continue; + } + $size += is_array($file) ? + self::recursiveFilesize($file) : + $file->size; + } + return $size; + } + + /** + * Gets file size + */ + public function filesize(string $path, bool $recursive = false) + { + return !$recursive || $this->filetype($path) != 'dir' ? + $this->get_stat_cache_prop($path, 'size') : + self::recursiveFilesize($this->rawlist($path, true)); + } + + /** + * Gets file type + * + * @return string|false + */ + public function filetype(string $path) + { + $type = $this->get_stat_cache_prop($path, 'type'); + if ($type === false) { + return false; + } + + switch ($type) { + case FileType::BLOCK_DEVICE: + return 'block'; + case FileType::CHAR_DEVICE: + return 'char'; + case FileType::DIRECTORY: + return 'dir'; + case FileType::FIFO: + return 'fifo'; + case FileType::REGULAR: + return 'file'; + case FileType::SYMLINK: + return 'link'; + default: + return false; + } + } + + /** + * Return a stat properity + * + * Uses cache if appropriate. + */ + private function get_stat_cache_prop(string $path, string $prop) + { + return $this->get_xstat_cache_prop($path, $prop, 'stat'); + } + + /** + * Return an lstat properity + * + * Uses cache if appropriate. + */ + private function get_lstat_cache_prop(string $path, string $prop) + { + return $this->get_xstat_cache_prop($path, $prop, 'lstat'); + } + + /** + * Return a stat or lstat properity + * + * Uses cache if appropriate. + */ + private function get_xstat_cache_prop(string $path, string $prop, string $type) + { + if (!$this->precheck()) { + return false; + } + + if ($this->use_stat_cache) { + $path = $this->realpath($path); + + $result = $this->query_stat_cache($path); + + if (is_object($result) && isset($result->$type)) { + return $result->{$type}[$prop]; + } + } + + $result = $this->$type($path); + + if ($result === false || !isset($result[$prop])) { + return false; + } + + return $result[$prop]; + } + + /** + * Renames a file or a directory on the SFTP server. + * + * If the file already exists this will return false + * + * @throws UnexpectedValueException on receipt of unexpected packets + */ + public function rename(string $oldname, string $newname): bool + { + if (!$this->precheck()) { + return false; + } + + $oldname = $this->realpath($oldname); + $newname = $this->realpath($newname); + if ($oldname === false || $newname === false) { + return false; + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.3 + $packet = Strings::packSSH2('ss', $oldname, $newname); + if ($this->version >= 5) { + /* quoting https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-05#section-6.5 , + + 'flags' is 0 or a combination of: + + SSH_FXP_RENAME_OVERWRITE 0x00000001 + SSH_FXP_RENAME_ATOMIC 0x00000002 + SSH_FXP_RENAME_NATIVE 0x00000004 + + (none of these are currently supported) */ + $packet .= "\0\0\0\0"; + } + $this->send_sftp_packet(SFTPPacketType::RENAME, $packet); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != SFTPPacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected PacketType::STATUS. ' + . 'Got packet type: ' . $this->packet_type + ); + } + + // if $status isn't SSH_FX_OK it's probably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + /** + * @var int $status + */ + [$status] = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + return false; + } + + // don't move the stat cache entry over since this operation could very well change the + // atime and mtime attributes + //$this->update_stat_cache($newname, $this->query_stat_cache($oldname)); + $this->remove_from_stat_cache($oldname); + $this->remove_from_stat_cache($newname); + + return true; + } + + /** + * Parse Time + * + * See '7.7. Times' of draft-ietf-secsh-filexfer-13 for more info. + */ + private function parseTime(string $key, int $flags, string &$response): array + { + $attr = []; + [$attr[$key]] = Strings::unpackSSH2('Q', $response); + if ($flags & Attribute::SUBSECOND_TIMES) { + [$attr[$key . '-nseconds']] = Strings::unpackSSH2('N', $response); + } + return $attr; + } + + /** + * Parse Attributes + * + * See '7. File Attributes' of draft-ietf-secsh-filexfer-13 for more info. + */ + protected function parseAttributes(string &$response): array + { + if ($this->version >= 4) { + [$flags, $attr['type']] = Strings::unpackSSH2('NC', $response); + } else { + [$flags] = Strings::unpackSSH2('N', $response); + } + + foreach (Attribute::getConstants() as $value => $key) { + switch ($flags & $key) { + case Attribute::UIDGID: + if ($this->version > 3) { + continue 2; + } + break; + case Attribute::CREATETIME: + case Attribute::MODIFYTIME: + case Attribute::ACL: + case Attribute::OWNERGROUP: + case Attribute::SUBSECOND_TIMES: + if ($this->version < 4) { + continue 2; + } + break; + case Attribute::BITS: + if ($this->version < 5) { + continue 2; + } + break; + case Attribute::ALLOCATION_SIZE: + case Attribute::TEXT_HINT: + case Attribute::MIME_TYPE: + case Attribute::LINK_COUNT: + case Attribute::UNTRANSLATED_NAME: + case Attribute::CTIME: + if ($this->version < 6) { + continue 2; + } + } + switch ($flags & $key) { + case Attribute::SIZE: // 0x00000001 + // The size attribute is defined as an unsigned 64-bit integer. + // The following will use floats on 32-bit platforms, if necessary. + // As can be seen in the BigInteger class, floats are generally + // IEEE 754 binary64 "double precision" on such platforms and + // as such can represent integers of at least 2^50 without loss + // of precision. Interpreted in filesize, 2^50 bytes = 1024 TiB. + [$attr['size']] = Strings::unpackSSH2('Q', $response); + break; + case Attribute::UIDGID: // 0x00000002 (SFTPv3 only) + [$attr['uid'], $attr['gid']] = Strings::unpackSSH2('NN', $response); + break; + case Attribute::PERMISSIONS: // 0x00000004 + [$attr['mode']] = Strings::unpackSSH2('N', $response); + $fileType = $this->parseMode($attr['mode']); + if ($this->version < 4 && $fileType !== false) { + $attr += ['type' => $fileType]; + } + break; + case Attribute::ACCESSTIME: // 0x00000008 + if ($this->version >= 4) { + $attr += $this->parseTime('atime', $flags, $response); + break; + } + [$attr['atime'], $attr['mtime']] = Strings::unpackSSH2('NN', $response); + break; + case Attribute::CREATETIME: // 0x00000010 (SFTPv4+) + $attr += $this->parseTime('createtime', $flags, $response); + break; + case Attribute::MODIFYTIME: // 0x00000020 + $attr += $this->parseTime('mtime', $flags, $response); + break; + case Attribute::ACL: // 0x00000040 + // access control list + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-04#section-5.7 + // currently unsupported + [$count] = Strings::unpackSSH2('N', $response); + for ($i = 0; $i < $count; $i++) { + [$type, $flag, $mask, $who] = Strings::unpackSSH2('N3s', $result); + } + break; + case Attribute::OWNERGROUP: // 0x00000080 + [$attr['owner'], $attr['$group']] = Strings::unpackSSH2('ss', $response); + break; + case Attribute::SUBSECOND_TIMES: // 0x00000100 + break; + case Attribute::BITS: // 0x00000200 (SFTPv5+) + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-05#section-5.8 + // currently unsupported + // tells if you file is: + // readonly, system, hidden, case inensitive, archive, encrypted, compressed, sparse + // append only, immutable, sync + [$attrib_bits, $attrib_bits_valid] = Strings::unpackSSH2('N2', $response); + // if we were actually gonna implement the above it ought to be + // $attr['attrib-bits'] and $attr['attrib-bits-valid'] + // eg. - instead of _ + break; + case Attribute::ALLOCATION_SIZE: // 0x00000400 (SFTPv6+) + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.4 + // represents the number of bytes that the file consumes on the disk. will + // usually be larger than the 'size' field + [$attr['allocation-size']] = Strings::unpackSSH2('Q', $response); + break; + case Attribute::TEXT_HINT: // 0x00000800 + // https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.10 + // currently unsupported + // tells if file is "known text", "guessed text", "known binary", "guessed binary" + [$text_hint] = Strings::unpackSSH2('C', $response); + // the above should be $attr['text-hint'] + break; + case Attribute::MIME_TYPE: // 0x00001000 + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.11 + [$attr['mime-type']] = Strings::unpackSSH2('s', $response); + break; + case Attribute::LINK_COUNT: // 0x00002000 + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.12 + [$attr['link-count']] = Strings::unpackSSH2('N', $response); + break; + case Attribute::UNTRANSLATED_NAME:// 0x00004000 + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.13 + [$attr['untranslated-name']] = Strings::unpackSSH2('s', $response); + break; + case Attribute::CTIME: // 0x00008000 + // 'ctime' contains the last time the file attributes were changed. The + // exact meaning of this field depends on the server. + $attr += $this->parseTime('ctime', $flags, $response); + break; + case Attribute::EXTENDED: // 0x80000000 + [$count] = Strings::unpackSSH2('N', $response); + for ($i = 0; $i < $count; $i++) { + [$key, $value] = Strings::unpackSSH2('ss', $response); + $attr[$key] = $value; + } + } + } + return $attr; + } + + /** + * Attempt to identify the file type + * + * Quoting the SFTP RFC, "Implementations MUST NOT send bits that are not defined" but they seem to anyway + * + * @return int + */ + private function parseMode(int $mode) + { + // values come from http://lxr.free-electrons.com/source/include/uapi/linux/stat.h#L12 + // see, also, http://linux.die.net/man/2/stat + switch ($mode & 0o170000) {// ie. 1111 0000 0000 0000 + case 0: // no file type specified - figure out the file type using alternative means + return false; + case 0o040000: + return FileType::DIRECTORY; + case 0o100000: + return FileType::REGULAR; + case 0o120000: + return FileType::SYMLINK; + // new types introduced in SFTPv5+ + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-05#section-5.2 + case 0o010000: // named pipe (fifo) + return FileType::FIFO; + case 0o020000: // character special + return FileType::CHAR_DEVICE; + case 0o060000: // block special + return FileType::BLOCK_DEVICE; + case 0o140000: // socket + return FileType::SOCKET; + case 0o160000: // whiteout + // "SPECIAL should be used for files that are of + // a known type which cannot be expressed in the protocol" + return FileType::SPECIAL; + default: + return FileType::UNKNOWN; + } + } + + /** + * Parse Longname + * + * SFTPv3 doesn't provide any easy way of identifying a file type. You could try to open + * a file as a directory and see if an error is returned or you could try to parse the + * SFTPv3-specific longname field of the SSH_FXP_NAME packet. That's what this function does. + * The result is returned using the + * {@link http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-5.2 SFTPv4 type constants}. + * + * If the longname is in an unrecognized format bool(false) is returned. + */ + private function parseLongname(string $longname) + { + // http://en.wikipedia.org/wiki/Unix_file_types + // http://en.wikipedia.org/wiki/Filesystem_permissions#Notation_of_traditional_Unix_permissions + if (preg_match('#^[^/]([r-][w-][xstST-]){3}#', $longname)) { + switch ($longname[0]) { + case '-': + return FileType::REGULAR; + case 'd': + return FileType::DIRECTORY; + case 'l': + return FileType::SYMLINK; + default: + return FileType::SPECIAL; + } + } + + return false; + } + + /** + * Sends SFTP Packets + * + * See '6. General Packet Format' of draft-ietf-secsh-filexfer-13 for more info. + * + * @see self::_get_sftp_packet() + * @see self::send_channel_packet() + */ + private function send_sftp_packet(int $type, string $data, int $request_id = 1): void + { + // in SSH2.php the timeout is cumulative per function call. eg. exec() will + // timeout after 10s. but for SFTP.php it's cumulative per packet + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + + $packet = $this->use_request_id ? + pack('NCNa*', strlen($data) + 5, $type, $request_id, $data) : + pack('NCa*', strlen($data) + 1, $type, $data); + + $start = microtime(true); + $this->send_channel_packet(self::CHANNEL, $packet); + $stop = microtime(true); + + if (defined('NET_SFTP_LOGGING')) { + $packet_type = '-> ' . $this->packet_types[$type] . + ' (' . round($stop - $start, 4) . 's)'; + $this->append_log($packet_type, $data); + } + } + + /** + * Resets the SFTP channel for re-use + */ + private function reset_sftp(): void + { + $this->use_request_id = false; + $this->pwd = false; + $this->requestBuffer = []; + $this->partial_init = false; + } + + /** + * Resets a connection for re-use + */ + protected function reset_connection(): void + { + parent::reset_connection(); + $this->reset_sftp(); + } + + /** + * Receives SFTP Packets + * + * See '6. General Packet Format' of draft-ietf-secsh-filexfer-13 for more info. + * + * Incidentally, the number of SSH_MSG_CHANNEL_DATA messages has no bearing on the number of SFTP packets present. + * There can be one SSH_MSG_CHANNEL_DATA messages containing two SFTP packets or there can be two SSH_MSG_CHANNEL_DATA + * messages containing one SFTP packet. + * + * @see self::_send_sftp_packet() + * @return string + */ + private function get_sftp_packet($request_id = null) + { + $this->channel_close = false; + + if (isset($request_id) && isset($this->requestBuffer[$request_id])) { + $this->packet_type = $this->requestBuffer[$request_id]['packet_type']; + $temp = $this->requestBuffer[$request_id]['packet']; + unset($this->requestBuffer[$request_id]); + return $temp; + } + + // in SSH2.php the timeout is cumulative per function call. eg. exec() will + // timeout after 10s. but for SFTP.php it's cumulative per packet + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + + $start = microtime(true); + + // SFTP packet length + while (strlen($this->packet_buffer) < 4) { + $temp = $this->get_channel_packet(self::CHANNEL, true); + if ($temp === true) { + if ($this->channel_status[self::CHANNEL] === SSH2MessageType::CHANNEL_CLOSE) { + $this->channel_close = true; + } + $this->packet_type = false; + $this->packet_buffer = ''; + return false; + } + $this->packet_buffer .= $temp; + } + if (strlen($this->packet_buffer) < 4) { + throw new RuntimeException('Packet is too small'); + } + extract(unpack('Nlength', Strings::shift($this->packet_buffer, 4))); + /** @var integer $length */ + + $tempLength = $length; + $tempLength -= strlen($this->packet_buffer); + + // 256 * 1024 is what SFTP_MAX_MSG_LENGTH is set to in OpenSSH's sftp-common.h + if (!$this->allow_arbitrary_length_packets && !$this->use_request_id && $tempLength > 256 * 1024) { + throw new RuntimeException('Invalid Size'); + } + + // SFTP packet type and data payload + while ($tempLength > 0) { + $temp = $this->get_channel_packet(self::CHANNEL, true); + if ($temp === true) { + if ($this->channel_status[self::CHANNEL] === SSH2MessageType::CHANNEL_CLOSE) { + $this->channel_close = true; + } + $this->packet_type = false; + $this->packet_buffer = ''; + return false; + } + $this->packet_buffer .= $temp; + $tempLength -= strlen($temp); + } + + $stop = microtime(true); + + $this->packet_type = ord(Strings::shift($this->packet_buffer)); + + if ($this->use_request_id) { + extract(unpack('Npacket_id', Strings::shift($this->packet_buffer, 4))); // remove the request id + $length -= 5; // account for the request id and the packet type + } else { + $length -= 1; // account for the packet type + } + + $packet = Strings::shift($this->packet_buffer, $length); + + if (defined('NET_SFTP_LOGGING')) { + $packet_type = '<- ' . $this->packet_types[$this->packet_type] . + ' (' . round($stop - $start, 4) . 's)'; + $this->append_log($packet_type, $packet); + } + + if (isset($request_id) && $this->use_request_id && $packet_id != $request_id) { + $this->requestBuffer[$packet_id] = [ + 'packet_type' => $this->packet_type, + 'packet' => $packet, + ]; + return $this->get_sftp_packet($request_id); + } + + return $packet; + } + + /** + * Logs data packets + * + * Makes sure that only the last 1MB worth of packets will be logged + */ + private function append_log(string $message_number, string $message): void + { + $this->append_log_helper( + NET_SFTP_LOGGING, + $message_number, + $message, + $this->packet_type_log, + $this->packet_log, + $this->log_size, + $this->realtime_log_file, + $this->realtime_log_wrap, + $this->realtime_log_size + ); + } + + /** + * Returns a log of the packets that have been sent and received. + * + * Returns a string if PacketType::LOGGING == self::LOG_COMPLEX, an array if PacketType::LOGGING == self::LOG_SIMPLE and false if !defined('NET_SFTP_LOGGING') + * + * @return array|string|false + */ + public function getSFTPLog() + { + if (!defined('NET_SFTP_LOGGING')) { + return false; + } + + switch (NET_SFTP_LOGGING) { + case self::LOG_COMPLEX: + return $this->format_log($this->packet_log, $this->packet_type_log); + break; + //case self::LOG_SIMPLE: + default: + return $this->packet_type_log; + } + } + + /** + * Returns all errors on the SFTP layer + */ + public function getSFTPErrors(): array + { + return $this->sftp_errors; + } + + /** + * Returns the last error on the SFTP layer + */ + public function getLastSFTPError(): string + { + return count($this->sftp_errors) ? $this->sftp_errors[count($this->sftp_errors) - 1] : ''; + } + + /** + * Get supported SFTP versions + * + * @return array + */ + public function getSupportedVersions() + { + if (!($this->bitmap & SSH2::MASK_LOGIN)) { + return false; + } + + if (!$this->partial_init) { + $this->partial_init_sftp_connection(); + } + + $temp = ['version' => $this->defaultVersion]; + if (isset($this->extensions['versions'])) { + $temp['extensions'] = $this->extensions['versions']; + } + return $temp; + } + + /** + * Get supported SFTP extensions + * + * @return array + */ + public function getSupportedExtensions() + { + if (!($this->bitmap & SSH2::MASK_LOGIN)) { + return false; + } + + if (!$this->partial_init) { + $this->partial_init_sftp_connection(); + } + + return $this->extensions; + } + + /** + * Get supported SFTP versions + * + * @return int|false + */ + public function getNegotiatedVersion() + { + if (!$this->precheck()) { + return false; + } + + return $this->version; + } + + /** + * Set preferred version + * + * If you're preferred version isn't supported then the highest supported + * version of SFTP will be utilized. Set to null or false or int(0) to + * unset the preferred version + */ + public function setPreferredVersion(int $version): void + { + $this->preferredVersion = $version; + } + + /** + * Disconnect + * + * @return false + */ + protected function disconnect_helper(int $reason): bool + { + $this->pwd = false; + return parent::disconnect_helper($reason); + } + + /** + * Enable Date Preservation + */ + public function enableDatePreservation(): void + { + $this->preserveTime = true; + } + + /** + * Disable Date Preservation + */ + public function disableDatePreservation(): void + { + $this->preserveTime = false; + } + + /** + * POSIX Rename + * + * Where rename() fails "if there already exists a file with the name specified by newpath" + * (draft-ietf-secsh-filexfer-02#section-6.5), posix_rename() overwrites the existing file in an atomic fashion. + * ie. "there is no observable instant in time where the name does not refer to either the old or the new file" + * (draft-ietf-secsh-filexfer-13#page-39). + */ + public function posix_rename(string $oldname, string $newname): bool + { + if (!$this->precheck()) { + return false; + } + + if (!isset($this->extensions['posix-rename@openssh.com']) || $this->extensions['posix-rename@openssh.com'] !== '1') { + throw new RuntimeException( + "Extension 'posix-rename@openssh.com' is not supported by the server. " . + "Call getSupportedVersions() to see a list of supported extension" + ); + } + + $oldname = $this->realpath($oldname); + $newname = $this->realpath($newname); + if ($oldname === false || $newname === false) { + return false; + } + + $packet = Strings::packSSH2('sss', 'posix-rename@openssh.com', $oldname, $newname); + $this->send_sftp_packet(PacketType::EXTENDED, $packet); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != PacketType::STATUS) { + throw new UnexpectedValueException( + 'Expected NET_SFTP_STATUS. ' . + 'Got packet type: ' . $this->packet_type + ); + } + + // if $status isn't SSH_FX_OK it's probably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + list($status) = Strings::unpackSSH2('N', $response); + if ($status != StatusCode::OK) { + $this->logError($response, $status); + return false; + } + + // don't move the stat cache entry over since this operation could very well change the + // atime and mtime attributes + //$this->update_stat_cache($newname, $this->query_stat_cache($oldname)); + $this->remove_from_stat_cache($oldname); + $this->remove_from_stat_cache($newname); + + return true; + } + + /** + * Returns general information about a file system. + * + * The function statvfs() returns information about a mounted filesystem. + * @see https://man7.org/linux/man-pages/man3/statvfs.3.html + * + * @return array{bsize: int, frsize: int, blocks: int, bfree: int, bavail: int, files: int, ffree: int, favail: int, fsid: int, flag: int, namemax: int} + */ + public function statvfs(string $path): array|bool + { + if (!$this->precheck()) { + return false; + } + + if (!isset($this->extensions['statvfs@openssh.com']) || $this->extensions['statvfs@openssh.com'] !== '2') { + throw new RuntimeException( + "Extension 'statvfs@openssh.com' is not supported by the server. " . + "Call getSupportedVersions() to see a list of supported extension" + ); + } + + $realpath = $this->realpath($path); + if ($realpath === false) { + return false; + } + + $packet = Strings::packSSH2('ss', 'statvfs@openssh.com', $realpath); + $this->send_sftp_packet(PacketType::EXTENDED, $packet); + + $response = $this->get_sftp_packet(); + if ($this->packet_type !== PacketType::EXTENDED_REPLY) { + throw new UnexpectedValueException( + 'Expected SSH_FXP_EXTENDED_REPLY. ' . + 'Got packet type: ' . $this->packet_type + ); + } + + /** + * These requests return a SSH_FXP_STATUS reply on failure. On success they + * return the following SSH_FXP_EXTENDED_REPLY reply: + * + * uint32 id + * uint64 f_bsize file system block size + * uint64 f_frsize fundamental fs block size + * uint64 f_blocks number of blocks (unit f_frsize) + * uint64 f_bfree free blocks in file system + * uint64 f_bavail free blocks for non-root + * uint64 f_files total file inodes + * uint64 f_ffree free file inodes + * uint64 f_favail free file inodes for to non-root + * uint64 f_fsid file system id + * uint64 f_flag bit mask of f_flag values + * uint64 f_namemax maximum filename length + */ + + return array_combine( + ['bsize', 'frsize', 'blocks', 'bfree', 'bavail', 'files', 'ffree', 'favail', 'fsid', 'flag', 'namemax'], + Strings::unpackSSH2('QQQQQQQQQQQ', $response) + ); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/Attribute.php b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/Attribute.php new file mode 100644 index 0000000..d83d5cc --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/Attribute.php @@ -0,0 +1,44 @@ +getConstants(); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/FileType.php b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/FileType.php new file mode 100644 index 0000000..f4b88e0 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/FileType.php @@ -0,0 +1,26 @@ +open5_flags and similarly alter the constant names. + * + * @internal + */ +abstract class OpenFlag +{ + public const READ = 0x00000001; + public const WRITE = 0x00000002; + public const APPEND = 0x00000004; + public const CREATE = 0x00000008; + public const TRUNCATE = 0x00000010; + public const EXCL = 0x00000020; + public const TEXT = 0x00000040; // defined in SFTPv4 +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/OpenFlag5.php b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/OpenFlag5.php new file mode 100644 index 0000000..0be4415 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Net/SFTP/OpenFlag5.php @@ -0,0 +1,34 @@ + + * @copyright 2013 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Net\SFTP; + +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Net\SFTP; +use phpseclib3\Net\SSH2; +use phpseclib3\Net\SSH2\MessageType as SSH2MessageType; + +/** + * SFTP Stream Wrapper + * + * @author Jim Wigginton + */ +class Stream +{ + /** + * SFTP instances + * + * Rather than re-create the connection we re-use instances if possible + */ + public static array $instances; + + /** + * SFTP instance + */ + private SFTP $sftp; + + /** + * Path + */ + private string $path; + + /** + * Mode + */ + private string $mode; + + /** + * Position + */ + private int $pos; + + /** + * Size + */ + private int|false $size; + + /** + * Directory entries + */ + private array $entries; + + /** + * EOF flag + */ + private bool $eof; + + /** + * Context resource + * + * Technically this needs to be publicly accessible so PHP can set it directly + * + * @var resource + */ + public $context; + + /** + * Notification callback function + * + * @var callable + */ + private $notification; + + /** + * Registers this class as a URL wrapper. + * + * @param string $protocol The wrapper name to be registered. + * @return bool True on success, false otherwise. + */ + public static function register(string $protocol = 'sftp'): bool + { + if (in_array($protocol, stream_get_wrappers(), true)) { + return false; + } + return stream_wrapper_register($protocol, get_called_class()); + } + + /** + * The Constructor + */ + public function __construct() + { + if (defined('NET_SFTP_STREAM_LOGGING')) { + echo "__construct()\r\n"; + } + } + + /** + * Path Parser + * + * Extract a path from a URI and actually connect to an SSH server if appropriate + * + * If "notification" is set as a context parameter the message code for successful login is + * SSHMsg::USERAUTH_SUCCESS. For a failed login it's SSHMsg::USERAUTH_FAILURE. + * + * @return string + */ + protected function parse_path(string $path) + { + $orig = $path; + extract(parse_url($path) + ['port' => 22]); + if (isset($query)) { + $path .= '?' . $query; + } elseif (preg_match('/(\?|\?#)$/', $orig)) { + $path .= '?'; + } + if (isset($fragment)) { + $path .= '#' . $fragment; + } elseif ($orig[-1] == '#') { + $path .= '#'; + } + + if (!isset($host)) { + return false; + } + + if (isset($this->context)) { + $context = stream_context_get_params($this->context); + if (isset($context['notification'])) { + $this->notification = $context['notification']; + } + } + + if (preg_match('/^{[a-z0-9]+}$/i', $host)) { + $host = SSH2::getConnectionByResourceId($host); + if ($host === null) { + return false; + } + $this->sftp = $host; + } else { + if (isset($this->context)) { + $context = stream_context_get_options($this->context); + } + if (isset($context[$scheme]['session'])) { + $sftp = $context[$scheme]['session']; + } + if (isset($context[$scheme]['sftp'])) { + $sftp = $context[$scheme]['sftp']; + } + if (isset($sftp) && $sftp instanceof SFTP) { + $this->sftp = $sftp; + return $path; + } + if (isset($context[$scheme]['username'])) { + $user = $context[$scheme]['username']; + } + if (isset($context[$scheme]['password'])) { + $pass = $context[$scheme]['password']; + } + if (isset($context[$scheme]['privkey']) && $context[$scheme]['privkey'] instanceof PrivateKey) { + $pass = $context[$scheme]['privkey']; + } + + if (!isset($user) || !isset($pass)) { + return false; + } + + // casting $pass to a string is necessary in the event that it's a \phpseclib3\Crypt\RSA object + if (isset(self::$instances[$host][$port][$user][(string) $pass])) { + $this->sftp = self::$instances[$host][$port][$user][(string) $pass]; + } else { + $this->sftp = new SFTP($host, $port); + $this->sftp->disableStatCache(); + if (isset($this->notification) && is_callable($this->notification)) { + /* if !is_callable($this->notification) we could do this: + + user_error('fopen(): failed to call user notifier', E_USER_WARNING); + + the ftp wrapper gives errors like that when the notifier isn't callable. + i've opted not to do that, however, since the ftp wrapper gives the line + on which the fopen occurred as the line number - not the line that the + user_error is on. + */ + call_user_func($this->notification, STREAM_NOTIFY_CONNECT, STREAM_NOTIFY_SEVERITY_INFO, '', 0, 0, 0); + call_user_func($this->notification, STREAM_NOTIFY_AUTH_REQUIRED, STREAM_NOTIFY_SEVERITY_INFO, '', 0, 0, 0); + if (!$this->sftp->login($user, $pass)) { + call_user_func($this->notification, STREAM_NOTIFY_AUTH_RESULT, STREAM_NOTIFY_SEVERITY_ERR, 'Login Failure', SSH2MessageType::USERAUTH_FAILURE, 0, 0); + return false; + } + call_user_func($this->notification, STREAM_NOTIFY_AUTH_RESULT, STREAM_NOTIFY_SEVERITY_INFO, 'Login Success', SSH2MessageType::USERAUTH_SUCCESS, 0, 0); + } else { + if (!$this->sftp->login($user, $pass)) { + return false; + } + } + self::$instances[$host][$port][$user][(string) $pass] = $this->sftp; + } + } + + return $path; + } + + /** + * Opens file or URL + */ + private function _stream_open(string $path, string $mode): bool + { + $path = $this->parse_path($path); + + if ($path === false) { + return false; + } + $this->path = $path; + + $this->size = $this->sftp->filesize($path); + $this->mode = preg_replace('#[bt]$#', '', $mode); + $this->eof = false; + + if ($this->size === false) { + if ($this->mode[0] == 'r') { + return false; + } else { + $this->sftp->touch($path); + $this->size = 0; + } + } else { + switch ($this->mode[0]) { + case 'x': + return false; + case 'w': + $this->sftp->truncate($path, 0); + $this->size = 0; + } + } + + $this->pos = $this->mode[0] != 'a' ? 0 : $this->size; + + return true; + } + + /** + * Read from stream + */ + private function _stream_read(int $count) + { + switch ($this->mode) { + case 'w': + case 'a': + case 'x': + case 'c': + return false; + } + + // commented out because some files - eg. /dev/urandom - will say their size is 0 when in fact it's kinda infinite + //if ($this->pos >= $this->size) { + // $this->eof = true; + // return false; + //} + + $result = $this->sftp->get($this->path, false, $this->pos, $count); + if (isset($this->notification) && is_callable($this->notification)) { + if ($result === false) { + call_user_func($this->notification, STREAM_NOTIFY_FAILURE, STREAM_NOTIFY_SEVERITY_ERR, $this->sftp->getLastSFTPError(), PacketType::OPEN, 0, 0); + return 0; + } + // seems that PHP calls stream_read in 8k chunks + call_user_func($this->notification, STREAM_NOTIFY_PROGRESS, STREAM_NOTIFY_SEVERITY_INFO, '', 0, strlen($result), $this->size); + } + + if (empty($result)) { // ie. false or empty string + $this->eof = true; + return false; + } + $this->pos += strlen($result); + + return $result; + } + + /** + * Write to stream + * + * @return int|false + */ + private function _stream_write(string $data) + { + switch ($this->mode) { + case 'r': + return false; + } + + $result = $this->sftp->put($this->path, $data, SFTP::SOURCE_STRING, $this->pos); + if (isset($this->notification) && is_callable($this->notification)) { + if (!$result) { + call_user_func($this->notification, STREAM_NOTIFY_FAILURE, STREAM_NOTIFY_SEVERITY_ERR, $this->sftp->getLastSFTPError(), PacketType::OPEN, 0, 0); + return 0; + } + // seems that PHP splits up strings into 8k blocks before calling stream_write + call_user_func($this->notification, STREAM_NOTIFY_PROGRESS, STREAM_NOTIFY_SEVERITY_INFO, '', 0, strlen($data), strlen($data)); + } + + if ($result === false) { + return false; + } + $this->pos += strlen($data); + if ($this->pos > $this->size) { + $this->size = $this->pos; + } + $this->eof = false; + return strlen($data); + } + + /** + * Retrieve the current position of a stream + */ + private function _stream_tell(): int + { + return $this->pos; + } + + /** + * Tests for end-of-file on a file pointer + * + * In my testing there are four classes functions that normally effect the pointer: + * fseek, fputs / fwrite, fgets / fread and ftruncate. + * + * Only fgets / fread, however, results in feof() returning true. do fputs($fp, 'aaa') on a blank file and feof() + * will return false. do fread($fp, 1) and feof() will then return true. do fseek($fp, 10) on ablank file and feof() + * will return false. do fread($fp, 1) and feof() will then return true. + */ + private function _stream_eof(): bool + { + return $this->eof; + } + + /** + * Seeks to specific location in a stream + */ + private function _stream_seek(int $offset, int $whence): bool + { + switch ($whence) { + case SEEK_SET: + if ($offset < 0) { + return false; + } + break; + case SEEK_CUR: + $offset += $this->pos; + break; + case SEEK_END: + $offset += $this->size; + } + + $this->pos = $offset; + $this->eof = false; + return true; + } + + /** + * Change stream options + */ + private function _stream_metadata(string $path, int $option, $var): bool + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + // stream_metadata was introduced in PHP 5.4.0 but as of 5.4.11 the constants haven't been defined + // see http://www.php.net/streamwrapper.stream-metadata and https://bugs.php.net/64246 + // and https://github.com/php/php-src/blob/master/main/php_streams.h#L592 + switch ($option) { + case 1: // PHP_STREAM_META_TOUCH + $time = $var[0] ?? null; + $atime = $var[1] ?? null; + return $this->sftp->touch($path, $time, $atime); + case 2: // PHP_STREAM_OWNER_NAME + case 3: // PHP_STREAM_GROUP_NAME + return false; + case 4: // PHP_STREAM_META_OWNER + return $this->sftp->chown($path, $var); + case 5: // PHP_STREAM_META_GROUP + return $this->sftp->chgrp($path, $var); + case 6: // PHP_STREAM_META_ACCESS + return $this->sftp->chmod($path, $var) !== false; + } + } + + /** + * Retrieve the underlaying resource + * + * @return resource + */ + private function _stream_cast(int $cast_as) + { + return $this->sftp->fsock; + } + + /** + * Advisory file locking + */ + private function _stream_lock(int $operation): bool + { + return false; + } + + /** + * Renames a file or directory + * + * Attempts to rename oldname to newname, moving it between directories if necessary. + * If newname exists, it will be overwritten. This is a departure from what \phpseclib3\Net\SFTP + * does. + */ + private function _rename(string $path_from, string $path_to): bool + { + $path1 = parse_url($path_from); + $path2 = parse_url($path_to); + unset($path1['path'], $path2['path']); + if ($path1 != $path2) { + return false; + } + + $path_from = $this->parse_path($path_from); + $path_to = parse_url($path_to); + if ($path_from === false) { + return false; + } + + $path_to = $path_to['path']; // the $component part of parse_url() was added in PHP 5.1.2 + // "It is an error if there already exists a file with the name specified by newpath." + // -- http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-6.5 + if (!$this->sftp->rename($path_from, $path_to)) { + if ($this->sftp->stat($path_to)) { + return $this->sftp->delete($path_to, true) && $this->sftp->rename($path_from, $path_to); + } + return false; + } + + return true; + } + + /** + * Open directory handle + * + * The only $options is "whether or not to enforce safe_mode (0x04)". Since safe mode was deprecated in 5.3 and + * removed in 5.4 I'm just going to ignore it. + * + * Also, nlist() is the best that this function is realistically going to be able to do. When an SFTP client + * sends a SSH_FXP_READDIR packet you don't generally get info on just one file but on multiple files. Quoting + * the SFTP specs: + * + * The SSH_FXP_NAME response has the following format: + * + * uint32 id + * uint32 count + * repeats count times: + * string filename + * string longname + * ATTRS attrs + */ + private function _dir_opendir(string $path, int $options): bool + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + $this->pos = 0; + $this->entries = $this->sftp->nlist($path); + return $this->entries !== false; + } + + /** + * Read entry from directory handle + */ + private function _dir_readdir() + { + if (isset($this->entries[$this->pos])) { + return $this->entries[$this->pos++]; + } + return false; + } + + /** + * Rewind directory handle + */ + private function _dir_rewinddir(): bool + { + $this->pos = 0; + return true; + } + + /** + * Close directory handle + */ + private function _dir_closedir(): bool + { + return true; + } + + /** + * Create a directory + * + * Only valid $options is STREAM_MKDIR_RECURSIVE + */ + private function _mkdir(string $path, int $mode, int $options): bool + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + return $this->sftp->mkdir($path, $mode, $options & STREAM_MKDIR_RECURSIVE); + } + + /** + * Removes a directory + * + * Only valid $options is STREAM_MKDIR_RECURSIVE per , however, + * does not have a $recursive parameter as mkdir() does so I don't know how + * STREAM_MKDIR_RECURSIVE is supposed to be set. Also, when I try it out with rmdir() I get 8 as + * $options. What does 8 correspond to? + */ + private function _rmdir(string $path, int $options): bool + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + return $this->sftp->rmdir($path); + } + + /** + * Flushes the output + * + * See . Always returns true because \phpseclib3\Net\SFTP doesn't cache stuff before writing + */ + private function _stream_flush(): bool + { + return true; + } + + /** + * Retrieve information about a file resource + */ + private function _stream_stat(): bool + { + $results = $this->sftp->stat($this->path); + if ($results === false) { + return false; + } + return $results; + } + + /** + * Delete a file + */ + private function _unlink(string $path): bool + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + return $this->sftp->delete($path, false); + } + + /** + * Retrieve information about a file + * + * Ignores the STREAM_URL_STAT_QUIET flag because the entirety of \phpseclib3\Net\SFTP\Stream is quiet by default + * might be worthwhile to reconstruct bits 12-16 (ie. the file type) if mode doesn't have them but we'll + * cross that bridge when and if it's reached + */ + private function _url_stat(string $path, int $flags): bool + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + $results = $flags & STREAM_URL_STAT_LINK ? $this->sftp->lstat($path) : $this->sftp->stat($path); + if ($results === false) { + return false; + } + + return $results; + } + + /** + * Truncate stream + */ + private function _stream_truncate(int $new_size): bool + { + if (!$this->sftp->truncate($this->path, $new_size)) { + return false; + } + + $this->eof = false; + $this->size = $new_size; + + return true; + } + + /** + * Change stream options + * + * STREAM_OPTION_WRITE_BUFFER isn't supported for the same reason stream_flush isn't. + * The other two aren't supported because of limitations in \phpseclib3\Net\SFTP. + */ + private function _stream_set_option(int $option, int $arg1, int $arg2): bool + { + return false; + } + + /** + * Close an resource + */ + private function _stream_close(): void + { + } + + /** + * __call Magic Method + * + * When you're utilizing an SFTP stream you're not calling the methods in this class directly - PHP is calling them for you. + * Which kinda begs the question... what methods is PHP calling and what parameters is it passing to them? This function + * lets you figure that out. + * + * If NET_SFTP_STREAM_LOGGING is defined all calls will be output on the screen and then (regardless of whether or not + * NET_SFTP_STREAM_LOGGING is enabled) the parameters will be passed through to the appropriate method. + */ + public function __call(string $name, array $arguments) + { + if (defined('NET_SFTP_STREAM_LOGGING')) { + echo $name . '('; + $last = count($arguments) - 1; + foreach ($arguments as $i => $argument) { + var_export($argument); + if ($i != $last) { + echo ','; + } + } + echo ")\r\n"; + } + $name = '_' . $name; + if (!method_exists($this, $name)) { + return false; + } + return $this->$name(...$arguments); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Net/SSH2.php b/qa-tool/htdocs/oidc/phpseclib/Net/SSH2.php new file mode 100644 index 0000000..76e56dd --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Net/SSH2.php @@ -0,0 +1,5004 @@ + + * login('username', 'password')) { + * exit('Login Failed'); + * } + * + * echo $ssh->exec('pwd'); + * echo $ssh->exec('ls -la'); + * ?> + * + * + * + * login('username', $key)) { + * exit('Login Failed'); + * } + * + * echo $ssh->read('username@username:~$'); + * $ssh->write("ls -la\n"); + * echo $ssh->read('username@username:~$'); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\Net; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Blowfish; +use phpseclib3\Crypt\ChaCha20; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\Common\SymmetricKey; +use phpseclib3\Crypt\DH; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RC4; +use phpseclib3\Crypt\Rijndael; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\TripleDES; +use phpseclib3\Crypt\Twofish; +use phpseclib3\Exception\ConnectionClosedException; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\InvalidArgumentException; +use phpseclib3\Exception\InvalidPacketLengthException; +use phpseclib3\Exception\LengthException; +use phpseclib3\Exception\LogicException; +use phpseclib3\Exception\NoSupportedAlgorithmsException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\TimeoutException; +use phpseclib3\Exception\UnableToConnectException; +use phpseclib3\Exception\UnexpectedValueException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Net\SSH2\ChannelConnectionFailureReason; +use phpseclib3\Net\SSH2\DisconnectReason; +use phpseclib3\Net\SSH2\MessageType; +use phpseclib3\Net\SSH2\MessageTypeExtra; +use phpseclib3\Net\SSH2\TerminalMode; +use phpseclib3\System\SSH\Agent; + +/** + * Pure-PHP implementation of SSHv2. + * + * @author Jim Wigginton + */ +class SSH2 +{ + /**#@+ + * Compression Types + * + */ + /** + * No compression + */ + public const NET_SSH2_COMPRESSION_NONE = 1; + /** + * zlib compression + */ + public const NET_SSH2_COMPRESSION_ZLIB = 2; + /** + * zlib@openssh.com + */ + public const NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH = 3; + /**#@-*/ + + // Execution Bitmap Masks + public const MASK_CONSTRUCTOR = 0x00000001; + public const MASK_CONNECTED = 0x00000002; + public const MASK_LOGIN_REQ = 0x00000004; + public const MASK_LOGIN = 0x00000008; + public const MASK_SHELL = 0x00000010; + public const MASK_DISCONNECT = 0x00000020; + + /* + * Channel constants + * + * RFC4254 refers not to client and server channels but rather to sender and recipient channels. we don't refer + * to them in that way because RFC4254 toggles the meaning. the client sends a SSH_MSG_CHANNEL_OPEN message with + * a sender channel and the server sends a SSH_MSG_CHANNEL_OPEN_CONFIRMATION in response, with a sender and a + * recipient channel. at first glance, you might conclude that SSH_MSG_CHANNEL_OPEN_CONFIRMATION's sender channel + * would be the same thing as SSH_MSG_CHANNEL_OPEN's sender channel, but it's not, per this snippet: + * The 'recipient channel' is the channel number given in the original + * open request, and 'sender channel' is the channel number allocated by + * the other side. + * + * @see \phpseclib3\Net\SSH2::send_channel_packet() + * @see \phpseclib3\Net\SSH2::get_channel_packet() + */ + public const CHANNEL_EXEC = 1; // PuTTy uses 0x100 + public const CHANNEL_SHELL = 2; + public const CHANNEL_SUBSYSTEM = 3; + public const CHANNEL_AGENT_FORWARD = 4; + public const CHANNEL_KEEP_ALIVE = 5; + + /** + * Returns the message numbers + * + * @see \phpseclib3\Net\SSH2::getLog() + */ + public const LOG_SIMPLE = 1; + /** + * Returns the message content + * + * @see \phpseclib3\Net\SSH2::getLog() + */ + public const LOG_COMPLEX = 2; + /** + * Outputs the content real-time + */ + public const LOG_REALTIME = 3; + /** + * Dumps the content real-time to a file + */ + public const LOG_REALTIME_FILE = 4; + /** + * Outputs the message numbers real-time + */ + public const LOG_SIMPLE_REALTIME = 5; + /** + * Make sure that the log never gets larger than this + * + * @see \phpseclib3\Net\SSH2::getLog() + */ + public const LOG_MAX_SIZE = 1048576; // 1024 * 1024 + + /** + * Returns when a string matching $expect exactly is found + * + * @see \phpseclib3\Net\SSH2::read() + */ + public const READ_SIMPLE = 1; + /** + * Returns when a string matching the regular expression $expect is found + * + * @see \phpseclib3\Net\SSH2::read() + */ + public const READ_REGEX = 2; + /** + * Returns whenever a data packet is received. + * + * Some data packets may only contain a single character so it may be necessary + * to call read() multiple times when using this option + * + * @see \phpseclib3\Net\SSH2::read() + */ + public const READ_NEXT = 3; + + /** + * The SSH identifier + */ + private string $identifier; + + /** + * The Socket Object + * + * @var resource|closed-resource|null + */ + public $fsock; + + /** + * Execution Bitmap + * + * The bits that are set represent functions that have been called already. This is used to determine + * if a requisite function has been successfully executed. If not, an error should be thrown. + */ + protected int $bitmap = 0; + + /** + * Error information + * + * @see self::getErrors() + * @see self::getLastError() + */ + private array $errors = []; + + /** + * Server Identifier + * + * @see self::getServerIdentification() + */ + protected string|false $server_identifier = false; + + /** + * Key Exchange Algorithms + * + * @see self::getKexAlgorithims() + */ + private array|false $kex_algorithms = false; + + /** + * Key Exchange Algorithm + * + * @see self::getMethodsNegotiated() + */ + private string|false $kex_algorithm = false; + + /** + * Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods + * + * @see self::_key_exchange() + */ + private int $kex_dh_group_size_min = 1536; + + /** + * Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods + * + * @see self::_key_exchange() + */ + private int $kex_dh_group_size_preferred = 2048; + + /** + * Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods + * + * @see self::_key_exchange() + */ + private int $kex_dh_group_size_max = 4096; + + /** + * Server Host Key Algorithms + * + * @see self::getServerHostKeyAlgorithms() + */ + private array|false $server_host_key_algorithms = false; + + /** + * Supported Private Key Algorithms + * + * In theory this should be the same as the Server Host Key Algorithms but, in practice, + * some servers (eg. Azure) will support rsa-sha2-512 as a server host key algorithm but + * not a private key algorithm + * + * @see self::privatekey_login() + * @var array|false + */ + private $supported_private_key_algorithms = false; + + /** + * Encryption Algorithms: Client to Server + * + * @see self::getEncryptionAlgorithmsClient2Server() + */ + private array|false $encryption_algorithms_client_to_server = false; + + /** + * Encryption Algorithms: Server to Client + * + * @see self::getEncryptionAlgorithmsServer2Client() + */ + private array|false $encryption_algorithms_server_to_client = false; + + /** + * MAC Algorithms: Client to Server + * + * @see self::getMACAlgorithmsClient2Server() + */ + private array|false $mac_algorithms_client_to_server = false; + + /** + * MAC Algorithms: Server to Client + * + * @see self::getMACAlgorithmsServer2Client() + */ + private array|false $mac_algorithms_server_to_client = false; + + /** + * Compression Algorithms: Client to Server + * + * @see self::getCompressionAlgorithmsClient2Server() + */ + private array|false $compression_algorithms_client_to_server = false; + + /** + * Compression Algorithms: Server to Client + * + * @see self::getCompressionAlgorithmsServer2Client() + */ + private array|false $compression_algorithms_server_to_client = false; + + /** + * Languages: Server to Client + */ + private array|false $languages_server_to_client = false; + + /** + * Languages: Client to Server + */ + private array|false $languages_client_to_server = false; + + /** + * Preferred Algorithms + * + * @see self::setPreferredAlgorithms() + */ + private array $preferred = []; + + /** + * Block Size for Server to Client Encryption + * + * "Note that the length of the concatenation of 'packet_length', + * 'padding_length', 'payload', and 'random padding' MUST be a multiple + * of the cipher block size or 8, whichever is larger. This constraint + * MUST be enforced, even when using stream ciphers." + * + * -- http://tools.ietf.org/html/rfc4253#section-6 + * + * @see self::__construct() + * @see self::send_binary_packet() + */ + private int $encrypt_block_size = 8; + + /** + * Block Size for Client to Server Encryption + * + * @see self::__construct() + * @see self::get_binary_packet() + */ + private int $decrypt_block_size = 8; + + /** + * Server to Client Encryption Object + * + * @see self::get_binary_packet() + */ + private SymmetricKey|false $decrypt = false; + + /** + * Decryption Algorithm Name + */ + private string|null $decryptName; + + /** + * Decryption Invocation Counter + * + * Used by GCM + */ + private string|null $decryptInvocationCounter; + + /** + * Fixed Part of Nonce + * + * Used by GCM + */ + private string|null $decryptFixedPart; + + /** + * Server to Client Length Encryption Object + * + * @see self::get_binary_packet() + */ + private SymmetricKey|false $lengthDecrypt = false; + + /** + * Client to Server Encryption Object + * + * @see self::send_binary_packet() + */ + private SymmetricKey|false $encrypt = false; + + /** + * Encryption Algorithm Name + */ + private string|null $encryptName; + + /** + * Encryption Invocation Counter + * + * Used by GCM + */ + private string|null $encryptInvocationCounter; + + /** + * Fixed Part of Nonce + * + * Used by GCM + */ + private string|null $encryptFixedPart; + + /** + * Client to Server Length Encryption Object + * + * @see self::send_binary_packet() + */ + private SymmetricKey|false $lengthEncrypt = false; + + /** + * Client to Server HMAC Object + * + * @see self::send_binary_packet() + */ + private Hash|\stdClass|false $hmac_create = false; + + /** + * Client to Server HMAC Name + */ + private string|false $hmac_create_name; + + /** + * Client to Server ETM + */ + private int|false $hmac_create_etm; + + /** + * Server to Client HMAC Object + * + * @see self::get_binary_packet() + */ + private Hash|\stdClass|false $hmac_check = false; + + /** + * Server to Client HMAC Name + */ + private string|false $hmac_check_name; + + /** + * Server to Client ETM + */ + private int|false $hmac_check_etm; + + /** + * Size of server to client HMAC + * + * We need to know how big the HMAC will be for the server to client direction so that we know how many bytes to read. + * For the client to server side, the HMAC object will make the HMAC as long as it needs to be. All we need to do is + * append it. + * + * @see self::get_binary_packet() + */ + private int|false $hmac_size = false; + + /** + * Server Public Host Key + * + * @see self::getServerPublicHostKey() + */ + private string $server_public_host_key; + + /** + * Session identifier + * + * "The exchange hash H from the first key exchange is additionally + * used as the session identifier, which is a unique identifier for + * this connection." + * + * -- http://tools.ietf.org/html/rfc4253#section-7.2 + * + * @see self::key_exchange() + */ + private string|false $session_id = false; + + /** + * Exchange hash + * + * The current exchange hash + * + * @see self::key_exchange() + */ + private string|false $exchange_hash = false; + + /** + * Send Sequence Number + * + * See 'Section 6.4. Data Integrity' of rfc4253 for more info. + * + * @see self::send_binary_packet() + */ + private int $send_seq_no = 0; + + /** + * Get Sequence Number + * + * See 'Section 6.4. Data Integrity' of rfc4253 for more info. + * + * @see self::get_binary_packet() + */ + private int $get_seq_no = 0; + + /** + * Server Channels + * + * Maps client channels to server channels + * + * @see self::get_channel_packet() + * @see self::exec() + */ + protected array $server_channels = []; + + /** + * Channel Read Buffers + * + * If a client requests a packet from one channel but receives two packets from another those packets should + * be placed in a buffer + * + * @see self::get_channel_packet() + * @see self::exec() + */ + private array $channel_buffers = []; + + /** + * Channel Write Buffers + * + * If a client sends a packet and receives a timeout error mid-transmission, buffer the data written so it + * can be de-duplicated upon resuming write + * + * @see self::send_channel_packet() + * @var array + */ + private $channel_buffers_write = []; + + /** + * Channel Status + * + * Contains the type of the last sent message + * + * @see self::get_channel_packet() + */ + protected array $channel_status = []; + + /** + * The identifier of the interactive channel which was opened most recently + * + * @see self::getInteractiveChannelId() + */ + private int $channel_id_last_interactive = 0; + + /** + * Packet Size + * + * Maximum packet size indexed by channel + * + * @see self::send_channel_packet() + */ + private array $packet_size_client_to_server = []; + + /** + * Message Number Log + * + * @see self::getLog() + */ + private array $message_number_log = []; + + /** + * Message Log + * + * @see self::getLog() + */ + private array $message_log = []; + + /** + * The Window Size + * + * Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 2GB) + * + * @see self::send_channel_packet() + * @see self::exec() + */ + protected int $window_size = 0x7FFFFFFF; + + /** + * What we resize the window to + * + * When PuTTY resizes the window it doesn't add an additional 0x7FFFFFFF bytes - it adds 0x40000000 bytes. + * Some SFTP clients (GoAnywhere) don't support adding 0x7FFFFFFF to the window size after the fact so + * we'll just do what PuTTY does + * + * @see self::_send_channel_packet() + * @see self::exec() + */ + private int $window_resize = 0x40000000; + + /** + * Window size, server to client + * + * Window size indexed by channel + * + * @see self::send_channel_packet() + */ + protected array $window_size_server_to_client = []; + + /** + * Window size, client to server + * + * Window size indexed by channel + * + * @see self::get_channel_packet() + */ + private array $window_size_client_to_server = []; + + /** + * Server signature + * + * Verified against $this->session_id + * + * @see self::getServerPublicHostKey() + */ + private string $signature = ''; + + /** + * Server signature format + * + * ssh-rsa or ssh-dss. + * + * @see self::getServerPublicHostKey() + */ + private string $signature_format = ''; + + /** + * Interactive Buffer + * + * @see self::read() + */ + private string $interactiveBuffer = ''; + + /** + * Current log size + * + * Should never exceed self::LOG_MAX_SIZE + * + * @see self::_send_binary_packet() + * @see self::_get_binary_packet() + */ + private int $log_size; + + /** + * Timeout + * + * @see SSH2::setTimeout() + */ + protected int|null $timeout = null; + + /** + * Current Timeout + * + * @see SSH2::get_channel_packet() + */ + protected int|float|null $curTimeout = null; + + /** + * Keep Alive Interval + * + * @see self::setKeepAlive() + */ + private int|null $keepAlive = null; + + /** + * Real-time log file pointer + * + * @see self::_append_log() + * @var resource|closed-resource + */ + private $realtime_log_file; + + /** + * Real-time log file size + * + * @see self::_append_log() + */ + private int $realtime_log_size; + + /** + * Has the signature been validated? + * + * @see self::getServerPublicHostKey() + */ + private bool $signature_validated = false; + + /** + * Real-time log file wrap boolean + * + * @see self::_append_log() + */ + private bool $realtime_log_wrap; + + /** + * Flag to suppress stderr from output + * + * @see self::enableQuietMode() + */ + private bool $quiet_mode = false; + + /** + * Time of last read/write network activity + */ + private float|null $last_packet = null; + + /** + * Exit status returned from ssh if any + */ + private int|null $exit_status = null; + + /** + * Flag to request a PTY when using exec() + * + * @see self::enablePTY() + */ + private bool $request_pty = false; + + /** + * Contents of stdError + */ + private string $stdErrorLog; + + /** + * The Last Interactive Response + * + * @see self::_keyboard_interactive_process() + */ + private string $last_interactive_response = ''; + + /** + * Keyboard Interactive Request / Responses + * + * @see self::_keyboard_interactive_process() + */ + private array $keyboard_requests_responses = []; + + /** + * Banner Message + * + * Quoting from the RFC, "in some jurisdictions, sending a warning message before + * authentication may be relevant for getting legal protection." + * + * @see self::_filter() + * @see self::getBannerMessage() + */ + private string $banner_message = ''; + + /** + * Did read() timeout or return normally? + * + * @see self::isTimeout() + */ + protected bool $is_timeout = false; + + /** + * Log Boundary + * + * @see self::_format_log() + */ + private string $log_boundary = ':'; + + /** + * Log Long Width + * + * @see self::_format_log() + */ + private int $log_long_width = 65; + + /** + * Log Short Width + * + * @see self::_format_log() + */ + private int $log_short_width = 16; + + /** + * Hostname + * + * @see self::__construct() + * @see self::_connect() + */ + private string $host; + + /** + * Port Number + * + * @see self::__construct() + * @see self::connect() + */ + private int $port; + + /** + * Number of columns for terminal window size + * + * @see self::getWindowColumns() + * @see self::setWindowColumns() + * @see self::setWindowSize() + */ + private int $windowColumns = 80; + + /** + * Number of columns for terminal window size + * + * @see self::getWindowRows() + * @see self::setWindowRows() + * @see self::setWindowSize() + */ + private int $windowRows = 24; + + /** + * Crypto Engine + * + * @see self::setCryptoEngine() + * @see self::_key_exchange() + */ + private static int|false $crypto_engine = false; + + /** + * A System_SSH_Agent for use in the SSH2 Agent Forwarding scenario + */ + private Agent $agent; + + /** + * Connection storage to replicates ssh2 extension functionality: + * {@link http://php.net/manual/en/wrappers.ssh2.php#refsect1-wrappers.ssh2-examples} + * + * @var array> + */ + private static array $connections; + + /** + * Send the identification string first? + */ + private bool $send_id_string_first = true; + + /** + * Send the key exchange initiation packet first? + */ + private bool $send_kex_first = true; + + /** + * Some versions of OpenSSH incorrectly calculate the key size + */ + private bool $bad_key_size_fix = false; + + /** + * Should we try to re-connect to re-establish keys? + */ + private bool $login_credentials_finalized = false; + + /** + * Binary Packet Buffer + */ + private object|null $binary_packet_buffer = null; + + /** + * Authentication Credentials + */ + protected array $auth = []; + + /** + * Terminal + */ + private string $term = 'vt100'; + + /** + * The authentication methods that may productively continue authentication. + * + * @see https://tools.ietf.org/html/rfc4252#section-5.1 + */ + private array|null $auth_methods_to_continue = null; + + /** + * Compression method + */ + private int $compress = self::NET_SSH2_COMPRESSION_NONE; + + /** + * Decompression method + */ + private int $decompress = self::NET_SSH2_COMPRESSION_NONE; + + /** + * Compression context + * + * @var resource|false|null + */ + private $compress_context; + + /** + * Decompression context + * + * @var resource|object + */ + private $decompress_context; + + /** + * Regenerate Compression Context + */ + private bool $regenerate_compression_context = false; + + /** + * Regenerate Decompression Context + */ + private bool $regenerate_decompression_context = false; + + /** + * Smart multi-factor authentication flag + */ + private bool $smartMFA = true; + + /** + * How many channels are currently opened + * + * @var int + */ + private $channelCount = 0; + + /** + * Does the server support multiple channels? If not then error out + * when multiple channels are attempted to be opened + * + * @var bool + */ + private $errorOnMultipleChannels; + + /** + * Terrapin Countermeasure + * + * "During initial KEX, terminate the connection if any unexpected or out-of-sequence packet is received" + * -- https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 + * + * @var int + */ + private $extra_packets; + + /** + * Default Constructor. + * + * $host can either be a string, representing the host, or a stream resource. + * If $host is a stream resource then $port doesn't do anything, altho $timeout + * still will be used + * + * @see self::login() + */ + public function __construct($host, int $port = 22, int $timeout = 10) + { + self::$connections[$this->getResourceId()] = \WeakReference::create($this); + + $this->timeout = $timeout; + + if (is_resource($host)) { + $this->fsock = $host; + return; + } + + if (Strings::is_stringable($host)) { + $this->host = $host; + $this->port = $port; + } + } + + /** + * Set Crypto Engine Mode + * + * Possible $engine values: + * OpenSSL, Eval, PHP + */ + public static function setCryptoEngine(int $engine): void + { + self::$crypto_engine = $engine; + } + + /** + * Send Identification String First + * + * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, + * both sides MUST send an identification string". It does not say which side sends it first. In + * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + */ + public function sendIdentificationStringFirst(): void + { + $this->send_id_string_first = true; + } + + /** + * Send Identification String Last + * + * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, + * both sides MUST send an identification string". It does not say which side sends it first. In + * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + */ + public function sendIdentificationStringLast(): void + { + $this->send_id_string_first = false; + } + + /** + * Send SSH_MSG_KEXINIT First + * + * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending + * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory + * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + */ + public function sendKEXINITFirst(): void + { + $this->send_kex_first = true; + } + + /** + * Send SSH_MSG_KEXINIT Last + * + * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending + * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory + * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + */ + public function sendKEXINITLast(): void + { + $this->send_kex_first = false; + } + + /** + * stream_select wrapper + * + * Quoting https://stackoverflow.com/a/14262151/569976, + * "The general approach to `EINTR` is to simply handle the error and retry the operation again" + * + * This wrapper does that loop + */ + private static function stream_select(&$read, &$write, &$except, $seconds, $microseconds = null) + { + $remaining = $seconds + $microseconds / 1000000; + $start = microtime(true); + while (true) { + $result = @stream_select($read, $write, $except, $seconds, $microseconds); + if ($result !== false) { + return $result; + } + $elapsed = microtime(true) - $start; + $seconds = (int) ($remaining - floor($elapsed)); + $microseconds = (int) (1000000 * ($remaining - $seconds)); + if ($elapsed >= $remaining) { + return false; + } + } + } + + /** + * Connect to an SSHv2 server + * + * @throws UnexpectedValueException on receipt of unexpected packets + * @throws RuntimeException on other errors + */ + private function connect() + { + if ($this->bitmap & self::MASK_CONSTRUCTOR) { + return; + } + + $this->bitmap |= self::MASK_CONSTRUCTOR; + + $this->curTimeout = $this->timeout; + + if (!is_resource($this->fsock)) { + $start = microtime(true); + // with stream_select a timeout of 0 means that no timeout takes place; + // with fsockopen a timeout of 0 means that you instantly timeout + // to resolve this incompatibility a timeout of 100,000 will be used for fsockopen if timeout is 0 + $this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $this->curTimeout == 0 ? 100000 : $this->curTimeout); + if (!$this->fsock) { + $host = $this->host . ':' . $this->port; + throw new UnableToConnectException(rtrim("Cannot connect to $host. Error $errno. $errstr")); + } + $elapsed = microtime(true) - $start; + + if ($this->curTimeout) { + $this->curTimeout -= $elapsed; + if ($this->curTimeout < 0) { + throw new RuntimeException('Connection timed out whilst attempting to open socket connection'); + } + } + + if (defined('NET_SSH2_LOGGING')) { + $this->append_log('(fsockopen took ' . round($elapsed, 4) . 's)', ''); + } + } + + $this->identifier = $this->generate_identifier(); + + if ($this->send_id_string_first) { + $start = microtime(true); + fwrite($this->fsock, $this->identifier . "\r\n"); + $elapsed = round(microtime(true) - $start, 4); + if (defined('NET_SSH2_LOGGING')) { + $this->append_log("-> (network: $elapsed)", $this->identifier . "\r\n"); + } + } + + /* According to the SSH2 specs, + + "The server MAY send other lines of data before sending the version + string. Each line SHOULD be terminated by a Carriage Return and Line + Feed. Such lines MUST NOT begin with "SSH-", and SHOULD be encoded + in ISO-10646 UTF-8 [RFC3629] (language is not specified). Clients + MUST be able to process such lines." */ + $data = ''; + $totalElapsed = 0; + while (!feof($this->fsock) && !preg_match('#(.*)^(SSH-(\d\.\d+).*)#ms', $data, $matches)) { + $line = ''; + while (true) { + if ($this->curTimeout) { + if ($this->curTimeout < 0) { + throw new RuntimeException('Connection timed out whilst receiving server identification string'); + } + $read = [$this->fsock]; + $write = $except = null; + $start = microtime(true); + $sec = (int) floor($this->curTimeout); + $usec = (int) (1000000 * ($this->curTimeout - $sec)); + if (static::stream_select($read, $write, $except, $sec, $usec) === false) { + throw new RuntimeException('Connection timed out whilst receiving server identification string'); + } + $elapsed = microtime(true) - $start; + $totalElapsed += $elapsed; + $this->curTimeout -= $elapsed; + } + + $temp = stream_get_line($this->fsock, 255, "\n"); + if ($temp === false) { + throw new RuntimeException('Error reading from socket'); + } + + $line .= $temp; + if (strlen($temp) == 255) { + continue; + } + + $line .= "\n"; + + break; + } + + $data .= $line; + } + + if (defined('NET_SSH2_LOGGING')) { + $this->append_log('<- (network: ' . round($totalElapsed, 4) . ')', $line); + } + + if (feof($this->fsock)) { + $this->bitmap = 0; + throw new ConnectionClosedException('Connection closed by server'); + } + + $extra = $matches[1]; + + $this->server_identifier = trim($data, "\r\n"); + if (strlen($extra)) { + $this->errors[] = $data; + } + + if (version_compare($matches[3], '1.99', '<')) { + $this->bitmap = 0; + throw new UnableToConnectException("Cannot connect to SSH $matches[3] servers"); + } + + // Ubuntu's OpenSSH from 5.8 to 6.9 didn't work with multiple channels. see + // https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1334916 for more info. + // https://lists.ubuntu.com/archives/oneiric-changes/2011-July/005772.html discusses + // when consolekit was incorporated. + // https://marc.info/?l=openssh-unix-dev&m=163409903417589&w=2 discusses some of the + // issues with how Ubuntu incorporated consolekit + $pattern = '#^SSH-2\.0-OpenSSH_([\d.]+)[^ ]* Ubuntu-.*$#'; + $match = preg_match($pattern, $this->server_identifier, $matches); + $match = $match && version_compare('5.8', $matches[1], '<='); + $match = $match && version_compare('6.9', $matches[1], '>='); + $this->errorOnMultipleChannels = $match; + + if (!$this->send_id_string_first) { + $start = microtime(true); + fwrite($this->fsock, $this->identifier . "\r\n"); + $elapsed = round(microtime(true) - $start, 4); + if (defined('NET_SSH2_LOGGING')) { + $this->append_log("-> (network: $elapsed)", $this->identifier . "\r\n"); + } + } + + $this->last_packet = microtime(true); + + if (!$this->send_kex_first) { + $response = $this->get_binary_packet_or_close(MessageType::KEXINIT); + $this->key_exchange($response); + } + + if ($this->send_kex_first) { + $this->key_exchange(); + } + + $this->bitmap |= self::MASK_CONNECTED; + + return true; + } + + /** + * Generates the SSH identifier + * + * You should overwrite this method in your own class if you want to use another identifier + */ + private function generate_identifier(): string + { + $identifier = 'SSH-2.0-phpseclib_3.0'; + + $ext = []; + if (extension_loaded('sodium')) { + $ext[] = 'libsodium'; + } + + if (extension_loaded('openssl')) { + $ext[] = 'openssl'; + } + + if (extension_loaded('gmp')) { + $ext[] = 'gmp'; + } elseif (extension_loaded('bcmath')) { + $ext[] = 'bcmath'; + } + + if (!empty($ext)) { + $identifier .= ' (' . implode(', ', $ext) . ')'; + } + + return $identifier; + } + + /** + * Key Exchange + * + * @param string|bool $kexinit_payload_server optional + * @throws UnexpectedValueException on receipt of unexpected packets + * @throws RuntimeException on other errors + * @throws NoSupportedAlgorithmsException when none of the algorithms phpseclib has loaded are compatible + */ + private function key_exchange($kexinit_payload_server = false): bool + { + $preferred = $this->preferred; + $send_kex = true; + + $kex_algorithms = $preferred['kex'] ?? + SSH2::getSupportedKEXAlgorithms(); + $server_host_key_algorithms = $preferred['hostkey'] ?? + SSH2::getSupportedHostKeyAlgorithms(); + $s2c_encryption_algorithms = $preferred['server_to_client']['crypt'] ?? + SSH2::getSupportedEncryptionAlgorithms(); + $c2s_encryption_algorithms = $preferred['client_to_server']['crypt'] ?? + SSH2::getSupportedEncryptionAlgorithms(); + $s2c_mac_algorithms = $preferred['server_to_client']['mac'] ?? + SSH2::getSupportedMACAlgorithms(); + $c2s_mac_algorithms = $preferred['client_to_server']['mac'] ?? + SSH2::getSupportedMACAlgorithms(); + $s2c_compression_algorithms = $preferred['server_to_client']['comp'] ?? + SSH2::getSupportedCompressionAlgorithms(); + $c2s_compression_algorithms = $preferred['client_to_server']['comp'] ?? + SSH2::getSupportedCompressionAlgorithms(); + + $kex_algorithms = array_merge($kex_algorithms, ['ext-info-c', 'kex-strict-c-v00@openssh.com']); + + // some SSH servers have buggy implementations of some of the above algorithms + switch (true) { + case $this->server_identifier == 'SSH-2.0-SSHD': + case substr($this->server_identifier, 0, 13) == 'SSH-2.0-DLINK': + if (!isset($preferred['server_to_client']['mac'])) { + $s2c_mac_algorithms = array_values(array_diff( + $s2c_mac_algorithms, + ['hmac-sha1-96', 'hmac-md5-96'] + )); + } + if (!isset($preferred['client_to_server']['mac'])) { + $c2s_mac_algorithms = array_values(array_diff( + $c2s_mac_algorithms, + ['hmac-sha1-96', 'hmac-md5-96'] + )); + } + break; + case substr($this->server_identifier, 0, 24) == 'SSH-2.0-TurboFTP_SERVER_': + if (!isset($preferred['server_to_client']['crypt'])) { + $s2c_encryption_algorithms = array_values(array_diff( + $s2c_encryption_algorithms, + ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] + )); + } + if (!isset($preferred['client_to_server']['crypt'])) { + $c2s_encryption_algorithms = array_values(array_diff( + $c2s_encryption_algorithms, + ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] + )); + } + } + + $client_cookie = Random::string(16); + + $kexinit_payload_client = pack('Ca*', MessageType::KEXINIT, $client_cookie); + $kexinit_payload_client .= Strings::packSSH2( + 'L10bN', + $kex_algorithms, + $server_host_key_algorithms, + $c2s_encryption_algorithms, + $s2c_encryption_algorithms, + $c2s_mac_algorithms, + $s2c_mac_algorithms, + $c2s_compression_algorithms, + $s2c_compression_algorithms, + [], // language, client to server + [], // language, server to client + false, // first_kex_packet_follows + 0 // reserved for future extension + ); + + if ($kexinit_payload_server === false) { + $this->send_binary_packet($kexinit_payload_client); + + $this->extra_packets = 0; + $kexinit_payload_server = $this->get_binary_packet_or_close(MessageType::KEXINIT); + $send_kex = false; + } + + $response = $kexinit_payload_server; + Strings::shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT) + $server_cookie = Strings::shift($response, 16); + + [ + $this->kex_algorithms, + $this->server_host_key_algorithms, + $this->encryption_algorithms_client_to_server, + $this->encryption_algorithms_server_to_client, + $this->mac_algorithms_client_to_server, + $this->mac_algorithms_server_to_client, + $this->compression_algorithms_client_to_server, + $this->compression_algorithms_server_to_client, + $this->languages_client_to_server, + $this->languages_server_to_client, + $first_kex_packet_follows + ] = Strings::unpackSSH2('L10C', $response); + if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { + if ($this->session_id === false && $this->extra_packets) { + throw new \UnexpectedValueException('Possible Terrapin Attack detected'); + } + } + + $this->supported_private_key_algorithms = $this->server_host_key_algorithms; + + if ($send_kex) { + $this->send_binary_packet($kexinit_payload_client); + } + + // we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange + + // we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the + // diffie-hellman key exchange as fast as possible + $decrypt = self::array_intersect_first($s2c_encryption_algorithms, $this->encryption_algorithms_server_to_client); + if (!$decrypt || ($decryptKeyLength = $this->encryption_algorithm_to_key_size($decrypt)) === null) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server to client encryption algorithms found'); + } + + $encrypt = self::array_intersect_first($c2s_encryption_algorithms, $this->encryption_algorithms_client_to_server); + if (!$encrypt || ($encryptKeyLength = $this->encryption_algorithm_to_key_size($encrypt)) === null) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible client to server encryption algorithms found'); + } + + // through diffie-hellman key exchange a symmetric key is obtained + $this->kex_algorithm = self::array_intersect_first($kex_algorithms, $this->kex_algorithms); + if ($this->kex_algorithm === false) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible key exchange algorithms found'); + } + + $server_host_key_algorithm = self::array_intersect_first($server_host_key_algorithms, $this->server_host_key_algorithms); + if ($server_host_key_algorithm === false) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server host key algorithms found'); + } + + $mac_algorithm_out = self::array_intersect_first($c2s_mac_algorithms, $this->mac_algorithms_client_to_server); + if ($mac_algorithm_out === false) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible client to server message authentication algorithms found'); + } + + $mac_algorithm_in = self::array_intersect_first($s2c_mac_algorithms, $this->mac_algorithms_server_to_client); + if ($mac_algorithm_in === false) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server to client message authentication algorithms found'); + } + + $compression_map = [ + 'none' => self::NET_SSH2_COMPRESSION_NONE, + 'zlib' => self::NET_SSH2_COMPRESSION_ZLIB, + 'zlib@openssh.com' => self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH, + ]; + + $compression_algorithm_in = self::array_intersect_first($s2c_compression_algorithms, $this->compression_algorithms_server_to_client); + if ($compression_algorithm_in === false) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server to client compression algorithms found'); + } + $this->decompress = $compression_map[$compression_algorithm_in]; + + $compression_algorithm_out = self::array_intersect_first($c2s_compression_algorithms, $this->compression_algorithms_client_to_server); + if ($compression_algorithm_out === false) { + $this->disconnect_helper(DisconnectReason::KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible client to server compression algorithms found'); + } + $this->compress = $compression_map[$compression_algorithm_out]; + + switch ($this->kex_algorithm) { + case 'diffie-hellman-group15-sha512': + case 'diffie-hellman-group16-sha512': + case 'diffie-hellman-group17-sha512': + case 'diffie-hellman-group18-sha512': + case 'ecdh-sha2-nistp521': + $kexHash = new Hash('sha512'); + break; + case 'ecdh-sha2-nistp384': + $kexHash = new Hash('sha384'); + break; + case 'diffie-hellman-group-exchange-sha256': + case 'diffie-hellman-group14-sha256': + case 'ecdh-sha2-nistp256': + case 'curve25519-sha256@libssh.org': + case 'curve25519-sha256': + $kexHash = new Hash('sha256'); + break; + default: + $kexHash = new Hash('sha1'); + } + + // Only relevant in diffie-hellman-group-exchange-sha{1,256}, otherwise empty. + + $exchange_hash_rfc4419 = ''; + + if (str_starts_with($this->kex_algorithm, 'curve25519-sha256') || str_starts_with($this->kex_algorithm, 'ecdh-sha2-nistp')) { + $curve = str_starts_with($this->kex_algorithm, 'curve25519-sha256') ? + 'Curve25519' : + substr($this->kex_algorithm, 10); + $ourPrivate = EC::createKey($curve); + $ourPublicBytes = $ourPrivate->getPublicKey()->getEncodedCoordinates(); + $clientKexInitMessage = MessageTypeExtra::KEX_ECDH_INIT; + $serverKexReplyMessage = MessageTypeExtra::KEX_ECDH_REPLY; + } else { + if (str_starts_with($this->kex_algorithm, 'diffie-hellman-group-exchange')) { + $dh_group_sizes_packed = pack( + 'NNN', + $this->kex_dh_group_size_min, + $this->kex_dh_group_size_preferred, + $this->kex_dh_group_size_max + ); + $packet = pack( + 'Ca*', + MessageTypeExtra::KEXDH_GEX_REQUEST, + $dh_group_sizes_packed + ); + $this->send_binary_packet($packet); + $this->updateLogHistory('UNKNOWN (34)', 'SSH_MSG_KEXDH_GEX_REQUEST'); + + $response = $this->get_binary_packet_or_close(MessageTypeExtra::KEXDH_GEX_GROUP); + [$type, $primeBytes, $gBytes] = Strings::unpackSSH2('Css', $response); + $this->updateLogHistory('UNKNOWN (31)', 'SSH_MSG_KEXDH_GEX_GROUP'); + + $prime = new BigInteger($primeBytes, -256); + $g = new BigInteger($gBytes, -256); + + $exchange_hash_rfc4419 = $dh_group_sizes_packed . Strings::packSSH2( + 'ss', + $primeBytes, + $gBytes + ); + + $params = DH::createParameters($prime, $g); + $clientKexInitMessage = MessageTypeExtra::KEXDH_GEX_INIT; + $serverKexReplyMessage = MessageTypeExtra::KEXDH_GEX_REPLY; + } else { + $params = DH::createParameters($this->kex_algorithm); + $clientKexInitMessage = MessageType::KEXDH_INIT; + $serverKexReplyMessage = MessageType::KEXDH_REPLY; + } + + $keyLength = min($kexHash->getLengthInBytes(), max($encryptKeyLength, $decryptKeyLength)); + + $ourPrivate = DH::createKey($params, 16 * $keyLength); // 2 * 8 * $keyLength + $ourPublic = $ourPrivate->getPublicKey()->toBigInteger(); + $ourPublicBytes = $ourPublic->toBytes(true); + } + + $data = pack('CNa*', $clientKexInitMessage, strlen($ourPublicBytes), $ourPublicBytes); + + $this->send_binary_packet($data); + + switch ($clientKexInitMessage) { + case MessageTypeExtra::KEX_ECDH_INIT: + $this->updateLogHistory('SSH_MSG_KEXDH_INIT', 'SSH_MSG_KEX_ECDH_INIT'); + break; + case MessageTypeExtra::KEXDH_GEX_INIT: + $this->updateLogHistory('UNKNOWN (32)', 'SSH_MSG_KEXDH_GEX_INIT'); + } + + $response = $this->get_binary_packet_or_close($serverKexReplyMessage); + + [ + $type, + $server_public_host_key, + $theirPublicBytes, + $this->signature + ] = Strings::unpackSSH2('Csss', $response); + + switch ($serverKexReplyMessage) { + case MessageTypeExtra::KEX_ECDH_REPLY: + $this->updateLogHistory('SSH_MSG_KEXDH_REPLY', 'SSH_MSG_KEX_ECDH_REPLY'); + break; + case MessageTypeExtra::KEXDH_GEX_REPLY: + $this->updateLogHistory('UNKNOWN (33)', 'SSH_MSG_KEXDH_GEX_REPLY'); + } + + $this->server_public_host_key = $server_public_host_key; + [$public_key_format] = Strings::unpackSSH2('s', $server_public_host_key); + if (strlen($this->signature) < 4) { + throw new LengthException('The signature needs at least four bytes'); + } + $temp = unpack('Nlength', substr($this->signature, 0, 4)); + $this->signature_format = substr($this->signature, 4, $temp['length']); + + $keyBytes = DH::computeSecret($ourPrivate, $theirPublicBytes); + if (($keyBytes & "\xFF\x80") === "\x00\x00") { + $keyBytes = substr($keyBytes, 1); + } elseif (($keyBytes[0] & "\x80") === "\x80") { + $keyBytes = "\0$keyBytes"; + } + + $this->exchange_hash = Strings::packSSH2( + 's5', + $this->identifier, + $this->server_identifier, + $kexinit_payload_client, + $kexinit_payload_server, + $this->server_public_host_key + ); + $this->exchange_hash .= $exchange_hash_rfc4419; + $this->exchange_hash .= Strings::packSSH2( + 's3', + $ourPublicBytes, + $theirPublicBytes, + $keyBytes + ); + + $this->exchange_hash = $kexHash->hash($this->exchange_hash); + + if ($this->session_id === false) { + $this->session_id = $this->exchange_hash; + } + + switch ($server_host_key_algorithm) { + case 'rsa-sha2-256': + case 'rsa-sha2-512': + //case 'ssh-rsa': + $expected_key_format = 'ssh-rsa'; + break; + default: + $expected_key_format = $server_host_key_algorithm; + } + if ($public_key_format != $expected_key_format || $this->signature_format != $server_host_key_algorithm) { + switch (true) { + case $this->signature_format == $server_host_key_algorithm: + case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512': + case $this->signature_format != 'ssh-rsa': + $this->disconnect_helper(DisconnectReason::HOST_KEY_NOT_VERIFIABLE); + throw new RuntimeException('Server Host Key Algorithm Mismatch (' . $this->signature_format . ' vs ' . $server_host_key_algorithm . ')'); + } + } + + $packet = pack('C', MessageType::NEWKEYS); + $this->send_binary_packet($packet); + + $response = $this->get_binary_packet_or_close(MessageType::NEWKEYS); + + if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { + $this->get_seq_no = $this->send_seq_no = 0; + } + + $keyBytes = pack('Na*', strlen($keyBytes), $keyBytes); + + $this->encrypt = self::encryption_algorithm_to_crypt_instance($encrypt); + if ($this->encrypt) { + if (self::$crypto_engine) { + $this->encrypt->setPreferredEngine(self::$crypto_engine); + } + if ($this->encrypt->getBlockLengthInBytes()) { + $this->encrypt_block_size = $this->encrypt->getBlockLengthInBytes(); + } + $this->encrypt->disablePadding(); + + if ($this->encrypt->usesIV()) { + $iv = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id); + while ($this->encrypt_block_size > strlen($iv)) { + $iv .= $kexHash->hash($keyBytes . $this->exchange_hash . $iv); + } + $this->encrypt->setIV(substr($iv, 0, $this->encrypt_block_size)); + } + + switch ($encrypt) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id); + $this->encryptFixedPart = substr($nonce, 0, 4); + $this->encryptInvocationCounter = substr($nonce, 4, 8); + // fall-through + case 'chacha20-poly1305@openssh.com': + break; + default: + $this->encrypt->enableContinuousBuffer(); + } + + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'C' . $this->session_id); + while ($encryptKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + switch ($encrypt) { + case 'chacha20-poly1305@openssh.com': + $encryptKeyLength = 32; + $this->lengthEncrypt = self::encryption_algorithm_to_crypt_instance($encrypt); + $this->lengthEncrypt->setKey(substr($key, 32, 32)); + } + $this->encrypt->setKey(substr($key, 0, $encryptKeyLength)); + $this->encryptName = $encrypt; + } + + $this->decrypt = self::encryption_algorithm_to_crypt_instance($decrypt); + if ($this->decrypt) { + if (self::$crypto_engine) { + $this->decrypt->setPreferredEngine(self::$crypto_engine); + } + if ($this->decrypt->getBlockLengthInBytes()) { + $this->decrypt_block_size = $this->decrypt->getBlockLengthInBytes(); + } + $this->decrypt->disablePadding(); + + if ($this->decrypt->usesIV()) { + $iv = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id); + while ($this->decrypt_block_size > strlen($iv)) { + $iv .= $kexHash->hash($keyBytes . $this->exchange_hash . $iv); + } + $this->decrypt->setIV(substr($iv, 0, $this->decrypt_block_size)); + } + + switch ($decrypt) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + // see https://tools.ietf.org/html/rfc5647#section-7.1 + $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id); + $this->decryptFixedPart = substr($nonce, 0, 4); + $this->decryptInvocationCounter = substr($nonce, 4, 8); + // fall-through + case 'chacha20-poly1305@openssh.com': + break; + default: + $this->decrypt->enableContinuousBuffer(); + } + + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'D' . $this->session_id); + while ($decryptKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + switch ($decrypt) { + case 'chacha20-poly1305@openssh.com': + $decryptKeyLength = 32; + $this->lengthDecrypt = self::encryption_algorithm_to_crypt_instance($decrypt); + $this->lengthDecrypt->setKey(substr($key, 32, 32)); + } + $this->decrypt->setKey(substr($key, 0, $decryptKeyLength)); + $this->decryptName = $decrypt; + } + + /* The "arcfour128" algorithm is the RC4 cipher, as described in + [SCHNEIER], using a 128-bit key. The first 1536 bytes of keystream + generated by the cipher MUST be discarded, and the first byte of the + first encrypted packet MUST be encrypted using the 1537th byte of + keystream. + + -- http://tools.ietf.org/html/rfc4345#section-4 */ + if ($encrypt == 'arcfour128' || $encrypt == 'arcfour256') { + $this->encrypt->encrypt(str_repeat("\0", 1536)); + } + if ($decrypt == 'arcfour128' || $decrypt == 'arcfour256') { + $this->decrypt->decrypt(str_repeat("\0", 1536)); + } + + if (!$this->encrypt->usesNonce()) { + [$this->hmac_create, $createKeyLength] = self::mac_algorithm_to_hash_instance($mac_algorithm_out); + } else { + $this->hmac_create = new \stdClass(); + $this->hmac_create_name = $mac_algorithm_out; + //$mac_algorithm_out = 'none'; + $createKeyLength = 0; + } + + if ($this->hmac_create instanceof Hash) { + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'E' . $this->session_id); + while ($createKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + $this->hmac_create->setKey(substr($key, 0, $createKeyLength)); + $this->hmac_create_name = $mac_algorithm_out; + $this->hmac_create_etm = preg_match('#-etm@openssh\.com$#', $mac_algorithm_out); + } + + if (!$this->decrypt->usesNonce()) { + [$this->hmac_check, $checkKeyLength] = self::mac_algorithm_to_hash_instance($mac_algorithm_in); + $this->hmac_size = $this->hmac_check->getLengthInBytes(); + } else { + $this->hmac_check = new \stdClass(); + $this->hmac_check_name = $mac_algorithm_in; + //$mac_algorithm_in = 'none'; + $checkKeyLength = 0; + $this->hmac_size = 0; + } + + if ($this->hmac_check instanceof Hash) { + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'F' . $this->session_id); + while ($checkKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + $this->hmac_check->setKey(substr($key, 0, $checkKeyLength)); + $this->hmac_check_name = $mac_algorithm_in; + $this->hmac_check_etm = preg_match('#-etm@openssh\.com$#', $mac_algorithm_in); + } + + $this->regenerate_compression_context = $this->regenerate_decompression_context = true; + + return true; + } + + /** + * Maps an encryption algorithm name to the number of key bytes. + * + * @param string $algorithm Name of the encryption algorithm + * @return int|null Number of bytes as an integer or null for unknown + */ + private function encryption_algorithm_to_key_size(string $algorithm): ?int + { + if ($this->bad_key_size_fix && self::bad_algorithm_candidate($algorithm)) { + return 16; + } + + switch ($algorithm) { + case 'none': + return 0; + case 'aes128-gcm@openssh.com': + case 'aes128-cbc': + case 'aes128-ctr': + case 'arcfour': + case 'arcfour128': + case 'blowfish-cbc': + case 'blowfish-ctr': + case 'twofish128-cbc': + case 'twofish128-ctr': + return 16; + case '3des-cbc': + case '3des-ctr': + case 'aes192-cbc': + case 'aes192-ctr': + case 'twofish192-cbc': + case 'twofish192-ctr': + return 24; + case 'aes256-gcm@openssh.com': + case 'aes256-cbc': + case 'aes256-ctr': + case 'arcfour256': + case 'twofish-cbc': + case 'twofish256-cbc': + case 'twofish256-ctr': + return 32; + case 'chacha20-poly1305@openssh.com': + return 64; + } + return null; + } + + /** + * Maps an encryption algorithm name to an instance of a subclass of + * \phpseclib3\Crypt\Common\SymmetricKey. + * + * @param string $algorithm Name of the encryption algorithm + * @return SymmetricKey|null + */ + private static function encryption_algorithm_to_crypt_instance(string $algorithm) + { + switch ($algorithm) { + case '3des-cbc': + return new TripleDES('cbc'); + case '3des-ctr': + return new TripleDES('ctr'); + case 'aes256-cbc': + case 'aes192-cbc': + case 'aes128-cbc': + return new Rijndael('cbc'); + case 'aes256-ctr': + case 'aes192-ctr': + case 'aes128-ctr': + return new Rijndael('ctr'); + case 'blowfish-cbc': + return new Blowfish('cbc'); + case 'blowfish-ctr': + return new Blowfish('ctr'); + case 'twofish128-cbc': + case 'twofish192-cbc': + case 'twofish256-cbc': + case 'twofish-cbc': + return new Twofish('cbc'); + case 'twofish128-ctr': + case 'twofish192-ctr': + case 'twofish256-ctr': + return new Twofish('ctr'); + case 'arcfour': + case 'arcfour128': + case 'arcfour256': + return new RC4(); + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + return new Rijndael('gcm'); + case 'chacha20-poly1305@openssh.com': + return new ChaCha20(); + } + return null; + } + + /** + * Maps an encryption algorithm name to an instance of a subclass of + * \phpseclib3\Crypt\Hash. + * + * @param string $algorithm Name of the encryption algorithm + * @return array{Hash, int}|null + */ + private static function mac_algorithm_to_hash_instance(string $algorithm): ?array + { + switch ($algorithm) { + case 'umac-64@openssh.com': + case 'umac-64-etm@openssh.com': + return [new Hash('umac-64'), 16]; + case 'umac-128@openssh.com': + case 'umac-128-etm@openssh.com': + return [new Hash('umac-128'), 16]; + case 'hmac-sha2-512': + case 'hmac-sha2-512-etm@openssh.com': + return [new Hash('sha512'), 64]; + case 'hmac-sha2-256': + case 'hmac-sha2-256-etm@openssh.com': + return [new Hash('sha256'), 32]; + case 'hmac-sha1': + case 'hmac-sha1-etm@openssh.com': + return [new Hash('sha1'), 20]; + case 'hmac-sha1-96': + return [new Hash('sha1-96'), 20]; + case 'hmac-md5': + return [new Hash('md5'), 16]; + case 'hmac-md5-96': + return [new Hash('md5-96'), 16]; + } + } + + /** + * Tests whether or not proposed algorithm has a potential for issues + * + * @link https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html + * @link https://bugzilla.mindrot.org/show_bug.cgi?id=1291 + * @param string $algorithm Name of the encryption algorithm + */ + private static function bad_algorithm_candidate($algorithm): bool + { + switch ($algorithm) { + case 'arcfour256': + case 'aes192-ctr': + case 'aes256-ctr': + return true; + } + + return false; + } + + /** + * Login + * + * The $password parameter can be a plaintext password, a \phpseclib3\Crypt\RSA|EC|DSA object, a \phpseclib3\System\SSH\Agent object or an array + * + * @param string|PrivateKey|array[]|Agent|null ...$args + * @see self::_login() + */ + public function login(string $username, ...$args): bool + { + if (!$this->login_credentials_finalized) { + $this->auth[] = func_get_args(); + } + + // try logging with 'none' as an authentication method first since that's what + // PuTTY does + if ( + substr($this->server_identifier ?: '', 0, 15) !== 'SSH-2.0-CoreFTP' && + $this->auth_methods_to_continue === null + ) { + if ($this->sublogin($username)) { + return true; + } + if (!count($args)) { + return false; + } + } + return $this->sublogin($username, ...$args); + } + + /** + * Login Helper + * + * @param string|PrivateKey|array[]|Agent|null ...$args + * @see self::_login_helper() + */ + protected function sublogin(string $username, ...$args): bool + { + if (!($this->bitmap & self::MASK_CONSTRUCTOR)) { + $this->connect(); + } + + if (empty($args)) { + return $this->login_helper($username); + } + + foreach ($args as $arg) { + switch (true) { + case $arg instanceof PublicKey: + throw new UnexpectedValueException('A PublicKey object was passed to the login method instead of a PrivateKey object'); + case $arg instanceof PrivateKey: + case $arg instanceof Agent: + case is_array($arg): + case Strings::is_stringable($arg): + break; + default: + throw new UnexpectedValueException('$password needs to either be an instance of \phpseclib3\Crypt\Common\PrivateKey, \System\SSH\Agent, an array or a string'); + } + } + + while (count($args)) { + if (!$this->auth_methods_to_continue || !$this->smartMFA) { + $newargs = $args; + $args = []; + } else { + $newargs = []; + foreach ($this->auth_methods_to_continue as $method) { + switch ($method) { + case 'publickey': + foreach ($args as $key => $arg) { + if ($arg instanceof PrivateKey || $arg instanceof Agent) { + $newargs[] = $arg; + unset($args[$key]); + break; + } + } + break; + case 'keyboard-interactive': + $hasArray = $hasString = false; + foreach ($args as $arg) { + if ($hasArray || is_array($arg)) { + $hasArray = true; + break; + } + if ($hasString || Strings::is_stringable($arg)) { + $hasString = true; + break; + } + } + if ($hasArray && $hasString) { + foreach ($args as $key => $arg) { + if (is_array($arg)) { + $newargs[] = $arg; + break 2; + } + } + } + // fall-through + case 'password': + foreach ($args as $key => $arg) { + $newargs[] = $arg; + unset($args[$key]); + break; + } + } + } + } + + if (!count($newargs)) { + return false; + } + + foreach ($newargs as $arg) { + if ($this->login_helper($username, $arg)) { + $this->login_credentials_finalized = true; + return true; + } + } + } + return false; + } + + /** + * Login Helper + * + * {@internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis} + * by sending dummy SSH_MSG_IGNORE messages.} + * + * @throws UnexpectedValueException on receipt of unexpected packets + * @throws RuntimeException on other errors + */ + private function login_helper(string $username, $password = null): bool + { + if (!($this->bitmap & self::MASK_CONNECTED)) { + return false; + } + + if (!($this->bitmap & self::MASK_LOGIN_REQ)) { + $packet = Strings::packSSH2('Cs', MessageType::SERVICE_REQUEST, 'ssh-userauth'); + $this->send_binary_packet($packet); + + try { + $response = $this->get_binary_packet_or_close(MessageType::SERVICE_ACCEPT); + } catch (InvalidPacketLengthException $e) { + // the first opportunity to encounter the "bad key size" error + if (!$this->bad_key_size_fix && $this->decryptName != null && self::bad_algorithm_candidate($this->decryptName)) { + // bad_key_size_fix is only ever re-assigned to true here + // retry the connection with that new setting but we'll + // only try it once. + $this->bad_key_size_fix = true; + return $this->reconnect(); + } + throw $e; + } + + [$type] = Strings::unpackSSH2('C', $response); + [$service] = Strings::unpackSSH2('s', $response); + + if ($service != 'ssh-userauth') { + $this->disconnect_helper(DisconnectReason::PROTOCOL_ERROR); + throw new \UnexpectedValueException('Expected SSH_MSG_SERVICE_ACCEPT'); + } + $this->bitmap |= self::MASK_LOGIN_REQ; + } + + if (strlen($this->last_interactive_response)) { + return !Strings::is_stringable($password) && !is_array($password) ? false : $this->keyboard_interactive_process($password); + } + + if ($password instanceof PrivateKey) { + return $this->privatekey_login($username, $password); + } + + if ($password instanceof Agent) { + return $this->ssh_agent_login($username, $password); + } + + if (is_array($password)) { + if ($this->keyboard_interactive_login($username, $password)) { + $this->bitmap |= self::MASK_LOGIN; + return true; + } + return false; + } + + if (!isset($password)) { + $packet = Strings::packSSH2( + 'Cs3', + MessageType::USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'none' + ); + + $this->send_binary_packet($packet); + + $response = $this->get_binary_packet_or_close(); + + [$type] = Strings::unpackSSH2('C', $response); + switch ($type) { + case MessageType::USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + case MessageType::USERAUTH_FAILURE: + [$auth_methods] = Strings::unpackSSH2('L', $response); + $this->auth_methods_to_continue = $auth_methods; + // fall-through + default: + return false; + } + } + + $packet = Strings::packSSH2( + 'Cs3bs', + MessageType::USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'password', + false, + $password + ); + + // remove the username and password from the logged packet + if (!defined('NET_SSH2_LOGGING')) { + $logged = null; + } else { + $logged = Strings::packSSH2( + 'Cs3bs', + MessageType::USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'password', + false, + 'password' + ); + } + + $this->send_binary_packet($packet, $logged); + + $response = $this->get_binary_packet_or_close(); + [$type] = Strings::unpackSSH2('C', $response); + + switch ($type) { + case MessageTypeExtra::USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed + $this->updateLogHistory('SSH_MSG_USERAUTH_INFO_REQUEST', 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ'); + + [$message] = Strings::unpackSSH2('s', $response); + $this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . $message; + + return $this->disconnect_helper(DisconnectReason::AUTH_CANCELLED_BY_USER); + case MessageType::USERAUTH_FAILURE: + // can we use keyboard-interactive authentication? if not then either the login is bad or the server employees + // multi-factor authentication + [$auth_methods, $partial_success] = Strings::unpackSSH2('Lb', $response); + $this->auth_methods_to_continue = $auth_methods; + if (!$partial_success && in_array('keyboard-interactive', $auth_methods)) { + if ($this->keyboard_interactive_login($username, $password)) { + $this->bitmap |= self::MASK_LOGIN; + return true; + } + return false; + } + return false; + case MessageType::USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + } + + return false; + } + + /** + * Login via keyboard-interactive authentication + * + * See {@link http://tools.ietf.org/html/rfc4256 RFC4256} for details. This is not a full-featured keyboard-interactive authenticator. + * + * @param string|array $password + */ + private function keyboard_interactive_login(string $username, $password): bool + { + $packet = Strings::packSSH2( + 'Cs5', + MessageType::USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'keyboard-interactive', + '', // language tag + '' // submethods + ); + $this->send_binary_packet($packet); + + return $this->keyboard_interactive_process($password); + } + + /** + * Handle the keyboard-interactive requests / responses. + * + * @throws RuntimeException on connection error + */ + private function keyboard_interactive_process(...$responses) + { + if (strlen($this->last_interactive_response)) { + $response = $this->last_interactive_response; + } else { + $orig = $response = $this->get_binary_packet_or_close(); + } + + [$type] = Strings::unpackSSH2('C', $response); + switch ($type) { + case MessageType::USERAUTH_INFO_REQUEST: + [ + , // name; may be empty + , // instruction; may be empty + , // language tag; may be empty + $num_prompts + ] = Strings::unpackSSH2('s3N', $response); + + for ($i = 0; $i < count($responses); $i++) { + if (is_array($responses[$i])) { + foreach ($responses[$i] as $key => $value) { + $this->keyboard_requests_responses[$key] = $value; + } + unset($responses[$i]); + } + } + $responses = array_values($responses); + + if (isset($this->keyboard_requests_responses)) { + for ($i = 0; $i < $num_prompts; $i++) { + [ + $prompt, // prompt - ie. "Password: "; must not be empty + // echo + ] = Strings::unpackSSH2('sC', $response); + foreach ($this->keyboard_requests_responses as $key => $value) { + if (substr($prompt, 0, strlen($key)) == $key) { + $responses[] = $value; + break; + } + } + } + } + + // see http://tools.ietf.org/html/rfc4256#section-3.2 + if (strlen($this->last_interactive_response)) { + $this->last_interactive_response = ''; + } else { + $this->updateLogHistory('UNKNOWN (60)', 'SSH_MSG_USERAUTH_INFO_REQUEST'); + } + + if (!count($responses) && $num_prompts) { + $this->last_interactive_response = $orig; + return false; + } + + /* + After obtaining the requested information from the user, the client + MUST respond with an SSH_MSG_USERAUTH_INFO_RESPONSE message. + */ + // see http://tools.ietf.org/html/rfc4256#section-3.4 + $packet = $logged = pack('CN', MessageType::USERAUTH_INFO_RESPONSE, count($responses)); + for ($i = 0; $i < count($responses); $i++) { + $packet .= Strings::packSSH2('s', $responses[$i]); + $logged .= Strings::packSSH2('s', 'dummy-answer'); + } + + $this->send_binary_packet($packet, $logged); + + $this->updateLogHistory('UNKNOWN (61)', 'SSH_MSG_USERAUTH_INFO_RESPONSE'); + + /* + After receiving the response, the server MUST send either an + SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another + SSH_MSG_USERAUTH_INFO_REQUEST message. + */ + // maybe phpseclib should force close the connection after x request / responses? unless something like that is done + // there could be an infinite loop of request / responses. + return $this->keyboard_interactive_process(); + case MessageType::USERAUTH_SUCCESS: + return true; + case MessageType::USERAUTH_FAILURE: + [$auth_methods] = Strings::unpackSSH2('L', $response); + $this->auth_methods_to_continue = $auth_methods; + return false; + } + + return false; + } + + /** + * Login with an ssh-agent provided key + */ + private function ssh_agent_login(string $username, Agent $agent): bool + { + $this->agent = $agent; + $keys = $agent->requestIdentities(); + $orig_algorithms = $this->supported_private_key_algorithms; + foreach ($keys as $key) { + if ($this->privatekey_login($username, $key)) { + return true; + } + $this->supported_private_key_algorithms = $orig_algorithms; + } + + return false; + } + + /** + * Login with an RSA private key + * + * {@internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis} + * by sending dummy SSH_MSG_IGNORE messages.} + * + * @throws RuntimeException on connection error + */ + private function privatekey_login(string $username, PrivateKey $privatekey): bool + { + $publickey = $privatekey->getPublicKey(); + + if ($publickey instanceof RSA) { + $privatekey = $privatekey->withPadding(RSA::SIGNATURE_PKCS1); + $algos = ['rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa']; + if (isset($this->preferred['hostkey'])) { + $algos = array_intersect($algos, $this->preferred['hostkey']); + } + $algo = self::array_intersect_first($algos, $this->supported_private_key_algorithms); + switch ($algo) { + case 'rsa-sha2-512': + $hash = 'sha512'; + $signatureType = 'rsa-sha2-512'; + break; + case 'rsa-sha2-256': + $hash = 'sha256'; + $signatureType = 'rsa-sha2-256'; + break; + //case 'ssh-rsa': + default: + $hash = 'sha1'; + $signatureType = 'ssh-rsa'; + } + } elseif ($publickey instanceof EC) { + $privatekey = $privatekey->withSignatureFormat('SSH2'); + $curveName = $privatekey->getCurve(); + switch ($curveName) { + case 'Ed25519': + $hash = 'sha512'; + $signatureType = 'ssh-ed25519'; + break; + case 'secp256r1': // nistp256 + $hash = 'sha256'; + $signatureType = 'ecdsa-sha2-nistp256'; + break; + case 'secp384r1': // nistp384 + $hash = 'sha384'; + $signatureType = 'ecdsa-sha2-nistp384'; + break; + case 'secp521r1': // nistp521 + $hash = 'sha512'; + $signatureType = 'ecdsa-sha2-nistp521'; + break; + default: + if (is_array($curveName)) { + throw new UnsupportedCurveException('Specified Curves are not supported by SSH2'); + } + throw new UnsupportedCurveException('Named Curve of ' . $curveName . ' is not supported by phpseclib3\'s SSH2 implementation'); + } + } elseif ($publickey instanceof DSA) { + $privatekey = $privatekey->withSignatureFormat('SSH2'); + $hash = 'sha1'; + $signatureType = 'ssh-dss'; + } else { + throw new UnsupportedAlgorithmException('Please use either an RSA key, an EC one or a DSA key'); + } + + $publickeyStr = $publickey->toString('OpenSSH', ['binary' => true]); + + $part1 = Strings::packSSH2( + 'Csss', + MessageType::USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'publickey' + ); + $part2 = Strings::packSSH2('ss', $signatureType, $publickeyStr); + + $packet = $part1 . chr(0) . $part2; + $this->send_binary_packet($packet); + + $response = $this->get_binary_packet_or_close( + MessageType::USERAUTH_SUCCESS, + MessageType::USERAUTH_FAILURE, + MessageTypeExtra::USERAUTH_PK_OK + ); + + [$type] = Strings::unpackSSH2('C', $response); + switch ($type) { + case MessageType::USERAUTH_FAILURE: + [$auth_methods] = Strings::unpackSSH2('L', $response); + if (in_array('publickey', $auth_methods) && substr($signatureType, 0, 9) == 'rsa-sha2-') { + $this->supported_private_key_algorithms = array_diff($this->supported_private_key_algorithms, ['rsa-sha2-256', 'rsa-sha2-512']); + return $this->privatekey_login($username, $privatekey); + } + $this->auth_methods_to_continue = $auth_methods; + $this->errors[] = 'SSH_MSG_USERAUTH_FAILURE'; + return false; + case MessageTypeExtra::USERAUTH_PK_OK: + // we'll just take it on faith that the public key blob and the public key algorithm name are as + // they should be + $this->updateLogHistory('SSH_MSG_USERAUTH_INFO_REQUEST', 'SSH_MSG_USERAUTH_PK_OK'); + break; + case MessageType::USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + } + + $packet = $part1 . chr(1) . $part2; + $privatekey = $privatekey->withHash($hash); + $signature = $privatekey->sign(Strings::packSSH2('s', $this->session_id) . $packet); + if ($publickey instanceof RSA) { + $signature = Strings::packSSH2('ss', $signatureType, $signature); + } + $packet .= Strings::packSSH2('s', $signature); + + $this->send_binary_packet($packet); + + $response = $this->get_binary_packet_or_close( + MessageType::USERAUTH_SUCCESS, + MessageType::USERAUTH_FAILURE + ); + + [$type] = Strings::unpackSSH2('C', $response); + switch ($type) { + case MessageType::USERAUTH_FAILURE: + // either the login is bad or the server employs multi-factor authentication + [$auth_methods] = Strings::unpackSSH2('L', $response); + $this->auth_methods_to_continue = $auth_methods; + return false; + case MessageType::USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + } + } + + /** + * Return the currently configured timeout + */ + public function getTimeout(): int + { + return $this->timeout; + } + + /** + * Set Timeout + * + * $ssh->exec('ping 127.0.0.1'); on a Linux host will never return and will run indefinitely. setTimeout() makes it so it'll timeout. + * Setting $timeout to false or 0 will revert to the default socket timeout. + */ + public function setTimeout(int $timeout): void + { + $this->timeout = $this->curTimeout = $timeout; + } + + /** + * Set Keep Alive + * + * Sends an SSH2_MSG_IGNORE message every x seconds, if x is a positive non-zero number. + */ + public function setKeepAlive(int $interval): void + { + $this->keepAlive = $interval; + } + + /** + * Get the output from stdError + */ + public function getStdError(): string + { + return $this->stdErrorLog; + } + + /** + * Execute Command + * + * If $callback is set to false then \phpseclib3\Net\SSH2::get_channel_packet(self::CHANNEL_EXEC) will need to be called manually. + * In all likelihood, this is not a feature you want to be taking advantage of. + * + * @return string|bool + * @psalm-return ($callback is callable ? bool : string|bool) + * @throws RuntimeException on connection error + */ + public function exec(string $command, ?callable $callback = null) + { + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + $this->stdErrorLog = ''; + + if (!$this->isAuthenticated()) { + return false; + } + + //if ($this->isPTYOpen()) { + // throw new RuntimeException('If you want to run multiple exec()\'s you will need to disable (and re-enable if appropriate) a PTY for each one.'); + //} + + $this->open_channel(self::CHANNEL_EXEC); + + if ($this->request_pty === true) { + $terminal_modes = pack('C', TerminalMode::TTY_OP_END); + $packet = Strings::packSSH2( + 'CNsCsN4s', + MessageType::CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_EXEC], + 'pty-req', + 1, + $this->term, + $this->windowColumns, + $this->windowRows, + 0, + 0, + $terminal_modes + ); + + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_EXEC] = MessageType::CHANNEL_REQUEST; + if (!$this->get_channel_packet(self::CHANNEL_EXEC)) { + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + throw new RuntimeException('Unable to request pseudo-terminal'); + } + } + + // sending a pty-req SSH_MSG_CHANNEL_REQUEST message is unnecessary and, in fact, in most cases, slows things + // down. the one place where it might be desirable is if you're doing something like \phpseclib3\Net\SSH2::exec('ping localhost &'). + // with a pty-req SSH_MSG_CHANNEL_REQUEST, exec() will return immediately and the ping process will then + // then immediately terminate. without such a request exec() will loop indefinitely. the ping process won't end but + // neither will your script. + + // although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by + // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the + // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA. RFC4254#section-5.2 corroborates. + $packet = Strings::packSSH2( + 'CNsCs', + MessageType::CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_EXEC], + 'exec', + 1, + $command + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_EXEC] = MessageType::CHANNEL_REQUEST; + + if (!$this->get_channel_packet(self::CHANNEL_EXEC)) { + return false; + } + + $this->channel_status[self::CHANNEL_EXEC] = MessageType::CHANNEL_DATA; + + if ($this->request_pty === true) { + $this->channel_id_last_interactive = self::CHANNEL_EXEC; + return true; + } + + $output = ''; + while (true) { + $temp = $this->get_channel_packet(self::CHANNEL_EXEC); + switch (true) { + case $temp === true: + return is_callable($callback) ? true : $output; + case $temp === false: + return false; + default: + if (is_callable($callback)) { + if ($callback($temp) === true) { + $this->close_channel(self::CHANNEL_EXEC); + return true; + } + } else { + $output .= $temp; + } + } + } + } + + /** + * How many channels are currently open? + * + * @return int + */ + public function getOpenChannelCount() + { + return $this->channelCount; + } + + /** + * Opens a channel + */ + protected function open_channel(int $channel, bool $skip_extended = false): bool + { + if (isset($this->channel_status[$channel]) && $this->channel_status[$channel] != MessageType::CHANNEL_CLOSE) { + throw new RuntimeException('Please close the channel (' . $channel . ') before trying to open it again'); + } + + $this->channelCount++; + + if ($this->channelCount > 1 && $this->errorOnMultipleChannels) { + throw new RuntimeException("Ubuntu's OpenSSH from 5.8 to 6.9 doesn't work with multiple channels"); + } + + // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to + // be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but, + // honestly, if you're transferring more than 2GB, you probably shouldn't be using phpseclib, anyway. + // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info + $this->window_size_server_to_client[$channel] = $this->window_size; + // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy + // uses 0x4000, that's what will be used here, as well. + $packet_size = 0x4000; + + $packet = Strings::packSSH2( + 'CsN3', + MessageType::CHANNEL_OPEN, + 'session', + $channel, + $this->window_size_server_to_client[$channel], + $packet_size + ); + + $this->send_binary_packet($packet); + + $this->channel_status[$channel] = MessageType::CHANNEL_OPEN; + + return $this->get_channel_packet($channel, $skip_extended); + } + + /** + * Creates an interactive shell + * + * Returns bool(true) if the shell was opened. + * Returns bool(false) if the shell was already open. + * + * @throws InsufficientSetupException if not authenticated + * @throws UnexpectedValueException on receipt of unexpected packets + * @throws RuntimeException on other errors + * @see self::isShellOpen() + * @see self::read() + * @see self::write() + */ + public function openShell(): bool + { + if (!$this->isAuthenticated()) { + throw new InsufficientSetupException('Operation disallowed prior to login()'); + } + + $this->open_channel(self::CHANNEL_SHELL); + + $terminal_modes = pack('C', TerminalMode::TTY_OP_END); + $packet = Strings::packSSH2( + 'CNsbsN4s', + MessageType::CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_SHELL], + 'pty-req', + true, // want reply + $this->term, + $this->windowColumns, + $this->windowRows, + 0, + 0, + $terminal_modes + ); + + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_SHELL] = MessageType::CHANNEL_REQUEST; + + if (!$this->get_channel_packet(self::CHANNEL_SHELL)) { + throw new RuntimeException('Unable to request pty'); + } + + $packet = Strings::packSSH2( + 'CNsb', + MessageType::CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_SHELL], + 'shell', + true // want reply + ); + $this->send_binary_packet($packet); + + $response = $this->get_channel_packet(self::CHANNEL_SHELL); + if ($response === false) { + throw new RuntimeException('Unable to request shell'); + } + + $this->channel_status[self::CHANNEL_SHELL] = MessageType::CHANNEL_DATA; + + $this->channel_id_last_interactive = self::CHANNEL_SHELL; + + $this->bitmap |= self::MASK_SHELL; + + return true; + } + + /** + * Return the channel to be used with read(), write(), and reset(), if none were specified + * @deprecated for lack of transparency in intended channel target, to be potentially replaced + * with method which guarantees open-ness of all yielded channels and throws + * error for multiple open channels + * @see self::read() + * @see self::write() + */ + private function get_interactive_channel(): int + { + switch (true) { + case $this->is_channel_status_data(self::CHANNEL_SUBSYSTEM): + return self::CHANNEL_SUBSYSTEM; + case $this->is_channel_status_data(self::CHANNEL_EXEC): + return self::CHANNEL_EXEC; + default: + return self::CHANNEL_SHELL; + } + } + + /** + * Indicates the DATA status on the given channel + */ + private function is_channel_status_data(int $channel): bool + { + return isset($this->channel_status[$channel]) && $this->channel_status[$channel] == MessageType::CHANNEL_DATA; + } + + /** + * Return an available open channel + * + * @return int + */ + private function get_open_channel() + { + $channel = self::CHANNEL_EXEC; + do { + if (isset($this->channel_status[$channel]) && $this->channel_status[$channel] == MessageType::CHANNEL_OPEN) { + return $channel; + } + } while ($channel++ < self::CHANNEL_SUBSYSTEM); + + return false; + } + + /** + * Request agent forwarding of remote server + */ + public function requestAgentForwarding(): bool + { + $request_channel = $this->get_open_channel(); + if ($request_channel === false) { + return false; + } + + $packet = Strings::packSSH2( + 'CNsC', + MessageType::CHANNEL_REQUEST, + $this->server_channels[$request_channel], + 'auth-agent-req@openssh.com', + 1 + ); + + $this->channel_status[$request_channel] = MessageType::CHANNEL_REQUEST; + + $this->send_binary_packet($packet); + + if (!$this->get_channel_packet($request_channel)) { + return false; + } + + $this->channel_status[$request_channel] = MessageType::CHANNEL_OPEN; + + return true; + } + + /** + * Returns the output of an interactive shell + * + * Returns when there's a match for $expect, which can take the form of a string literal or, + * if $mode == self::READ_REGEX, a regular expression. + * + * If not specifying a channel, an open interactive channel will be selected, or, if there are + * no open channels, an interactive shell will be created. If there are multiple open + * interactive channels, a legacy behavior will apply in which channel selection prioritizes + * an active subsystem, the exec pty, and, lastly, the shell. If using multiple interactive + * channels, callers are discouraged from relying on this legacy behavior and should specify + * the intended channel. + * + * @param int $mode One of the self::READ_* constants + * @param int|null $channel Channel id returned by self::getInteractiveChannelId() + * @return string|bool|null + * @throws RuntimeException on connection error + * @throws InsufficientSetupException on unexpected channel status, possibly due to closure + * @see self::write() + */ + public function read(string $expect = '', int $mode = self::READ_SIMPLE, ?int $channel = null) + { + if (!$this->isAuthenticated()) { + throw new InsufficientSetupException('Operation disallowed prior to login()'); + } + + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + + if ($channel === null) { + $channel = $this->get_interactive_channel(); + } + + if (!$this->is_channel_status_data($channel) && empty($this->channel_buffers[$channel])) { + if ($channel != self::CHANNEL_SHELL) { + throw new InsufficientSetupException('Data is not available on channel'); + } elseif (!$this->openShell()) { + throw new RuntimeException('Unable to initiate an interactive shell session'); + } + } + + if ($mode == self::READ_NEXT) { + return $this->get_channel_packet($channel); + } + + $match = $expect; + while (true) { + if ($mode == self::READ_REGEX) { + preg_match($expect, substr($this->interactiveBuffer, -1024), $matches); + $match = $matches[0] ?? ''; + } + $pos = strlen($match) ? strpos($this->interactiveBuffer, $match) : false; + if ($pos !== false) { + return Strings::shift($this->interactiveBuffer, $pos + strlen($match)); + } + $response = $this->get_channel_packet($channel); + if ($response === true) { + return Strings::shift($this->interactiveBuffer, strlen($this->interactiveBuffer)); + } + + $this->interactiveBuffer .= $response; + } + } + + /** + * Inputs a command into an interactive shell. + * + * If not specifying a channel, an open interactive channel will be selected, or, if there are + * no open channels, an interactive shell will be created. If there are multiple open + * interactive channels, a legacy behavior will apply in which channel selection prioritizes + * an active subsystem, the exec pty, and, lastly, the shell. If using multiple interactive + * channels, callers are discouraged from relying on this legacy behavior and should specify + * the intended channel. + * + * @param int|null $channel Channel id returned by self::getInteractiveChannelId() + * @throws RuntimeException on connection error + * @throws InsufficientSetupException on unexpected channel status, possibly due to closure + * @throws TimeoutException if the write could not be completed within the requested self::setTimeout() + * @see SSH2::read() + */ + public function write(string $cmd, ?int $channel = null): void + { + if (!$this->isAuthenticated()) { + throw new InsufficientSetupException('Operation disallowed prior to login()'); + } + + if ($channel === null) { + $channel = $this->get_interactive_channel(); + } + + if (!$this->is_channel_status_data($channel)) { + if ($channel != self::CHANNEL_SHELL) { + throw new InsufficientSetupException('Data is not available on channel'); + } elseif (!$this->openShell()) { + throw new RuntimeException('Unable to initiate an interactive shell session'); + } + } + + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + $this->send_channel_packet($channel, $cmd); + } + + /** + * Start a subsystem. + * + * Right now only one subsystem at a time is supported. To support multiple subsystem's stopSubsystem() could accept + * a string that contained the name of the subsystem, but at that point, only one subsystem of each type could be opened. + * To support multiple subsystem's of the same name maybe it'd be best if startSubsystem() generated a new channel id and + * returns that and then that that was passed into stopSubsystem() but that'll be saved for a future date and implemented + * if there's sufficient demand for such a feature. + * + * @see self::stopSubsystem() + */ + public function startSubsystem(string $subsystem): bool + { + $this->open_channel(self::CHANNEL_SUBSYSTEM); + + $packet = Strings::packSSH2( + 'CNsCs', + MessageType::CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_SUBSYSTEM], + 'subsystem', + 1, + $subsystem + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_SUBSYSTEM] = MessageType::CHANNEL_REQUEST; + + if (!$this->get_channel_packet(self::CHANNEL_SUBSYSTEM)) { + return false; + } + + $this->channel_status[self::CHANNEL_SUBSYSTEM] = MessageType::CHANNEL_DATA; + + $this->channel_id_last_interactive = self::CHANNEL_SUBSYSTEM; + + return true; + } + + /** + * Stops a subsystem. + * + * @see self::startSubsystem() + */ + public function stopSubsystem(): bool + { + if ($this->isInteractiveChannelOpen(self::CHANNEL_SUBSYSTEM)) { + $this->close_channel(self::CHANNEL_SUBSYSTEM); + } + return true; + } + + /** + * Closes a channel + * + * If read() timed out you might want to just close the channel and have it auto-restart on the next read() call + * + * If not specifying a channel, an open interactive channel will be selected. If there are + * multiple open interactive channels, a legacy behavior will apply in which channel selection + * prioritizes an active subsystem, the exec pty, and, lastly, the shell. If using multiple + * interactive channels, callers are discouraged from relying on this legacy behavior and + * should specify the intended channel. + * + * @param int|null $channel Channel id returned by self::getInteractiveChannelId() + */ + public function reset(?int $channel = null): void + { + if ($channel === null) { + $channel = $this->get_interactive_channel(); + } + if ($this->isInteractiveChannelOpen($channel)) { + $this->close_channel($channel); + } + } + + /** + * Is timeout? + * + * Did exec() or read() return because they timed out or because they encountered the end? + */ + public function isTimeout(): bool + { + return $this->is_timeout; + } + + /** + * Disconnect + */ + public function disconnect(): void + { + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + if (isset($this->realtime_log_file) && is_resource($this->realtime_log_file)) { + fclose($this->realtime_log_file); + } + unset(self::$connections[$this->getResourceId()]); + } + + /** + * Destructor. + * + * Will be called, automatically, if you're supporting just PHP5. If you're supporting PHP4, you'll need to call + * disconnect(). + */ + public function __destruct() + { + $this->disconnect(); + } + + /** + * Is the connection still active? + * + * $level has 3x possible values: + * 0 (default): phpseclib takes a passive approach to see if the connection is still active by calling feof() + * on the socket + * 1: phpseclib takes an active approach to see if the connection is still active by sending an SSH_MSG_IGNORE + * packet that doesn't require a response + * 2: phpseclib takes an active approach to see if the connection is still active by sending an SSH_MSG_CHANNEL_OPEN + * packet and imediately trying to close that channel. some routers, in particular, however, will only let you + * open one channel, so this approach could yield false positives + */ + public function isConnected(int $level = 0): bool + { + if ($level < 0 || $level > 2) { + throw new InvalidArgumentException('$level must be 0, 1 or 2'); + } + + if ($level == 0) { + return ($this->bitmap & self::MASK_CONNECTED) && is_resource($this->fsock) && !feof($this->fsock); + } + try { + if ($level == 1) { + $this->send_binary_packet(pack('CN', MessageType::IGNORE, 0)); + } else { + $this->open_channel(self::CHANNEL_KEEP_ALIVE); + $this->close_channel(self::CHANNEL_KEEP_ALIVE); + } + return true; + } catch (\Exception $e) { + return false; + } + } + + /** + * Have you successfully been logged in? + */ + public function isAuthenticated(): bool + { + return (bool) ($this->bitmap & self::MASK_LOGIN); + } + + /** + * Is the interactive shell active? + */ + public function isShellOpen(): bool + { + return $this->isInteractiveChannelOpen(self::CHANNEL_SHELL); + } + + /** + * Is the exec pty active? + */ + public function isPTYOpen(): bool + { + return $this->isInteractiveChannelOpen(self::CHANNEL_EXEC); + } + + /** + * Is the given interactive channel active? + * + * @param int $channel Channel id returned by self::getInteractiveChannelId() + */ + public function isInteractiveChannelOpen(int $channel): bool + { + return $this->isAuthenticated() && $this->is_channel_status_data($channel); + } + + /** + * Returns a channel identifier, presently of the last interactive channel opened, regardless of current status. + * Returns 0 if no interactive channel has been opened. + * + * @see self::isInteractiveChannelOpen() + */ + public function getInteractiveChannelId(): int + { + return $this->channel_id_last_interactive; + } + + /** + * Pings a server connection, or tries to reconnect if the connection has gone down + * + * Inspired by http://php.net/manual/en/mysqli.ping.php + */ + public function ping(): bool + { + if (!$this->isAuthenticated()) { + if (!empty($this->auth)) { + return $this->reconnect(); + } + return false; + } + + try { + $this->open_channel(self::CHANNEL_KEEP_ALIVE); + } catch (\RuntimeException $e) { + return $this->reconnect(); + } + + $this->close_channel(self::CHANNEL_KEEP_ALIVE); + return true; + } + + /** + * In situ reconnect method + * + * @return boolean + */ + private function reconnect(): bool + { + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + $this->connect(); + foreach ($this->auth as $auth) { + $result = $this->login(...$auth); + } + return $result; + } + + /** + * Resets a connection for re-use + */ + protected function reset_connection(): void + { + if (is_resource($this->fsock) && get_resource_type($this->fsock) === 'stream') { + fclose($this->fsock); + } + $this->fsock = null; + $this->bitmap = 0; + $this->binary_packet_buffer = null; + $this->decrypt = $this->encrypt = false; + $this->decrypt_block_size = $this->encrypt_block_size = 8; + $this->hmac_check = $this->hmac_create = false; + $this->hmac_size = false; + $this->session_id = false; + $this->get_seq_no = $this->send_seq_no = 0; + $this->channel_status = []; + $this->channel_id_last_interactive = 0; + $this->channel_buffers = []; + $this->channel_buffers_write = []; + } + + /** + * @return int[] second and microsecond stream timeout options based on user-requested timeout and keep-alive, or the default socket timeout by default, which mirrors PHP socket streams. + */ + private function get_stream_timeout() + { + $sec = ini_get('default_socket_timeout'); + $usec = 0; + if ($this->curTimeout > 0) { + $sec = (int) floor($this->curTimeout); + $usec = (int) (1000000 * ($this->curTimeout - $sec)); + } + if ($this->keepAlive > 0) { + $elapsed = microtime(true) - $this->last_packet; + $timeout = max($this->keepAlive - $elapsed, 0); + if (!$this->curTimeout || $timeout < $this->curTimeout) { + $sec = (int) floor($timeout); + $usec = (int) (1000000 * ($timeout - $sec)); + } + } + return [$sec, $usec]; + } + + /** + * Retrieves the next packet with added timeout and type handling + * + * @param string $message_types Message types to enforce in response, closing if not met + * @return string + * @throws ConnectionClosedException If an error has occurred preventing read of the next packet + */ + private function get_binary_packet_or_close(...$message_types) + { + try { + $packet = $this->get_binary_packet(); + if (count($message_types) > 0 && !in_array(ord($packet[0]), $message_types)) { + $this->disconnect_helper(DisconnectReason::PROTOCOL_ERROR); + throw new ConnectionClosedException('Bad message type. Expected: #' + . implode(', #', $message_types) . '. Got: #' . ord($packet[0])); + } + return $packet; + } catch (TimeoutException $e) { + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + throw new ConnectionClosedException('Connection closed due to timeout'); + } + } + + /** + * Gets Binary Packets + * + * See '6. Binary Packet Protocol' of rfc4253 for more info. + * + * @see self::_send_binary_packet() + * @throws TimeoutException If user requested timeout was reached while waiting for next packet + * @throws ConnectionClosedException If an error has occurred preventing read of the next packet + */ + private function get_binary_packet(): string + { + if (!is_resource($this->fsock)) { + throw new InvalidArgumentException('fsock is not a resource.'); + } + if ($this->binary_packet_buffer == null) { + // buffer the packet to permit continued reads across timeouts + $this->binary_packet_buffer = (object) [ + 'read_time' => 0, // the time to read the packet from the socket + 'raw' => '', // the raw payload read from the socket + 'plain' => '', // the packet in plain text, excluding packet_length header + 'packet_length' => null, // the packet_length value pulled from the payload + 'size' => $this->decrypt_block_size, // the total size of this packet to be read from the socket + // initialize to read single block until packet_length is available + ]; + } + $packet = $this->binary_packet_buffer; + while (strlen($packet->raw) < $packet->size) { + if (feof($this->fsock)) { + $this->disconnect_helper(DisconnectReason::CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed by server'); + } + if ($this->curTimeout < 0) { + $this->is_timeout = true; + throw new TimeoutException('Timed out waiting for server'); + } + $this->send_keep_alive(); + + [$sec, $usec] = $this->get_stream_timeout(); + stream_set_timeout($this->fsock, $sec, $usec); + $start = microtime(true); + $raw = stream_get_contents($this->fsock, $packet->size - strlen($packet->raw)); + $elapsed = microtime(true) - $start; + $packet->read_time += $elapsed; + if ($this->curTimeout > 0) { + $this->curTimeout -= $elapsed; + } + if ($raw === false) { + $this->disconnect_helper(DisconnectReason::CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed by server'); + } elseif (!strlen($raw)) { + continue; + } + $packet->raw .= $raw; + if (!$packet->packet_length) { + $this->get_binary_packet_size($packet); + } + } + + if (strlen($packet->raw) != $packet->size) { + throw new \RuntimeException('Size of packet was not expected length'); + } + // destroy buffer as packet represents the entire payload and should be processed in full + $this->binary_packet_buffer = null; + // copy the raw payload, so as not to destroy original + $raw = $packet->raw; + if ($this->hmac_check instanceof Hash) { + $hmac = Strings::pop($raw, $this->hmac_size); + } + $packet_length_header_size = 4; + if ($this->decrypt) { + switch ($this->decryptName) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + $this->decrypt->setNonce( + $this->decryptFixedPart . + $this->decryptInvocationCounter + ); + Strings::increment_str($this->decryptInvocationCounter); + $this->decrypt->setAAD(Strings::shift($raw, $packet_length_header_size)); + $this->decrypt->setTag(Strings::pop($raw, $this->decrypt_block_size)); + $packet->plain = $this->decrypt->decrypt($raw); + break; + case 'chacha20-poly1305@openssh.com': + // This should be impossible, but we are checking anyway to narrow the type for Psalm. + if (!($this->decrypt instanceof ChaCha20)) { + throw new LogicException('$this->decrypt is not a ' . ChaCha20::class); + } + $this->decrypt->setNonce(pack('N2', 0, $this->get_seq_no)); + $this->decrypt->setCounter(0); + // this is the same approach that's implemented in Salsa20::createPoly1305Key() + // but we don't want to use the same AEAD construction that RFC8439 describes + // for ChaCha20-Poly1305 so we won't rely on it (see Salsa20::poly1305()) + $this->decrypt->setPoly1305Key( + $this->decrypt->encrypt(str_repeat("\0", 32)) + ); + $this->decrypt->setAAD(Strings::shift($raw, $packet_length_header_size)); + $this->decrypt->setCounter(1); + $this->decrypt->setTag(Strings::pop($raw, 16)); + $packet->plain = $this->decrypt->decrypt($raw); + break; + default: + if (!$this->hmac_check instanceof Hash || !$this->hmac_check_etm) { + // first block was already decrypted for contained packet_length header + Strings::shift($raw, $this->decrypt_block_size); + if (strlen($raw) > 0) { + $packet->plain .= $this->decrypt->decrypt($raw); + } + } else { + Strings::shift($raw, $packet_length_header_size); + $packet->plain = $this->decrypt->decrypt($raw); + } + break; + } + } else { + Strings::shift($raw, $packet_length_header_size); + $packet->plain = $raw; + } + if ($this->hmac_check instanceof Hash) { + $reconstructed = !$this->hmac_check_etm ? + pack('Na*', $packet->packet_length, $packet->plain) : + substr($packet->raw, 0, -$this->hmac_size); + if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') { + $this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no)); + if ($hmac != $this->hmac_check->hash($reconstructed)) { + $this->disconnect_helper(DisconnectReason::MAC_ERROR); + throw new ConnectionClosedException('Invalid UMAC'); + } + } else { + if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) { + $this->disconnect_helper(DisconnectReason::MAC_ERROR); + throw new ConnectionClosedException('Invalid HMAC'); + } + } + } + $padding_length = 0; + $payload = $packet->plain; + extract(unpack('Cpadding_length', Strings::shift($payload, 1))); + if ($padding_length > 0) { + Strings::pop($payload, $padding_length); + } + if (empty($payload)) { + $this->disconnect_helper(DisconnectReason::PROTOCOL_ERROR); + throw new ConnectionClosedException('Plaintext is too short'); + } + + switch ($this->decompress) { + case self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH: + if (!$this->isAuthenticated()) { + break; + } + // fall-through + case self::NET_SSH2_COMPRESSION_ZLIB: + if ($this->regenerate_decompression_context) { + $this->regenerate_decompression_context = false; + + $cmf = ord($payload[0]); + $cm = $cmf & 0x0F; + if ($cm != 8) { // deflate + throw new UnsupportedAlgorithmException("Only CM = 8 ('deflate') is supported ($cm)"); + } + $cinfo = ($cmf & 0xF0) >> 4; + if ($cinfo > 7) { + throw new RuntimeException("CINFO above 7 is not allowed ($cinfo)"); + } + $windowSize = 1 << ($cinfo + 8); + + $flg = ord($payload[1]); + //$fcheck = $flg && 0x0F; + if ((($cmf << 8) | $flg) % 31) { + throw new RuntimeException('fcheck failed'); + } + $fdict = boolval($flg & 0x20); + $flevel = ($flg & 0xC0) >> 6; + + $this->decompress_context = inflate_init(ZLIB_ENCODING_RAW, ['window' => $cinfo + 8]); + $payload = substr($payload, 2); + } + if ($this->decompress_context) { + $payload = inflate_add($this->decompress_context, $payload, ZLIB_PARTIAL_FLUSH); + } + } + + $this->get_seq_no++; + + if (defined('NET_SSH2_LOGGING')) { + $current = microtime(true); + $message_number = sprintf( + '<- %s (since last: %s, network: %ss)', + ($constantName = MessageType::findConstantNameByValue($value = ord($payload[0]))) + ? "SSH_MSG_$constantName" + : "UNKNOWN ($value)", + round($current - $this->last_packet, 4), + round($packet->read_time, 4) + ); + $this->append_log($message_number, $payload); + } + $this->last_packet = microtime(true); + + return $this->filter($payload); + } + + /** + * @param object $packet The packet object being constructed, passed by reference + * The size, packet_length, and plain properties of this object may be modified in processing + * @throws InvalidPacketLengthException if the packet length header is invalid + */ + private function get_binary_packet_size(object &$packet): void + { + $packet_length_header_size = 4; + if (strlen($packet->raw) < $packet_length_header_size) { + return; + } + $packet_length = 0; + $added_validation_length = 0; // indicates when the packet length header is included when validating packet length against block size + if ($this->decrypt) { + switch ($this->decryptName) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + extract(unpack('Npacket_length', substr($packet->raw, 0, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length + $this->decrypt_block_size; // expect tag + break; + case 'chacha20-poly1305@openssh.com': + $this->lengthDecrypt->setNonce(pack('N2', 0, $this->get_seq_no)); + $packet_length_header = $this->lengthDecrypt->decrypt(substr($packet->raw, 0, $packet_length_header_size)); + extract(unpack('Npacket_length', $packet_length_header)); + $packet->size = $packet_length_header_size + $packet_length + 16; // expect tag + break; + default: + if (!$this->hmac_check instanceof Hash || !$this->hmac_check_etm) { + if (strlen($packet->raw) < $this->decrypt_block_size) { + return; + } + $packet->plain = $this->decrypt->decrypt(substr($packet->raw, 0, $this->decrypt_block_size)); + extract(unpack('Npacket_length', Strings::shift($packet->plain, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length; + $added_validation_length = $packet_length_header_size; + } else { + extract(unpack('Npacket_length', substr($packet->raw, 0, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length; + } + break; + } + } else { + extract(unpack('Npacket_length', substr($packet->raw, 0, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length; + $added_validation_length = $packet_length_header_size; + } + // quoting , + // "implementations SHOULD check that the packet length is reasonable" + // PuTTY uses 0x9000 as the actual max packet size and so to shall we + if ( + $packet_length <= 0 || $packet_length > 0x9000 + || ($packet_length + $added_validation_length) % $this->decrypt_block_size != 0 + ) { + $this->disconnect_helper(DisconnectReason::PROTOCOL_ERROR); + throw new InvalidPacketLengthException('Invalid packet length'); + } + if ($this->hmac_check instanceof Hash) { + $packet->size += $this->hmac_size; + } + $packet->packet_length = $packet_length; + } + + /** + * Filter Binary Packets + * + * Because some binary packets need to be ignored... + * + * @see self::_get_binary_packet() + */ + private function filter(string $payload): string + { + switch (ord($payload[0])) { + case MessageType::DISCONNECT: + Strings::shift($payload, 1); + [$reason_code, $message] = Strings::unpackSSH2('Ns', $payload); + $this->errors[] = 'SSH_MSG_DISCONNECT: SSH_DISCONNECT_' . DisconnectReason::getConstantNameByValue($reason_code) . "\r\n$message"; + $this->disconnect_helper(DisconnectReason::CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed by server'); + case MessageType::IGNORE: + $this->extra_packets++; + $payload = $this->get_binary_packet(); + break; + case MessageType::DEBUG: + $this->extra_packets++; + Strings::shift($payload, 2); // second byte is "always_display" + [$message] = Strings::unpackSSH2('s', $payload); + $this->errors[] = "SSH_MSG_DEBUG: $message"; + $payload = $this->get_binary_packet(); + break; + case MessageType::UNIMPLEMENTED: + break; + case MessageType::KEXINIT: + // this is here for key re-exchanges after the initial key exchange + if ($this->session_id !== false) { + if (!$this->key_exchange($payload)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new ConnectionClosedException('Key exchange failed'); + } + $payload = $this->get_binary_packet(); + } + break; + case MessageType::EXT_INFO: + Strings::shift($payload, 1); + [$nr_extensions] = Strings::unpackSSH2('N', $payload); + for ($i = 0; $i < $nr_extensions; $i++) { + [$extension_name, $extension_value] = Strings::unpackSSH2('ss', $payload); + if ($extension_name == 'server-sig-algs') { + $this->supported_private_key_algorithms = explode(',', $extension_value); + } + } + $payload = $this->get_binary_packet(); + } + + // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in + if (($this->bitmap & self::MASK_CONNECTED) && !$this->isAuthenticated() && ord($payload[0]) == MessageType::USERAUTH_BANNER) { + Strings::shift($payload, 1); + [$this->banner_message] = Strings::unpackSSH2('s', $payload); + $payload = $this->get_binary_packet(); + } + + // only called when we've already logged in + if (($this->bitmap & self::MASK_CONNECTED) && $this->isAuthenticated()) { + switch (ord($payload[0])) { + case MessageType::CHANNEL_REQUEST: + if (strlen($payload) == 31) { + extract(unpack('cpacket_type/Nchannel/Nlength', $payload)); + if (substr($payload, 9, $length) == 'keepalive@openssh.com' && isset($this->server_channels[$channel])) { + if (ord(substr($payload, 9 + $length))) { // want reply + $this->send_binary_packet(pack('CN', MessageType::CHANNEL_SUCCESS, $this->server_channels[$channel])); + } + $payload = $this->get_binary_packet(); + } + } + break; + case MessageType::GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4 + Strings::shift($payload, 1); + [$request_name] = Strings::unpackSSH2('s', $payload); + $this->errors[] = "SSH_MSG_GLOBAL_REQUEST: $request_name"; + $this->send_binary_packet(pack('C', MessageType::REQUEST_FAILURE)); + $payload = $this->get_binary_packet(); + break; + case MessageType::CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1 + Strings::shift($payload, 1); + [$data, $server_channel] = Strings::unpackSSH2('sN', $payload); + switch ($data) { + case 'auth-agent': + case 'auth-agent@openssh.com': + if (isset($this->agent)) { + $new_channel = self::CHANNEL_AGENT_FORWARD; + + [ + $remote_window_size, + $remote_maximum_packet_size + ] = Strings::unpackSSH2('NN', $payload); + + $this->packet_size_client_to_server[$new_channel] = $remote_window_size; + $this->window_size_server_to_client[$new_channel] = $remote_maximum_packet_size; + $this->window_size_client_to_server[$new_channel] = $this->window_size; + + $packet_size = 0x4000; + + $packet = pack( + 'CN4', + MessageType::CHANNEL_OPEN_CONFIRMATION, + $server_channel, + $new_channel, + $packet_size, + $packet_size + ); + + $this->server_channels[$new_channel] = $server_channel; + $this->channel_status[$new_channel] = MessageType::CHANNEL_OPEN_CONFIRMATION; + $this->send_binary_packet($packet); + } + break; + default: + $packet = Strings::packSSH2( + 'CN2ss', + MessageType::CHANNEL_OPEN_FAILURE, + $server_channel, + ChannelConnectionFailureReason::ADMINISTRATIVELY_PROHIBITED, + '', // description + '' // language tag + ); + + $this->send_binary_packet($packet); + } + + $payload = $this->get_binary_packet(); + } + } + + return $payload; + } + + /** + * Enable Quiet Mode + * + * Suppress stderr from output + */ + public function enableQuietMode(): void + { + $this->quiet_mode = true; + } + + /** + * Disable Quiet Mode + * + * Show stderr in output + */ + public function disableQuietMode(): void + { + $this->quiet_mode = false; + } + + /** + * Returns whether Quiet Mode is enabled or not + * + * @see self::enableQuietMode() + * @see self::disableQuietMode() + */ + public function isQuietModeEnabled(): bool + { + return $this->quiet_mode; + } + + /** + * Enable request-pty when using exec() + */ + public function enablePTY(): void + { + $this->request_pty = true; + } + + /** + * Disable request-pty when using exec() + */ + public function disablePTY(): void + { + if ($this->isPTYOpen()) { + $this->close_channel(self::CHANNEL_EXEC); + } + $this->request_pty = false; + } + + /** + * Returns whether request-pty is enabled or not + * + * @see self::enablePTY() + * @see self::disablePTY() + */ + public function isPTYEnabled(): bool + { + return $this->request_pty; + } + + /** + * Gets channel data + * + * Returns the data as a string. bool(true) is returned if: + * + * - the server closes the channel + * - if the connection times out + * - if a window adjust packet is received on the given negated client channel + * - if the channel status is CHANNEL_OPEN and the response was CHANNEL_OPEN_CONFIRMATION + * - if the channel status is CHANNEL_REQUEST and the response was CHANNEL_SUCCESS + * - if the channel status is CHANNEL_CLOSE and the response was CHANNEL_CLOSE + * + * bool(false) is returned if: + * + * - if the channel status is CHANNEL_REQUEST and the response was CHANNEL_FAILURE + * + * @param int $client_channel Specifies the channel to return data for, and data received + * on other channels is buffered. The respective negative value of a channel is + * also supported for the case that the caller is awaiting adjustment of the data + * window, and where data received on that respective channel is also buffered. + * @throws RuntimeException on connection error + */ + protected function get_channel_packet(int $client_channel, bool $skip_extended = false) + { + if (!empty($this->channel_buffers[$client_channel])) { + switch ($this->channel_status[$client_channel]) { + case MessageType::CHANNEL_REQUEST: + foreach ($this->channel_buffers[$client_channel] as $i => $packet) { + switch (ord($packet[0])) { + case MessageType::CHANNEL_SUCCESS: + case MessageType::CHANNEL_FAILURE: + unset($this->channel_buffers[$client_channel][$i]); + return substr($packet, 1); + } + } + break; + default: + return substr(array_shift($this->channel_buffers[$client_channel]), 1); + } + } + + while (true) { + try { + $response = $this->get_binary_packet(); + } catch (TimeoutException $e) { + return true; + } + [$type] = Strings::unpackSSH2('C', $response); + if (strlen($response) >= 4) { + [$channel] = Strings::unpackSSH2('N', $response); + } + + // will not be setup yet on incoming channel open request + if (isset($channel) && isset($this->channel_status[$channel]) && isset($this->window_size_server_to_client[$channel])) { + $this->window_size_server_to_client[$channel] -= strlen($response); + + // resize the window, if appropriate + if ($this->window_size_server_to_client[$channel] < 0) { + // PuTTY does something more analogous to the following: + //if ($this->window_size_server_to_client[$channel] < 0x3FFFFFFF) { + $packet = pack('CNN', MessageType::CHANNEL_WINDOW_ADJUST, $this->server_channels[$channel], $this->window_resize); + $this->send_binary_packet($packet); + $this->window_size_server_to_client[$channel] += $this->window_resize; + } + + switch ($type) { + case MessageType::CHANNEL_WINDOW_ADJUST: + [$window_size] = Strings::unpackSSH2('N', $response); + $this->window_size_client_to_server[$channel] += $window_size; + if ($channel == -$client_channel) { + return true; + } + + continue 2; + case MessageType::CHANNEL_EXTENDED_DATA: + /* + if ($client_channel == self::CHANNEL_EXEC) { + $this->send_channel_packet($client_channel, chr(0)); + } + */ + // currently, there's only one possible value for $data_type_code: NET_SSH2_EXTENDED_DATA_STDERR + [$data_type_code, $data] = Strings::unpackSSH2('Ns', $response); + $this->stdErrorLog .= $data; + if ($skip_extended || $this->quiet_mode) { + continue 2; + } + if ($client_channel == $channel && $this->channel_status[$channel] == MessageType::CHANNEL_DATA) { + return $data; + } + $this->channel_buffers[$channel][] = chr($type) . $data; + + continue 2; + case MessageType::CHANNEL_REQUEST: + if ($this->channel_status[$channel] == MessageType::CHANNEL_CLOSE) { + continue 2; + } + [$value] = Strings::unpackSSH2('s', $response); + switch ($value) { + case 'exit-signal': + [ + , // FALSE + $signal_name, + , // core dumped + $error_message + ] = Strings::unpackSSH2('bsbs', $response); + + $this->errors[] = "SSH_MSG_CHANNEL_REQUEST (exit-signal): $signal_name"; + if (strlen($error_message)) { + $this->errors[count($this->errors) - 1] .= "\r\n$error_message"; + } + + $this->send_binary_packet(pack('CN', MessageType::CHANNEL_EOF, $this->server_channels[$client_channel])); + $this->send_binary_packet(pack('CN', MessageType::CHANNEL_CLOSE, $this->server_channels[$channel])); + + $this->channel_status[$channel] = MessageType::CHANNEL_EOF; + + continue 3; + case 'exit-status': + [, $this->exit_status] = Strings::unpackSSH2('CN', $response); + + // "The client MAY ignore these messages." + // -- http://tools.ietf.org/html/rfc4254#section-6.10 + + continue 3; + default: + // "Some systems may not implement signals, in which case they SHOULD ignore this message." + // -- http://tools.ietf.org/html/rfc4254#section-6.9 + continue 3; + } + } + + switch ($this->channel_status[$channel]) { + case MessageType::CHANNEL_OPEN: + switch ($type) { + case MessageType::CHANNEL_OPEN_CONFIRMATION: + [ + $this->server_channels[$channel], + $window_size, + $this->packet_size_client_to_server[$channel] + ] = Strings::unpackSSH2('NNN', $response); + + if ($window_size < 0) { + $window_size &= 0x7FFFFFFF; + $window_size += 0x80000000; + } + $this->window_size_client_to_server[$channel] = $window_size; + $result = $client_channel == $channel ? true : $this->get_channel_packet($client_channel, $skip_extended); + $this->on_channel_open(); + return $result; + case MessageType::CHANNEL_OPEN_FAILURE: + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + throw new RuntimeException('Unable to open channel'); + default: + if ($client_channel == $channel) { + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + throw new RuntimeException('Unexpected response to open request'); + } + return $this->get_channel_packet($client_channel, $skip_extended); + } + break; + case MessageType::CHANNEL_REQUEST: + switch ($type) { + case MessageType::CHANNEL_SUCCESS: + return true; + case MessageType::CHANNEL_FAILURE: + return false; + case MessageType::CHANNEL_DATA: + [$data] = Strings::unpackSSH2('s', $response); + $this->channel_buffers[$channel][] = chr($type) . $data; + return $this->get_channel_packet($client_channel, $skip_extended); + default: + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + throw new RuntimeException('Unable to fulfill channel request'); + } + case MessageType::CHANNEL_CLOSE: + if ($client_channel == $channel && $type == MessageType::CHANNEL_CLOSE) { + return true; + } + return $this->get_channel_packet($client_channel, $skip_extended); + } + } + + // ie. $this->channel_status[$channel] == MessageType::CHANNEL_DATA + + switch ($type) { + case MessageType::CHANNEL_DATA: + /* + if ($channel == self::CHANNEL_EXEC) { + // SCP requires null packets, such as this, be sent. further, in the case of the ssh.com SSH server + // this actually seems to make things twice as fast. more to the point, the message right after + // SSH_MSG_CHANNEL_DATA (usually SSH_MSG_IGNORE) won't block for as long as it would have otherwise. + // in OpenSSH it slows things down but only by a couple thousandths of a second. + $this->send_channel_packet($channel, chr(0)); + } + */ + [$data] = Strings::unpackSSH2('s', $response); + + if ($channel == self::CHANNEL_AGENT_FORWARD) { + $agent_response = $this->agent->forwardData($data); + if (!is_bool($agent_response)) { + $this->send_channel_packet($channel, $agent_response); + } + break; + } + + if ($client_channel == $channel) { + return $data; + } + $this->channel_buffers[$channel][] = chr($type) . $data; + break; + case MessageType::CHANNEL_CLOSE: + $this->curTimeout = 5; + + $this->close_channel_bitmap($channel); + + if ($this->channel_status[$channel] != MessageType::CHANNEL_EOF) { + $this->send_binary_packet(pack('CN', MessageType::CHANNEL_CLOSE, $this->server_channels[$channel])); + } + + $this->channel_status[$channel] = MessageType::CHANNEL_CLOSE; + $this->channelCount--; + + if ($client_channel == $channel) { + return true; + } + // fall-through + case MessageType::CHANNEL_EOF: + break; + default: + $this->disconnect_helper(DisconnectReason::BY_APPLICATION); + throw new RuntimeException("Error reading channel data ($type)"); + } + } + } + + /** + * Sends Binary Packets + * + * See '6. Binary Packet Protocol' of rfc4253 for more info. + * + * @see self::_get_binary_packet() + */ + protected function send_binary_packet(string $data, ?string $logged = null): void + { + if (!is_resource($this->fsock) || feof($this->fsock)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed prematurely'); + } + + if (!isset($logged)) { + $logged = $data; + } + + switch ($this->compress) { + case self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH: + if (!$this->isAuthenticated()) { + break; + } + // fall-through + case self::NET_SSH2_COMPRESSION_ZLIB: + if (!$this->regenerate_compression_context) { + $header = ''; + } else { + $this->regenerate_compression_context = false; + $this->compress_context = deflate_init(ZLIB_ENCODING_RAW, ['window' => 15]); + $header = "\x78\x9C"; + } + if ($this->compress_context) { + $data = $header . deflate_add($this->compress_context, $data, ZLIB_PARTIAL_FLUSH); + } + } + + // 4 (packet length) + 1 (padding length) + 4 (minimal padding amount) == 9 + $packet_length = strlen($data) + 9; + if ($this->encrypt && $this->encrypt->usesNonce()) { + $packet_length -= 4; + } + // round up to the nearest $this->encrypt_block_size + $packet_length += (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size; + // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length + $padding_length = $packet_length - strlen($data) - 5; + switch (true) { + case $this->encrypt && $this->encrypt->usesNonce(): + case $this->hmac_create instanceof Hash && $this->hmac_create_etm: + $padding_length += 4; + $packet_length += 4; + } + + $padding = Random::string($padding_length); + + // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself + $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding); + + $hmac = ''; + if ($this->hmac_create instanceof Hash && !$this->hmac_create_etm) { + if (($this->hmac_create->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') { + $this->hmac_create->setNonce("\0\0\0\0" . pack('N', $this->send_seq_no)); + $hmac = $this->hmac_create->hash($packet); + } else { + $hmac = $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)); + } + } + + if ($this->encrypt) { + switch ($this->encryptName) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + $this->encrypt->setNonce( + $this->encryptFixedPart . + $this->encryptInvocationCounter + ); + Strings::increment_str($this->encryptInvocationCounter); + $this->encrypt->setAAD($temp = ($packet & "\xFF\xFF\xFF\xFF")); + $packet = $temp . $this->encrypt->encrypt(substr($packet, 4)); + break; + case 'chacha20-poly1305@openssh.com': + // This should be impossible, but we are checking anyway to narrow the type for Psalm. + if (!($this->encrypt instanceof ChaCha20)) { + throw new LogicException('$this->encrypt is not a ' . ChaCha20::class); + } + + $nonce = pack('N2', 0, $this->send_seq_no); + + $this->encrypt->setNonce($nonce); + $this->lengthEncrypt->setNonce($nonce); + + $length = $this->lengthEncrypt->encrypt($packet & "\xFF\xFF\xFF\xFF"); + + $this->encrypt->setCounter(0); + // this is the same approach that's implemented in Salsa20::createPoly1305Key() + // but we don't want to use the same AEAD construction that RFC8439 describes + // for ChaCha20-Poly1305 so we won't rely on it (see Salsa20::poly1305()) + $this->encrypt->setPoly1305Key( + $this->encrypt->encrypt(str_repeat("\0", 32)) + ); + $this->encrypt->setAAD($length); + $this->encrypt->setCounter(1); + $packet = $length . $this->encrypt->encrypt(substr($packet, 4)); + break; + default: + $packet = $this->hmac_create instanceof Hash && $this->hmac_create_etm ? + ($packet & "\xFF\xFF\xFF\xFF") . $this->encrypt->encrypt(substr($packet, 4)) : + $this->encrypt->encrypt($packet); + } + } + + if ($this->hmac_create instanceof Hash && $this->hmac_create_etm) { + if (($this->hmac_create->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') { + $this->hmac_create->setNonce("\0\0\0\0" . pack('N', $this->send_seq_no)); + $hmac = $this->hmac_create->hash($packet); + } else { + $hmac = $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)); + } + } + + $this->send_seq_no++; + + $packet .= $this->encrypt && $this->encrypt->usesNonce() ? $this->encrypt->getTag() : $hmac; + + $start = microtime(true); + $sent = @fwrite($this->fsock, $packet); + $stop = microtime(true); + + if (defined('NET_SSH2_LOGGING')) { + $current = microtime(true); + $message_number = sprintf( + '-> %s (since last: %s, network: %ss)', + ($constantName = MessageType::findConstantNameByValue($value = ord($logged[0]), false)) + ? "SSH_MSG_$constantName" + : "UNKNOWN ($value)", + round($current - $this->last_packet, 4), + round($stop - $start, 4) + ); + $this->append_log($message_number, $logged); + } + $this->last_packet = microtime(true); + + if (strlen($packet) != $sent) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + $message = $sent === false ? + 'Unable to write ' . strlen($packet) . ' bytes' : + "Only $sent of " . strlen($packet) . " bytes were sent"; + throw new RuntimeException($message); + } + } + + /** + * Sends a keep-alive message, if keep-alive is enabled and interval is met + */ + private function send_keep_alive(): void + { + if ($this->bitmap & self::MASK_CONNECTED) { + $elapsed = microtime(true) - $this->last_packet; + if ($this->keepAlive > 0 && $elapsed >= $this->keepAlive) { + $this->send_binary_packet(pack('CN', MessageType::IGNORE, 0)); + } + } + } + + /** + * Logs data packets + * + * Makes sure that only the last 1MB worth of packets will be logged + */ + private function append_log(string $message_number, string $message): void + { + $this->append_log_helper( + NET_SSH2_LOGGING, + $message_number, + $message, + $this->message_number_log, + $this->message_log, + $this->log_size, + $this->realtime_log_file, + $this->realtime_log_wrap, + $this->realtime_log_size + ); + } + + /** + * Logs data packet helper + * + * @param resource &$realtime_log_file + */ + protected function append_log_helper(int $constant, string $message_number, string $message, array &$message_number_log, array &$message_log, int &$log_size, &$realtime_log_file, bool &$realtime_log_wrap, int &$realtime_log_size): void + { + // remove the byte identifying the message type from all but the first two messages (ie. the identification strings) + if (strlen($message_number) > 2) { + Strings::shift($message); + } + + switch ($constant) { + // useful for benchmarks + case self::LOG_SIMPLE: + $message_number_log[] = $message_number; + break; + case self::LOG_SIMPLE_REALTIME: + echo $message_number; + echo PHP_SAPI == 'cli' ? "\r\n" : '
'; + @flush(); + @ob_flush(); + break; + // the most useful log for SSH2 + case self::LOG_COMPLEX: + $message_number_log[] = $message_number; + $log_size += strlen($message); + $message_log[] = $message; + while ($log_size > self::LOG_MAX_SIZE) { + $log_size -= strlen(array_shift($message_log)); + array_shift($message_number_log); + } + break; + // dump the output out realtime; packets may be interspersed with non packets, + // passwords won't be filtered out and select other packets may not be correctly + // identified + case self::LOG_REALTIME: + switch (PHP_SAPI) { + case 'cli': + $start = $stop = "\r\n"; + break; + default: + $start = '
';
+                        $stop = '
'; + } + echo $start . $this->format_log([$message], [$message_number]) . $stop; + @flush(); + @ob_flush(); + break; + // basically the same thing as self::LOG_REALTIME with the caveat that NET_SSH2_LOG_REALTIME_FILENAME + // needs to be defined and that the resultant log file will be capped out at self::LOG_MAX_SIZE. + // the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily + // at the beginning of the file + case self::LOG_REALTIME_FILE: + if (!isset($realtime_log_file)) { + // PHP doesn't seem to like using constants in fopen() + $filename = NET_SSH2_LOG_REALTIME_FILENAME; + $fp = fopen($filename, 'w'); + $realtime_log_file = $fp; + } + if (!is_resource($realtime_log_file)) { + break; + } + $entry = $this->format_log([$message], [$message_number]); + if ($realtime_log_wrap) { + $temp = "<<< START >>>\r\n"; + $entry .= $temp; + fseek($realtime_log_file, ftell($realtime_log_file) - strlen($temp)); + } + $realtime_log_size += strlen($entry); + if ($realtime_log_size > self::LOG_MAX_SIZE) { + fseek($realtime_log_file, 0); + $realtime_log_size = strlen($entry); + $realtime_log_wrap = true; + } + fwrite($realtime_log_file, $entry); + } + } + + /** + * Sends channel data + * + * Spans multiple SSH_MSG_CHANNEL_DATAs if appropriate + */ + protected function send_channel_packet(int $client_channel, string $data): void + { + if ( + isset($this->channel_buffers_write[$client_channel]) + && str_starts_with($data, $this->channel_buffers_write[$client_channel]) + ) { + // if buffer holds identical initial data content, resume send from the unmatched data portion + $data = substr($data, strlen($this->channel_buffers_write[$client_channel])); + } else { + $this->channel_buffers_write[$client_channel] = ''; + } + while (strlen($data)) { + if (!$this->window_size_client_to_server[$client_channel]) { + // using an invalid channel will let the buffers be built up for the valid channels + $this->get_channel_packet(-$client_channel); + if ($this->isTimeout()) { + throw new TimeoutException('Timed out waiting for server'); + } elseif (!$this->window_size_client_to_server[$client_channel]) { + throw new \RuntimeException('Data window was not adjusted'); + } + } + + /* The maximum amount of data allowed is determined by the maximum + packet size for the channel, and the current window size, whichever + is smaller. + -- http://tools.ietf.org/html/rfc4254#section-5.2 */ + $max_size = min( + $this->packet_size_client_to_server[$client_channel], + $this->window_size_client_to_server[$client_channel] + ); + + $temp = Strings::shift($data, $max_size); + $packet = Strings::packSSH2( + 'CNs', + MessageType::CHANNEL_DATA, + $this->server_channels[$client_channel], + $temp + ); + $this->window_size_client_to_server[$client_channel] -= strlen($temp); + $this->send_binary_packet($packet); + $this->channel_buffers_write[$client_channel] .= $temp; + } + unset($this->channel_buffers_write[$client_channel]); + } + + /** + * Closes and flushes a channel + * + * \phpseclib3\Net\SSH2 doesn't properly close most channels. For exec() channels are normally closed by the server + * and for SFTP channels are presumably closed when the client disconnects. This functions is intended + * for SCP more than anything. + */ + private function close_channel(int $client_channel, bool $want_reply = false): void + { + // see http://tools.ietf.org/html/rfc4254#section-5.3 + + $this->send_binary_packet(pack('CN', MessageType::CHANNEL_EOF, $this->server_channels[$client_channel])); + + if (!$want_reply) { + $this->send_binary_packet(pack('CN', MessageType::CHANNEL_CLOSE, $this->server_channels[$client_channel])); + } + + $this->channel_status[$client_channel] = MessageType::CHANNEL_CLOSE; + $this->channelCount--; + + $this->curTimeout = 5; + + while (!is_bool($this->get_channel_packet($client_channel))) { + } + + if ($want_reply) { + $this->send_binary_packet(pack('CN', MessageType::CHANNEL_CLOSE, $this->server_channels[$client_channel])); + } + + $this->close_channel_bitmap($client_channel); + } + + /** + * Maintains execution state bitmap in response to channel closure + */ + private function close_channel_bitmap(int $client_channel): void + { + switch ($client_channel) { + case self::CHANNEL_SHELL: + // Shell status has been maintained in the bitmap for backwards + // compatibility sake, but can be removed going forward + if ($this->bitmap & self::MASK_SHELL) { + $this->bitmap &= ~self::MASK_SHELL; + } + break; + } + } + + /** + * Disconnect + * + * @return false + */ + protected function disconnect_helper(int $reason): bool + { + if ($this->bitmap & self::MASK_DISCONNECT) { + // Disregard subsequent disconnect requests + return false; + } + $this->bitmap |= self::MASK_DISCONNECT; + if ($this->isConnected()) { + $data = Strings::packSSH2('CNss', MessageType::DISCONNECT, $reason, '', ''); + try { + $this->send_binary_packet($data); + } catch (\Exception $e) { + } + } + + $this->reset_connection(); + + return false; + } + + /** + * Returns a log of the packets that have been sent and received. + * + * Returns a string if NET_SSH2_LOGGING == self::LOG_COMPLEX, an array if NET_SSH2_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING') + * + * @return array|false|string + */ + public function getLog() + { + if (!defined('NET_SSH2_LOGGING')) { + return false; + } + + switch (NET_SSH2_LOGGING) { + case self::LOG_SIMPLE: + return $this->message_number_log; + case self::LOG_COMPLEX: + $log = $this->format_log($this->message_log, $this->message_number_log); + return PHP_SAPI == 'cli' ? $log : '
' . $log . '
'; + default: + return false; + } + } + + /** + * Formats a log for printing + */ + protected function format_log(array $message_log, array $message_number_log): string + { + $output = ''; + for ($i = 0; $i < count($message_log); $i++) { + $output .= $message_number_log[$i]; + $current_log = $message_log[$i]; + $j = 0; + if (strlen($current_log)) { + $output .= "\r\n"; + } + do { + if (strlen($current_log)) { + $output .= str_pad(dechex($j), 7, '0', STR_PAD_LEFT) . '0 '; + } + $fragment = Strings::shift($current_log, $this->log_short_width); + $hex = substr(preg_replace_callback('#.#s', fn ($matches) => $this->log_boundary . str_pad(dechex(ord($matches[0])), 2, '0', STR_PAD_LEFT), $fragment), strlen($this->log_boundary)); + // replace non ASCII printable characters with dots + // http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters + // also replace < with a . since < messes up the output on web browsers + $raw = preg_replace('#[^\x20-\x7E]|<#', '.', $fragment); + $output .= str_pad($hex, $this->log_long_width - $this->log_short_width, ' ') . $raw . "\r\n"; + $j++; + } while (strlen($current_log)); + $output .= "\r\n"; + } + + return $output; + } + + /** + * Helper function for agent->on_channel_open() + * + * Used when channels are created to inform agent + * of said channel opening. Must be called after + * channel open confirmation received + */ + private function on_channel_open(): void + { + if (isset($this->agent)) { + $this->agent->registerChannelOpen($this); + } + } + + /** + * Returns the first value of the intersection of two arrays or false if + * the intersection is empty. The order is defined by the first parameter. + * + * @return mixed False if intersection is empty, else intersected value. + */ + private static function array_intersect_first(array $array1, array $array2) + { + foreach ($array1 as $value) { + if (in_array($value, $array2)) { + return $value; + } + } + return false; + } + + /** + * Returns all errors / debug messages on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getSFTPErrors() + * + * @return string[] + */ + public function getErrors(): array + { + return $this->errors; + } + + /** + * Returns the last error received on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getLastSFTPError() + */ + public function getLastError(): string + { + $count = count($this->errors); + + if ($count > 0) { + return $this->errors[$count - 1]; + } + } + + /** + * Return the server identification. + * + * @return string|false + */ + public function getServerIdentification() + { + $this->connect(); + + return $this->server_identifier; + } + + /** + * Returns a list of algorithms the server supports + */ + public function getServerAlgorithms(): array + { + $this->connect(); + + return [ + 'kex' => $this->kex_algorithms, + 'hostkey' => $this->server_host_key_algorithms, + 'client_to_server' => [ + 'crypt' => $this->encryption_algorithms_client_to_server, + 'mac' => $this->mac_algorithms_client_to_server, + 'comp' => $this->compression_algorithms_client_to_server, + 'lang' => $this->languages_client_to_server, + ], + 'server_to_client' => [ + 'crypt' => $this->encryption_algorithms_server_to_client, + 'mac' => $this->mac_algorithms_server_to_client, + 'comp' => $this->compression_algorithms_server_to_client, + 'lang' => $this->languages_server_to_client, + ], + ]; + } + + /** + * Returns a list of KEX algorithms that phpseclib supports + */ + public static function getSupportedKEXAlgorithms(): array + { + $kex_algorithms = [ + // Elliptic Curve Diffie-Hellman Key Agreement (ECDH) using + // Curve25519. See doc/curve25519-sha256@libssh.org.txt in the + // libssh repository for more information. + 'curve25519-sha256', + 'curve25519-sha256@libssh.org', + + 'ecdh-sha2-nistp256', // RFC 5656 + 'ecdh-sha2-nistp384', // RFC 5656 + 'ecdh-sha2-nistp521', // RFC 5656 + + 'diffie-hellman-group-exchange-sha256',// RFC 4419 + 'diffie-hellman-group-exchange-sha1', // RFC 4419 + + // Diffie-Hellman Key Agreement (DH) using integer modulo prime + // groups. + 'diffie-hellman-group14-sha256', + 'diffie-hellman-group14-sha1', // REQUIRED + 'diffie-hellman-group15-sha512', + 'diffie-hellman-group16-sha512', + 'diffie-hellman-group17-sha512', + 'diffie-hellman-group18-sha512', + + 'diffie-hellman-group1-sha1', // REQUIRED + ]; + + return $kex_algorithms; + } + + /** + * Returns a list of host key algorithms that phpseclib supports + */ + public static function getSupportedHostKeyAlgorithms(): array + { + return [ + 'ssh-ed25519', // https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-02 + 'ecdsa-sha2-nistp256', // RFC 5656 + 'ecdsa-sha2-nistp384', // RFC 5656 + 'ecdsa-sha2-nistp521', // RFC 5656 + 'rsa-sha2-256', // RFC 8332 + 'rsa-sha2-512', // RFC 8332 + 'ssh-rsa', // RECOMMENDED sign Raw RSA Key + 'ssh-dss', // REQUIRED sign Raw DSS Key + ]; + } + + /** + * Returns a list of symmetric key algorithms that phpseclib supports + */ + public static function getSupportedEncryptionAlgorithms(): array + { + $algos = [ + // from : + 'aes128-gcm@openssh.com', + 'aes256-gcm@openssh.com', + + // from : + 'arcfour256', + 'arcfour128', + + //'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key + + // CTR modes from : + 'aes128-ctr', // RECOMMENDED AES (Rijndael) in SDCTR mode, with 128-bit key + 'aes192-ctr', // RECOMMENDED AES with 192-bit key + 'aes256-ctr', // RECOMMENDED AES with 256-bit key + + // from : + // one of the big benefits of chacha20-poly1305 is speed. the problem is... + // libsodium doesn't generate the poly1305 keys in the way ssh does and openssl's PHP bindings don't even + // seem to support poly1305 currently. so even if libsodium or openssl are being used for the chacha20 + // part, pure-PHP has to be used for the poly1305 part and that's gonna cause a big slow down. + // speed-wise it winds up being faster to use AES (when openssl is available) and some HMAC + // (which is always gonna be super fast to compute thanks to the hash extension, which + // "is bundled and compiled into PHP by default") + 'chacha20-poly1305@openssh.com', + + 'twofish128-ctr', // OPTIONAL Twofish in SDCTR mode, with 128-bit key + 'twofish192-ctr', // OPTIONAL Twofish with 192-bit key + 'twofish256-ctr', // OPTIONAL Twofish with 256-bit key + + 'aes128-cbc', // RECOMMENDED AES with a 128-bit key + 'aes192-cbc', // OPTIONAL AES with a 192-bit key + 'aes256-cbc', // OPTIONAL AES in CBC mode, with a 256-bit key + + 'twofish128-cbc', // OPTIONAL Twofish with a 128-bit key + 'twofish192-cbc', // OPTIONAL Twofish with a 192-bit key + 'twofish256-cbc', + 'twofish-cbc', // OPTIONAL alias for "twofish256-cbc" + // (this is being retained for historical reasons) + + 'blowfish-ctr', // OPTIONAL Blowfish in SDCTR mode + + 'blowfish-cbc', // OPTIONAL Blowfish in CBC mode + + '3des-ctr', // RECOMMENDED Three-key 3DES in SDCTR mode + + '3des-cbc', // REQUIRED three-key 3DES in CBC mode + + //'none' // OPTIONAL no encryption; NOT RECOMMENDED + ]; + + if (self::$crypto_engine) { + $engines = [self::$crypto_engine]; + } else { + $engines = [ + 'libsodium', + 'OpenSSL (GCM)', + 'OpenSSL', + 'Eval', + 'PHP', + ]; + } + + $ciphers = []; + + foreach ($engines as $engine) { + foreach ($algos as $algo) { + $obj = self::encryption_algorithm_to_crypt_instance($algo); + if ($obj instanceof Rijndael) { + $obj->setKeyLength((int) preg_replace('#[^\d]#', '', $algo)); + } + switch ($algo) { + // Eval engines do not exist for ChaCha20 or RC4 because they would not benefit from one. + // to benefit from an Eval engine they'd need to loop a variable amount of times, they'd + // need to do table lookups (eg. sbox subsitutions). ChaCha20 doesn't do either because + // it's a so-called ARX cipher, meaning that the only operations it does are add (A), rotate (R) + // and XOR (X). RC4 does do table lookups but being a stream cipher it works differently than + // block ciphers. with RC4 you XOR the plaintext against a keystream and the keystream changes + // as you encrypt stuff. the only table lookups are made against this keystream and thus table + // lookups are kinda unavoidable. with AES and DES, however, the table lookups that are done + // are done against substitution boxes (sboxes), which are invariant. + + // OpenSSL can't be used as an engine, either, because OpenSSL doesn't support continuous buffers + // as SSH2 uses and altho you can emulate a continuous buffer with block ciphers you can't do so + // with stream ciphers. As for ChaCha20... for the ChaCha20 part OpenSSL could prob be used but + // the big slow down isn't with ChaCha20 - it's with Poly1305. SSH constructs the key for that + // differently than how OpenSSL does it (OpenSSL does it as the RFC describes, SSH doesn't). + + // libsodium can't be used because it doesn't support RC4 and it doesn't construct the Poly1305 + // keys in the same way that SSH does + + // mcrypt could prob be used for RC4 but mcrypt hasn't been included in PHP core for yearss + case 'chacha20-poly1305@openssh.com': + case 'arcfour128': + case 'arcfour256': + if ($engine != 'PHP') { + continue 2; + } + break; + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + if ($engine == 'OpenSSL') { + continue 2; + } + $obj->setNonce('dummydummydu'); + } + if ($obj->isValidEngine($engine)) { + $algos = array_diff($algos, [$algo]); + $ciphers[] = $algo; + } + } + } + + return $ciphers; + } + + /** + * Returns a list of MAC algorithms that phpseclib supports + */ + public static function getSupportedMACAlgorithms(): array + { + return [ + 'hmac-sha2-256-etm@openssh.com', + 'hmac-sha2-512-etm@openssh.com', + 'hmac-sha1-etm@openssh.com', + + // from : + 'hmac-sha2-256',// RECOMMENDED HMAC-SHA256 (digest length = key length = 32) + 'hmac-sha2-512',// OPTIONAL HMAC-SHA512 (digest length = key length = 64) + + 'hmac-sha1-96', // RECOMMENDED first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20) + 'hmac-sha1', // REQUIRED HMAC-SHA1 (digest length = key length = 20) + 'hmac-md5-96', // OPTIONAL first 96 bits of HMAC-MD5 (digest length = 12, key length = 16) + 'hmac-md5', // OPTIONAL HMAC-MD5 (digest length = key length = 16) + + 'umac-64-etm@openssh.com', + 'umac-128-etm@openssh.com', + + // from : + 'umac-64@openssh.com', + 'umac-128@openssh.com', + + //'none' // OPTIONAL no MAC; NOT RECOMMENDED + ]; + } + + /** + * Returns a list of compression algorithms that phpseclib supports + */ + public static function getSupportedCompressionAlgorithms(): array + { + $algos = ['none']; // REQUIRED no compression + if (function_exists('deflate_init')) { + $algos[] = 'zlib@openssh.com'; // https://datatracker.ietf.org/doc/html/draft-miller-secsh-compression-delayed + $algos[] = 'zlib'; + } + return $algos; + } + + /** + * Return list of negotiated algorithms + * + * Uses the same format as https://www.php.net/ssh2-methods-negotiated + */ + public function getAlgorithmsNegotiated(): array + { + $this->connect(); + + $compression_map = [ + self::NET_SSH2_COMPRESSION_NONE => 'none', + self::NET_SSH2_COMPRESSION_ZLIB => 'zlib', + self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH => 'zlib@openssh.com', + ]; + + return [ + 'kex' => $this->kex_algorithm, + 'hostkey' => $this->signature_format, + 'client_to_server' => [ + 'crypt' => $this->encryptName, + 'mac' => $this->hmac_create_name, + 'comp' => $compression_map[$this->compress], + ], + 'server_to_client' => [ + 'crypt' => $this->decryptName, + 'mac' => $this->hmac_check_name, + 'comp' => $compression_map[$this->decompress], + ], + ]; + } + + /** + * Force multiple channels (even if phpseclib has decided to disable them) + */ + public function forceMultipleChannels(): void + { + $this->errorOnMultipleChannels = false; + } + + /** + * Allows you to set the terminal + */ + public function setTerminal(string $term): void + { + $this->term = $term; + } + + /** + * Accepts an associative array with up to four parameters as described at + * + */ + public function setPreferredAlgorithms(array $methods): void + { + $preferred = $methods; + + if (isset($preferred['kex'])) { + $preferred['kex'] = array_intersect( + $preferred['kex'], + static::getSupportedKEXAlgorithms() + ); + } + + if (isset($preferred['hostkey'])) { + $preferred['hostkey'] = array_intersect( + $preferred['hostkey'], + static::getSupportedHostKeyAlgorithms() + ); + } + + $keys = ['client_to_server', 'server_to_client']; + foreach ($keys as $key) { + if (isset($preferred[$key])) { + $a = &$preferred[$key]; + if (isset($a['crypt'])) { + $a['crypt'] = array_intersect( + $a['crypt'], + static::getSupportedEncryptionAlgorithms() + ); + } + if (isset($a['comp'])) { + $a['comp'] = array_intersect( + $a['comp'], + static::getSupportedCompressionAlgorithms() + ); + } + if (isset($a['mac'])) { + $a['mac'] = array_intersect( + $a['mac'], + static::getSupportedMACAlgorithms() + ); + } + } + } + + $keys = [ + 'kex', + 'hostkey', + 'client_to_server/crypt', + 'client_to_server/comp', + 'client_to_server/mac', + 'server_to_client/crypt', + 'server_to_client/comp', + 'server_to_client/mac', + ]; + foreach ($keys as $key) { + $p = $preferred; + $m = $methods; + + $subkeys = explode('/', $key); + foreach ($subkeys as $subkey) { + if (!isset($p[$subkey])) { + continue 2; + } + $p = $p[$subkey]; + $m = $m[$subkey]; + } + + if (count($p) != count($m)) { + $diff = array_diff($m, $p); + $msg = count($diff) == 1 ? + ' is not a supported algorithm' : + ' are not supported algorithms'; + throw new UnsupportedAlgorithmException(implode(', ', $diff) . $msg); + } + } + + $this->preferred = $preferred; + } + + /** + * Returns the banner message. + * + * Quoting from the RFC, "in some jurisdictions, sending a warning message before + * authentication may be relevant for getting legal protection." + */ + public function getBannerMessage(): string + { + return $this->banner_message; + } + + /** + * Returns the server public host key. + * + * Caching this the first time you connect to a server and checking the result on subsequent connections + * is recommended. Returns false if the server signature is not signed correctly with the public host key. + * + * @return string|false + * @throws RuntimeException on badly formatted keys + * @throws NoSupportedAlgorithmsException when the key isn't in a supported format + */ + public function getServerPublicHostKey() + { + if (!($this->bitmap & self::MASK_CONSTRUCTOR)) { + $this->connect(); + } + + $signature = $this->signature; + $server_public_host_key = base64_encode($this->server_public_host_key); + + if ($this->signature_validated) { + return $this->bitmap ? + $this->signature_format . ' ' . $server_public_host_key : + false; + } + + $this->signature_validated = true; + + switch ($this->signature_format) { + case 'ssh-ed25519': + case 'ecdsa-sha2-nistp256': + case 'ecdsa-sha2-nistp384': + case 'ecdsa-sha2-nistp521': + $key = EC::loadFormat('OpenSSH', $server_public_host_key) + ->withSignatureFormat('SSH2'); + switch ($this->signature_format) { + case 'ssh-ed25519': + $hash = 'sha512'; + break; + case 'ecdsa-sha2-nistp256': + $hash = 'sha256'; + break; + case 'ecdsa-sha2-nistp384': + $hash = 'sha384'; + break; + case 'ecdsa-sha2-nistp521': + $hash = 'sha512'; + } + $key = $key->withHash($hash); + break; + case 'ssh-dss': + $key = DSA::loadFormat('OpenSSH', $server_public_host_key) + ->withSignatureFormat('SSH2') + ->withHash('sha1'); + break; + case 'ssh-rsa': + case 'rsa-sha2-256': + case 'rsa-sha2-512': + // could be ssh-rsa, rsa-sha2-256, rsa-sha2-512 + // we don't check here because we already checked in key_exchange + // some signatures have the type embedded within the message and some don't + [, $signature] = Strings::unpackSSH2('ss', $signature); + + $key = RSA::loadFormat('OpenSSH', $server_public_host_key) + ->withPadding(RSA::SIGNATURE_PKCS1); + switch ($this->signature_format) { + case 'rsa-sha2-512': + $hash = 'sha512'; + break; + case 'rsa-sha2-256': + $hash = 'sha256'; + break; + //case 'ssh-rsa': + default: + $hash = 'sha1'; + } + $key = $key->withHash($hash); + break; + default: + $this->disconnect_helper(DisconnectReason::HOST_KEY_NOT_VERIFIABLE); + throw new NoSupportedAlgorithmsException('Unsupported signature format'); + } + + if (!$key->verify($this->exchange_hash, $signature)) { + return $this->disconnect_helper(DisconnectReason::HOST_KEY_NOT_VERIFIABLE); + }; + + return $this->signature_format . ' ' . $server_public_host_key; + } + + /** + * Returns the exit status of an SSH command or false. + * + * @return false|int + */ + public function getExitStatus() + { + if (is_null($this->exit_status)) { + return false; + } + return $this->exit_status; + } + + /** + * Returns the number of columns for the terminal window size. + */ + public function getWindowColumns(): int + { + return $this->windowColumns; + } + + /** + * Returns the number of rows for the terminal window size. + */ + public function getWindowRows(): int + { + return $this->windowRows; + } + + /** + * Sets the number of columns for the terminal window size. + */ + public function setWindowColumns(int $value): void + { + $this->windowColumns = $value; + } + + /** + * Sets the number of rows for the terminal window size. + */ + public function setWindowRows(int $value): void + { + $this->windowRows = $value; + } + + /** + * Sets the number of columns and rows for the terminal window size. + */ + public function setWindowSize(int $columns = 80, int $rows = 24): void + { + $this->windowColumns = $columns; + $this->windowRows = $rows; + } + + /** + * To String Magic Method + * + * @return string + */ + #[\ReturnTypeWillChange] + public function __toString() + { + return $this->getResourceId(); + } + + /** + * Get Resource ID + * + * We use {} because that symbols should not be in URL according to + * {@link http://tools.ietf.org/html/rfc3986#section-2 RFC}. + * It will safe us from any conflicts, because otherwise regexp will + * match all alphanumeric domains. + */ + public function getResourceId(): string + { + return '{' . spl_object_hash($this) . '}'; + } + + public static function getConnectionByResourceId(string $id): SSH2|null + { + if (array_key_exists($id, self::$connections)) { + /** + * @psalm-ignore-var + * @var SSH2|null $ssh2 + */ + $ssh2 = self::$connections[$id]->get(); + return $ssh2; + } + return null; + } + + /** + * Return all excising connections + * + * @return array + */ + public static function getConnections(): array + { + if (!class_exists('WeakReference')) { + /** @var array */ + return self::$connections; + } + $temp = []; + foreach (self::$connections as $key => $ref) { + $temp[$key] = $ref->get(); + } + return $temp; + } + + /** + * Update packet types in log history + */ + private function updateLogHistory(string $old, string $new): void + { + if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) { + $this->message_number_log[count($this->message_number_log) - 1] = str_replace( + $old, + $new, + $this->message_number_log[count($this->message_number_log) - 1] + ); + } + } + + /** + * Return the list of authentication methods that may productively continue authentication. + * + * @see https://tools.ietf.org/html/rfc4252#section-5.1 + */ + public function getAuthMethodsToContinue(): ?array + { + return $this->auth_methods_to_continue; + } + + /** + * Enables "smart" multi-factor authentication (MFA) + */ + public function enableSmartMFA(): void + { + $this->smartMFA = true; + } + + /** + * Disables "smart" multi-factor authentication (MFA) + */ + public function disableSmartMFA(): void + { + $this->smartMFA = false; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/Net/SSH2/ChannelConnectionFailureReason.php b/qa-tool/htdocs/oidc/phpseclib/Net/SSH2/ChannelConnectionFailureReason.php new file mode 100644 index 0000000..9fae801 --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/Net/SSH2/ChannelConnectionFailureReason.php @@ -0,0 +1,16 @@ + + * login('username', $agent)) { + * exit('Login Failed'); + * } + * + * echo $ssh->exec('pwd'); + * echo $ssh->exec('ls -la'); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2014 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\System\SSH; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\PublicKeyLoader; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Net\SSH2; +use phpseclib3\System\SSH\Agent\Identity; + +/** + * Pure-PHP ssh-agent client identity factory + * + * requestIdentities() method pumps out \phpseclib3\System\SSH\Agent\Identity objects + * + * @author Jim Wigginton + */ +class Agent +{ + use Common\Traits\ReadBytes; + + // Message numbers + + // to request SSH1 keys you have to use SSH_AGENTC_REQUEST_RSA_IDENTITIES (1) + public const SSH_AGENTC_REQUEST_IDENTITIES = 11; + // this is the SSH2 response; the SSH1 response is SSH_AGENT_RSA_IDENTITIES_ANSWER (2). + public const SSH_AGENT_IDENTITIES_ANSWER = 12; + // the SSH1 request is SSH_AGENTC_RSA_CHALLENGE (3) + public const SSH_AGENTC_SIGN_REQUEST = 13; + // the SSH1 response is SSH_AGENT_RSA_RESPONSE (4) + public const SSH_AGENT_SIGN_RESPONSE = 14; + + // Agent forwarding status + + // no forwarding requested and not active + public const FORWARD_NONE = 0; + // request agent forwarding when opportune + public const FORWARD_REQUEST = 1; + // forwarding has been request and is active + public const FORWARD_ACTIVE = 2; + + /** + * Unused + */ + public const SSH_AGENT_FAILURE = 5; + + /** + * Socket Resource + * + * @var resource + */ + private $fsock; + + /** + * Agent forwarding status + * + * @var int + */ + private $forward_status = self::FORWARD_NONE; + + /** + * Buffer for accumulating forwarded authentication + * agent data arriving on SSH data channel destined + * for agent unix socket + * + * @var string + */ + private $socket_buffer = ''; + + /** + * Tracking the number of bytes we are expecting + * to arrive for the agent socket on the SSH data + * channel + * + * @var int + */ + private $expected_bytes = 0; + + /** + * Default Constructor + * + * @return Agent + * @throws BadConfigurationException if SSH_AUTH_SOCK cannot be found + * @throws RuntimeException on connection errors + */ + public function __construct(?string $address = null) + { + if (!$address) { + switch (true) { + case isset($_SERVER['SSH_AUTH_SOCK']): + $address = $_SERVER['SSH_AUTH_SOCK']; + break; + case isset($_ENV['SSH_AUTH_SOCK']): + $address = $_ENV['SSH_AUTH_SOCK']; + break; + default: + throw new BadConfigurationException('SSH_AUTH_SOCK not found'); + } + } + + if (in_array('unix', stream_get_transports())) { + $this->fsock = fsockopen('unix://' . $address, 0, $errno, $errstr); + if (!$this->fsock) { + throw new RuntimeException("Unable to connect to ssh-agent (Error $errno: $errstr)"); + } + } else { + if (substr($address, 0, 9) != '\\\\.\\pipe\\' || str_contains(substr($address, 9), '\\')) { + throw new RuntimeException('Address is not formatted as a named pipe should be'); + } + + $this->fsock = fopen($address, 'r+b'); + if (!$this->fsock) { + throw new RuntimeException('Unable to open address'); + } + } + } + + /** + * Request Identities + * + * See "2.5.2 Requesting a list of protocol 2 keys" + * Returns an array containing zero or more \phpseclib3\System\SSH\Agent\Identity objects + * + * @throws RuntimeException on receipt of unexpected packets + */ + public function requestIdentities(): array + { + if (!$this->fsock) { + return []; + } + + $packet = pack('NC', 1, self::SSH_AGENTC_REQUEST_IDENTITIES); + if (strlen($packet) != fwrite($this->fsock, $packet)) { + throw new RuntimeException('Connection closed while requesting identities'); + } + + $length = current(unpack('N', $this->readBytes(4))); + $packet = $this->readBytes($length); + + [$type, $keyCount] = Strings::unpackSSH2('CN', $packet); + if ($type != self::SSH_AGENT_IDENTITIES_ANSWER) { + throw new RuntimeException('Unable to request identities'); + } + + $identities = []; + for ($i = 0; $i < $keyCount; $i++) { + [$key_blob, $comment] = Strings::unpackSSH2('ss', $packet); + $temp = $key_blob; + [$key_type] = Strings::unpackSSH2('s', $temp); + switch ($key_type) { + case 'ssh-rsa': + case 'ssh-dss': + case 'ssh-ed25519': + case 'ecdsa-sha2-nistp256': + case 'ecdsa-sha2-nistp384': + case 'ecdsa-sha2-nistp521': + $key = PublicKeyLoader::load($key_type . ' ' . base64_encode($key_blob)); + } + // resources are passed by reference by default + if (isset($key)) { + $identity = (new Identity($this->fsock)) + ->withPublicKey($key) + ->withPublicKeyBlob($key_blob) + ->withComment($comment); + $identities[] = $identity; + unset($key); + } + } + + return $identities; + } + + /** + * Returns the SSH Agent identity matching a given public key or null if no identity is found + * + * @return ?Identity + */ + public function findIdentityByPublicKey(PublicKey $key) + { + $identities = $this->requestIdentities(); + $key = (string) $key; + foreach ($identities as $identity) { + if (((string) $identity->getPublicKey()) == $key) { + return $identity; + } + } + + return null; + } + + /** + * Signal that agent forwarding should + * be requested when a channel is opened + */ + public function startSSHForwarding(): void + { + if ($this->forward_status == self::FORWARD_NONE) { + $this->forward_status = self::FORWARD_REQUEST; + } + } + + /** + * Request agent forwarding of remote server + */ + private function request_forwarding(SSH2 $ssh): bool + { + if (!$ssh->requestAgentForwarding()) { + return false; + } + + $this->forward_status = self::FORWARD_ACTIVE; + + return true; + } + + /** + * On successful channel open + * + * This method is called upon successful channel + * open to give the SSH Agent an opportunity + * to take further action. i.e. request agent forwarding + */ + public function registerChannelOpen(SSH2 $ssh): void + { + if ($this->forward_status == self::FORWARD_REQUEST) { + $this->request_forwarding($ssh); + } + } + + /** + * Forward data to SSH Agent and return data reply + * + * @return string Data from SSH Agent + * @throws RuntimeException on connection errors + */ + public function forwardData(string $data) + { + if ($this->expected_bytes > 0) { + $this->socket_buffer .= $data; + $this->expected_bytes -= strlen($data); + } else { + $agent_data_bytes = current(unpack('N', $data)); + $current_data_bytes = strlen($data); + $this->socket_buffer = $data; + if ($current_data_bytes != $agent_data_bytes + 4) { + $this->expected_bytes = ($agent_data_bytes + 4) - $current_data_bytes; + return false; + } + } + + if (strlen($this->socket_buffer) != fwrite($this->fsock, $this->socket_buffer)) { + throw new RuntimeException('Connection closed attempting to forward data to SSH agent'); + } + + $this->socket_buffer = ''; + $this->expected_bytes = 0; + + $agent_reply_bytes = current(unpack('N', $this->readBytes(4))); + + $agent_reply_data = $this->readBytes($agent_reply_bytes); + $agent_reply_data = current(unpack('a*', $agent_reply_data)); + + return pack('Na*', $agent_reply_bytes, $agent_reply_data); + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/System/SSH/Agent/Identity.php b/qa-tool/htdocs/oidc/phpseclib/System/SSH/Agent/Identity.php new file mode 100644 index 0000000..137bfbb --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/System/SSH/Agent/Identity.php @@ -0,0 +1,333 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\System\SSH\Agent; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\RSA; +use phpseclib3\Exception\RuntimeException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\System\SSH\Agent; +use phpseclib3\System\SSH\Common\Traits\ReadBytes; + +/** + * Pure-PHP ssh-agent client identity object + * + * Instantiation should only be performed by \phpseclib3\System\SSH\Agent class. + * This could be thought of as implementing an interface that phpseclib3\Crypt\RSA + * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something. + * The methods in this interface would be getPublicKey and sign since those are the + * methods phpseclib looks for to perform public key authentication. + * + * @author Jim Wigginton + * @internal + */ +class Identity implements PrivateKey +{ + use ReadBytes; + + // Signature Flags + // See https://tools.ietf.org/html/draft-miller-ssh-agent-00#section-5.3 + public const SSH_AGENT_RSA2_256 = 2; + public const SSH_AGENT_RSA2_512 = 4; + + /** + * Key Object + * + * @var PublicKey + * @see self::getPublicKey() + */ + private $key; + + /** + * Key Blob + * + * @var string + * @see self::sign() + */ + private $key_blob; + + /** + * Socket Resource + * + * @var resource + * @see self::sign() + */ + private $fsock; + + /** + * Signature flags + * + * @var int + * @see self::sign() + * @see self::setHash() + */ + private $flags = 0; + + /** + * Comment + * + * @var null|string + */ + private $comment; + + /** + * Curve Aliases + * + * @var array + */ + private static $curveAliases = [ + 'secp256r1' => 'nistp256', + 'secp384r1' => 'nistp384', + 'secp521r1' => 'nistp521', + 'Ed25519' => 'Ed25519', + ]; + + /** + * Default Constructor. + * + * @param resource $fsock + */ + public function __construct($fsock) + { + $this->fsock = $fsock; + } + + /** + * Set Public Key + * + * Called by \phpseclib3\System\SSH\Agent::requestIdentities() + */ + public function withPublicKey(PublicKey $key): Identity + { + if ($key instanceof EC) { + if (is_array($key->getCurve()) || !isset(self::$curveAliases[$key->getCurve()])) { + throw new UnsupportedAlgorithmException('The only supported curves are nistp256, nistp384, nistp512 and Ed25519'); + } + } + + $new = clone $this; + $new->key = $key; + return $new; + } + + /** + * Set Public Key + * + * Called by \phpseclib3\System\SSH\Agent::requestIdentities(). The key blob could be extracted from $this->key + * but this saves a small amount of computation. + */ + public function withPublicKeyBlob(string $key_blob): Identity + { + $new = clone $this; + $new->key_blob = $key_blob; + return $new; + } + + /** + * Get Public Key + * + * Wrapper for $this->key->getPublicKey() + */ + public function getPublicKey(): PublicKey + { + return $this->key; + } + + /** + * Sets the hash + */ + public function withHash(string $hash): Identity + { + $new = clone $this; + + $hash = strtolower($hash); + + if ($this->key instanceof RSA) { + $new->flags = 0; + switch ($hash) { + case 'sha1': + break; + case 'sha256': + $new->flags = self::SSH_AGENT_RSA2_256; + break; + case 'sha512': + $new->flags = self::SSH_AGENT_RSA2_512; + break; + default: + throw new UnsupportedAlgorithmException('The only supported hashes for RSA are sha1, sha256 and sha512'); + } + } + if ($this->key instanceof EC) { + switch ($this->key->getCurve()) { + case 'secp256r1': + $expectedHash = 'sha256'; + break; + case 'secp384r1': + $expectedHash = 'sha384'; + break; + //case 'secp521r1': + //case 'Ed25519': + default: + $expectedHash = 'sha512'; + } + if ($hash != $expectedHash) { + throw new UnsupportedAlgorithmException('The only supported hash for ' . self::$curveAliases[$this->key->getCurve()] . ' is ' . $expectedHash); + } + } + if ($this->key instanceof DSA) { + if ($hash != 'sha1') { + throw new UnsupportedAlgorithmException('The only supported hash for DSA is sha1'); + } + } + return $new; + } + + /** + * Sets the padding + * + * Only PKCS1 padding is supported + */ + public function withPadding(int $padding): Identity + { + if (!$this->key instanceof RSA) { + throw new UnsupportedAlgorithmException('Only RSA keys support padding'); + } + if ($padding != RSA::SIGNATURE_PKCS1 && $padding != RSA::SIGNATURE_RELAXED_PKCS1) { + throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); + } + return $this; + } + + /** + * Determines the signature padding mode + * + * Valid values are: ASN1, SSH2, Raw + */ + public function withSignatureFormat(string $format): Identity + { + if ($this->key instanceof RSA) { + throw new UnsupportedAlgorithmException('Only DSA and EC keys support signature format setting'); + } + if ($format != 'SSH2') { + throw new UnsupportedAlgorithmException('Only SSH2-formatted signatures are currently supported'); + } + + return $this; + } + + /** + * Returns the curve + * + * Returns a string if it's a named curve, an array if not + * + * @return string|array + */ + public function getCurve() + { + if (!$this->key instanceof EC) { + throw new UnsupportedAlgorithmException('Only EC keys have curves'); + } + + return $this->key->getCurve(); + } + + /** + * Create a signature + * + * See "2.6.2 Protocol 2 private key signature request" + * + * @param string $message + * @throws RuntimeException on connection errors + * @throws UnsupportedAlgorithmException if the algorithm is unsupported + */ + public function sign($message): string + { + // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE + $packet = Strings::packSSH2( + 'CssN', + Agent::SSH_AGENTC_SIGN_REQUEST, + $this->key_blob, + $message, + $this->flags + ); + $packet = Strings::packSSH2('s', $packet); + if (strlen($packet) != fwrite($this->fsock, $packet)) { + throw new RuntimeException('Connection closed during signing'); + } + + $length = current(unpack('N', $this->readBytes(4))); + $packet = $this->readBytes($length); + + [$type, $signature_blob] = Strings::unpackSSH2('Cs', $packet); + if ($type != Agent::SSH_AGENT_SIGN_RESPONSE) { + throw new RuntimeException('Unable to retrieve signature'); + } + + if (!$this->key instanceof RSA) { + return $signature_blob; + } + + [$type, $signature_blob] = Strings::unpackSSH2('ss', $signature_blob); + + return $signature_blob; + } + + /** + * Returns the private key + * + * @param array $options optional + */ + public function toString(string $type, array $options = []): string + { + throw new RuntimeException('ssh-agent does not provide a mechanism to get the private key'); + } + + /** + * Sets the password + * + * @return never + */ + public function withPassword(?string $password = null): PrivateKey + { + throw new RuntimeException('ssh-agent does not provide a mechanism to get the private key'); + } + + /** + * Sets the comment + */ + public function withComment($comment = null) + { + $new = clone $this; + $new->comment = $comment; + return $new; + } + + /** + * Returns the comment + * + * @return null|string + */ + public function getComment() + { + return $this->comment; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/System/SSH/Common/Traits/ReadBytes.php b/qa-tool/htdocs/oidc/phpseclib/System/SSH/Common/Traits/ReadBytes.php new file mode 100644 index 0000000..1eb1bff --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/System/SSH/Common/Traits/ReadBytes.php @@ -0,0 +1,43 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +declare(strict_types=1); + +namespace phpseclib3\System\SSH\Common\Traits; + +use phpseclib3\Exception\RuntimeException; + +/** + * ReadBytes trait + * + * @author Jim Wigginton + */ +trait ReadBytes +{ + /** + * Read data + * + * @throws RuntimeException on connection errors + */ + public function readBytes(int $length): string + { + $temp = fread($this->fsock, $length); + if ($temp === false) { + throw new RuntimeException('\fread() failed.'); + } + if (strlen($temp) !== $length) { + throw new RuntimeException("Expected $length bytes; got " . strlen($temp)); + } + return $temp; + } +} diff --git a/qa-tool/htdocs/oidc/phpseclib/bootstrap.php b/qa-tool/htdocs/oidc/phpseclib/bootstrap.php new file mode 100644 index 0000000..7aededc --- /dev/null +++ b/qa-tool/htdocs/oidc/phpseclib/bootstrap.php @@ -0,0 +1,24 @@ + \ No newline at end of file diff --git a/qa-tool/htdocs/style.css b/qa-tool/htdocs/style.css new file mode 100644 index 0000000..fe93135 --- /dev/null +++ b/qa-tool/htdocs/style.css @@ -0,0 +1,376 @@ +/* +style.css — aufgeräumt & ausführlich kommentiert +Projekt: QA System (Test-Template-Lader, Runner & Exporter) +Firma: o-byte.com telekommunikation +Stand: 2025-09-01T17:35:27 + +Hinweis: +- Funktionen sind mit JSDoc kommentiert (Parameter/Return, Nebenwirkungen). +- Größere Codeabschnitte haben Abschnittsbanner. +- Keine funktionalen Änderungen, nur Kommentare & leichte Struktur. +*/ + +/* ===== Dark Theme (wie bei dir) ===== */ +/* ===== Design-Tokens & Variablen ===== */ +:root{ + --bg:#0b0c0f; + --surface:#0f1117; + --surface2:#12141a; + --text:#e7e7ea; + --muted:#a7a7b0; + --stroke:#232633; + --stroke2:#2a2d36; + --accent:#00A7E6; + + --ok:#22c55e; /* pass */ + --warn:#f59e0b; /* blocked */ + --bad:#ef4444; /* fail */ + --dim:#6b7280; /* skip */ +} + +*{ box-sizing:border-box } +html,body{ margin:0; padding:0; background:var(--bg); color:var(--text); font-family:Inter, system-ui, Segoe UI, Roboto, Arial, sans-serif } +a{ color:#8ec7ff } + +/* Header */ +/* ===== Kopfbereich ===== */ +header { display:flex; align-items:center; gap:12px; padding:12px 10px 8px 10px } +.brand{ display:flex; align-items:center; gap:10px; min-width:0; } +.brand img{ height:28px; width:auto; max-width:220px; object-fit:contain; } +h1{ margin:0; font-size:22px; white-space:nowrap; } +.tag{ + display:inline-block; font-size:12px; line-height:1; + padding:6px 8px; border:1px solid var(--stroke2); border-radius:999px; + color:var(--muted); background:#12141a; +} + +/* Panels / Layout */ +.wrapper{ padding: 10px } +.panel{ + background:var(--surface); + border:1px solid var(--stroke); + border-radius:12px; + padding:12px; + margin-bottom:10px; +} + +/* Meta-Form */ +section.meta{ + display:grid; grid-template-columns: repeat(6, 1fr); + gap:12px; margin-bottom:8px; +} +section.meta .row{ grid-column:1/-1; display:flex; gap:10px; align-items:center } +label.btn.like-label{ + display:inline-block; padding:8px 14px; border-radius:12px; cursor:pointer; + background:var(--surface2); border:1px solid var(--stroke2); color:var(--text); +} +#yamlFile{ display:none } +section.meta label{ display:flex; flex-direction:column; gap:6px; font-size:12px; color:var(--muted) } +section.meta input{ + padding:10px 12px; border:1px solid var(--stroke2); border-radius:10px; + background:var(--surface2); color:var(--text); +} + +/* Buttons */ +button,.btn{ + background:var(--surface2); border:1px solid var(--stroke2); color:var(--text); + padding:10px 14px; border-radius:12px; cursor:pointer; transition:.15s; height:40px +} +button:hover,.btn:hover{ filter:brightness(1.1) } + +/* Steps-Tabelle */ +/* ===== Tabelle der Testschritte ===== */ +#stepsTable { width:100%; border-collapse:separate; border-spacing:0 8px; table-layout: fixed; } +#stepsTable thead th{ + text-align:left; font-size:14px; color:#c7cfe1; + padding:8px 10px; border-bottom:1px solid var(--stroke); +} +#stepsTable tbody tr{ background:var(--surface); border:1px solid var(--stroke2); border-radius:12px; } +#stepsTable td{ padding:10px; vertical-align:top; } + +/* Gruppenzeile */ +tr.group-row{ + background: linear-gradient(0deg, rgba(0,167,230,0.10), rgba(0,167,230,0.10)); + border:1px solid var(--stroke2); + border-left:3px solid var(--accent); +} +tr.group-row .group-title{ + font-weight:700; letter-spacing:.2px; +} + +/* Kleine Utilitys für Status-Buttons an Gruppen */ +.group-row .group-actions{ + display:flex; gap:6px; align-items:center; +} +.group-row .btn-group-status{ + padding:4px 8px; font-size:12px; line-height:1; +} + +/* Drag & Drop – visuelle Hinweise */ +tr.dragging{ + opacity:.55; +} +tr.drag-over{ + outline:2px dashed var(--accent); + outline-offset:-2px; +} +tr.drag-over[data-pos="before"]{ + box-shadow: 0 -3px 0 var(--accent) inset; +} +tr.drag-over[data-pos="after"]{ + box-shadow: 0 3px 0 var(--accent) inset; +} +/* Bessere Klick-Ziele für Header-Aktionen */ +.group-row .step-head > div{ + display:flex; gap:6px; align-items:center; +} + + +/* Collapse: versteckte Step-Zeilen */ +tr[data-hidden="1"]{ display:none; } +.group-row .btn-toggle-group{ margin-left:8px; } +.group-row .btn-toggle-group .chev{ + display:inline-block; transition:transform .15s ease; +} +.group-row[data-collapsed="1"] .btn-toggle-group .chev{ + transform: rotate(-90deg); +} + +/* Beim Browser-Druck (nur Editor-Ansicht) – optional */ +@media print{ + .group-row{ break-before: page; } +} + +/* Spaltenbreiten */ +#stepsTable th:nth-child(1), #stepsTable td:nth-child(1){ width:25%; } /* Step + Titel */ +#stepsTable th:nth-child(2), #stepsTable td:nth-child(2){ width:28%; } /* Expected */ +#stepsTable th:nth-child(3), #stepsTable td:nth-child(3){ width:5%; } /* Status */ +#stepsTable th:nth-child(4), #stepsTable td:nth-child(4){ width:26%; } /* Kommentar/Evidenz */ + +/* Gruppe: Eingabefeld */ +.tpl-group-title{ + width:100%; padding:10px 12px; border:1px solid var(--stroke2); border-radius:10px; background:var(--surface2); color:var(--text); +} + +/* Eingabefelder */ +#stepsTable input[type="text"], #stepsTable textarea, #stepsTable select{ + width:100%; max-width:100%; box-sizing:border-box; + border:1px solid var(--stroke2); border-radius:10px; + background:var(--surface2); color:var(--text); padding:10px; font-size:14px; outline:none; +} + +/* Erste Spalte: ID | Titel | Pin | Löschen */ +#stepsTable td.cell-step .step-head{ + display:grid; grid-template-columns:auto 1fr auto auto; gap:8px; align-items:center; margin-bottom:6px; +} +#stepsTable td.cell-step .tpl-id{ width:15ch } +#stepsTable td.cell-step .tpl-title{ + display:block; width:100%; + min-height:40px; + resize:vertical; + overflow-wrap:break-word; word-break:break-word; +} +#stepsTable td.cell-step .req-pin{ opacity:.9 } +#stepsTable td.cell-step .btn-delete-step{ + width:36px; height:36px; display:inline-flex; align-items:center; justify-content:center; padding:0; margin:0; line-height:1; +} +#stepsTable td.cell-step .req-row{ + display:inline-flex; gap:6px; align-items:center; font-size:12px; color:var(--muted); +} + +/* Expected */ +#stepsTable .tpl-expected{ min-height:90px } + +/* Status-Färbung für Select */ +select.status.st-pass { background:rgba(34,197,94,.12); border-color:rgba(34,197,94,.25) } +select.status.st-fail { background:rgba(239,68,68,.12); border-color:rgba(239,68,68,.25) } +select.status.st-skip { background:rgba(107,114,128,.12);border-color:rgba(107,114,128,.25) } +select.status.st-blocked{ background:rgba(245,158,11,.12); border-color:rgba(245,158,11,.25) } + +/* Deutlichere Färbung für ganze Zeile */ +tr.row-pass { + background-color: rgba(34,197,94,0.18) !important; + border-color: rgba(34,197,94,0.35) !important; +} +tr.row-fail { + background-color: rgba(239,68,68,0.18) !important; + border-color: rgba(239,68,68,0.35) !important; +} +tr.row-skip { + background-color: rgba(107,114,128,0.18) !important; + border-color: rgba(107,114,128,0.35) !important; +} +tr.row-blocked { + background-color: rgba(245,158,11,0.18) !important; + border-color: rgba(245,158,11,0.35) !important; +} + +/* Footer Buttons */ +.footer-actions{ display:flex; flex-wrap:wrap; gap:12px; margin-top:8px } + +/* === Fix 1: Inputs im Dark-Theme ==================== */ +#stepsTable td input, +#stepsTable td textarea, +#stepsTable td select { + background: var(--surface2) !important; + color: var(--text) !important; + border: 1px solid var(--stroke2) !important; + box-shadow: none !important; +} +#stepsTable ::placeholder { color: var(--muted); opacity: .9; } +#stepsTable input:-webkit-autofill, +#stepsTable textarea:-webkit-autofill, +#stepsTable select:-webkit-autofill { + -webkit-text-fill-color: var(--text); + transition: background-color 9999s ease-in-out 0s; + box-shadow: 0 0 0px 1000px var(--surface2) inset !important; +} + +/* === Fix 2: Header spacing =============================== */ +/* ===== Kopfbereich ===== */ +header { + padding-top: 14px !important; + padding-bottom: 10px !important; +} +header .brand img { height: 28px; } +header h1 { margin-left: 2px; } + +/* Meta-Panel Abstand */ +section.meta { margin-bottom: 14px !important; } +section.meta label { line-height: 1.2; } + +/* === Fix 3: Datei auswählen ============================ */ +#yamlFile { display: none; } +label.like-label { + display: inline-flex; + align-items: center; + gap: 8px; + height: 40px; + padding: 0 14px; + background: var(--surface2); + border: 1px solid var(--stroke2); + border-radius: 12px; + color: var(--text); + cursor: pointer; + user-select: none; +} +label.like-label:hover { filter: brightness(1.08); } +#statusTag { + display: inline-flex; + align-items: center; + min-height: 40px; + padding: 0 8px; + color: var(--muted); +} + +/* === Fix 4: Kommentar/Evidenz Spalte ==================== */ +#stepsTable td:nth-child(4) textarea.run-comment { + min-height: 80px; +} +#stepsTable td:nth-child(4) .run-evidence { + margin-top: 8px; + height: 40px; +} + +/* === Header Final Fix =================================== */ +/* ===== Kopfbereich ===== */ +header { + display: flex; + align-items: center; + justify-content: space-between; + padding: 16px 20px; + background: var(--surface1); + border-bottom: 1px solid var(--stroke1); +} +header .brand { display: flex; align-items: center; gap: 10px; } +header .brand img { height: 32px; } +header .brand h1 { + font-size: 1.3rem; + font-weight: 600; + margin: 0; + color: var(--text); +} +header .actions { display: flex; align-items: center; gap: 10px; } +#statusTag { + padding: 6px 10px; + border-radius: 8px; + font-size: 0.9rem; + color: var(--muted); + background: var(--surface2); + white-space: nowrap; +} + + +/* === Theming for GitLab dropdown === */ +#gitlabTplSelect { + /* System-Rendering neutralisieren, damit Farben greifen */ + -webkit-appearance: none; + -moz-appearance: none; + appearance: none; + background: var(--surface2, #1a1a1a); + color: var(--text, #eaeaea); + border: 1px solid rgba(255,255,255,0.12); + padding: 8px 10px; + border-radius: 8px; + outline: none; +} +#gitlabTplSelect:focus { + border-color: var(--accent, #18a0fb); + box-shadow: 0 0 0 2px rgba(24,160,251,0.25); +} + +/* === Group row success/fail highlights === */ +tr.group-row.group-ok { background: rgba(16,185,129,0.10); border-left: 4px solid #10b981; } +tr.group-row.group-fail { background: rgba(239,68,68,0.10); border-left: 4px solid #ef4444; } + +/* Tag status helpers */ +.tag.ok { background: rgba(16,185,129,0.15); color: #d1fae5; border-color: #10b981; } +.tag.bad { background: rgba(239,68,68,0.15); color: #fee2e2; border-color: #ef4444; } +.tag.warn { background: rgba(245,158,11,0.15); color: #ffedd5; border-color: #f59e0b; } + + +/* === Meta selects (ensures dark theming across engines) === */ +section.meta select { + -webkit-appearance: none; + -moz-appearance: none; + appearance: none; + background: var(--surface2) !important; + background-color: var(--surface2) !important; + color: var(--text) !important; + border: 1px solid var(--stroke2) !important; + padding: 8px 10px; + border-radius: 8px; + outline: none; +} + +/* Stronger group-row colors (more visible) */ +tr.group-row.group-ok { + background-color: rgba(34,197,94,0.12) !important; + border-left: 4px solid #10b981 !important; +} +tr.group-row.group-fail { + background-color: rgba(239,68,68,0.12) !important; + border-left: 4px solid #ef4444 !important; +} + +/* ===== Drag-Handle nur rechts am Rand ===== */ +.drag-handle{ + justify-self:end; + align-self:stretch; + padding:0 8px; + cursor:grab; + user-select:none; + display:flex; + align-items:center; + font-weight:700; + letter-spacing:1px; + opacity:.6; +} +.drag-handle:active{ cursor:grabbing; opacity:.9 } +tr.dragging{ opacity:.85 } + +/* Step-Row: +1 Spalte für Handle */ +#stepsTable td.cell-step .step-head{ grid-template-columns:auto 1fr auto auto auto; } + +/* Group-Row: +1 Spalte für Handle */ +.group-row .step-head{ display:grid; grid-template-columns:1fr auto auto; gap:8px; align-items:center; } diff --git a/qa-tool/htdocs/vendor/autoload.php b/qa-tool/htdocs/vendor/autoload.php new file mode 100644 index 0000000..5a8f068 --- /dev/null +++ b/qa-tool/htdocs/vendor/autoload.php @@ -0,0 +1,25 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see https://www.php-fig.org/psr/psr-0/ + * @see https://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + /** @var \Closure(string):void */ + private static $includeFile; + + /** @var string|null */ + private $vendorDir; + + // PSR-4 + /** + * @var array> + */ + private $prefixLengthsPsr4 = array(); + /** + * @var array> + */ + private $prefixDirsPsr4 = array(); + /** + * @var list + */ + private $fallbackDirsPsr4 = array(); + + // PSR-0 + /** + * List of PSR-0 prefixes + * + * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2'))) + * + * @var array>> + */ + private $prefixesPsr0 = array(); + /** + * @var list + */ + private $fallbackDirsPsr0 = array(); + + /** @var bool */ + private $useIncludePath = false; + + /** + * @var array + */ + private $classMap = array(); + + /** @var bool */ + private $classMapAuthoritative = false; + + /** + * @var array + */ + private $missingClasses = array(); + + /** @var string|null */ + private $apcuPrefix; + + /** + * @var array + */ + private static $registeredLoaders = array(); + + /** + * @param string|null $vendorDir + */ + public function __construct($vendorDir = null) + { + $this->vendorDir = $vendorDir; + self::initializeIncludeClosure(); + } + + /** + * @return array> + */ + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', array_values($this->prefixesPsr0)); + } + + return array(); + } + + /** + * @return array> + */ + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + /** + * @return list + */ + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + /** + * @return list + */ + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + /** + * @return array Array of classname => path + */ + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + * + * @return void + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param list|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + * + * @return void + */ + public function add($prefix, $paths, $prepend = false) + { + $paths = (array) $paths; + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param list|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + * + * @return void + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + $paths = (array) $paths; + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param list|string $paths The PSR-0 base directories + * + * @return void + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param list|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + * + * @return void + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + * + * @return void + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + * + * @return void + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + * + * @return void + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + * + * @return void + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + + if (null === $this->vendorDir) { + return; + } + + if ($prepend) { + self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders; + } else { + unset(self::$registeredLoaders[$this->vendorDir]); + self::$registeredLoaders[$this->vendorDir] = $this; + } + } + + /** + * Unregisters this instance as an autoloader. + * + * @return void + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + + if (null !== $this->vendorDir) { + unset(self::$registeredLoaders[$this->vendorDir]); + } + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return true|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + $includeFile = self::$includeFile; + $includeFile($file); + + return true; + } + + return null; + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { + return false; + } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if (false === $file && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { + // Remember that this class does not exist. + $this->missingClasses[$class] = true; + } + + return $file; + } + + /** + * Returns the currently registered loaders keyed by their corresponding vendor directories. + * + * @return array + */ + public static function getRegisteredLoaders() + { + return self::$registeredLoaders; + } + + /** + * @param string $class + * @param string $ext + * @return string|false + */ + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + $subPath = $class; + while (false !== $lastPos = strrpos($subPath, '\\')) { + $subPath = substr($subPath, 0, $lastPos); + $search = $subPath . '\\'; + if (isset($this->prefixDirsPsr4[$search])) { + $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); + foreach ($this->prefixDirsPsr4[$search] as $dir) { + if (file_exists($file = $dir . $pathEnd)) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + + return false; + } + + /** + * @return void + */ + private static function initializeIncludeClosure() + { + if (self::$includeFile !== null) { + return; + } + + /** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + * + * @param string $file + * @return void + */ + self::$includeFile = \Closure::bind(static function($file) { + include $file; + }, null, null); + } +} diff --git a/qa-tool/htdocs/vendor/composer/InstalledVersions.php b/qa-tool/htdocs/vendor/composer/InstalledVersions.php new file mode 100644 index 0000000..51e734a --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/InstalledVersions.php @@ -0,0 +1,359 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer; + +use Composer\Autoload\ClassLoader; +use Composer\Semver\VersionParser; + +/** + * This class is copied in every Composer installed project and available to all + * + * See also https://getcomposer.org/doc/07-runtime.md#installed-versions + * + * To require its presence, you can require `composer-runtime-api ^2.0` + * + * @final + */ +class InstalledVersions +{ + /** + * @var mixed[]|null + * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array}|array{}|null + */ + private static $installed; + + /** + * @var bool|null + */ + private static $canGetVendors; + + /** + * @var array[] + * @psalm-var array}> + */ + private static $installedByVendor = array(); + + /** + * Returns a list of all package names which are present, either by being installed, replaced or provided + * + * @return string[] + * @psalm-return list + */ + public static function getInstalledPackages() + { + $packages = array(); + foreach (self::getInstalled() as $installed) { + $packages[] = array_keys($installed['versions']); + } + + if (1 === \count($packages)) { + return $packages[0]; + } + + return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); + } + + /** + * Returns a list of all package names with a specific type e.g. 'library' + * + * @param string $type + * @return string[] + * @psalm-return list + */ + public static function getInstalledPackagesByType($type) + { + $packagesByType = array(); + + foreach (self::getInstalled() as $installed) { + foreach ($installed['versions'] as $name => $package) { + if (isset($package['type']) && $package['type'] === $type) { + $packagesByType[] = $name; + } + } + } + + return $packagesByType; + } + + /** + * Checks whether the given package is installed + * + * This also returns true if the package name is provided or replaced by another package + * + * @param string $packageName + * @param bool $includeDevRequirements + * @return bool + */ + public static function isInstalled($packageName, $includeDevRequirements = true) + { + foreach (self::getInstalled() as $installed) { + if (isset($installed['versions'][$packageName])) { + return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false; + } + } + + return false; + } + + /** + * Checks whether the given package satisfies a version constraint + * + * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call: + * + * Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3') + * + * @param VersionParser $parser Install composer/semver to have access to this class and functionality + * @param string $packageName + * @param string|null $constraint A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package + * @return bool + */ + public static function satisfies(VersionParser $parser, $packageName, $constraint) + { + $constraint = $parser->parseConstraints((string) $constraint); + $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); + + return $provided->matches($constraint); + } + + /** + * Returns a version constraint representing all the range(s) which are installed for a given package + * + * It is easier to use this via isInstalled() with the $constraint argument if you need to check + * whether a given version of a package is installed, and not just whether it exists + * + * @param string $packageName + * @return string Version constraint usable with composer/semver + */ + public static function getVersionRanges($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + $ranges = array(); + if (isset($installed['versions'][$packageName]['pretty_version'])) { + $ranges[] = $installed['versions'][$packageName]['pretty_version']; + } + if (array_key_exists('aliases', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); + } + if (array_key_exists('replaced', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); + } + if (array_key_exists('provided', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); + } + + return implode(' || ', $ranges); + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present + */ + public static function getVersion($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['version'])) { + return null; + } + + return $installed['versions'][$packageName]['version']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present + */ + public static function getPrettyVersion($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['pretty_version'])) { + return null; + } + + return $installed['versions'][$packageName]['pretty_version']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference + */ + public static function getReference($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['reference'])) { + return null; + } + + return $installed['versions'][$packageName]['reference']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path. + */ + public static function getInstallPath($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @return array + * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool} + */ + public static function getRootPackage() + { + $installed = self::getInstalled(); + + return $installed[0]['root']; + } + + /** + * Returns the raw installed.php data for custom implementations + * + * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. + * @return array[] + * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} + */ + public static function getRawData() + { + @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED); + + if (null === self::$installed) { + // only require the installed.php file if this file is loaded from its dumped location, + // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 + if (substr(__DIR__, -8, 1) !== 'C') { + self::$installed = include __DIR__ . '/installed.php'; + } else { + self::$installed = array(); + } + } + + return self::$installed; + } + + /** + * Returns the raw data of all installed.php which are currently loaded for custom implementations + * + * @return array[] + * @psalm-return list}> + */ + public static function getAllRawData() + { + return self::getInstalled(); + } + + /** + * Lets you reload the static array from another file + * + * This is only useful for complex integrations in which a project needs to use + * this class but then also needs to execute another project's autoloader in process, + * and wants to ensure both projects have access to their version of installed.php. + * + * A typical case would be PHPUnit, where it would need to make sure it reads all + * the data it needs from this class, then call reload() with + * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure + * the project in which it runs can then also use this class safely, without + * interference between PHPUnit's dependencies and the project's dependencies. + * + * @param array[] $data A vendor/composer/installed.php data set + * @return void + * + * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} $data + */ + public static function reload($data) + { + self::$installed = $data; + self::$installedByVendor = array(); + } + + /** + * @return array[] + * @psalm-return list}> + */ + private static function getInstalled() + { + if (null === self::$canGetVendors) { + self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); + } + + $installed = array(); + + if (self::$canGetVendors) { + foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { + if (isset(self::$installedByVendor[$vendorDir])) { + $installed[] = self::$installedByVendor[$vendorDir]; + } elseif (is_file($vendorDir.'/composer/installed.php')) { + /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} $required */ + $required = require $vendorDir.'/composer/installed.php'; + $installed[] = self::$installedByVendor[$vendorDir] = $required; + if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { + self::$installed = $installed[count($installed) - 1]; + } + } + } + } + + if (null === self::$installed) { + // only require the installed.php file if this file is loaded from its dumped location, + // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 + if (substr(__DIR__, -8, 1) !== 'C') { + /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} $required */ + $required = require __DIR__ . '/installed.php'; + self::$installed = $required; + } else { + self::$installed = array(); + } + } + + if (self::$installed !== array()) { + $installed[] = self::$installed; + } + + return $installed; + } +} diff --git a/qa-tool/htdocs/vendor/composer/LICENSE b/qa-tool/htdocs/vendor/composer/LICENSE new file mode 100644 index 0000000..f27399a --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/LICENSE @@ -0,0 +1,21 @@ + +Copyright (c) Nils Adermann, Jordi Boggiano + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/qa-tool/htdocs/vendor/composer/autoload_classmap.php b/qa-tool/htdocs/vendor/composer/autoload_classmap.php new file mode 100644 index 0000000..e717075 --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/autoload_classmap.php @@ -0,0 +1,23 @@ + $vendorDir . '/composer/InstalledVersions.php', + 'DateError' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateError.php', + 'DateException' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateException.php', + 'DateInvalidOperationException' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateInvalidOperationException.php', + 'DateInvalidTimeZoneException' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateInvalidTimeZoneException.php', + 'DateMalformedIntervalStringException' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateMalformedIntervalStringException.php', + 'DateMalformedPeriodStringException' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateMalformedPeriodStringException.php', + 'DateMalformedStringException' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateMalformedStringException.php', + 'DateObjectError' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateObjectError.php', + 'DateRangeError' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/DateRangeError.php', + 'Jumbojett\\OpenIDConnectClient' => $vendorDir . '/jumbojett/openid-connect-php/src/OpenIDConnectClient.php', + 'Jumbojett\\OpenIDConnectClientException' => $vendorDir . '/jumbojett/openid-connect-php/src/OpenIDConnectClient.php', + 'Override' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/Override.php', + 'SQLite3Exception' => $vendorDir . '/symfony/polyfill-php83/Resources/stubs/SQLite3Exception.php', +); diff --git a/qa-tool/htdocs/vendor/composer/autoload_files.php b/qa-tool/htdocs/vendor/composer/autoload_files.php new file mode 100644 index 0000000..9996892 --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/autoload_files.php @@ -0,0 +1,12 @@ + $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php', + '662a729f963d39afe703c9d9b7ab4a8c' => $vendorDir . '/symfony/polyfill-php83/bootstrap.php', + 'decc78cc4436b1292c6c0d151b19445c' => $vendorDir . '/phpseclib/phpseclib/phpseclib/bootstrap.php', +); diff --git a/qa-tool/htdocs/vendor/composer/autoload_namespaces.php b/qa-tool/htdocs/vendor/composer/autoload_namespaces.php new file mode 100644 index 0000000..15a2ff3 --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/autoload_namespaces.php @@ -0,0 +1,9 @@ + array($vendorDir . '/phpseclib/phpseclib/phpseclib'), + 'Symfony\\Polyfill\\Php83\\' => array($vendorDir . '/symfony/polyfill-php83'), + 'Symfony\\Polyfill\\Mbstring\\' => array($vendorDir . '/symfony/polyfill-mbstring'), + 'Symfony\\Component\\HttpFoundation\\' => array($vendorDir . '/symfony/http-foundation'), + 'RobRichards\\XMLSecLibs\\' => array($vendorDir . '/robrichards/xmlseclibs/src'), + 'Psr\\EventDispatcher\\' => array($vendorDir . '/psr/event-dispatcher/src'), + 'ParagonIE\\ConstantTime\\' => array($vendorDir . '/paragonie/constant_time_encoding/src'), + 'LightSaml\\' => array($vendorDir . '/litesaml/lightsaml/src'), +); diff --git a/qa-tool/htdocs/vendor/composer/autoload_real.php b/qa-tool/htdocs/vendor/composer/autoload_real.php new file mode 100644 index 0000000..9e99c53 --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/autoload_real.php @@ -0,0 +1,50 @@ +register(true); + + $filesToLoad = \Composer\Autoload\ComposerStaticInite830279ee99617ca9ab69fa346d50d57::$files; + $requireFile = \Closure::bind(static function ($fileIdentifier, $file) { + if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { + $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; + + require $file; + } + }, null, null); + foreach ($filesToLoad as $fileIdentifier => $file) { + $requireFile($fileIdentifier, $file); + } + + return $loader; + } +} diff --git a/qa-tool/htdocs/vendor/composer/autoload_static.php b/qa-tool/htdocs/vendor/composer/autoload_static.php new file mode 100644 index 0000000..df91f54 --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/autoload_static.php @@ -0,0 +1,102 @@ + __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php', + '662a729f963d39afe703c9d9b7ab4a8c' => __DIR__ . '/..' . '/symfony/polyfill-php83/bootstrap.php', + 'decc78cc4436b1292c6c0d151b19445c' => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib/bootstrap.php', + ); + + public static $prefixLengthsPsr4 = array ( + 'p' => + array ( + 'phpseclib3\\' => 11, + ), + 'S' => + array ( + 'Symfony\\Polyfill\\Php83\\' => 23, + 'Symfony\\Polyfill\\Mbstring\\' => 26, + 'Symfony\\Component\\HttpFoundation\\' => 33, + ), + 'R' => + array ( + 'RobRichards\\XMLSecLibs\\' => 23, + ), + 'P' => + array ( + 'Psr\\EventDispatcher\\' => 20, + 'ParagonIE\\ConstantTime\\' => 23, + ), + 'L' => + array ( + 'LightSaml\\' => 10, + ), + ); + + public static $prefixDirsPsr4 = array ( + 'phpseclib3\\' => + array ( + 0 => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib', + ), + 'Symfony\\Polyfill\\Php83\\' => + array ( + 0 => __DIR__ . '/..' . '/symfony/polyfill-php83', + ), + 'Symfony\\Polyfill\\Mbstring\\' => + array ( + 0 => __DIR__ . '/..' . '/symfony/polyfill-mbstring', + ), + 'Symfony\\Component\\HttpFoundation\\' => + array ( + 0 => __DIR__ . '/..' . '/symfony/http-foundation', + ), + 'RobRichards\\XMLSecLibs\\' => + array ( + 0 => __DIR__ . '/..' . '/robrichards/xmlseclibs/src', + ), + 'Psr\\EventDispatcher\\' => + array ( + 0 => __DIR__ . '/..' . '/psr/event-dispatcher/src', + ), + 'ParagonIE\\ConstantTime\\' => + array ( + 0 => __DIR__ . '/..' . '/paragonie/constant_time_encoding/src', + ), + 'LightSaml\\' => + array ( + 0 => __DIR__ . '/..' . '/litesaml/lightsaml/src', + ), + ); + + public static $classMap = array ( + 'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php', + 'DateError' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateError.php', + 'DateException' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateException.php', + 'DateInvalidOperationException' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateInvalidOperationException.php', + 'DateInvalidTimeZoneException' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateInvalidTimeZoneException.php', + 'DateMalformedIntervalStringException' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateMalformedIntervalStringException.php', + 'DateMalformedPeriodStringException' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateMalformedPeriodStringException.php', + 'DateMalformedStringException' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateMalformedStringException.php', + 'DateObjectError' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateObjectError.php', + 'DateRangeError' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/DateRangeError.php', + 'Jumbojett\\OpenIDConnectClient' => __DIR__ . '/..' . '/jumbojett/openid-connect-php/src/OpenIDConnectClient.php', + 'Jumbojett\\OpenIDConnectClientException' => __DIR__ . '/..' . '/jumbojett/openid-connect-php/src/OpenIDConnectClient.php', + 'Override' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/Override.php', + 'SQLite3Exception' => __DIR__ . '/..' . '/symfony/polyfill-php83/Resources/stubs/SQLite3Exception.php', + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->prefixLengthsPsr4 = ComposerStaticInite830279ee99617ca9ab69fa346d50d57::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInite830279ee99617ca9ab69fa346d50d57::$prefixDirsPsr4; + $loader->classMap = ComposerStaticInite830279ee99617ca9ab69fa346d50d57::$classMap; + + }, null, ClassLoader::class); + } +} diff --git a/qa-tool/htdocs/vendor/composer/installed.json b/qa-tool/htdocs/vendor/composer/installed.json new file mode 100644 index 0000000..9db01d5 --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/installed.json @@ -0,0 +1,698 @@ +{ + "packages": [ + { + "name": "jumbojett/openid-connect-php", + "version": "v1.0.0", + "version_normalized": "1.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/jumbojett/OpenID-Connect-PHP.git", + "reference": "4af1d11497ec765dccddf928c14c04535ca96017" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/jumbojett/OpenID-Connect-PHP/zipball/4af1d11497ec765dccddf928c14c04535ca96017", + "reference": "4af1d11497ec765dccddf928c14c04535ca96017", + "shasum": "" + }, + "require": { + "ext-curl": "*", + "ext-json": "*", + "php": ">=7.0", + "phpseclib/phpseclib": "~3.0" + }, + "require-dev": { + "roave/security-advisories": "dev-latest", + "yoast/phpunit-polyfills": "^1.0" + }, + "time": "2023-12-13T09:52:12+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "description": "Bare-bones OpenID Connect client", + "support": { + "issues": "https://github.com/jumbojett/OpenID-Connect-PHP/issues", + "source": "https://github.com/jumbojett/OpenID-Connect-PHP/tree/v1.0.0" + }, + "install-path": "../jumbojett/openid-connect-php" + }, + { + "name": "litesaml/lightsaml", + "version": "v4.2.0", + "version_normalized": "4.2.0.0", + "source": { + "type": "git", + "url": "https://github.com/litesaml/lightsaml.git", + "reference": "da88de24e699418918a128f0142dd09e2c41dd38" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/litesaml/lightsaml/zipball/da88de24e699418918a128f0142dd09e2c41dd38", + "reference": "da88de24e699418918a128f0142dd09e2c41dd38", + "shasum": "" + }, + "require": { + "php": ">=7.4", + "psr/event-dispatcher": "^1.0", + "robrichards/xmlseclibs": "~2.0|~3.0|~4.0", + "symfony/http-foundation": "~5.0|~6.0|~7.0" + }, + "require-dev": { + "litesaml/schemas": "~1.0.0", + "marcocesarato/php-conventional-changelog": "^1.15", + "monolog/monolog": "^2.0|^3.0", + "phpstan/phpstan": "^1.8", + "phpunit/phpunit": "~8.4|~9.5", + "pimple/pimple": "~3.0", + "squizlabs/php_codesniffer": "^3.6", + "symfony/css-selector": "~5.0|~6.0|~7.0", + "symfony/dom-crawler": "~5.0|~6.0|~7.0" + }, + "time": "2024-02-08T11:59:00+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "LightSaml\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "William", + "email": "work@suppo.fr" + }, + { + "name": "Milos Tomic", + "email": "tmilos@gmail.com", + "homepage": "https://github.com/tmilos/", + "role": "Developer" + } + ], + "description": "SAML 2.0 PHP library", + "keywords": [ + "SAML 2.0", + "Single Logout", + "Single SignOn", + "library", + "lightSAML", + "php" + ], + "support": { + "docs": "https://docs.litesaml.com", + "issues": "https://github.com/litesaml/lightsaml/issues", + "source": "https://github.com/litesaml/lightsaml" + }, + "install-path": "../litesaml/lightsaml" + }, + { + "name": "paragonie/constant_time_encoding", + "version": "v3.0.0", + "version_normalized": "3.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/constant_time_encoding.git", + "reference": "df1e7fde177501eee2037dd159cf04f5f301a512" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/df1e7fde177501eee2037dd159cf04f5f301a512", + "reference": "df1e7fde177501eee2037dd159cf04f5f301a512", + "shasum": "" + }, + "require": { + "php": "^8" + }, + "require-dev": { + "phpunit/phpunit": "^9", + "vimeo/psalm": "^4|^5" + }, + "time": "2024-05-08T12:36:18+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "ParagonIE\\ConstantTime\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com", + "role": "Maintainer" + }, + { + "name": "Steve 'Sc00bz' Thomas", + "email": "steve@tobtu.com", + "homepage": "https://www.tobtu.com", + "role": "Original Developer" + } + ], + "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)", + "keywords": [ + "base16", + "base32", + "base32_decode", + "base32_encode", + "base64", + "base64_decode", + "base64_encode", + "bin2hex", + "encoding", + "hex", + "hex2bin", + "rfc4648" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/constant_time_encoding/issues", + "source": "https://github.com/paragonie/constant_time_encoding" + }, + "install-path": "../paragonie/constant_time_encoding" + }, + { + "name": "paragonie/random_compat", + "version": "v9.99.100", + "version_normalized": "9.99.100.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/random_compat.git", + "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a", + "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a", + "shasum": "" + }, + "require": { + "php": ">= 7" + }, + "require-dev": { + "phpunit/phpunit": "4.*|5.*", + "vimeo/psalm": "^1" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + }, + "time": "2020-10-15T08:29:30+00:00", + "type": "library", + "installation-source": "dist", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "polyfill", + "pseudorandom", + "random" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/random_compat/issues", + "source": "https://github.com/paragonie/random_compat" + }, + "install-path": "../paragonie/random_compat" + }, + { + "name": "phpseclib/phpseclib", + "version": "3.0.41", + "version_normalized": "3.0.41.0", + "source": { + "type": "git", + "url": "https://github.com/phpseclib/phpseclib.git", + "reference": "621c73f7dcb310b61de34d1da4c4204e8ace6ceb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/621c73f7dcb310b61de34d1da4c4204e8ace6ceb", + "reference": "621c73f7dcb310b61de34d1da4c4204e8ace6ceb", + "shasum": "" + }, + "require": { + "paragonie/constant_time_encoding": "^1|^2|^3", + "paragonie/random_compat": "^1.4|^2.0|^9.99.99", + "php": ">=5.6.1" + }, + "require-dev": { + "phpunit/phpunit": "*" + }, + "suggest": { + "ext-dom": "Install the DOM extension to load XML formatted public keys.", + "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.", + "ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.", + "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.", + "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations." + }, + "time": "2024-08-12T00:13:54+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "files": [ + "phpseclib/bootstrap.php" + ], + "psr-4": { + "phpseclib3\\": "phpseclib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jim Wigginton", + "email": "terrafrost@php.net", + "role": "Lead Developer" + }, + { + "name": "Patrick Monnerat", + "email": "pm@datasphere.ch", + "role": "Developer" + }, + { + "name": "Andreas Fischer", + "email": "bantu@phpbb.com", + "role": "Developer" + }, + { + "name": "Hans-Jürgen Petrich", + "email": "petrich@tronic-media.com", + "role": "Developer" + }, + { + "name": "Graham Campbell", + "email": "graham@alt-three.com", + "role": "Developer" + } + ], + "description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.", + "homepage": "http://phpseclib.sourceforge.net", + "keywords": [ + "BigInteger", + "aes", + "asn.1", + "asn1", + "blowfish", + "crypto", + "cryptography", + "encryption", + "rsa", + "security", + "sftp", + "signature", + "signing", + "ssh", + "twofish", + "x.509", + "x509" + ], + "support": { + "issues": "https://github.com/phpseclib/phpseclib/issues", + "source": "https://github.com/phpseclib/phpseclib/tree/3.0.41" + }, + "funding": [ + { + "url": "https://github.com/terrafrost", + "type": "github" + }, + { + "url": "https://www.patreon.com/phpseclib", + "type": "patreon" + }, + { + "url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib", + "type": "tidelift" + } + ], + "install-path": "../phpseclib/phpseclib" + }, + { + "name": "psr/event-dispatcher", + "version": "1.0.0", + "version_normalized": "1.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/php-fig/event-dispatcher.git", + "reference": "dbefd12671e8a14ec7f180cab83036ed26714bb0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/event-dispatcher/zipball/dbefd12671e8a14ec7f180cab83036ed26714bb0", + "reference": "dbefd12671e8a14ec7f180cab83036ed26714bb0", + "shasum": "" + }, + "require": { + "php": ">=7.2.0" + }, + "time": "2019-01-08T18:20:26+00:00", + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "installation-source": "dist", + "autoload": { + "psr-4": { + "Psr\\EventDispatcher\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" + } + ], + "description": "Standard interfaces for event handling.", + "keywords": [ + "events", + "psr", + "psr-14" + ], + "support": { + "issues": "https://github.com/php-fig/event-dispatcher/issues", + "source": "https://github.com/php-fig/event-dispatcher/tree/1.0.0" + }, + "install-path": "../psr/event-dispatcher" + }, + { + "name": "robrichards/xmlseclibs", + "version": "3.1.1", + "version_normalized": "3.1.1.0", + "source": { + "type": "git", + "url": "https://github.com/robrichards/xmlseclibs.git", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">= 5.4" + }, + "time": "2020-09-05T13:00:25+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "A PHP library for XML Security", + "homepage": "https://github.com/robrichards/xmlseclibs", + "keywords": [ + "security", + "signature", + "xml", + "xmldsig" + ], + "support": { + "issues": "https://github.com/robrichards/xmlseclibs/issues", + "source": "https://github.com/robrichards/xmlseclibs/tree/3.1.1" + }, + "install-path": "../robrichards/xmlseclibs" + }, + { + "name": "symfony/http-foundation", + "version": "v7.1.3", + "version_normalized": "7.1.3.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/http-foundation.git", + "reference": "f602d5c17d1fa02f8019ace2687d9d136b7f4a1a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/http-foundation/zipball/f602d5c17d1fa02f8019ace2687d9d136b7f4a1a", + "reference": "f602d5c17d1fa02f8019ace2687d9d136b7f4a1a", + "shasum": "" + }, + "require": { + "php": ">=8.2", + "symfony/polyfill-mbstring": "~1.1", + "symfony/polyfill-php83": "^1.27" + }, + "conflict": { + "doctrine/dbal": "<3.6", + "symfony/cache": "<6.4" + }, + "require-dev": { + "doctrine/dbal": "^3.6|^4", + "predis/predis": "^1.1|^2.0", + "symfony/cache": "^6.4|^7.0", + "symfony/dependency-injection": "^6.4|^7.0", + "symfony/expression-language": "^6.4|^7.0", + "symfony/http-kernel": "^6.4|^7.0", + "symfony/mime": "^6.4|^7.0", + "symfony/rate-limiter": "^6.4|^7.0" + }, + "time": "2024-07-26T12:41:01+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "Symfony\\Component\\HttpFoundation\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Defines an object-oriented layer for the HTTP specification", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/http-foundation/tree/v7.1.3" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "install-path": "../symfony/http-foundation" + }, + { + "name": "symfony/polyfill-mbstring", + "version": "v1.30.0", + "version_normalized": "1.30.0.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-mbstring.git", + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "provide": { + "ext-mbstring": "*" + }, + "suggest": { + "ext-mbstring": "For best performance" + }, + "time": "2024-06-19T12:30:46+00:00", + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "installation-source": "dist", + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Mbstring\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill for the Mbstring extension", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "mbstring", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "install-path": "../symfony/polyfill-mbstring" + }, + { + "name": "symfony/polyfill-php83", + "version": "v1.30.0", + "version_normalized": "1.30.0.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php83.git", + "reference": "dbdcdf1a4dcc2743591f1079d0c35ab1e2dcbbc9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php83/zipball/dbdcdf1a4dcc2743591f1079d0c35ab1e2dcbbc9", + "reference": "dbdcdf1a4dcc2743591f1079d0c35ab1e2dcbbc9", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "time": "2024-06-19T12:35:24+00:00", + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "installation-source": "dist", + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php83\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 8.3+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php83/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "install-path": "../symfony/polyfill-php83" + } + ], + "dev": true, + "dev-package-names": [] +} diff --git a/qa-tool/htdocs/vendor/composer/installed.php b/qa-tool/htdocs/vendor/composer/installed.php new file mode 100644 index 0000000..150caae --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/installed.php @@ -0,0 +1,113 @@ + array( + 'name' => '__root__', + 'pretty_version' => '1.0.0+no-version-set', + 'version' => '1.0.0.0', + 'reference' => null, + 'type' => 'library', + 'install_path' => __DIR__ . '/../../', + 'aliases' => array(), + 'dev' => true, + ), + 'versions' => array( + '__root__' => array( + 'pretty_version' => '1.0.0+no-version-set', + 'version' => '1.0.0.0', + 'reference' => null, + 'type' => 'library', + 'install_path' => __DIR__ . '/../../', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'jumbojett/openid-connect-php' => array( + 'pretty_version' => 'v1.0.0', + 'version' => '1.0.0.0', + 'reference' => '4af1d11497ec765dccddf928c14c04535ca96017', + 'type' => 'library', + 'install_path' => __DIR__ . '/../jumbojett/openid-connect-php', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'litesaml/lightsaml' => array( + 'pretty_version' => 'v4.2.0', + 'version' => '4.2.0.0', + 'reference' => 'da88de24e699418918a128f0142dd09e2c41dd38', + 'type' => 'library', + 'install_path' => __DIR__ . '/../litesaml/lightsaml', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'paragonie/constant_time_encoding' => array( + 'pretty_version' => 'v3.0.0', + 'version' => '3.0.0.0', + 'reference' => 'df1e7fde177501eee2037dd159cf04f5f301a512', + 'type' => 'library', + 'install_path' => __DIR__ . '/../paragonie/constant_time_encoding', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'paragonie/random_compat' => array( + 'pretty_version' => 'v9.99.100', + 'version' => '9.99.100.0', + 'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a', + 'type' => 'library', + 'install_path' => __DIR__ . '/../paragonie/random_compat', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'phpseclib/phpseclib' => array( + 'pretty_version' => '3.0.41', + 'version' => '3.0.41.0', + 'reference' => '621c73f7dcb310b61de34d1da4c4204e8ace6ceb', + 'type' => 'library', + 'install_path' => __DIR__ . '/../phpseclib/phpseclib', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'psr/event-dispatcher' => array( + 'pretty_version' => '1.0.0', + 'version' => '1.0.0.0', + 'reference' => 'dbefd12671e8a14ec7f180cab83036ed26714bb0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../psr/event-dispatcher', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'robrichards/xmlseclibs' => array( + 'pretty_version' => '3.1.1', + 'version' => '3.1.1.0', + 'reference' => 'f8f19e58f26cdb42c54b214ff8a820760292f8df', + 'type' => 'library', + 'install_path' => __DIR__ . '/../robrichards/xmlseclibs', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'symfony/http-foundation' => array( + 'pretty_version' => 'v7.1.3', + 'version' => '7.1.3.0', + 'reference' => 'f602d5c17d1fa02f8019ace2687d9d136b7f4a1a', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/http-foundation', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'symfony/polyfill-mbstring' => array( + 'pretty_version' => 'v1.30.0', + 'version' => '1.30.0.0', + 'reference' => 'fd22ab50000ef01661e2a31d850ebaa297f8e03c', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-mbstring', + 'aliases' => array(), + 'dev_requirement' => false, + ), + 'symfony/polyfill-php83' => array( + 'pretty_version' => 'v1.30.0', + 'version' => '1.30.0.0', + 'reference' => 'dbdcdf1a4dcc2743591f1079d0c35ab1e2dcbbc9', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-php83', + 'aliases' => array(), + 'dev_requirement' => false, + ), + ), +); diff --git a/qa-tool/htdocs/vendor/composer/platform_check.php b/qa-tool/htdocs/vendor/composer/platform_check.php new file mode 100644 index 0000000..d32d90c --- /dev/null +++ b/qa-tool/htdocs/vendor/composer/platform_check.php @@ -0,0 +1,26 @@ += 80200)) { + $issues[] = 'Your Composer dependencies require a PHP version ">= 8.2.0". You are running ' . PHP_VERSION . '.'; +} + +if ($issues) { + if (!headers_sent()) { + header('HTTP/1.1 500 Internal Server Error'); + } + if (!ini_get('display_errors')) { + if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') { + fwrite(STDERR, 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . implode(PHP_EOL, $issues) . PHP_EOL.PHP_EOL); + } elseif (!headers_sent()) { + echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL; + } + } + trigger_error( + 'Composer detected issues in your platform: ' . implode(' ', $issues), + E_USER_ERROR + ); +} diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.github/PULL_REQUEST_TEMPLATE.md b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..d62f378 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,2 @@ +**List of common tasks a pull request require complete** +- [ ] Changelog entry is added or the pull request don't alter library's functionality diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.github/workflows/build.yml b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.github/workflows/build.yml new file mode 100644 index 0000000..515cd64 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.github/workflows/build.yml @@ -0,0 +1,38 @@ +--- +name: build + +on: [push, pull_request] + +env: + DEFAULT_COMPOSER_FLAGS: "--prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi" + +jobs: + phpunit: + name: PHP ${{ matrix.php }} on ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest] + php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2'] + + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php }} + - name: Get composer cache directory + id: composer-cache + run: echo "::set-output name=dir::$(composer config cache-files-dir)" + - name: Cache composer dependencies + uses: actions/cache@v1 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: ${{ runner.os }}-composer- + - name: Install dependencies + run: composer update $DEFAULT_COMPOSER_FLAGS + - name: Run unit tests + run: vendor/bin/phpunit --verbose --colors=always tests diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.gitignore b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.gitignore new file mode 100644 index 0000000..e55efdf --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/.gitignore @@ -0,0 +1,4 @@ +/.idea +/vendor +/composer.lock +.phpunit.result.cache diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/CHANGELOG.md b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/CHANGELOG.md new file mode 100644 index 0000000..d4be9ff --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/CHANGELOG.md @@ -0,0 +1,180 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [1.0.0] - 2023-12-13 + +### Added +- PHP 7.0 is required. #327 +- Support for signed and encrypted UserInfo response and ID Token. #305 +- Allow to set User-Agent header. #370 + +### Fixed +- User-Agent is set for any HTTP method in fetchURL() (not just POST). #382 +- Update visibility of getWellKnownConfigValue to protected. #363 +- Fixed issue on authentication for php8. #354 +- Update construct typehint in docblock. #364 +- Fixed LogoutToken verification for single value aud claims. #334 +- Update well known config value function response types. #376 + +## [0.9.10] - 2022-09-30 + +### Fixed +- `private_key_jwt` and `client_secret_jwt` need to explicitly be enabled #331 + +## [0.9.9] - 2022-09-28 + +### Added +- Added support for back-channel logout. #302 +- Added support for `private_key_jwt` Client Authentication method #322 +- Added support for `client_secret_jwt` Client Authentication method #324 +- Added PS512 encryption support #342 + +### Fixed +- Harden self-signed JWK header usage. #323 + +## [0.9.8] - 2022-08-05 + +### Fixed +- Do not use PKCE if IdP does not support it. #317 + +## [0.9.7] - 2022-07-13 + +### Added +- Support for Self-Contained JWTs. #308 +- Support for RFC8693 Token Exchange Request. #275 + +### Fixed +- PHP 5.4 compatibility. #304 +- Use session_status(). #306 + +## [0.9.6] - 2022-05-08 + +### Added +- Support for [phpseclib/phpseclib](https://phpseclib.com/) version **3**. #260 +- Support client_secret on token endpoint with PKCE. #293 +- Added new parameter to `requestTokens()` to pass custom HTTP headers #297 + +### Changed +- Allow serializing `OpenIDConnectClient` using `serialize()` #295 + +## [0.9.5] - 2021-11-24 + +### Changed +- signOut() Method parameter $accessToken -> $idToken to prevent confusion about access and id tokens usage. #127 +- Fixed issue where missing nonce within the claims was causing an exception. #280 + +## [0.9.4] - 2021-11-21 + +### Added +- Enabled `client_secret_basic` authentication on `refreshToken()` #215 +- Basic auth support for requestResourceOwnerToken #271 + +## [0.9.3] - 2021-11-20 + +### Added +- getRedirectURL() will not log a warning for PHP 7.1+ #179 +- it is now possible to disable upgrading from HTTP to HTTPS for development purposes by calling `setHttpUpgradeInsecureRequests(false)` #241 +- bugfix in getSessionKey when _SESSION key does not exist #251 +- Added scope parameter to refresh token request #225 +- bugfix in `verifyJWTclaims` when $accessToken is empty and $claims->at_hash is not #276 +- bugfix with the `empty` function in PHP 5.4 #267 + +## [0.9.2] - 2020-11-16 + +### Added +- Support for [PKCE](https://tools.ietf.org/html/rfc7636). Currently, the supported methods are 'plain' and 'S256'. + +## [0.9.1] - 2020-08-27 + +### Added +- Add support for MS Azure Active Directory B2C user flows + +### Changed +- Fix at_hash verification #200 +- Getters for public parameters #204 +- Removed client ID query parameter when making a token request using Basic Auth +- Use of `random_bytes()` for token generation instead of `uniqid()`; polyfill for PHP < 7.0 provided. + +### Removed +- Removed explicit content-length header - caused issues with proxy servers + +## [0.9.0] - 2020-03-09 + +### Added +- php 7.4 deprecates array_key_exists on objects, use property_exists in getVerifiedClaims and requestUserInfo +- Adding a header to indicate JSON as the return type for userinfo endpoint #151 +- ~Updated OpenIDConnectClient to conditionally verify nonce #146~ +- Add possibility to change enc_type parameter for http_build_query #155 +- Adding OAuth 2.0 Token Introspection #156 +- Add optional parameters clientId/clientSecret for introspection #157 & #158 +- Adding OAuth 2.0 Token Revocation #160 +- Adding issuer validator #145 +- Adding signing algorithm PS256 #180 +- Check http status of request user info #186 +- URL encode clientId and clientSecret when using basic authentication, according to https://tools.ietf.org/html/rfc6749#section-2.3.1 #192 +- Adjust PHPDoc to state that null is also allowed #193 + +### Changed +- Bugfix/code cleanup #152 +- Cleanup PHPDoc #46e5b59 +- Replace unnecessary double quotes with single quotes #2a76b57 +- Use original function names instead of aliases #1f37892 +- Remove unnecessary default values #5ab801e +- Explicit declare field $redirectURL #9187c0b +- Remove unused code #1e65384 +- Fix indent #e9cdf56 +- Cleanup conditional code flow for better readability #107f3fb +- Added strict type comparisons #167 +- Bugfix: required `openid` scope was omitted when additional scopes were registered using `addScope` method. This resulted in failing OpenID process. + +## [0.8.0] - 2019-01-02 + +### Added +- Fix `verifyJWTsignature()`: verify JWT to prevent php errors and warnings on invalid token + +### Changed +- Decouple session manipulation, it's allow use of other session libraries #134 +- Broaden version requirements of the phpseclib/phpseclib package. #144 + +## [0.7.0] - 2018-10-15 + +### Added +- Add "license" field to composer.json #138 +- Ensure key_alg is set when getting key #139 +- Add option to send additional registration parameters like post_logout_redirect_uris. #140 + +### Changed +- disabled autoload for Crypt_RSA + make refreshToken() method tolerant for errors #137 + +## [0.6.0] - 2018-07-17 + +### Added +- Added five minutes leeway due to clock skew between openidconnect server and client. +- Fix save access_token from request in implicit flow authentication #129 +- `verifyJWTsignature()` method private -> public #126 +- Support for providers where provider/login URL is not the same as the issuer URL. #125 +- Support for providers that has a different login URL from the issuer URL, for instance Azure Active Directory. Here, the provider URL is on the format: https://login.windows.net/(tenant-id), while the issuer claim actually is on the format: https://sts.windows.net/(tenant-id). + +### Changed +- refreshToken method update #124 + +## [0.5.0] - 2018-04-09 + +### Added +- Implement Azure AD B2C Implicit Workflow + +## [0.4.1] - 2018-02-16 + +### Changed +- Documentation updates for include path. + +## [0.4.0] - 2018-02-15 + +### Added +- Timeout is configurable via setTimeout method. This addresses issue #94. +- Add the ability to authenticate using the Resource Owner flow (with or without the Client ID and ClientSecret). This addresses issue #98 +- Add support for HS256, HS512 and HS384 signatures +- Removed unused calls to $this->getProviderConfigValue("token_endpoint_… diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/LICENSE b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/README.md b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/README.md new file mode 100644 index 0000000..79318e5 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/README.md @@ -0,0 +1,238 @@ +PHP OpenID Connect Basic Client +======================== +A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. +This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of +the OpenID Connect protocol to set up authentication. + +A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol. + +# Requirements # + 1. PHP 5.4 or greater + 2. CURL extension + 3. JSON extension + +## Install ## +1. Install library using composer +``` +composer require jumbojett/openid-connect-php +``` + +2. Include composer autoloader +```php +require __DIR__ . '/vendor/autoload.php'; +``` + +## Example 1: Basic Client ## + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient('https://id.provider.com', + 'ClientIDHere', + 'ClientSecretHere'); +$oidc->setCertPath('/path/to/my.cert'); +$oidc->authenticate(); +$name = $oidc->requestUserInfo('given_name'); + +``` + +[See openid spec for available user attributes][1] + +## Example 2: Dynamic Registration ## + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient("https://id.provider.com"); + +$oidc->register(); +$client_id = $oidc->getClientID(); +$client_secret = $oidc->getClientSecret(); + +// Be sure to add logic to store the client id and client secret +``` + +## Example 3: Network and Security ## +```php +// Configure a proxy +$oidc->setHttpProxy("http://my.proxy.com:80/"); + +// Configure a cert +$oidc->setCertPath("/path/to/my.cert"); +``` + +## Example 4: Request Client Credentials Token ## + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient('https://id.provider.com', + 'ClientIDHere', + 'ClientSecretHere'); +$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token')); +$oidc->addScope('my_scope'); + +// this assumes success (to validate check if the access_token property is there and a valid JWT) : +$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token; + +``` + +## Example 5: Request Resource Owners Token (with client auth) ## + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient('https://id.provider.com', + 'ClientIDHere', + 'ClientSecretHere'); +$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token')); +$oidc->addScope('my_scope'); + +//Add username and password +$oidc->addAuthParam(array('username'=>'')); +$oidc->addAuthParam(array('password'=>'')); + +//Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) : +$token = $oidc->requestResourceOwnerToken(TRUE)->access_token; + +``` + +## Example 6: Basic client for implicit flow e.g. with Azure AD B2C (see http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth) ## + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient('https://id.provider.com', + 'ClientIDHere', + 'ClientSecretHere'); +$oidc->setResponseTypes(array('id_token')); +$oidc->addScope(array('openid')); +$oidc->setAllowImplicitFlow(true); +$oidc->addAuthParam(array('response_mode' => 'form_post')); +$oidc->setCertPath('/path/to/my.cert'); +$oidc->authenticate(); +$sub = $oidc->getVerifiedClaims('sub'); + +``` + +## Example 7: Introspection of an access token (see https://tools.ietf.org/html/rfc7662) ## + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient('https://id.provider.com', + 'ClientIDHere', + 'ClientSecretHere'); +$data = $oidc->introspectToken('an.access-token.as.given'); +if (!$data->active) { + // the token is no longer usable +} + +``` + +## Example 8: PKCE Client ## + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient('https://id.provider.com', + 'ClientIDHere', + null); +$oidc->setCodeChallengeMethod('S256'); +$oidc->authenticate(); +$name = $oidc->requestUserInfo('given_name'); + +``` + +## Example 9: Back-channel logout ## + +Back-channel authentication assumes you can end a session on the server side on behalf of the user (without relying +on their browser). The request is a POST from the OP direct to your RP. In this way, the use of this library can +ensure your RP performs 'single sign out' for the user even if they didn't have your RP open in a browser or other +device, but still had an active session there. + +Either the sid or the sub may be accessible from the logout token sent from the OP. You can use either +`getSidFromBackChannel()` or `getSubjectFromBackChannel()` to retrieve them if it is helpful to match them to a session +in order to destroy it. + +The below ensures the use of this library to ensure validation of the back-channel logout token, but is afterward +just a hypothetical way of finding such a session and destroying it. Adjust it to the needs of your RP. + +```php + +function handleLogout() { + // NOTE: assumes that $this->oidc is an instance of OpenIDConnectClient() + if ($this->oidc->verifyLogoutToken()) { + $sid = $this->oidc->getSidFromBackChannel(); + + if (isset($sid)) { + // Somehow find the session based on the $sid and + // destroy it. This depends on your RP's design, + // there is nothing in the OIDC spec to mandate how. + // + // In this example, we find a Redis key, which was + // previously stored using the sid we obtained from + // the access token after login. + // + // The value of the Redis key is that of the user's + // session ID specific to this hypothetical RP app. + // + // We then switch to that session and destroy it. + $this->redis->connect('127.0.0.1', 6379); + $session_id_to_destroy = $this->redis->get($sid); + if ($session_id_to_destroy) { + session_commit(); + session_id($session_id_to_destroy); // switches to that session + session_start(); + $_SESSION = array(); // effectively ends the session + } + } + } +} + +``` + +## Example 10: Enable Token Endpoint Auth Methods ## + +By default, only `client_secret_basic` is enabled on client side which was the only supported for a long time. +Recently `client_secret_jwt` and `private_key_jwt` have been added, but they remain disabled until explicitly enabled. + +```php +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient('https://id.provider.com', + 'ClientIDHere', + null); +# enable 'client_secret_basic' and 'client_secret_jwt' +$oidc->setTokenEndpointAuthMethodsSupported(['client_secret_basic', 'client_secret_jwt']); + +# for 'private_key_jwt' in addition also the generator function has to be set. +$oidc->setTokenEndpointAuthMethodsSupported(['private_key_jwt']); +$oidc->setPrivateKeyJwtGenerator(function(string $token_endpoint) { + # TODO: what ever is necessary +}) +``` + + +## Development Environments ## +In some cases you may need to disable SSL security on your development systems. +Note: This is not recommended on production systems. + +```php +$oidc->setVerifyHost(false); +$oidc->setVerifyPeer(false); +``` + +Also, your local system might not support HTTPS, so you might disable upgrading to it: + +```php +$oidc->setHttpUpgradeInsecureRequests(false); +``` + +### Todo ### +- Dynamic registration does not support registration auth tokens and endpoints + + [1]: http://openid.net/specs/openid-connect-basic-1_0-15.html#id_res + +## Contributing ### + - All pull requests, once merged, should be added to the CHANGELOG.md file. diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/client_example.php b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/client_example.php new file mode 100644 index 0000000..1ab2551 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/client_example.php @@ -0,0 +1,56 @@ + + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. You may obtain + * a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + */ + +require __DIR__ . '/vendor/autoload.php'; + +use Jumbojett\OpenIDConnectClient; + +$oidc = new OpenIDConnectClient( + 'http://myproviderURL.com/', + 'ClientIDHere', + 'ClientSecretHere' +); + +$oidc->authenticate(); +$name = $oidc->requestUserInfo('given_name'); + +?> + + + + Example OpenID Connect Client Use + + + + +
+ Hello +
+ + + + diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/composer.json b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/composer.json new file mode 100644 index 0000000..3fa6d23 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/composer.json @@ -0,0 +1,23 @@ +{ + "name": "jumbojett/openid-connect-php", + "description": "Bare-bones OpenID Connect client", + "license": "Apache-2.0", + "require": { + "php": ">=7.0", + "ext-json": "*", + "ext-curl": "*", + "phpseclib/phpseclib": "~3.0" + }, + "require-dev": { + "roave/security-advisories": "dev-latest", + "yoast/phpunit-polyfills": "^1.0" + }, + "archive" : { + "exclude" : [ + ".*" + ] + }, + "autoload" : { + "classmap": [ "src/"] + } +} diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/phpunit.xml.dist b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/phpunit.xml.dist new file mode 100644 index 0000000..df8ef25 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/phpunit.xml.dist @@ -0,0 +1,28 @@ + + + + + ./tests + + + + + ./src + + ./vendor + ./tests + + + + diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php new file mode 100644 index 0000000..6aa80b1 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php @@ -0,0 +1,2069 @@ + + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. You may obtain + * a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + */ + +namespace Jumbojett; + + +use Error; +use Exception; +use phpseclib3\Crypt\PublicKeyLoader; +use phpseclib3\Crypt\RSA; +use phpseclib3\Math\BigInteger; +use stdClass; +use function bin2hex; +use function is_object; +use function random_bytes; + +/** + * A wrapper around base64_decode which decodes Base64URL-encoded data, + * which is not the same alphabet as base64. + * @param string $base64url + * @return bool|string + */ +function base64url_decode(string $base64url) { + return base64_decode(b64url2b64($base64url)); +} + +/** + * Per RFC4648, "base64 encoding with URL-safe and filename-safe + * alphabet". This just replaces characters 62 and 63. None of the + * reference implementations seem to restore the padding if necessary, + * but we'll do it anyway. + * @param string $base64url + * @return string + */ +function b64url2b64(string $base64url): string +{ + // "Shouldn't" be necessary, but why not + $padding = strlen($base64url) % 4; + if ($padding > 0) { + $base64url .= str_repeat('=', 4 - $padding); + } + return strtr($base64url, '-_', '+/'); +} + + +/** + * OpenIDConnect Exception Class + */ +class OpenIDConnectClientException extends Exception +{ +} + +/** + * + * Please note this class stores nonces by default in $_SESSION['openid_connect_nonce'] + * + */ +class OpenIDConnectClient +{ + + /** + * @var string arbitrary id value + */ + private $clientID; + + /** + * @var string arbitrary name value + */ + private $clientName; + + /** + * @var string arbitrary secret value + */ + private $clientSecret; + + /** + * @var array holds the provider configuration + */ + private $providerConfig = []; + + /** + * @var string http proxy if necessary + */ + private $httpProxy; + + /** + * @var string full system path to the SSL certificate + */ + private $certPath; + + /** + * @var bool Verify SSL peer on transactions + */ + private $verifyPeer = true; + + /** + * @var bool Verify peer hostname on transactions + */ + private $verifyHost = true; + + /** + * @var string if we acquire an access token it will be stored here + */ + protected $accessToken; + + /** + * @var string if we acquire a refresh token it will be stored here + */ + private $refreshToken; + + /** + * @var string if we acquire an id token it will be stored here + */ + protected $idToken; + + /** + * @var object stores the token response + */ + private $tokenResponse; + + /** + * @var array holds scopes + */ + private $scopes = []; + + /** + * @var int|null Response code from the server + */ + private $responseCode; + + /** + * @var string|null Content type from the server + */ + private $responseContentType; + + /** + * @var array holds response types + */ + private $responseTypes = []; + + /** + * @var array holds authentication parameters + */ + private $authParams = []; + + /** + * @var array holds additional registration parameters for example post_logout_redirect_uris + */ + private $registrationParams = []; + + /** + * @var mixed holds well-known openid server properties + */ + private $wellKnown = false; + + /** + * @var mixed holds well-known openid configuration parameters, like policy for MS Azure AD B2C User Flow + * @see https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-overview + */ + private $wellKnownConfigParameters = []; + + /** + * @var int timeout (seconds) + */ + protected $timeOut = 60; + + /** + * @var int leeway (seconds) + */ + private $leeway = 300; + + /** + * @var array holds response types + */ + private $additionalJwks = []; + + /** + * @var object holds verified jwt claims + */ + protected $verifiedClaims = []; + + /** + * @var callable|null validator function for issuer claim + */ + private $issuerValidator; + + /** + * @var callable|null generator function for private key jwt client authentication + */ + private $privateKeyJwtGenerator; + + /** + * @var bool Allow OAuth 2 implicit flow; see http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth + */ + private $allowImplicitFlow = false; + + /** + * @var string + */ + private $redirectURL; + + /** + * @var int defines which URL-encoding http_build_query() uses + */ + protected $encType = PHP_QUERY_RFC1738; + + /** + * @var bool Enable or disable upgrading to HTTPS by paying attention to HTTP header HTTP_UPGRADE_INSECURE_REQUESTS + */ + protected $httpUpgradeInsecureRequests = true; + + /** + * @var string holds code challenge method for PKCE mode + * @see https://tools.ietf.org/html/rfc7636 + */ + private $codeChallengeMethod = false; + + /** + * @var array holds PKCE supported algorithms + */ + private $pkceAlgs = ['S256' => 'sha256', 'plain' => false]; + + /** + * @var string if we acquire a sid in back-channel logout it will be stored here + */ + private $backChannelSid; + + /** + * @var string if we acquire a sub in back-channel logout it will be stored here + */ + private $backChannelSubject; + + /** + * @var array list of supported auth methods + */ + private $token_endpoint_auth_methods_supported = ['client_secret_basic']; + + /** + * @param string|null $provider_url optional + * @param string|null $client_id optional + * @param string|null $client_secret optional + * @param string|null $issuer + */ + public function __construct(string $provider_url = null, string $client_id = null, string $client_secret = null, string $issuer = null) { + $this->setProviderURL($provider_url); + if ($issuer === null) { + $this->setIssuer($provider_url); + } else { + $this->setIssuer($issuer); + } + + $this->clientID = $client_id; + $this->clientSecret = $client_secret; + } + + /** + * @param $provider_url + */ + public function setProviderURL($provider_url) { + $this->providerConfig['providerUrl'] = $provider_url; + } + + /** + * @param $issuer + */ + public function setIssuer($issuer) { + $this->providerConfig['issuer'] = $issuer; + } + + /** + * @param $response_types + */ + public function setResponseTypes($response_types) { + $this->responseTypes = array_merge($this->responseTypes, (array)$response_types); + } + + /** + * @return bool + * @throws OpenIDConnectClientException + */ + public function authenticate(): bool + { + // Do a preemptive check to see if the provider has thrown an error from a previous redirect + if (isset($_REQUEST['error'])) { + $desc = isset($_REQUEST['error_description']) ? ' Description: ' . $_REQUEST['error_description'] : ''; + throw new OpenIDConnectClientException('Error: ' . $_REQUEST['error'] .$desc); + } + + // If we have an authorization code then proceed to request a token + if (isset($_REQUEST['code'])) { + + $code = $_REQUEST['code']; + $token_json = $this->requestTokens($code); + + // Throw an error if the server returns one + if (isset($token_json->error)) { + if (isset($token_json->error_description)) { + throw new OpenIDConnectClientException($token_json->error_description); + } + throw new OpenIDConnectClientException('Got response: ' . $token_json->error); + } + + // Do an OpenID Connect session check + if (!isset($_REQUEST['state']) || ($_REQUEST['state'] !== $this->getState())) { + throw new OpenIDConnectClientException('Unable to determine state'); + } + + // Cleanup state + $this->unsetState(); + + if (!property_exists($token_json, 'id_token')) { + throw new OpenIDConnectClientException('User did not authorize openid scope.'); + } + + $id_token = $token_json->id_token; + $idTokenHeaders = $this->decodeJWT($id_token); + if (isset($idTokenHeaders->enc)) { + // Handle JWE + $id_token = $this->handleJweResponse($id_token); + } + + $claims = $this->decodeJWT($id_token, 1); + + // Verify the signature + $this->verifySignatures($id_token); + + // Save the id token + $this->idToken = $id_token; + + // Save the access token + $this->accessToken = $token_json->access_token; + + // If this is a valid claim + if ($this->verifyJWTClaims($claims, $token_json->access_token)) { + + // Clean up the session a little + $this->unsetNonce(); + + // Save the full response + $this->tokenResponse = $token_json; + + // Save the verified claims + $this->verifiedClaims = $claims; + + // Save the refresh token, if we got one + if (isset($token_json->refresh_token)) { + $this->refreshToken = $token_json->refresh_token; + } + + // Success! + return true; + } + + throw new OpenIDConnectClientException ('Unable to verify JWT claims'); + } + + if ($this->allowImplicitFlow && isset($_REQUEST['id_token'])) { + // if we have no code but an id_token use that + $id_token = $_REQUEST['id_token']; + + $accessToken = $_REQUEST['access_token'] ?? null; + + // Do an OpenID Connect session check + if (!isset($_REQUEST['state']) || ($_REQUEST['state'] !== $this->getState())) { + throw new OpenIDConnectClientException('Unable to determine state'); + } + + // Cleanup state + $this->unsetState(); + + $claims = $this->decodeJWT($id_token, 1); + + // Verify the signature + $this->verifySignatures($id_token); + + // Save the id token + $this->idToken = $id_token; + + // If this is a valid claim + if ($this->verifyJWTClaims($claims, $accessToken)) { + + // Clean up the session a little + $this->unsetNonce(); + + // Save the verified claims + $this->verifiedClaims = $claims; + + // Save the access token + if ($accessToken) { + $this->accessToken = $accessToken; + } + + // Success! + return true; + + } + + throw new OpenIDConnectClientException ('Unable to verify JWT claims'); + } + + $this->requestAuthorization(); + return false; + } + + /** + * It calls the end-session endpoint of the OpenID Connect provider to notify the OpenID + * Connect provider that the end-user has logged out of the relying party site + * (the client application). + * + * @param string $idToken ID token (obtained at login) + * @param string|null $redirect URL to which the RP is requesting that the End-User's User Agent + * be redirected after a logout has been performed. The value MUST have been previously + * registered with the OP. Value can be null. + * + * @throws OpenIDConnectClientException + */ + public function signOut(string $idToken, $redirect) { + $sign_out_endpoint = $this->getProviderConfigValue('end_session_endpoint'); + + if($redirect === null){ + $signout_params = ['id_token_hint' => $idToken]; + } + else { + $signout_params = [ + 'id_token_hint' => $idToken, + 'post_logout_redirect_uri' => $redirect]; + } + + $sign_out_endpoint .= (strpos($sign_out_endpoint, '?') === false ? '?' : '&') . http_build_query( $signout_params, '', '&', $this->encType); + $this->redirect($sign_out_endpoint); + } + + + /** + * Decode and then verify a logout token sent as part of + * back-channel logout flows. + * + * This function should be evaluated as a boolean check + * in your route that receives the POST request for back-channel + * logout executed from the OP. + * + * @return bool + * @throws OpenIDConnectClientException + */ + public function verifyLogoutToken(): bool + { + if (isset($_REQUEST['logout_token'])) { + $logout_token = $_REQUEST['logout_token']; + + $claims = $this->decodeJWT($logout_token, 1); + + // Verify the signature + if (!$this->getProviderConfigValue('jwks_uri')) { + throw new OpenIDConnectClientException('Back-channel logout: Unable to verify signature due to no jwks_uri being defined'); + } + if (!$this->verifyJWTSignature($logout_token)) { + throw new OpenIDConnectClientException('Back-channel logout: Unable to verify JWT signature'); + } + + // Verify Logout Token Claims + if ($this->verifyLogoutTokenClaims($claims)) { + $this->verifiedClaims = $claims; + return true; + } + + return false; + } + + throw new OpenIDConnectClientException('Back-channel logout: There was no logout_token in the request'); + } + + /** + * Verify each claim in the logout token according to the + * spec for back-channel logout. + * + * @param object $claims + * @return bool + * @throws OpenIDConnectClientException + */ + public function verifyLogoutTokenClaims($claims): bool + { + // Verify that the Logout Token doesn't contain a nonce Claim. + if (isset($claims->nonce)) { + return false; + } + + // Verify that the logout token contains a sub or sid, or both + if (!isset($claims->sid) && !isset($claims->sub)) { + return false; + } + // Set the sid, which could be used to map to a session in + // the RP, and therefore be used to help destroy the RP's + // session. + if (isset($claims->sid)) { + $this->backChannelSid = $claims->sid; + } + + // Set the sub, which could be used to map to a session in + // the RP, and therefore be used to help destroy the RP's + // session. + if (isset($claims->sub)) { + $this->backChannelSubject = $claims->sub; + } + + // Verify that the Logout Token contains an events Claim whose + // value is a JSON object containing the member name + // http://schemas.openid.net/event/backchannel-logout + if (isset($claims->events)) { + $events = (array) $claims->events; + if (!isset($events['http://schemas.openid.net/event/backchannel-logout']) || + !is_object($events['http://schemas.openid.net/event/backchannel-logout'])) { + return false; + } + } + + // Validate the iss + if (!$this->validateIssuer($claims->iss)) { + return false; + } + // Validate the aud + $auds = $claims->aud; + $auds = is_array( $auds ) ? $auds : [ $auds ]; + if (!in_array($this->clientID, $auds, true)) { + return false; + } + // Validate the iat. At this point we can return true if it is ok + if (isset($claims->iat) && ((is_int($claims->iat)) && ($claims->iat <= time() + $this->leeway))) { + return true; + } + + return false; + } + + /** + * @param array $scope - example: openid, given_name, etc... + */ + public function addScope(array $scope) { + $this->scopes = array_merge($this->scopes, $scope); + } + + /** + * @param array $param - example: prompt=login + */ + public function addAuthParam(array $param) { + $this->authParams = array_merge($this->authParams, $param); + } + + /** + * @param array $param - example: post_logout_redirect_uris=[http://example.com/successful-logout] + */ + public function addRegistrationParam(array $param) { + $this->registrationParams = array_merge($this->registrationParams, $param); + } + + public function setTokenEndpointAuthMethodsSupported(array $token_endpoint_auth_methods_supported) + { + $this->token_endpoint_auth_methods_supported = $token_endpoint_auth_methods_supported; + } + + /** + * @param $jwk object - example: (object) ['kid' => ..., 'nbf' => ..., 'use' => 'sig', 'kty' => "RSA", 'e' => "", 'n' => ""] + */ + protected function addAdditionalJwk($jwk) { + $this->additionalJwks[] = $jwk; + } + + /** + * Gets anything that we need configuration wise including endpoints, and other values + * + * @param string $param + * @param string|string[]|bool|null $default optional + * @return string|string[]|bool + * + * @throws OpenIDConnectClientException + */ + protected function getProviderConfigValue(string $param, $default = null) + { + // If the configuration value is not available, attempt to fetch it from a well known config endpoint + // This is also known as auto "discovery" + if (!isset($this->providerConfig[$param])) { + $this->providerConfig[$param] = $this->getWellKnownConfigValue($param, $default); + } + + return $this->providerConfig[$param]; + } + + /** + * Gets anything that we need configuration wise including endpoints, and other values + * + * @param string $param + * @param string|string[]|bool|null $default optional + * @return string|string[]|bool + * + * @throws OpenIDConnectClientException + */ + protected function getWellKnownConfigValue(string $param, $default = null) + { + + // If the configuration value is not available, attempt to fetch it from a well known config endpoint + // This is also known as auto "discovery" + if(!$this->wellKnown) { + $well_known_config_url = rtrim($this->getProviderURL(), '/') . '/.well-known/openid-configuration'; + if (count($this->wellKnownConfigParameters) > 0){ + $well_known_config_url .= '?' . http_build_query($this->wellKnownConfigParameters) ; + } + $this->wellKnown = json_decode($this->fetchURL($well_known_config_url), false); + } + + $value = $this->wellKnown->{$param} ?? false; + + if ($value) { + return $value; + } + + if (isset($default)) { + // Uses default value if provided + return $default; + } + + throw new OpenIDConnectClientException("The provider $param could not be fetched. Make sure your provider has a well known configuration available."); + } + + /** + * Set optional parameters for .well-known/openid-configuration + */ + public function setWellKnownConfigParameters(array $params = []){ + $this->wellKnownConfigParameters=$params; + } + + + /** + * @param string $url Sets redirect URL for auth flow + */ + public function setRedirectURL(string $url) { + if (parse_url($url,PHP_URL_HOST) !== false) { + $this->redirectURL = $url; + } + } + + /** + * Gets the URL of the current page we are on, encodes, and returns it + * + * @return string + */ + public function getRedirectURL(): string + { + // If the redirect URL has been set then return it. + if (property_exists($this, 'redirectURL') && $this->redirectURL) { + return $this->redirectURL; + } + + // Other-wise return the URL of the current page + + /** + * Thank you + * http://stackoverflow.com/questions/189113/how-do-i-get-current-page-full-url-in-php-on-a-windows-iis-server + */ + + /* + * Compatibility with multiple host headers. + * The problem with SSL over port 80 is resolved and non-SSL over port 443. + * Support of 'ProxyReverse' configurations. + */ + + if ($this->httpUpgradeInsecureRequests && isset($_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS']) && ($_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] === '1')) { + $protocol = 'https'; + } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO']; + } elseif (isset($_SERVER['REQUEST_SCHEME'])) { + $protocol = $_SERVER['REQUEST_SCHEME']; + } elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { + $protocol = 'https'; + } else { + $protocol = 'http'; + } + + if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) { + $port = (int)$_SERVER['HTTP_X_FORWARDED_PORT']; + } elseif (isset($_SERVER['SERVER_PORT'])) { + $port = $_SERVER['SERVER_PORT']; + } elseif ($protocol === 'https') { + $port = 443; + } else { + $port = 80; + } + + if (isset($_SERVER['HTTP_HOST'])) { + $host = explode(':', $_SERVER['HTTP_HOST'])[0]; + } elseif (isset($_SERVER['SERVER_NAME'])) { + $host = $_SERVER['SERVER_NAME']; + } elseif (isset($_SERVER['SERVER_ADDR'])) { + $host = $_SERVER['SERVER_ADDR']; + } else { + return 'http:///'; + } + + $port = (443 === $port) || (80 === $port) ? '' : ':' . $port; + + $explodedRequestUri = isset($_SERVER['REQUEST_URI']) ? explode('?', $_SERVER['REQUEST_URI']) : []; + return sprintf('%s://%s%s/%s', $protocol, $host, $port, trim(reset($explodedRequestUri), '/')); + } + + /** + * Used for arbitrary value generation for nonces and state + * + * @return string + * @throws OpenIDConnectClientException + */ + protected function generateRandString(): string + { + try { + return bin2hex(random_bytes(16)); + } catch (Error $e) { + throw new OpenIDConnectClientException('Random token generation failed.'); + } catch (Exception $e) { + throw new OpenIDConnectClientException('Random token generation failed.'); + } + } + + /** + * Start Here + * @return void + * @throws OpenIDConnectClientException + * @throws Exception + */ + private function requestAuthorization() { + + $auth_endpoint = $this->getProviderConfigValue('authorization_endpoint'); + $response_type = 'code'; + + // Generate and store a nonce in the session + // The nonce is an arbitrary value + $nonce = $this->setNonce($this->generateRandString()); + + // State essentially acts as a session key for OIDC + $state = $this->setState($this->generateRandString()); + + $auth_params = array_merge($this->authParams, [ + 'response_type' => $response_type, + 'redirect_uri' => $this->getRedirectURL(), + 'client_id' => $this->clientID, + 'nonce' => $nonce, + 'state' => $state, + 'scope' => 'openid' + ]); + + // If the client has been registered with additional scopes + if (count($this->scopes) > 0) { + $auth_params = array_merge($auth_params, ['scope' => implode(' ', array_merge($this->scopes, ['openid']))]); + } + + // If the client has been registered with additional response types + if (count($this->responseTypes) > 0) { + $auth_params = array_merge($auth_params, ['response_type' => implode(' ', $this->responseTypes)]); + } + + // If the client supports Proof Key for Code Exchange (PKCE) + $codeChallengeMethod = $this->getCodeChallengeMethod(); + if (!empty($codeChallengeMethod) && in_array($codeChallengeMethod, $this->getProviderConfigValue('code_challenge_methods_supported', []), true)) { + $codeVerifier = bin2hex(random_bytes(64)); + $this->setCodeVerifier($codeVerifier); + if (!empty($this->pkceAlgs[$codeChallengeMethod])) { + $codeChallenge = rtrim(strtr(base64_encode(hash($this->pkceAlgs[$codeChallengeMethod], $codeVerifier, true)), '+/', '-_'), '='); + } else { + $codeChallenge = $codeVerifier; + } + $auth_params = array_merge($auth_params, [ + 'code_challenge' => $codeChallenge, + 'code_challenge_method' => $codeChallengeMethod + ]); + } + + $auth_endpoint .= (strpos($auth_endpoint, '?') === false ? '?' : '&') . http_build_query($auth_params, '', '&', $this->encType); + + $this->commitSession(); + $this->redirect($auth_endpoint); + } + + /** + * Requests a client credentials token + * + * @throws OpenIDConnectClientException + */ + public function requestClientCredentialsToken() { + $token_endpoint = $this->getProviderConfigValue('token_endpoint'); + + $headers = []; + + $grant_type = 'client_credentials'; + + $post_data = [ + 'grant_type' => $grant_type, + 'client_id' => $this->clientID, + 'client_secret' => $this->clientSecret, + 'scope' => implode(' ', $this->scopes) + ]; + + // Convert token params to string format + $post_params = http_build_query($post_data, '', '&', $this->encType); + + return json_decode($this->fetchURL($token_endpoint, $post_params, $headers), false); + } + + /** + * Requests a resource owner token + * (Defined in https://tools.ietf.org/html/rfc6749#section-4.3) + * + * @param boolean $bClientAuth Indicates that the Client ID and Secret be used for client authentication + * @return mixed + * @throws OpenIDConnectClientException + */ + public function requestResourceOwnerToken(bool $bClientAuth = false) { + $token_endpoint = $this->getProviderConfigValue('token_endpoint'); + + $headers = []; + + $grant_type = 'password'; + + $post_data = [ + 'grant_type' => $grant_type, + 'username' => $this->authParams['username'], + 'password' => $this->authParams['password'], + 'scope' => implode(' ', $this->scopes) + ]; + + //For client authentication include the client values + if($bClientAuth) { + $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']); + if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) { + $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))]; + } else { + $post_data['client_id'] = $this->clientID; + $post_data['client_secret'] = $this->clientSecret; + } + } + + // Convert token params to string format + $post_params = http_build_query($post_data, '', '&', $this->encType); + + return json_decode($this->fetchURL($token_endpoint, $post_params, $headers), false); + } + + + /** + * Requests ID and Access tokens + * + * @param string $code + * @param string[] $headers Extra HTTP headers to pass to the token endpoint + * @return mixed + * @throws OpenIDConnectClientException + */ + protected function requestTokens(string $code, array $headers = []) { + $token_endpoint = $this->getProviderConfigValue('token_endpoint'); + $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']); + + $grant_type = 'authorization_code'; + + $token_params = [ + 'grant_type' => $grant_type, + 'code' => $code, + 'redirect_uri' => $this->getRedirectURL(), + 'client_id' => $this->clientID, + 'client_secret' => $this->clientSecret + ]; + + $authorizationHeader = null; + # Consider Basic authentication if provider config is set this way + if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) { + $authorizationHeader = 'Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret)); + unset($token_params['client_secret'], $token_params['client_id']); + } + + // When there is a private key jwt generator, and it is supported then use it as client authentication + if ($this->privateKeyJwtGenerator !== null && $this->supportsAuthMethod('private_key_jwt', $token_endpoint_auth_methods_supported)) { + $token_params['client_assertion_type'] = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'; + $token_params['client_assertion'] = $this->privateKeyJwtGenerator->__invoke($token_endpoint); + } + + if ($this->supportsAuthMethod('client_secret_jwt', $token_endpoint_auth_methods_supported)) { + $client_assertion_type = $this->getProviderConfigValue('client_assertion_type'); + + if(isset($this->providerConfig['client_assertion'])){ + $client_assertion = $this->getProviderConfigValue('client_assertion'); + } + else{ + $client_assertion = $this->getJWTClientAssertion($this->getProviderConfigValue('token_endpoint')); + } + + $token_params['client_assertion_type'] = $client_assertion_type; + $token_params['client_assertion'] = $client_assertion; + unset($token_params['client_secret']); + } + + $ccm = $this->getCodeChallengeMethod(); + $cv = $this->getCodeVerifier(); + if (!empty($ccm) && !empty($cv)) { + $cs = $this->getClientSecret(); + if (empty($cs)) { + $authorizationHeader = null; + unset($token_params['client_secret']); + } + $token_params = array_merge($token_params, [ + 'client_id' => $this->clientID, + 'code_verifier' => $this->getCodeVerifier() + ]); + } + + // Convert token params to string format + $token_params = http_build_query($token_params, '', '&', $this->encType); + + if (null !== $authorizationHeader) { + $headers[] = $authorizationHeader; + } + + $this->tokenResponse = json_decode($this->fetchURL($token_endpoint, $token_params, $headers), false); + + return $this->tokenResponse; + } + + /** + * Request RFC8693 Token Exchange + * https://datatracker.ietf.org/doc/html/rfc8693 + * + * @param string $subjectToken + * @param string $subjectTokenType + * @param string $audience + * @return mixed + * @throws OpenIDConnectClientException + */ + public function requestTokenExchange(string $subjectToken, string $subjectTokenType, string $audience = '') { + $token_endpoint = $this->getProviderConfigValue('token_endpoint'); + $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']); + $headers = []; + $grant_type = 'urn:ietf:params:oauth:grant-type:token-exchange'; + + $post_data = array( + 'grant_type' => $grant_type, + 'subject_token_type' => $subjectTokenType, + 'subject_token' => $subjectToken, + 'client_id' => $this->clientID, + 'client_secret' => $this->clientSecret, + 'scope' => implode(' ', $this->scopes) + ); + + if (!empty($audience)) { + $post_data['audience'] = $audience; + } + + # Consider Basic authentication if provider config is set this way + if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) { + $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))]; + unset($post_data['client_secret'], $post_data['client_id']); + } + + // Convert token params to string format + $post_params = http_build_query($post_data, null, '&', $this->encType); + + return json_decode($this->fetchURL($token_endpoint, $post_params, $headers), false); + } + + + /** + * Requests Access token with refresh token + * + * @param string $refresh_token + * @return mixed + * @throws OpenIDConnectClientException + */ + public function refreshToken(string $refresh_token) { + $token_endpoint = $this->getProviderConfigValue('token_endpoint'); + $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']); + + $headers = []; + + $grant_type = 'refresh_token'; + + $token_params = [ + 'grant_type' => $grant_type, + 'refresh_token' => $refresh_token, + 'client_id' => $this->clientID, + 'client_secret' => $this->clientSecret, + 'scope' => implode(' ', $this->scopes), + ]; + + # Consider Basic authentication if provider config is set this way + if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) { + $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))]; + unset($token_params['client_secret'], $token_params['client_id']); + } + + if ($this->supportsAuthMethod('client_secret_jwt', $token_endpoint_auth_methods_supported)) { + $client_assertion_type = $this->getProviderConfigValue('client_assertion_type'); + $client_assertion = $this->getJWTClientAssertion($this->getProviderConfigValue('token_endpoint')); + + $token_params["grant_type"] = "urn:ietf:params:oauth:grant-type:token-exchange"; + $token_params["subject_token"] = $refresh_token; + $token_params["audience"] = $this->clientID; + $token_params["subject_token_type"] = "urn:ietf:params:oauth:token-type:refresh_token"; + $token_params["requested_token_type"] = "urn:ietf:params:oauth:token-type:access_token"; + $token_params['client_assertion_type']=$client_assertion_type; + $token_params['client_assertion'] = $client_assertion; + + unset($token_params['client_secret'], $token_params['client_id']); + } + // Convert token params to string format + $token_params = http_build_query($token_params, '', '&', $this->encType); + + $json = json_decode($this->fetchURL($token_endpoint, $token_params, $headers), false); + + if (isset($json->access_token)) { + $this->accessToken = $json->access_token; + } + + if (isset($json->refresh_token)) { + $this->refreshToken = $json->refresh_token; + } + + return $json; + } + + /** + * @throws OpenIDConnectClientException + */ + private function getKeyForHeader(array $keys, stdClass $header) { + foreach ($keys as $key) { + if ($key->kty === 'RSA') { + if (!isset($header->kid) || $key->kid === $header->kid) { + return $key; + } + } else if (isset($key->alg) && $key->alg === $header->alg && $key->kid === $header->kid) { + return $key; + } + } + if ($this->additionalJwks) { + foreach ($this->additionalJwks as $key) { + if ($key->kty === 'RSA') { + if (!isset($header->kid) || $key->kid === $header->kid) { + return $key; + } + } else if (isset($key->alg) && $key->alg === $header->alg && $key->kid === $header->kid) { + return $key; + } + } + } + if (isset($header->kid)) { + throw new OpenIDConnectClientException('Unable to find a key for (algorithm, kid):' . $header->alg . ', ' . $header->kid . ')'); + } + + throw new OpenIDConnectClientException('Unable to find a key for RSA'); + } + + /** + * @throws OpenIDConnectClientException + */ + private function verifyRSAJWTSignature(string $hashType, stdClass $key, $payload, $signature, $signatureType): bool + { + if (!(property_exists($key, 'n') && property_exists($key, 'e'))) { + throw new OpenIDConnectClientException('Malformed key object'); + } + + $key = RSA::load([ + 'publicExponent' => new BigInteger(base64_decode(b64url2b64($key->e)), 256), + 'modulus' => new BigInteger(base64_decode(b64url2b64($key->n)), 256), + 'isPublicKey' => true, + ]) + ->withHash($hashType); + if ($signatureType === 'PSS') { + $key = $key->withMGFHash($hashType) + ->withPadding(RSA::SIGNATURE_PSS); + } else { + $key = $key->withPadding(RSA::SIGNATURE_PKCS1); + } + return $key->verify($payload, $signature); + } + + private function verifyHMACJWTSignature(string $hashType, string $key, string $payload, string $signature): bool + { + $expected = hash_hmac($hashType, $payload, $key, true); + return hash_equals($signature, $expected); + } + + /** + * @param string $jwt encoded JWT + * @return bool + * @throws OpenIDConnectClientException + */ + public function verifyJWTSignature(string $jwt): bool + { + $parts = explode('.', $jwt); + if (!isset($parts[0])) { + throw new OpenIDConnectClientException('Error missing part 0 in token'); + } + $signature = base64url_decode(array_pop($parts)); + if (false === $signature || '' === $signature) { + throw new OpenIDConnectClientException('Error decoding signature from token'); + } + $header = json_decode(base64url_decode($parts[0]), false); + if (!is_object($header)) { + throw new OpenIDConnectClientException('Error decoding JSON from token header'); + } + if (!isset($header->alg)) { + throw new OpenIDConnectClientException('Error missing signature type in token header'); + } + + $payload = implode('.', $parts); + switch ($header->alg) { + case 'RS256': + case 'PS256': + case 'PS512': + case 'RS384': + case 'RS512': + $hashType = 'sha' . substr($header->alg, 2); + $signatureType = $header->alg === 'PS256' || $header->alg === 'PS512' ? 'PSS' : ''; + if (isset($header->jwk)) { + $jwk = $header->jwk; + $this->verifyJWKHeader($jwk); + } else { + $jwks = json_decode($this->fetchURL($this->getProviderConfigValue('jwks_uri')), false); + if ($jwks === NULL) { + throw new OpenIDConnectClientException('Error decoding JSON from jwks_uri'); + } + $jwk = $this->getKeyForHeader($jwks->keys, $header); + } + + $verified = $this->verifyRSAJWTSignature($hashType, + $jwk, + $payload, $signature, $signatureType); + break; + case 'HS256': + case 'HS512': + case 'HS384': + $hashType = 'SHA' . substr($header->alg, 2); + $verified = $this->verifyHMACJWTSignature($hashType, $this->getClientSecret(), $payload, $signature); + break; + default: + throw new OpenIDConnectClientException('No support for signature type: ' . $header->alg); + } + return $verified; + } + + /** + * @param string $jwt encoded JWT + * @return void + * @throws OpenIDConnectClientException + */ + public function verifySignatures(string $jwt) + { + if (!$this->getProviderConfigValue('jwks_uri')) { + throw new OpenIDConnectClientException ('Unable to verify signature due to no jwks_uri being defined'); + } + if (!$this->verifyJWTSignature($jwt)) { + throw new OpenIDConnectClientException ('Unable to verify signature'); + } + } + + /** + * @param string $iss + * @return bool + * @throws OpenIDConnectClientException + */ + protected function validateIssuer(string $iss): bool + { + if ($this->issuerValidator !== null) { + return $this->issuerValidator->__invoke($iss); + } + + return ($iss === $this->getIssuer() || $iss === $this->getWellKnownIssuer() || $iss === $this->getWellKnownIssuer(true)); + } + + /** + * @param object $claims + * @param string|null $accessToken + * @return bool + * @throws OpenIDConnectClientException + */ + protected function verifyJWTClaims($claims, string $accessToken = null): bool + { + if(isset($claims->at_hash, $accessToken)) { + if(isset($this->getIdTokenHeader()->alg) && $this->getIdTokenHeader()->alg !== 'none') { + $bit = substr($this->getIdTokenHeader()->alg, 2, 3); + } else { + // TODO: Error case. throw exception??? + $bit = '256'; + } + $len = ((int)$bit)/16; + $expected_at_hash = $this->urlEncode(substr(hash('sha'.$bit, $accessToken, true), 0, $len)); + } + return (($this->validateIssuer($claims->iss)) + && (($claims->aud === $this->clientID) || in_array($this->clientID, $claims->aud, true)) + && (!isset($claims->nonce) || $claims->nonce === $this->getNonce()) + && ( !isset($claims->exp) || ((is_int($claims->exp)) && ($claims->exp >= time() - $this->leeway))) + && ( !isset($claims->nbf) || ((is_int($claims->nbf)) && ($claims->nbf <= time() + $this->leeway))) + && ( !isset($claims->at_hash) || !isset($accessToken) || $claims->at_hash === $expected_at_hash ) + ); + } + + protected function urlEncode(string $str): string + { + $enc = base64_encode($str); + $enc = rtrim($enc, '='); + return strtr($enc, '+/', '-_'); + } + + /** + * @param string $jwt encoded JWT + * @param int $section the section we would like to decode + * @return object + */ + protected function decodeJWT(string $jwt, int $section = 0): stdClass { + + $parts = explode('.', $jwt); + return json_decode(base64url_decode($parts[$section]), false); + } + + /** + * + * @param string|null $attribute optional + * + * Attribute Type Description + * user_id string REQUIRED Identifier for the End-User at the Issuer. + * name string End-User's full name in displayable form including all name parts, ordered according to End-User's locale and preferences. + * given_name string Given name or first name of the End-User. + * family_name string Surname or last name of the End-User. + * middle_name string Middle name of the End-User. + * nickname string Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael. + * profile string URL of End-User's profile page. + * picture string URL of the End-User's profile picture. + * website string URL of End-User's web page or blog. + * email string The End-User's preferred e-mail address. + * verified boolean True if the End-User's e-mail address has been verified; otherwise false. + * gender string The End-User's gender: Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable. + * birthday string The End-User's birthday, represented as a date string in MM/DD/YYYY format. The year MAY be 0000, indicating that it is omitted. + * zoneinfo string String from zoneinfo [zoneinfo] time zone database. For example, Europe/Paris or America/Los_Angeles. + * locale string The End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Implementations MAY choose to accept this locale syntax as well. + * phone_number string The End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim. For example, +1 (425) 555-1212 or +56 (2) 687 2400. + * address JSON object The End-User's preferred address. The value of the address member is a JSON [RFC4627] structure containing some or all of the members defined in Section 2.4.2.1. + * updated_time string Time the End-User's information was last updated, represented as an RFC 3339 [RFC3339] datetime. For example, 2011-01-03T23:58:42+0000. + * + * @return mixed + * + * @throws OpenIDConnectClientException + */ + public function requestUserInfo(string $attribute = null) { + + $user_info_endpoint = $this->getProviderConfigValue('userinfo_endpoint'); + $schema = 'openid'; + + $user_info_endpoint .= '?schema=' . $schema; + + //The accessToken has to be sent in the Authorization header. + // Accept json to indicate response type + $headers = ["Authorization: Bearer $this->accessToken", + 'Accept: application/json']; + + $response = $this->fetchURL($user_info_endpoint,null,$headers); + if ($this->getResponseCode() !== 200) { + throw new OpenIDConnectClientException('The communication to retrieve user data has failed with status code '.$this->getResponseCode()); + } + + // When we receive application/jwt, the UserInfo Response is signed and/or encrypted. + if ($this->getResponseContentType() === 'application/jwt' ) { + // Check if the response is encrypted + $jwtHeaders = $this->decodeJWT($response); + if (isset($jwtHeaders->enc)) { + // Handle JWE + $jwt = $this->handleJweResponse($response); + } else { + // If the response is not encrypted then it must be signed + $jwt = $response; + } + + // Verify the signature + $this->verifySignatures($jwt); + + // Get claims from JWT + $claims = $this->decodeJWT($jwt, 1); + + // Verify the JWT claims + if (!$this->verifyJWTClaims($claims)) { + throw new OpenIDConnectClientException('Invalid JWT signature'); + } + + $user_json = $claims; + } else { + $user_json = json_decode($response, false); + } + + $userInfo = $user_json; + + if($attribute === null) { + return $userInfo; + } + + if (property_exists($userInfo, $attribute)) { + return $userInfo->$attribute; + } + + return null; + } + + /** + * + * @param string|null $attribute optional + * + * Attribute Type Description + * exp int Expires at + * nbf int Not before + * ver string Version + * iss string Issuer + * sub string Subject + * aud string Audience + * nonce string nonce + * iat int Issued At + * auth_time int Authentication time + * oid string Object id + * + * @return mixed + * + */ + public function getVerifiedClaims(string $attribute = null) { + + if($attribute === null) { + return $this->verifiedClaims; + } + + if (property_exists($this->verifiedClaims, $attribute)) { + return $this->verifiedClaims->$attribute; + } + + return null; + } + + /** + * @param string $url + * @param string | null $post_body string If this is set the post type will be POST + * @param array $headers Extra headers to be sent with the request. Format as 'NameHeader: ValueHeader' + * @return bool|string + * @throws OpenIDConnectClientException + */ + protected function fetchURL(string $url, string $post_body = null, array $headers = []) { + + // OK cool - then let's create a new cURL resource handle + $ch = curl_init(); + + // Determine whether this is a GET or POST + if ($post_body !== null) { + // curl_setopt($ch, CURLOPT_POST, 1); + // Allows to keep the POST method even after redirect + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_body); + + // Default content type is form encoded + $content_type = 'application/x-www-form-urlencoded'; + + // Determine if this is a JSON payload and add the appropriate content type + if (is_object(json_decode($post_body, false))) { + $content_type = 'application/json'; + } + + // Add POST-specific headers + $headers[] = "Content-Type: $content_type"; + } + + // Set the User-Agent + curl_setopt($ch, CURLOPT_USERAGENT, $this->getUserAgent()); + + // If we set some headers include them + if(count($headers) > 0) { + curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + } + + // Set URL to download + curl_setopt($ch, CURLOPT_URL, $url); + + if (isset($this->httpProxy)) { + curl_setopt($ch, CURLOPT_PROXY, $this->httpProxy); + } + + // Include header in result? (0 = yes, 1 = no) + curl_setopt($ch, CURLOPT_HEADER, 0); + + // Allows to follow redirect + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + + /** + * Set cert + * Otherwise ignore SSL peer verification + */ + if (isset($this->certPath)) { + curl_setopt($ch, CURLOPT_CAINFO, $this->certPath); + } + + if($this->verifyHost) { + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); + } else { + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); + } + + if($this->verifyPeer) { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); + } else { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + } + + // Should cURL return or print out the data? (true = return, false = print) + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + + // Timeout in seconds + curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeOut); + + // Download the given URL, and return output + $output = curl_exec($ch); + + // HTTP Response code from server may be required from subclass + $info = curl_getinfo($ch); + $this->responseCode = $info['http_code']; + $this->responseContentType = $info['content_type']; + + if ($output === false) { + throw new OpenIDConnectClientException('Curl error: (' . curl_errno($ch) . ') ' . curl_error($ch)); + } + + // Close the cURL resource, and free system resources + curl_close($ch); + + return $output; + } + + /** + * @throws OpenIDConnectClientException + */ + public function getWellKnownIssuer(bool $appendSlash = false): string + { + return $this->getWellKnownConfigValue('issuer') . ($appendSlash ? '/' : ''); + } + + /** + * @throws OpenIDConnectClientException + */ + public function getIssuer(): string + { + + if (!isset($this->providerConfig['issuer'])) { + throw new OpenIDConnectClientException('The issuer has not been set'); + } + + return $this->providerConfig['issuer']; + } + + /** + * @return mixed + * @throws OpenIDConnectClientException + */ + public function getProviderURL() { + if (!isset($this->providerConfig['providerUrl'])) { + throw new OpenIDConnectClientException('The provider URL has not been set'); + } + + return $this->providerConfig['providerUrl']; + } + + public function redirect(string $url) { + header('Location: ' . $url); + exit; + } + + public function setHttpProxy(string $httpProxy) { + $this->httpProxy = $httpProxy; + } + + public function setCertPath(string $certPath) { + $this->certPath = $certPath; + } + + /** + * @return string|null + */ + public function getCertPath() { + return $this->certPath; + } + + public function setVerifyPeer(bool $verifyPeer) { + $this->verifyPeer = $verifyPeer; + } + + public function setVerifyHost(bool $verifyHost) { + $this->verifyHost = $verifyHost; + } + + /** + * Controls whether http header HTTP_UPGRADE_INSECURE_REQUESTS should be considered + * defaults to true + */ + public function setHttpUpgradeInsecureRequests(bool $httpUpgradeInsecureRequests) { + $this->httpUpgradeInsecureRequests = $httpUpgradeInsecureRequests; + } + + public function getVerifyHost(): bool + { + return $this->verifyHost; + } + + public function getVerifyPeer(): bool + { + return $this->verifyPeer; + } + + public function getHttpUpgradeInsecureRequests(): bool + { + return $this->httpUpgradeInsecureRequests; + } + + /** + * Use this for custom issuer validation + * The given function should accept the issuer string from the JWT claim as the only argument + * and return true if the issuer is valid, otherwise return false + */ + public function setIssuerValidator(callable $issuerValidator) { + $this->issuerValidator = $issuerValidator; + } + + /** + * Use this for private_key_jwt client authentication + * The given function should accept the token_endpoint string as the only argument + * and return a jwt signed with your private key according to: + * https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication + */ + public function setPrivateKeyJwtGenerator(callable $privateKeyJwtGenerator) { + $this->privateKeyJwtGenerator = $privateKeyJwtGenerator; + } + + public function setAllowImplicitFlow(bool $allowImplicitFlow) { + $this->allowImplicitFlow = $allowImplicitFlow; + } + + /** + * @return bool + */ + public function getAllowImplicitFlow(): bool + { + return $this->allowImplicitFlow; + } + + /** + * + * Use this to alter a provider's endpoints and other attributes + * + * @param array $array + * simple key => value + */ + public function providerConfigParam(array $array) { + $this->providerConfig = array_merge($this->providerConfig, $array); + } + + public function setClientSecret(string $clientSecret) { + $this->clientSecret = $clientSecret; + } + + public function setClientID(string $clientID) { + $this->clientID = $clientID; + } + + + /** + * Dynamic registration + * + * @throws OpenIDConnectClientException + */ + public function register() { + + $registration_endpoint = $this->getProviderConfigValue('registration_endpoint'); + + $send_object = (object ) array_merge($this->registrationParams, [ + 'redirect_uris' => [$this->getRedirectURL()], + 'client_name' => $this->getClientName() + ]); + + $response = $this->fetchURL($registration_endpoint, json_encode($send_object)); + + $json_response = json_decode($response, false); + + // Throw some errors if we encounter them + if ($json_response === false) { + throw new OpenIDConnectClientException('Error registering: JSON response received from the server was invalid.'); + } + + if (isset($json_response->{'error_description'})) { + throw new OpenIDConnectClientException($json_response->{'error_description'}); + } + + $this->setClientID($json_response->{'client_id'}); + + // The OpenID Connect Dynamic registration protocol makes the client secret optional + // and provides a registration access token and URI endpoint if it is not present + if (isset($json_response->{'client_secret'})) { + $this->setClientSecret($json_response->{'client_secret'}); + } else { + throw new OpenIDConnectClientException('Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them'); + } + } + + /** + * Introspect a given token - either access token or refresh token. + * @see https://tools.ietf.org/html/rfc7662 + * + * @param string $token + * @param string $token_type_hint + * @param string|null $clientId + * @param string|null $clientSecret + * @return mixed + * @throws OpenIDConnectClientException + * @throws Exception + */ + public function introspectToken(string $token, string $token_type_hint = '', string $clientId = null, string $clientSecret = null) { + $introspection_endpoint = $this->getProviderConfigValue('introspection_endpoint'); + $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']); + + $post_data = ['token' => $token]; + + if ($token_type_hint) { + $post_data['token_type_hint'] = $token_type_hint; + } + $clientId = $clientId ?? $this->clientID; + $clientSecret = $clientSecret ?? $this->clientSecret; + + // Convert token params to string format + $headers = ['Authorization: Basic ' . base64_encode(urlencode($clientId) . ':' . urlencode($clientSecret)), + 'Accept: application/json']; + + if ($this->supportsAuthMethod('client_secret_jwt', $token_endpoint_auth_methods_supported)) { + $client_assertion_type = $this->getProviderConfigValue('client_assertion_type'); + $client_assertion = $this->getJWTClientAssertion($this->getProviderConfigValue('introspection_endpoint')); + + $post_data['client_assertion_type']=$client_assertion_type; + $post_data['client_assertion'] = $client_assertion; + $headers = ['Accept: application/json']; + } + + $post_params = http_build_query($post_data, '', '&'); + + return json_decode($this->fetchURL($introspection_endpoint, $post_params, $headers), false); + } + + /** + * Revoke a given token - either access token or refresh token. + * @see https://tools.ietf.org/html/rfc7009 + * + * @param string $token + * @param string $token_type_hint + * @param string|null $clientId + * @param string|null $clientSecret + * @return mixed + * @throws OpenIDConnectClientException + */ + public function revokeToken(string $token, string $token_type_hint = '', string $clientId = null, string $clientSecret = null) { + $revocation_endpoint = $this->getProviderConfigValue('revocation_endpoint'); + + $post_data = ['token' => $token]; + + if ($token_type_hint) { + $post_data['token_type_hint'] = $token_type_hint; + } + $clientId = $clientId ?? $this->clientID; + $clientSecret = $clientSecret ?? $this->clientSecret; + + // Convert token params to string format + $post_params = http_build_query($post_data, '', '&'); + $headers = ['Authorization: Basic ' . base64_encode(urlencode($clientId) . ':' . urlencode($clientSecret)), + 'Accept: application/json']; + + return json_decode($this->fetchURL($revocation_endpoint, $post_params, $headers), false); + } + + public function getClientName(): string + { + return $this->clientName; + } + + public function setClientName(string $clientName) { + $this->clientName = $clientName; + } + + /** + * @return string + */ + public function getClientID() { + return $this->clientID; + } + + /** + * @return string + */ + public function getClientSecret() { + return $this->clientSecret; + } + + /** + * Set the access token. + * + * May be required for subclasses of this Client. + */ + public function setAccessToken(string $accessToken) { + $this->accessToken = $accessToken; + } + + public function getAccessToken(): string + { + return $this->accessToken; + } + + public function getRefreshToken(): string + { + return $this->refreshToken; + } + + public function getIdToken(): string + { + return $this->idToken; + } + + /** + * @return object + */ + public function getAccessTokenHeader() { + return $this->decodeJWT($this->accessToken); + } + + /** + * @return object + */ + public function getAccessTokenPayload() { + return $this->decodeJWT($this->accessToken, 1); + } + + /** + * @return object + */ + public function getIdTokenHeader() { + return $this->decodeJWT($this->idToken); + } + + /** + * @return object + */ + public function getIdTokenPayload() { + return $this->decodeJWT($this->idToken, 1); + } + + /** + * @return object + */ + public function getTokenResponse() { + return $this->tokenResponse; + } + + /** + * Stores nonce + */ + protected function setNonce(string $nonce): string + { + $this->setSessionKey('openid_connect_nonce', $nonce); + return $nonce; + } + + /** + * Get stored nonce + * + * @return string + */ + protected function getNonce() { + return $this->getSessionKey('openid_connect_nonce'); + } + + /** + * Cleanup nonce + * + * @return void + */ + protected function unsetNonce() { + $this->unsetSessionKey('openid_connect_nonce'); + } + + /** + * Stores $state + */ + protected function setState(string $state): string + { + $this->setSessionKey('openid_connect_state', $state); + return $state; + } + + /** + * Get stored state + * + * @return string + */ + protected function getState() { + return $this->getSessionKey('openid_connect_state'); + } + + /** + * Cleanup state + * + * @return void + */ + protected function unsetState() { + $this->unsetSessionKey('openid_connect_state'); + } + + /** + * Stores $codeVerifier + */ + protected function setCodeVerifier(string $codeVerifier): string + { + $this->setSessionKey('openid_connect_code_verifier', $codeVerifier); + return $codeVerifier; + } + + /** + * Get stored codeVerifier + * + * @return string + */ + protected function getCodeVerifier() { + return $this->getSessionKey('openid_connect_code_verifier'); + } + + /** + * Cleanup state + * + * @return void + */ + protected function unsetCodeVerifier() { + $this->unsetSessionKey('openid_connect_code_verifier'); + } + + /** + * Get the response code from last action/curl request. + * + * @return int + */ + public function getResponseCode(): int + { + return $this->responseCode; + } + + /** + * Get the content type from last action/curl request. + * + * @return string|null + */ + public function getResponseContentType() + { + return $this->responseContentType; + } + + /** + * Set timeout (seconds) + * + * @param int $timeout + */ + public function setTimeout(int $timeout) { + $this->timeOut = $timeout; + } + + public function getTimeout(): int + { + return $this->timeOut; + } + + /** + * Use session to manage a nonce + */ + protected function startSession() { + if (session_status() === PHP_SESSION_NONE) { + @session_start(); + } + } + + protected function commitSession() { + $this->startSession(); + + session_write_close(); + } + + protected function getSessionKey(string $key) { + $this->startSession(); + + if (array_key_exists($key, $_SESSION)) { + return $_SESSION[$key]; + } + return false; + } + + protected function setSessionKey(string $key, $value) { + $this->startSession(); + + $_SESSION[$key] = $value; + } + + protected function unsetSessionKey(string $key) { + $this->startSession(); + + unset($_SESSION[$key]); + } + + /** + * @throws Exception + */ + protected function getJWTClientAssertion($aud): string + { + $jti = hash('sha256',bin2hex(random_bytes(64))); + + $now = time(); + + $header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']); + $payload = json_encode([ + 'sub' => $this->getClientID(), + 'iss' => $this->getClientID(), + 'aud' => $aud, + 'jti' => $jti, + 'exp' => $now + 3600, + 'iat' => $now, + ]); + // Encode Header to Base64Url String + $base64UrlHeader = $this->urlEncode($header); + + + // Encode Payload to Base64Url String + $base64UrlPayload = $this->urlEncode($payload); + + // Create Signature Hash + $signature = hash_hmac( + 'sha256', + $base64UrlHeader . "." . $base64UrlPayload, + $this->getClientSecret(), + true + ); + + // Encode Signature to Base64Url String + $base64UrlSignature = $this->urlEncode($signature); + + return $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature; + } + + public function setUrlEncoding($curEncoding) { + switch ($curEncoding) + { + case PHP_QUERY_RFC1738: + $this->encType = PHP_QUERY_RFC1738; + break; + + case PHP_QUERY_RFC3986: + $this->encType = PHP_QUERY_RFC3986; + break; + + default: + break; + } + } + + public function getScopes(): array + { + return $this->scopes; + } + + public function getResponseTypes(): array + { + return $this->responseTypes; + } + + public function getAuthParams(): array + { + return $this->authParams; + } + + /** + * @return callable + */ + public function getIssuerValidator() { + return $this->issuerValidator; + } + + + /** + * @return callable + */ + public function getPrivateKeyJwtGenerator() { + return $this->privateKeyJwtGenerator; + } + + public function getLeeway(): int + { + return $this->leeway; + } + + /** + * @return string + */ + public function getCodeChallengeMethod() { + return $this->codeChallengeMethod; + } + + public function setCodeChallengeMethod(string $codeChallengeMethod) { + $this->codeChallengeMethod = $codeChallengeMethod; + } + + /** + * @throws OpenIDConnectClientException + */ + protected function verifyJWKHeader($jwk) + { + throw new OpenIDConnectClientException('Self signed JWK header is not valid'); + } + + /** + * @param string $jwe The JWE to decrypt + * @return string the JWT payload + * @throws OpenIDConnectClientException + */ + protected function handleJweResponse(string $jwe): string + { + throw new OpenIDConnectClientException('JWE response is not supported, please extend the class and implement this method'); + } + + public function getSidFromBackChannel(): string + { + return $this->backChannelSid; + } + + public function getSubjectFromBackChannel(): string + { + return $this->backChannelSubject; + } + + public function supportsAuthMethod(string $auth_method, array $token_endpoint_auth_methods_supported): bool + { + # client_secret_jwt has to explicitly be enabled + if (!in_array($auth_method, $this->token_endpoint_auth_methods_supported, true)) { + return false; + } + + return in_array($auth_method, $token_endpoint_auth_methods_supported, true); + } + + protected function getUserAgent(): string + { + return "jumbojett/OpenID-Connect-PHP"; + } +} diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/OpenIDConnectClientTest.php b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/OpenIDConnectClientTest.php new file mode 100644 index 0000000..a16be71 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/OpenIDConnectClientTest.php @@ -0,0 +1,240 @@ +getRedirectURL()); + + $_SERVER['SERVER_NAME'] = 'domain.test'; + $_SERVER['REQUEST_URI'] = '/path/index.php?foo=bar&baz#fragment'; + self::assertSame('http://domain.test/path/index.php', $client->getRedirectURL()); + } + + public function testAuthenticateDoesNotThrowExceptionIfClaimsIsMissingNonce() + { + $fakeClaims = new StdClass(); + $fakeClaims->iss = 'fake-issuer'; + $fakeClaims->aud = 'fake-client-id'; + $fakeClaims->nonce = null; + + $_REQUEST['id_token'] = 'abc.123.xyz'; + $_REQUEST['state'] = false; + $_SESSION['openid_connect_state'] = false; + + /** @var OpenIDConnectClient | MockObject $client */ + $client = $this->getMockBuilder(OpenIDConnectClient::class)->setMethods(['decodeJWT', 'getProviderConfigValue', 'verifyJWTSignature'])->getMock(); + $client->method('decodeJWT')->willReturn($fakeClaims); + $client->method('getProviderConfigValue')->with('jwks_uri')->willReturn(true); + $client->method('verifyJWTSignature')->willReturn(true); + + $client->setClientID('fake-client-id'); + $client->setIssuer('fake-issuer'); + $client->setIssuerValidator(function() { + return true; + }); + $client->setAllowImplicitFlow(true); + $client->setProviderURL('https://jwt.io/'); + + try { + $authenticated = $client->authenticate(); + $this->assertTrue($authenticated); + } catch ( OpenIDConnectClientException $e ) { + if ( $e->getMessage() === 'Unable to verify JWT claims' ) { + self::fail( 'OpenIDConnectClientException was thrown when it should not have been.' ); + } + } + } + + public function testSerialize() + { + $client = new OpenIDConnectClient('https://example.com', 'foo', 'bar', 'baz'); + $serialized = serialize($client); + $this->assertInstanceOf(OpenIDConnectClient::class, unserialize($serialized)); + } + + /** + * @dataProvider provider + */ + public function testAuthMethodSupport($expected, $authMethod, $clientAuthMethods, $idpAuthMethods) + { + $client = new OpenIDConnectClient(); + if ($clientAuthMethods !== null) { + $client->setTokenEndpointAuthMethodsSupported($clientAuthMethods); + } + $this->assertEquals($expected, $client->supportsAuthMethod($authMethod, $idpAuthMethods)); + } + + public function provider(): array + { + return [ + 'client_secret_basic - default config' => [true, 'client_secret_basic', null, ['client_secret_basic']], + + 'client_secret_jwt - default config' => [false, 'client_secret_jwt', null, ['client_secret_basic', 'client_secret_jwt']], + 'client_secret_jwt - explicitly enabled' => [true, 'client_secret_jwt', ['client_secret_jwt'], ['client_secret_basic', 'client_secret_jwt']], + + 'private_key_jwt - default config' => [false, 'private_key_jwt', null, ['client_secret_basic', 'client_secret_jwt', 'private_key_jwt']], + 'private_key_jwt - explicitly enabled' => [true, 'private_key_jwt', ['private_key_jwt'], ['client_secret_basic', 'client_secret_jwt', 'private_key_jwt']], + + ]; + } + + /** + * @covers Jumbojett\\OpenIDConnectClient::verifyLogoutTokenClaims + * @dataProvider provideTestVerifyLogoutTokenClaimsData + * @throws OpenIDConnectClientException + */ + public function testVerifyLogoutTokenClaims( $claims, $expectedResult ) + { + /** @var OpenIDConnectClient | MockObject $client */ + $client = $this->getMockBuilder(OpenIDConnectClient::class)->setMethods(['decodeJWT'])->getMock(); + + $client->setClientID('fake-client-id'); + $client->setIssuer('fake-issuer'); + $client->setIssuerValidator(function() { + return true; + }); + $client->setProviderURL('https://jwt.io/'); + + $actualResult = $client->verifyLogoutTokenClaims( $claims ); + + $this->assertEquals( $expectedResult, $actualResult ); + } + + /** + * @return array + */ + public function provideTestVerifyLogoutTokenClaimsData(): array + { + return [ + 'valid-single-aud' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => 'fake-client-id', + 'sid' => 'fake-client-sid', + 'sub' => 'fake-client-sub', + 'iat' => time(), + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ], + ], + true + ], + 'valid-multiple-auds' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sid' => 'fake-client-sid', + 'sub' => 'fake-client-sub', + 'iat' => time(), + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ], + ], + true + ], + 'invalid-no-sid-and-no-sub' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'iat' => time(), + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ], + ], + false + ], + 'valid-no-sid' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sub' => 'fake-client-sub', + 'iat' => time(), + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ], + ], + true + ], + 'valid-no-sub' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sid' => 'fake-client-sid', + 'iat' => time(), + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ], + ], + true + ], + 'invalid-with-nonce' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sid' => 'fake-client-sid', + 'iat' => time(), + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ], + 'nonce' => 'must-not-be-set' + ], + false + ], + 'invalid-no-events' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sid' => 'fake-client-sid', + 'iat' => time(), + 'nonce' => 'must-not-be-set' + ], + false + ], + 'invalid-no-backchannel-event' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sid' => 'fake-client-sid', + 'iat' => time(), + 'events' => (object) [], + 'nonce' => 'must-not-be-set' + ], + false + ], + 'invalid-no-iat' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sid' => 'fake-client-sid', + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ] + ], + false + ], + 'invalid-bad-iat' => [ + (object)[ + 'iss' => 'fake-issuer', + 'aud' => [ 'fake-client-id', 'some-other-aud' ], + 'sid' => 'fake-client-sid', + 'iat' => time() + 301, + 'events' => (object) [ + 'http://schemas.openid.net/event/backchannel-logout' => (object)[] + ] + ], + false + ], + ]; + } +} diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/TokenVerificationTest.php b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/TokenVerificationTest.php new file mode 100644 index 0000000..0715911 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/TokenVerificationTest.php @@ -0,0 +1,35 @@ +getMockBuilder(OpenIDConnectClient::class)->setMethods(['fetchUrl'])->getMock(); + $client->method('fetchUrl')->willReturn(file_get_contents(__DIR__ . "/data/jwks-$alg.json")); + $client->setProviderURL('https://jwt.io/'); + $client->providerConfigParam(['jwks_uri' => 'https://jwt.io/.well-known/jwks.json']); + $verified = $client->verifyJWTSignature($jwt); + self::assertTrue($verified); + $client->setAccessToken($jwt); + } + + public function providesTokens(): array + { + return [ + 'PS256' => ['ps256', 'eyJhbGciOiJQUzI1NiIsImtpZCI6Imtvbm5lY3RkLXRva2Vucy1zaWduaW5nLWtleSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrcG9wLWh0dHBzOi8va29wYW5vLmRlbW8vbWVldC8iLCJleHAiOjE1NjgzNzE0NjEsImp0aSI6IkpkR0tDbEdOTXl2VXJpcmlRRUlWUXZCVmttT2FfQkRjIiwiaWF0IjoxNTY4MzcxMjIxLCJpc3MiOiJodHRwczovL2tvcGFuby5kZW1vIiwic3ViIjoiUHpUVWp3NHBlXzctWE5rWlBILXJxVHE0MTQ1Z3lDdlRvQmk4V1E5bFBrcW5rbEc1aktvRU5LM21Qb0I1WGY1ZTM5dFRMR2RKWXBMNEJubXFnelpaX0FAa29ubmVjdCIsImtjLmlzQWNjZXNzVG9rZW4iOnRydWUsImtjLmF1dGhvcml6ZWRTY29wZXMiOlsicHJvZmlsZSIsImVtYWlsIiwia29wYW5vL2t3bSIsImtvcGFuby9nYyIsImtvcGFuby9rdnMiLCJvcGVuaWQiXSwia2MuYXV0aG9yaXplZENsYWltcyI6eyJpZF90b2tlbiI6eyJuYW1lIjpudWxsfX0sImtjLmlkZW50aXR5Ijp7ImtjLmkuZG4iOiJKb25hcyBCcmVra2UiLCJrYy5pLmlkIjoiQUFBQUFLd2hxVkJBMCs1SXN4bjdwMU13UkNVQkFBQUFCZ0FBQUJzQUFBQk5VVDA5QUFBQUFBPT0iLCJrYy5pLnVuIjoidXNlcjEiLCJrYy5pLnVzIjoiTVEifSwia2MucHJvdmlkZXIiOiJpZGVudGlmaWVyLWtjIn0.hGRuXvul2kOiALHexwYp5MBEJVwz1YV3ehyM3AOuwCoK2w5sJxdciqqY_TfXCKyO6nAEbYLK3J0CBOjfup_IG0aCZcwzjto8khYlc4ezXkGnFsbJBNQdDGkpHtWnioWx-OJ3cXvY9F8aOvjaq0gw11ZDAcqQl0g7LTbJ9-J_yx0pmy3NGai2JB30Fh1OgSDzYfxWnE0RRgZG-x68e65RXfSBaEGW85OUh4wihxO2zdTGAHJ3Iq_-QAG4yRbXZtLx3ZspG7LNmqG-YE3huy3Rd8u3xrJNhmUOfEnz3x07q7VW0cj9NedX98BAbj3iNvksQsE0oG0J_f_Tu8Ai8VbWB72sJuXZWxANDKdz0BBYLzXhsjXkNByRq9x3zqDVsX-cVHei_XudxEOVRBjhkvW2MmIjcAHNKCKsdar865-gFG9McP4PCcBlY28tC0Cvnzyi83LBfpGRXdl6MJunnUsKQ1C79iCoVI1doK1erFN959Q-TGJfJA3Tr5LNpuGawB5rpe1nDGWvmYhg3uYfNl8uTTyvNgvvejcflEb2DURuXdqABuSiP7RkDWYtzx6mq49G0tRxelBbvyjQ2id2QjmRRdQ6dHEZ2NCJ51b8OFoDJBtxN1CD62TTxa3FUqCdZAPAUR3hHn_69vYq82MR514s-Gb67A6j2PbMPFATQP2UdK8'] + ]; + } +} diff --git a/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/data/jwks-ps256.json b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/data/jwks-ps256.json new file mode 100644 index 0000000..a73a1e0 --- /dev/null +++ b/qa-tool/htdocs/vendor/jumbojett/openid-connect-php/tests/data/jwks-ps256.json @@ -0,0 +1,12 @@ +{ + "keys": [ + { + "kty": "RSA", + "use": "sig", + "kid": "konnectd-tokens-signing-key", + "n": "10hb3pFUVcqJcS-d1pLCkFTyTqVD1GavlAai582CoRwFcyIQxCPJz0LJVgkUNwxSRkY0g0PcgFN_MmuuzpFXMkkiMIC9O_KwnuL34FrbijZvcGpnDn7kb9KAM883OVTr_w3wFeQIyh0ksSwVQ9CxVQ-ZeCXP73CCGk99uDb8SeF8_vncXJmaak99pK6HKJteSLkA-Ywxo9HOINZK2vW06UYcSkeoQnSI27Cd5-T6GVgqKH0Su4c5Ydou_w0tL_UkbZA4fIbMZC6dtWmBQf6tyYsCM9fbWNIVOj_7WlWcAOSTFNF2We2dxJrOzt6vDND3k1nCgg_EEM6cgBO3swUCktTFuQxo1sryYX5WXz9wnJb38b9mTXhOeF0bd9y_VQq8erSlcyRu8UGzX65tIf534hLL16KQaHbjROGSQvzqFrISmSBjBTjkPedTZSYOhiVJ95-em_Y6uLi-T7V4bs4dcg3oa0H_glXltoC9JxzS6gfMGGLgh-NpGEOdC_QosyzVVfzT70TurOGnsB1_VcAm_fK-T1Zv_ztpr5OZNfXWXC3Pfq_3sxP5HDKMk8luZ7LOWk7HVSYBdCFmOM1A3KmHNS2fEs-QHIr-XjYQ7QrXsRFP3dmoEPfiYlu03m8Xs3UMB70eGeGQx7OhZSuogxV_oCfApV5EJfuz97tVmOg8iMs", + "e": "AQAB" + } + ], + "kty": "" +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/composer.json b/qa-tool/htdocs/vendor/litesaml/lightsaml/composer.json new file mode 100644 index 0000000..cfe02b3 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/composer.json @@ -0,0 +1,59 @@ +{ + "name": "litesaml/lightsaml", + "license": "MIT", + "type": "library", + "description": "SAML 2.0 PHP library", + "keywords": ["SAML 2.0", "PHP", "library", "lightSAML", "Single SignOn", "Single Logout"], + "authors": [ + { + "name": "William", + "email": "work@suppo.fr" + }, + { + "name": "Milos Tomic", + "email": "tmilos@gmail.com", + "homepage": "https://github.com/tmilos/", + "role": "Developer" + } + ], + "support": { + "issues": "https://github.com/litesaml/lightsaml/issues", + "source": "https://github.com/litesaml/lightsaml", + "docs": "https://docs.litesaml.com" + }, + "autoload": { + "psr-4": { + "LightSaml\\": "src/" + } + }, + "autoload-dev": { + "psr-4": { + "LightSaml\\Tests\\": "tests/" + } + }, + "require": { + "php": ">=7.4", + "robrichards/xmlseclibs": "~2.0|~3.0|~4.0", + "symfony/http-foundation": "~5.0|~6.0|~7.0", + "psr/event-dispatcher": "^1.0" + }, + "require-dev": { + "symfony/dom-crawler": "~5.0|~6.0|~7.0", + "symfony/css-selector": "~5.0|~6.0|~7.0", + "pimple/pimple": "~3.0", + "phpunit/phpunit": "~8.4|~9.5", + "monolog/monolog": "^2.0|^3.0", + "squizlabs/php_codesniffer": "^3.6", + "litesaml/schemas": "~1.0.0", + "phpstan/phpstan": "^1.8", + "marcocesarato/php-conventional-changelog": "^1.15" + }, + "prefer-stable": true, + "minimum-stability": "stable", + "scripts": { + "test": "vendor/bin/phpunit", + "phpcs": "vendor/bin/phpcs --standard=PSR12 --exclude=Generic.Files.LineLength ./src", + "phpstan": "vendor/bin/phpstan analyse --memory-limit 512M --ansi", + "tag": "vendor/bin/conventional-changelog --commit" + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/ActionInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/ActionInterface.php new file mode 100644 index 0000000..38c0100 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/ActionInterface.php @@ -0,0 +1,10 @@ +logger = $logger; + } + + /** + * @return ActionInterface + */ + public function wrap(ActionInterface $action) + { + return new LoggableAction($action, $this->logger); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/ActionWrapperInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/ActionWrapperInterface.php new file mode 100644 index 0000000..1f7a4db --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/ActionWrapperInterface.php @@ -0,0 +1,11 @@ +logger = $logger; + } + + public function execute(ContextInterface $context) + { + if ($context instanceof AssertionContext) { + $this->doExecute($context); + } else { + throw new LightSamlContextException($context, 'Expected AssertionContext'); + } + } + + abstract protected function doExecute(AssertionContext $context); +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionIssuerFormatValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionIssuerFormatValidatorAction.php new file mode 100644 index 0000000..fa5060d --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionIssuerFormatValidatorAction.php @@ -0,0 +1,51 @@ +expectedIssuerFormat = $expectedIssuerFormat; + } + + protected function doExecute(AssertionContext $context) + { + if (null == $context->getAssertion()->getIssuer()) { + $message = 'Assertion element must have an issuer element'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + if ( + $context->getAssertion()->getIssuer()->getFormat() && + $context->getAssertion()->getIssuer()->getFormat() != $this->expectedIssuerFormat + ) { + $message = sprintf( + "Response Issuer Format if set must have value '%s' but it was '%s'", + $this->expectedIssuerFormat, + $context->getAssertion()->getIssuer()->getFormat() + ); + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, [ + 'actualFormat' => $context->getAssertion()->getIssuer()->getFormat(), + 'expectedFormat' => $this->expectedIssuerFormat, + ])); + throw new LightSamlContextException($context, $message); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionSignatureValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionSignatureValidatorAction.php new file mode 100644 index 0000000..7f5bfed --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionSignatureValidatorAction.php @@ -0,0 +1,76 @@ +signatureValidator = $signatureValidator; + $this->requireSignature = $requireSignature; + } + + /** + * @return void + */ + protected function doExecute(AssertionContext $context) + { + $signature = $context->getAssertion()->getSignature(); + if (null === $signature) { + if ($this->requireSignature) { + $message = 'Assertions must be signed'; + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } else { + $this->logger->debug('Assertion is not signed', LogHelper::getActionContext($context, $this)); + + return; + } + } + + if ($signature instanceof AbstractSignatureReader) { + $metadataType = ProfileContext::ROLE_IDP === $context->getProfileContext()->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP; + $credential = $this->signatureValidator->validate($signature, $context->getAssertion()->getIssuer()->getValue(), $metadataType); + if ($credential) { + $keyNames = $credential->getKeyNames(); + $this->logger->debug( + sprintf('Assertion signature validated with key "%s"', implode(', ', $keyNames)), + LogHelper::getActionContext($context, $this, [ + 'credential' => $credential, + ]) + ); + } else { + $this->logger->warning( + 'Assertion signature verification was not performed', + LogHelper::getActionContext($context, $this) + ); + } + } else { + $message = 'Expected AbstractSignatureReader'; + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlModelException($message); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionValidatorAction.php new file mode 100644 index 0000000..e9bd98a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/AssertionValidatorAction.php @@ -0,0 +1,26 @@ +assertionValidator = $assertionValidator; + } + + protected function doExecute(AssertionContext $context) + { + $this->assertionValidator->validateAssertion($context->getAssertion()); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/InResponseToValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/InResponseToValidatorAction.php new file mode 100644 index 0000000..3ac360f --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/InResponseToValidatorAction.php @@ -0,0 +1,65 @@ +requestStore = $requestStore; + } + + protected function doExecute(AssertionContext $context) + { + if (null === $context->getAssertion()->getSubject()) { + return; + } + + foreach ($context->getAssertion()->getSubject()->getAllSubjectConfirmations() as $subjectConfirmation) { + if ( + $subjectConfirmation->getSubjectConfirmationData() && + $subjectConfirmation->getSubjectConfirmationData()->getInResponseTo() + ) { + $requestState = $this->validateInResponseTo( + $subjectConfirmation->getSubjectConfirmationData()->getInResponseTo(), + $context + ); + + /** @var RequestStateContext $requestStateContext */ + $requestStateContext = $context->getSubContext(ProfileContexts::REQUEST_STATE, RequestStateContext::class); + $requestStateContext->setRequestState($requestState); + } + } + } + + /** + * @param string $inResponseTo + * + * @return \LightSaml\State\Request\RequestState + */ + protected function validateInResponseTo($inResponseTo, AssertionContext $context) + { + $requestState = $this->requestStore->get($inResponseTo); + if (null == $requestState) { + $message = sprintf("Unknown InResponseTo '%s'", $inResponseTo); + $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + return $requestState; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/KnownAssertionIssuerAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/KnownAssertionIssuerAction.php new file mode 100644 index 0000000..8445945 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/KnownAssertionIssuerAction.php @@ -0,0 +1,48 @@ +idpEntityDescriptorProvider = $idpEntityDescriptorProvider; + } + + /** + * @return void + */ + protected function doExecute(AssertionContext $context) + { + if (null === $context->getAssertion()->getIssuer()) { + $message = 'Assertion element must have an issuer element'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + if (false == $this->idpEntityDescriptorProvider->has($context->getAssertion()->getIssuer()->getValue())) { + $message = sprintf("Unknown issuer '%s'", $context->getAssertion()->getIssuer()->getValue()); + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, [ + 'messageIssuer' => $context->getAssertion()->getIssuer()->getValue(), + ])); + throw new LightSamlContextException($context, $message); + } + + $this->logger->debug( + sprintf('Known assertion issuer: "%s"', $context->getAssertion()->getIssuer()->getValue()), + LogHelper::getActionContext($context, $this) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/RecipientValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/RecipientValidatorAction.php new file mode 100644 index 0000000..3fd8bfc --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/RecipientValidatorAction.php @@ -0,0 +1,73 @@ +endpointResolver = $endpointResolver; + } + + /** + * @return void + */ + protected function doExecute(AssertionContext $context) + { + if ($context->getAssertion()->getAllAuthnStatements() && $context->getAssertion()->hasBearerSubject()) { + $this->validateBearerAssertion($context); + } + } + + protected function validateBearerAssertion(AssertionContext $context) + { + foreach ($context->getAssertion()->getSubject()->getBearerConfirmations() as $subjectConfirmation) { + $this->validateSubjectConfirmation($context, $subjectConfirmation); + } + } + + protected function validateSubjectConfirmation(AssertionContext $context, SubjectConfirmation $subjectConfirmation) + { + $recipient = $subjectConfirmation->getSubjectConfirmationData()->getRecipient(); + if (null == $recipient) { + $message = 'Bearer SubjectConfirmation must contain Recipient attribute'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + $criteriaSet = new CriteriaSet([ + new DescriptorTypeCriteria(SpSsoDescriptor::class), + new ServiceTypeCriteria(AssertionConsumerService::class), + new LocationCriteria($recipient), + ]); + $ownEntityDescriptor = $context->getProfileContext()->getOwnEntityDescriptor(); + $arrEndpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints()); + + if (empty($arrEndpoints)) { + $message = sprintf("Recipient '%s' does not match SP descriptor", $recipient); + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, [ + 'recipient' => $recipient, + ])); + throw new LightSamlContextException($context, $message); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/RepeatedIdValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/RepeatedIdValidatorAction.php new file mode 100644 index 0000000..768032a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/RepeatedIdValidatorAction.php @@ -0,0 +1,119 @@ +. + */ +class RepeatedIdValidatorAction extends AbstractAssertionAction +{ + /** @var IdStoreInterface */ + protected $idStore; + + public function __construct(LoggerInterface $logger, IdStoreInterface $idStore) + { + parent::__construct($logger); + + $this->idStore = $idStore; + } + + /** + * @return void + */ + protected function doExecute(AssertionContext $context) + { + if ($context->getAssertion()->hasBearerSubject()) { + $this->validateBearerAssertion($context); + } + } + + /** + * @throws \LightSaml\Error\LightSamlContextException + */ + protected function validateBearerAssertion(AssertionContext $context) + { + if (null == $context->getAssertion()->getId()) { + $message = 'Bearer Assertion must have ID attribute'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + if (null == $context->getAssertion()->getIssuer()) { + $message = 'Bearer Assertion must have Issuer element'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + if ($this->idStore->has($context->getAssertion()->getIssuer()->getValue(), $context->getAssertion()->getId())) { + $message = sprintf( + "Repeated assertion id '%s' of issuer '%s'", + $context->getAssertion()->getId(), + $context->getAssertion()->getIssuer()->getValue() + ); + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, [ + 'id' => $context->getAssertion()->getId(), + 'issuer' => $context->getAssertion()->getIssuer()->getValue(), + ])); + throw new LightSamlContextException($context, $message); + } + + $this->idStore->set( + $context->getAssertion()->getIssuer()->getValue(), + $context->getAssertion()->getId(), + $this->getIdExpiryTime($context) + ); + } + + /** + * @throws \LogicException + * @throws \LightSaml\Error\LightSamlValidationException + * + * @return \DateTime + */ + protected function getIdExpiryTime(AssertionContext $context) + { + /** @var \DateTime $result */ + $result = null; + $bearerConfirmations = $context->getAssertion()->getSubject()->getBearerConfirmations(); + if (null == $bearerConfirmations) { + throw new \LogicException('Bearer assertion must have bearer subject confirmations'); + } + + foreach ($bearerConfirmations as $subjectConfirmation) { + if (null == $subjectConfirmation->getSubjectConfirmationData()) { + $message = 'Bearer SubjectConfirmation must have SubjectConfirmationData element'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + $dt = $subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfterDateTime(); + if (null == $dt) { + $message = 'Bearer SubjectConfirmation must have NotOnOrAfter attribute'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + if (null == $result || $result->getTimestamp() < $dt->getTimestamp()) { + $result = $dt; + } + } + + if (null == $result) { + $message = 'Unable to find NotOnOrAfter attribute in bearer assertion'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/TimeValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/TimeValidatorAction.php new file mode 100644 index 0000000..be70c4c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Assertion/Inbound/TimeValidatorAction.php @@ -0,0 +1,49 @@ +assertionTimeValidator = $assertionTimeValidator; + $this->timeProvider = $timeProvider; + $this->allowedSecondsSkew = $allowedSecondsSkew; + } + + /** + * @return void + */ + protected function doExecute(AssertionContext $context) + { + $this->assertionTimeValidator->validateTimeRestrictions( + $context->getAssertion(), + $this->timeProvider->getTimestamp(), + $this->allowedSecondsSkew + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CatchableErrorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CatchableErrorAction.php new file mode 100644 index 0000000..c2ecd45 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CatchableErrorAction.php @@ -0,0 +1,38 @@ +mainAction = $mainAction; + $this->errorAction = $errorAction; + } + + /** + * @return void + */ + public function execute(ContextInterface $context) + { + try { + $this->mainAction->execute($context); + } catch (\Exception $ex) { + /** @var ExceptionContext $exceptionContext */ + $exceptionContext = $context->getSubContext(ProfileContexts::EXCEPTION, ExceptionContext::class); + $exceptionContext->addException($ex); + + $this->errorAction->execute($context); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CompositeAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CompositeAction.php new file mode 100644 index 0000000..d851271 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CompositeAction.php @@ -0,0 +1,93 @@ +add($action); + } + } + + /** + * @return ActionInterface[] + */ + public function getChildren() + { + return $this->children; + } + + /** + * @return CompositeAction + */ + public function add(ActionInterface $action) + { + $this->children[] = $action; + + return $this; + } + + /** + * @param callable $callable + * + * @return ActionInterface|null + */ + public function map($callable) + { + foreach ($this->children as $k => $action) { + $newAction = call_user_func($callable, $action); + if ($newAction) { + $this->children[$k] = $newAction; + } + } + } + + /** + * @return void + */ + public function execute(ContextInterface $context) + { + foreach ($this->children as $action) { + $action->execute($context); + } + } + + /** + * @return array + */ + public function debugPrintTree() + { + $arr = []; + foreach ($this->children as $childAction) { + if ($childAction instanceof DebugPrintTreeActionInterface) { + $arr = array_merge($arr, $childAction->debugPrintTree()); + } else { + $arr = array_merge($arr, [get_class($childAction) => []]); + } + } + + $result = [ + static::class => $arr, + ]; + + return $result; + } + + /** + * @return string + */ + public function __toString() + { + return json_encode($this->debugPrintTree(), JSON_PRETTY_PRINT); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CompositeActionInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CompositeActionInterface.php new file mode 100644 index 0000000..d6bd6bc --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/CompositeActionInterface.php @@ -0,0 +1,18 @@ +eventDispatcher = $eventDispatcher; + } + + /** + * @return void + */ + public function execute(ContextInterface $context) + { + $this->eventDispatcher->dispatch(new ActionOccurred($context)); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/LoggableAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/LoggableAction.php new file mode 100644 index 0000000..2487f20 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/LoggableAction.php @@ -0,0 +1,33 @@ +logger = $logger; + } + + protected function beforeAction(ContextInterface $context) + { + $this->logger->debug(sprintf('Executing action "%s"', get_class($this->action)), [ + 'context' => $context, + 'action' => $this->action, + ]); + } + + protected function afterAction(ContextInterface $context) + { + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/NullAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/NullAction.php new file mode 100644 index 0000000..0463ed0 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/NullAction.php @@ -0,0 +1,16 @@ +logger = $logger; + } + + /** + * @return void + */ + public function execute(ContextInterface $context) + { + if ($context instanceof ProfileContext) { + $this->doExecute($context); + } else { + $message = sprintf('Expected ProfileContext but got %s', get_class($context)); + $this->logger->emergency($message, ['context' => $context]); + throw new LightSamlContextException($context, $message); + } + } + + abstract protected function doExecute(ProfileContext $context); +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Entity/SerializeOwnEntityAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Entity/SerializeOwnEntityAction.php new file mode 100644 index 0000000..ab7a3fe --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Entity/SerializeOwnEntityAction.php @@ -0,0 +1,43 @@ +getOwnEntityDescriptor(); + + /** @var SerializationContext $serializationContext */ + $serializationContext = $context->getSubContext(ProfileContexts::SERIALIZATION, SerializationContext::class); + $serializationContext->getDocument()->formatOutput = true; + + $ownEntityDescriptor->serialize($serializationContext->getDocument(), $serializationContext); + + $xml = $serializationContext->getDocument()->saveXML(); + + $response = new Response($xml); + + $contentType = 'text/xml'; + $acceptableContentTypes = array_flip($context->getHttpRequest()->getAcceptableContentTypes()); + foreach ($this->supportedContextTypes as $supportedContentType) { + if (isset($acceptableContentTypes[$supportedContentType])) { + $contentType = $supportedContentType; + break; + } + } + + $response->headers->replace(['Content-Type' => $contentType]); + + $context->getHttpResponseContext()->setResponse($response); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/FlushRequestStatesAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/FlushRequestStatesAction.php new file mode 100644 index 0000000..add3ee4 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/FlushRequestStatesAction.php @@ -0,0 +1,64 @@ +requestStore = $requestStore; + } + + /** + * @return void + */ + protected function doExecute(ProfileContext $context) + { + $this->flush($context->getInboundContext()->getSubContext(ProfileContexts::REQUEST_STATE, null)); + foreach ($context as $child) { + if ($child instanceof AssertionContext) { + $this->flush($child->getSubContext(ProfileContexts::REQUEST_STATE, null)); + } + } + } + + /** + * @param ContextInterface|null $requestStateContext + */ + protected function flush($requestStateContext = null) + { + if ( + $requestStateContext instanceof RequestStateContext && + $requestStateContext->getRequestState() && + $requestStateContext->getRequestState()->getId() + ) { + $existed = $this->requestStore->remove($requestStateContext->getRequestState()->getId()); + + if ($existed) { + $this->logger->debug( + sprintf('Removed request state "%s"', $requestStateContext->getRequestState()->getId()), + LogHelper::getActionContext($requestStateContext, $this) + ); + } else { + $this->logger->warning( + sprintf('Request state "%s" does not exist', $requestStateContext->getRequestState()->getId()), + LogHelper::getActionContext($requestStateContext, $this) + ); + } + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/AbstractDestinationValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/AbstractDestinationValidatorAction.php new file mode 100644 index 0000000..e45b176 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/AbstractDestinationValidatorAction.php @@ -0,0 +1,72 @@ +endpointResolver = $endpointResolver; + } + + /** + * @return void + */ + protected function doExecute(ProfileContext $context) + { + $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); + $destination = $message->getDestination(); + + if (null == $destination) { + return; + } + + $criteriaSet = $this->getCriteriaSet($context, $destination); + $endpoints = $this->endpointResolver->resolve($criteriaSet, $context->getOwnEntityDescriptor()->getAllEndpoints()); + + if ($endpoints) { + return; + } + + $message = sprintf('Invalid inbound message destination "%s"', $destination); + $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + /** + * @param string $location + * + * @return CriteriaSet + */ + protected function getCriteriaSet(ProfileContext $context, $location) + { + $criteriaSet = new CriteriaSet([ + new DescriptorTypeCriteria( + ProfileContext::ROLE_IDP === $context->getOwnRole() + ? IdpSsoDescriptor::class + : SpSsoDescriptor::class + ), + new LocationCriteria($location), + ]); + + return $criteriaSet; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/AssertBindingTypeAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/AssertBindingTypeAction.php new file mode 100644 index 0000000..cced033 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/AssertBindingTypeAction.php @@ -0,0 +1,42 @@ +expectedBindingTypes = $expectedBindingTypes; + } + + protected function doExecute(ProfileContext $context) + { + if (false === in_array($context->getInboundContext()->getBindingType(), $this->expectedBindingTypes)) { + $message = sprintf( + 'Unexpected binding type "%s" - expected binding types are: %s', + $context->getInboundContext()->getBindingType(), + implode(' ', $this->expectedBindingTypes) + ); + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, [ + 'actualBindingType' => $context->getInboundContext()->getBindingType(), + 'expectedBindingTypes' => $this->expectedBindingTypes, + ])); + + throw new LightSamlContextException($context, $message); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/DestinationValidatorAuthnRequestAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/DestinationValidatorAuthnRequestAction.php new file mode 100644 index 0000000..be52fa2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/DestinationValidatorAuthnRequestAction.php @@ -0,0 +1,25 @@ +add(new ServiceTypeCriteria(SingleSignOnService::class)); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/DestinationValidatorResponseAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/DestinationValidatorResponseAction.php new file mode 100644 index 0000000..9f89f5c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/DestinationValidatorResponseAction.php @@ -0,0 +1,25 @@ +add(new ServiceTypeCriteria(AssertionConsumerService::class)); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/EntityIdFromMessageIssuerAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/EntityIdFromMessageIssuerAction.php new file mode 100644 index 0000000..3c9d9f2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/EntityIdFromMessageIssuerAction.php @@ -0,0 +1,21 @@ +getInboundContext()); + if (null == $message->getIssuer()) { + throw new LightSamlContextException($context, 'Inbound messages does not have Issuer'); + } + + $context->getPartyEntityContext()->setEntityId($message->getIssuer()->getValue()); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/IssuerValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/IssuerValidatorAction.php new file mode 100644 index 0000000..77eef53 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/IssuerValidatorAction.php @@ -0,0 +1,67 @@ +nameIdValidator = $nameIdValidator; + $this->allowedFormat = $allowedFormat; + } + + /** + * @return void + */ + protected function doExecute(ProfileContext $context) + { + $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); + + if (false == $message->getIssuer()) { + $message = 'Inbound message must have Issuer element'; + $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + if ( + $this->allowedFormat && + $message->getIssuer()->getValue() && + $message->getIssuer()->getFormat() && + $message->getIssuer()->getFormat() != $this->allowedFormat + ) { + $message = sprintf( + "Response Issuer Format if set must have value '%s' but it was '%s'", + $this->allowedFormat, + $message->getIssuer()->getFormat() + ); + $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + try { + $this->nameIdValidator->validateNameId($message->getIssuer()); + } catch (LightSamlValidationException $ex) { + throw new LightSamlContextException($context, $ex->getMessage(), 0, $ex); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/MessageSignatureValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/MessageSignatureValidatorAction.php new file mode 100644 index 0000000..973f913 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/MessageSignatureValidatorAction.php @@ -0,0 +1,67 @@ +signatureValidator = $signatureValidator; + } + + /** + * @return void + */ + protected function doExecute(ProfileContext $context) + { + $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); + + $signature = $message->getSignature(); + if (null === $signature) { + $this->logger->debug('Message is not signed', LogHelper::getActionContext($context, $this)); + + return; + } + + if ($signature instanceof AbstractSignatureReader) { + $metadataType = ProfileContext::ROLE_IDP === $context->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP; + $credential = $this->signatureValidator->validate($signature, $message->getIssuer()->getValue(), $metadataType); + if ($credential) { + $keyNames = $credential->getKeyNames(); + $this->logger->debug( + sprintf('Message signature validated with key "%s"', implode(', ', $keyNames)), + LogHelper::getActionContext($context, $this, [ + 'credential' => $credential, + ]) + ); + } else { + $this->logger->warning( + 'Signature verification was not performed', + LogHelper::getActionContext($context, $this) + ); + } + } else { + $message = 'Expected AbstractSignatureReader'; + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlModelException($message); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/ReceiveMessageAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/ReceiveMessageAction.php new file mode 100644 index 0000000..b1a834a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/ReceiveMessageAction.php @@ -0,0 +1,53 @@ +bindingFactory = $bindingFactory; + } + + /** + * @return void + */ + protected function doExecute(ProfileContext $context) + { + $bindingType = $this->bindingFactory->detectBindingType($context->getHttpRequest()); + if (null == $bindingType) { + $message = 'Unable to resolve binding type, invalid or unsupported http request'; + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlBindingException($message); + } + + $this->logger->debug(sprintf('Detected binding type: %s', $bindingType), LogHelper::getActionContext($context, $this)); + + $binding = $this->bindingFactory->create($bindingType); + $binding->receive($context->getHttpRequest(), $context->getInboundContext()); + $context->getInboundContext()->setBindingType($bindingType); + + $this->logger->info( + 'Received message', + LogHelper::getActionContext($context, $this, [ + 'message' => $context->getInboundContext()->getDeserializationContext()->getDocument()->saveXML(), + ]) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/ResolvePartyEntityIdAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/ResolvePartyEntityIdAction.php new file mode 100644 index 0000000..5bb7ec2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Message/ResolvePartyEntityIdAction.php @@ -0,0 +1,109 @@ +spEntityDescriptorProvider = $spEntityDescriptorProvider; + $this->idpEntityDescriptorProvider = $idpEntityDescriptorProvider; + $this->trustOptionsProvider = $trustOptionsProvider; + } + + protected function doExecute(ProfileContext $context) + { + $partyContext = $context->getPartyEntityContext(); + + if ($partyContext->getEntityDescriptor() && $partyContext->getTrustOptions()) { + $this->logger->debug( + sprintf('Party EntityDescriptor and TrustOptions already set for "%s"', $partyContext->getEntityDescriptor()->getEntityID()), + LogHelper::getActionContext($context, $this, [ + 'partyEntityId' => $partyContext->getEntityDescriptor()->getEntityID(), + ]) + ); + + return; + } + + $entityId = $partyContext->getEntityDescriptor() ? $partyContext->getEntityDescriptor()->getEntityID() : null; + $entityId = $entityId ? $entityId : $partyContext->getEntityId(); + if (null == $entityId) { + $message = 'EntityID is not set in the party context'; + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + if (null == $partyContext->getEntityDescriptor()) { + $partyEntityDescriptor = $this->getPartyEntityDescriptor( + $context, + ProfileContext::ROLE_IDP === $context->getOwnRole() + ? $this->spEntityDescriptorProvider + : $this->idpEntityDescriptorProvider, + $context->getPartyEntityContext()->getEntityId() + ); + $partyContext->setEntityDescriptor($partyEntityDescriptor); + $this->logger->debug( + sprintf('Known issuer resolved: "%s"', $partyEntityDescriptor->getEntityID()), + LogHelper::getActionContext($context, $this, [ + 'partyEntityId' => $partyEntityDescriptor->getEntityID(), + ]) + ); + } + + if (null == $partyContext->getTrustOptions()) { + $trustOptions = $this->trustOptionsProvider->get($partyContext->getEntityDescriptor()->getEntityID()); + if (null === $trustOptions) { + $trustOptions = new TrustOptions(); + } + $partyContext->setTrustOptions($trustOptions); + } + } + + /** + * @param string $entityId + * + * @return \LightSaml\Model\Metadata\EntityDescriptor + */ + protected function getPartyEntityDescriptor( + ProfileContext $context, + EntityDescriptorStoreInterface $entityDescriptorProvider, + $entityId + ) { + $partyEntityDescriptor = $entityDescriptorProvider->get($entityId); + if (null === $partyEntityDescriptor) { + $message = sprintf("Unknown issuer '%s'", $entityId); + $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + return $partyEntityDescriptor; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/AssertionAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/AssertionAction.php new file mode 100644 index 0000000..4d8f260 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/AssertionAction.php @@ -0,0 +1,62 @@ +assertionAction = $assertionAction; + } + + protected function doExecute(ProfileContext $context) + { + $response = MessageContextHelper::asResponse($context->getInboundContext()); + + foreach ($response->getAllAssertions() as $index => $assertion) { + $name = sprintf('assertion_%s', $index); + /** @var AssertionContext $assertionContext */ + $assertionContext = $context->getSubContext($name, AssertionContext::class); + $assertionContext + ->setAssertion($assertion) + ->setId($name) + ; + + $this->assertionAction->execute($assertionContext); + } + } + + /** + * @param int $depth + * + * @return array + */ + public function debugPrintTree($depth = 0) + { + $arr = []; + if ($this->assertionAction instanceof DebugPrintTreeActionInterface) { + $arr = array_merge($arr, $this->assertionAction->debugPrintTree()); + } else { + $arr[get_class($this->assertionAction)] = []; + } + + $result = [ + static::class => $arr, + ]; + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/DecryptAssertionsAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/DecryptAssertionsAction.php new file mode 100644 index 0000000..3a63cd8 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/DecryptAssertionsAction.php @@ -0,0 +1,90 @@ +credentialResolver = $credentialResolver; + } + + protected function doExecute(ProfileContext $context) + { + $response = MessageContextHelper::asResponse($context->getInboundContext()); + + if (0 === count($response->getAllEncryptedAssertions())) { + $this->logger->debug('Response has no encrypted assertions', LogHelper::getActionContext($context, $this)); + + return; + } + + $ownEntityDescriptor = $context->getOwnEntityDescriptor(); + + $query = $this->credentialResolver->query(); + $query + ->add(new EntityIdCriteria($ownEntityDescriptor->getEntityID())) + ->add(new MetadataCriteria( + ProfileContext::ROLE_IDP === $context->getOwnRole() + ? MetadataCriteria::TYPE_IDP + : MetadataCriteria::TYPE_SP, + SamlConstants::PROTOCOL_SAML2 + )) + ->add(new UsageCriteria(UsageType::ENCRYPTION)) + ; + $query->resolve(); + $privateKeys = $query->getPrivateKeys(); + if (empty($privateKeys)) { + $message = 'No credentials resolved for assertion decryption'; + $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + $this->logger->info('Trusted decryption candidates', LogHelper::getActionContext($context, $this, [ + 'credentials' => array_map(function (CredentialInterface $credential) { + return sprintf( + "Entity: '%s'; PK X509 Thumb: '%s'", + $credential->getEntityId(), + $credential->getPublicKey() ? $credential->getPublicKey()->getX509Thumbprint() : '' + ); + }, $privateKeys), + ])); + + foreach ($response->getAllEncryptedAssertions() as $index => $encryptedAssertion) { + if ($encryptedAssertion instanceof EncryptedAssertionReader) { + $name = sprintf('assertion_encrypted_%s', $index); + /** @var DeserializationContext $deserializationContext */ + $deserializationContext = $context->getInboundContext()->getSubContext($name, DeserializationContext::class); + $assertion = $encryptedAssertion->decryptMultiAssertion($privateKeys, $deserializationContext); + $response->addAssertion($assertion); + + $this->logger->info( + 'Assertion decrypted', + LogHelper::getActionContext($context, $this, [ + 'assertion' => $deserializationContext->getDocument()->saveXML(), + ]) + ); + } + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasAssertionsValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasAssertionsValidatorAction.php new file mode 100644 index 0000000..fe90706 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasAssertionsValidatorAction.php @@ -0,0 +1,25 @@ +getInboundContext()); + + if ($response->getAllAssertions()) { + return; + } + + $message = 'Response must contain at least one assertion'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasAuthnStatementValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasAuthnStatementValidatorAction.php new file mode 100644 index 0000000..ac2f296 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasAuthnStatementValidatorAction.php @@ -0,0 +1,27 @@ +getInboundContext()); + + foreach ($response->getAllAssertions() as $assertion) { + if ($assertion->getAllAuthnStatements()) { + return; + } + } + + $message = 'Response must have at least one Assertion containing AuthnStatement element'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasBearerAssertionsValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasBearerAssertionsValidatorAction.php new file mode 100644 index 0000000..8aeeb90 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/HasBearerAssertionsValidatorAction.php @@ -0,0 +1,25 @@ +getInboundContext()); + + if ($response->getBearerAssertions()) { + return; + } + + $message = 'Response must contain at least one bearer assertion'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/SpSsoStateAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/SpSsoStateAction.php new file mode 100644 index 0000000..8b2bb9f --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/Response/SpSsoStateAction.php @@ -0,0 +1,33 @@ +sessionProcessor = $sessionProcessor; + } + + protected function doExecute(ProfileContext $context) + { + $response = MessageContextHelper::asResponse($context->getInboundContext()); + + $this->sessionProcessor->processAssertions( + $response->getAllAssertions(), + $context->getOwnEntityDescriptor()->getEntityID(), + $context->getPartyEntityDescriptor()->getEntityID() + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/StatusResponse/InResponseToValidatorAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/StatusResponse/InResponseToValidatorAction.php new file mode 100644 index 0000000..6abf3e5 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/StatusResponse/InResponseToValidatorAction.php @@ -0,0 +1,56 @@ +requestStore = $requestStore; + } + + protected function doExecute(ProfileContext $context) + { + $response = MessageContextHelper::asStatusResponse($context->getInboundContext()); + $inResponseTo = $response->getInResponseTo(); + if ($inResponseTo) { + $requestState = $this->requestStore->get($inResponseTo); + if (null == $requestState) { + $message = sprintf("Unknown InResponseTo '%s'", $inResponseTo); + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, [ + 'in_response_to' => $inResponseTo, + ])); + throw new LightSamlContextException($context, $message); + } + $sentToParty = $requestState->getParameters()->get(RequestStateParameters::PARTY); + if ($sentToParty && $response->getIssuer() && $response->getIssuer()->getValue() != $sentToParty) { + $message = sprintf('AuthnRequest with id "%s" sent to party "%s" but StatusResponse for that request issued by party "%s"', $inResponseTo, $sentToParty, $response->getIssuer()->getValue()); + $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, [ + 'sent_to' => $sentToParty, + 'received_from' => $response->getIssuer()->getValue(), + ])); + throw new LightSamlContextException($context, $message); + } + + /** @var RequestStateContext $requestStateContext */ + $requestStateContext = $context->getInboundContext()->getSubContext(ProfileContexts::REQUEST_STATE, RequestStateContext::class); + $requestStateContext->setRequestState($requestState); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/StatusResponse/StatusAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/StatusResponse/StatusAction.php new file mode 100644 index 0000000..4cc75d4 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Inbound/StatusResponse/StatusAction.php @@ -0,0 +1,41 @@ +getInboundContext()); + + if ($statusResponse->getStatus() && $statusResponse->getStatus()->isSuccess()) { + return; + } + + if (null == $statusResponse->getStatus()) { + $message = 'Status response does not have Status set'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + $status = $statusResponse->getStatus()->getStatusCode()->getValue(); + $status .= "\n" . $statusResponse->getStatus()->getStatusMessage(); + if ($statusResponse->getStatus()->getStatusCode()->getStatusCode()) { + $status .= "\n" . $statusResponse->getStatus()->getStatusCode()->getStatusCode()->getValue(); + } + + $message = 'Unsuccessful SAML response: ' . $status; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, ['status' => $status])); + throw new LightSamlAuthenticationException($statusResponse, $message); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/AuthnRequest/ACSUrlAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/AuthnRequest/ACSUrlAction.php new file mode 100644 index 0000000..0efd7a4 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/AuthnRequest/ACSUrlAction.php @@ -0,0 +1,53 @@ +endpointResolver = $endpointResolver; + } + + protected function doExecute(ProfileContext $context) + { + $ownEntityDescriptor = $context->getOwnEntityDescriptor(); + + $criteriaSet = new CriteriaSet([ + new DescriptorTypeCriteria(SpSsoDescriptor::class), + new ServiceTypeCriteria(AssertionConsumerService::class), + new BindingCriteria([SamlConstants::BINDING_SAML2_HTTP_POST]), + ]); + + $endpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints()); + if (empty($endpoints)) { + $message = 'Missing ACS Service with HTTP POST binding in own SP SSO Descriptor'; + $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + MessageContextHelper::asAuthnRequest($context->getOutboundContext()) + ->setAssertionConsumerServiceURL($endpoints[0]->getEndpoint()->getLocation()); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/AuthnRequest/CreateAuthnRequestAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/AuthnRequest/CreateAuthnRequestAction.php new file mode 100644 index 0000000..6a1e46c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/AuthnRequest/CreateAuthnRequestAction.php @@ -0,0 +1,18 @@ +getOutboundContext()->setMessage(new AuthnRequest()); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/CreateMessageIssuerAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/CreateMessageIssuerAction.php new file mode 100644 index 0000000..71ddba2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/CreateMessageIssuerAction.php @@ -0,0 +1,35 @@ +getOwnEntityDescriptor(); + + $issuer = new Issuer($ownEntityDescriptor->getEntityID()); + $issuer->setFormat(SamlConstants::NAME_ID_FORMAT_ENTITY); + + MessageContextHelper::asSamlMessage($context->getOutboundContext()) + ->setIssuer($issuer); + + $this->logger->debug( + sprintf('Issuer set to "%s"', $ownEntityDescriptor->getEntityID()), + LogHelper::getActionContext($context, $this) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/DestinationAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/DestinationAction.php new file mode 100644 index 0000000..ec79d57 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/DestinationAction.php @@ -0,0 +1,30 @@ +getEndpoint(); + + MessageContextHelper::asSamlMessage($context->getOutboundContext()) + ->setDestination($endpoint->getLocation()); + + $this->logger->debug( + sprintf('Destination set to "%s"', $endpoint->getLocation()), + LogHelper::getActionContext($context, $this) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ForwardRelayStateAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ForwardRelayStateAction.php new file mode 100644 index 0000000..bfc7df9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ForwardRelayStateAction.php @@ -0,0 +1,23 @@ +getInboundContext()->getMessage()) { + return; + } + + if ($context->getInboundMessage()->getRelayState()) { + $this->logger->debug(sprintf('Forwarding relay state from inbound message: "%s"', $context->getInboundMessage()->getRelayState())); + $context->getOutboundMessage()->setRelayState( + $context->getInboundMessage()->getRelayState() + ); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageIdAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageIdAction.php new file mode 100644 index 0000000..1bc91ca --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageIdAction.php @@ -0,0 +1,27 @@ +getOutboundContext()) + ->setId($id); + + $this->logger->info( + sprintf('Message ID set to "%s"', $id), + LogHelper::getActionContext($context, $this, ['message_id' => $id]) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageIssueInstantAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageIssueInstantAction.php new file mode 100644 index 0000000..e77239c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageIssueInstantAction.php @@ -0,0 +1,40 @@ +timeProvider = $timeProvider; + } + + /** + * @return void + */ + protected function doExecute(ProfileContext $context) + { + MessageContextHelper::asSamlMessage($context->getOutboundContext()) + ->setIssueInstant($this->timeProvider->getTimestamp()); + + $this->logger->info( + sprintf('Message IssueInstant set to "%s"', MessageContextHelper::asSamlMessage($context->getOutboundContext())->getIssueInstantString()), + LogHelper::getActionContext($context, $this) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageVersionAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageVersionAction.php new file mode 100644 index 0000000..3c9d760 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/MessageVersionAction.php @@ -0,0 +1,42 @@ +version = $version; + } + + /** + * @return void + */ + protected function doExecute(ProfileContext $context) + { + MessageContextHelper::asSamlMessage($context->getOutboundContext()) + ->setVersion($this->version); + + $this->logger->debug( + sprintf('Message Version set to "%s"', $this->version), + LogHelper::getActionContext($context, $this) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointBaseAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointBaseAction.php new file mode 100644 index 0000000..418c28d --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointBaseAction.php @@ -0,0 +1,149 @@ +endpointResolver = $endpointResolver; + } + + protected function doExecute(ProfileContext $context) + { + if ($context->getEndpointContext()->getEndpoint()) { + $this->logger->debug( + sprintf( + 'Endpoint already set with location "%s" and binding "%s"', + $context->getEndpoint()->getLocation(), + $context->getEndpoint()->getBinding() + ), + LogHelper::getActionContext($context, $this, [ + 'endpointLocation' => $context->getEndpoint()->getLocation(), + 'endpointBinding' => $context->getEndpoint()->getBinding(), + ]) + ); + + return; + } + + $criteriaSet = $this->getCriteriaSet($context); + + $message = $context->getInboundContext()->getMessage(); + if ($message instanceof AuthnRequest) { + if (null !== $message->getAssertionConsumerServiceIndex()) { + $criteriaSet->add(new IndexCriteria($message->getAssertionConsumerServiceIndex())); + } + if (null !== $message->getAssertionConsumerServiceURL()) { + $criteriaSet->add(new LocationCriteria($message->getAssertionConsumerServiceURL())); + } + } + + $candidates = $this->endpointResolver->resolve($criteriaSet, $context->getPartyEntityDescriptor()->getAllEndpoints()); + /** @var EndpointReference $endpointReference */ + $endpointReference = array_shift($candidates); + + if (null == $endpointReference) { + $message = sprintf( + "Unable to determine endpoint for entity '%s'", + $context->getPartyEntityDescriptor()->getEntityID() + ); + $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); + throw new LightSamlContextException($context, $message); + } + + $this->logger->debug( + sprintf( + 'Endpoint resolved to location "%s" and binding "%s"', + $endpointReference->getEndpoint()->getLocation(), + $endpointReference->getEndpoint()->getBinding() + ), + LogHelper::getActionContext($context, $this, [ + 'endpointLocation' => $endpointReference->getEndpoint()->getLocation(), + 'endpointBinding' => $endpointReference->getEndpoint()->getBinding(), + ]) + ); + + $context->getEndpointContext()->setEndpoint($endpointReference->getEndpoint()); + } + + /** + * @return CriteriaSet + */ + protected function getCriteriaSet(ProfileContext $context) + { + $criteriaSet = new CriteriaSet(); + + $bindings = $this->getBindings($context); + if ($bindings) { + $criteriaSet->add(new BindingCriteria($bindings)); + } + + $descriptorType = $this->getDescriptorType($context); + if ($descriptorType) { + $criteriaSet->add(new DescriptorTypeCriteria($descriptorType)); + } + + $serviceType = $this->getServiceType($context); + if ($serviceType) { + $criteriaSet->add(new ServiceTypeCriteria($serviceType)); + } + + return $criteriaSet; + } + + /** + * @return string[] + */ + protected function getBindings(ProfileContext $context) + { + return [ + SamlConstants::BINDING_SAML2_HTTP_POST, + SamlConstants::BINDING_SAML2_HTTP_REDIRECT, + ]; + } + + /** + * @return string|null + */ + protected function getDescriptorType(ProfileContext $context) + { + return ProfileContext::ROLE_IDP == $context->getOwnRole() + ? SpSsoDescriptor::class + : IdpSsoDescriptor::class; + } + + /** + * @return string|null + */ + protected function getServiceType(ProfileContext $context) + { + return; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointIdpSsoAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointIdpSsoAction.php new file mode 100644 index 0000000..f6cf000 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointIdpSsoAction.php @@ -0,0 +1,14 @@ +getLogoutSsoSessionState(); + $ownEntityId = $context->getOwnEntityDescriptor()->getEntityID(); + + if ($ssoSessionState->getIdpEntityId() == $ownEntityId) { + return SpSsoDescriptor::class; + } elseif ($ssoSessionState->getSpEntityId() == $ownEntityId) { + return IdpSsoDescriptor::class; + } else { + throw new LightSamlContextException($context, 'Unable to resolve logout target descriptor type'); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointSpAcsAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointSpAcsAction.php new file mode 100644 index 0000000..656d916 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/ResolveEndpointSpAcsAction.php @@ -0,0 +1,14 @@ +requestStore = $requestStore; + } + + protected function doExecute(ProfileContext $context) + { + $message = MessageContextHelper::asSamlMessage($context->getOutboundContext()); + + $state = new RequestState(); + $state->setId($message->getID()); + + $partyEntityId = $context->getPartyEntityContext() ? $context->getPartyEntityContext()->getEntityId() : ''; + if ($context->getPartyEntityContext() && $context->getPartyEntityContext()->getEntityDescriptor()) { + $partyEntityId = $context->getPartyEntityContext()->getEntityDescriptor()->getEntityID(); + } + + $state->getParameters()->add([ + RequestStateParameters::ID => $message->getID(), + RequestStateParameters::TYPE => get_class($message), + RequestStateParameters::TIMESTAMP => $message->getIssueInstantTimestamp(), + RequestStateParameters::PARTY => $partyEntityId, + RequestStateParameters::RELAY_STATE => $message->getRelayState(), + ]); + + if ($message instanceof LogoutRequest) { + $state->getParameters()->add([ + RequestStateParameters::NAME_ID => $message->getNameID()->getValue(), + RequestStateParameters::NAME_ID_FORMAT => $message->getNameID()->getFormat(), + RequestStateParameters::SESSION_INDEX => $message->getSessionIndex(), + ]); + } + + $this->requestStore->set($state); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SendMessageAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SendMessageAction.php new file mode 100644 index 0000000..a31d3c9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SendMessageAction.php @@ -0,0 +1,43 @@ +bindingFactory = $bindingFactory; + } + + /** + * @return void + */ + public function doExecute(ProfileContext $context) + { + $binding = $this->bindingFactory->create($context->getEndpoint()->getBinding()); + + $outboundContext = $context->getOutboundContext(); + + $context->getHttpResponseContext()->setResponse( + $binding->send($outboundContext) + ); + + $this->logger->info( + 'Sending message', + LogHelper::getActionContext($context, $this, [ + 'message' => $outboundContext->getSerializationContext()->getDocument()->saveXML(), + ]) + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SetRelayStateAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SetRelayStateAction.php new file mode 100644 index 0000000..d135a42 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SetRelayStateAction.php @@ -0,0 +1,23 @@ +getRelayState()) { + $this->logger->debug( + sprintf('RelayState from context set to outbound message: "%s"', $context->getRelayState()), + LogHelper::getActionContext($context, $this) + ); + MessageContextHelper::asSamlMessage($context->getOutboundContext()) + ->setRelayState($context->getRelayState()); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SignMessageAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SignMessageAction.php new file mode 100644 index 0000000..4070e38 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/Profile/Outbound/Message/SignMessageAction.php @@ -0,0 +1,78 @@ +signatureResolver = $signatureResolver; + } + + protected function doExecute(ProfileContext $context) + { + $shouldSign = $this->shouldSignMessage($context); + if ($shouldSign) { + $signature = $this->signatureResolver->getSignature($context); + if ($signature) { + MessageContextHelper::asSamlMessage($context->getOutboundContext()) + ->setSignature($signature) + ; + + $this->logger->debug( + sprintf('Message signed with fingerprint "%s"', $signature->getCertificate()->getFingerprint()), + LogHelper::getActionContext($context, $this, [ + 'certificate' => $signature->getCertificate()->getInfo(), + ]) + ); + } else { + $this->logger->critical( + 'No signature resolved, although signing enabled', + LogHelper::getActionErrorContext($context, $this, []) + ); + } + } else { + $this->logger->debug('Signing disabled', LogHelper::getActionContext($context, $this)); + } + } + + /** + * @return bool + */ + private function shouldSignMessage(ProfileContext $context) + { + $message = $context->getOutboundMessage(); + + if ($message instanceof LogoutRequest) { + return true; + } + + $trustOptions = $context->getTrustOptions(); + + if ($message instanceof AuthnRequest) { + return $trustOptions->getSignAuthnRequest(); + } elseif ($message instanceof Response) { + return $trustOptions->getSignResponse(); + } + + throw new \LogicException(sprintf('Unexpected message type "%s"', get_class($message))); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/WrappedAction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/WrappedAction.php new file mode 100644 index 0000000..8065b7e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Action/WrappedAction.php @@ -0,0 +1,32 @@ +action = $action; + } + + /** + * @return void + */ + public function execute(ContextInterface $context) + { + $this->beforeAction($context); + $this->action->execute($context); + $this->afterAction($context); + } + + abstract protected function beforeAction(ContextInterface $context); + + abstract protected function afterAction(ContextInterface $context); +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/AbstractBinding.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/AbstractBinding.php new file mode 100644 index 0000000..93e7d12 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/AbstractBinding.php @@ -0,0 +1,62 @@ +eventDispatcher = $eventDispatcher; + + return $this; + } + + /** + * @return EventDispatcherInterface|null + */ + public function getEventDispatcher() + { + return $this->eventDispatcher; + } + + /** + * @param string $messageString + */ + protected function dispatchReceive($messageString) + { + if ($this->eventDispatcher) { + $this->eventDispatcher->dispatch(new MessageReceived($messageString)); + } + } + + /** + * @param string $messageString + */ + protected function dispatchSend($messageString) + { + if ($this->eventDispatcher) { + $this->eventDispatcher->dispatch(new MessageSent($messageString)); + } + } + + /** + * @param string|null $destination + * + * @return \Symfony\Component\HttpFoundation\Response + */ + abstract public function send(MessageContext $context, $destination = null); + + abstract public function receive(Request $request, MessageContext $context); +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/BindingFactory.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/BindingFactory.php new file mode 100644 index 0000000..f64d69b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/BindingFactory.php @@ -0,0 +1,133 @@ +eventDispatcher = $eventDispatcher; + } + + /** + * @return BindingFactoryInterface + */ + public function setEventDispatcher(EventDispatcherInterface $eventDispatcher = null) + { + $this->eventDispatcher = $eventDispatcher; + + return $this; + } + + /** + * @return AbstractBinding + */ + public function getBindingByRequest(Request $request) + { + $bindingType = $this->detectBindingType($request); + + return $this->create($bindingType); + } + + /** + * @param string $bindingType + * + * @throws \LogicException + * @throws \LightSaml\Error\LightSamlBindingException + * + * @return AbstractBinding + */ + public function create($bindingType) + { + $result = null; + switch ($bindingType) { + case SamlConstants::BINDING_SAML2_HTTP_REDIRECT: + $result = new HttpRedirectBinding(); + break; + + case SamlConstants::BINDING_SAML2_HTTP_POST: + $result = new HttpPostBinding(); + break; + + case SamlConstants::BINDING_SAML2_HTTP_ARTIFACT: + throw new \LogicException('Artifact binding not implemented'); + case SamlConstants::BINDING_SAML2_SOAP: + throw new \LogicException('SOAP binding not implemented'); + } + + if ($result) { + $result->setEventDispatcher($this->eventDispatcher); + + return $result; + } + + throw new LightSamlBindingException(sprintf("Unknown binding type '%s'", $bindingType)); + } + + /** + * @return string|null + */ + public function detectBindingType(Request $request) + { + $requestMethod = trim(strtoupper($request->getMethod())); + if ('GET' == $requestMethod) { + return $this->processGET($request); + } elseif ('POST' == $requestMethod) { + return $this->processPOST($request); + } + + return null; + } + + /** + * @return string|null + */ + protected function processGET(Request $request) + { + $get = $request->query->all(); + if (array_key_exists('SAMLRequest', $get) || array_key_exists('SAMLResponse', $get)) { + return SamlConstants::BINDING_SAML2_HTTP_REDIRECT; + } elseif (array_key_exists('SAMLart', $get)) { + return SamlConstants::BINDING_SAML2_HTTP_ARTIFACT; + } + + return null; + } + + /** + * @return string|null + */ + protected function processPOST(Request $request) + { + $post = $request->request->all(); + if (array_key_exists('SAMLRequest', $post) || array_key_exists('SAMLResponse', $post)) { + return SamlConstants::BINDING_SAML2_HTTP_POST; + } elseif (array_key_exists('SAMLart', $post)) { + return SamlConstants::BINDING_SAML2_HTTP_ARTIFACT; + } else { + if ($contentType = $request->headers->get('CONTENT_TYPE')) { + // Remove charset + if (false !== $pos = strpos($contentType, ';')) { + $contentType = substr($contentType, 0, $pos); + } + + if ('text/xml' === $contentType) { + return SamlConstants::BINDING_SAML2_SOAP; + } + } + } + + return null; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/BindingFactoryInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/BindingFactoryInterface.php new file mode 100644 index 0000000..6c08804 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/BindingFactoryInterface.php @@ -0,0 +1,27 @@ +getDestination() ? $message->getDestination() : $destination; + + $serializationContext = $context->getSerializationContext(); + $message->serialize($serializationContext->getDocument(), $serializationContext); + $msgStr = $serializationContext->getDocument()->saveXML(); + + $this->dispatchSend($msgStr); + + $msgStr = base64_encode($msgStr); + + $type = $message instanceof AbstractRequest ? 'SAMLRequest' : 'SAMLResponse'; + + $data = [$type => $msgStr]; + if ($message->getRelayState()) { + $data['RelayState'] = $message->getRelayState(); + } + + $result = new SamlPostResponse($destination, $data); + $result->renderContent(); + + return $result; + } + + public function receive(Request $request, MessageContext $context) + { + $post = $request->request->all(); + if (array_key_exists('SAMLRequest', $post)) { + $msg = $post['SAMLRequest']; + } elseif (array_key_exists('SAMLResponse', $post)) { + $msg = $post['SAMLResponse']; + } else { + throw new LightSamlBindingException('Missing SAMLRequest or SAMLResponse parameter'); + } + + $msg = base64_decode($msg); + + $this->dispatchReceive($msg); + + $deserializationContext = $context->getDeserializationContext(); + $result = SamlMessage::fromXML($msg, $deserializationContext); + + if (array_key_exists('RelayState', $post)) { + $result->setRelayState($post['RelayState']); + } + + $context->setMessage($result); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/HttpRedirectBinding.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/HttpRedirectBinding.php new file mode 100644 index 0000000..4880afb --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/HttpRedirectBinding.php @@ -0,0 +1,277 @@ +getMessage()->getDestination() ? $context->getMessage()->getDestination() : $destination; + + $url = $this->getRedirectURL($context, $destination); + + return new RedirectResponse($url); + } + + public function receive(Request $request, MessageContext $context) + { + $data = $this->parseQuery($request); + + $this->processData($data, $context); + } + + /** + * @throws \Exception + */ + protected function processData(array $data, MessageContext $context) + { + $msg = $this->getMessageStringFromData($data); + $encoding = $this->getEncodingFromData($data); + $msg = $this->decodeMessageString($msg, $encoding); + + $this->dispatchReceive($msg); + + $deserializationContext = $context->getDeserializationContext(); + $message = SamlMessage::fromXML($msg, $deserializationContext); + + $this->loadRelayState($message, $data); + $this->loadSignature($message, $data); + + $context->setMessage($message); + } + + /** + * @return string + * + * @throws LightSamlBindingException + */ + protected function getMessageStringFromData(array $data) + { + if (array_key_exists('SAMLRequest', $data)) { + return $data['SAMLRequest']; + } elseif (array_key_exists('SAMLResponse', $data)) { + return $data['SAMLResponse']; + } else { + throw new LightSamlBindingException('Missing SAMLRequest or SAMLResponse parameter'); + } + } + + /** + * @return string + */ + protected function getEncodingFromData(array $data) + { + if (array_key_exists('SAMLEncoding', $data)) { + return $data['SAMLEncoding']; + } else { + return SamlConstants::ENCODING_DEFLATE; + } + } + + /** + * @param string $msg + * @param string $encoding + * + * @throws \LightSaml\Error\LightSamlBindingException + * + * @return string + */ + protected function decodeMessageString($msg, $encoding) + { + $msg = base64_decode($msg); + switch ($encoding) { + case SamlConstants::ENCODING_DEFLATE: + return gzinflate($msg); + break; + default: + throw new LightSamlBindingException(sprintf("Unknown encoding '%s'", $encoding)); + } + } + + protected function loadRelayState(SamlMessage $message, array $data) + { + if (array_key_exists('RelayState', $data)) { + $message->setRelayState($data['RelayState']); + } + } + + protected function loadSignature(SamlMessage $message, array $data) + { + if (array_key_exists('Signature', $data)) { + if (false == array_key_exists('SigAlg', $data)) { + throw new LightSamlBindingException('Missing signature algorithm'); + } + $message->setSignature( + new SignatureStringReader($data['Signature'], $data['SigAlg'], $data['SignedQuery']) + ); + } + } + + /** + * @param string|null $destination + * + * @return string + */ + protected function getRedirectURL(MessageContext $context, $destination) + { + $message = MessageContextHelper::asSamlMessage($context); + $signature = $message->getSignature(); + if ($signature && false == $signature instanceof SignatureWriter) { + throw new LightSamlBindingException('Signature must be SignatureWriter'); + } + + $xml = $this->getMessageEncodedXml($message, $context); + $msg = $this->addMessageToUrl($message, $xml); + $this->addRelayStateToUrl($msg, $message); + $this->addSignatureToUrl($msg, $signature); + + return $this->getDestinationUrl($msg, $message, $destination); + } + + /** + * @return string + */ + protected function getMessageEncodedXml(SamlMessage $message, MessageContext $context) + { + $message->setSignature(null); + + $serializationContext = $context->getSerializationContext(); + $message->serialize($serializationContext->getDocument(), $serializationContext); + $xml = $serializationContext->getDocument()->saveXML(); + + $this->dispatchSend($xml); + + $xml = gzdeflate($xml); + $xml = base64_encode($xml); + + return $xml; + } + + /** + * @param string $xml + * + * @return string + */ + protected function addMessageToUrl(SamlMessage $message, $xml) + { + if ($message instanceof AbstractRequest) { + $msg = 'SAMLRequest='; + } else { + $msg = 'SAMLResponse='; + } + $msg .= urlencode($xml); + + return $msg; + } + + /** + * @param string $msg + */ + protected function addRelayStateToUrl(&$msg, SamlMessage $message) + { + if (null !== $message->getRelayState()) { + $msg .= '&RelayState=' . urlencode($message->getRelayState()); + } + } + + /** + * @param string $msg + */ + protected function addSignatureToUrl(&$msg, SignatureWriter $signature = null) + { + /** @var $key XMLSecurityKey */ + $key = $signature ? $signature->getXmlSecurityKey() : null; + + if (null != $key) { + $msg .= '&SigAlg=' . urlencode($key->type); + $signature = $key->signData($msg); + $msg .= '&Signature=' . urlencode(base64_encode($signature)); + } + } + + /** + * @param string $msg + * @param string|null $destination + * + * @return string + */ + protected function getDestinationUrl($msg, SamlMessage $message, $destination) + { + $destination = $message->getDestination() ? $message->getDestination() : $destination; + if (false === strpos($destination, '?')) { + $destination .= '?' . $msg; + } else { + $destination .= '&' . $msg; + } + + return $destination; + } + + /** + * @return array + */ + protected function parseQuery(Request $request) + { + /* + * Parse the query string. We need to do this ourself, so that we get access + * to the raw (urlencoded) values. This is required because different software + * can urlencode to different values. + */ + $sigQuery = $relayState = $sigAlg = ''; + $data = $this->parseQueryString($request->server->get('QUERY_STRING')); + $result = []; + foreach ($data as $name => $value) { + $result[$name] = urldecode($value); + switch ($name) { + case 'SAMLRequest': + case 'SAMLResponse': + $sigQuery = $name . '=' . $value; + break; + case 'RelayState': + $relayState = '&RelayState=' . $value; + break; + case 'SigAlg': + $sigAlg = '&SigAlg=' . $value; + break; + } + } + $result['SignedQuery'] = $sigQuery . $relayState . $sigAlg; + + return $result; + } + + /** + * @param string $queryString + * @return array + */ + protected function parseQueryString($queryString) + { + $result = []; + foreach (explode('&', $queryString ?: '') as $e) { + $tmp = explode('=', $e, 2); + $name = $tmp[0]; + $value = 2 === count($tmp) ? $tmp[1] : ''; + $name = urldecode($name); + $result[$name] = $value; + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/SamlPostResponse.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/SamlPostResponse.php new file mode 100644 index 0000000..f27627a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Binding/SamlPostResponse.php @@ -0,0 +1,86 @@ +destination = $destination; + $this->data = $data; + } + + /** + * @return array + */ + public function getData() + { + return $this->data; + } + + /** + * @return string + */ + public function getDestination() + { + return $this->destination; + } + + public function renderContent() + { + $content = <<<'EOT' + + + + + POST data + + + + + +
+ + + %s + + + +
+ + +EOT; + $fields = ''; + foreach ($this->data as $name => $value) { + $fields .= sprintf( + '', + htmlspecialchars($name), + htmlspecialchars($value) + ); + } + + $content = sprintf($content, htmlspecialchars($this->destination ?? ''), $fields); + + $this->setContent($content); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/AbstractPimpleContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/AbstractPimpleContainer.php new file mode 100644 index 0000000..20bc620 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/AbstractPimpleContainer.php @@ -0,0 +1,24 @@ +pimple = $pimple; + } + + /** + * @return Container + */ + public function getPimple() + { + return $this->pimple; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/BuildContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/BuildContainer.php new file mode 100644 index 0000000..7891a79 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/BuildContainer.php @@ -0,0 +1,120 @@ +systemContainer) { + $this->systemContainer = new SystemContainer($this->pimple); + } + + return $this->systemContainer; + } + + /** + * @return PartyContainerInterface + */ + public function getPartyContainer() + { + if (null == $this->partyContainer) { + $this->partyContainer = new PartyContainer($this->pimple); + } + + return $this->partyContainer; + } + + /** + * @return StoreContainerInterface + */ + public function getStoreContainer() + { + if (null == $this->storeContainer) { + $this->storeContainer = new StoreContainer($this->pimple); + } + + return $this->storeContainer; + } + + /** + * @return ProviderContainerInterface + */ + public function getProviderContainer() + { + if (null == $this->providerContainer) { + $this->providerContainer = new ProviderContainer($this->pimple); + } + + return $this->providerContainer; + } + + /** + * @return CredentialContainerInterface + */ + public function getCredentialContainer() + { + if (null == $this->credentialContainer) { + $this->credentialContainer = new CredentialContainer($this->pimple); + } + + return $this->credentialContainer; + } + + /** + * @return ServiceContainerInterface + */ + public function getServiceContainer() + { + if (null == $this->serviceContainer) { + $this->serviceContainer = new ServiceContainer($this->pimple); + } + + return $this->serviceContainer; + } + + /** + * @return OwnContainerInterface + */ + public function getOwnContainer() + { + if (null == $this->ownContainer) { + $this->ownContainer = new OwnContainer($this->pimple); + } + + return $this->ownContainer; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/CredentialContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/CredentialContainer.php new file mode 100644 index 0000000..679ca2d --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/CredentialContainer.php @@ -0,0 +1,19 @@ +pimple[self::CREDENTIAL_STORE]; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/CredentialContainerProvider.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/CredentialContainerProvider.php new file mode 100644 index 0000000..023d5cb --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/CredentialContainerProvider.php @@ -0,0 +1,66 @@ +ownContainer = $ownContainer; + $this->partyContainer = $partyContainer; + } + + /** + * @return CredentialContainerProvider + */ + public function addExtraCredential(CredentialInterface $credential) + { + if (null === $credential->getEntityId()) { + throw new \InvalidArgumentException('Extra credential must have entityID'); + } + + $this->extraCredentials[] = $credential; + + return $this; + } + + /** + * @param Container $pimple A container instance + */ + public function register(Container $pimple) + { + $ownCredentials = $this->ownContainer->getOwnCredentials(); + if (empty($ownCredentials)) { + throw new LightSamlBuildException('There are no own credentials'); + } + + $pimple[CredentialContainer::CREDENTIAL_STORE] = function () { + $factory = new CredentialFactory(); + + return $factory->build( + $this->partyContainer->getIdpEntityDescriptorStore(), + $this->partyContainer->getSpEntityDescriptorStore(), + $this->ownContainer->getOwnCredentials(), + $this->extraCredentials + ); + }; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/OwnContainerProvider.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/OwnContainerProvider.php new file mode 100644 index 0000000..3718918 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/OwnContainerProvider.php @@ -0,0 +1,60 @@ +ownEntityDescriptorProvider = $ownEntityDescriptorProvider; + if ($ownCredentials) { + foreach ($ownCredentials as $credential) { + $this->addOwnCredential($credential); + } + } + } + + /** + * @return OwnContainerProvider + */ + public function addOwnCredential(CredentialInterface $credential) + { + if (null == $credential->getPrivateKey()) { + throw new LightSamlBuildException('Own credential must have private key'); + } + + $this->ownCredentials[] = $credential; + + return $this; + } + + /** + * @param Container $pimple A container instance + */ + public function register(Container $pimple) + { + $pimple[OwnContainer::OWN_CREDENTIALS] = function () { + return $this->ownCredentials; + }; + + $pimple[OwnContainer::OWN_ENTITY_DESCRIPTOR_PROVIDER] = function () { + return $this->ownEntityDescriptorProvider; + }; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/PartyContainerProvider.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/PartyContainerProvider.php new file mode 100644 index 0000000..4387dfb --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/PartyContainerProvider.php @@ -0,0 +1,31 @@ +credentialContainer = $credentialContainer; + $this->storeContainer = $storeContainer; + $this->systemContainer = $systemContainer; + } + + /** + * @param Container $pimple A container instance + */ + public function register(Container $pimple) + { + $pimple[ServiceContainer::NAME_ID_VALIDATOR] = function () { + return new NameIdValidator(); + }; + + $pimple[ServiceContainer::ASSERTION_TIME_VALIDATOR] = function () { + return new AssertionTimeValidator(); + }; + + $pimple[ServiceContainer::ASSERTION_VALIDATOR] = function (Container $c) { + $nameIdValidator = $c[ServiceContainer::NAME_ID_VALIDATOR]; + + return new AssertionValidator( + $nameIdValidator, + new SubjectValidator($nameIdValidator), + new StatementValidator() + ); + }; + + $pimple[ServiceContainer::ENDPOINT_RESOLVER] = function () { + return new CompositeEndpointResolver([ + new BindingEndpointResolver(), + new DescriptorTypeEndpointResolver(), + new ServiceTypeEndpointResolver(), + new IndexEndpointResolver(), + new LocationEndpointResolver(), + ]); + }; + + $pimple[ServiceContainer::BINDING_FACTORY] = function () { + return new BindingFactory($this->systemContainer->getEventDispatcher()); + }; + + $pimple[ServiceContainer::CREDENTIAL_RESOLVER] = function () { + $factory = new CredentialResolverFactory($this->credentialContainer->getCredentialStore()); + + return $factory->build(); + }; + + $pimple[ServiceContainer::SIGNATURE_RESOLVER] = function (Container $c) { + $credentialResolver = $c[ServiceContainer::CREDENTIAL_RESOLVER]; + + return new OwnSignatureResolver($credentialResolver); + }; + + $pimple[ServiceContainer::SIGNATURE_VALIDATOR] = function (Container $c) { + $credentialResolver = $c[ServiceContainer::CREDENTIAL_RESOLVER]; + + return new SignatureValidator($credentialResolver); + }; + + $pimple[ServiceContainer::SESSION_PROCESSOR] = function () { + return new SessionProcessor($this->storeContainer->getSsoStateStore(), $this->systemContainer->getTimeProvider()); + }; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/StoreContainerProvider.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/StoreContainerProvider.php new file mode 100644 index 0000000..57d78c9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/StoreContainerProvider.php @@ -0,0 +1,40 @@ +systemContainer = $systemContainer; + } + + /** + * @param Container $pimple A container instance + */ + public function register(Container $pimple) + { + $pimple[StoreContainer::REQUEST_STATE_STORE] = function () { + return new RequestStateSessionStore($this->systemContainer->getSession(), 'main'); + }; + + $pimple[StoreContainer::ID_STATE_STORE] = function () { + return new NullIdStore(); + }; + + $pimple[StoreContainer::SSO_STATE_STORE] = function () { + return new SsoStateSessionStore($this->systemContainer->getSession(), 'samlsso'); + }; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/SystemContainerProvider.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/SystemContainerProvider.php new file mode 100644 index 0000000..e470c6f --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/Factory/SystemContainerProvider.php @@ -0,0 +1,62 @@ +mockSession = $mockSession; + $this->eventDispatcher = $eventDispatcher; + } + + /** + * @param Container $pimple A container instance + */ + public function register(Container $pimple) + { + $pimple[SystemContainer::REQUEST] = function () { + return Request::createFromGlobals(); + }; + + $pimple[SystemContainer::SESSION] = function () { + if ($this->mockSession) { + $session = new Session(new MockArraySessionStorage()); + } else { + $session = new Session(); + } + $session->setName(sprintf('SID%s', mt_rand(1000, 9999))); + $session->start(); + + return $session; + }; + + $pimple[SystemContainer::TIME_PROVIDER] = function () { + return new SystemTimeProvider(); + }; + + $pimple[SystemContainer::EVENT_DISPATCHER] = function () { + return $this->eventDispatcher; + }; + + $pimple[SystemContainer::LOGGER] = function () { + return new NullLogger(); + }; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/OwnContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/OwnContainer.php new file mode 100644 index 0000000..540e118 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/OwnContainer.php @@ -0,0 +1,29 @@ +pimple[self::OWN_ENTITY_DESCRIPTOR_PROVIDER]; + } + + /** + * @return CredentialInterface[] + */ + public function getOwnCredentials() + { + return $this->pimple[self::OWN_CREDENTIALS]; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/PartyContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/PartyContainer.php new file mode 100644 index 0000000..c053923 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/PartyContainer.php @@ -0,0 +1,38 @@ +pimple[self::IDP_ENTITY_DESCRIPTOR]; + } + + /** + * @return EntityDescriptorStoreInterface + */ + public function getSpEntityDescriptorStore() + { + return $this->pimple[self::SP_ENTITY_DESCRIPTOR]; + } + + /** + * @return TrustOptionsStoreInterface + */ + public function getTrustOptionsStore() + { + return $this->pimple[self::TRUST_OPTIONS_STORE]; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/ProviderContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/ProviderContainer.php new file mode 100644 index 0000000..03a27af --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/ProviderContainer.php @@ -0,0 +1,52 @@ +pimple[self::ATTRIBUTE_VALUE_PROVIDER])) { + return $this->pimple[self::ATTRIBUTE_VALUE_PROVIDER]; + } + + throw new LightSamlBuildException('Attribute value provider not set'); + } + + /** + * @return SessionInfoProviderInterface + */ + public function getSessionInfoProvider() + { + if (isset($this->pimple[self::SESSION_INFO_PROVIDER])) { + return $this->pimple[self::SESSION_INFO_PROVIDER]; + } + + throw new LightSamlBuildException('Session info provider not set'); + } + + /** + * @return NameIdProviderInterface + */ + public function getNameIdProvider() + { + if (isset($this->pimple[self::NAME_ID_PROVIDER])) { + return $this->pimple[self::NAME_ID_PROVIDER]; + } + + throw new LightSamlBuildException('Name ID provider not set'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/ServiceContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/ServiceContainer.php new file mode 100644 index 0000000..998702a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/ServiceContainer.php @@ -0,0 +1,109 @@ +pimple[self::ASSERTION_VALIDATOR]; + } + + /** + * @return AssertionTimeValidator + */ + public function getAssertionTimeValidator() + { + return $this->pimple[self::ASSERTION_TIME_VALIDATOR]; + } + + /** + * @return SignatureResolverInterface + */ + public function getSignatureResolver() + { + return $this->pimple[self::SIGNATURE_RESOLVER]; + } + + /** + * @return EndpointResolverInterface + */ + public function getEndpointResolver() + { + return $this->pimple[self::ENDPOINT_RESOLVER]; + } + + /** + * @return NameIdValidatorInterface + */ + public function getNameIdValidator() + { + return $this->pimple[self::NAME_ID_VALIDATOR]; + } + + /** + * @return BindingFactoryInterface + */ + public function getBindingFactory() + { + return $this->pimple[self::BINDING_FACTORY]; + } + + /** + * @return SignatureValidatorInterface + */ + public function getSignatureValidator() + { + return $this->pimple[self::SIGNATURE_VALIDATOR]; + } + + /** + * @return CredentialResolverInterface + */ + public function getCredentialResolver() + { + return $this->pimple[self::CREDENTIAL_RESOLVER]; + } + + /** + * @return LogoutSessionResolverInterface + */ + public function getLogoutSessionResolver() + { + return $this->pimple[self::LOGOUT_SESSION_RESOLVER]; + } + + /** + * @return SessionProcessorInterface + */ + public function getSessionProcessor() + { + return $this->pimple[self::SESSION_PROCESSOR]; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/StoreContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/StoreContainer.php new file mode 100644 index 0000000..9f22518 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/StoreContainer.php @@ -0,0 +1,39 @@ +pimple[self::REQUEST_STATE_STORE]; + } + + /** + * @return IdStoreInterface + */ + public function getIdStateStore() + { + return $this->pimple[self::ID_STATE_STORE]; + } + + /** + * @return SsoStateStoreInterface + */ + public function getSsoStateStore() + { + return $this->pimple[self::SSO_STATE_STORE]; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/SystemContainer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/SystemContainer.php new file mode 100644 index 0000000..82c2224 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Bridge/Pimple/Container/SystemContainer.php @@ -0,0 +1,59 @@ +pimple[self::REQUEST]; + } + + /** + * @return SessionInterface + */ + public function getSession() + { + return $this->pimple[self::SESSION]; + } + + /** + * @return TimeProviderInterface + */ + public function getTimeProvider() + { + return $this->pimple[self::TIME_PROVIDER]; + } + + /** + * @return EventDispatcherInterface + */ + public function getEventDispatcher() + { + return $this->pimple[self::EVENT_DISPATCHER]; + } + + /** + * @return LoggerInterface + */ + public function getLogger() + { + return $this->pimple[self::LOGGER]; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Build/Container/BuildContainerInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Build/Container/BuildContainerInterface.php new file mode 100644 index 0000000..766ec9c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Build/Container/BuildContainerInterface.php @@ -0,0 +1,41 @@ + ActionInterface[]. + * + * @var array + */ + private $actions = []; + + /** @var int */ + protected $increaseStep = 5; + + /** @var int */ + private $biggestPriority = 0; + + /** + * @param int|bool $priority + * + * @return CompositeActionBuilder + */ + public function add(ActionInterface $action, $priority = false) + { + if (false === $priority) { + ++$this->biggestPriority; + $priority = $this->biggestPriority; + } elseif (false === is_int($priority)) { + throw new \InvalidArgumentException('Expected integer value for priority'); + } elseif ($priority > $this->biggestPriority) { + $this->biggestPriority = $priority; + } + + if (false === isset($this->actions[$priority])) { + $this->actions[$priority] = []; + } + $this->actions[$priority][] = $action; + + return $this; + } + + /** + * @return CompositeAction + */ + public function build() + { + $actions = $this->actions; + ksort($actions); + + $result = new CompositeAction(); + foreach ($actions as $arr) { + foreach ($arr as $action) { + $result->add($action); + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/AbstractProfileActionBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/AbstractProfileActionBuilder.php new file mode 100644 index 0000000..85f4a17 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/AbstractProfileActionBuilder.php @@ -0,0 +1,52 @@ +buildContainer = $buildContainer; + } + + /** + * @return void + */ + public function init() + { + if ($this->initialized) { + throw new LightSamlBuildException('Already initialized'); + } + + $this->doInitialize(); + + $this->initialized = true; + } + + /** + * @return void + */ + abstract protected function doInitialize(); + + /** + * @return \LightSaml\Action\ActionInterface + */ + public function build() + { + if (false === $this->initialized) { + $this->init(); + } + + return parent::build(); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/Metadata/MetadataActionBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/Metadata/MetadataActionBuilder.php new file mode 100644 index 0000000..1db7516 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/Metadata/MetadataActionBuilder.php @@ -0,0 +1,17 @@ +add(new SerializeOwnEntityAction($this->buildContainer->getSystemContainer()->getLogger()), 100); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpReceiveResponseActionBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpReceiveResponseActionBuilder.php new file mode 100644 index 0000000..47de197 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpReceiveResponseActionBuilder.php @@ -0,0 +1,114 @@ +assertionActionBuilder = $assertionActionBuilder; + } + + /** + * @return void + */ + protected function doInitialize() + { + // Receive + $this->add(new ReceiveMessageAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getBindingFactory() + ), 100); + $this->add(new AssertBindingTypeAction( + $this->buildContainer->getSystemContainer()->getLogger(), + [SamlConstants::BINDING_SAML2_HTTP_POST] + )); + + // Response validation + $this->add(new IssuerValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getNameIdValidator(), + SamlConstants::NAME_ID_FORMAT_ENTITY + ), 200); + $this->add(new EntityIdFromMessageIssuerAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new ResolvePartyEntityIdAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getPartyContainer()->getSpEntityDescriptorStore(), + $this->buildContainer->getPartyContainer()->getIdpEntityDescriptorStore(), + $this->buildContainer->getPartyContainer()->getTrustOptionsStore() + )); + $this->add(new InResponseToValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getStoreContainer()->getRequestStateStore() + )); + $this->add(new StatusAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new DestinationValidatorResponseAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getEndpointResolver() + )); + $this->add(new MessageSignatureValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getSignatureValidator() + )); + + $this->add(new DecryptAssertionsAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getCredentialResolver() + )); + + $this->add(new HasAssertionsValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new HasAuthnStatementValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new HasBearerAssertionsValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + + $this->add(new AssertionAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->assertionActionBuilder->build() + )); + + $this->add(new FlushRequestStatesAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getStoreContainer()->getRequestStateStore() + )); + + $this->add(new SpSsoStateAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getSessionProcessor() + )); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpSendAuthnRequestActionBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpSendAuthnRequestActionBuilder.php new file mode 100644 index 0000000..0f84169 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpSendAuthnRequestActionBuilder.php @@ -0,0 +1,73 @@ +add(new ResolveEndpointIdpSsoAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getEndpointResolver() + ), 100); + $this->add(new CreateAuthnRequestAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new SetRelayStateAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new MessageIdAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new MessageVersionAction( + $this->buildContainer->getSystemContainer()->getLogger(), + SamlConstants::VERSION_20 + )); + $this->add(new MessageIssueInstantAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getSystemContainer()->getTimeProvider() + )); + $this->add(new DestinationAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new CreateMessageIssuerAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $this->add(new SaveRequestStateAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getStoreContainer()->getRequestStateStore() + )); + $this->add(new DispatchEventAction( + $this->buildContainer->getSystemContainer()->getEventDispatcher() + )); + $this->add(new SignMessageAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getSignatureResolver() + )); + + // Send + $this->add(new SendMessageAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getBindingFactory() + ), 400); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpValidateAssertionActionBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpValidateAssertionActionBuilder.php new file mode 100644 index 0000000..49d5bff --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Action/Profile/SingleSignOn/Sp/SsoSpValidateAssertionActionBuilder.php @@ -0,0 +1,59 @@ +add(new AssertionValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getAssertionValidator() + ), 100); + $this->add(new AssertionIssuerFormatValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + SamlConstants::NAME_ID_FORMAT_ENTITY + )); + $this->add(new InResponseToValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getStoreContainer()->getRequestStateStore() + )); + $this->add(new KnownAssertionIssuerAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getPartyContainer()->getIdpEntityDescriptorStore() + )); + $this->add(new RecipientValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getEndpointResolver() + )); + $this->add(new RepeatedIdValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getStoreContainer()->getIdStateStore() + )); + $this->add(new TimeValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getAssertionTimeValidator(), + $this->buildContainer->getSystemContainer()->getTimeProvider(), + 120 + )); + $this->add(new AssertionSignatureValidatorAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getSignatureValidator(), + true + )); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Context/ProfileContextBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Context/ProfileContextBuilder.php new file mode 100644 index 0000000..c317dec --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Context/ProfileContextBuilder.php @@ -0,0 +1,125 @@ +request; + } + + /** + * @return ProfileContextBuilder + */ + public function setRequest(Request $request) + { + $this->request = $request; + + return $this; + } + + /** + * @return EntityDescriptorProviderInterface + */ + public function getOwnEntityDescriptorProvider() + { + return $this->ownEntityDescriptorProvider; + } + + /** + * @return ProfileContextBuilder + */ + public function setOwnEntityDescriptorProvider(EntityDescriptorProviderInterface $ownEntityDescriptorProvider) + { + $this->ownEntityDescriptorProvider = $ownEntityDescriptorProvider; + + return $this; + } + + /** + * @return int + */ + public function getProfileId() + { + return $this->profileId; + } + + /** + * @param int $profileId + * + * @return ProfileContextBuilder + */ + public function setProfileId($profileId) + { + $this->profileId = $profileId; + + return $this; + } + + /** + * @return string + */ + public function getProfileRole() + { + return $this->profileRole; + } + + /** + * @param string $profileRole + * + * @return ProfileContextBuilder + */ + public function setProfileRole($profileRole) + { + $this->profileRole = $profileRole; + + return $this; + } + + /** + * @return ProfileContext + */ + public function build() + { + if (null === $this->request) { + throw new LightSamlBuildException('HTTP Request not set'); + } + if (null === $this->ownEntityDescriptorProvider) { + throw new LightSamlBuildException('Own EntityDescriptor not set'); + } + if (null === $this->profileId) { + throw new LightSamlBuildException('ProfileID not set'); + } + if (null === $this->profileRole) { + throw new LightSamlBuildException('Profile role not set'); + } + + $result = new ProfileContext($this->profileId, $this->profileRole); + + $result->getHttpRequestContext()->setRequest($this->request); + $result->getOwnEntityContext()->setEntityDescriptor($this->ownEntityDescriptorProvider->get()); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/EntityDescriptor/SimpleEntityDescriptorBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/EntityDescriptor/SimpleEntityDescriptorBuilder.php new file mode 100644 index 0000000..f5ebfc0 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/EntityDescriptor/SimpleEntityDescriptorBuilder.php @@ -0,0 +1,167 @@ +entityId = $entityId; + $this->acsUrl = $acsUrl; + $this->ssoUrl = $ssoUrl; + $this->ownCertificate = $ownCertificate; + $this->acsBindings = $acsBindings; + $this->ssoBindings = $ssoBindings; + $this->use = $use; + } + + /** + * @return EntityDescriptor + */ + public function get() + { + if (null === $this->entityDescriptor) { + $this->entityDescriptor = $this->getEntityDescriptor(); + if (false === $this->entityDescriptor instanceof EntityDescriptor) { + throw new \LogicException('Expected EntityDescriptor'); + } + } + + return $this->entityDescriptor; + } + + /** + * @return EntityDescriptor + */ + protected function getEntityDescriptor() + { + $entityDescriptor = new EntityDescriptor(); + $entityDescriptor->setEntityID($this->entityId); + + $spSsoDescriptor = $this->getSpSsoDescriptor(); + if ($spSsoDescriptor) { + $entityDescriptor->addItem($spSsoDescriptor); + } + + $idpSsoDescriptor = $this->getIdpSsoDescriptor(); + if ($idpSsoDescriptor) { + $entityDescriptor->addItem($idpSsoDescriptor); + } + + return $entityDescriptor; + } + + /** + * @return SpSsoDescriptor|null + */ + protected function getSpSsoDescriptor() + { + if (null === $this->acsUrl) { + return null; + } + + $spSso = new SpSsoDescriptor(); + + foreach ($this->acsBindings as $index => $biding) { + $acs = new AssertionConsumerService(); + $acs->setIndex($index)->setLocation($this->acsUrl)->setBinding($biding); + $spSso->addAssertionConsumerService($acs); + } + + $this->addKeyDescriptors($spSso); + + return $spSso; + } + + /** + * @return IdpSsoDescriptor + */ + protected function getIdpSsoDescriptor() + { + if (null === $this->ssoUrl) { + return null; + } + + $idpSso = new IdpSsoDescriptor(); + + foreach ($this->ssoBindings as $index => $binding) { + $sso = new SingleSignOnService(); + $sso + ->setLocation($this->ssoUrl) + ->setBinding($binding); + $idpSso->addSingleSignOnService($sso); + } + + $this->addKeyDescriptors($idpSso); + + return $idpSso; + } + + protected function addKeyDescriptors(RoleDescriptor $descriptor) + { + if ($this->use) { + foreach ($this->use as $use) { + $kd = new KeyDescriptor(); + $kd->setUse($use); + $kd->setCertificate($this->ownCertificate); + + $descriptor->addKeyDescriptor($kd); + } + } else { + $kd = new KeyDescriptor(); + $kd->setCertificate($this->ownCertificate); + + $descriptor->addKeyDescriptor($kd); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/AbstractProfileBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/AbstractProfileBuilder.php new file mode 100644 index 0000000..332b958 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/AbstractProfileBuilder.php @@ -0,0 +1,56 @@ +container = $buildContainer; + } + + /** + * @return \LightSaml\Action\CompositeAction + */ + public function buildAction() + { + return $this->getActionBuilder()->build(); + } + + /** + * @return \LightSaml\Context\Profile\ProfileContext + */ + public function buildContext() + { + $builder = new ProfileContextBuilder(); + $builder + ->setProfileId($this->getProfileId()) + ->setRequest($this->container->getSystemContainer()->getRequest()) + ->setProfileRole($this->getProfileRole()) + ->setOwnEntityDescriptorProvider($this->container->getOwnContainer()->getOwnEntityDescriptorProvider()) + ; + + return $builder->build(); + } + + /** + * @return string + */ + abstract protected function getProfileId(); + + /** + * @return string + */ + abstract protected function getProfileRole(); + + /** + * @return \LightSaml\Builder\Action\ActionBuilderInterface + */ + abstract protected function getActionBuilder(); +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/Metadata/MetadataProfileBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/Metadata/MetadataProfileBuilder.php new file mode 100644 index 0000000..27c033b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/Metadata/MetadataProfileBuilder.php @@ -0,0 +1,35 @@ +container); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/ProfileBuilderInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/ProfileBuilderInterface.php new file mode 100644 index 0000000..18ea9ac --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/ProfileBuilderInterface.php @@ -0,0 +1,16 @@ +container, + new SsoSpValidateAssertionActionBuilder($this->container) + ); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/WebBrowserSso/Sp/SsoSpSendAuthnRequestProfileBuilder.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/WebBrowserSso/Sp/SsoSpSendAuthnRequestProfileBuilder.php new file mode 100644 index 0000000..f25d283 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/WebBrowserSso/Sp/SsoSpSendAuthnRequestProfileBuilder.php @@ -0,0 +1,85 @@ +idpEntityId = $idpEntityId; + } + + public function buildContext() + { + $result = parent::buildContext(); + + $idpEd = $this->container->getPartyContainer()->getIdpEntityDescriptorStore()->get($this->idpEntityId); + if (false == $idpEd) { + throw new \RuntimeException(sprintf('Unknown IDP "%s"', $this->idpEntityId)); + } + + $trustOptions = $this->getTrustOptions($idpEd); + + $result->getPartyEntityContext() + ->setEntityDescriptor($idpEd) + ->setTrustOptions($trustOptions) + ; + + return $result; + } + + /** + * @return string + */ + protected function getProfileId() + { + return Profiles::SSO_SP_SEND_AUTHN_REQUEST; + } + + /** + * @return string + */ + protected function getProfileRole() + { + return ProfileContext::ROLE_SP; + } + + /** + * @return \LightSaml\Builder\Action\ActionBuilderInterface + */ + protected function getActionBuilder() + { + return new SsoSpSendAuthnRequestActionBuilder($this->container); + } + + /** + * @return TrustOptions + */ + private function getTrustOptions(EntityDescriptor $idpEd) + { + $trustOptions = $this->container->getPartyContainer()->getTrustOptionsStore()->get($this->idpEntityId) ?: new TrustOptions(); + + $wantAuthnRequestsSigned = $idpEd->getFirstIdpSsoDescriptor()->getWantAuthnRequestsSigned(); + + if (null !== $wantAuthnRequestsSigned) { + $trustOptions->setSignAuthnRequest($wantAuthnRequestsSigned); + } + + return $trustOptions; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/WebBrowserSso/Sp/SsoSpSendAuthnRequestProfileBuilderFactory.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/WebBrowserSso/Sp/SsoSpSendAuthnRequestProfileBuilderFactory.php new file mode 100644 index 0000000..ba45607 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Builder/Profile/WebBrowserSso/Sp/SsoSpSendAuthnRequestProfileBuilderFactory.php @@ -0,0 +1,26 @@ +buildContainer = $buildContainer; + } + + /** + * @param string $idpEntityId + * + * @return SsoSpSendAuthnRequestProfileBuilder + */ + public function get($idpEntityId) + { + return new SsoSpSendAuthnRequestProfileBuilder($this->buildContainer, $idpEntityId); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/ClaimTypes.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/ClaimTypes.php new file mode 100644 index 0000000..fa03c61 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/ClaimTypes.php @@ -0,0 +1,22 @@ +parent; + } + + /** + * @return ContextInterface + */ + public function getTopParent() + { + if ($this->getParent()) { + return $this->getParent()->getTopParent(); + } + + return $this; + } + + /** + * @return ContextInterface + */ + public function setParent(ContextInterface $parent = null) + { + $this->parent = $parent; + + return $this; + } + + /** + * @param string $name + * @param string|null $class + * + * @return ContextInterface|null + */ + public function getSubContext($name, $class = null) + { + if (isset($this->subContexts[$name])) { + return $this->subContexts[$name]; + } + + if ($class) { + $result = $this->createSubContext($class); + $this->addSubContext($name, $result); + + return $result; + } + + return null; + } + + /** + * @param string $class + * @param bool $autoCreate + * + * @return ContextInterface|null + */ + public function getSubContextByClass($class, $autoCreate) + { + return $this->getSubContext($class, $autoCreate ? $class : null); + } + + /** + * @param string $name + * @param object|ContextInterface $subContext + * + * @return AbstractContext + */ + public function addSubContext($name, $subContext) + { + if (false === is_object($subContext)) { + throw new \InvalidArgumentException('Expected object or ContextInterface'); + } + + $existing = isset($this->subContexts[$name]) ? $this->subContexts[$name] : null; + if ($existing === $subContext) { + return $this; + } + + $this->subContexts[$name] = $subContext; + if ($subContext instanceof ContextInterface) { + $subContext->setParent($this); + } + + if ($existing instanceof ContextInterface) { + $existing->setParent(null); + } + + return $this; + } + + /** + * @param string $name + * + * @return ContextInterface + */ + public function removeSubContext($name) + { + $subContext = $this->getSubContext($name, false); + + if ($subContext) { + $subContext->setParent(null); + unset($this->subContexts[$name]); + } + + return $this; + } + + /** + * @param string $name + * + * @return bool + */ + public function containsSubContext($name) + { + return isset($this->subContexts[$name]); + } + + /** + * @return ContextInterface + */ + public function clearSubContexts() + { + foreach ($this->subContexts as $subContext) { + $subContext->setParent(null); + } + $this->subContexts = []; + + return $this; + } + + public function getIterator(): \ArrayIterator + { + return new \ArrayIterator($this->subContexts); + } + + /** + * @param string $ownName + * + * @return array + */ + public function debugPrintTree($ownName = 'root') + { + $result = [ + $ownName => static::class, + ]; + + if ($this->subContexts) { + $arr = []; + foreach ($this->subContexts as $name => $subContext) { + if ($subContext instanceof ContextInterface) { + $arr = array_merge($arr, $subContext->debugPrintTree($name)); + } else { + $arr = array_merge($arr, [$name => get_class($subContext)]); + } + } + $result[$ownName . '__children'] = $arr; + } + + return $result; + } + + /** + * @return string + */ + public function __toString() + { + return json_encode($this->debugPrintTree(), JSON_PRETTY_PRINT); + } + + /** + * @param string $path + * + * @return ContextInterface + */ + public function getPath($path) + { + if (is_string($path)) { + $path = explode('/', $path); + } elseif (false === is_array($path)) { + throw new \InvalidArgumentException('Expected string or array'); + } + + $name = array_shift($path); + $subContext = $this->getSubContext($name); + if (null == $subContext) { + return null; + } + + if (empty($path)) { + return $subContext; + } else { + return $subContext->getPath($path); + } + } + + /** + * @param string $class + * + * @return ContextInterface + */ + protected function createSubContext($class) + { + $result = new $class(); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/ContextInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/ContextInterface.php new file mode 100644 index 0000000..ede801b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/ContextInterface.php @@ -0,0 +1,76 @@ +getParent(); + } + + if ($result) { + return $result; + } + + throw new LightSamlContextException($this, 'Missing ProfileContext'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/AssertionContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/AssertionContext.php new file mode 100644 index 0000000..0d4a84e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/AssertionContext.php @@ -0,0 +1,78 @@ +id; + } + + /** + * @param string $id + * + * @return AssertionContext + */ + public function setId($id) + { + $this->id = $id; + + return $this; + } + + /** + * @return Assertion|null + */ + public function getAssertion() + { + return $this->assertion; + } + + /** + * @param Assertion $assertion + * + * @return AssertionContext + */ + public function setAssertion(Assertion $assertion = null) + { + $this->assertion = $assertion; + + return $this; + } + + /** + * @return EncryptedElement|null + */ + public function getEncryptedAssertion() + { + return $this->encryptedAssertion; + } + + /** + * @param EncryptedElement $encryptedAssertion + * + * @return AssertionContext + */ + public function setEncryptedAssertion(EncryptedElement $encryptedAssertion = null) + { + $this->encryptedAssertion = $encryptedAssertion; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/EndpointContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/EndpointContext.php new file mode 100644 index 0000000..d9c08e7 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/EndpointContext.php @@ -0,0 +1,29 @@ +endpoint; + } + + /** + * @return EndpointContext + */ + public function setEndpoint(Endpoint $endpoint) + { + $this->endpoint = $endpoint; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/EntityContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/EntityContext.php new file mode 100644 index 0000000..a4739e2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/EntityContext.php @@ -0,0 +1,74 @@ +entityId; + } + + /** + * @param string $entityId + * + * @return EntityContext + */ + public function setEntityId($entityId) + { + $this->entityId = $entityId; + + return $this; + } + + /** + * @return EntityDescriptor + */ + public function getEntityDescriptor() + { + return $this->entityDescriptor; + } + + /** + * @return EntityContext + */ + public function setEntityDescriptor(EntityDescriptor $entityDescriptor) + { + $this->entityDescriptor = $entityDescriptor; + + return $this; + } + + /** + * @return TrustOptions + */ + public function getTrustOptions() + { + return $this->trustOptions; + } + + /** + * @return EntityContext + */ + public function setTrustOptions(TrustOptions $trustOptions) + { + $this->trustOptions = $trustOptions; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ExceptionContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ExceptionContext.php new file mode 100644 index 0000000..5fff103 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ExceptionContext.php @@ -0,0 +1,65 @@ +exception = $exception; + } + + /** + * @return \Exception + */ + public function getException() + { + return $this->exception; + } + + /** + * @return \Exception|null + */ + public function getLastException() + { + if (null == $this->nextExceptionContext) { + return $this->exception; + } + + return $this->nextExceptionContext->getException(); + } + + /** + * @return ExceptionContext|null + */ + public function getNextExceptionContext() + { + return $this->nextExceptionContext; + } + + /** + * @return ExceptionContext + */ + public function addException(\Exception $exception) + { + if ($this->exception) { + if (null == $this->nextExceptionContext) { + $this->nextExceptionContext = new self($exception); + + return $this->nextExceptionContext; + } else { + return $this->nextExceptionContext->addException($exception); + } + } else { + $this->exception = $exception; + } + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/AssertionContextHelper.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/AssertionContextHelper.php new file mode 100644 index 0000000..69a559f --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/AssertionContextHelper.php @@ -0,0 +1,23 @@ +getEncryptedAssertion(); + if ($result instanceof EncryptedAssertionReader) { + return $result; + } + + throw new LightSamlContextException($context, 'Expected EncryptedAssertionReader'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/LogHelper.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/LogHelper.php new file mode 100644 index 0000000..31a7568 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/LogHelper.php @@ -0,0 +1,60 @@ +getTopParent(); + $result = []; + if ($topContext instanceof ProfileContext) { + $result['profile_id'] = $topContext->getProfileId(); + $result['own_role'] = $topContext->getOwnRole(); + } + if ($action) { + $result['action'] = get_class($action); + } + $result['top_context_id'] = spl_object_hash($topContext); + + if ($logWholeContext) { + $result['top_context'] = $topContext; + } + if ($extraData) { + $result = array_merge($result, $extraData); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/MessageContextHelper.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/MessageContextHelper.php new file mode 100644 index 0000000..35daa7a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/Helper/MessageContextHelper.php @@ -0,0 +1,106 @@ +getMessage(); + if ($message) { + return $message; + } + + throw new LightSamlContextException($context, 'Missing SamlMessage'); + } + + /** + * @return \LightSaml\Model\Protocol\AuthnRequest + */ + public static function asAuthnRequest(MessageContext $context) + { + $message = $context->getMessage(); + if ($message instanceof AuthnRequest) { + return $message; + } + + throw new LightSamlContextException($context, 'Expected AuthnRequest'); + } + + /** + * @return \LightSaml\Model\Protocol\AbstractRequest + */ + public static function asAbstractRequest(MessageContext $context) + { + $message = $context->getMessage(); + if ($message instanceof AbstractRequest) { + return $message; + } + + throw new LightSamlContextException($context, 'Expected AbstractRequest'); + } + + /** + * @return \LightSaml\Model\Protocol\Response + */ + public static function asResponse(MessageContext $context) + { + $message = $context->getMessage(); + if ($message instanceof Response) { + return $message; + } + + throw new LightSamlContextException($context, 'Expected Response'); + } + + /** + * @return \LightSaml\Model\Protocol\StatusResponse + */ + public static function asStatusResponse(MessageContext $context) + { + $message = $context->getMessage(); + if ($message instanceof StatusResponse) { + return $message; + } + + throw new LightSamlContextException($context, 'Expected StatusResponse'); + } + + /** + * @return \LightSaml\Model\Protocol\LogoutRequest + */ + public static function asLogoutRequest(MessageContext $context) + { + $message = $context->getMessage(); + if ($message instanceof LogoutRequest) { + return $message; + } + + throw new LightSamlContextException($context, 'Expected LogoutRequest'); + } + + /** + * @return \LightSaml\Model\Protocol\LogoutResponse + */ + public static function asLogoutResponse(MessageContext $context) + { + $message = $context->getMessage(); + if ($message instanceof LogoutResponse) { + return $message; + } + + throw new LightSamlContextException($context, 'Expected LogoutResponse'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/HttpRequestContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/HttpRequestContext.php new file mode 100644 index 0000000..13a8cc2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/HttpRequestContext.php @@ -0,0 +1,29 @@ +request; + } + + /** + * @return HttpRequestContext + */ + public function setRequest(Request $request) + { + $this->request = $request; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/HttpResponseContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/HttpResponseContext.php new file mode 100644 index 0000000..7567b22 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/HttpResponseContext.php @@ -0,0 +1,29 @@ +response; + } + + /** + * @return HttpResponseContext + */ + public function setResponse(Response $response) + { + $this->response = $response; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/LogoutContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/LogoutContext.php new file mode 100644 index 0000000..ff5dd2b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/LogoutContext.php @@ -0,0 +1,53 @@ +ssoSessionState; + } + + /** + * @return LogoutContext + */ + public function setSsoSessionState(SsoSessionState $ssoSessionState) + { + $this->ssoSessionState = $ssoSessionState; + $this->allSsoSessionsTerminated = false; + + return $this; + } + + /** + * @return bool + */ + public function areAllSsoSessionsTerminated() + { + return $this->allSsoSessionsTerminated; + } + + /** + * @param bool $allSsoSessionsTerminated + * + * @return LogoutContext + */ + public function setAllSsoSessionsTerminated($allSsoSessionsTerminated) + { + $this->allSsoSessionsTerminated = (bool) $allSsoSessionsTerminated; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/MessageContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/MessageContext.php new file mode 100644 index 0000000..0797c91 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/MessageContext.php @@ -0,0 +1,122 @@ +bindingType; + } + + /** + * @param string $bindingType + * + * @return MessageContext + */ + public function setBindingType($bindingType) + { + $this->bindingType = $bindingType; + + return $this; + } + + /** + * @return SamlMessage|null + */ + public function getMessage() + { + return $this->message; + } + + /** + * @return MessageContext + */ + public function setMessage(SamlMessage $message = null) + { + $this->message = $message; + + return $this; + } + + /** + * @return AuthnRequest|null + */ + public function asAuthnRequest() + { + if ($this->message instanceof AuthnRequest) { + return $this->message; + } + + return null; + } + + /** + * @return LogoutRequest|null + */ + public function asLogoutRequest() + { + if ($this->message instanceof LogoutRequest) { + return $this->message; + } + + return null; + } + + /** + * @return Response|null + */ + public function asResponse() + { + if ($this->message instanceof Response) { + return $this->message; + } + + return null; + } + + /** + * @return LogoutResponse|null + */ + public function asLogoutResponse() + { + if ($this->message instanceof LogoutResponse) { + return $this->message; + } + + return null; + } + + /** + * @return SerializationContext + */ + public function getSerializationContext() + { + return $this->getSubContext(ProfileContexts::SERIALIZATION, SerializationContext::class); + } + + /** + * @return DeserializationContext + */ + public function getDeserializationContext() + { + return $this->getSubContext(ProfileContexts::DESERIALIZATION, DeserializationContext::class); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ProfileContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ProfileContext.php new file mode 100644 index 0000000..7f33a51 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ProfileContext.php @@ -0,0 +1,232 @@ +profileId = $profileId; + $this->ownRole = $ownRole; + } + + /** + * @return string + */ + public function getProfileId() + { + return $this->profileId; + } + + /** + * @return string + */ + public function getOwnRole() + { + return $this->ownRole; + } + + /** + * @return string + */ + public function getRelayState() + { + return $this->relayState; + } + + /** + * @param string $relayState + * + * @return ProfileContext + */ + public function setRelayState($relayState) + { + $this->relayState = $relayState; + + return $this; + } + + /** + * @return MessageContext + */ + public function getInboundContext() + { + return $this->getSubContext(ProfileContexts::INBOUND_MESSAGE, MessageContext::class); + } + + /** + * @return MessageContext + */ + public function getOutboundContext() + { + return $this->getSubContext(ProfileContexts::OUTBOUND_MESSAGE, MessageContext::class); + } + + /** + * @return HttpRequestContext + */ + public function getHttpRequestContext() + { + return $this->getSubContext(ProfileContexts::HTTP_REQUEST, HttpRequestContext::class); + } + + /** + * @return HttpResponseContext + */ + public function getHttpResponseContext() + { + return $this->getSubContext(ProfileContexts::HTTP_RESPONSE, HttpResponseContext::class); + } + + /** + * @return EntityContext + */ + public function getOwnEntityContext() + { + return $this->getSubContext(ProfileContexts::OWN_ENTITY, EntityContext::class); + } + + /** + * @return EntityContext + */ + public function getPartyEntityContext() + { + return $this->getSubContext(ProfileContexts::PARTY_ENTITY, EntityContext::class); + } + + /** + * @return EndpointContext + */ + public function getEndpointContext() + { + return $this->getSubContext(ProfileContexts::ENDPOINT, EndpointContext::class); + } + + /** + * @return LogoutContext + */ + public function getLogoutContext() + { + return $this->getSubContext(ProfileContexts::LOGOUT, LogoutContext::class); + } + + /** + * @return \Symfony\Component\HttpFoundation\Request + */ + public function getHttpRequest() + { + $httpRequestContext = $this->getHttpRequestContext(); + if (null === $httpRequestContext->getRequest()) { + throw new LightSamlContextException($this, 'Missing Request in HTTP request context'); + } + + return $httpRequestContext->getRequest(); + } + + /** + * @return \LightSaml\Model\Protocol\SamlMessage + */ + public function getInboundMessage() + { + $inboundContext = $this->getInboundContext(); + if (null === $inboundContext->getMessage()) { + throw new LightSamlContextException($this, 'Missing message in inbound context'); + } + + return $inboundContext->getMessage(); + } + + /** + * @return \LightSaml\Model\Protocol\SamlMessage + */ + public function getOutboundMessage() + { + $outboundContext = $this->getOutboundContext(); + if (null === $outboundContext->getMessage()) { + throw new LightSamlContextException($this, 'Missing message in outbound context'); + } + + return $outboundContext->getMessage(); + } + + /** + * @return \LightSaml\Model\Metadata\Endpoint + */ + public function getEndpoint() + { + $endpointContext = $this->getEndpointContext(); + if (null === $endpointContext->getEndpoint()) { + throw new LightSamlContextException($this, 'Missing Endpoint in endpoint context'); + } + + return $endpointContext->getEndpoint(); + } + + /** + * @return \LightSaml\Model\Metadata\EntityDescriptor + */ + public function getOwnEntityDescriptor() + { + $ownEntityContext = $this->getOwnEntityContext(); + if (null === $ownEntityContext->getEntityDescriptor()) { + throw new LightSamlContextException($this, 'Missing EntityDescriptor in own entity context'); + } + + return $ownEntityContext->getEntityDescriptor(); + } + + /** + * @return \LightSaml\Model\Metadata\EntityDescriptor + */ + public function getPartyEntityDescriptor() + { + $partyEntityContext = $this->getPartyEntityContext(); + if (null === $partyEntityContext->getEntityDescriptor()) { + throw new LightSamlContextException($this, 'Missing EntityDescriptor in party entity context'); + } + + return $partyEntityContext->getEntityDescriptor(); + } + + /** + * @return \LightSaml\Meta\TrustOptions\TrustOptions + */ + public function getTrustOptions() + { + $partyEntityContext = $this->getPartyEntityContext(); + if (null === $partyEntityContext->getTrustOptions()) { + throw new LightSamlContextException($this, 'Missing TrustOptions in party entity context'); + } + + return $partyEntityContext->getTrustOptions(); + } + + public function getLogoutSsoSessionState() + { + $logoutContext = $this->getLogoutContext(); + if (null == $logoutContext->getSsoSessionState()) { + throw new LightSamlContextException($this, 'Missing SsoSessionState in logout context'); + } + + return $logoutContext->getSsoSessionState(); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ProfileContexts.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ProfileContexts.php new file mode 100644 index 0000000..8cfe628 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Context/Profile/ProfileContexts.php @@ -0,0 +1,19 @@ +requestState; + } + + /** + * @param RequestState $requestState + * + * @return RequestStateContext + */ + public function setRequestState($requestState) + { + $this->requestState = $requestState; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/AbstractCredential.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/AbstractCredential.php new file mode 100644 index 0000000..2a9c09d --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/AbstractCredential.php @@ -0,0 +1,190 @@ +credentialContext = new CredentialContextSet(); + } + + /** + * @return string + */ + public function getEntityId() + { + return $this->entityId; + } + + /** + * One of UsageType constants. + * + * @return string|null + */ + public function getUsageType() + { + return $this->usageType; + } + + /** + * @return string[] + */ + public function getKeyNames() + { + return $this->keyNames; + } + + /** + * @return XMLSecurityKey|null + */ + public function getPublicKey() + { + return $this->publicKey; + } + + /** + * @return XMLSecurityKey|null + */ + public function getPrivateKey() + { + return $this->privateKey; + } + + /** + * @return string|null + */ + public function getSecretKey() + { + return $this->secretKey; + } + + /** + * @return CredentialContextSet + */ + public function getCredentialContext() + { + return $this->credentialContext; + } + + /** + * @return AbstractCredential + */ + public function setCredentialContext(CredentialContextSet $credentialContext) + { + $this->credentialContext = $credentialContext; + + return $this; + } + + /** + * @param string $entityId + * + * @return AbstractCredential + */ + public function setEntityId($entityId) + { + $this->entityId = $entityId; + + return $this; + } + + /** + * @param string[] $keyNames + * + * @return AbstractCredential + */ + public function setKeyNames(array $keyNames) + { + $this->keyNames = $keyNames; + + return $this; + } + + /** + * @param string $keyName + * + * @return AbstractCredential + */ + public function addKeyName($keyName) + { + $keyName = trim($keyName); + if ($keyName) { + $this->keyNames[] = $keyName; + } + + return $this; + } + + /** + * @param XMLSecurityKey|null $privateKey + * + * @return AbstractCredential + */ + public function setPrivateKey(XMLSecurityKey $privateKey) + { + $this->privateKey = $privateKey; + + return $this; + } + + /** + * @param XMLSecurityKey|null $publicKey + * + * @return AbstractCredential + */ + public function setPublicKey(XMLSecurityKey $publicKey) + { + $this->publicKey = $publicKey; + + return $this; + } + + /** + * @param string|null $secretKey + * + * @return AbstractCredential + */ + public function setSecretKey($secretKey) + { + $this->secretKey = $secretKey; + + return $this; + } + + /** + * @param string $usageType + * + * @return AbstractCredential + */ + public function setUsageType($usageType) + { + $this->usageType = $usageType; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Context/CredentialContextInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Context/CredentialContextInterface.php new file mode 100644 index 0000000..a9e1adf --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Context/CredentialContextInterface.php @@ -0,0 +1,7 @@ +contexts[] = $context; + } + } + + /** + * @return CredentialContextInterface[] + */ + public function all() + { + return $this->contexts; + } + + /** + * @param string $class + * + * @return CredentialContextInterface|null + */ + public function get($class) + { + foreach ($this->contexts as $context) { + if (get_class($context) == $class || is_subclass_of($context, $class)) { + return $context; + } + } + + return null; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Context/MetadataCredentialContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Context/MetadataCredentialContext.php new file mode 100644 index 0000000..f399f16 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Context/MetadataCredentialContext.php @@ -0,0 +1,50 @@ +entityDescriptor = $entityDescriptor; + $this->keyDescriptor = $keyDescriptor; + $this->roleDescriptor = $roleDescriptor; + } + + /** + * @return EntityDescriptor + */ + public function getEntityDescriptor() + { + return $this->entityDescriptor; + } + + /** + * @return KeyDescriptor + */ + public function getKeyDescriptor() + { + return $this->keyDescriptor; + } + + /** + * @return RoleDescriptor + */ + public function getRoleDescriptor() + { + return $this->roleDescriptor; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/CredentialInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/CredentialInterface.php new file mode 100644 index 0000000..ff405a9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/CredentialInterface.php @@ -0,0 +1,46 @@ +algorithm = $algorithm; + } + + /** + * @return string + */ + public function getAlgorithm() + { + return $this->algorithm; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/CredentialNameCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/CredentialNameCriteria.php new file mode 100644 index 0000000..16cabd6 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/CredentialNameCriteria.php @@ -0,0 +1,25 @@ +name = $name; + } + + /** + * @return string + */ + public function getName() + { + return $this->name; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/EntityIdCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/EntityIdCriteria.php new file mode 100644 index 0000000..851c721 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/EntityIdCriteria.php @@ -0,0 +1,25 @@ +entityId = $entityId; + } + + /** + * @return string + */ + public function getEntityId() + { + return $this->entityId; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/MetadataCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/MetadataCriteria.php new file mode 100644 index 0000000..a140931 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/MetadataCriteria.php @@ -0,0 +1,43 @@ +metadataType = $metadataType; + $this->protocol = $protocol; + } + + /** + * @return string + */ + public function getProtocol() + { + return $this->protocol; + } + + /** + * @return string + */ + public function getMetadataType() + { + return $this->metadataType; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/PrivateKeyCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/PrivateKeyCriteria.php new file mode 100644 index 0000000..399cb87 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/PrivateKeyCriteria.php @@ -0,0 +1,7 @@ +thumbprint = $thumbprint; + } + + /** + * @return string + */ + public function getThumbprint() + { + return $this->thumbprint; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/TrustCriteriaInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/TrustCriteriaInterface.php new file mode 100644 index 0000000..86016d4 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/TrustCriteriaInterface.php @@ -0,0 +1,9 @@ +usage = $usage; + } + + /** + * @return string + */ + public function getUsage() + { + return $this->usage; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/X509CredentialCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/X509CredentialCriteria.php new file mode 100644 index 0000000..f1541e3 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/Criteria/X509CredentialCriteria.php @@ -0,0 +1,7 @@ + 'private']); + $result->passphrase = $passphrase; + $result->loadKey($key, $isFile, false); + + return $result; + } + + /** + * @return XMLSecurityKey + */ + public static function createPublicKey(X509Certificate $certificate) + { + if (null == $certificate->getSignatureAlgorithm()) { + throw new LightSamlSecurityException('Unrecognized certificate signature algorithm'); + } + $key = new XMLSecurityKey($certificate->getSignatureAlgorithm(), ['type' => 'public']); + $key->loadKey($certificate->toPem(), false, true); + + return $key; + } + + /** + * @param string $algorithm + * + * @throws \LightSaml\Error\LightSamlSecurityException + * @throws \InvalidArgumentException + * + * @return XMLSecurityKey + */ + public static function castKey(XMLSecurityKey $key, $algorithm) + { + if (false == is_string($algorithm)) { + throw new \InvalidArgumentException('Algorithm must be string'); + } + + // do nothing if algorithm is already the type of the key + if ($key->type === $algorithm) { + return $key; + } + + $keyInfo = openssl_pkey_get_details($key->key); + if (false === $keyInfo) { + throw new LightSamlSecurityException('Unable to get key details from XMLSecurityKey.'); + } + if (false == isset($keyInfo['key'])) { + throw new LightSamlSecurityException('Missing key in public key details.'); + } + + $newKey = new XMLSecurityKey($algorithm, ['type' => 'public']); + $newKey->loadKey($keyInfo['key']); + + return $newKey; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/UsageType.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/UsageType.php new file mode 100644 index 0000000..6963665 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/UsageType.php @@ -0,0 +1,12 @@ + XMLSecurityKey::RSA_SHA1, + 'RSA-SHA256' => XMLSecurityKey::RSA_SHA256, + 'RSA-SHA384' => XMLSecurityKey::RSA_SHA384, + 'RSA-SHA512' => XMLSecurityKey::RSA_SHA512, + ]; + + /** @var string */ + protected $data; + + /** @var array|null */ + protected $info; + + /** @var string */ + private $signatureAlgorithm; + + /** + * @param string $filename + * + * @return X509Certificate + */ + public static function fromFile($filename) + { + $result = new self(); + $result->loadFromFile($filename); + + return $result; + } + + /** + * @param string $data + * + * @return X509Certificate + */ + public function setData($data) + { + $this->data = preg_replace('/\s+/', '', $data); + $this->parse(); + + return $this; + } + + /** + * @return string + */ + public function getData() + { + return $this->data; + } + + /** + * @param string $data + * + * @return X509Certificate + * + * @throws \InvalidArgumentException + */ + public function loadPem($data) + { + $pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m'; + if (false == preg_match($pattern, $data, $matches)) { + throw new \InvalidArgumentException('Invalid PEM encoded certificate'); + } + $this->data = preg_replace('/\s+/', '', $matches[1]); + $this->parse(); + + return $this; + } + + /** + * @param string $filename + * + * @return X509Certificate + * + * @throws \InvalidArgumentException + */ + public function loadFromFile($filename) + { + if (!is_file($filename)) { + throw new \InvalidArgumentException(sprintf("File not found '%s'", $filename)); + } + $content = file_get_contents($filename); + $this->loadPem($content); + + return $this; + } + + /** + * @return string + */ + public function toPem() + { + $result = "-----BEGIN CERTIFICATE-----\n" . chunk_split($this->getData(), 64, "\n") . "-----END CERTIFICATE-----\n"; + + return $result; + } + + public function parse() + { + if (false == $this->data) { + throw new LightSamlException('Certificate data not set'); + } + + $res = openssl_x509_read($this->toPem()); + $this->info = openssl_x509_parse($res); + $this->signatureAlgorithm = null; + $signatureType = isset($this->info['signatureTypeSN']) ? $this->info['signatureTypeSN'] : ''; + if ($signatureType && isset(self::$typeMap[$signatureType])) { + $this->signatureAlgorithm = self::$typeMap[$signatureType]; + } else { + openssl_x509_export($res, $out, false); + if (preg_match('/^\s+Signature Algorithm:\s*(.*)\s*$/m', $out, $match)) { + switch ($match[1]) { + case 'sha1WithRSAEncryption': + case 'sha1WithRSA': + $this->signatureAlgorithm = XMLSecurityKey::RSA_SHA1; + break; + case 'sha256WithRSAEncryption': + case 'sha256WithRSA': + $this->signatureAlgorithm = XMLSecurityKey::RSA_SHA256; + break; + case 'sha384WithRSAEncryption': + case 'sha384WithRSA': + $this->signatureAlgorithm = XMLSecurityKey::RSA_SHA384; + break; + case 'sha512WithRSAEncryption': + case 'sha512WithRSA': + $this->signatureAlgorithm = XMLSecurityKey::RSA_SHA512; + break; + case 'md5WithRSAEncryption': + case 'md5WithRSA': + $this->signatureAlgorithm = SamlConstants::XMLDSIG_DIGEST_MD5; + break; + default: + } + } + } + + if (!$this->signatureAlgorithm) { + throw new LightSamlSecurityException('Unrecognized signature algorithm'); + } + } + + /** + * @return string + * + * @throws \LightSaml\Error\LightSamlException + */ + public function getName() + { + if (false == $this->info) { + throw new LightSamlException('Certificate data not set'); + } + + return $this->info['name']; + } + + /** + * @return string + * + * @throws \LightSaml\Error\LightSamlException + */ + public function getSubject() + { + if (false == $this->info) { + throw new LightSamlException('Certificate data not set'); + } + + return $this->info['subject']; + } + + /** + * @return array + * + * @throws \LightSaml\Error\LightSamlException + */ + public function getIssuer() + { + if (false == $this->info) { + throw new LightSamlException('Certificate data not set'); + } + + return $this->info['issuer']; + } + + /** + * @return int + * + * @throws \LightSaml\Error\LightSamlException + */ + public function getValidFromTimestamp() + { + if (false == $this->info) { + throw new LightSamlException('Certificate data not set'); + } + + return $this->info['validFrom_time_t']; + } + + /** + * @return int + * + * @throws \LightSaml\Error\LightSamlException + */ + public function getValidToTimestamp() + { + if (false == $this->info) { + throw new LightSamlException('Certificate data not set'); + } + + return $this->info['validTo_time_t']; + } + + /** + * @return array + * + * @throws \LightSaml\Error\LightSamlException + */ + public function getInfo() + { + if (false == $this->info) { + throw new LightSamlException('Certificate data not set'); + } + + return $this->info; + } + + /** + * @throws \LightSaml\Error\LightSamlException + * + * @return string + */ + public function getFingerprint() + { + if (false == $this->data) { + throw new LightSamlException('Certificate data not set'); + } + + return XMLSecurityKey::getRawThumbprint($this->toPem()); + } + + public function getSignatureAlgorithm() + { + if (false == $this->data) { + throw new LightSamlException('Certificate data not set'); + } + + return $this->signatureAlgorithm; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/X509Credential.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/X509Credential.php new file mode 100644 index 0000000..ffd29e7 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/X509Credential.php @@ -0,0 +1,36 @@ +certificate = $certificate; + + $this->setPublicKey(KeyHelper::createPublicKey($certificate)); + + $this->setKeyNames([$this->getCertificate()->getName()]); + + if ($privateKey) { + $this->setPrivateKey($privateKey); + } + } + + /** + * @return X509Certificate + */ + public function getCertificate() + { + return $this->certificate; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/X509CredentialInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/X509CredentialInterface.php new file mode 100644 index 0000000..6b399ea --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Credential/X509CredentialInterface.php @@ -0,0 +1,11 @@ +add($criterion); + } + } + + /** + * @return CriteriaSet + */ + public function add(CriteriaInterface $criteria) + { + $this->criterions[] = $criteria; + + return $this; + } + + /** + * @return CriteriaSet + */ + public function addIfNone(CriteriaInterface $criteria) + { + if (false == $this->has(get_class($criteria))) { + $this->add($criteria); + } + + return $this; + } + + /** + * @return CriteriaSet + */ + public function addAll(CriteriaSet $criteriaSet) + { + foreach ($criteriaSet->all() as $criteria) { + $this->add($criteria); + } + + return $this; + } + + /** + * @param mixed $condition + * @param callable $callback + * + * @return CriteriaSet + */ + public function addIf($condition, $callback) + { + if ($condition) { + $criteria = call_user_func($callback); + if ($criteria) { + $this->add($criteria); + } + } + + return $this; + } + + /** + * @return CriteriaInterface[]|array + */ + public function all() + { + return $this->criterions; + } + + /** + * @param string $class + * + * @return array|CriteriaInterface[] + */ + public function get($class) + { + $result = []; + foreach ($this->criterions as $criteria) { + if ($criteria instanceof $class) { + $result[] = $criteria; + } + } + + return $result; + } + + /** + * @param string $class + * + * @return CriteriaInterface|null + */ + public function getSingle($class) + { + foreach ($this->criterions as $criteria) { + if ($criteria instanceof $class) { + return $criteria; + } + } + + return null; + } + + /** + * @param string $class + * + * @return bool + */ + public function has($class) + { + foreach ($this->criterions as $criteria) { + if ($criteria instanceof $class) { + return true; + } + } + + return false; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlActionException.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlActionException.php new file mode 100644 index 0000000..1c4a56a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlActionException.php @@ -0,0 +1,7 @@ +response = $response; + } + + /** + * @return \LightSaml\Model\Protocol\Response + */ + public function getResponse() + { + return $this->response; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlBindingException.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlBindingException.php new file mode 100644 index 0000000..bbaed2b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlBindingException.php @@ -0,0 +1,7 @@ +context = $context; + } + + /** + * @return ContextInterface + */ + public function getContext() + { + return $this->context; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlException.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlException.php new file mode 100644 index 0000000..f4e147c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Error/LightSamlException.php @@ -0,0 +1,7 @@ +context = $context; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Event/MessageReceived.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Event/MessageReceived.php new file mode 100644 index 0000000..7c36782 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Event/MessageReceived.php @@ -0,0 +1,13 @@ +message = $message; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Event/MessageSent.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Event/MessageSent.php new file mode 100644 index 0000000..28a2a26 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Event/MessageSent.php @@ -0,0 +1,13 @@ +message = $message; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Helper.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Helper.php new file mode 100644 index 0000000..c12d602 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Helper.php @@ -0,0 +1,194 @@ +getTimestamp(); + } elseif (is_int($value)) { + return $value; + } else { + throw new \InvalidArgumentException(); + } + } + + /** + * @param string $time + * + * @return int + * + * @throws \InvalidArgumentException + */ + public static function parseSAMLTime($time) + { + $matches = []; + if ( + 0 == preg_match( + '/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d+)?(Z|[+-]\\d\\d:\\d\\d)$/D', + $time, + $matches + ) + ) { + throw new \InvalidArgumentException('Invalid SAML2 timestamp: ' . $time); + } + + return strtotime($time); + } + + /** + * @param int $length + * + * @return string + * + * @throws \InvalidArgumentException + */ + public static function generateRandomBytes($length) + { + $length = intval($length); + if ($length <= 0) { + throw new \InvalidArgumentException(); + } + + return random_bytes($length); + } + + /** + * @param string $bytes + * + * @return string + */ + public static function stringToHex($bytes) + { + return bin2hex($bytes); + } + + /** + * @return string + */ + public static function generateID() + { + return '_' . self::stringToHex(self::generateRandomBytes(21)); + } + + /** + * Is ID element at least 128 bits in length (SAML2.0 standard section 1.3.4). + * + * @param string $id + * + * @return bool + */ + public static function validateIdString($id) + { + return is_string($id) && strlen(trim($id)) >= 16; + } + + /** + * @param string $value + * + * @return bool + */ + public static function validateRequiredString($value) + { + return is_string($value) && strlen(trim($value)) > 0; + } + + /** + * @param string $value + * + * @return bool + */ + public static function validateOptionalString($value) + { + return null === $value || self::validateRequiredString($value); + } + + /** + * @param string $value + * + * @return bool + */ + public static function validateWellFormedUriString($value) + { + $value = trim((string)$value); + if ('' == $value || strlen($value) > 65520) { + return false; + } + + if (preg_match('|\s|', $value)) { + return false; + } + + $parts = parse_url($value); + if (isset($parts['scheme'])) { + if ($parts['scheme'] != rawurlencode($parts['scheme'])) { + return false; + } + } else { + return false; + } + + return true; + } + + /** + * @param int $notBefore + * @param int $now + * @param int $allowedSecondsSkew + * + * @return bool + */ + public static function validateNotBefore($notBefore, $now, $allowedSecondsSkew) + { + return null == $notBefore || (($notBefore - $allowedSecondsSkew) < $now); + } + + /** + * @param int $notOnOrAfter + * @param int $now + * @param int $allowedSecondsSkew + * + * @return bool + */ + public static function validateNotOnOrAfter($notOnOrAfter, $now, $allowedSecondsSkew) + { + return null == $notOnOrAfter || ($now < ($notOnOrAfter + $allowedSecondsSkew)); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/ParameterBag.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/ParameterBag.php new file mode 100644 index 0000000..8ec215b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/ParameterBag.php @@ -0,0 +1,141 @@ +parameters = $parameters; + } + + /** + * Returns the parameters. + * + * @return array An array of parameters + */ + public function all() + { + return $this->parameters; + } + + /** + * Returns the parameter keys. + * + * @return array An array of parameter keys + */ + public function keys() + { + return array_keys($this->parameters); + } + + /** + * Replaces the current parameters by a new set. + * + * @param array $parameters An array of parameters + */ + public function replace(array $parameters = []) + { + $this->parameters = $parameters; + } + + /** + * Adds parameters. + */ + public function add(array $parameters = []) + { + $this->parameters = array_replace($this->parameters, $parameters); + } + + /** + * Returns a parameter by name. + * + * @param string $key + * @param mixed $default + * + * @return mixed + */ + public function get($key, $default = null) + { + return array_key_exists($key, $this->parameters) ? $this->parameters[$key] : $default; + } + + /** + * Sets a parameter by name. + * + * @param string $key + * @param mixed $value + */ + public function set($key, $value) + { + $this->parameters[$key] = $value; + } + + /** + * Returns true if the parameter is defined. + * + * @param string $key + * + * @return bool true if the parameter exists, false otherwise + */ + public function has($key) + { + return array_key_exists($key, $this->parameters); + } + + /** + * Removes a parameter. + * + * @param string $key + */ + public function remove($key) + { + unset($this->parameters[$key]); + } + + public function getIterator(): \ArrayIterator + { + return new \ArrayIterator($this->parameters); + } + + public function count(): int + { + return count($this->parameters); + } + + /** + * @deprecated Since php 8.1. Use __serialize() instead + */ + public function serialize(): string + { + return serialize($this->__serialize()); + } + + public function __serialize(): array + { + return $this->parameters; + } + + /** + * @deprecated Since php 8.1. Use __unserialize() instead + */ + public function unserialize($serialized) + { + $this->__unserialize(unserialize($serialized)); + } + + public function __unserialize(array $serialized) + { + $this->parameters = $serialized; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/SigningOptions.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/SigningOptions.php new file mode 100644 index 0000000..243b24a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/SigningOptions.php @@ -0,0 +1,104 @@ +enabled = true; + $this->privateKey = $privateKey; + $this->certificate = $certificate; + $this->certificateOptions = new ParameterBag(); + } + + /** + * @return X509Certificate + */ + public function getCertificate() + { + return $this->certificate; + } + + /** + * @param X509Certificate $certificate + * + * @return SigningOptions + */ + public function setCertificate(X509Certificate $certificate = null) + { + $this->certificate = $certificate; + + return $this; + } + + /** + * @return XMLSecurityKey + */ + public function getPrivateKey() + { + return $this->privateKey; + } + + /** + * @param XMLSecurityKey $privateKey + * + * @return SigningOptions + */ + public function setPrivateKey(XMLSecurityKey $privateKey = null) + { + $this->privateKey = $privateKey; + + return $this; + } + + /** + * @return ParameterBag + */ + public function getCertificateOptions() + { + return $this->certificateOptions; + } + + /** + * @return bool + */ + public function isEnabled() + { + return $this->enabled; + } + + /** + * @param bool $enabled + * + * @return SigningOptions + */ + public function setEnabled($enabled) + { + $this->enabled = (bool) $enabled; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/TrustOptions/TrustOptions.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/TrustOptions/TrustOptions.php new file mode 100644 index 0000000..d48796a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Meta/TrustOptions/TrustOptions.php @@ -0,0 +1,193 @@ +encryptAssertions; + } + + /** + * @param bool $encryptAssertions + * + * @return TrustOptions + */ + public function setEncryptAssertions($encryptAssertions) + { + $this->encryptAssertions = (bool) $encryptAssertions; + + return $this; + } + + /** + * @return bool + */ + public function getEncryptAuthnRequest() + { + return $this->encryptAuthnRequest; + } + + /** + * @param bool $encryptAuthnRequest + * + * @return TrustOptions + */ + public function setEncryptAuthnRequest($encryptAuthnRequest) + { + $this->encryptAuthnRequest = (bool) $encryptAuthnRequest; + + return $this; + } + + /** + * @return bool + */ + public function getSignAssertions() + { + return $this->signAssertions; + } + + /** + * @param bool $signAssertions + * + * @return TrustOptions + */ + public function setSignAssertions($signAssertions) + { + $this->signAssertions = (bool) $signAssertions; + + return $this; + } + + /** + * @return bool + */ + public function getSignAuthnRequest() + { + return $this->signAuthnRequest; + } + + /** + * @param bool $signAuthnRequest + * + * @return TrustOptions + */ + public function setSignAuthnRequest($signAuthnRequest) + { + $this->signAuthnRequest = (bool) $signAuthnRequest; + + return $this; + } + + /** + * @return bool + */ + public function getSignResponse() + { + return $this->signResponse; + } + + /** + * @param bool $signResponse + * + * @return TrustOptions + */ + public function setSignResponse($signResponse) + { + $this->signResponse = (bool) $signResponse; + + return $this; + } + + /** + * @return string + */ + public function getSignatureDigestAlgorithm() + { + return $this->signatureDigestAlgorithm; + } + + /** + * @param string $signatureDigestAlgorithm + * + * @return TrustOptions + */ + public function setSignatureDigestAlgorithm($signatureDigestAlgorithm) + { + $this->signatureDigestAlgorithm = $signatureDigestAlgorithm; + + return $this; + } + + /** + * @return string + */ + public function getBlockEncryptionAlgorithm() + { + return $this->blockEncryptionAlgorithm; + } + + /** + * @param string $blockEncryptionAlgorithm + * + * @return TrustOptions + */ + public function setBlockEncryptionAlgorithm($blockEncryptionAlgorithm) + { + $this->blockEncryptionAlgorithm = $blockEncryptionAlgorithm; + + return $this; + } + + /** + * @return string + */ + public function getKeyTransportEncryptionAlgorithm() + { + return $this->keyTransportEncryptionAlgorithm; + } + + /** + * @param string $keyTransportEncryptionAlgorithm + * + * @return TrustOptions + */ + public function setKeyTransportEncryptionAlgorithm($keyTransportEncryptionAlgorithm) + { + $this->keyTransportEncryptionAlgorithm = $keyTransportEncryptionAlgorithm; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/AbstractSamlModel.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/AbstractSamlModel.php new file mode 100644 index 0000000..6379ffd --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/AbstractSamlModel.php @@ -0,0 +1,280 @@ +getDocument()->createElementNS($namespace, $name); + } else { + $result = $context->getDocument()->createElement($name); + } + $parent->appendChild($result); + + return $result; + } + + /** + * @param string $name + * @param string|null $namespace + * + * @throws \LogicException + */ + private function oneElementToXml($name, \DOMNode $parent, SerializationContext $context, $namespace = null) + { + $value = $this->getPropertyValue($name); + if (null == $value) { + return; + } + if ($value instanceof SamlElementInterface) { + $value->serialize($parent, $context); + } elseif (is_string($value)) { + if ($namespace) { + $node = $context->getDocument()->createElementNS($namespace, $name, $value); + } else { + $node = $context->getDocument()->createElement($name, $value); + } + $parent->appendChild($node); + } else { + throw new \LogicException(sprintf("Element '%s' must implement SamlElementInterface or be a string", $name)); + } + } + + /** + * @param array|string[] $names + * @param string|null $namespace + */ + protected function singleElementsToXml(array $names, \DOMNode $parent, SerializationContext $context, $namespace = null) + { + foreach ($names as $name) { + $this->oneElementToXml($name, $parent, $context, $namespace); + } + } + + /** + * @param array|null $value + * @param string|null $nodeName + * @param string|null $namespaceUri + * + * @throws \LogicException + */ + protected function manyElementsToXml($value, \DOMNode $node, SerializationContext $context, $nodeName = null, $namespaceUri = null) + { + if (false == $value) { + return; + } + + if (false == is_array($value)) { + throw new \LogicException('value must be array or null'); + } + + foreach ($value as $object) { + if ($object instanceof SamlElementInterface) { + if ($nodeName) { + throw new \LogicException('nodeName should not be specified when serializing array of SamlElementInterface'); + } + $object->serialize($node, $context); + } elseif ($nodeName) { + if ($namespaceUri) { + $child = $context->getDocument()->createElementNS($namespaceUri, $nodeName, (string) $object); + } else { + $child = $context->getDocument()->createElement($nodeName, (string) $object); + } + $node->appendChild($child); + } else { + throw new \LogicException('Can handle only array of AbstractSamlModel or strings with nodeName parameter specified'); + } + } + } + + /** + * @param string $nodeName + * @param string|null $namespacePrefix + * @param string $class + * @param string $methodName + * + * @throws \LogicException + */ + protected function manyElementsFromXml(\DOMElement $node, DeserializationContext $context, $nodeName, $namespacePrefix, $class, $methodName) + { + if ($namespacePrefix) { + $query = sprintf('%s:%s', $namespacePrefix, $nodeName); + } else { + $query = sprintf('%s', $nodeName); + } + + foreach ($context->getXpath()->query($query, $node) as $xml) { + /* @var \DOMElement $xml */ + if ($class) { + /** @var SamlElementInterface $object */ + $object = new $class(); + if (false == $object instanceof SamlElementInterface) { + throw new \LogicException(sprintf("Node '%s' class '%s' must implement SamlElementInterface", $nodeName, $class)); + } + $object->deserialize($xml, $context); + $this->{$methodName}($object); + } else { + $object = $xml->textContent; + $this->{$methodName}($object); + } + } + } + + /** + * @param string $name + * + * @throws \LogicException + * + * @return bool True if property value is not empty and attribute was set to the element + */ + protected function singleAttributeToXml($name, \DOMElement $element) + { + $value = $this->getPropertyValue($name); + if (null !== $value && '' !== $value) { + if (is_bool($value)) { + $element->setAttribute($name, $value ? 'true' : 'false'); + } else { + $element->setAttribute($name, $value); + } + + return true; + } + + return false; + } + + /** + * @param array|string[] $names + */ + protected function attributesToXml(array $names, \DOMElement $element) + { + foreach ($names as $name) { + $this->singleAttributeToXml($name, $element); + } + } + + /** + * @param string $expectedName + * @param string $expectedNamespaceUri + */ + protected function checkXmlNodeName(\DOMNode &$node, $expectedName, $expectedNamespaceUri) + { + if ($node instanceof \DOMDocument) { + $node = $node->firstChild; + } + while ($node && $node instanceof \DOMComment) { + $node = $node->nextSibling; + } + if (null === $node) { + throw new LightSamlXmlException(sprintf("Unable to find expected '%s' xml node and '%s' namespace", $expectedName, $expectedNamespaceUri)); + } elseif ($node->localName != $expectedName || $node->namespaceURI != $expectedNamespaceUri) { + throw new LightSamlXmlException(sprintf("Expected '%s' xml node and '%s' namespace but got node '%s' and namespace '%s'", $expectedName, $expectedNamespaceUri, $node->localName, $node->namespaceURI)); + } + } + + /** + * @param string $attributeName + */ + protected function singleAttributeFromXml(\DOMElement $node, $attributeName) + { + $value = $node->getAttribute($attributeName); + if ('' !== $value) { + $setter = 'set' . $attributeName; + if (method_exists($this, $setter)) { + $this->{$setter}($value); + } + } + } + + /** + * @param string $elementName + * @param string $class + * @param string $namespacePrefix + * + * @throws \LogicException + */ + protected function oneElementFromXml(\DOMElement $node, DeserializationContext $context, $elementName, $class, $namespacePrefix) + { + if ($namespacePrefix) { + $query = sprintf('./%s:%s', $namespacePrefix, $elementName); + } else { + $query = sprintf('./%s', $elementName); + } + $arr = $context->getXpath()->query($query, $node); + $value = $arr->length > 0 ? $arr->item(0) : null; + + if ($value) { + $setter = 'set' . $elementName; + if (false == method_exists($this, $setter)) { + throw new \LogicException(sprintf("Unable to find setter for element '%s' in class '%s'", $elementName, get_class($this))); + } + + if ($class) { + /** @var AbstractSamlModel $object */ + $object = new $class(); + if (false == $object instanceof \LightSaml\Model\SamlElementInterface) { + throw new \LogicException(sprintf("Specified class '%s' for element '%s' must implement SamlElementInterface", $class, $elementName)); + } + + $object->deserialize($value, $context); + } else { + $object = $value->textContent; + } + + $this->{$setter}($object); + } + } + + /** + * @param array $options elementName=>class + */ + protected function singleElementsFromXml(\DOMElement $node, DeserializationContext $context, array $options) + { + foreach ($options as $elementName => $info) { + $this->oneElementFromXml($node, $context, $elementName, $info[1], $info[0]); + } + } + + protected function attributesFromXml(\DOMElement $node, array $attributeNames) + { + foreach ($attributeNames as $attributeName) { + $this->singleAttributeFromXml($node, $attributeName); + } + } + + /** + * @param string $name + * + * @return mixed + * + * @throws \LogicException + */ + private function getPropertyValue($name) + { + if (false !== ($pos = strpos($name, ':'))) { + $name = substr($name, $pos + 1); + } + $getter = 'get' . $name . 'String'; + if (false == method_exists($this, $getter)) { + $getter = 'get' . $name; + } + if (false == method_exists($this, $getter)) { + throw new \LogicException(sprintf("Unable to find getter method for '%s' on '%s'", $name, get_class($this))); + } + $value = $this->{$getter}(); + + return $value; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AbstractCondition.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AbstractCondition.php new file mode 100644 index 0000000..45bea86 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AbstractCondition.php @@ -0,0 +1,9 @@ +value = $value; + $this->format = $format; + } + + /** + * @param string|null $format + * + * @return AbstractNameID + */ + public function setFormat($format) + { + $this->format = (string) $format; + + return $this; + } + + /** + * @return string|null + */ + public function getFormat() + { + return $this->format; + } + + /** + * @param string|null $nameQualifier + * + * @return AbstractNameID + */ + public function setNameQualifier($nameQualifier) + { + $this->nameQualifier = (string) $nameQualifier; + + return $this; + } + + /** + * @return string|null + */ + public function getNameQualifier() + { + return $this->nameQualifier; + } + + /** + * @param string|null $spNameQualifier + * + * @return AbstractNameID + */ + public function setSPNameQualifier($spNameQualifier) + { + $this->spNameQualifier = (string) $spNameQualifier; + + return $this; + } + + /** + * @return string|null + */ + public function getSPNameQualifier() + { + return $this->spNameQualifier; + } + + /** + * @param string|null $spProvidedId + * + * @return AbstractNameID + */ + public function setSPProvidedID($spProvidedId) + { + $this->spProvidedId = (string) $spProvidedId; + + return $this; + } + + /** + * @return string|null + */ + public function getSPProvidedID() + { + return $this->spProvidedId; + } + + /** + * @param string $value + * + * @return AbstractNameID + */ + public function setValue($value) + { + $this->value = (string) $value; + + return $this; + } + + /** + * @return string + */ + public function getValue() + { + return $this->value; + } + + protected function prepareForXml() + { + if (false == $this->getValue()) { + throw new LightSamlModelException('NameID value not set'); + } + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $this->prepareForXml(); + if (SamlConstants::NS_ASSERTION == $parent->namespaceURI) { + $result = $this->createElement($this->getElementName(), SamlConstants::NS_ASSERTION, $parent, $context); + } else { + $result = $this->createElement('saml:' . $this->getElementName(), SamlConstants::NS_ASSERTION, $parent, $context); + } + + /* @var \DOMElement $parent */ + $this->attributesToXml(['Format', 'NameQualifier', 'SPNameQualifier', 'SPProvidedID'], $result); + $result->nodeValue = $this->getValue(); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, $this->getElementName(), SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['NameQualifier', 'Format', 'SPNameQualifier', 'SPProvidedID']); + $this->setValue($node->textContent); + } + + /** + * @return string + */ + abstract protected function getElementName(); +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AbstractStatement.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AbstractStatement.php new file mode 100644 index 0000000..9a11498 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AbstractStatement.php @@ -0,0 +1,9 @@ +getSubject()) { + return false; + } + + if (false == $this->getSubject()->getNameID()) { + return false; + } + + if ($this->getSubject()->getNameID()->getValue() != $nameId) { + return false; + } + + if ($this->getSubject()->getNameID()->getFormat() != $format) { + return false; + } + + return true; + } + + /** + * @param string $sessionIndex + * + * @return bool + */ + public function hasSessionIndex($sessionIndex) + { + if (null == $this->getAllAuthnStatements()) { + return false; + } + + foreach ($this->getAllAuthnStatements() as $authnStatement) { + if ($authnStatement->getSessionIndex() == $sessionIndex) { + return true; + } + } + + return false; + } + + public function hasAnySessionIndex() + { + if (false == $this->getAllAuthnStatements()) { + return false; + } + + foreach ($this->getAllAuthnStatements() as $authnStatement) { + if ($authnStatement->getSessionIndex()) { + return true; + } + } + + return false; + } + + //region Getters & Setters + + /** + * @return Assertion + */ + public function setConditions(Conditions $conditions = null) + { + $this->conditions = $conditions; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\Conditions|null + */ + public function getConditions() + { + return $this->conditions; + } + + /** + * @param string $id + * + * @return Assertion + */ + public function setId($id) + { + $this->id = (string) $id; + + return $this; + } + + /** + * @return string + */ + public function getId() + { + return $this->id; + } + + /** + * @param string|int|\DateTime $issueInstant + * + * @throws \InvalidArgumentException + * + * @return Assertion + */ + public function setIssueInstant($issueInstant) + { + $this->issueInstant = Helper::getTimestampFromValue($issueInstant); + + return $this; + } + + /** + * @return int + */ + public function getIssueInstantTimestamp() + { + return $this->issueInstant; + } + + /** + * @return string + */ + public function getIssueInstantString() + { + if ($this->issueInstant) { + return Helper::time2string($this->issueInstant); + } + + return null; + } + + /** + * @return string + */ + public function getIssueInstantDateTime() + { + if ($this->issueInstant) { + return new \DateTime('@' . $this->issueInstant); + } + + return null; + } + + /** + * @param Issuer $issuer + * + * @return Assertion + */ + public function setIssuer(Issuer $issuer = null) + { + $this->issuer = $issuer; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\Issuer + */ + public function getIssuer() + { + return $this->issuer; + } + + /** + * @param Signature $signature + * + * @return Assertion + */ + public function setSignature(Signature $signature = null) + { + $this->signature = $signature; + + return $this; + } + + /** + * @return \LightSaml\Model\XmlDSig\Signature|null + */ + public function getSignature() + { + return $this->signature; + } + + /** + * @return Assertion + */ + public function setSubject(Subject $subject) + { + $this->subject = $subject; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\Subject + */ + public function getSubject() + { + return $this->subject; + } + + /** + * @param string $version + * + * @return Assertion + */ + public function setVersion($version) + { + $this->version = (string) $version; + + return $this; + } + + /** + * @return string + */ + public function getVersion() + { + return $this->version; + } + + /** + * @return Assertion + */ + public function addItem(AbstractStatement $statement) + { + $this->items[] = $statement; + + return $this; + } + + /** + * @return AbstractStatement[]|AttributeStatement[]|AuthnStatement[]|array + */ + public function getAllItems() + { + return $this->items; + } + + /** + * @return \LightSaml\Model\Assertion\AuthnStatement[] + */ + public function getAllAuthnStatements() + { + $result = []; + foreach ($this->items as $item) { + if ($item instanceof AuthnStatement) { + $result[] = $item; + } + } + + return $result; + } + + /** + * @return \LightSaml\Model\Assertion\AttributeStatement[] + */ + public function getAllAttributeStatements() + { + $result = []; + foreach ($this->items as $item) { + if ($item instanceof AttributeStatement) { + $result[] = $item; + } + } + + return $result; + } + + /** + * @return \LightSaml\Model\Assertion\AttributeStatement|null + */ + public function getFirstAttributeStatement() + { + foreach ($this->items as $item) { + if ($item instanceof AttributeStatement) { + return $item; + } + } + + return null; + } + + /** + * @return \LightSaml\Model\Assertion\AuthnStatement|null + */ + public function getFirstAuthnStatement() + { + foreach ($this->items as $item) { + if ($item instanceof AuthnStatement) { + return $item; + } + } + + return null; + } + + //endregion + + /** + * @return bool + */ + public function hasBearerSubject() + { + if ($this->getAllAuthnStatements() && $this->getSubject()) { + if ($this->getSubject()->getBearerConfirmations()) { + return true; + } + } + + return false; + } + + protected function prepareForXml() + { + if (false == $this->getId()) { + $this->setId(Helper::generateID()); + } + if (false == $this->getIssueInstantTimestamp()) { + $this->setIssueInstant(time()); + } + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $this->prepareForXml(); + + $result = $this->createElement('Assertion', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml(['ID', 'Version', 'IssueInstant'], $result); + + $this->singleElementsToXml( + ['Issuer', 'Subject', 'Conditions'], + $result, + $context + ); + + foreach ($this->items as $item) { + $item->serialize($result, $context); + } + + // must be added at the end + $this->singleElementsToXml(['Signature'], $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Assertion', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['ID', 'Version', 'IssueInstant']); + + $this->singleElementsFromXml($node, $context, [ + 'Issuer' => ['saml', 'LightSaml\Model\Assertion\Issuer'], + 'Subject' => ['saml', 'LightSaml\Model\Assertion\Subject'], + 'Conditions' => ['saml', 'LightSaml\Model\Assertion\Conditions'], + ]); + + $this->manyElementsFromXml( + $node, + $context, + 'AuthnStatement', + 'saml', + 'LightSaml\Model\Assertion\AuthnStatement', + 'addItem' + ); + + $this->manyElementsFromXml( + $node, + $context, + 'AttributeStatement', + 'saml', + 'LightSaml\Model\Assertion\AttributeStatement', + 'addItem' + ); + + $this->singleElementsFromXml($node, $context, [ + 'Signature' => ['ds', 'LightSaml\Model\XmlDSig\SignatureXmlReader'], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Attribute.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Attribute.php new file mode 100644 index 0000000..2202510 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Attribute.php @@ -0,0 +1,165 @@ +name = $name; + if ($value) { + $this->attributeValue = is_array($value) ? $value : [$value]; + } + } + + /** + * @param string $attributeValue + * + * @return Attribute + */ + public function addAttributeValue($attributeValue) + { + if (false == is_array($this->attributeValue)) { + $this->attributeValue = []; + } + $this->attributeValue[] = $attributeValue; + + return $this; + } + + /** + * @param string[]|string $attributeValue + * + * @return Attribute + */ + public function setAttributeValue($attributeValue) + { + if (false == is_array($attributeValue)) { + $attributeValue = [$attributeValue]; + } + $this->attributeValue = $attributeValue; + + return $this; + } + + /** + * @return string[] + */ + public function getAllAttributeValues() + { + return $this->attributeValue; + } + + /** + * @return string|null + */ + public function getFirstAttributeValue() + { + $arr = $this->attributeValue; + + return array_shift($arr); + } + + /** + * @param string $friendlyName + * + * @return Attribute + */ + public function setFriendlyName($friendlyName) + { + $this->friendlyName = $friendlyName; + + return $this; + } + + /** + * @return string + */ + public function getFriendlyName() + { + return $this->friendlyName; + } + + /** + * @param string $name + * + * @return Attribute + */ + public function setName($name) + { + $this->name = $name; + + return $this; + } + + /** + * @return string + */ + public function getName() + { + return $this->name; + } + + /** + * @param string $nameFormat + * + * @return Attribute + */ + public function setNameFormat($nameFormat) + { + $this->nameFormat = $nameFormat; + + return $this; + } + + /** + * @return string + */ + public function getNameFormat() + { + return $this->nameFormat; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('Attribute', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml(['Name', 'NameFormat', 'FriendlyName'], $result); + + $this->manyElementsToXml($this->getAllAttributeValues(), $result, $context, 'AttributeValue', SamlConstants::NS_ASSERTION); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Attribute', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['Name', 'NameFormat', 'FriendlyName']); + + $this->attributeValue = []; + $this->manyElementsFromXml($node, $context, 'AttributeValue', 'saml', null, 'addAttributeValue'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AttributeStatement.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AttributeStatement.php new file mode 100644 index 0000000..f62e366 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AttributeStatement.php @@ -0,0 +1,76 @@ +attributes[] = $attribute; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\Attribute[] + */ + public function getAllAttributes() + { + return $this->attributes; + } + + /** + * @param string $name + * + * @return Attribute|null + */ + public function getFirstAttributeByName($name) + { + if (is_array($this->getAllAttributes())) { + foreach ($this->getAllAttributes() as $attribute) { + if (null == $name || $attribute->getName() == $name) { + return $attribute; + } + } + } + + return null; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('AttributeStatement', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->manyElementsToXml($this->getAllAttributes(), $result, $context, null); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'AttributeStatement', SamlConstants::NS_ASSERTION); + + $this->attributes = []; + $this->manyElementsFromXml( + $node, + $context, + 'Attribute', + 'saml', + 'LightSaml\Model\Assertion\Attribute', + 'addAttribute' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AudienceRestriction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AudienceRestriction.php new file mode 100644 index 0000000..4403f0c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AudienceRestriction.php @@ -0,0 +1,79 @@ +audience = $audience; + } + + /** + * @param string $audience + * + * @return AudienceRestriction + */ + public function addAudience($audience) + { + $this->audience[] = $audience; + + return $this; + } + + /** + * @return string[] + */ + public function getAllAudience() + { + return $this->audience; + } + + /** + * @param string $value + * + * @return bool + */ + public function hasAudience($value) + { + if (is_array($this->audience)) { + foreach ($this->audience as $a) { + if ($a == $value) { + return true; + } + } + } + + return false; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('AudienceRestriction', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->manyElementsToXml($this->getAllAudience(), $result, $context, 'Audience', SamlConstants::NS_ASSERTION); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'AudienceRestriction', SamlConstants::NS_ASSERTION); + + $this->audience = []; + $this->manyElementsFromXml($node, $context, 'Audience', 'saml', null, 'addAudience'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AuthnContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AuthnContext.php new file mode 100644 index 0000000..631eb34 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AuthnContext.php @@ -0,0 +1,138 @@ +authenticatingAuthority = (string) $authenticatingAuthority; + + return $this; + } + + /** + * @return string + */ + public function getAuthenticatingAuthority() + { + return $this->authenticatingAuthority; + } + + /** + * @param string|null $authnContextClassRef + * + * @return AuthnContext + */ + public function setAuthnContextClassRef($authnContextClassRef) + { + $this->authnContextClassRef = (string) $authnContextClassRef; + + return $this; + } + + /** + * @return string|null + */ + public function getAuthnContextClassRef() + { + return $this->authnContextClassRef; + } + + /** + * @param string|null $authnContextDecl + * + * @return AuthnContext + */ + public function setAuthnContextDecl($authnContextDecl) + { + $this->authnContextDecl = (string) $authnContextDecl; + + return $this; + } + + /** + * @return string|null + */ + public function getAuthnContextDecl() + { + return $this->authnContextDecl; + } + + /** + * @param string|null $authnContextDeclRef + * + * @return AuthnContext + */ + public function setAuthnContextDeclRef($authnContextDeclRef) + { + $this->authnContextDeclRef = (string) $authnContextDeclRef; + + return $this; + } + + /** + * @return string|null + */ + public function getAuthnContextDeclRef() + { + return $this->authnContextDeclRef; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('AuthnContext', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->singleElementsToXml( + ['AuthnContextClassRef', 'AuthnContextDecl', 'AuthnContextDeclRef', 'AuthenticatingAuthority'], + $result, + $context, + SamlConstants::NS_ASSERTION + ); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'AuthnContext', SamlConstants::NS_ASSERTION); + + $this->singleElementsFromXml($node, $context, [ + 'AuthnContextClassRef' => ['saml', null], + 'AuthnContextDecl' => ['saml', null], + 'AuthnContextDeclRef' => ['saml', null], + 'AuthenticatingAuthority' => ['saml', null], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AuthnStatement.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AuthnStatement.php new file mode 100644 index 0000000..1ca28b0 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/AuthnStatement.php @@ -0,0 +1,213 @@ +authnContext = $authnContext; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\AuthnContext + */ + public function getAuthnContext() + { + return $this->authnContext; + } + + /** + * @param int|string|\DateTime $authnInstant + * + * @return AuthnStatement + */ + public function setAuthnInstant($authnInstant) + { + $this->authnInstant = Helper::getTimestampFromValue($authnInstant); + + return $this; + } + + /** + * @return int|null + */ + public function getAuthnInstantTimestamp() + { + return $this->authnInstant; + } + + /** + * @return string|null + */ + public function getAuthnInstantString() + { + if ($this->authnInstant) { + return Helper::time2string($this->authnInstant); + } + + return null; + } + + /** + * @return \DateTime|null + */ + public function getAuthnInstantDateTime() + { + if ($this->authnInstant) { + return new \DateTime('@' . $this->authnInstant); + } + + return null; + } + + /** + * @param string|null $sessionIndex + * + * @return AuthnStatement + */ + public function setSessionIndex($sessionIndex) + { + $this->sessionIndex = $sessionIndex; + + return $this; + } + + /** + * @return string|null + */ + public function getSessionIndex() + { + return $this->sessionIndex; + } + + /** + * @param int|string|\DateTime $sessionNotOnOrAfter + * + * @return AuthnStatement + */ + public function setSessionNotOnOrAfter($sessionNotOnOrAfter) + { + $this->sessionNotOnOrAfter = Helper::getTimestampFromValue($sessionNotOnOrAfter); + + return $this; + } + + /** + * @return int|null + */ + public function getSessionNotOnOrAfterTimestamp() + { + return $this->sessionNotOnOrAfter; + } + + /** + * @return string|null + */ + public function getSessionNotOnOrAfterString() + { + if ($this->sessionNotOnOrAfter) { + return Helper::time2string($this->sessionNotOnOrAfter); + } + + return null; + } + + /** + * @return \DateTime|null + */ + public function getSessionNotOnOrAfterDateTime() + { + if ($this->sessionNotOnOrAfter) { + return new \DateTime('@' . $this->sessionNotOnOrAfter); + } + + return null; + } + + /** + * @param SubjectLocality $subjectLocality + * + * @return AuthnStatement + */ + public function setSubjectLocality($subjectLocality) + { + $this->subjectLocality = $subjectLocality; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\SubjectLocality + */ + public function getSubjectLocality() + { + return $this->subjectLocality; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('AuthnStatement', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml( + ['AuthnInstant', 'SessionNotOnOrAfter', 'SessionIndex'], + $result + ); + + $this->singleElementsToXml( + ['SubjectLocality', 'AuthnContext'], + $result, + $context + ); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'AuthnStatement', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['AuthnInstant', 'SessionNotOnOrAfter', 'SessionIndex']); + + $this->singleElementsFromXml($node, $context, [ + 'SubjectLocality' => ['saml', 'LightSaml\Model\Assertion\SubjectLocality'], + 'AuthnContext' => ['saml', 'LightSaml\Model\Assertion\AuthnContext'], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Conditions.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Conditions.php new file mode 100644 index 0000000..6eb1d13 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Conditions.php @@ -0,0 +1,269 @@ +items[] = $item; + + return $this; + } + + /** + * @return AbstractCondition[]|AudienceRestriction[]|OneTimeUse[]|ProxyRestriction[]|array + */ + public function getAllItems() + { + return $this->items; + } + + /** + * @return \LightSaml\Model\Assertion\AudienceRestriction[] + */ + public function getAllAudienceRestrictions() + { + $result = []; + foreach ($this->items as $item) { + if ($item instanceof AudienceRestriction) { + $result[] = $item; + } + } + + return $result; + } + + /** + * @return \LightSaml\Model\Assertion\AudienceRestriction|null + */ + public function getFirstAudienceRestriction() + { + foreach ($this->items as $item) { + if ($item instanceof AudienceRestriction) { + return $item; + } + } + + return null; + } + + /** + * @return \LightSaml\Model\Assertion\OneTimeUse[] + */ + public function getAllOneTimeUses() + { + $result = []; + foreach ($this->items as $item) { + if ($item instanceof OneTimeUse) { + $result[] = $item; + } + } + + return $result; + } + + /** + * @return \LightSaml\Model\Assertion\OneTimeUse|null + */ + public function getFirstOneTimeUse() + { + foreach ($this->items as $item) { + if ($item instanceof OneTimeUse) { + return $item; + } + } + + return null; + } + + /** + * @return \LightSaml\Model\Assertion\ProxyRestriction[] + */ + public function getAllProxyRestrictions() + { + $result = []; + foreach ($this->items as $item) { + if ($item instanceof ProxyRestriction) { + $result[] = $item; + } + } + + return $result; + } + + /** + * @return \LightSaml\Model\Assertion\ProxyRestriction|null + */ + public function getFirstProxyRestriction() + { + foreach ($this->items as $item) { + if ($item instanceof ProxyRestriction) { + return $item; + } + } + + return null; + } + + /** + * @param int|string|\DateTime $notBefore + * + * @return Conditions + */ + public function setNotBefore($notBefore) + { + $this->notBefore = Helper::getTimestampFromValue($notBefore); + + return $this; + } + + /** + * @return int|null + */ + public function getNotBeforeTimestamp() + { + return $this->notBefore; + } + + /** + * @return string|null + */ + public function getNotBeforeString() + { + if ($this->notBefore) { + return Helper::time2string($this->notBefore); + } + + return null; + } + + /** + * @return \DateTime|null + */ + public function getNotBeforeDateTime() + { + if ($this->notBefore) { + return new \DateTime('@' . $this->notBefore); + } + + return null; + } + + /** + * @param int|string|\DateTime $notOnOrAfter + * + * @return Conditions + */ + public function setNotOnOrAfter($notOnOrAfter) + { + $this->notOnOrAfter = Helper::getTimestampFromValue($notOnOrAfter); + + return $this; + } + + /** + * @return int|null + */ + public function getNotOnOrAfterTimestamp() + { + return $this->notOnOrAfter; + } + + /** + * @return string|null + */ + public function getNotOnOrAfterString() + { + if ($this->notOnOrAfter) { + return Helper::time2string($this->notOnOrAfter); + } + + return null; + } + + /** + * @return \DateTime|null + */ + public function getNotOnOrAfterDateTime() + { + if ($this->notOnOrAfter) { + return new \DateTime('@' . $this->notOnOrAfter); + } + + return null; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('Conditions', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml( + ['NotBefore', 'NotOnOrAfter'], + $result + ); + + foreach ($this->items as $item) { + $item->serialize($result, $context); + } + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Conditions', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['NotBefore', 'NotOnOrAfter']); + + $this->manyElementsFromXml( + $node, + $context, + 'AudienceRestriction', + 'saml', + 'LightSaml\Model\Assertion\AudienceRestriction', + 'addItem' + ); + $this->manyElementsFromXml( + $node, + $context, + 'OneTimeUse', + 'saml', + 'LightSaml\Model\Assertion\OneTimeUse', + 'addItem' + ); + $this->manyElementsFromXml( + $node, + $context, + 'ProxyRestriction', + 'saml', + 'LightSaml\Model\Assertion\ProxyRestriction', + 'addItem' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedAssertionReader.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedAssertionReader.php new file mode 100644 index 0000000..ac9c3b0 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedAssertionReader.php @@ -0,0 +1,46 @@ +decryptMulti($inputKeys); + + return $this->getAssertionFromDom($dom, $deserializationContext); + } + + /** + * @param XMLSecurityKey $credential + * + * @return Assertion + */ + public function decryptAssertion($credential, DeserializationContext $deserializationContext) + { + $dom = $this->decrypt($credential); + + return $this->getAssertionFromDom($dom, $deserializationContext); + } + + /** + * @return Assertion + */ + protected function getAssertionFromDom(\DOMElement $dom, DeserializationContext $deserializationContext) + { + $deserializationContext->setDocument($dom->ownerDocument); + + $assertion = new Assertion(); + $assertion->deserialize($dom, $deserializationContext); + + return $assertion; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedAssertionWriter.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedAssertionWriter.php new file mode 100644 index 0000000..ddc7b59 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedAssertionWriter.php @@ -0,0 +1,17 @@ +createElement('saml:EncryptedAssertion', SamlConstants::NS_ASSERTION, $parent, $context); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedElement.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedElement.php new file mode 100644 index 0000000..2cbaf3a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedElement.php @@ -0,0 +1,9 @@ +symmetricKey; + } + + /** + * @return XMLSecurityKey + */ + public function getSymmetricKeyInfo() + { + return $this->symmetricKeyInfo; + } + + /** + * @throws \LogicException + * + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + throw new \LogicException('EncryptedElementReader can not be used for serialization'); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $list = $context->getXpath()->query('xenc:EncryptedData', $node); + if (0 == $list->length) { + throw new LightSamlXmlException('Missing encrypted data in '); + } + if (1 != $list->length) { + throw new LightSamlXmlException('More than one encrypted data element in '); + } + + /** @var \DOMElement $encryptedData */ + $encryptedData = $list->item(0); + $this->xmlEnc = new XMLSecEnc(); + $this->xmlEnc->setNode($encryptedData); + $this->xmlEnc->type = $encryptedData->getAttribute('Type'); + + $this->symmetricKey = $this->loadSymmetricKey(); + + $this->symmetricKeyInfo = $this->loadSymmetricKeyInfo($this->symmetricKey); + } + + /** + * @param XMLSecurityKey[] $inputKeys + * + * @throws \LogicException + * @throws \LightSaml\Error\LightSamlXmlException + * @throws \LightSaml\Error\LightSamlSecurityException + * + * @return \DOMElement + */ + public function decryptMulti(array $inputKeys) + { + /** @var \LogicException $lastException */ + $lastException = null; + + foreach ($inputKeys as $key) { + if ($key instanceof CredentialInterface) { + $key = $key->getPrivateKey(); + } + if (false == $key instanceof XMLSecurityKey) { + throw new \InvalidArgumentException('Expected XMLSecurityKey'); + } + + try { + return $this->decrypt($key); + } catch (\Exception $ex) { + $lastException = $ex; + } + } + + if ($lastException) { + throw $lastException; + } + + throw new LightSamlSecurityException('No key provided for decryption'); + } + + /** + * @throws \LogicException + * @throws \LightSaml\Error\LightSamlXmlException + * @throws \LightSaml\Error\LightSamlSecurityException + * + * @return \DOMElement + */ + public function decrypt(XMLSecurityKey $inputKey) + { + $this->symmetricKey = $this->loadSymmetricKey(); + $this->symmetricKeyInfo = $this->loadSymmetricKeyInfo($this->symmetricKey); + + if ($this->symmetricKeyInfo->isEncrypted) { + $this->decryptSymmetricKey($inputKey); + } else { + $this->symmetricKey = $inputKey; + } + + $decrypted = $this->decryptCipher(); + + $result = $this->buildXmlElement($decrypted); + + return $result; + } + + /** + * @param string $decrypted + * + * @return \DOMElement + */ + protected function buildXmlElement($decrypted) + { + /* + * This is a workaround for the case where only a subset of the XML + * tree was serialized for encryption. In that case, we may miss the + * namespaces needed to parse the XML. + */ + $xml = sprintf( + '%s', + $decrypted + ); + $newDoc = new \DOMDocument(); + if (false == @$newDoc->loadXML($xml)) { + throw new LightSamlXmlException('Failed to parse decrypted XML. Maybe the wrong sharedkey was used?'); + } + $decryptedElement = $newDoc->firstChild->firstChild; + if (null == $decryptedElement) { + throw new LightSamlSecurityException('Missing encrypted element.'); + } + + if (false == $decryptedElement instanceof \DOMElement) { + throw new LightSamlXmlException('Decrypted element was not actually a DOMElement.'); + } + + return $decryptedElement; + } + + /** + * @return string + * + * @throws \Exception + */ + protected function decryptCipher() + { + $decrypted = $this->xmlEnc->decryptNode($this->symmetricKey, false); + if (false == is_string($decrypted)) { + throw new \LogicException('Expected decrypted string'); + } + + return $decrypted; + } + + /** + * @throws \Exception + */ + protected function decryptSymmetricKey(XMLSecurityKey $inputKey) + { + /** @var XMLSecEnc $encKey */ + $encKey = $this->symmetricKeyInfo->encryptedCtx; + $this->symmetricKeyInfo->key = $inputKey->key; + + $keySize = $this->symmetricKey->getSymmetricKeySize(); + if (null === $keySize) { + // To protect against "key oracle" attacks, we need to be able to create a + // symmetric key, and for that we need to know the key size. + throw new LightSamlSecurityException(sprintf("Unknown key size for encryption algorithm: '%s'", $this->symmetricKey->type)); + } + + /** @var string $key */ + $key = $encKey->decryptKey($this->symmetricKeyInfo); + if (false == is_string($key)) { + throw new \LogicException('Expected string'); + } + if (strlen($key) != $keySize) { + throw new LightSamlSecurityException(sprintf("Unexpected key size of '%s' bits for encryption algorithm '%s', expected '%s' bits size", strlen($key) * 8, $this->symmetricKey->type, $keySize)); + } + + $this->symmetricKey->loadkey($key); + } + + /** + * @return XMLSecurityKey + * + * @throws \LightSaml\Error\LightSamlXmlException + */ + protected function loadSymmetricKey() + { + $symmetricKey = $this->xmlEnc->locateKey(); + if (false == $symmetricKey) { + throw new LightSamlXmlException('Could not locate key algorithm in encrypted data'); + } + + return $symmetricKey; + } + + /** + * @throws \LightSaml\Error\LightSamlXmlException + * + * @return XMLSecurityKey + */ + protected function loadSymmetricKeyInfo(XMLSecurityKey $symmetricKey) + { + $symmetricKeyInfo = $this->xmlEnc->locateKeyInfo($symmetricKey); + if (false == $symmetricKeyInfo) { + throw new LightSamlXmlException('Could not locate for the encrypted key'); + } + + return $symmetricKeyInfo; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedElementWriter.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedElementWriter.php new file mode 100644 index 0000000..b4bb757 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/EncryptedElementWriter.php @@ -0,0 +1,102 @@ +blockEncryptionAlgorithm = $blockEncryptionAlgorithm; + $this->keyTransportEncryption = $keyTransportEncryption; + } + + /** + * @return SerializationContext + */ + public function encrypt(AbstractSamlModel $object, XMLSecurityKey $key) + { + $oldKey = $key; + $key = new XMLSecurityKey($this->keyTransportEncryption, ['type' => 'public']); + $key->loadKey($oldKey->key); + + $serializationContext = new SerializationContext(); + $object->serialize($serializationContext->getDocument(), $serializationContext); + + $enc = new XMLSecEnc(); + $enc->setNode($serializationContext->getDocument()->firstChild); + $enc->type = XMLSecEnc::Element; + + switch ($key->type) { + case XMLSecurityKey::TRIPLEDES_CBC: + case XMLSecurityKey::AES128_CBC: + case XMLSecurityKey::AES192_CBC: + case XMLSecurityKey::AES256_CBC: + $symmetricKey = $key; + break; + + case XMLSecurityKey::RSA_1_5: + case XMLSecurityKey::RSA_SHA1: + case XMLSecurityKey::RSA_SHA256: + case XMLSecurityKey::RSA_SHA384: + case XMLSecurityKey::RSA_SHA512: + case XMLSecurityKey::RSA_OAEP_MGF1P: + $symmetricKey = new XMLSecurityKey($this->blockEncryptionAlgorithm); + $symmetricKey->generateSessionKey(); + + $enc->encryptKey($key, $symmetricKey); + + break; + + default: + throw new LightSamlException(sprintf('Unknown key type for encryption: "%s"', $key->type)); + } + + $this->encryptedElement = $enc->encryptNode($symmetricKey); + + return $serializationContext; + } + + /** + * @return \DOMElement + */ + abstract protected function createRootElement(\DOMNode $parent, SerializationContext $context); + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + if (null === $this->encryptedElement) { + throw new LightSamlException('Encrypted element missing'); + } + + $root = $this->createRootElement($parent, $context); + + $root->appendChild($context->getDocument()->importNode($this->encryptedElement, true)); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + throw new \LogicException('EncryptedElementWriter can not be used for deserialization'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Issuer.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Issuer.php new file mode 100644 index 0000000..fc64c30 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Issuer.php @@ -0,0 +1,14 @@ +createElement('OneTimeUse', SamlConstants::NS_ASSERTION, $parent, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'OneTimeUse', SamlConstants::NS_ASSERTION); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/ProxyRestriction.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/ProxyRestriction.php new file mode 100644 index 0000000..d6cb1f2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/ProxyRestriction.php @@ -0,0 +1,94 @@ +count = $count; + $this->audience = $audience; + } + + /** + * @param string $audience + * + * @return ProxyRestriction + */ + public function addAudience($audience) + { + if (false == is_array($this->audience)) { + $this->audience = []; + } + $this->audience[] = (string) $audience; + + return $this; + } + + /** + * @return string[]|null + */ + public function getAllAudience() + { + return $this->audience; + } + + /** + * @param int|null $count + * + * @return ProxyRestriction + */ + public function setCount($count) + { + $this->count = null !== $count ? intval($count) : null; + + return $this; + } + + /** + * @return int|null + */ + public function getCount() + { + return $this->count; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('ProxyRestriction', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml(['count'], $result); + + $this->manyElementsToXml($this->getAllAudience(), $result, $context, 'Audience'); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'ProxyRestriction', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['count']); + + $this->manyElementsFromXml($node, $context, 'Audience', 'saml', null, 'addAudience'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Subject.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Subject.php new file mode 100644 index 0000000..d9312cb --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/Subject.php @@ -0,0 +1,116 @@ +nameId = $nameId; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\NameID + */ + public function getNameID() + { + return $this->nameId; + } + + /** + * @return Subject + */ + public function addSubjectConfirmation(SubjectConfirmation $subjectConfirmation) + { + $this->subjectConfirmation[] = $subjectConfirmation; + + return $this; + } + + /** + * @return SubjectConfirmation[] + */ + public function getAllSubjectConfirmations() + { + return $this->subjectConfirmation; + } + + /** + * @return SubjectConfirmation|null + */ + public function getFirstSubjectConfirmation() + { + if (is_array($this->subjectConfirmation) && isset($this->subjectConfirmation[0])) { + return $this->subjectConfirmation[0]; + } + + return; + } + + /** + * Returns array of containing a Method of urn:oasis:names:tc:SAML:2.0:cm:bearer. + * + * @return SubjectConfirmation[] + */ + public function getBearerConfirmations() + { + $result = []; + if ($this->getAllSubjectConfirmations()) { + foreach ($this->getAllSubjectConfirmations() as $confirmation) { + if (SamlConstants::CONFIRMATION_METHOD_BEARER == $confirmation->getMethod()) { + $result[] = $confirmation; + break; + } + } + } + + return $result; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('Subject', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->singleElementsToXml(['NameID'], $result, $context); + $this->manyElementsToXml($this->getAllSubjectConfirmations(), $result, $context, null); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Subject', SamlConstants::NS_ASSERTION); + + $this->singleElementsFromXml($node, $context, [ + 'NameID' => ['saml', 'LightSaml\Model\Assertion\NameID'], + ]); + + $this->manyElementsFromXml( + $node, + $context, + 'SubjectConfirmation', + 'saml', + 'LightSaml\Model\Assertion\SubjectConfirmation', + 'addSubjectConfirmation' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectConfirmation.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectConfirmation.php new file mode 100644 index 0000000..0788faa --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectConfirmation.php @@ -0,0 +1,126 @@ +method = (string) $method; + + return $this; + } + + /** + * @return string + */ + public function getMethod() + { + return $this->method; + } + + /** + * @return SubjectConfirmation + */ + public function setEncryptedId(EncryptedElement $encryptedId = null) + { + $this->encryptedId = $encryptedId; + + return $this; + } + + /** + * @return EncryptedElement|null + */ + public function getEncryptedId() + { + return $this->encryptedId; + } + + /** + * @return SubjectConfirmation + */ + public function setNameID(NameID $nameId = null) + { + $this->nameId = $nameId; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\NameID|null + */ + public function getNameID() + { + return $this->nameId; + } + + /** + * @return SubjectConfirmation + */ + public function setSubjectConfirmationData(SubjectConfirmationData $subjectConfirmationData = null) + { + $this->subjectConfirmationData = $subjectConfirmationData; + + return $this; + } + + /** + * @return SubjectConfirmationData|null + */ + public function getSubjectConfirmationData() + { + return $this->subjectConfirmationData; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('SubjectConfirmation', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml(['Method'], $result); + + $this->singleElementsToXml( + ['NameID', 'EncryptedID', 'SubjectConfirmationData'], + $result, + $context + ); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'SubjectConfirmation', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['Method']); + + $this->singleElementsFromXml($node, $context, [ + 'NameID' => ['saml', 'LightSaml\Model\Assertion\NameID'], + 'EncryptedID' => ['saml', 'LightSaml\Model\Assertion\EncryptedID'], + 'SubjectConfirmationData' => ['saml', 'LightSaml\Model\Assertion\SubjectConfirmationData'], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectConfirmationData.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectConfirmationData.php new file mode 100644 index 0000000..81358d3 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectConfirmationData.php @@ -0,0 +1,197 @@ +address = (string) $address; + + return $this; + } + + /** + * @return string|null + */ + public function getAddress() + { + return $this->address; + } + + /** + * @param string|null $inResponseTo + * + * @return SubjectConfirmationData + */ + public function setInResponseTo($inResponseTo) + { + $this->inResponseTo = (string) $inResponseTo; + + return $this; + } + + /** + * @return string|null + */ + public function getInResponseTo() + { + return $this->inResponseTo; + } + + /** + * @param int|string|\DateTime $notBefore + * + * @return SubjectConfirmationData + */ + public function setNotBefore($notBefore) + { + $this->notBefore = Helper::getTimestampFromValue($notBefore); + + return $this; + } + + /** + * @return int|null + */ + public function getNotBeforeTimestamp() + { + return $this->notBefore; + } + + /** + * @return string|null + */ + public function getNotBeforeString() + { + if ($this->notBefore) { + return Helper::time2string($this->notBefore); + } + + return; + } + + /** + * @return \DateTime|null + */ + public function getNotBeforeDateTime() + { + if ($this->notBefore) { + return new \DateTime('@' . $this->notBefore); + } + + return; + } + + /** + * @param int|string|\DateTime $notOnOrAfter + * + * @return SubjectConfirmationData + */ + public function setNotOnOrAfter($notOnOrAfter) + { + $this->notOnOrAfter = Helper::getTimestampFromValue($notOnOrAfter); + + return $this; + } + + /** + * @return int|null + */ + public function getNotOnOrAfterTimestamp() + { + return $this->notOnOrAfter; + } + + /** + * @return string|null + */ + public function getNotOnOrAfterString() + { + if ($this->notOnOrAfter) { + return Helper::time2string($this->notOnOrAfter); + } + + return; + } + + /** + * @return \DateTime|null + */ + public function getNotOnOrAfterDateTime() + { + if ($this->notOnOrAfter) { + return new \DateTime('@' . $this->notOnOrAfter); + } + + return; + } + + /** + * @param string|null $recipient + * + * @return SubjectConfirmationData + */ + public function setRecipient($recipient) + { + $this->recipient = (string) $recipient; + + return $this; + } + + /** + * @return string|null + */ + public function getRecipient() + { + return $this->recipient; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('SubjectConfirmationData', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml( + ['InResponseTo', 'NotBefore', 'NotOnOrAfter', 'Address', 'Recipient'], + $result + ); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'SubjectConfirmationData', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, [ + 'InResponseTo', 'NotBefore', 'NotOnOrAfter', 'Address', 'Recipient', + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectLocality.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectLocality.php new file mode 100644 index 0000000..98fbc37 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Assertion/SubjectLocality.php @@ -0,0 +1,78 @@ +address = $address; + + return $this; + } + + /** + * @return string + */ + public function getAddress() + { + return $this->address; + } + + /** + * @param string $dnsName + * + * @return SubjectLocality + */ + public function setDNSName($dnsName) + { + $this->dnsName = $dnsName; + + return $this; + } + + /** + * @return string + */ + public function getDNSName() + { + return $this->dnsName; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('SubjectLocality', SamlConstants::NS_ASSERTION, $parent, $context); + + $this->attributesToXml(['Address', 'DNSName'], $result); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'SubjectLocality', SamlConstants::NS_ASSERTION); + + $this->attributesFromXml($node, ['Address', 'DNSName']); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Context/DeserializationContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Context/DeserializationContext.php new file mode 100644 index 0000000..a59137f --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Context/DeserializationContext.php @@ -0,0 +1,58 @@ +document = $document ? $document : new \DOMDocument(); + } + + /** + * @return \DOMDocument + */ + public function getDocument() + { + return $this->document; + } + + /** + * @return DeserializationContext + */ + public function setDocument(\DOMDocument $document) + { + $this->document = $document; + + return $this; + } + + /** + * @return \DOMXPath + */ + public function getXpath() + { + if (null == $this->xpath) { + $this->xpath = new \DOMXPath($this->document); + $this->xpath->registerNamespace('saml', SamlConstants::NS_ASSERTION); + $this->xpath->registerNamespace('samlp', SamlConstants::NS_PROTOCOL); + $this->xpath->registerNamespace('md', SamlConstants::NS_METADATA); + $this->xpath->registerNamespace('ds', SamlConstants::NS_XMLDSIG); + $this->xpath->registerNamespace('xenc', XMLSecEnc::XMLENCNS); + } + + return $this->xpath; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Context/SerializationContext.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Context/SerializationContext.php new file mode 100644 index 0000000..afb618b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Context/SerializationContext.php @@ -0,0 +1,30 @@ +document = $document ? $document : new \DOMDocument(); + } + + public function setDocument(\DOMDocument $document) + { + $this->document = $document; + } + + /** + * @return \DOMDocument + */ + public function getDocument() + { + return $this->document; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/AssertionConsumerService.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/AssertionConsumerService.php new file mode 100644 index 0000000..18a5b65 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/AssertionConsumerService.php @@ -0,0 +1,22 @@ +createElement('AssertionConsumerService', SamlConstants::NS_METADATA, $parent, $context); + parent::serialize($result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'AssertionConsumerService', SamlConstants::NS_METADATA); + parent::deserialize($node, $context); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/ContactPerson.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/ContactPerson.php new file mode 100644 index 0000000..8bd3591 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/ContactPerson.php @@ -0,0 +1,187 @@ +contactType = (string) $contactType; + + return $this; + } + + /** + * @return string + */ + public function getContactType() + { + return $this->contactType; + } + + /** + * @param string|null $company + * + * @return ContactPerson + */ + public function setCompany($company) + { + $this->company = $company; + + return $this; + } + + /** + * @return string|null + */ + public function getCompany() + { + return $this->company; + } + + /** + * @param string|null $emailAddress + * + * @return ContactPerson + */ + public function setEmailAddress($emailAddress) + { + $this->emailAddress = $emailAddress; + + return $this; + } + + /** + * @return string|null + */ + public function getEmailAddress() + { + return $this->emailAddress; + } + + /** + * @param string|null $givenName + * + * @return ContactPerson + */ + public function setGivenName($givenName) + { + $this->givenName = $givenName; + + return $this; + } + + /** + * @return string|null + */ + public function getGivenName() + { + return $this->givenName; + } + + /** + * @param string|null $surName + * + * @return ContactPerson + */ + public function setSurName($surName) + { + $this->surName = $surName; + + return $this; + } + + /** + * @return string|null + */ + public function getSurName() + { + return $this->surName; + } + + /** + * @param string|null $telephoneNumber + * + * @return ContactPerson + */ + public function setTelephoneNumber($telephoneNumber) + { + $this->telephoneNumber = $telephoneNumber; + + return $this; + } + + /** + * @return string|null + */ + public function getTelephoneNumber() + { + return $this->telephoneNumber; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('ContactPerson', SamlConstants::NS_METADATA, $parent, $context); + + $this->attributesToXml(['contactType'], $result); + + $this->singleElementsToXml( + ['Company', 'GivenName', 'SurName', 'EmailAddress', 'TelephoneNumber'], + $result, + $context, + SamlConstants::NS_METADATA + ); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'ContactPerson', SamlConstants::NS_METADATA); + + $this->attributesFromXml($node, ['contactType']); + + $this->singleElementsFromXml($node, $context, [ + 'Company' => ['md', null], + 'GivenName' => ['md', null], + 'SurName' => ['md', null], + 'EmailAddress' => ['md', null], + 'TelephoneNumber' => ['md', null], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Endpoint.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Endpoint.php new file mode 100644 index 0000000..304dd9e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Endpoint.php @@ -0,0 +1,99 @@ +location = $location; + $this->binding = $binding; + } + + /** + * @param string $binding + * + * @return Endpoint + */ + public function setBinding($binding) + { + $this->binding = (string) $binding; + + return $this; + } + + /** + * @return string + */ + public function getBinding() + { + return $this->binding; + } + + /** + * @param string $location + * + * @return Endpoint + */ + public function setLocation($location) + { + $this->location = (string) $location; + + return $this; + } + + /** + * @return string + */ + public function getLocation() + { + return $this->location; + } + + /** + * @param string|null $responseLocation + * + * @return Endpoint + */ + public function setResponseLocation($responseLocation) + { + $this->responseLocation = $responseLocation ? (string) $responseLocation : null; + + return $this; + } + + /** + * @return string|null + */ + public function getResponseLocation() + { + return $this->responseLocation; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $this->attributesToXml(['Binding', 'Location', 'ResponseLocation'], $parent); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->attributesFromXml($node, ['Binding', 'Location', 'ResponseLocation']); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EndpointReference.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EndpointReference.php new file mode 100644 index 0000000..cb473bd --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EndpointReference.php @@ -0,0 +1,46 @@ +entityDescriptor = $entityDescriptor; + $this->descriptor = $descriptor; + $this->endpoint = $endpoint; + } + + /** + * @return EntityDescriptor + */ + public function getEntityDescriptor() + { + return $this->entityDescriptor; + } + + /** + * @return RoleDescriptor + */ + public function getDescriptor() + { + return $this->descriptor; + } + + /** + * @return Endpoint + */ + public function getEndpoint() + { + return $this->endpoint; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EntitiesDescriptor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EntitiesDescriptor.php new file mode 100644 index 0000000..f4032f9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EntitiesDescriptor.php @@ -0,0 +1,321 @@ +getDocument()->loadXML($xml); + $ed = new self(); + $ed->deserialize($context->getDocument(), $context); + + return $ed; + } + + /** + * @param string $cacheDuration + * + * @return EntitiesDescriptor + * + * @throws \InvalidArgumentException + */ + public function setCacheDuration($cacheDuration) + { + Helper::validateDurationString($cacheDuration); + + $this->cacheDuration = $cacheDuration; + + return $this; + } + + /** + * @return string + */ + public function getCacheDuration() + { + return $this->cacheDuration; + } + + /** + * @param string $id + * + * @return EntitiesDescriptor + */ + public function setID($id) + { + $this->id = (string) $id; + + return $this; + } + + /** + * @return string + */ + public function getID() + { + return $this->id; + } + + /** + * @param string $name + * + * @return EntitiesDescriptor + */ + public function setName($name) + { + $this->name = (string) $name; + + return $this; + } + + /** + * @return string + */ + public function getName() + { + return $this->name; + } + + /** + * @return EntitiesDescriptor + */ + public function setSignature(Signature $signature) + { + $this->signature = $signature; + + return $this; + } + + /** + * @return \LightSaml\Model\XmlDSig\Signature + */ + public function getSignature() + { + return $this->signature; + } + + /** + * @param int|string $validUntil + * + * @return EntitiesDescriptor + * + * @throws \InvalidArgumentException + */ + public function setValidUntil($validUntil) + { + $value = Helper::getTimestampFromValue($validUntil); + if ($value < 0) { + throw new \InvalidArgumentException('Invalid validUntil'); + } + $this->validUntil = $value; + + return $this; + } + + /** + * @return string + */ + public function getValidUntilString() + { + if ($this->validUntil) { + return Helper::time2string($this->validUntil); + } + + return null; + } + + /** + * @return int + */ + public function getValidUntilTimestamp() + { + return $this->validUntil; + } + + /** + * @return \DateTime|null + */ + public function getValidUntilDateTime() + { + if ($this->validUntil) { + return new \DateTime('@' . $this->validUntil); + } + + return null; + } + + /** + * @param EntitiesDescriptor|EntityDescriptor $item + * + * @return EntitiesDescriptor + * + * @throws \InvalidArgumentException + */ + public function addItem($item) + { + if (false == $item instanceof self && false == $item instanceof EntityDescriptor) { + throw new \InvalidArgumentException('Expected EntitiesDescriptor or EntityDescriptor'); + } + if ($item === $this) { + throw new \InvalidArgumentException('Circular reference detected'); + } + if ($item instanceof self) { + if ($item->containsItem($this)) { + throw new \InvalidArgumentException('Circular reference detected'); + } + } + $this->items[] = $item; + + return $this; + } + + /** + * @param EntitiesDescriptor|EntityDescriptor $item + * + * @return bool + * + * @throws \InvalidArgumentException + */ + public function containsItem($item) + { + if (false == $item instanceof self && false == $item instanceof EntityDescriptor) { + throw new \InvalidArgumentException('Expected EntitiesDescriptor or EntityDescriptor'); + } + foreach ($this->items as $i) { + if ($i === $item) { + return true; + } + if ($i instanceof self) { + if ($i->containsItem($item)) { + return true; + } + } + } + + return false; + } + + /** + * @return EntitiesDescriptor[]|EntityDescriptor[] + */ + public function getAllItems() + { + return $this->items; + } + + /** + * @return EntityDescriptor[] + */ + public function getAllEntityDescriptors() + { + $result = []; + foreach ($this->items as $item) { + if ($item instanceof self) { + $result = array_merge($result, $item->getAllEntityDescriptors()); + } else { + $result[] = $item; + } + } + + return $result; + } + + /** + * @param string $entityId + * + * @return EntityDescriptor|null + */ + public function getByEntityId($entityId) + { + foreach ($this->getAllEntityDescriptors() as $entityDescriptor) { + if ($entityDescriptor->getEntityID() == $entityId) { + return $entityDescriptor; + } + } + + return null; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('EntitiesDescriptor', SamlConstants::NS_METADATA, $parent, $context); + + $this->attributesToXml(['validUntil', 'cacheDuration', 'ID', 'Name'], $result); + + $this->singleElementsToXml(['Signature'], $result, $context); + + $this->manyElementsToXml($this->getAllItems(), $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'EntitiesDescriptor', SamlConstants::NS_METADATA); + + $this->attributesFromXml($node, ['validUntil', 'cacheDuration', 'ID', 'Name']); + + $this->singleElementsFromXml($node, $context, [ + 'Signature' => ['ds', 'LightSaml\Model\XmlDSig\SignatureXmlReader'], + ]); + + $this->manyElementsFromXml( + $node, + $context, + 'EntityDescriptor', + 'md', + 'LightSaml\Model\Metadata\EntityDescriptor', + 'addItem' + ); + $this->manyElementsFromXml( + $node, + $context, + 'EntitiesDescriptor', + 'md', + 'LightSaml\Model\Metadata\EntitiesDescriptor', + 'addItem' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EntityDescriptor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EntityDescriptor.php new file mode 100644 index 0000000..e3fd877 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/EntityDescriptor.php @@ -0,0 +1,482 @@ +getDocument()->loadXML($xml); + $ed = new self(); + $ed->deserialize($context->getDocument(), $context); + + return $ed; + } + + /** + * @param string|null $entityId + */ + public function __construct($entityId = null, array $items = []) + { + $this->entityID = $entityId; + $this->items = $items; + } + + /** + * @return EntityDescriptor + */ + public function addContactPerson(ContactPerson $contactPerson) + { + if (false == is_array($this->contactPersons)) { + $this->contactPersons = []; + } + $this->contactPersons[] = $contactPerson; + + return $this; + } + + /** + * @return ContactPerson[]|null + */ + public function getAllContactPersons() + { + return $this->contactPersons; + } + + /** + * @return ContactPerson|null + */ + public function getFirstContactPerson() + { + if (is_array($this->contactPersons) && isset($this->contactPersons[0])) { + return $this->contactPersons[0]; + } + + return null; + } + + /** + * @param \LightSaml\Model\Metadata\Organization $organization + * + * @return EntityDescriptor + */ + public function addOrganization(Organization $organization) + { + if (false == is_array($this->organizations)) { + $this->organizations = []; + } + $this->organizations[] = $organization; + + return $this; + } + + /** + * @return Organization[]|null + */ + public function getAllOrganizations() + { + return $this->organizations; + } + + /** + * @return \LightSaml\Model\Metadata\Organization|null + */ + public function getFirstOrganization() + { + if (is_array($this->organizations) && isset($this->organizations[0])) { + return $this->organizations[0]; + } + + return null; + } + + /** + * @param string|null $cacheDuration + * + * @throws \InvalidArgumentException + * + * @return EntityDescriptor + */ + public function setCacheDuration($cacheDuration) + { + Helper::validateDurationString($cacheDuration); + + $this->cacheDuration = $cacheDuration; + + return $this; + } + + /** + * @return string|null + */ + public function getCacheDuration() + { + return $this->cacheDuration; + } + + /** + * @param string $entityID + * + * @return EntityDescriptor + */ + public function setEntityID($entityID) + { + $this->entityID = (string) $entityID; + + return $this; + } + + /** + * @return string + */ + public function getEntityID() + { + return $this->entityID; + } + + /** + * @param string|null $id + * + * @return EntityDescriptor + */ + public function setID($id) + { + $this->id = null !== $id ? (string) $id : null; + + return $this; + } + + /** + * @return string|null + */ + public function getID() + { + return $this->id; + } + + /** + * @param \LightSaml\Model\Metadata\IdpSsoDescriptor|\LightSaml\Model\Metadata\SpSsoDescriptor $item + * + * @throws \InvalidArgumentException + * + * @return EntityDescriptor + */ + public function addItem($item) + { + if ( + false == $item instanceof IdpSsoDescriptor && + false == $item instanceof SpSsoDescriptor + ) { + throw new \InvalidArgumentException('EntityDescriptor item must be IdpSsoDescriptor or SpSsoDescriptor'); + } + + if (false == is_array($this->items)) { + $this->items = []; + } + + $this->items[] = $item; + + return $this; + } + + /** + * @return IdpSsoDescriptor[]|SpSsoDescriptor[]|SSODescriptor[] + */ + public function getAllItems() + { + return $this->items; + } + + /** + * @return IdpSsoDescriptor[] + */ + public function getAllIdpSsoDescriptors() + { + $result = []; + foreach ($this->getAllItems() as $item) { + if ($item instanceof IdpSsoDescriptor) { + $result[] = $item; + } + } + + return $result; + } + + /** + * @return SpSsoDescriptor[] + */ + public function getAllSpSsoDescriptors() + { + $result = []; + foreach ($this->getAllItems() as $item) { + if ($item instanceof SpSsoDescriptor) { + $result[] = $item; + } + } + + return $result; + } + + /** + * @return IdpSsoDescriptor|null + */ + public function getFirstIdpSsoDescriptor() + { + foreach ($this->getAllItems() as $item) { + if ($item instanceof IdpSsoDescriptor) { + return $item; + } + } + + return null; + } + + /** + * @return SpSsoDescriptor|null + */ + public function getFirstSpSsoDescriptor() + { + foreach ($this->getAllItems() as $item) { + if ($item instanceof SpSsoDescriptor) { + return $item; + } + } + + return null; + } + + /** + * @param Signature|null $signature + * + * @return EntityDescriptor + */ + public function setSignature(Signature $signature) + { + $this->signature = $signature; + + return $this; + } + + /** + * @return Signature|null + */ + public function getSignature() + { + return $this->signature; + } + + /** + * @param int $validUntil + * + * @return EntityDescriptor + */ + public function setValidUntil($validUntil) + { + $this->validUntil = Helper::getTimestampFromValue($validUntil); + + return $this; + } + + /** + * @return int|null + */ + public function getValidUntilTimestamp() + { + return $this->validUntil; + } + + /** + * @return string|null + */ + public function getValidUntilString() + { + if ($this->validUntil) { + return Helper::time2string($this->validUntil); + } + + return null; + } + + /** + * @return \DateTime|null + */ + public function getValidUntilDateTime() + { + if ($this->validUntil) { + return new \DateTime('@' . $this->validUntil); + } + + return null; + } + + /** + * @return array|KeyDescriptor[] + */ + public function getAllIdpKeyDescriptors() + { + $result = []; + foreach ($this->getAllIdpSsoDescriptors() as $idp) { + foreach ($idp->getAllKeyDescriptors() as $key) { + $result[] = $key; + } + } + + return $result; + } + + /** + * @return array|KeyDescriptor[] + */ + public function getAllSpKeyDescriptors() + { + $result = []; + foreach ($this->getAllSpSsoDescriptors() as $sp) { + foreach ($sp->getAllKeyDescriptors() as $key) { + $result[] = $key; + } + } + + return $result; + } + + /** + * @return EndpointReference[] + */ + public function getAllEndpoints() + { + $result = []; + foreach ($this->getAllIdpSsoDescriptors() as $idpSsoDescriptor) { + foreach ($idpSsoDescriptor->getAllSingleSignOnServices() as $sso) { + $result[] = new EndpointReference($this, $idpSsoDescriptor, $sso); + } + foreach ($idpSsoDescriptor->getAllSingleLogoutServices() as $slo) { + $result[] = new EndpointReference($this, $idpSsoDescriptor, $slo); + } + } + foreach ($this->getAllSpSsoDescriptors() as $spSsoDescriptor) { + foreach ($spSsoDescriptor->getAllAssertionConsumerServices() as $acs) { + $result[] = new EndpointReference($this, $spSsoDescriptor, $acs); + } + foreach ($spSsoDescriptor->getAllSingleLogoutServices() as $slo) { + $result[] = new EndpointReference($this, $spSsoDescriptor, $slo); + } + } + + return $result; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('EntityDescriptor', SamlConstants::NS_METADATA, $parent, $context); + + $this->attributesToXml(['entityID', 'validUntil', 'cacheDuration', 'ID'], $result); + + $this->manyElementsToXml($this->getAllItems(), $result, $context, null); + if ($this->organizations) { + $this->manyElementsToXml($this->organizations, $result, $context, null); + } + if ($this->contactPersons) { + $this->manyElementsToXml($this->contactPersons, $result, $context, null); + } + + $this->singleElementsToXml(['Signature'], $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'EntityDescriptor', SamlConstants::NS_METADATA); + + $this->attributesFromXml($node, ['entityID', 'validUntil', 'cacheDuration', 'ID']); + + $this->items = []; + + $this->manyElementsFromXml( + $node, + $context, + 'IDPSSODescriptor', + 'md', + 'LightSaml\Model\Metadata\IdpSsoDescriptor', + 'addItem' + ); + + $this->manyElementsFromXml( + $node, + $context, + 'SPSSODescriptor', + 'md', + 'LightSaml\Model\Metadata\SpSsoDescriptor', + 'addItem' + ); + + $this->manyElementsFromXml( + $node, + $context, + 'Organization', + 'md', + 'LightSaml\Model\Metadata\Organization', + 'addOrganization' + ); + + $this->manyElementsFromXml( + $node, + $context, + 'ContactPerson', + 'md', + 'LightSaml\Model\Metadata\ContactPerson', + 'addContactPerson' + ); + + $this->singleElementsFromXml($node, $context, [ + 'Signature' => ['ds', 'LightSaml\Model\XmlDSig\SignatureXmlReader'], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/IdpSsoDescriptor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/IdpSsoDescriptor.php new file mode 100644 index 0000000..3f06085 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/IdpSsoDescriptor.php @@ -0,0 +1,181 @@ +wantAuthnRequestsSigned = filter_var($wantAuthnRequestsSigned, FILTER_VALIDATE_BOOLEAN, ['flags' => FILTER_NULL_ON_FAILURE]); + + return $this; + } + + /** + * @return bool|null + */ + public function getWantAuthnRequestsSigned() + { + return $this->wantAuthnRequestsSigned; + } + + /** + * @return IdpSsoDescriptor + */ + public function addSingleSignOnService(SingleSignOnService $singleSignOnService) + { + if (false == is_array($this->singleSignOnServices)) { + $this->singleSignOnServices = []; + } + $this->singleSignOnServices[] = $singleSignOnService; + + return $this; + } + + /** + * @return SingleSignOnService[]|null + */ + public function getAllSingleSignOnServices() + { + return $this->singleSignOnServices; + } + + /** + * @param string $url + * + * @return SingleSignOnService[] + */ + public function getAllSingleSignOnServicesByUrl($url) + { + $result = []; + foreach ($this->getAllSingleSignOnServices() as $svc) { + if ($svc->getLocation() == $url) { + $result[] = $svc; + } + } + + return $result; + } + + /** + * @param string $binding + * + * @return SingleSignOnService[] + */ + public function getAllSingleSignOnServicesByBinding($binding) + { + $result = []; + foreach ($this->getAllSingleSignOnServices() as $svc) { + if ($svc->getBinding() == $binding) { + $result[] = $svc; + } + } + + return $result; + } + + /** + * @param string|null $binding + * + * @return SingleSignOnService|null + */ + public function getFirstSingleSignOnService($binding = null) + { + foreach ($this->getAllSingleSignOnServices() as $svc) { + if (null == $binding || $svc->getBinding() == $binding) { + return $svc; + } + } + + return null; + } + + /** + * @return IdpSsoDescriptor + */ + public function addAttribute(Attribute $attribute) + { + if (false == is_array($this->attributes)) { + $this->attributes = []; + } + $this->attributes[] = $attribute; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\Attribute[]|null + */ + public function getAllAttributes() + { + return $this->attributes; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('IDPSSODescriptor', SamlConstants::NS_METADATA, $parent, $context); + + parent::serialize($result, $context); + + $this->attributesToXml(['WantAuthnRequestsSigned'], $result); + + if ($this->getAllSingleSignOnServices()) { + foreach ($this->getAllSingleSignOnServices() as $object) { + $object->serialize($result, $context); + } + } + if ($this->getAllAttributes()) { + foreach ($this->getAllAttributes() as $object) { + $object->serialize($result, $context); + } + } + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'IDPSSODescriptor', SamlConstants::NS_METADATA); + + parent::deserialize($node, $context); + + $this->attributesFromXml($node, ['WantAuthnRequestsSigned']); + + $this->singleSignOnServices = []; + $this->manyElementsFromXml( + $node, + $context, + 'SingleSignOnService', + 'md', + 'LightSaml\Model\Metadata\SingleSignOnService', + 'addSingleSignOnService' + ); + + $this->attributes = []; + $this->manyElementsFromXml( + $node, + $context, + 'Attribute', + 'saml', + 'LightSaml\Model\Assertion\Attribute', + 'addAttribute' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/IndexedEndpoint.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/IndexedEndpoint.php new file mode 100644 index 0000000..2fa7687 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/IndexedEndpoint.php @@ -0,0 +1,76 @@ +isDefault = filter_var($isDefault, FILTER_VALIDATE_BOOLEAN, ['flags' => FILTER_NULL_ON_FAILURE]); + + return $this; + } + + /** + * @return string|null + */ + public function getIsDefaultString() + { + return $this->isDefault ? 'true' : 'false'; + } + + /** + * @return bool|null + */ + public function getIsDefaultBool() + { + return $this->isDefault; + } + + /** + * @param int $index + * + * @return IndexedEndpoint + */ + public function setIndex($index) + { + $this->index = (int) $index; + + return $this; + } + + /** + * @return int + */ + public function getIndex() + { + return $this->index; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $this->attributesToXml(['index', 'isDefault'], $parent); + parent::serialize($parent, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->attributesFromXml($node, ['index', 'isDefault']); + + parent::deserialize($node, $context); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/KeyDescriptor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/KeyDescriptor.php new file mode 100644 index 0000000..b88ff6e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/KeyDescriptor.php @@ -0,0 +1,113 @@ +use = $use; + $this->certificate = $certificate; + } + + /** + * @param string $use + * + * @return KeyDescriptor + * + * @throws \InvalidArgumentException + */ + public function setUse($use) + { + $use = trim($use); + if (false != $use && self::USE_ENCRYPTION != $use && self::USE_SIGNING != $use) { + throw new \InvalidArgumentException(sprintf("Invalid use value '%s'", $use)); + } + $this->use = $use; + + return $this; + } + + /** + * @return string + */ + public function getUse() + { + return $this->use; + } + + /** + * @return KeyDescriptor + */ + public function setCertificate(X509Certificate $certificate) + { + $this->certificate = $certificate; + + return $this; + } + + /** + * @return X509Certificate + */ + public function getCertificate() + { + return $this->certificate; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('KeyDescriptor', SamlConstants::NS_METADATA, $parent, $context); + + $this->attributesToXml(['use'], $result); + + $keyInfo = $this->createElement('ds:KeyInfo', SamlConstants::NS_XMLDSIG, $result, $context); + $xData = $this->createElement('ds:X509Data', SamlConstants::NS_XMLDSIG, $keyInfo, $context); + $xCert = $this->createElement('ds:X509Certificate', SamlConstants::NS_XMLDSIG, $xData, $context); + + $xCert->nodeValue = $this->getCertificate()->getData(); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'KeyDescriptor', SamlConstants::NS_METADATA); + + $this->attributesFromXml($node, ['use']); + + $list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node); + if (1 != $list->length) { + throw new LightSamlXmlException('Missing X509Certificate node'); + } + + /** @var $x509CertificateNode \DOMElement */ + $x509CertificateNode = $list->item(0); + $certificateData = trim($x509CertificateNode->textContent); + if (false == $certificateData) { + throw new LightSamlXmlException('Missing certificate data'); + } + + $this->certificate = new X509Certificate(); + $this->certificate->setData($certificateData); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Metadata.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Metadata.php new file mode 100644 index 0000000..9638eab --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Metadata.php @@ -0,0 +1,75 @@ +getDocument()->loadXML($xml); + + $node = $context->getDocument()->firstChild; + while ($node && $node instanceof \DOMComment) { + $node = $node->nextSibling; + } + if (null === $node) { + throw new LightSamlXmlException('Empty XML'); + } + + if (SamlConstants::NS_METADATA !== $node->namespaceURI) { + throw new LightSamlXmlException(sprintf("Invalid namespace '%s' of the root XML element, expected '%s'", $node->namespaceURI, SamlConstants::NS_METADATA)); + } + + $map = [ + 'EntityDescriptor' => '\LightSaml\Model\Metadata\EntityDescriptor', + 'EntitiesDescriptor' => '\LightSaml\Model\Metadata\EntitiesDescriptor', + ]; + + $rootElementName = $node->localName; + + if (array_key_exists($rootElementName, $map)) { + if ($class = $map[$rootElementName]) { + /** @var SamlElementInterface $result */ + $result = new $class(); + } else { + throw new \LogicException('Deserialization of %s root element is not implemented'); + } + } else { + throw new LightSamlXmlException(sprintf("Unknown SAML metadata '%s'", $rootElementName)); + } + + $result->deserialize($node, $context); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Organization.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Organization.php new file mode 100644 index 0000000..e26a1fd --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/Organization.php @@ -0,0 +1,143 @@ +lang; + } + + /** + * @param string $lang + * + * @return Organization + */ + public function setLang($lang) + { + $this->lang = $lang; + + return $this; + } + + /** + * @param string $organizationDisplayName + * + * @return Organization + */ + public function setOrganizationDisplayName($organizationDisplayName) + { + $this->organizationDisplayName = (string) $organizationDisplayName; + + return $this; + } + + /** + * @return string + */ + public function getOrganizationDisplayName() + { + return $this->organizationDisplayName; + } + + /** + * @param string $organizationName + * + * @return Organization + */ + public function setOrganizationName($organizationName) + { + $this->organizationName = (string) $organizationName; + + return $this; + } + + /** + * @return string + */ + public function getOrganizationName() + { + return $this->organizationName; + } + + /** + * @param string $organizationURL + * + * @return Organization + */ + public function setOrganizationURL($organizationURL) + { + $this->organizationURL = (string) $organizationURL; + + return $this; + } + + /** + * @return string + */ + public function getOrganizationURL() + { + return $this->organizationURL; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + if (!$this->lang) { + throw new LightSamlXmlException('Lang is required'); + } + + $result = $this->createElement('Organization', SamlConstants::NS_METADATA, $parent, $context); + + $elements = ['OrganizationName', 'OrganizationDisplayName', 'OrganizationURL']; + $this->singleElementsToXml( + $elements, + $result, + $context, + SamlConstants::NS_METADATA + ); + + /** @var \DOMNode $node */ + foreach ($result->childNodes as $node) { + if ($node instanceof \DOMElement) { + if (in_array($node->tagName, $elements)) { + $node->setAttribute('xml:lang', $this->lang); + } + } + } + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Organization', SamlConstants::NS_METADATA); + + $this->singleElementsFromXml($node, $context, [ + 'OrganizationName' => ['md', null], + 'OrganizationDisplayName' => ['md', null], + 'OrganizationURL' => ['md', null], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/RoleDescriptor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/RoleDescriptor.php new file mode 100644 index 0000000..5a838c6 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/RoleDescriptor.php @@ -0,0 +1,344 @@ +cacheDuration = $cacheDuration; + + return $this; + } + + /** + * @return string|null + */ + public function getCacheDuration() + { + return $this->cacheDuration; + } + + /** + * @return RoleDescriptor + */ + public function addContactPerson(ContactPerson $contactPerson) + { + if (false == is_array($this->contactPersons)) { + $this->contactPersons = []; + } + $this->contactPersons[] = $contactPerson; + + return $this; + } + + /** + * @return \LightSaml\Model\Metadata\ContactPerson[]|null + */ + public function getAllContactPersons() + { + return $this->contactPersons; + } + + /** + * @param string|null $errorURL + * + * @return RoleDescriptor + */ + public function setErrorURL($errorURL) + { + $this->errorURL = (string) $errorURL; + + return $this; + } + + /** + * @return string|null + */ + public function getErrorURL() + { + return $this->errorURL; + } + + /** + * @param string|null $id + * + * @return RoleDescriptor + */ + public function setID($id) + { + $this->id = (string) $id; + + return $this; + } + + /** + * @return string|null + */ + public function getID() + { + return $this->id; + } + + /** + * @return RoleDescriptor + */ + public function addKeyDescriptor(KeyDescriptor $keyDescriptor) + { + if (false == is_array($this->keyDescriptors)) { + $this->keyDescriptors = []; + } + $this->keyDescriptors[] = $keyDescriptor; + + return $this; + } + + /** + * @return \LightSaml\Model\Metadata\KeyDescriptor[]|null + */ + public function getAllKeyDescriptors() + { + return $this->keyDescriptors; + } + + /** + * @param string $use + * + * @return KeyDescriptor[] + */ + public function getAllKeyDescriptorsByUse($use) + { + $result = []; + foreach ($this->getAllKeyDescriptors() as $kd) { + if ($kd->getUse() == $use) { + $result[] = $kd; + } + } + + return $result; + } + + /** + * @param string|null $use + * + * @return KeyDescriptor|null + */ + public function getFirstKeyDescriptor($use = null) + { + if ($this->getAllKeyDescriptors()) { + foreach ($this->getAllKeyDescriptors() as $kd) { + if (null == $use || $kd->getUse() == $use) { + return $kd; + } + } + } + + return; + } + + /** + * @return RoleDescriptor + */ + public function addOrganization(Organization $organization) + { + if (false == is_array($this->organizations)) { + $this->organizations = []; + } + $this->organizations[] = $organization; + + return $this; + } + + /** + * @return Organization[]|null + */ + public function getAllOrganizations() + { + return $this->organizations; + } + + /** + * @param string $protocolSupportEnumeration + * + * @return RoleDescriptor + */ + public function setProtocolSupportEnumeration($protocolSupportEnumeration) + { + $this->protocolSupportEnumeration = (string) $protocolSupportEnumeration; + + return $this; + } + + /** + * @return string + */ + public function getProtocolSupportEnumeration() + { + return $this->protocolSupportEnumeration; + } + + /** + * @return RoleDescriptor + */ + public function addSignature(Signature $signature) + { + if (false == is_array($this->signatures)) { + $this->signatures = []; + } + $this->signatures[] = $signature; + + return $this; + } + + /** + * @return \LightSaml\Model\XmlDSig\Signature[]|null + */ + public function getAllSignatures() + { + return $this->signatures; + } + + /** + * @param int|null $validUntil + * + * @return RoleDescriptor + */ + public function setValidUntil($validUntil) + { + $this->validUntil = Helper::getTimestampFromValue($validUntil); + + return $this; + } + + /** + * @return string + */ + public function getValidUntilString() + { + if ($this->validUntil) { + return Helper::time2string($this->validUntil); + } + + return; + } + + /** + * @return int + */ + public function getValidUntilTimestamp() + { + return $this->validUntil; + } + + /** + * @return \DateTime|null + */ + public function getValidUntilDateTime() + { + if ($this->validUntil) { + return new \DateTime('@' . $this->validUntil); + } + + return null; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $this->attributesToXml( + ['protocolSupportEnumeration', 'ID', 'validUntil', 'cacheDuration', 'errorURL'], + $parent + ); + + $this->manyElementsToXml($this->getAllSignatures(), $parent, $context, null); + $this->manyElementsToXml($this->getAllKeyDescriptors(), $parent, $context, null); + $this->manyElementsToXml($this->getAllOrganizations(), $parent, $context, null); + $this->manyElementsToXml($this->getAllContactPersons(), $parent, $context, null); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->attributesFromXml( + $node, + ['protocolSupportEnumeration', 'ID', 'validUntil', 'cacheDuration', 'errorURL'] + ); + + $this->manyElementsFromXml( + $node, + $context, + 'Signature', + 'ds', + 'LightSaml\Model\XmlDSig\Signature', + 'addSignature' + ); + $this->manyElementsFromXml( + $node, + $context, + 'KeyDescriptor', + 'md', + 'LightSaml\Model\Metadata\KeyDescriptor', + 'addKeyDescriptor' + ); + $this->manyElementsFromXml( + $node, + $context, + 'Organization', + 'md', + 'LightSaml\Model\Metadata\Organization', + 'addOrganization' + ); + $this->manyElementsFromXml( + $node, + $context, + 'ContactPerson', + 'md', + 'LightSaml\Model\Metadata\ContactPerson', + 'addContactPerson' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SSODescriptor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SSODescriptor.php new file mode 100644 index 0000000..e746c64 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SSODescriptor.php @@ -0,0 +1,129 @@ +singleLogoutServices[] = $singleLogoutService; + + return $this; + } + + /** + * @return SingleLogoutService[] + */ + public function getAllSingleLogoutServices() + { + return $this->singleLogoutServices; + } + + /** + * @param string $binding + * + * @return SingleLogoutService[] + */ + public function getAllSingleLogoutServicesByBinding($binding) + { + $result = []; + foreach ($this->getAllSingleLogoutServices() as $svc) { + if ($binding == $svc->getBinding()) { + $result[] = $svc; + } + } + + return $result; + } + + /** + * @param string|null $binding + * + * @return SingleLogoutService|null + */ + public function getFirstSingleLogoutService($binding = null) + { + foreach ($this->getAllSingleLogoutServices() as $svc) { + if (null == $binding || $binding == $svc->getBinding()) { + return $svc; + } + } + + return null; + } + + /** + * @param string $nameIDFormat + * + * @return SSODescriptor + */ + public function addNameIDFormat($nameIDFormat) + { + $this->nameIDFormats[] = $nameIDFormat; + + return $this; + } + + /** + * @return string[]|null + */ + public function getAllNameIDFormats() + { + return $this->nameIDFormats; + } + + /** + * @param string $nameIdFormat + * + * @return bool + */ + public function hasNameIDFormat($nameIdFormat) + { + if ($this->nameIDFormats) { + foreach ($this->nameIDFormats as $format) { + if ($format == $nameIdFormat) { + return true; + } + } + } + + return false; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + parent::serialize($parent, $context); + + $this->manyElementsToXml($this->getAllSingleLogoutServices(), $parent, $context, null); + $this->manyElementsToXml($this->getAllNameIDFormats(), $parent, $context, 'NameIDFormat', SamlConstants::NS_METADATA); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + parent::deserialize($node, $context); + + $this->manyElementsFromXml($node, $context, 'NameIDFormat', 'md', null, 'addNameIDFormat'); + + $this->manyElementsFromXml( + $node, + $context, + 'SingleLogoutService', + 'md', + 'LightSaml\Model\Metadata\SingleLogoutService', + 'addSingleLogoutService' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SingleLogoutService.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SingleLogoutService.php new file mode 100644 index 0000000..4e96d4b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SingleLogoutService.php @@ -0,0 +1,23 @@ +createElement('SingleLogoutService', SamlConstants::NS_METADATA, $parent, $context); + parent::serialize($result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'SingleLogoutService', SamlConstants::NS_METADATA); + + parent::deserialize($node, $context); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SingleSignOnService.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SingleSignOnService.php new file mode 100644 index 0000000..2c685dc --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SingleSignOnService.php @@ -0,0 +1,24 @@ +createElement('SingleSignOnService', SamlConstants::NS_METADATA, $parent, $context); + + parent::serialize($result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'SingleSignOnService', SamlConstants::NS_METADATA); + + parent::deserialize($node, $context); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SpSsoDescriptor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SpSsoDescriptor.php new file mode 100644 index 0000000..c439a48 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Metadata/SpSsoDescriptor.php @@ -0,0 +1,178 @@ +assertionConsumerServices)) { + $this->assertionConsumerServices = []; + } + if (null === $assertionConsumerService->getIndex()) { + $assertionConsumerService->setIndex(count($this->assertionConsumerServices)); + } + $this->assertionConsumerServices[] = $assertionConsumerService; + + return $this; + } + + /** + * @return AssertionConsumerService[]|null + */ + public function getAllAssertionConsumerServices() + { + return $this->assertionConsumerServices; + } + + /** + * @param string $binding + * + * @return AssertionConsumerService[] + */ + public function getAllAssertionConsumerServicesByBinding($binding) + { + $result = []; + foreach ($this->getAllAssertionConsumerServices() as $svc) { + if ($svc->getBinding() == $binding) { + $result[] = $svc; + } + } + + return $result; + } + + /** + * @param string $url + * + * @return AssertionConsumerService[] + */ + public function getAllAssertionConsumerServicesByUrl($url) + { + $result = []; + foreach ($this->getAllAssertionConsumerServices() as $svc) { + if ($svc->getLocation() == $url) { + $result[] = $svc; + } + } + + return $result; + } + + /** + * @param int $index + * + * @return AssertionConsumerService|null + */ + public function getAssertionConsumerServicesByIndex($index) + { + foreach ($this->getAllAssertionConsumerServices() as $svc) { + if ($svc->getIndex() == $index) { + return $svc; + } + } + + return null; + } + + /** + * @param string|null $binding + * + * @return AssertionConsumerService|null + */ + public function getFirstAssertionConsumerService($binding = null) + { + foreach ($this->getAllAssertionConsumerServices() as $svc) { + if (null == $binding || $svc->getBinding() == $binding) { + return $svc; + } + } + + return null; + } + + /** + * @param bool|null $authnRequestsSigned + * + * @return SpSsoDescriptor + */ + public function setAuthnRequestsSigned($authnRequestsSigned) + { + $this->authnRequestsSigned = filter_var($authnRequestsSigned, FILTER_VALIDATE_BOOLEAN, ['flags' => FILTER_NULL_ON_FAILURE]); + + return $this; + } + + /** + * @return bool|null + */ + public function getAuthnRequestsSigned() + { + return $this->authnRequestsSigned; + } + + /** + * @param bool|null $wantAssertionsSigned + * + * @return SpSsoDescriptor + */ + public function setWantAssertionsSigned($wantAssertionsSigned) + { + $this->wantAssertionsSigned = filter_var($wantAssertionsSigned, FILTER_VALIDATE_BOOLEAN, ['flags' => FILTER_NULL_ON_FAILURE]); + + return $this; + } + + /** + * @return bool|null + */ + public function getWantAssertionsSigned() + { + return $this->wantAssertionsSigned; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('SPSSODescriptor', SamlConstants::NS_METADATA, $parent, $context); + + parent::serialize($result, $context); + + $this->attributesToXml(['AuthnRequestsSigned', 'WantAssertionsSigned'], $result); + + $this->manyElementsToXml($this->getAllAssertionConsumerServices(), $result, $context, null); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'SPSSODescriptor', SamlConstants::NS_METADATA); + + parent::deserialize($node, $context); + + $this->attributesFromXml($node, ['AuthnRequestsSigned', 'WantAssertionsSigned']); + + $this->manyElementsFromXml( + $node, + $context, + 'AssertionConsumerService', + 'md', + 'LightSaml\Model\Metadata\AssertionConsumerService', + 'addAssertionConsumerService' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/AbstractRequest.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/AbstractRequest.php new file mode 100644 index 0000000..51822ef --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/AbstractRequest.php @@ -0,0 +1,7 @@ +subject = $subject; + + return $this; + } + + /** + * @return Subject|null + */ + public function getSubject() + { + return $this->subject; + } + + /** + * @param string|null $providerName + * + * @return AuthnRequest + */ + public function setProviderName($providerName) + { + $this->providerName = (string) $providerName; + + return $this; + } + + /** + * @return string|null + */ + public function getProviderName() + { + return $this->providerName; + } + + /** + * @param string|null $protocolBinding + * + * @return AuthnRequest + */ + public function setProtocolBinding($protocolBinding) + { + $this->protocolBinding = (string) $protocolBinding; + + return $this; + } + + /** + * @return string|null + */ + public function getProtocolBinding() + { + return $this->protocolBinding; + } + + /** + * @param NameIDPolicy|null $nameIDPolicy + * + * @return AuthnRequest + */ + public function setNameIDPolicy(NameIDPolicy $nameIDPolicy) + { + $this->nameIDPolicy = $nameIDPolicy; + + return $this; + } + + /** + * @return NameIDPolicy|null + */ + public function getNameIDPolicy() + { + return $this->nameIDPolicy; + } + + /** + * @param bool|null $isPassive + * + * @return AuthnRequest + */ + public function setIsPassive($isPassive) + { + $this->isPassive = 0 == strcasecmp($isPassive, 'true') || true === $isPassive || 1 == $isPassive; + + return $this; + } + + /** + * @return bool|null + */ + public function getIsPassive() + { + return $this->isPassive; + } + + /** + * @return string|null + */ + public function getIsPassiveString() + { + if (null === $this->isPassive) { + return null; + } + + return $this->isPassive ? 'true' : 'false'; + } + + /** + * @param bool|null $forceAuthn + * + * @return AuthnRequest + */ + public function setForceAuthn($forceAuthn) + { + $this->forceAuthn = 0 == strcasecmp($forceAuthn, 'true') || true === $forceAuthn || 1 == $forceAuthn; + + return $this; + } + + /** + * @return bool|null + */ + public function getForceAuthn() + { + return $this->forceAuthn; + } + + /** + * @return string|null + */ + public function getForceAuthnString() + { + if (null === $this->forceAuthn) { + return null; + } + + return $this->forceAuthn ? 'true' : 'false'; + } + + /** + * @param Conditions|null $conditions + * + * @return AuthnRequest + */ + public function setConditions($conditions) + { + $this->conditions = $conditions; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\Conditions|null + */ + public function getConditions() + { + return $this->conditions; + } + + /** + * @param int|null $attributeConsumingServiceIndex + * + * @return AuthnRequest + */ + public function setAttributeConsumingServiceIndex($attributeConsumingServiceIndex) + { + $this->attributeConsumingServiceIndex = null !== $attributeConsumingServiceIndex + ? intval(((string) $attributeConsumingServiceIndex)) + : null; + + return $this; + } + + /** + * @return int|null + */ + public function getAttributeConsumingServiceIndex() + { + return $this->attributeConsumingServiceIndex; + } + + /** + * @param string|null $assertionConsumerServiceURL + * + * @return AuthnRequest + */ + public function setAssertionConsumerServiceURL($assertionConsumerServiceURL) + { + $this->assertionConsumerServiceURL = (string) $assertionConsumerServiceURL; + + return $this; + } + + /** + * @return string|null + */ + public function getAssertionConsumerServiceURL() + { + return $this->assertionConsumerServiceURL; + } + + /** + * @param int|null $assertionConsumerServiceIndex + * + * @return AuthnRequest + */ + public function setAssertionConsumerServiceIndex($assertionConsumerServiceIndex) + { + $this->assertionConsumerServiceIndex = null !== $assertionConsumerServiceIndex + ? intval((string) $assertionConsumerServiceIndex) + : null; + + return $this; + } + + /** + * @return int|null + */ + public function getAssertionConsumerServiceIndex() + { + return $this->assertionConsumerServiceIndex; + } + + //endregion + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('AuthnRequest', SamlConstants::NS_PROTOCOL, $parent, $context); + + parent::serialize($result, $context); + + $this->attributesToXml([ + 'ForceAuthn', 'IsPassive', 'ProtocolBinding', 'AssertionConsumerServiceIndex', + 'AssertionConsumerServiceURL', 'AttributeConsumingServiceIndex', 'ProviderName', + ], $result); + + $this->singleElementsToXml(['Subject', 'NameIDPolicy', 'Conditions'], $result, $context); + + // must be last in order signature to include them all + $this->singleElementsToXml(['Signature'], $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'AuthnRequest', SamlConstants::NS_PROTOCOL); + + parent::deserialize($node, $context); + + $this->attributesFromXml($node, [ + 'ForceAuthn', 'IsPassive', 'ProtocolBinding', 'AssertionConsumerServiceIndex', + 'AssertionConsumerServiceURL', 'AttributeConsumingServiceIndex', 'ProviderName', + ]); + + $this->singleElementsFromXml($node, $context, [ + 'Subject' => ['saml', 'LightSaml\Model\Assertion\Subject'], + 'NameIDPolicy' => ['samlp', 'LightSaml\Model\Protocol\NameIDPolicy'], + 'Conditions' => ['saml', 'LightSaml\Model\Assertion\Conditions'], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/LogoutRequest.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/LogoutRequest.php new file mode 100644 index 0000000..6381c6e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/LogoutRequest.php @@ -0,0 +1,154 @@ +nameID = $nameID; + + return $this; + } + + /** + * @return NameID + */ + public function getNameID() + { + return $this->nameID; + } + + /** + * @param int|\DateTime|string $notOnOrAfter + * + * @return LogoutRequest + */ + public function setNotOnOrAfter($notOnOrAfter) + { + $this->notOnOrAfter = Helper::getTimestampFromValue($notOnOrAfter); + + return $this; + } + + /** + * @return int|null + */ + public function getNotOnOrAfterTimestamp() + { + return $this->notOnOrAfter; + } + + /** + * @return string|null + */ + public function getNotOnOrAfterString() + { + if ($this->notOnOrAfter) { + return Helper::time2string($this->notOnOrAfter); + } + + return null; + } + + /** + * @return \DateTime|null + */ + public function getNotOnOrAfterDateTime() + { + if ($this->notOnOrAfter) { + return new \DateTime('@' . $this->notOnOrAfter); + } + + return null; + } + + /** + * @param string|null $reason + * + * @return LogoutRequest + */ + public function setReason($reason) + { + $this->reason = (string) $reason; + + return $this; + } + + /** + * @return string|null + */ + public function getReason() + { + return $this->reason; + } + + /** + * @param string|null $sessionIndex + * + * @return LogoutRequest + */ + public function setSessionIndex($sessionIndex) + { + $this->sessionIndex = (string) $sessionIndex; + + return $this; + } + + /** + * @return string|null + */ + public function getSessionIndex() + { + return $this->sessionIndex; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('LogoutRequest', SamlConstants::NS_PROTOCOL, $parent, $context); + + parent::serialize($result, $context); + + $this->attributesToXml(['Reason', 'NotOnOrAfter'], $result); + + $this->singleElementsToXml(['NameID', 'SessionIndex'], $result, $context, SamlConstants::NS_PROTOCOL); + + // must be last in order signature to include them all + $this->singleElementsToXml(['Signature'], $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'LogoutRequest', SamlConstants::NS_PROTOCOL); + + parent::deserialize($node, $context); + + $this->attributesFromXml($node, ['Reason', 'NotOnOrAfter']); + + $this->singleElementsFromXml($node, $context, [ + 'NameID' => ['saml', 'LightSaml\Model\Assertion\NameID'], + 'SessionIndex' => ['samlp', null], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/LogoutResponse.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/LogoutResponse.php new file mode 100644 index 0000000..79706eb --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/LogoutResponse.php @@ -0,0 +1,27 @@ +createElement('samlp:LogoutResponse', SamlConstants::NS_PROTOCOL, $parent, $context); + + parent::serialize($result, $context); + + // must be done here at the end and not in a base class where declared in order to include signing of the elements added here + $this->singleElementsToXml(['Signature'], $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'LogoutResponse', SamlConstants::NS_PROTOCOL); + + parent::deserialize($node, $context); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/NameIDPolicy.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/NameIDPolicy.php new file mode 100644 index 0000000..93c3d90 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/NameIDPolicy.php @@ -0,0 +1,131 @@ +allowCreate = $allowCreate; + $this->format = $format; + } + + /** + * @param string|bool|null $allowCreate + * + * @return NameIDPolicy + */ + public function setAllowCreate($allowCreate) + { + if (null === $allowCreate) { + $this->allowCreate = null; + } elseif (is_string($allowCreate) || is_int($allowCreate)) { + $this->allowCreate = 0 == strcasecmp($allowCreate, 'true') || true === $allowCreate || 1 == $allowCreate; + } else { + $this->allowCreate = (bool) $allowCreate; + } + + return $this; + } + + /** + * @return bool|null + */ + public function getAllowCreate() + { + return $this->allowCreate; + } + + /** + * @return string|null + */ + public function getAllowCreateString() + { + if (null === $this->allowCreate) { + return null; + } + + return $this->allowCreate ? 'true' : 'false'; + } + + /** + * @param string|null $format + * + * @return NameIDPolicy + */ + public function setFormat($format) + { + $this->format = (string) $format; + + return $this; + } + + /** + * @return string|null + */ + public function getFormat() + { + return $this->format; + } + + /** + * @param string|null $spNameQualifier + * + * @return NameIDPolicy + */ + public function setSPNameQualifier($spNameQualifier) + { + $this->spNameQualifier = $spNameQualifier; + + return $this; + } + + /** + * @return string|null + */ + public function getSPNameQualifier() + { + return $this->spNameQualifier; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('NameIDPolicy', SamlConstants::NS_PROTOCOL, $parent, $context); + + $this->attributesToXml(['Format', 'SPNameQualifier', 'AllowCreate'], $result); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'NameIDPolicy', SamlConstants::NS_PROTOCOL); + + $this->attributesFromXml($node, ['Format', 'SPNameQualifier', 'AllowCreate']); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/Response.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/Response.php new file mode 100644 index 0000000..7401b17 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/Response.php @@ -0,0 +1,160 @@ +assertions; + } + + /** + * @return Assertion|null + */ + public function getFirstAssertion() + { + if (is_array($this->assertions) && isset($this->assertions[0])) { + return $this->assertions[0]; + } + + return null; + } + + /** + * @return EncryptedElement[] + */ + public function getAllEncryptedAssertions() + { + return $this->encryptedAssertions; + } + + /** + * @return EncryptedElement|null + */ + public function getFirstEncryptedAssertion() + { + if (is_array($this->encryptedAssertions) && isset($this->encryptedAssertions[0])) { + return $this->encryptedAssertions[0]; + } + + return null; + } + + /** + * Returns assertions with and with at least one + * element containing a Method of urn:oasis:names:tc:SAML:2.0:cm:bearer. + * + * @return \LightSaml\Model\Assertion\Assertion[] + */ + public function getBearerAssertions() + { + $result = []; + if ($this->getAllAssertions()) { + foreach ($this->getAllAssertions() as $assertion) { + if ($assertion->hasBearerSubject()) { + $result[] = $assertion; + } + } // foreach assertions + } + + return $result; + } + + /** + * @return Response + */ + public function addAssertion(Assertion $assertion) + { + $this->assertions[] = $assertion; + + return $this; + } + + /** + * @return Response + */ + public function removeAssertion(Assertion $removedAssertion) + { + $arr = []; + $hasThatAssertion = false; + foreach ($this->getAllAssertions() as $assertion) { + if ($assertion !== $removedAssertion) { + $arr[] = $assertion; + } else { + $hasThatAssertion = true; + } + } + + if (false === $hasThatAssertion) { + throw new \InvalidArgumentException('Response does not have assertion specified to be removed'); + } + + return $this; + } + + /** + * @return Response + */ + public function addEncryptedAssertion(EncryptedElement $encryptedAssertion) + { + $this->encryptedAssertions[] = $encryptedAssertion; + + return $this; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('samlp:Response', SamlConstants::NS_PROTOCOL, $parent, $context); + + parent::serialize($result, $context); + + $this->manyElementsToXml($this->getAllAssertions(), $result, $context, null); + $this->manyElementsToXml($this->getAllEncryptedAssertions(), $result, $context, null); + + // must be done here at the end and not in a base class where declared in order to include signing of the elements added here + $this->singleElementsToXml(['Signature'], $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Response', SamlConstants::NS_PROTOCOL); + + parent::deserialize($node, $context); + + $this->assertions = []; + $this->manyElementsFromXml( + $node, + $context, + 'Assertion', + 'saml', + 'LightSaml\Model\Assertion\Assertion', + 'addAssertion' + ); + + $this->encryptedAssertions = []; + $this->manyElementsFromXml( + $node, + $context, + 'EncryptedAssertion', + 'saml', + 'LightSaml\Model\Assertion\EncryptedAssertionReader', + 'addEncryptedAssertion' + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/SamlMessage.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/SamlMessage.php new file mode 100644 index 0000000..2f692c3 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/SamlMessage.php @@ -0,0 +1,295 @@ +getDocument()->loadXML($xml); + + $node = $context->getDocument()->firstChild; + while ($node && $node instanceof \DOMComment) { + $node = $node->nextSibling; + } + if (null === $node) { + throw new LightSamlXmlException('Empty XML'); + } + + if (SamlConstants::NS_PROTOCOL !== $node->namespaceURI) { + throw new LightSamlXmlException(sprintf("Invalid namespace '%s' of the root XML element, expected '%s'", $context->getDocument()->namespaceURI, SamlConstants::NS_PROTOCOL)); + } + + $map = [ + 'AttributeQuery' => null, + 'AuthnRequest' => '\LightSaml\Model\Protocol\AuthnRequest', + 'LogoutResponse' => '\LightSaml\Model\Protocol\LogoutResponse', + 'LogoutRequest' => '\LightSaml\Model\Protocol\LogoutRequest', + 'Response' => '\LightSaml\Model\Protocol\Response', + 'ArtifactResponse' => null, + 'ArtifactResolve' => null, + ]; + + $rootElementName = $node->localName; + + if (array_key_exists($rootElementName, $map)) { + if ($class = $map[$rootElementName]) { + /** @var SamlElementInterface $result */ + $result = new $class(); + } else { + throw new \LogicException('Deserialization of %s root element is not implemented'); + } + } else { + throw new LightSamlXmlException(sprintf("Unknown SAML message '%s'", $rootElementName)); + } + + $result->deserialize($node, $context); + + return $result; + } + + /** + * @param string $id + * + * @return SamlMessage + */ + public function setID($id) + { + $this->id = (string) $id; + + return $this; + } + + /** + * @return string + */ + public function getID() + { + return $this->id; + } + + /** + * @param int|string|\DateTime $issueInstant + * + * @return SamlMessage + */ + public function setIssueInstant($issueInstant) + { + $this->issueInstant = Helper::getTimestampFromValue($issueInstant); + + return $this; + } + + /** + * @return int|null + */ + public function getIssueInstantTimestamp() + { + return $this->issueInstant; + } + + /** + * @return string|null + */ + public function getIssueInstantString() + { + if ($this->issueInstant) { + return Helper::time2string($this->issueInstant); + } + + return null; + } + + /** + * @return \DateTime|null + */ + public function getIssueInstantDateTime() + { + if ($this->issueInstant) { + return new \DateTime('@' . $this->issueInstant); + } + + return null; + } + + /** + * @param string $version + * + * @return SamlMessage + */ + public function setVersion($version) + { + $this->version = (string) $version; + + return $this; + } + + /** + * @return string + */ + public function getVersion() + { + return $this->version; + } + + /** + * @param string|null $destination + * + * @return SamlMessage + */ + public function setDestination($destination) + { + $this->destination = $destination; + + return $this; + } + + /** + * @return string|null + */ + public function getDestination() + { + return $this->destination; + } + + /** + * @return SamlMessage + */ + public function setIssuer(Issuer $issuer = null) + { + $this->issuer = $issuer; + + return $this; + } + + /** + * @return \LightSaml\Model\Assertion\NameID|null + */ + public function getIssuer() + { + return $this->issuer; + } + + /** + * @param string|null $consent + * + * @return StatusResponse + */ + public function setConsent($consent) + { + $this->consent = $consent; + + return $this; + } + + /** + * @return string|null + */ + public function getConsent() + { + return $this->consent; + } + + /** + * @return SamlMessage + */ + public function setSignature(Signature $signature = null) + { + $this->signature = $signature; + + return $this; + } + + /** + * @return Signature|null + */ + public function getSignature() + { + return $this->signature; + } + + /** + * @param string|null $relayState + * + * @return SamlMessage + */ + public function setRelayState($relayState) + { + $this->relayState = $relayState; + + return $this; + } + + /** + * @return string|null + */ + public function getRelayState() + { + return $this->relayState; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $this->attributesToXml(['ID', 'Version', 'IssueInstant', 'Destination', 'Consent'], $parent); + + $this->singleElementsToXml(['Issuer'], $parent, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->attributesFromXml($node, ['ID', 'Version', 'IssueInstant', 'Destination', 'Consent']); + + $this->singleElementsFromXml($node, $context, [ + 'Issuer' => ['saml', 'LightSaml\Model\Assertion\Issuer'], + 'Signature' => ['ds', 'LightSaml\Model\XmlDSig\SignatureXmlReader'], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/Status.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/Status.php new file mode 100644 index 0000000..43138a8 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/Status.php @@ -0,0 +1,101 @@ +statusCode = $statusCode; + $this->statusMessage = $message; + } + + /** + * @return Status + */ + public function setStatusCode(StatusCode $statusCode) + { + $this->statusCode = $statusCode; + + return $this; + } + + /** + * @return StatusCode + */ + public function getStatusCode() + { + return $this->statusCode; + } + + /** + * @param string|null $message + */ + public function setStatusMessage($message) + { + $this->statusMessage = (string) $message; + } + + /** + * @return string|null + */ + public function getStatusMessage() + { + return $this->statusMessage; + } + + /** + * @return bool + */ + public function isSuccess() + { + $result = $this->getStatusCode() && SamlConstants::STATUS_SUCCESS == $this->getStatusCode()->getValue(); + + return $result; + } + + /** + * @return Status + */ + public function setSuccess() + { + $this->setStatusCode(new StatusCode()); + $this->getStatusCode()->setValue(SamlConstants::STATUS_SUCCESS); + + return $this; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('samlp:Status', SamlConstants::NS_PROTOCOL, $parent, $context); + + $this->singleElementsToXml(['StatusCode', 'StatusMessage'], $result, $context, SamlConstants::NS_PROTOCOL); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Status', SamlConstants::NS_PROTOCOL); + + $this->singleElementsFromXml($node, $context, [ + 'StatusCode' => ['samlp', 'LightSaml\Model\Protocol\StatusCode'], + 'StatusMessage' => ['samlp', null], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/StatusCode.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/StatusCode.php new file mode 100644 index 0000000..7f429b6 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/StatusCode.php @@ -0,0 +1,84 @@ +value = $value; + } + + /** + * @param string $value + */ + public function setValue($value) + { + $this->value = (string) $value; + } + + /** + * @return string + */ + public function getValue() + { + return $this->value; + } + + /** + * @param StatusCode|null $statusCode + * + * @return StatusCode + */ + public function setStatusCode(StatusCode $statusCode) + { + $this->statusCode = $statusCode; + + return $this; + } + + /** + * @return StatusCode|null + */ + public function getStatusCode() + { + return $this->statusCode; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + $result = $this->createElement('samlp:StatusCode', SamlConstants::NS_PROTOCOL, $parent, $context); + + $this->attributesToXml(['Value'], $result); + + $this->singleElementsToXml(['StatusCode'], $result, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'StatusCode', SamlConstants::NS_PROTOCOL); + + $this->attributesFromXml($node, ['Value']); + + $this->singleElementsFromXml($node, $context, [ + 'StatusCode' => ['samlp', 'LightSaml\Model\Protocol\StatusCode'], + ]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/StatusResponse.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/StatusResponse.php new file mode 100644 index 0000000..a37c763 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/Protocol/StatusResponse.php @@ -0,0 +1,76 @@ +inResponseTo = $inResponseTo; + + return $this; + } + + /** + * @return string + */ + public function getInResponseTo() + { + return $this->inResponseTo; + } + + /** + * @return StatusResponse + */ + public function setStatus(Status $status) + { + $this->status = $status; + + return $this; + } + + /** + * @return Status + */ + public function getStatus() + { + return $this->status; + } + + /** + * @return void + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + parent::serialize($parent, $context); + + $this->attributesToXml(['InResponseTo'], $parent); + + $this->singleElementsToXml(['Status'], $parent, $context); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->attributesFromXml($node, ['InResponseTo']); + + $this->singleElementsFromXml($node, $context, [ + 'Status' => ['samlp', 'LightSaml\Model\Protocol\Status'], + ]); + + parent::deserialize($node, $context); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/SamlElementInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/SamlElementInterface.php new file mode 100644 index 0000000..c544290 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/SamlElementInterface.php @@ -0,0 +1,19 @@ +key; + } + + /** + * @param CredentialInterface[] $credentialCandidates + * + * @throws \InvalidArgumentException If element of $credentialCandidates array is not CredentialInterface + * @throws \LightSaml\Error\LightSamlSecurityException If validation fails + * + * @return CredentialInterface|null Returns credential that validated the signature or null if validation was not performed + */ + public function validateMulti(array $credentialCandidates) + { + $lastException = null; + + foreach ($credentialCandidates as $credential) { + if (false == $credential instanceof CredentialInterface) { + throw new \InvalidArgumentException('Expected CredentialInterface'); + } + if (null == $credential->getPublicKey()) { + continue; + } + + try { + $result = $this->validate($credential->getPublicKey()); + + if (false === $result) { + return null; + } + + return $credential; + } catch (LightSamlSecurityException $ex) { + $lastException = $ex; + } + } + + if ($lastException) { + throw $lastException; + } else { + throw new LightSamlSecurityException('No public key available for signature verification'); + } + } + + /** + * @return string + */ + abstract public function getAlgorithm(); + + /** + * @return XMLSecurityKey + */ + protected function castKeyIfNecessary(XMLSecurityKey $key) + { + $algorithm = $this->getAlgorithm(); + + if ( + !in_array($algorithm, [ + XMLSecurityKey::RSA_SHA1, + XMLSecurityKey::RSA_SHA256, + XMLSecurityKey::RSA_SHA384, + XMLSecurityKey::RSA_SHA512, + ]) + ) { + throw new LightSamlSecurityException(sprintf('Unsupported signing algorithm: "%s"', $algorithm)); + } + + if ($algorithm != $key->type) { + $key = KeyHelper::castKey($key, $algorithm); + } + + return $key; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/Signature.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/Signature.php new file mode 100644 index 0000000..d20fcad --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/Signature.php @@ -0,0 +1,16 @@ +signature = $signature; + $this->algorithm = $algorithm; + $this->data = $data; + } + + /** + * @param string $algorithm + */ + public function setAlgorithm($algorithm) + { + $this->algorithm = (string) $algorithm; + } + + /** + * @return string + */ + public function getAlgorithm() + { + return $this->algorithm; + } + + /** + * @param string $data + */ + public function setData($data) + { + $this->data = (string) $data; + } + + /** + * @return string + */ + public function getData() + { + return $this->data; + } + + /** + * @param string $signature + */ + public function setSignature($signature) + { + $this->signature = (string) $signature; + } + + /** + * @return string + */ + public function getSignature() + { + return $this->signature; + } + + /** + * @return bool True if validated, False if validation was not performed + * + * @throws LightSamlSecurityException If validation fails + */ + public function validate(XMLSecurityKey $key) + { + if (null == $this->getSignature()) { + return false; + } + + $key = $this->castKeyIfNecessary($key); + + $signature = base64_decode($this->getSignature()); + + if (false == $key->verifySignature($this->getData(), $signature)) { + throw new LightSamlSecurityException('Unable to validate signature on query string'); + } + + return true; + } + + /** + * @throws \LogicException + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + throw new \LogicException('SignatureStringReader can not be serialized'); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + throw new \LogicException('SignatureStringReader can not be deserialized'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/SignatureWriter.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/SignatureWriter.php new file mode 100644 index 0000000..64f8dee --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/SignatureWriter.php @@ -0,0 +1,192 @@ +getCertificate(), $options->getPrivateKey()); + $writer->signingOptions = $options; + + return $writer; + } + + /** + * @return SignatureWriter + */ + public static function createByKeyAndCertificate(X509Certificate $certificate, XMLSecurityKey $xmlSecurityKey) + { + $signingOptions = new SigningOptions($xmlSecurityKey, $certificate); + + return self::create($signingOptions); + } + + /** + * @param string $digestAlgorithm + */ + public function __construct(X509Certificate $certificate = null, XMLSecurityKey $xmlSecurityKey = null, $digestAlgorithm = XMLSecurityDSig::SHA1) + { + $this->certificate = $certificate; + $this->xmlSecurityKey = $xmlSecurityKey; + $this->digestAlgorithm = $digestAlgorithm; + } + + /** + * @return string + */ + public function getDigestAlgorithm() + { + return $this->digestAlgorithm; + } + + /** + * @param string $digestAlgorithm + * + * @return SignatureWriter + */ + public function setDigestAlgorithm($digestAlgorithm) + { + $this->digestAlgorithm = $digestAlgorithm; + + return $this; + } + + /** + * @return SigningOptions + */ + public function getSigningOptions() + { + return $this->signingOptions; + } + + /** + * @return SignatureWriter + */ + public function setSigningOptions(SigningOptions $signingOptions) + { + $this->signingOptions = $signingOptions; + + return $this; + } + + /** + * @return string + */ + public function getCanonicalMethod() + { + return $this->canonicalMethod; + } + + /** + * @param string $canonicalMethod + * + * @return SignatureWriter + */ + public function setCanonicalMethod($canonicalMethod) + { + $this->canonicalMethod = $canonicalMethod; + + return $this; + } + + /** + * @return SignatureWriter + */ + public function setXmlSecurityKey(XMLSecurityKey $key) + { + $this->xmlSecurityKey = $key; + + return $this; + } + + /** + * @return XMLSecurityKey + */ + public function getXmlSecurityKey() + { + return $this->xmlSecurityKey; + } + + /** + * @return SignatureWriter + */ + public function setCertificate(X509Certificate $certificate) + { + $this->certificate = $certificate; + + return $this; + } + + /** + * @return X509Certificate + */ + public function getCertificate() + { + return $this->certificate; + } + + public function serialize(\DOMNode $parent, SerializationContext $context) + { + if ($this->signingOptions && false === $this->signingOptions->isEnabled()) { + return; + } + + $objXMLSecDSig = new XMLSecurityDSig(); + $objXMLSecDSig->setCanonicalMethod($this->getCanonicalMethod()); + $key = $this->getXmlSecurityKey(); + + $objXMLSecDSig->addReferenceList( + [$parent], + $this->digestAlgorithm, + [SamlConstants::XMLSEC_TRANSFORM_ALGORITHM_ENVELOPED_SIGNATURE, XMLSecurityDSig::EXC_C14N], + ['id_name' => $this->getIDName(), 'overwrite' => false] + ); + + $objXMLSecDSig->sign($key); + + $objXMLSecDSig->add509Cert( + $this->getCertificate()->getData(), + false, + false, + $this->signingOptions ? $this->signingOptions->getCertificateOptions()->all() : null + ); + + $firstChild = $parent->hasChildNodes() ? $parent->firstChild : null; + if ($firstChild && 'Issuer' == $firstChild->localName) { + // The signature node should come after the issuer node + $firstChild = $firstChild->nextSibling; + } + $objXMLSecDSig->insertSignature($parent, $firstChild); + } + + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + throw new \LogicException('SignatureWriter can not be deserialized'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/SignatureXmlReader.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/SignatureXmlReader.php new file mode 100644 index 0000000..02d9630 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Model/XmlDSig/SignatureXmlReader.php @@ -0,0 +1,141 @@ +certificates[] = (string) $certificate; + } + + /** + * @return string[] + */ + public function getAllCertificates() + { + return $this->certificates; + } + + public function setSignature(XMLSecurityDSig $signature) + { + $this->signature = $signature; + } + + /** + * @return XMLSecurityDSig + */ + public function getSignature() + { + return $this->signature; + } + + /** + * @return bool + * + * @throws LightSamlSecurityException|Exception + */ + public function validate(XMLSecurityKey $key) + { + if (null == $this->signature) { + return false; + } + + try { + $this->signature->validateReference(); + } catch (Exception $e) { + throw new LightSamlSecurityException('Digest validation failed', $e->getCode(), $e); + } + + $key = $this->castKeyIfNecessary($key); + + if (false == $this->signature->verify($key)) { + throw new LightSamlSecurityException('Unable to verify Signature'); + } + + return true; + } + + /** + * @return string + * + * @throws \LightSaml\Error\LightSamlXmlException + */ + public function getAlgorithm() + { + $xpath = new \DOMXPath( + $this->signature->sigNode instanceof \DOMDocument + ? $this->signature->sigNode + : $this->signature->sigNode->ownerDocument + ); + $xpath->registerNamespace('ds', XMLSecurityDSig::XMLDSIGNS); + + $list = $xpath->query('./ds:SignedInfo/ds:SignatureMethod', $this->signature->sigNode); + if (!$list || 0 == $list->length) { + throw new LightSamlXmlException('Missing SignatureMethod element'); + } + /** @var $sigMethod \DOMElement */ + $sigMethod = $list->item(0); + if (!$sigMethod->hasAttribute('Algorithm')) { + throw new LightSamlXmlException('Missing Algorithm-attribute on SignatureMethod element.'); + } + $algorithm = $sigMethod->getAttribute('Algorithm'); + + return $algorithm; + } + + /** + * @throws \LogicException + */ + public function serialize(\DOMNode $parent, SerializationContext $context) + { + throw new \LogicException('SignatureXmlReader can not be serialized'); + } + + /** + * @throws Exception + */ + public function deserialize(\DOMNode $node, DeserializationContext $context) + { + $this->checkXmlNodeName($node, 'Signature', SamlConstants::NS_XMLDSIG); + + $this->signature = new XMLSecurityDSig(); + $this->signature->idKeys[] = $this->getIDName(); + $this->signature->sigNode = $node; + $this->signature->canonicalizeSignedInfo(); + + $this->key = null; + $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'public']); + XMLSecEnc::staticLocateKeyInfo($key, $node); + if ($key->name || $key->key) { + $this->key = $key; + } + + $this->certificates = []; + $list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node); + foreach ($list as $certNode) { + $certData = trim($certNode->textContent); + $certData = str_replace(["\r", "\n", "\t", ' '], '', $certData); + $this->certificates[] = $certData; + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Profile/Profiles.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Profile/Profiles.php new file mode 100644 index 0000000..b7d909e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Profile/Profiles.php @@ -0,0 +1,13 @@ +attributes[] = $attribute; + + return $this; + } + + /** + * @param \LightSaml\Model\Assertion\Attribute[] $attributes + * + * @return FixedAttributeValueProvider + */ + public function setAttributes(array $attributes) + { + $this->attributes = []; + foreach ($attributes as $attribute) { + $this->add($attribute); + } + + return $this; + } + + /** + * @return Attribute[] + */ + public function getValues(AssertionContext $context) + { + return $this->attributes; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/Credential/CredentialProviderInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/Credential/CredentialProviderInterface.php new file mode 100644 index 0000000..9212654 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/Credential/CredentialProviderInterface.php @@ -0,0 +1,13 @@ +entityId = $entityId; + $this->certificatePath = $certificatePath; + $this->privateKeyPath = $privateKeyPath; + $this->privateKeyPassword = $privateKeyPassword; + } + + /** + * @return X509Credential + */ + public function get() + { + if (null == $this->credential) { + $this->credential = new X509Credential( + X509Certificate::fromFile($this->certificatePath), + KeyHelper::createPrivateKey($this->privateKeyPath, $this->privateKeyPassword, true) + ); + $this->credential->setEntityId($this->entityId); + } + + return $this->credential; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntitiesDescriptor/EntitiesDescriptorProviderInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntitiesDescriptor/EntitiesDescriptorProviderInterface.php new file mode 100644 index 0000000..25bcdd4 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntitiesDescriptor/EntitiesDescriptorProviderInterface.php @@ -0,0 +1,13 @@ +filename = $filename; + } + + /** + * @return EntitiesDescriptor + */ + public function get() + { + if (null == $this->entitiesDescriptor) { + $this->entitiesDescriptor = new EntitiesDescriptor(); + $deserializationContext = new DeserializationContext(); + $deserializationContext->getDocument()->load($this->filename); + $this->entitiesDescriptor->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); + } + + return $this->entitiesDescriptor; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/EntitiesDescriptorEntityProvider.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/EntitiesDescriptorEntityProvider.php new file mode 100644 index 0000000..769985f --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/EntitiesDescriptorEntityProvider.php @@ -0,0 +1,39 @@ +entitiesDescriptorProvider = $entitiesDescriptorProvider; + $this->entityId = $entityId; + } + + /** + * @return EntityDescriptor + */ + public function get() + { + if (null == $this->entityDescriptor) { + $this->entityDescriptor = $this->entitiesDescriptorProvider->get()->getByEntityId($this->entityId); + } + + return $this->entityDescriptor; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/EntityDescriptorProviderInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/EntityDescriptorProviderInterface.php new file mode 100644 index 0000000..079ac98 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/EntityDescriptorProviderInterface.php @@ -0,0 +1,13 @@ +filename = $filename; + } + + /** + * @return EntityDescriptor + */ + public function get() + { + if (null == $this->entityDescriptor) { + $this->entityDescriptor = new EntityDescriptor(); + $deserializationContext = new DeserializationContext(); + $deserializationContext->getDocument()->load($this->filename); + $this->entityDescriptor->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); + } + + return $this->entityDescriptor; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/FileEntityDescriptorProviderFactory.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/FileEntityDescriptorProviderFactory.php new file mode 100644 index 0000000..e9c58f0 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/EntityDescriptor/FileEntityDescriptorProviderFactory.php @@ -0,0 +1,32 @@ +entityDescriptor = $entityDescriptor; + } + + /** + * @return EntityDescriptor + */ + public function get() + { + return $this->entityDescriptor; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/NameID/FixedNameIdProvider.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/NameID/FixedNameIdProvider.php new file mode 100644 index 0000000..61391d7 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/NameID/FixedNameIdProvider.php @@ -0,0 +1,35 @@ +nameId = $nameId; + } + + /** + * @return FixedNameIdProvider + */ + public function setNameId(NameID $nameId = null) + { + $this->nameId = $nameId; + + return $this; + } + + /** + * @return NameID|null + */ + public function getNameID(AbstractProfileContext $context) + { + return $this->nameId; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/NameID/NameIdProviderInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/NameID/NameIdProviderInterface.php new file mode 100644 index 0000000..328d12b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/NameID/NameIdProviderInterface.php @@ -0,0 +1,14 @@ +authnInstant = $authnInstant; + $this->sessionIndex = $sessionIndex; + $this->authnContextClassRef = $authnContextClassRef; + } + + /** + * @param int $authnInstant + * + * @return FixedSessionInfoProvider + */ + public function setAuthnInstant($authnInstant) + { + $this->authnInstant = intval($authnInstant); + + return $this; + } + + /** + * @param string $sessionIndex + * + * @return FixedSessionInfoProvider + */ + public function setSessionIndex($sessionIndex) + { + $this->sessionIndex = $sessionIndex; + + return $this; + } + + /** + * @param string $authnContextClassRef + * + * @return FixedSessionInfoProvider + */ + public function setAuthnContextClassRef($authnContextClassRef) + { + $this->authnContextClassRef = $authnContextClassRef; + + return $this; + } + + /** + * @return int + */ + public function getAuthnInstant() + { + return $this->authnInstant; + } + + /** + * @return string + */ + public function getSessionIndex() + { + return $this->sessionIndex; + } + + /** + * @return string + */ + public function getAuthnContextClassRef() + { + return $this->authnContextClassRef; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/Session/SessionInfoProviderInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/Session/SessionInfoProviderInterface.php new file mode 100644 index 0000000..a924dad --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Provider/Session/SessionInfoProviderInterface.php @@ -0,0 +1,21 @@ +resolvers[] = $resolver; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/AbstractQueryableResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/AbstractQueryableResolver.php new file mode 100644 index 0000000..dbfd809 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/AbstractQueryableResolver.php @@ -0,0 +1,14 @@ +has(AlgorithmCriteria::class)) { + return $arrCredentials; + } + + $result = []; + foreach ($criteriaSet->get(AlgorithmCriteria::class) as $criteria) { + /* @var AlgorithmCriteria $criteria */ + foreach ($arrCredentials as $credential) { + if ( + ($credential->getPrivateKey() && $credential->getPrivateKey()->getAlgorith() == $criteria->getAlgorithm()) || + ($credential->getPublicKey() && $credential->getPublicKey()->getAlgorith() == $criteria->getAlgorithm()) + ) { + $result[] = $credential; + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CompositeFilterResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CompositeFilterResolver.php new file mode 100644 index 0000000..abd909d --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CompositeFilterResolver.php @@ -0,0 +1,24 @@ +resolvers as $resolver) { + $result = $resolver->resolve($criteriaSet, $result); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CompositeUnionResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CompositeUnionResolver.php new file mode 100644 index 0000000..9ebfa67 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CompositeUnionResolver.php @@ -0,0 +1,24 @@ +resolvers as $resolver) { + $result = array_merge($result, $resolver->resolve($criteriaSet, $arrCredentials)); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CredentialNameFilterResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CredentialNameFilterResolver.php new file mode 100644 index 0000000..b9b7b99 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CredentialNameFilterResolver.php @@ -0,0 +1,39 @@ +has(CredentialNameCriteria::class)) { + return $arrCredentials; + } + + $result = []; + foreach ($criteriaSet->get(CredentialNameCriteria::class) as $criteria) { + /* @var CredentialNameCriteria $criteria */ + foreach ($arrCredentials as $credential) { + $arrCredentialNames = $credential->getKeyNames(); + $criteriaName = $criteria->getName(); + foreach ($arrCredentialNames as $credentialName) { + if ($credentialName == $criteriaName) { + $result[] = $credential; + break; + } + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CredentialResolverInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CredentialResolverInterface.php new file mode 100644 index 0000000..825c92c --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/CredentialResolverInterface.php @@ -0,0 +1,21 @@ +resolver = $resolver; + } + + /** + * @return CredentialResolverQuery + */ + public function resolve() + { + $this->arrCredentials = $this->resolver->resolve($this); + + return $this; + } + + /** + * @return CredentialInterface|null + */ + public function firstCredential() + { + return reset($this->arrCredentials) ?: null; + } + + /** + * @return CredentialInterface[] + */ + public function allCredentials() + { + return $this->arrCredentials; + } + + /** + * @return CredentialInterface[] + */ + public function getPublicKeys() + { + $result = []; + foreach ($this->arrCredentials as $credential) { + if ($credential instanceof CredentialInterface) { + $publicKey = $credential->getPublicKey(); + if ($publicKey) { + $result[] = $credential; + } + } else { + throw new \InvalidArgumentException('Expected CredentialInterface'); + } + } + + return $result; + } + + /** + * @return CredentialInterface[] + */ + public function getPrivateKeys() + { + $result = []; + foreach ($this->arrCredentials as $credential) { + if ($credential instanceof CredentialInterface) { + $privateKey = $credential->getPrivateKey(); + if ($privateKey) { + $result[] = $credential; + } + } else { + throw new \InvalidArgumentException('Expected CredentialInterface'); + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/EntityIdResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/EntityIdResolver.php new file mode 100644 index 0000000..4f242c7 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/EntityIdResolver.php @@ -0,0 +1,35 @@ +credentialStore = $credentialStore; + } + + /** + * @param array|CredentialInterface[] $arrCredentials + * + * @return array|CredentialInterface[] + */ + public function resolve(CriteriaSet $criteriaSet, array $arrCredentials = []) + { + $result = []; + foreach ($criteriaSet->get(EntityIdCriteria::class) as $criteria) { + /* @var EntityIdCriteria $criteria */ + $result = array_merge($result, $this->credentialStore->getByEntityId($criteria->getEntityId())); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/Factory/CredentialResolverFactory.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/Factory/CredentialResolverFactory.php new file mode 100644 index 0000000..f3f3ba5 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/Factory/CredentialResolverFactory.php @@ -0,0 +1,45 @@ +credentialStore = $credentialStore; + } + + /** + * @return CredentialResolverInterface + */ + public function build() + { + $result = (new CompositeFilterResolver()) + ->add(new EntityIdResolver($this->credentialStore)) + ->add(new AlgorithmFilterResolver()) + ->add(new CredentialNameFilterResolver()) + ->add(new MetadataFilterResolver()) + ->add(new UsageFilterResolver()) + ->add(new PrivateKeyResolver()) + ->add(new X509CredentialResolver()) + ->add(new PublicKeyThumbprintResolver()) + ; + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/MetadataFilterResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/MetadataFilterResolver.php new file mode 100644 index 0000000..20b75ae --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/MetadataFilterResolver.php @@ -0,0 +1,43 @@ +has(MetadataCriteria::class)) { + return $arrCredentials; + } + + $result = []; + foreach ($criteriaSet->get(MetadataCriteria::class) as $criteria) { + /* @var MetadataCriteria $criteria */ + foreach ($arrCredentials as $credential) { + /** @var MetadataCredentialContext $metadataContext */ + $metadataContext = $credential->getCredentialContext()->get(MetadataCredentialContext::class); + if ( + false == $metadataContext || + MetadataCriteria::TYPE_IDP == $criteria->getMetadataType() && $metadataContext->getRoleDescriptor() instanceof IdpSsoDescriptor || + MetadataCriteria::TYPE_SP == $criteria->getMetadataType() && $metadataContext->getRoleDescriptor() instanceof SpSsoDescriptor + ) { + $result[] = $credential; + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/PrivateKeyResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/PrivateKeyResolver.php new file mode 100644 index 0000000..1a1acb9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/PrivateKeyResolver.php @@ -0,0 +1,31 @@ +has(PrivateKeyCriteria::class)) { + return $arrCredentials; + } + + $result = []; + foreach ($arrCredentials as $credential) { + if ($credential->getPrivateKey()) { + $result[] = $credential; + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/PublicKeyThumbprintResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/PublicKeyThumbprintResolver.php new file mode 100644 index 0000000..7775311 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/PublicKeyThumbprintResolver.php @@ -0,0 +1,34 @@ +has(PublicKeyThumbprintCriteria::class)) { + return $arrCredentials; + } + + $result = []; + /** @var PublicKeyThumbprintCriteria $criteria */ + foreach ($criteriaSet->get(PublicKeyThumbprintCriteria::class) as $criteria) { + foreach ($arrCredentials as $credential) { + if ($credential->getPublicKey() && $credential->getPublicKey()->getX509Thumbprint() == $criteria->getThumbprint()) { + $result[] = $credential; + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/UsageFilterResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/UsageFilterResolver.php new file mode 100644 index 0000000..4dcfb37 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/UsageFilterResolver.php @@ -0,0 +1,34 @@ +has(UsageCriteria::class)) { + return $arrCredentials; + } + + $result = []; + foreach ($criteriaSet->get(UsageCriteria::class) as $criteria) { + /* @var UsageCriteria $criteria */ + foreach ($arrCredentials as $credential) { + if (false == $credential->getUsageType() || $criteria->getUsage() == $credential->getUsageType()) { + $result[] = $credential; + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/X509CredentialResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/X509CredentialResolver.php new file mode 100644 index 0000000..f20990b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Credential/X509CredentialResolver.php @@ -0,0 +1,32 @@ +has(X509CredentialCriteria::class)) { + return $arrCredentials; + } + + $result = []; + foreach ($arrCredentials as $credential) { + if ($credential instanceof X509CredentialInterface) { + $result[] = $credential; + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/BindingEndpointResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/BindingEndpointResolver.php new file mode 100644 index 0000000..7b46212 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/BindingEndpointResolver.php @@ -0,0 +1,44 @@ +has(BindingCriteria::class)) { + return $candidates; + } + + $arrOrdered = []; + /** @var BindingCriteria $bindingCriteria */ + foreach ($criteriaSet->get(BindingCriteria::class) as $bindingCriteria) { + foreach ($candidates as $endpointReference) { + $preference = $bindingCriteria->getPreference($endpointReference->getEndpoint()->getBinding()); + if (null !== $preference) { + $arrOrdered[$preference][] = $endpointReference; + } + } + } + + ksort($arrOrdered); + + $result = []; + foreach ($arrOrdered as $arr) { + foreach ($arr as $endpointReference) { + $result[] = $endpointReference; + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/CompositeEndpointResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/CompositeEndpointResolver.php new file mode 100644 index 0000000..903b6b2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/CompositeEndpointResolver.php @@ -0,0 +1,46 @@ +resolvers = $builders; + } + + /** + * @return CompositeEndpointResolver + */ + public function add(EndpointResolverInterface $builder) + { + $this->resolvers[] = $builder; + + return $this; + } + + /** + * @param EndpointReference[] $candidates + * + * @return EndpointReference[] + */ + public function resolve(CriteriaSet $criteriaSet, array $candidates) + { + $result = $candidates; + + foreach ($this->resolvers as $resolver) { + $result = $resolver->resolve($criteriaSet, $result); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/BindingCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/BindingCriteria.php new file mode 100644 index 0000000..2e57025 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/BindingCriteria.php @@ -0,0 +1,59 @@ + Preference. + * + * @var int[] + */ + protected $bindings = []; + + /** + * @param string[] $bindings Ordered by preference, first being most preferable, last least preferable + */ + public function __construct(array $bindings) + { + $this->bindings = []; + + foreach ($bindings as $binding) { + $this->add($binding); + } + } + + /** + * @param string $binding Next preferable binding + * + * @return BindingCriteria + */ + public function add($binding) + { + $this->bindings[$binding] = count($this->bindings) + 1; + + return $this; + } + + /** + * Returns array of bindings ordered by preference, first being most preferable, last least preferable. + * + * @return string[] + */ + public function getAllBindings() + { + return array_keys($this->bindings); + } + + /** + * @param $binding + * + * @return int|null Preference of a binding or null if not preferred + */ + public function getPreference($binding) + { + return isset($this->bindings[$binding]) ? $this->bindings[$binding] : null; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/DescriptorTypeCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/DescriptorTypeCriteria.php new file mode 100644 index 0000000..f82b576 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/DescriptorTypeCriteria.php @@ -0,0 +1,27 @@ +descriptorType = $descriptorType; + } + + /** + * @return string + */ + public function getDescriptorType() + { + return $this->descriptorType; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/IndexCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/IndexCriteria.php new file mode 100644 index 0000000..5af375a --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/IndexCriteria.php @@ -0,0 +1,27 @@ +index = $index; + } + + /** + * @return string + */ + public function getIndex() + { + return $this->index; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/LocationCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/LocationCriteria.php new file mode 100644 index 0000000..7ea8a7e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/LocationCriteria.php @@ -0,0 +1,27 @@ +location = $location; + } + + /** + * @return string + */ + public function getLocation() + { + return $this->location; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/ServiceTypeCriteria.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/ServiceTypeCriteria.php new file mode 100644 index 0000000..bc62eb9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/Criteria/ServiceTypeCriteria.php @@ -0,0 +1,27 @@ +serviceType = $serviceType; + } + + /** + * @return string + */ + public function getServiceType() + { + return $this->serviceType; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/DescriptorTypeEndpointResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/DescriptorTypeEndpointResolver.php new file mode 100644 index 0000000..26383c3 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/DescriptorTypeEndpointResolver.php @@ -0,0 +1,40 @@ +has(DescriptorTypeCriteria::class)) { + return $candidates; + } + + $result = []; + /** @var DescriptorTypeCriteria $descriptorTypeCriteria */ + foreach ($criteriaSet->get(DescriptorTypeCriteria::class) as $descriptorTypeCriteria) { + foreach ($candidates as $endpointReference) { + $type = $descriptorTypeCriteria->getDescriptorType(); + if ($endpointReference->getDescriptor() instanceof $type) { + $result[] = $endpointReference; + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/EndpointResolverInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/EndpointResolverInterface.php new file mode 100644 index 0000000..67ff747 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/EndpointResolverInterface.php @@ -0,0 +1,16 @@ +has(IndexCriteria::class)) { + return $candidates; + } + + $result = []; + /** @var IndexCriteria $indexCriteria */ + foreach ($criteriaSet->get(IndexCriteria::class) as $indexCriteria) { + foreach ($candidates as $endpointReference) { + $endpoint = $endpointReference->getEndpoint(); + if ($endpoint instanceof IndexedEndpoint) { + if ($endpoint->getIndex() == $indexCriteria->getIndex()) { + $result[] = $endpointReference; + } + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/LocationEndpointResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/LocationEndpointResolver.php new file mode 100644 index 0000000..8612b3e --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/LocationEndpointResolver.php @@ -0,0 +1,34 @@ +has(LocationCriteria::class)) { + return $candidates; + } + + $result = []; + /** @var LocationCriteria $locationCriteria */ + foreach ($criteriaSet->get(LocationCriteria::class) as $locationCriteria) { + foreach ($candidates as $endpointReference) { + if ($endpointReference->getEndpoint()->getLocation() == $locationCriteria->getLocation()) { + $result[] = $endpointReference; + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/ServiceTypeEndpointResolver.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/ServiceTypeEndpointResolver.php new file mode 100644 index 0000000..8e72c70 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Endpoint/ServiceTypeEndpointResolver.php @@ -0,0 +1,40 @@ +has(ServiceTypeCriteria::class)) { + return $candidates; + } + + $result = []; + /** @var ServiceTypeCriteria $serviceTypeCriteria */ + foreach ($criteriaSet->get(ServiceTypeCriteria::class) as $serviceTypeCriteria) { + foreach ($candidates as $endpointReference) { + $type = $serviceTypeCriteria->getServiceType(); + if ($endpointReference->getEndpoint() instanceof $type) { + $result[] = $endpointReference; + } + } + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Session/SessionProcessor.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Session/SessionProcessor.php new file mode 100644 index 0000000..d3d6335 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Session/SessionProcessor.php @@ -0,0 +1,124 @@ +ssoStateStore = $ssoStateStore; + $this->timeProvider = $timeProvider; + } + + /** + * @param Assertion[] $assertions + * @param string $ownEntityId + * @param string $partyEntityId + */ + public function processAssertions(array $assertions, $ownEntityId, $partyEntityId) + { + $now = $this->timeProvider->getDateTime()->setTimezone(new \DateTimeZone('GMT')); + $ssoState = $this->ssoStateStore->get(); + + foreach ($assertions as $assertion) { + if ($assertion instanceof Assertion) { + if ($this->supportsSession($assertion)) { + $this->checkSession($ownEntityId, $partyEntityId, $ssoState, $assertion, $now); + } + } else { + throw new \InvalidArgumentException('Expected Assertion'); + } + } + + $this->ssoStateStore->set($ssoState); + } + + /** + * @return bool + */ + protected function supportsSession(Assertion $assertion) + { + return + $assertion->hasBearerSubject() && + null != $assertion->getSubject() && + null != $assertion->getSubject()->getNameID() + ; + } + + /** + * @param string $ownEntityId + * @param string $partyEntityId + */ + protected function checkSession($ownEntityId, $partyEntityId, SsoState $ssoState, Assertion $assertion, \DateTime $now) + { + $sessions = $this->filterSessions($ssoState, $assertion, $ownEntityId, $partyEntityId); + + if (empty($sessions)) { + $this->createSession($ssoState, $assertion, $now, $ownEntityId, $partyEntityId); + } else { + $this->updateLastAuthn($sessions, $now); + } + } + + /** + * @param string $ownEntityId + * @param string $partyEntityId + * + * @return SsoSessionState + */ + protected function createSession(SsoState $ssoState, Assertion $assertion, \DateTime $now, $ownEntityId, $partyEntityId) + { + $ssoSession = new SsoSessionState(); + $ssoSession->setIdpEntityId($partyEntityId) + ->setSpEntityId($ownEntityId) + ->setNameId($assertion->getSubject()->getNameID()->getValue()) + ->setNameIdFormat($assertion->getSubject()->getNameID()->getFormat()) + ->setSessionIndex($assertion->getFirstAuthnStatement()->getSessionIndex()) + ->setSessionInstant($assertion->getFirstAuthnStatement()->getAuthnInstantDateTime()) + ->setFirstAuthOn($now) + ->setLastAuthOn($now) + ; + $ssoState->addSsoSession($ssoSession); + + return $ssoSession; + } + + /** + * @param SsoSessionState[] $sessions + */ + protected function updateLastAuthn(array $sessions, \DateTime $now) + { + foreach ($sessions as $session) { + $session->setLastAuthOn($now); + } + } + + /** + * @param string $ownEntityId + * @param string $partyEntityId + * + * @return \LightSaml\State\Sso\SsoSessionState[] + */ + protected function filterSessions(SsoState $ssoState, Assertion $assertion, $ownEntityId, $partyEntityId) + { + return $ssoState->filter( + $partyEntityId, + $ownEntityId, + $assertion->getSubject()->getNameID()->getValue(), + $assertion->getSubject()->getNameID()->getFormat(), + $assertion->getFirstAuthnStatement()->getSessionIndex() + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Session/SessionProcessorInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Session/SessionProcessorInterface.php new file mode 100644 index 0000000..bcd7ca0 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Session/SessionProcessorInterface.php @@ -0,0 +1,15 @@ +credentialResolver = $credentialResolver; + } + + /** + * @return SignatureWriter + */ + public function getSignature(AbstractProfileContext $context) + { + $credential = $this->getSigningCredential($context); + if (null == $credential) { + throw new LightSamlContextException($context, 'Unable to find signing credential'); + } + $trustOptions = $context->getProfileContext()->getTrustOptions(); + + $signature = new SignatureWriter($credential->getCertificate(), $credential->getPrivateKey(), $trustOptions->getSignatureDigestAlgorithm()); + + return $signature; + } + + /** + * @return X509CredentialInterface|null + */ + private function getSigningCredential(AbstractProfileContext $context) + { + $profileContext = $context->getProfileContext(); + + $entityDescriptor = $profileContext->getOwnEntityDescriptor(); + + $query = $this->credentialResolver->query(); + $query + ->add(new EntityIdCriteria($entityDescriptor->getEntityID())) + ->add(new UsageCriteria(UsageType::SIGNING)) + ->add(new X509CredentialCriteria()) + ->addIf(ProfileContext::ROLE_IDP === $profileContext->getOwnRole(), function () { + return new MetadataCriteria(MetadataCriteria::TYPE_IDP, SamlConstants::VERSION_20); + }) + ->addIf(ProfileContext::ROLE_SP === $profileContext->getOwnRole(), function () { + return new MetadataCriteria(MetadataCriteria::TYPE_SP, SamlConstants::VERSION_20); + }) + ; + $query->resolve(); + + $result = $query->firstCredential(); + if ($result && false === $result instanceof X509CredentialInterface) { + throw new \LogicException(sprintf('Expected X509CredentialInterface but got %s', get_class($result))); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Signature/SignatureResolverInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Signature/SignatureResolverInterface.php new file mode 100644 index 0000000..0a343e0 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Resolver/Signature/SignatureResolverInterface.php @@ -0,0 +1,14 @@ +id = $id; + $this->parameters = new ParameterBag(); + if ($nonce) { + $this->parameters->set('nonce', $nonce); + } + } + + /** + * @param string $id + * + * @return RequestState + */ + public function setId($id) + { + $this->id = $id; + + return $this; + } + + /** + * @return string + */ + public function getId() + { + return $this->id; + } + + /** + * @return ParameterBag + */ + public function getParameters() + { + return $this->parameters; + } + + /** + * @deprecated Since 1.2, to be removed in 2.0. Use getParameters() instead + * + * @param mixed $nonce + * + * @return RequestState + */ + public function setNonce($nonce) + { + $this->parameters->set('nonce', $nonce); + + return $this; + } + + /** + * @deprecated Since 1.2, to be removed in 2.0. Use getParameters() instead + * + * @return mixed + */ + public function getNonce() + { + return $this->parameters->get('nonce'); + } + + /** + * (PHP 5 >= 5.1.0)
+ * String representation of object. + * + * @see http://php.net/manual/en/serializable.serialize.php + * + * @return string the string representation of the object or null + */ + public function serialize() + { + return serialize($this->__serialize()); + } + + /** + * (PHP >= 8.1) + * + * @return array + */ + public function __serialize() + { + $nonce = $this->parameters->get('nonce'); + + return [$this->id, $nonce, $this->parameters->__serialize()]; + } + + + /** + * @param string $serialized The string representation of the object + * + * @return void + */ + public function unserialize($serialized) + { + $this->__unserialize(unserialize($serialized)); + } + + /** + * @param array $serialized + * + * @return void + */ + public function __unserialize(array $serialized) + { + $nonce = null; + $this->parameters = new ParameterBag(); + list($this->id, $nonce, $parameters) = $serialized; + $this->parameters->__unserialize($parameters); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/State/Request/RequestStateParameters.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/State/Request/RequestStateParameters.php new file mode 100644 index 0000000..2e1cb60 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/State/Request/RequestStateParameters.php @@ -0,0 +1,19 @@ +parameters = new ParameterBag(); + } + + /** + * @return string + */ + public function getIdpEntityId() + { + return $this->idpEntityId; + } + + /** + * @param string $idpEntityId + * + * @return SsoSessionState + */ + public function setIdpEntityId($idpEntityId) + { + $this->idpEntityId = $idpEntityId; + + return $this; + } + + /** + * @return string + */ + public function getSpEntityId() + { + return $this->spEntityId; + } + + /** + * @param string $spEntityId + * + * @return SsoSessionState + */ + public function setSpEntityId($spEntityId) + { + $this->spEntityId = $spEntityId; + + return $this; + } + + /** + * @return string + */ + public function getNameId() + { + return $this->nameId; + } + + /** + * @param string $nameId + * + * @return SsoSessionState + */ + public function setNameId($nameId) + { + $this->nameId = $nameId; + + return $this; + } + + /** + * @return string + */ + public function getNameIdFormat() + { + return $this->nameIdFormat; + } + + /** + * @param string $nameIdFormat + * + * @return SsoSessionState + */ + public function setNameIdFormat($nameIdFormat) + { + $this->nameIdFormat = $nameIdFormat; + + return $this; + } + + /** + * @return string + */ + public function getSessionIndex() + { + return $this->sessionIndex; + } + + /** + * @param string $sessionIndex + * + * @return SsoSessionState + */ + public function setSessionIndex($sessionIndex) + { + $this->sessionIndex = $sessionIndex; + + return $this; + } + + /** + * @return \DateTime + */ + public function getFirstAuthOn() + { + return $this->firstAuthOn; + } + + /** + * @param \DateTime $firstAuthOn + * + * @return SsoSessionState + */ + public function setFirstAuthOn($firstAuthOn) + { + $this->firstAuthOn = $firstAuthOn; + + return $this; + } + + /** + * @return \DateTime + */ + public function getLastAuthOn() + { + return $this->lastAuthOn; + } + + /** + * @param \DateTime $lastAuthOn + * + * @return SsoSessionState + */ + public function setLastAuthOn($lastAuthOn) + { + $this->lastAuthOn = $lastAuthOn; + + return $this; + } + + /** + * @return \DateTime + */ + public function getSessionInstant() + { + return $this->sessionInstant; + } + + /** + * @param \DateTime $sessionInstant + * + * @return SsoSessionState + */ + public function setSessionInstant($sessionInstant) + { + $this->sessionInstant = $sessionInstant; + + return $this; + } + + /** + * @return ParameterBag + */ + public function getParameters() + { + return $this->parameters; + } + + /** + * @deprecated Since 1.2, will be removed in 2.0. Use getParameters() instead + * + * @return array + */ + public function getOptions() + { + return $this->parameters->all(); + } + + /** + * @deprecated Since 1.2, will be removed in 2.0. Use getParameters() instead + * + * @param string $name + * @param mixed $value + * + * @return SsoSessionState + */ + public function addOption($name, $value) + { + $this->parameters->set($name, $value); + + return $this; + } + + /** + * @deprecated Since 1.2, will be removed in 2.0. Use getParameters() instead + * + * @param string $name + * + * @return SsoSessionState + */ + public function removeOption($name) + { + $this->parameters->remove($name); + + return $this; + } + + /** + * @deprecated Since 1.2, will be removed in 2.0. Use getParameters() instead + * + * @param string $name + * + * @return bool + */ + public function hasOption($name) + { + return $this->parameters->has($name); + } + + /** + * @param string $partyId + * + * @return string Other party id + * + * @throws \LightSaml\Error\LightSamlException If $partyId does not match sp or idp entity id + */ + public function getOtherPartyId($partyId) + { + if ($partyId == $this->idpEntityId) { + return $this->spEntityId; + } elseif ($partyId == $this->spEntityId) { + return $this->idpEntityId; + } + + throw new LightSamlException(sprintf('Party "%s" is not included in sso session between "%s" and "%s"', $partyId, $this->idpEntityId, $this->spEntityId)); + } + + /** + * @return string the string representation of the object or null + */ + public function serialize() + { + return serialize($this->__serialize()); + } + + /** + * (PHP >= 8.1) + * String representation of object. + * @return array + */ + public function __serialize() + { + return[ + $this->idpEntityId, + $this->spEntityId, + $this->nameId, + $this->nameIdFormat, + $this->sessionIndex, + $this->sessionInstant, + $this->firstAuthOn, + $this->lastAuthOn, + [], + $this->parameters, + ]; + } + + /** + * @param string $serialized + * + * @return void + */ + public function unserialize($serialized) + { + $this->__unserialize(unserialize($serialized)); + } + + /** + * (PHP >= 8.1) + * @param array $data + * + * @return void + */ + public function __unserialize(array $data) + { + // add a few extra elements in the array to ensure that we have enough keys when unserializing + // older data which does not include all properties. + $data = array_merge($data, array_fill(0, 5, null)); + + list( + $this->idpEntityId, + $this->spEntityId, + $this->nameId, + $this->nameIdFormat, + $this->sessionIndex, + $this->sessionInstant, + $this->firstAuthOn, + $this->lastAuthOn, + $options, + $this->parameters + ) = $data; + + // if deserialized from old format, set old options to new parameters + if ($options && 0 == $this->parameters->count()) { + $this->parameters->replace($options); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/State/Sso/SsoState.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/State/Sso/SsoState.php new file mode 100644 index 0000000..f9f0f53 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/State/Sso/SsoState.php @@ -0,0 +1,230 @@ +parameters = new ParameterBag(); + } + + /** + * @return string + */ + public function getLocalSessionId() + { + return $this->localSessionId; + } + + /** + * @param string $localSessionId + * + * @return SsoState + */ + public function setLocalSessionId($localSessionId) + { + $this->localSessionId = $localSessionId; + + return $this; + } + + /** + * @return ParameterBag + */ + public function getParameters() + { + return $this->parameters; + } + + /** + * @deprecated Since 1.2, to be removed in 2.0. Use getParameters() instead + * + * @return array + */ + public function getOptions() + { + return $this->parameters->all(); + } + + /** + * @deprecated Since 1.2, to be removed in 2.0. Use getParameters() instead + * + * @param string $name + * @param mixed $value + * + * @return SsoState + */ + public function addOption($name, $value) + { + $this->parameters->set($name, $value); + + return $this; + } + + /** + * @deprecated Since 1.2, to be removed in 2.0. Use getParameters() instead + * + * @param string $name + * + * @return SsoState + */ + public function removeOption($name) + { + $this->parameters->remove($name); + + return $this; + } + + /** + * @deprecated Since 1.2, to be removed in 2.0. Use getParameters() instead + * + * @param string $name + * + * @return bool + */ + public function hasOption($name) + { + return $this->parameters->has($name); + } + + /** + * @return SsoSessionState[] + */ + public function getSsoSessions() + { + return $this->ssoSessions; + } + + /** + * @param SsoSessionState[] $ssoSessions + * + * @return SsoState + */ + public function setSsoSessions(array $ssoSessions) + { + $this->ssoSessions = []; + foreach ($ssoSessions as $ssoSession) { + $this->addSsoSession($ssoSession); + } + + return $this; + } + + /** + * @return SsoState + */ + public function addSsoSession(SsoSessionState $ssoSessionState) + { + $this->ssoSessions[] = $ssoSessionState; + + return $this; + } + + /** + * @param $idpEntityId + * @param $spEntityId + * @param $nameId + * @param $nameIdFormat + * @param $sessionIndex + * + * @return SsoSessionState[] + */ + public function filter($idpEntityId, $spEntityId, $nameId, $nameIdFormat, $sessionIndex) + { + $result = []; + + foreach ($this->ssoSessions as $ssoSession) { + if ( + (!$idpEntityId || $ssoSession->getIdpEntityId() === $idpEntityId) && + (!$spEntityId || $ssoSession->getSpEntityId() === $spEntityId) && + (!$nameId || $ssoSession->getNameId() === $nameId) && + (!$nameIdFormat || $ssoSession->getNameIdFormat() === $nameIdFormat) && + (!$sessionIndex || $ssoSession->getSessionIndex() === $sessionIndex) + ) { + $result[] = $ssoSession; + } + } + + return $result; + } + + /** + * @param callable $callback + * + * @return SsoState + */ + public function modify($callback) + { + $this->ssoSessions = array_values(array_filter($this->ssoSessions, $callback)); + + return $this; + } + + /** + * @return string the string representation of the object or null + */ + public function serialize() + { + return serialize($this->__serialize()); + } + + /** + * (PHP >= 8.1) + * @return array + */ + public function __serialize() + { + return [ + $this->localSessionId, + $this->ssoSessions, + [], + $this->parameters, + ]; + } + + /** + * @param string $serialized + * + * @return void + */ + public function unserialize($serialized) + { + $this->__unserialize(unserialize($serialized)); + } + + /** + * @param array $data + * + * @return void + */ + public function __unserialize(array $data) + { + // add a few extra elements in the array to ensure that we have enough keys when unserializing + // older data which does not include all properties. + $data = array_merge($data, array_fill(0, 5, null)); + $oldOptions = null; + + list( + $this->localSessionId, + $this->ssoSessions, + $oldOptions, // old deprecated options + $this->parameters) = $data; + + // in case it was serialized in old way, copy old options to parameters + if ($oldOptions && 0 == $this->parameters->count()) { + $this->parameters->add($oldOptions); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/CompositeCredentialStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/CompositeCredentialStore.php new file mode 100644 index 0000000..8cf4483 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/CompositeCredentialStore.php @@ -0,0 +1,36 @@ +stores as $store) { + $result = array_merge($result, $store->getByEntityId($entityId)); + } + + return $result; + } + + /** + * @return CompositeCredentialStore + */ + public function add(CredentialStoreInterface $store) + { + $this->stores[] = $store; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/CredentialStoreInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/CredentialStoreInterface.php new file mode 100644 index 0000000..845b077 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/CredentialStoreInterface.php @@ -0,0 +1,15 @@ +extraCredentials[] = $credential; + + return $this; + } + + /** + * @param string $ownEntityId + * @param CredentialInterface[] $extraCredentials + * + * @return CompositeCredentialStore + */ + public function buildFromOwnCredentialStore( + EntityDescriptorStoreInterface $idpEntityDescriptorStore, + EntityDescriptorStoreInterface $spEntityDescriptorStore, + $ownEntityId, + CredentialStoreInterface $ownCredentialStore, + array $extraCredentials = null + ) { + return $this->build( + $idpEntityDescriptorStore, + $spEntityDescriptorStore, + $ownCredentialStore->getByEntityId($ownEntityId), + $extraCredentials + ); + } + + /** + * @param CredentialInterface[] $ownCredentials + * @param CredentialInterface[] $extraCredentials + * + * @return CompositeCredentialStore + */ + public function build( + EntityDescriptorStoreInterface $idpEntityDescriptorStore, + EntityDescriptorStoreInterface $spEntityDescriptorStore, + array $ownCredentials, + array $extraCredentials = null + ) { + if (empty($ownCredentials)) { + throw new LightSamlBuildException('There are no own credentials'); + } + + $store = new CompositeCredentialStore(); + $store->add(new MetadataCredentialStore($idpEntityDescriptorStore)); + $store->add(new MetadataCredentialStore($spEntityDescriptorStore)); + + $ownCredentialsStore = new StaticCredentialStore(); + foreach ($ownCredentials as $credential) { + $ownCredentialsStore->add($credential); + } + $store->add($ownCredentialsStore); + + $extraCredentialsStore = new StaticCredentialStore(); + $store->add($extraCredentialsStore); + foreach ($this->extraCredentials as $credential) { + $extraCredentialsStore->add($credential); + } + if ($extraCredentials) { + foreach ($extraCredentials as $credential) { + $extraCredentialsStore->add($credential); + } + } + + return $store; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/MetadataCredentialStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/MetadataCredentialStore.php new file mode 100644 index 0000000..1975c19 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/MetadataCredentialStore.php @@ -0,0 +1,70 @@ +entityDescriptorProvider = $entityDescriptorProvider; + } + + /** + * @param string $entityId + * + * @return CredentialInterface[] + */ + public function getByEntityId($entityId) + { + $entityDescriptor = $this->entityDescriptorProvider->get($entityId); + if (false == $entityDescriptor) { + return []; + } + + return $this->extractCredentials($entityDescriptor); + } + + /** + * @return CredentialInterface[] + */ + protected function extractCredentials(EntityDescriptor $entityDescriptor) + { + $result = []; + + foreach ($entityDescriptor->getAllIdpSsoDescriptors() as $idpDescriptor) { + $this->handleDescriptor($idpDescriptor, $entityDescriptor, $result); + } + foreach ($entityDescriptor->getAllSpSsoDescriptors() as $spDescriptor) { + $this->handleDescriptor($spDescriptor, $entityDescriptor, $result); + } + + return $result; + } + + protected function handleDescriptor(SSODescriptor $ssoDescriptor, EntityDescriptor $entityDescriptor, array &$result) + { + foreach ($ssoDescriptor->getAllKeyDescriptors() as $keyDescriptor) { + $credential = (new X509Credential($keyDescriptor->getCertificate())) + ->setEntityId($entityDescriptor->getEntityID()) + ->addKeyName($keyDescriptor->getCertificate()->getName()) + ->setCredentialContext(new CredentialContextSet([ + new MetadataCredentialContext($keyDescriptor, $ssoDescriptor, $entityDescriptor), + ])) + ->setUsageType($keyDescriptor->getUse()) + ; + + $result[] = $credential; + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/StaticCredentialStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/StaticCredentialStore.php new file mode 100644 index 0000000..95b4a11 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/StaticCredentialStore.php @@ -0,0 +1,59 @@ + CredentialInterface[]. + * + * @var array + */ + protected $credentials = []; + + /** + * @param string $entityId + * + * @return CredentialInterface[] + */ + public function getByEntityId($entityId) + { + $this->checkEntityIdExistence($entityId); + + return $this->credentials[$entityId]; + } + + /** + * @param string $entityId + * + * @return bool + */ + public function has($entityId) + { + return array_key_exists($entityId, $this->credentials); + } + + /** + * @return StaticCredentialStore + */ + public function add(CredentialInterface $credential) + { + $this->checkEntityIdExistence($credential->getEntityId()); + + $this->credentials[$credential->getEntityId()][] = $credential; + + return $this; + } + + /** + * @param string $entityId + */ + private function checkEntityIdExistence($entityId) + { + if (false == $this->has($entityId)) { + $this->credentials[$entityId] = []; + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/X509FileCredentialStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/X509FileCredentialStore.php new file mode 100644 index 0000000..b88d9a3 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Credential/X509FileCredentialStore.php @@ -0,0 +1,63 @@ +entityId = $entityId; + $this->certificatePath = $certificatePath; + $this->keyPath = $keyPath; + $this->password = $password; + } + + /** + * @param string $entityId + * + * @return CredentialInterface[] + */ + public function getByEntityId($entityId) + { + if ($entityId != $this->entityId) { + return []; + } + + if (null == $this->credential) { + $certificate = X509Certificate::fromFile($this->certificatePath); + $this->credential = new X509Credential( + $certificate, + KeyHelper::createPrivateKey($this->keyPath, $this->password, true, $certificate->getSignatureAlgorithm()) + ); + $this->credential->setEntityId($this->entityId); + } + + return [$this->credential]; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/CompositeEntityDescriptorStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/CompositeEntityDescriptorStore.php new file mode 100644 index 0000000..b4a1fa5 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/CompositeEntityDescriptorStore.php @@ -0,0 +1,77 @@ +add($store); + } + } + + /** + * @return CompositeEntityDescriptorStore This instance + */ + public function add(EntityDescriptorStoreInterface $store) + { + $this->children[] = $store; + + return $this; + } + + /** + * @param string $entityId + * + * @return EntityDescriptor|null + */ + public function get($entityId) + { + foreach ($this->children as $store) { + $result = $store->get($entityId); + if ($result) { + return $result; + } + } + + return null; + } + + /** + * @param string $entityId + * + * @return bool + */ + public function has($entityId) + { + foreach ($this->children as $store) { + if ($store->has($entityId)) { + return true; + } + } + + return false; + } + + /** + * @return array|EntityDescriptor[] + */ + public function all() + { + $result = []; + foreach ($this->children as $store) { + $result = array_merge($result, $store->all()); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/EntityDescriptorStoreInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/EntityDescriptorStoreInterface.php new file mode 100644 index 0000000..d46020b --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/EntityDescriptorStoreInterface.php @@ -0,0 +1,27 @@ +filename = $filename; + } + + /** + * @param string $entityId + * + * @return EntityDescriptor|null + */ + public function get($entityId) + { + if (null == $this->object) { + $this->load(); + } + + if ($this->object instanceof EntityDescriptor) { + if ($this->object->getEntityID() == $entityId) { + return $this->object; + } else { + return null; + } + } else { + return $this->object->getByEntityId($entityId); + } + } + + /** + * @param string $entityId + * + * @return bool + */ + public function has($entityId) + { + return null != $this->get($entityId); + } + + /** + * @return array|EntityDescriptor[] + */ + public function all() + { + if (null == $this->object) { + $this->load(); + } + + if ($this->object instanceof EntityDescriptor) { + return [$this->object]; + } else { + return $this->object->getAllEntityDescriptors(); + } + } + + private function load() + { + try { + $this->object = EntityDescriptor::load($this->filename); + } catch (LightSamlXmlException $ex) { + $this->object = EntitiesDescriptor::load($this->filename); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/FixedEntityDescriptorStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/FixedEntityDescriptorStore.php new file mode 100644 index 0000000..fa3893d --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/EntityDescriptor/FixedEntityDescriptorStore.php @@ -0,0 +1,69 @@ +descriptor */ + protected $descriptors = []; + + /** + * @param EntityDescriptor|EntitiesDescriptor $entityDescriptor + * + * @return FixedEntityDescriptorStore + * + * @throws \InvalidArgumentException + */ + public function add($entityDescriptor) + { + if ($entityDescriptor instanceof EntityDescriptor) { + if (false == $entityDescriptor->getEntityID()) { + throw new \InvalidArgumentException('EntityDescriptor must have entityId set'); + } + $this->descriptors[$entityDescriptor->getEntityID()] = $entityDescriptor; + } elseif ($entityDescriptor instanceof EntitiesDescriptor) { + foreach ($entityDescriptor->getAllItems() as $item) { + $this->add($item); + } + } else { + throw new \InvalidArgumentException('Expected EntityDescriptor or EntitiesDescriptor'); + } + + return $this; + } + + /** + * @param string $entityId + * + * @return EntityDescriptor|null + */ + public function get($entityId) + { + if (isset($this->descriptors[$entityId])) { + return $this->descriptors[$entityId]; + } + + return null; + } + + /** + * @param string $entityId + * + * @return bool + */ + public function has($entityId) + { + return isset($this->descriptors[$entityId]); + } + + /** + * @return array|EntityDescriptor[] + */ + public function all() + { + return array_values($this->descriptors); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Id/IdArrayStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Id/IdArrayStore.php new file mode 100644 index 0000000..dbccb38 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Id/IdArrayStore.php @@ -0,0 +1,34 @@ +store[$entityId])) { + $this->store[$entityId] = []; + } + $this->store[$entityId][$id] = $expiryTime; + } + + /** + * @param string $entityId + * @param string $id + * + * @return bool + */ + public function has($entityId, $id) + { + return isset($this->store[$entityId][$id]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Id/IdStoreInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Id/IdStoreInterface.php new file mode 100644 index 0000000..2320667 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Id/IdStoreInterface.php @@ -0,0 +1,22 @@ +getArray(); + $arr[$state->getId()] = $state; + $this->setArray($arr); + + return $this; + } + + /** + * @param string $id + * + * @return RequestState|null + */ + public function get($id) + { + $result = null; + $arr = $this->getArray(); + if (false == is_array($arr)) { + $arr = []; + $this->setArray($arr); + } + if (isset($arr[$id])) { + $result = $arr[$id]; + } + if ($result instanceof RequestState) { + return $result; + } + + return null; + } + + /** + * @param string $id + * + * @return bool + */ + public function remove($id) + { + $arr = $this->getArray(); + $result = isset($arr[$id]); + unset($arr[$id]); + $this->setArray($arr); + + return $result; + } + + /** + * @return void + */ + public function clear() + { + $this->setArray([]); + } + + /** + * @return array + */ + abstract protected function getArray(); + + abstract protected function setArray(array $arr); +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateArrayStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateArrayStore.php new file mode 100644 index 0000000..f00bb12 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateArrayStore.php @@ -0,0 +1,21 @@ +arrayStore; + } + + protected function setArray(array $arr) + { + $this->arrayStore = $arr; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateSessionStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateSessionStore.php new file mode 100644 index 0000000..96f1cb5 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateSessionStore.php @@ -0,0 +1,59 @@ +session = $session; + $this->providerId = $providerId; + $this->prefix = $prefix; + } + + /** + * @return string + */ + protected function getKey() + { + return sprintf('%s_%s', $this->providerId, $this->prefix); + } + + protected function getSession(): SessionInterface + { + if (null !== $this->session) { + return $this->session; + } + + throw new LightSamlSessionNotFoundException('Session Not Found'); + } + + /** + * @return array + */ + protected function getArray() + { + return $this->getSession()->get($this->getKey(), []); + } + + protected function setArray(array $arr) + { + $this->getSession()->set($this->getKey(), $arr); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateStoreInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateStoreInterface.php new file mode 100644 index 0000000..b51df99 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Request/RequestStateStoreInterface.php @@ -0,0 +1,32 @@ +ssoState) { + $this->ssoState = new SsoState(); + } + + return $this->ssoState; + } + + /** + * @return void + */ + public function set(SsoState $ssoState) + { + $this->ssoState = $ssoState; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Sso/SsoStateSessionStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Sso/SsoStateSessionStore.php new file mode 100644 index 0000000..14e0d6d --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Sso/SsoStateSessionStore.php @@ -0,0 +1,57 @@ +session = $session; + $this->key = $key; + } + + /** + * @return SsoState + */ + public function get() + { + $result = $this->getSession()->get($this->key); + if (null == $result) { + $result = new SsoState(); + $this->set($result); + } + + return $result; + } + + /** + * @return void + */ + public function set(SsoState $ssoState) + { + $ssoState->setLocalSessionId($this->getSession()->getId()); + $this->getSession()->set($this->key, $ssoState); + } + + protected function getSession(): SessionInterface + { + if (null !== $this->session) { + return $this->session; + } + + throw new LightSamlSessionNotFoundException('Session Not Found'); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Sso/SsoStateStoreInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Sso/SsoStateStoreInterface.php new file mode 100644 index 0000000..b61cbc1 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/Sso/SsoStateStoreInterface.php @@ -0,0 +1,18 @@ +add($store); + } + } + + /** + * @return CompositeTrustOptionsStore This instance + */ + public function add(TrustOptionsStoreInterface $store) + { + $this->children[] = $store; + + return $this; + } + + /** + * @param string $entityId + * + * @return TrustOptions|null + */ + public function get($entityId) + { + foreach ($this->children as $store) { + $result = $store->get($entityId); + if ($result) { + return $result; + } + } + + return null; + } + + /** + * @param string $entityId + * + * @return bool + */ + public function has($entityId) + { + foreach ($this->children as $store) { + if ($store->has($entityId)) { + return true; + } + } + + return false; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/FixedTrustOptionsStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/FixedTrustOptionsStore.php new file mode 100644 index 0000000..8f997fc --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/FixedTrustOptionsStore.php @@ -0,0 +1,49 @@ +option = $option; + } + + /** + * @return FixedTrustOptionsStore + */ + public function setTrustOptions(TrustOptions $trustOptions = null) + { + $this->option = $trustOptions; + + return $this; + } + + /** + * @param string $entityId + * + * @return TrustOptions|null + */ + public function get($entityId) + { + return $this->option; + } + + /** + * @param string $entityId + * + * @return bool + */ + public function has($entityId) + { + return true; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/StaticTrustOptionsStore.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/StaticTrustOptionsStore.php new file mode 100644 index 0000000..9cc7ab3 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/StaticTrustOptionsStore.php @@ -0,0 +1,43 @@ +options[$entityId] = $options; + + return $this; + } + + /** + * @param string $entityId + * + * @return TrustOptions|null + */ + public function get($entityId) + { + return isset($this->options[$entityId]) ? $this->options[$entityId] : null; + } + + /** + * @param string $entityId + * + * @return bool + */ + public function has($entityId) + { + return isset($this->options[$entityId]); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/TrustOptionsStoreInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/TrustOptionsStoreInterface.php new file mode 100644 index 0000000..d618e48 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Store/TrustOptions/TrustOptionsStoreInterface.php @@ -0,0 +1,22 @@ +validateConditions($assertion, $now, $allowedSecondsSkew); + $this->validateAuthnStatements($assertion, $now, $allowedSecondsSkew); + $this->validateSubject($assertion, $now, $allowedSecondsSkew); + } + + /** + * @param int $now + * @param int $allowedSecondsSkew + */ + protected function validateConditions(Assertion $assertion, $now, $allowedSecondsSkew) + { + if (false == $assertion->getConditions()) { + return; + } + + if (false == Helper::validateNotBefore($assertion->getConditions()->getNotBeforeTimestamp(), $now, $allowedSecondsSkew)) { + throw new LightSamlValidationException('Conditions.NotBefore must not be in the future'); + } + + if (false == Helper::validateNotOnOrAfter($assertion->getConditions()->getNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) { + throw new LightSamlValidationException('Conditions.NotOnOrAfter must not be in the past'); + } + } + + /** + * @param int $now + * @param int $allowedSecondsSkew + */ + protected function validateAuthnStatements(Assertion $assertion, $now, $allowedSecondsSkew) + { + if (false == $assertion->getAllAuthnStatements()) { + return; + } + + foreach ($assertion->getAllAuthnStatements() as $authnStatement) { + if (false == Helper::validateNotOnOrAfter($authnStatement->getSessionNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) { + throw new LightSamlValidationException('AuthnStatement attribute SessionNotOnOrAfter MUST be in the future'); + } + // TODO: Consider validating that authnStatement.AuthnInstant is in the past + } + } + + /** + * @param int $now + * @param int $allowedSecondsSkew + */ + protected function validateSubject(Assertion $assertion, $now, $allowedSecondsSkew) + { + if (false == $assertion->getSubject()) { + return; + } + + foreach ($assertion->getSubject()->getAllSubjectConfirmations() as $subjectConfirmation) { + if ($subjectConfirmation->getSubjectConfirmationData()) { + if (false == Helper::validateNotBefore($subjectConfirmation->getSubjectConfirmationData()->getNotBeforeTimestamp(), $now, $allowedSecondsSkew)) { + throw new LightSamlValidationException('SubjectConfirmationData.NotBefore must not be in the future'); + } + if (false == Helper::validateNotOnOrAfter($subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) { + throw new LightSamlValidationException('SubjectConfirmationData.NotOnOrAfter must not be in the past'); + } + } + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Assertion/AssertionTimeValidatorInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Assertion/AssertionTimeValidatorInterface.php new file mode 100644 index 0000000..b69467f --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Assertion/AssertionTimeValidatorInterface.php @@ -0,0 +1,18 @@ +nameIdValidator = $nameIdValidator; + $this->subjectValidator = $subjectValidator; + $this->statementValidator = $statementValidator; + } + + /** + * @return void + */ + public function validateAssertion(Assertion $assertion) + { + $this->validateAssertionAttributes($assertion); + $this->validateSubject($assertion); + $this->validateConditions($assertion); + $this->validateStatements($assertion); + } + + /** + * @throws LightSamlValidationException + */ + protected function validateAssertionAttributes(Assertion $assertion) + { + if (false == Helper::validateRequiredString($assertion->getVersion())) { + throw new LightSamlValidationException('Assertion element must have the Version attribute set.'); + } + if (SamlConstants::VERSION_20 != $assertion->getVersion()) { + throw new LightSamlValidationException('Assertion element must have the Version attribute value equal to 2.0.'); + } + if (false == Helper::validateRequiredString($assertion->getId())) { + throw new LightSamlValidationException('Assertion element must have the ID attribute set.'); + } + if (false == Helper::validateIdString($assertion->getId())) { + throw new LightSamlValidationException('Assertion element must have an ID attribute with at least 16 characters (the equivalent of 128 bits).'); + } + if (false == $assertion->getIssueInstantTimestamp()) { + throw new LightSamlValidationException('Assertion element must have the IssueInstant attribute set.'); + } + if (false == $assertion->getIssuer()) { + throw new LightSamlValidationException('Assertion element must have an issuer element.'); + } + $this->nameIdValidator->validateNameId($assertion->getIssuer()); + } + + /** + * @throws LightSamlValidationException + */ + protected function validateSubject(Assertion $assertion) + { + if (false == $assertion->getSubject()) { + if (false == $assertion->getAllItems()) { + throw new LightSamlValidationException('Assertion with no Statements must have a subject.'); + } + foreach ($assertion->getAllItems() as $item) { + if ($item instanceof AuthnStatement || $item instanceof AttributeStatement) { + throw new LightSamlValidationException('AuthnStatement, AuthzDecisionStatement and AttributeStatement require a subject.'); + } + } + } else { + $this->subjectValidator->validateSubject($assertion->getSubject()); + } + } + + protected function validateConditions(Assertion $assertion) + { + if (false == $assertion->getConditions()) { + return; + } + + $this->validateConditionsInterval($assertion->getConditions()); + + $oneTimeUseSeen = $proxyRestrictionSeen = false; + + foreach ($assertion->getConditions()->getAllItems() as $item) { + if ($item instanceof OneTimeUse) { + if ($oneTimeUseSeen) { + throw new LightSamlValidationException('Assertion contained more than one condition of type OneTimeUse'); + } + $oneTimeUseSeen = true; + } elseif ($item instanceof ProxyRestriction) { + if ($proxyRestrictionSeen) { + throw new LightSamlValidationException('Assertion contained more than one condition of type ProxyRestriction'); + } + $proxyRestrictionSeen = true; + + $this->validateProxyRestriction($item); + } elseif ($item instanceof AudienceRestriction) { + $this->validateAudienceRestriction($item); + } + } + } + + protected function validateConditionsInterval(Conditions $conditions) + { + if ( + $conditions->getNotBeforeTimestamp() && + $conditions->getNotOnOrAfterTimestamp() && + $conditions->getNotBeforeTimestamp() > $conditions->getNotOnOrAfterTimestamp() + ) { + throw new LightSamlValidationException('Conditions NotBefore MUST BE less than NotOnOrAfter'); + } + } + + /** + * @throws LightSamlValidationException + */ + protected function validateProxyRestriction(ProxyRestriction $item) + { + if (null === $item->getCount() || '' === $item->getCount() || intval($item->getCount()) != $item->getCount() || $item->getCount() < 0) { + throw new LightSamlValidationException('Count attribute of ProxyRestriction MUST BE a non-negative integer'); + } + + if ($item->getAllAudience()) { + foreach ($item->getAllAudience() as $audience) { + if (false == Helper::validateWellFormedUriString($audience)) { + throw new LightSamlValidationException('ProxyRestriction Audience MUST BE a wellformed uri'); + } + } + } + } + + /** + * @throws LightSamlValidationException + */ + protected function validateAudienceRestriction(AudienceRestriction $item) + { + if (false == $item->getAllAudience()) { + return; + } + + foreach ($item->getAllAudience() as $audience) { + if (false == Helper::validateWellFormedUriString($audience)) { + throw new LightSamlValidationException('AudienceRestriction MUST BE a wellformed uri'); + } + } + } + + protected function validateStatements(Assertion $assertion) + { + if (false == $assertion->getAllItems()) { + return; + } + + foreach ($assertion->getAllItems() as $statement) { + $this->statementValidator->validateStatement($statement); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Assertion/AssertionValidatorInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Assertion/AssertionValidatorInterface.php new file mode 100644 index 0000000..2f73ff2 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Assertion/AssertionValidatorInterface.php @@ -0,0 +1,15 @@ + 'validateEmailFormat', + SamlConstants::NAME_ID_FORMAT_X509_SUBJECT_NAME => 'validateX509SubjectNameFormat', + SamlConstants::NAME_ID_FORMAT_WINDOWS => 'validateWindowsFormat', + SamlConstants::NAME_ID_FORMAT_KERBEROS => 'validateKerberosFormat', + SamlConstants::NAME_ID_FORMAT_ENTITY => 'validateEntityFormat', + SamlConstants::NAME_ID_FORMAT_PERSISTENT => 'validatePersistentFormat', + SamlConstants::NAME_ID_FORMAT_TRANSIENT => 'validateTransientFormat', + ]; + + /** + * @throws \LightSaml\Error\LightSamlValidationException + * + * @return void + */ + public function validateNameId(AbstractNameID $nameId) + { + if (false == $nameId->getFormat()) { + return; + } + + $this->validateFormat($nameId); + + $validatorMethod = isset(self::$formatValidators[$nameId->getFormat()]) ? self::$formatValidators[$nameId->getFormat()] : null; + + if ($validatorMethod) { + $this->{$validatorMethod}($nameId); + } + } + + protected function validateFormat(AbstractNameID $nameId) + { + if (false == Helper::validateWellFormedUriString($nameId->getFormat())) { + throw new LightSamlValidationException(sprintf("NameID element has Format attribute '%s' which is not a wellformed absolute uri", $nameId->getFormat())); + } + } + + protected function validateEmailFormat(AbstractNameID $nameId) + { + if (false == Helper::validateRequiredString($nameId->getValue())) { + throw new LightSamlValidationException('NameID with Email Format attribute MUST contain a Value that contains more than whitespace characters'); + } + + if (false == filter_var($nameId->getValue(), FILTER_VALIDATE_EMAIL)) { + throw new LightSamlValidationException('Value of NameID is not a valid email address according to the IETF RFC 2822 specification'); + } + } + + protected function validateX509SubjectNameFormat(AbstractNameID $nameId) + { + if (false == Helper::validateRequiredString($nameId->getValue())) { + throw new LightSamlValidationException('NameID with X509SubjectName Format attribute MUST contain a Value that contains more than whitespace characters'); + } + + // TODO: Consider checking for correct encoding of the Value according to the + // XML Signature Recommendation (http://www.w3.org/TR/xmldsig-core/) section 4.4.4 + } + + protected function validateWindowsFormat(AbstractNameID $nameId) + { + // Required format is 'DomainName\UserName' but the domain name and the '\' are optional + if (false == Helper::validateRequiredString($nameId->getValue())) { + throw new LightSamlValidationException('NameID with Windows Format attribute MUST contain a Value that contains more than whitespace characters'); + } + } + + protected function validateKerberosFormat(AbstractNameID $nameId) + { + // Required format is 'name[/instance]@REALM' + if (false == Helper::validateRequiredString($nameId->getValue())) { + throw new LightSamlValidationException('NameID with Kerberos Format attribute MUST contain a Value that contains more than whitespace characters'); + } + if (strlen($nameId->getValue()) < 3) { + throw new LightSamlValidationException('NameID with Kerberos Format attribute MUST contain a Value with at least 3 characters'); + } + if (false === strpos($nameId->getValue(), '@')) { + throw new LightSamlValidationException("NameID with Kerberos Format attribute MUST contain a Value that contains a '@'"); + } + // TODO: Consider implementing the rules for 'name', 'instance' and 'REALM' found in IETF RFC 1510 (http://www.ietf.org/rfc/rfc1510.txt) here + } + + protected function validateEntityFormat(AbstractNameID $nameId) + { + if (false == Helper::validateRequiredString($nameId->getValue())) { + throw new LightSamlValidationException('NameID with Entity Format attribute MUST contain a Value that contains more than whitespace characters'); + } + if (strlen($nameId->getValue()) > 1024) { + throw new LightSamlValidationException('NameID with Entity Format attribute MUST have a Value that contains no more than 1024 characters'); + } + if (false != $nameId->getNameQualifier()) { + throw new LightSamlValidationException('NameID with Entity Format attribute MUST NOT set the NameQualifier attribute'); + } + if (false != $nameId->getSPNameQualifier()) { + throw new LightSamlValidationException('NameID with Entity Format attribute MUST NOT set the SPNameQualifier attribute'); + } + if (false != $nameId->getSPProvidedID()) { + throw new LightSamlValidationException('NameID with Entity Format attribute MUST NOT set the SPProvidedID attribute'); + } + } + + protected function validatePersistentFormat(AbstractNameID $nameId) + { + if (false == Helper::validateRequiredString($nameId->getValue())) { + throw new LightSamlValidationException('NameID with Persistent Format attribute MUST contain a Value that contains more than whitespace characters'); + } + if (strlen($nameId->getValue()) > 256) { + throw new LightSamlValidationException('NameID with Persistent Format attribute MUST have a Value that contains no more than 256 characters'); + } + } + + protected function validateTransientFormat(AbstractNameID $nameId) + { + if (false == Helper::validateRequiredString($nameId->getValue())) { + throw new LightSamlValidationException('NameID with Transient Format attribute MUST contain a Value that contains more than whitespace characters'); + } + if (strlen($nameId->getValue()) > 256) { + throw new LightSamlValidationException('NameID with Transient Format attribute MUST have a Value that contains no more than 256 characters'); + } + if (false == Helper::validateIdString($nameId->getValue())) { + throw new LightSamlValidationException(sprintf("NameID '%s' with Transient Format attribute MUST have a Value with at least 16 characters (the equivalent of 128 bits)", $nameId->getValue())); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/NameId/NameIdValidatorInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/NameId/NameIdValidatorInterface.php new file mode 100644 index 0000000..134e953 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/NameId/NameIdValidatorInterface.php @@ -0,0 +1,13 @@ +credentialResolver = $credentialResolver; + } + + /** + * @param string $issuer + * @param string $metadataType + * + * @return CredentialInterface|null + */ + public function validate(AbstractSignatureReader $signature, $issuer, $metadataType) + { + $query = $this->credentialResolver->query(); + $query + ->add(new EntityIdCriteria($issuer)) + ->add(new MetadataCriteria($metadataType, SamlConstants::VERSION_20)) + ->add(new UsageCriteria(UsageType::SIGNING)) + ; + if ($signature->getKey() && $signature->getKey()->getX509Thumbprint()) { + $query->add(new PublicKeyThumbprintCriteria($signature->getKey()->getX509Thumbprint())); + } + $query->resolve(); + + $credentialCandidates = $query->allCredentials(); + if (empty($credentialCandidates)) { + throw new LightSamlSecurityException('No credentials resolved for signature verification'); + } + $credential = $signature->validateMulti($credentialCandidates); + + return $credential; + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Signature/SignatureValidatorInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Signature/SignatureValidatorInterface.php new file mode 100644 index 0000000..97544e9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Signature/SignatureValidatorInterface.php @@ -0,0 +1,17 @@ +validateAuthnStatement($statement); + } elseif ($statement instanceof AttributeStatement) { + $this->validateAttributeStatement($statement); + } else { + throw new LightSamlValidationException(sprintf("Unsupported Statement type '%s'", get_class($statement))); + } + } + + private function validateAuthnStatement(AuthnStatement $statement) + { + if (false == $statement->getAuthnInstantTimestamp()) { + throw new LightSamlValidationException('AuthnStatement MUST have an AuthnInstant attribute'); + } + if (false == Helper::validateOptionalString($statement->getSessionIndex())) { + throw new LightSamlValidationException('SessionIndex attribute of AuthnStatement must contain at least one non-whitespace character'); + } + if ($statement->getSubjectLocality()) { + if (false == Helper::validateOptionalString($statement->getSubjectLocality()->getAddress())) { + throw new LightSamlValidationException('Address attribute of SubjectLocality must contain at least one non-whitespace character'); + } + if (false == Helper::validateOptionalString($statement->getSubjectLocality()->getDnsName())) { + throw new LightSamlValidationException('DNSName attribute of SubjectLocality must contain at least one non-whitespace character'); + } + } + if (false == $statement->getAuthnContext()) { + throw new LightSamlValidationException('AuthnStatement MUST have an AuthnContext element'); + } + $this->validateAuthnContext($statement->getAuthnContext()); + } + + private function validateAuthnContext(AuthnContext $authnContext) + { + if ( + false == $authnContext->getAuthnContextClassRef() && + false == $authnContext->getAuthnContextDecl() && + false == $authnContext->getAuthnContextDeclRef() + ) { + throw new LightSamlValidationException('AuthnContext element MUST contain at least one AuthnContextClassRef, AuthnContextDecl or AuthnContextDeclRef element'); + } + + if ( + $authnContext->getAuthnContextClassRef() && + $authnContext->getAuthnContextDecl() && + $authnContext->getAuthnContextDeclRef() + ) { + throw new LightSamlValidationException('AuthnContext MUST NOT contain more than two elements.'); + } + + if ($authnContext->getAuthnContextClassRef()) { + if (false == Helper::validateWellFormedUriString($authnContext->getAuthnContextClassRef())) { + throw new LightSamlValidationException('AuthnContextClassRef has a value which is not a wellformed absolute uri'); + } + } + if ($authnContext->getAuthnContextDeclRef()) { + if (false === Helper::validateWellFormedUriString($authnContext->getAuthnContextDeclRef())) { + throw new LightSamlValidationException('AuthnContextDeclRef has a value which is not a wellformed absolute uri'); + } + } + } + + private function validateAttributeStatement(AttributeStatement $statement) + { + if (false == $statement->getAllAttributes()) { + throw new LightSamlValidationException('AttributeStatement MUST contain at least one Attribute or EncryptedAttribute'); + } + + foreach ($statement->getAllAttributes() as $attribute) { + $this->validateAttribute($attribute); + } + } + + /** + * @throws LightSamlValidationException + * + * @return void + */ + private function validateAttribute(Attribute $attribute) + { + if (false == Helper::validateRequiredString($attribute->getName())) { + throw new LightSamlValidationException('Name attribute of Attribute element MUST contain at least one non-whitespace character'); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Statement/StatementValidatorInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Statement/StatementValidatorInterface.php new file mode 100644 index 0000000..d3052b9 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Statement/StatementValidatorInterface.php @@ -0,0 +1,13 @@ +nameIdValidator = $nameIdValidator; + } + + /** + * @throws LightSamlValidationException + * + * @return void + */ + public function validateSubject(Subject $subject) + { + if ( + false == $subject->getNameID() && + false == $subject->getAllSubjectConfirmations() + ) { + throw new LightSamlValidationException('Subject MUST contain either an identifier or a subject confirmation'); + } + + if ($subject->getNameID()) { + $this->nameIdValidator->validateNameId($subject->getNameID()); + } + + foreach ($subject->getAllSubjectConfirmations() as $subjectConfirmation) { + $this->validateSubjectConfirmation($subjectConfirmation); + } + } + + /** + * @throws \LightSaml\Error\LightSamlValidationException + */ + protected function validateSubjectConfirmation(SubjectConfirmation $subjectConfirmation) + { + if (false == Helper::validateRequiredString($subjectConfirmation->getMethod())) { + throw new LightSamlValidationException('Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character'); + } + if (false == Helper::validateWellFormedUriString($subjectConfirmation->getMethod())) { + throw new LightSamlValidationException('SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.'); + } + if ($subjectConfirmation->getNameID()) { + $this->nameIdValidator->validateNameId($subjectConfirmation->getNameID()); + } + if ($subjectConfirmation->getSubjectConfirmationData()) { + $this->validateSubjectConfirmationData($subjectConfirmation->getSubjectConfirmationData()); + } + } + + protected function validateSubjectConfirmationData(SubjectConfirmationData $subjectConfirmationData) + { + if ($subjectConfirmationData->getRecipient()) { + if (false == Helper::validateWellFormedUriString($subjectConfirmationData->getRecipient())) { + throw new LightSamlValidationException('Recipient of SubjectConfirmationData must be a wellformed absolute URI.'); + } + } + if ( + $subjectConfirmationData->getNotBeforeTimestamp() && + $subjectConfirmationData->getNotOnOrAfterTimestamp() && + $subjectConfirmationData->getNotBeforeTimestamp() >= $subjectConfirmationData->getNotOnOrAfterTimestamp() + ) { + throw new LightSamlValidationException('SubjectConfirmationData NotBefore MUST be less than NotOnOrAfter'); + } + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Subject/SubjectValidatorInterface.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Subject/SubjectValidatorInterface.php new file mode 100644 index 0000000..5da6915 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Subject/SubjectValidatorInterface.php @@ -0,0 +1,13 @@ + self::WARNING, + LIBXML_ERR_ERROR => self::ERROR, + LIBXML_ERR_FATAL => self::FATAL, + ]; + + /** @var string */ + private $level; + + /** @var string */ + private $code; + + /** @var string */ + private $message; + + /** @var string */ + private $line; + + /** @var string */ + private $column; + + /** + * @return XsdError + */ + public static function fromLibXMLError(\LibXMLError $error) + { + return new self( + isset(self::$levelMap[$error->level]) ? self::$levelMap[$error->level] : 'Unknown', + $error->code, + $error->message, + $error->line, + $error->column + ); + } + + /** + * @param string $level + * @param string $code + * @param string $message + * @param string $line + * @param string $column + */ + public function __construct($level, $code, $message, $line, $column) + { + $this->level = $level; + $this->code = $code; + $this->message = $message; + $this->line = $line; + $this->column = $column; + } + + /** + * @return string + */ + public function getLevel() + { + return $this->level; + } + + /** + * @return string + */ + public function getCode() + { + return $this->code; + } + + /** + * @return string + */ + public function getMessage() + { + return $this->message; + } + + /** + * @return string + */ + public function getLine() + { + return $this->line; + } + + /** + * @return string + */ + public function getColumn() + { + return $this->column; + } + + public function __toString() + { + return sprintf( + '%s %s: %s on line %s column %s', + $this->level, + $this->code, + trim($this->message), + $this->line, + $this->column + ); + } +} diff --git a/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Xsd/XsdValidator.php b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Xsd/XsdValidator.php new file mode 100644 index 0000000..aa3fa52 --- /dev/null +++ b/qa-tool/htdocs/vendor/litesaml/lightsaml/src/Validator/Model/Xsd/XsdValidator.php @@ -0,0 +1,73 @@ +validate($xml, 'saml-schema-protocol-2.0.xsd'); + } + + /** + * @param string $xml + * + * @return XsdError[] + */ + public function validateMetadata($xml) + { + return $this->validate($xml, 'saml-schema-metadata-2.0.xsd'); + } + + /** + * @param string $xml + * @param string $schema + * + * @return XsdError[] + */ + private function validate($xml, $schema) + { + $result = []; + libxml_clear_errors(); + $doc = new \DOMDocument(); + + set_error_handler(function ($errno, $errstr, $errfile, $errline, array $errcontext) use (&$result) { + $error = new XsdError(XsdError::FATAL, $errno, $errstr, 0, 0); + $result[] = $error; + }); + + $schemaFile = __DIR__ . '/../../../../vendor/litesaml/schemas/resources/' . $schema; + if (!is_file($schemaFile)) { + throw new LightSamlXmlException('Invalid schema specified'); + } + + $ok = @$doc->loadXML($xml); + if (!$ok) { + restore_error_handler(); + + return [ + new XsdError(XsdError::FATAL, 0, 'Invalid XML', 0, 0), + ]; + } + + @$doc->schemaValidate($schemaFile); + + /** @var \LibXMLError[] $errors */ + $errors = libxml_get_errors(); + foreach ($errors as $error) { + $err = XsdError::fromLibXMLError($error); + $result[] = $err; + } + + restore_error_handler(); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/LICENSE.txt b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/LICENSE.txt new file mode 100644 index 0000000..91acaca --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/LICENSE.txt @@ -0,0 +1,48 @@ +The MIT License (MIT) + +Copyright (c) 2016 - 2022 Paragon Initiative Enterprises + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +------------------------------------------------------------------------------ +This library was based on the work of Steve "Sc00bz" Thomas. +------------------------------------------------------------------------------ + +The MIT License (MIT) + +Copyright (c) 2014 Steve Thomas + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/README.md b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/README.md new file mode 100644 index 0000000..211f0dc --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/README.md @@ -0,0 +1,88 @@ +# Constant-Time Encoding + +[![Build Status](https://github.com/paragonie/constant_time_encoding/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/constant_time_encoding/actions) +[![Static Analysis](https://github.com/paragonie/constant_time_encoding/actions/workflows/psalm.yml/badge.svg)](https://github.com/paragonie/constant_time_encoding/actions) +[![Latest Stable Version](https://poser.pugx.org/paragonie/constant_time_encoding/v/stable)](https://packagist.org/packages/paragonie/constant_time_encoding) +[![Latest Unstable Version](https://poser.pugx.org/paragonie/constant_time_encoding/v/unstable)](https://packagist.org/packages/paragonie/constant_time_encoding) +[![License](https://poser.pugx.org/paragonie/constant_time_encoding/license)](https://packagist.org/packages/paragonie/constant_time_encoding) +[![Downloads](https://img.shields.io/packagist/dt/paragonie/constant_time_encoding.svg)](https://packagist.org/packages/paragonie/constant_time_encoding) + +Based on the [constant-time base64 implementation made by Steve "Sc00bz" Thomas](https://github.com/Sc00bz/ConstTimeEncoding), +this library aims to offer character encoding functions that do not leak +information about what you are encoding/decoding via processor cache +misses. Further reading on [cache-timing attacks](http://blog.ircmaxell.com/2014/11/its-all-about-time.html). + +Our fork offers the following enhancements: + +* `mbstring.func_overload` resistance +* Unit tests +* Composer- and Packagist-ready +* Base16 encoding +* Base32 encoding +* Uses `pack()` and `unpack()` instead of `chr()` and `ord()` + +## PHP Version Requirements + +Version 3 of this library should work on **PHP 8** or newer. + +Version 2 of this library should work on **PHP 7** or newer. See [the v2.x branch](https://github.com/paragonie/constant_time_encoding/tree/v2.x). + +For PHP 5 support, see [the v1.x branch](https://github.com/paragonie/constant_time_encoding/tree/v1.x). + +If you are adding this as a dependency to a project intended to work on PHP 5 through 8.4, please set the required version to `^1|^2|^3`. + +## How to Install + +```sh +composer require paragonie/constant_time_encoding +``` + +## How to Use + +```php +use ParagonIE\ConstantTime\Encoding; + +// possibly (if applicable): +// require 'vendor/autoload.php'; + +$data = random_bytes(32); +echo Encoding::base64Encode($data), "\n"; +echo Encoding::base32EncodeUpper($data), "\n"; +echo Encoding::base32Encode($data), "\n"; +echo Encoding::hexEncode($data), "\n"; +echo Encoding::hexEncodeUpper($data), "\n"; +``` + +Example output: + +``` +1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE= +2VMKKPSHSWVCVZJ6E7SONRY3ZXCNG3GE6ZZFU7TGJSX7KUKFNLAQ==== +2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq==== +d558a53e4795aa2ae53e27e4e6c71bcdc4d36cc4f6725a7e664caff551456ac1 +D558A53E4795AA2AE53E27E4E6C71BDCC4D36CC4F6725A7E664CAFF551456AC1 +``` + +If you only need a particular variant, you can just reference the +required class like so: + +```php +use ParagonIE\ConstantTime\Base64; +use ParagonIE\ConstantTime\Base32; + +$data = random_bytes(32); +echo Base64::encode($data), "\n"; +echo Base32::encode($data), "\n"; +``` + +Example output: + +``` +1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE= +2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq==== +``` + +## Support Contracts + +If your company uses this library in their products or services, you may be +interested in [purchasing a support contract from Paragon Initiative Enterprises](https://paragonie.com/enterprise). diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/composer.json b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/composer.json new file mode 100644 index 0000000..5023095 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/composer.json @@ -0,0 +1,56 @@ +{ + "name": "paragonie/constant_time_encoding", + "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)", + "keywords": [ + "base64", + "encoding", + "rfc4648", + "base32", + "base16", + "hex", + "bin2hex", + "hex2bin", + "base64_encode", + "base64_decode", + "base32_encode", + "base32_decode" + ], + "license": "MIT", + "type": "library", + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com", + "role": "Maintainer" + }, + { + "name": "Steve 'Sc00bz' Thomas", + "email": "steve@tobtu.com", + "homepage": "https://www.tobtu.com", + "role": "Original Developer" + } + ], + "support": { + "issues": "https://github.com/paragonie/constant_time_encoding/issues", + "email": "info@paragonie.com", + "source": "https://github.com/paragonie/constant_time_encoding" + }, + "require": { + "php": "^8" + }, + "require-dev": { + "phpunit/phpunit": "^9", + "vimeo/psalm": "^4|^5" + }, + "autoload": { + "psr-4": { + "ParagonIE\\ConstantTime\\": "src/" + } + }, + "autoload-dev": { + "psr-4": { + "ParagonIE\\ConstantTime\\Tests\\": "tests/" + } + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base32.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base32.php new file mode 100644 index 0000000..48d00b9 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base32.php @@ -0,0 +1,541 @@ + 96 && $src < 123) $ret += $src - 97 + 1; // -64 + $ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 96); + + // if ($src > 0x31 && $src < 0x38) $ret += $src - 24 + 1; // -23 + $ret += (((0x31 - $src) & ($src - 0x38)) >> 8) & ($src - 23); + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 5-bit integers + * into 8-bit integers. + * + * Uppercase variant. + * + * @param int $src + * @return int + */ + protected static function decode5BitsUpper(int $src): int + { + $ret = -1; + + // if ($src > 64 && $src < 91) $ret += $src - 65 + 1; // -64 + $ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64); + + // if ($src > 0x31 && $src < 0x38) $ret += $src - 24 + 1; // -23 + $ret += (((0x31 - $src) & ($src - 0x38)) >> 8) & ($src - 23); + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 5-bit integers. + * + * @param int $src + * @return string + */ + protected static function encode5Bits(int $src): string + { + $diff = 0x61; + + // if ($src > 25) $ret -= 72; + $diff -= ((25 - $src) >> 8) & 73; + + return \pack('C', $src + $diff); + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 5-bit integers. + * + * Uppercase variant. + * + * @param int $src + * @return string + */ + protected static function encode5BitsUpper(int $src): string + { + $diff = 0x41; + + // if ($src > 25) $ret -= 40; + $diff -= ((25 - $src) >> 8) & 41; + + return \pack('C', $src + $diff); + } + + /** + * @param string $encodedString + * @param bool $upper + * @return string + */ + public static function decodeNoPadding( + #[\SensitiveParameter] + string $encodedString, + bool $upper = false + ): string { + $srcLen = Binary::safeStrlen($encodedString); + if ($srcLen === 0) { + return ''; + } + if (($srcLen & 7) === 0) { + for ($j = 0; $j < 7 && $j < $srcLen; ++$j) { + if ($encodedString[$srcLen - $j - 1] === '=') { + throw new InvalidArgumentException( + "decodeNoPadding() doesn't tolerate padding" + ); + } + } + } + return static::doDecode( + $encodedString, + $upper, + true + ); + } + + /** + * Base32 decoding + * + * @param string $src + * @param bool $upper + * @param bool $strictPadding + * @return string + * + * @throws TypeError + */ + protected static function doDecode( + #[\SensitiveParameter] + string $src, + bool $upper = false, + bool $strictPadding = false + ): string { + // We do this to reduce code duplication: + $method = $upper + ? 'decode5BitsUpper' + : 'decode5Bits'; + + // Remove padding + $srcLen = Binary::safeStrlen($src); + if ($srcLen === 0) { + return ''; + } + if ($strictPadding) { + if (($srcLen & 7) === 0) { + for ($j = 0; $j < 7; ++$j) { + if ($src[$srcLen - 1] === '=') { + $srcLen--; + } else { + break; + } + } + } + if (($srcLen & 7) === 1) { + throw new RangeException( + 'Incorrect padding' + ); + } + } else { + $src = \rtrim($src, '='); + $srcLen = Binary::safeStrlen($src); + } + + $err = 0; + $dest = ''; + // Main loop (no padding): + for ($i = 0; $i + 8 <= $srcLen; $i += 8) { + /** @var array $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 8)); + /** @var int $c0 */ + $c0 = static::$method($chunk[1]); + /** @var int $c1 */ + $c1 = static::$method($chunk[2]); + /** @var int $c2 */ + $c2 = static::$method($chunk[3]); + /** @var int $c3 */ + $c3 = static::$method($chunk[4]); + /** @var int $c4 */ + $c4 = static::$method($chunk[5]); + /** @var int $c5 */ + $c5 = static::$method($chunk[6]); + /** @var int $c6 */ + $c6 = static::$method($chunk[7]); + /** @var int $c7 */ + $c7 = static::$method($chunk[8]); + + $dest .= \pack( + 'CCCCC', + (($c0 << 3) | ($c1 >> 2) ) & 0xff, + (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff, + (($c3 << 4) | ($c4 >> 1) ) & 0xff, + (($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff, + (($c6 << 5) | ($c7 ) ) & 0xff + ); + $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6 | $c7) >> 8; + } + // The last chunk, which may have padding: + if ($i < $srcLen) { + /** @var array $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i)); + /** @var int $c0 */ + $c0 = static::$method($chunk[1]); + + if ($i + 6 < $srcLen) { + /** @var int $c1 */ + $c1 = static::$method($chunk[2]); + /** @var int $c2 */ + $c2 = static::$method($chunk[3]); + /** @var int $c3 */ + $c3 = static::$method($chunk[4]); + /** @var int $c4 */ + $c4 = static::$method($chunk[5]); + /** @var int $c5 */ + $c5 = static::$method($chunk[6]); + /** @var int $c6 */ + $c6 = static::$method($chunk[7]); + + $dest .= \pack( + 'CCCC', + (($c0 << 3) | ($c1 >> 2) ) & 0xff, + (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff, + (($c3 << 4) | ($c4 >> 1) ) & 0xff, + (($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff + ); + $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6) >> 8; + if ($strictPadding) { + $err |= ($c6 << 5) & 0xff; + } + } elseif ($i + 5 < $srcLen) { + /** @var int $c1 */ + $c1 = static::$method($chunk[2]); + /** @var int $c2 */ + $c2 = static::$method($chunk[3]); + /** @var int $c3 */ + $c3 = static::$method($chunk[4]); + /** @var int $c4 */ + $c4 = static::$method($chunk[5]); + /** @var int $c5 */ + $c5 = static::$method($chunk[6]); + + $dest .= \pack( + 'CCCC', + (($c0 << 3) | ($c1 >> 2) ) & 0xff, + (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff, + (($c3 << 4) | ($c4 >> 1) ) & 0xff, + (($c4 << 7) | ($c5 << 2) ) & 0xff + ); + $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5) >> 8; + } elseif ($i + 4 < $srcLen) { + /** @var int $c1 */ + $c1 = static::$method($chunk[2]); + /** @var int $c2 */ + $c2 = static::$method($chunk[3]); + /** @var int $c3 */ + $c3 = static::$method($chunk[4]); + /** @var int $c4 */ + $c4 = static::$method($chunk[5]); + + $dest .= \pack( + 'CCC', + (($c0 << 3) | ($c1 >> 2) ) & 0xff, + (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff, + (($c3 << 4) | ($c4 >> 1) ) & 0xff + ); + $err |= ($c0 | $c1 | $c2 | $c3 | $c4) >> 8; + if ($strictPadding) { + $err |= ($c4 << 7) & 0xff; + } + } elseif ($i + 3 < $srcLen) { + /** @var int $c1 */ + $c1 = static::$method($chunk[2]); + /** @var int $c2 */ + $c2 = static::$method($chunk[3]); + /** @var int $c3 */ + $c3 = static::$method($chunk[4]); + + $dest .= \pack( + 'CC', + (($c0 << 3) | ($c1 >> 2) ) & 0xff, + (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff + ); + $err |= ($c0 | $c1 | $c2 | $c3) >> 8; + if ($strictPadding) { + $err |= ($c3 << 4) & 0xff; + } + } elseif ($i + 2 < $srcLen) { + /** @var int $c1 */ + $c1 = static::$method($chunk[2]); + /** @var int $c2 */ + $c2 = static::$method($chunk[3]); + + $dest .= \pack( + 'CC', + (($c0 << 3) | ($c1 >> 2) ) & 0xff, + (($c1 << 6) | ($c2 << 1) ) & 0xff + ); + $err |= ($c0 | $c1 | $c2) >> 8; + if ($strictPadding) { + $err |= ($c2 << 6) & 0xff; + } + } elseif ($i + 1 < $srcLen) { + /** @var int $c1 */ + $c1 = static::$method($chunk[2]); + + $dest .= \pack( + 'C', + (($c0 << 3) | ($c1 >> 2) ) & 0xff + ); + $err |= ($c0 | $c1) >> 8; + if ($strictPadding) { + $err |= ($c1 << 6) & 0xff; + } + } else { + $dest .= \pack( + 'C', + (($c0 << 3) ) & 0xff + ); + $err |= ($c0) >> 8; + } + } + $check = ($err === 0); + if (!$check) { + throw new RangeException( + 'Base32::doDecode() only expects characters in the correct base32 alphabet' + ); + } + return $dest; + } + + /** + * Base32 Encoding + * + * @param string $src + * @param bool $upper + * @param bool $pad + * @return string + * @throws TypeError + */ + protected static function doEncode( + #[\SensitiveParameter] + string $src, + bool $upper = false, + $pad = true + ): string { + // We do this to reduce code duplication: + $method = $upper + ? 'encode5BitsUpper' + : 'encode5Bits'; + + $dest = ''; + $srcLen = Binary::safeStrlen($src); + + // Main loop (no padding): + for ($i = 0; $i + 5 <= $srcLen; $i += 5) { + /** @var array $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 5)); + $b0 = $chunk[1]; + $b1 = $chunk[2]; + $b2 = $chunk[3]; + $b3 = $chunk[4]; + $b4 = $chunk[5]; + $dest .= + static::$method( ($b0 >> 3) & 31) . + static::$method((($b0 << 2) | ($b1 >> 6)) & 31) . + static::$method((($b1 >> 1) ) & 31) . + static::$method((($b1 << 4) | ($b2 >> 4)) & 31) . + static::$method((($b2 << 1) | ($b3 >> 7)) & 31) . + static::$method((($b3 >> 2) ) & 31) . + static::$method((($b3 << 3) | ($b4 >> 5)) & 31) . + static::$method( $b4 & 31); + } + // The last chunk, which may have padding: + if ($i < $srcLen) { + /** @var array $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i)); + $b0 = $chunk[1]; + if ($i + 3 < $srcLen) { + $b1 = $chunk[2]; + $b2 = $chunk[3]; + $b3 = $chunk[4]; + $dest .= + static::$method( ($b0 >> 3) & 31) . + static::$method((($b0 << 2) | ($b1 >> 6)) & 31) . + static::$method((($b1 >> 1) ) & 31) . + static::$method((($b1 << 4) | ($b2 >> 4)) & 31) . + static::$method((($b2 << 1) | ($b3 >> 7)) & 31) . + static::$method((($b3 >> 2) ) & 31) . + static::$method((($b3 << 3) ) & 31); + if ($pad) { + $dest .= '='; + } + } elseif ($i + 2 < $srcLen) { + $b1 = $chunk[2]; + $b2 = $chunk[3]; + $dest .= + static::$method( ($b0 >> 3) & 31) . + static::$method((($b0 << 2) | ($b1 >> 6)) & 31) . + static::$method((($b1 >> 1) ) & 31) . + static::$method((($b1 << 4) | ($b2 >> 4)) & 31) . + static::$method((($b2 << 1) ) & 31); + if ($pad) { + $dest .= '==='; + } + } elseif ($i + 1 < $srcLen) { + $b1 = $chunk[2]; + $dest .= + static::$method( ($b0 >> 3) & 31) . + static::$method((($b0 << 2) | ($b1 >> 6)) & 31) . + static::$method((($b1 >> 1) ) & 31) . + static::$method((($b1 << 4) ) & 31); + if ($pad) { + $dest .= '===='; + } + } else { + $dest .= + static::$method( ($b0 >> 3) & 31) . + static::$method( ($b0 << 2) & 31); + if ($pad) { + $dest .= '======'; + } + } + } + return $dest; + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base32Hex.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base32Hex.php new file mode 100644 index 0000000..b868dd0 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base32Hex.php @@ -0,0 +1,111 @@ + 0x30 && $src < 0x3a) ret += $src - 0x2e + 1; // -47 + $ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src - 47); + + // if ($src > 0x60 && $src < 0x77) ret += $src - 0x61 + 10 + 1; // -86 + $ret += (((0x60 - $src) & ($src - 0x77)) >> 8) & ($src - 86); + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 5-bit integers + * into 8-bit integers. + * + * @param int $src + * @return int + */ + protected static function decode5BitsUpper(int $src): int + { + $ret = -1; + + // if ($src > 0x30 && $src < 0x3a) ret += $src - 0x2e + 1; // -47 + $ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src - 47); + + // if ($src > 0x40 && $src < 0x57) ret += $src - 0x41 + 10 + 1; // -54 + $ret += (((0x40 - $src) & ($src - 0x57)) >> 8) & ($src - 54); + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 5-bit integers. + * + * @param int $src + * @return string + */ + protected static function encode5Bits(int $src): string + { + $src += 0x30; + + // if ($src > 0x39) $src += 0x61 - 0x3a; // 39 + $src += ((0x39 - $src) >> 8) & 39; + + return \pack('C', $src); + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 5-bit integers. + * + * Uppercase variant. + * + * @param int $src + * @return string + */ + protected static function encode5BitsUpper(int $src): string + { + $src += 0x30; + + // if ($src > 0x39) $src += 0x41 - 0x3a; // 7 + $src += ((0x39 - $src) >> 8) & 7; + + return \pack('C', $src); + } +} \ No newline at end of file diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64.php new file mode 100644 index 0000000..2e3ecc8 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64.php @@ -0,0 +1,319 @@ + $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 3)); + $b0 = $chunk[1]; + $b1 = $chunk[2]; + $b2 = $chunk[3]; + + $dest .= + static::encode6Bits( $b0 >> 2 ) . + static::encode6Bits((($b0 << 4) | ($b1 >> 4)) & 63) . + static::encode6Bits((($b1 << 2) | ($b2 >> 6)) & 63) . + static::encode6Bits( $b2 & 63); + } + // The last chunk, which may have padding: + if ($i < $srcLen) { + /** @var array $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i)); + $b0 = $chunk[1]; + if ($i + 1 < $srcLen) { + $b1 = $chunk[2]; + $dest .= + static::encode6Bits($b0 >> 2) . + static::encode6Bits((($b0 << 4) | ($b1 >> 4)) & 63) . + static::encode6Bits(($b1 << 2) & 63); + if ($pad) { + $dest .= '='; + } + } else { + $dest .= + static::encode6Bits( $b0 >> 2) . + static::encode6Bits(($b0 << 4) & 63); + if ($pad) { + $dest .= '=='; + } + } + } + return $dest; + } + + /** + * decode from base64 into binary + * + * Base64 character set "./[A-Z][a-z][0-9]" + * + * @param string $encodedString + * @param bool $strictPadding + * @return string + * + * @throws RangeException + * @throws TypeError + */ + public static function decode( + #[\SensitiveParameter] + string $encodedString, + bool $strictPadding = false + ): string { + // Remove padding + $srcLen = Binary::safeStrlen($encodedString); + if ($srcLen === 0) { + return ''; + } + + if ($strictPadding) { + if (($srcLen & 3) === 0) { + if ($encodedString[$srcLen - 1] === '=') { + $srcLen--; + if ($encodedString[$srcLen - 1] === '=') { + $srcLen--; + } + } + } + if (($srcLen & 3) === 1) { + throw new RangeException( + 'Incorrect padding' + ); + } + if ($encodedString[$srcLen - 1] === '=') { + throw new RangeException( + 'Incorrect padding' + ); + } + } else { + $encodedString = \rtrim($encodedString, '='); + $srcLen = Binary::safeStrlen($encodedString); + } + + $err = 0; + $dest = ''; + // Main loop (no padding): + for ($i = 0; $i + 4 <= $srcLen; $i += 4) { + /** @var array $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($encodedString, $i, 4)); + $c0 = static::decode6Bits($chunk[1]); + $c1 = static::decode6Bits($chunk[2]); + $c2 = static::decode6Bits($chunk[3]); + $c3 = static::decode6Bits($chunk[4]); + + $dest .= \pack( + 'CCC', + ((($c0 << 2) | ($c1 >> 4)) & 0xff), + ((($c1 << 4) | ($c2 >> 2)) & 0xff), + ((($c2 << 6) | $c3 ) & 0xff) + ); + $err |= ($c0 | $c1 | $c2 | $c3) >> 8; + } + // The last chunk, which may have padding: + if ($i < $srcLen) { + /** @var array $chunk */ + $chunk = \unpack('C*', Binary::safeSubstr($encodedString, $i, $srcLen - $i)); + $c0 = static::decode6Bits($chunk[1]); + + if ($i + 2 < $srcLen) { + $c1 = static::decode6Bits($chunk[2]); + $c2 = static::decode6Bits($chunk[3]); + $dest .= \pack( + 'CC', + ((($c0 << 2) | ($c1 >> 4)) & 0xff), + ((($c1 << 4) | ($c2 >> 2)) & 0xff) + ); + $err |= ($c0 | $c1 | $c2) >> 8; + if ($strictPadding) { + $err |= ($c2 << 6) & 0xff; + } + } elseif ($i + 1 < $srcLen) { + $c1 = static::decode6Bits($chunk[2]); + $dest .= \pack( + 'C', + ((($c0 << 2) | ($c1 >> 4)) & 0xff) + ); + $err |= ($c0 | $c1) >> 8; + if ($strictPadding) { + $err |= ($c1 << 4) & 0xff; + } + } elseif ($strictPadding) { + $err |= 1; + } + } + $check = ($err === 0); + if (!$check) { + throw new RangeException( + 'Base64::decode() only expects characters in the correct base64 alphabet' + ); + } + return $dest; + } + + /** + * @param string $encodedString + * @return string + */ + public static function decodeNoPadding( + #[\SensitiveParameter] + string $encodedString + ): string { + $srcLen = Binary::safeStrlen($encodedString); + if ($srcLen === 0) { + return ''; + } + if (($srcLen & 3) === 0) { + // If $strLen is not zero, and it is divisible by 4, then it's at least 4. + if ($encodedString[$srcLen - 1] === '=' || $encodedString[$srcLen - 2] === '=') { + throw new InvalidArgumentException( + "decodeNoPadding() doesn't tolerate padding" + ); + } + } + return static::decode( + $encodedString, + true + ); + } + + /** + * Uses bitwise operators instead of table-lookups to turn 6-bit integers + * into 8-bit integers. + * + * Base64 character set: + * [A-Z] [a-z] [0-9] + / + * 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2b, 0x2f + * + * @param int $src + * @return int + */ + protected static function decode6Bits(int $src): int + { + $ret = -1; + + // if ($src > 0x40 && $src < 0x5b) $ret += $src - 0x41 + 1; // -64 + $ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64); + + // if ($src > 0x60 && $src < 0x7b) $ret += $src - 0x61 + 26 + 1; // -70 + $ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 70); + + // if ($src > 0x2f && $src < 0x3a) $ret += $src - 0x30 + 52 + 1; // 5 + $ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src + 5); + + // if ($src == 0x2b) $ret += 62 + 1; + $ret += (((0x2a - $src) & ($src - 0x2c)) >> 8) & 63; + + // if ($src == 0x2f) ret += 63 + 1; + $ret += (((0x2e - $src) & ($src - 0x30)) >> 8) & 64; + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 6-bit integers. + * + * @param int $src + * @return string + */ + protected static function encode6Bits(int $src): string + { + $diff = 0x41; + + // if ($src > 25) $diff += 0x61 - 0x41 - 26; // 6 + $diff += ((25 - $src) >> 8) & 6; + + // if ($src > 51) $diff += 0x30 - 0x61 - 26; // -75 + $diff -= ((51 - $src) >> 8) & 75; + + // if ($src > 61) $diff += 0x2b - 0x30 - 10; // -15 + $diff -= ((61 - $src) >> 8) & 15; + + // if ($src > 62) $diff += 0x2f - 0x2b - 1; // 3 + $diff += ((62 - $src) >> 8) & 3; + + return \pack('C', $src + $diff); + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64DotSlash.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64DotSlash.php new file mode 100644 index 0000000..5e98a8f --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64DotSlash.php @@ -0,0 +1,88 @@ + 0x2d && $src < 0x30) ret += $src - 0x2e + 1; // -45 + $ret += (((0x2d - $src) & ($src - 0x30)) >> 8) & ($src - 45); + + // if ($src > 0x40 && $src < 0x5b) ret += $src - 0x41 + 2 + 1; // -62 + $ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 62); + + // if ($src > 0x60 && $src < 0x7b) ret += $src - 0x61 + 28 + 1; // -68 + $ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 68); + + // if ($src > 0x2f && $src < 0x3a) ret += $src - 0x30 + 54 + 1; // 7 + $ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src + 7); + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 6-bit integers. + * + * @param int $src + * @return string + */ + protected static function encode6Bits(int $src): string + { + $src += 0x2e; + + // if ($src > 0x2f) $src += 0x41 - 0x30; // 17 + $src += ((0x2f - $src) >> 8) & 17; + + // if ($src > 0x5a) $src += 0x61 - 0x5b; // 6 + $src += ((0x5a - $src) >> 8) & 6; + + // if ($src > 0x7a) $src += 0x30 - 0x7b; // -75 + $src -= ((0x7a - $src) >> 8) & 75; + + return \pack('C', $src); + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64DotSlashOrdered.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64DotSlashOrdered.php new file mode 100644 index 0000000..9780b14 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64DotSlashOrdered.php @@ -0,0 +1,82 @@ + 0x2d && $src < 0x3a) ret += $src - 0x2e + 1; // -45 + $ret += (((0x2d - $src) & ($src - 0x3a)) >> 8) & ($src - 45); + + // if ($src > 0x40 && $src < 0x5b) ret += $src - 0x41 + 12 + 1; // -52 + $ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 52); + + // if ($src > 0x60 && $src < 0x7b) ret += $src - 0x61 + 38 + 1; // -58 + $ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 58); + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 6-bit integers. + * + * @param int $src + * @return string + */ + protected static function encode6Bits(int $src): string + { + $src += 0x2e; + + // if ($src > 0x39) $src += 0x41 - 0x3a; // 7 + $src += ((0x39 - $src) >> 8) & 7; + + // if ($src > 0x5a) $src += 0x61 - 0x5b; // 6 + $src += ((0x5a - $src) >> 8) & 6; + + return \pack('C', $src); + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64UrlSafe.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64UrlSafe.php new file mode 100644 index 0000000..8192c63 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Base64UrlSafe.php @@ -0,0 +1,95 @@ + 0x40 && $src < 0x5b) $ret += $src - 0x41 + 1; // -64 + $ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64); + + // if ($src > 0x60 && $src < 0x7b) $ret += $src - 0x61 + 26 + 1; // -70 + $ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 70); + + // if ($src > 0x2f && $src < 0x3a) $ret += $src - 0x30 + 52 + 1; // 5 + $ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src + 5); + + // if ($src == 0x2c) $ret += 62 + 1; + $ret += (((0x2c - $src) & ($src - 0x2e)) >> 8) & 63; + + // if ($src == 0x5f) ret += 63 + 1; + $ret += (((0x5e - $src) & ($src - 0x60)) >> 8) & 64; + + return $ret; + } + + /** + * Uses bitwise operators instead of table-lookups to turn 8-bit integers + * into 6-bit integers. + * + * @param int $src + * @return string + */ + protected static function encode6Bits(int $src): string + { + $diff = 0x41; + + // if ($src > 25) $diff += 0x61 - 0x41 - 26; // 6 + $diff += ((25 - $src) >> 8) & 6; + + // if ($src > 51) $diff += 0x30 - 0x61 - 26; // -75 + $diff -= ((51 - $src) >> 8) & 75; + + // if ($src > 61) $diff += 0x2d - 0x30 - 10; // -13 + $diff -= ((61 - $src) >> 8) & 13; + + // if ($src > 62) $diff += 0x5f - 0x2b - 1; // 3 + $diff += ((62 - $src) >> 8) & 49; + + return \pack('C', $src + $diff); + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Binary.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Binary.php new file mode 100644 index 0000000..a958f2f --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/Binary.php @@ -0,0 +1,93 @@ + $chunk */ + $chunk = \unpack('C', $binString[$i]); + $c = $chunk[1] & 0xf; + $b = $chunk[1] >> 4; + + $hex .= \pack( + 'CC', + (87 + $b + ((($b - 10) >> 8) & ~38)), + (87 + $c + ((($c - 10) >> 8) & ~38)) + ); + } + return $hex; + } + + /** + * Convert a binary string into a hexadecimal string without cache-timing + * leaks, returning uppercase letters (as per RFC 4648) + * + * @param string $binString (raw binary) + * @return string + * @throws TypeError + */ + public static function encodeUpper( + #[\SensitiveParameter] + string $binString + ): string { + $hex = ''; + $len = Binary::safeStrlen($binString); + + for ($i = 0; $i < $len; ++$i) { + /** @var array $chunk */ + $chunk = \unpack('C', $binString[$i]); + $c = $chunk[1] & 0xf; + $b = $chunk[1] >> 4; + + $hex .= \pack( + 'CC', + (55 + $b + ((($b - 10) >> 8) & ~6)), + (55 + $c + ((($c - 10) >> 8) & ~6)) + ); + } + return $hex; + } + + /** + * Convert a hexadecimal string into a binary string without cache-timing + * leaks + * + * @param string $encodedString + * @param bool $strictPadding + * @return string (raw binary) + * @throws RangeException + */ + public static function decode( + #[\SensitiveParameter] + string $encodedString, + bool $strictPadding = false + ): string { + $hex_pos = 0; + $bin = ''; + $c_acc = 0; + $hex_len = Binary::safeStrlen($encodedString); + $state = 0; + if (($hex_len & 1) !== 0) { + if ($strictPadding) { + throw new RangeException( + 'Expected an even number of hexadecimal characters' + ); + } else { + $encodedString = '0' . $encodedString; + ++$hex_len; + } + } + + /** @var array $chunk */ + $chunk = \unpack('C*', $encodedString); + while ($hex_pos < $hex_len) { + ++$hex_pos; + $c = $chunk[$hex_pos]; + $c_num = $c ^ 48; + $c_num0 = ($c_num - 10) >> 8; + $c_alpha = ($c & ~32) - 55; + $c_alpha0 = (($c_alpha - 10) ^ ($c_alpha - 16)) >> 8; + + if (($c_num0 | $c_alpha0) === 0) { + throw new RangeException( + 'Expected hexadecimal character' + ); + } + $c_val = ($c_num0 & $c_num) | ($c_alpha & $c_alpha0); + if ($state === 0) { + $c_acc = $c_val * 16; + } else { + $bin .= \pack('C', $c_acc | $c_val); + } + $state ^= 1; + } + return $bin; + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/RFC4648.php b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/RFC4648.php new file mode 100644 index 0000000..7cd2e99 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/constant_time_encoding/src/RFC4648.php @@ -0,0 +1,206 @@ + "Zm9v" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base64Encode( + #[\SensitiveParameter] + string $str + ): string { + return Base64::encode($str); + } + + /** + * RFC 4648 Base64 decoding + * + * "Zm9v" -> "foo" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base64Decode( + #[\SensitiveParameter] + string $str + ): string { + return Base64::decode($str, true); + } + + /** + * RFC 4648 Base64 (URL Safe) encoding + * + * "foo" -> "Zm9v" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base64UrlSafeEncode( + #[\SensitiveParameter] + string $str + ): string { + return Base64UrlSafe::encode($str); + } + + /** + * RFC 4648 Base64 (URL Safe) decoding + * + * "Zm9v" -> "foo" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base64UrlSafeDecode( + #[\SensitiveParameter] + string $str + ): string { + return Base64UrlSafe::decode($str, true); + } + + /** + * RFC 4648 Base32 encoding + * + * "foo" -> "MZXW6===" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base32Encode( + #[\SensitiveParameter] + string $str + ): string { + return Base32::encodeUpper($str); + } + + /** + * RFC 4648 Base32 encoding + * + * "MZXW6===" -> "foo" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base32Decode( + #[\SensitiveParameter] + string $str + ): string { + return Base32::decodeUpper($str, true); + } + + /** + * RFC 4648 Base32-Hex encoding + * + * "foo" -> "CPNMU===" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base32HexEncode( + #[\SensitiveParameter] + string $str + ): string { + return Base32::encodeUpper($str); + } + + /** + * RFC 4648 Base32-Hex decoding + * + * "CPNMU===" -> "foo" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base32HexDecode( + #[\SensitiveParameter] + string $str + ): string { + return Base32::decodeUpper($str, true); + } + + /** + * RFC 4648 Base16 decoding + * + * "foo" -> "666F6F" + * + * @param string $str + * @return string + * + * @throws TypeError + */ + public static function base16Encode( + #[\SensitiveParameter] + string $str + ): string { + return Hex::encodeUpper($str); + } + + /** + * RFC 4648 Base16 decoding + * + * "666F6F" -> "foo" + * + * @param string $str + * @return string + */ + public static function base16Decode( + #[\SensitiveParameter] + string $str + ): string { + return Hex::decode($str, true); + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/random_compat/LICENSE b/qa-tool/htdocs/vendor/paragonie/random_compat/LICENSE new file mode 100644 index 0000000..45c7017 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/random_compat/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 Paragon Initiative Enterprises + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/qa-tool/htdocs/vendor/paragonie/random_compat/build-phar.sh b/qa-tool/htdocs/vendor/paragonie/random_compat/build-phar.sh new file mode 100644 index 0000000..b4a5ba3 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/random_compat/build-phar.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) ) + +php -dphar.readonly=0 "$basedir/other/build_phar.php" $* \ No newline at end of file diff --git a/qa-tool/htdocs/vendor/paragonie/random_compat/composer.json b/qa-tool/htdocs/vendor/paragonie/random_compat/composer.json new file mode 100644 index 0000000..f2b9c4e --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/random_compat/composer.json @@ -0,0 +1,34 @@ +{ + "name": "paragonie/random_compat", + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "random", + "polyfill", + "pseudorandom" + ], + "license": "MIT", + "type": "library", + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "support": { + "issues": "https://github.com/paragonie/random_compat/issues", + "email": "info@paragonie.com", + "source": "https://github.com/paragonie/random_compat" + }, + "require": { + "php": ">= 7" + }, + "require-dev": { + "vimeo/psalm": "^1", + "phpunit/phpunit": "4.*|5.*" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey b/qa-tool/htdocs/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey new file mode 100644 index 0000000..eb50ebf --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm +pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p ++h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc +-----END PUBLIC KEY----- diff --git a/qa-tool/htdocs/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc b/qa-tool/htdocs/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc new file mode 100644 index 0000000..6a1d7f3 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (MingW32) + +iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip +QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg +1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW +NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA +NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV +JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74= +=B6+8 +-----END PGP SIGNATURE----- diff --git a/qa-tool/htdocs/vendor/paragonie/random_compat/lib/random.php b/qa-tool/htdocs/vendor/paragonie/random_compat/lib/random.php new file mode 100644 index 0000000..c7731a5 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/random_compat/lib/random.php @@ -0,0 +1,32 @@ +buildFromDirectory(dirname(__DIR__).'/lib'); +rename( + dirname(__DIR__).'/lib/index.php', + dirname(__DIR__).'/lib/random.php' +); + +/** + * If we pass an (optional) path to a private key as a second argument, we will + * sign the Phar with OpenSSL. + * + * If you leave this out, it will produce an unsigned .phar! + */ +if ($argc > 1) { + if (!@is_readable($argv[1])) { + echo 'Could not read the private key file:', $argv[1], "\n"; + exit(255); + } + $pkeyFile = file_get_contents($argv[1]); + + $private = openssl_get_privatekey($pkeyFile); + if ($private !== false) { + $pkey = ''; + openssl_pkey_export($private, $pkey); + $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey); + + /** + * Save the corresponding public key to the file + */ + if (!@is_readable($dist.'/random_compat.phar.pubkey')) { + $details = openssl_pkey_get_details($private); + file_put_contents( + $dist.'/random_compat.phar.pubkey', + $details['key'] + ); + } + } else { + echo 'An error occurred reading the private key from OpenSSL.', "\n"; + exit(255); + } +} diff --git a/qa-tool/htdocs/vendor/paragonie/random_compat/psalm-autoload.php b/qa-tool/htdocs/vendor/paragonie/random_compat/psalm-autoload.php new file mode 100644 index 0000000..d71d1b8 --- /dev/null +++ b/qa-tool/htdocs/vendor/paragonie/random_compat/psalm-autoload.php @@ -0,0 +1,9 @@ + + + + + + + + + + + + + + + diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/AUTHORS b/qa-tool/htdocs/vendor/phpseclib/phpseclib/AUTHORS new file mode 100644 index 0000000..9f10d26 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/AUTHORS @@ -0,0 +1,7 @@ +phpseclib Lead Developer: TerraFrost (Jim Wigginton) + +phpseclib Developers: monnerat (Patrick Monnerat) + bantu (Andreas Fischer) + petrich (Hans-Jürgen Petrich) + GrahamCampbell (Graham Campbell) + hc-jworman \ No newline at end of file diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/BACKERS.md b/qa-tool/htdocs/vendor/phpseclib/phpseclib/BACKERS.md new file mode 100644 index 0000000..946b8f5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/BACKERS.md @@ -0,0 +1,18 @@ +# Backers + +phpseclib ongoing development is made possible by [Tidelift](https://tidelift.com/subscription/pkg/packagist-phpseclib-phpseclib?utm_source=packagist-phpseclib-phpseclib&utm_medium=referral&utm_campaign=readme) and by contributions by users like you. Thank you. + +## Backers + +- Allan Simon +- [ChargeOver](https://chargeover.com/) +- Raghu Veer Dendukuri +- Zane Hooper +- [Setasign](https://www.setasign.com/) +- [Charles Severance](https://github.com/csev) +- [Rachel Fish](https://github.com/itsrachelfish) +- Tharyrok +- [cjhaas](https://github.com/cjhaas) +- [istiak-tridip](https://github.com/istiak-tridip) +- [Anna Filina](https://github.com/afilina) +- [blakemckeeby](https://github.com/blakemckeeby) \ No newline at end of file diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/LICENSE b/qa-tool/htdocs/vendor/phpseclib/phpseclib/LICENSE new file mode 100644 index 0000000..e7214eb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2011-2019 TerraFrost and other contributors + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/README.md b/qa-tool/htdocs/vendor/phpseclib/phpseclib/README.md new file mode 100644 index 0000000..37cbcb9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/README.md @@ -0,0 +1,97 @@ +# phpseclib - PHP Secure Communications Library + +[![CI Status](https://github.com/phpseclib/phpseclib/actions/workflows/ci.yml/badge.svg?branch=3.0&event=push "CI Status")](https://github.com/phpseclib/phpseclib) + +## Supporting phpseclib + +- [Become a backer or sponsor on Patreon](https://www.patreon.com/phpseclib) +- [One-time donation via PayPal or crypto-currencies](http://sourceforge.net/donate/index.php?group_id=198487) +- [Subscribe to Tidelift](https://tidelift.com/subscription/pkg/packagist-phpseclib-phpseclib?utm_source=packagist-phpseclib-phpseclib&utm_medium=referral&utm_campaign=readme) + +## Introduction + +MIT-licensed pure-PHP implementations of the following: + +SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 / Ed449 / Curve25519 / Curve449, ECDSA / ECDH (with support for 66 curves), RSA (PKCS#1 v2.2 compliant), DSA / DH, DES / 3DES / RC4 / Rijndael / AES / Blowfish / Twofish / Salsa20 / ChaCha20, GCM / Poly1305 + +* [Browse Git](https://github.com/phpseclib/phpseclib) + +## Documentation + +* [Documentation / Manual](https://phpseclib.com/) +* [API Documentation](https://api.phpseclib.com/3.0/) (generated by Doctum) + +## Branches + +### master + +* Development Branch +* Unstable API +* Do not use in production + +### 3.0 + +* Long term support (LTS) release +* Major expansion of cryptographic primitives +* Minimum PHP version: 5.6.1 +* PSR-4 autoloading with namespace rooted at `\phpseclib3` +* Install via Composer: `composer require phpseclib/phpseclib:~3.0` + +### 2.0 + +* Long term support (LTS) release +* Modernized version of 1.0 +* Minimum PHP version: 5.3.3 +* PSR-4 autoloading with namespace rooted at `\phpseclib` +* Install via Composer: `composer require phpseclib/phpseclib:~2.0` + +### 1.0 + +* Long term support (LTS) release +* PHP4 compatible +* Composer compatible (PSR-0 autoloading) +* Install using Composer: `composer require phpseclib/phpseclib:~1.0` +* [Download 1.0.23 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.23.zip/download) + +## Security contact information + +To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure. + +## Support + +Need Support? + +* [Checkout Questions and Answers on Stack Overflow](http://stackoverflow.com/questions/tagged/phpseclib) +* [Create a Support Ticket on GitHub](https://github.com/phpseclib/phpseclib/issues/new) +* [Browse the Support Forum](http://www.frostjedi.com/phpbb/viewforum.php?f=46) (no longer in use) + +## Special Thanks + +Special Thanks to our $50+ sponsors!: + +- Allan Simon +- [ChargeOver](https://chargeover.com/) + +## Contributing + +1. Fork the Project + +2. Ensure you have Composer installed (see [Composer Download Instructions](https://getcomposer.org/download/)) + +3. Install Development Dependencies + ```sh + composer install + ``` + +4. Create a Feature Branch + +5. Run continuous integration checks: + ```sh + composer global require php:^8.1 squizlabs/php_codesniffer friendsofphp/php-cs-fixer vimeo/psalm + phpcs --standard=build/php_codesniffer.xml + php-cs-fixer fix --config=build/php-cs-fixer.php --diff --dry-run --using-cache=no + psalm --config=build/psalm.xml --no-cache --long-progress --report-show-info=false --output-format=text + vendor/bin/phpunit --verbose --configuration tests/phpunit.xml + ``` + +6. Send us a Pull Request diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/composer.json b/qa-tool/htdocs/vendor/phpseclib/phpseclib/composer.json new file mode 100644 index 0000000..d996700 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/composer.json @@ -0,0 +1,84 @@ +{ + "name": "phpseclib/phpseclib", + "type": "library", + "description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.", + "keywords": [ + "security", + "crypto", + "cryptography", + "encryption", + "signature", + "signing", + "rsa", + "aes", + "blowfish", + "twofish", + "ssh", + "sftp", + "x509", + "x.509", + "asn1", + "asn.1", + "BigInteger" + ], + "homepage": "http://phpseclib.sourceforge.net", + "license": "MIT", + "authors": [ + { + "name": "Jim Wigginton", + "email": "terrafrost@php.net", + "role": "Lead Developer" + }, + { + "name": "Patrick Monnerat", + "email": "pm@datasphere.ch", + "role": "Developer" + }, + { + "name": "Andreas Fischer", + "email": "bantu@phpbb.com", + "role": "Developer" + }, + { + "name": "Hans-Jürgen Petrich", + "email": "petrich@tronic-media.com", + "role": "Developer" + }, + { + "name": "Graham Campbell", + "email": "graham@alt-three.com", + "role": "Developer" + } + ], + "require": { + "php": ">=5.6.1", + "paragonie/constant_time_encoding": "^1|^2|^3", + "paragonie/random_compat": "^1.4|^2.0|^9.99.99" + }, + "require-dev": { + "phpunit/phpunit": "*" + }, + "suggest": { + "ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.", + "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations.", + "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.", + "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.", + "ext-dom": "Install the DOM extension to load XML formatted public keys." + }, + "autoload": { + "files": [ + "phpseclib/bootstrap.php" + ], + "psr-4": { + "phpseclib3\\": "phpseclib/" + } + }, + "autoload-dev": { + "psr-4": { + "phpseclib3\\Tests\\": "tests/" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php new file mode 100644 index 0000000..fa750ba --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php @@ -0,0 +1,505 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Common\Functions; + +use ParagonIE\ConstantTime\Base64; +use ParagonIE\ConstantTime\Base64UrlSafe; +use ParagonIE\ConstantTime\Hex; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField; + +/** + * Common String Functions + * + * @author Jim Wigginton + */ +abstract class Strings +{ + /** + * String Shift + * + * Inspired by array_shift + * + * @param string $string + * @param int $index + * @return string + */ + public static function shift(&$string, $index = 1) + { + $substr = substr($string, 0, $index); + $string = substr($string, $index); + return $substr; + } + + /** + * String Pop + * + * Inspired by array_pop + * + * @param string $string + * @param int $index + * @return string + */ + public static function pop(&$string, $index = 1) + { + $substr = substr($string, -$index); + $string = substr($string, 0, -$index); + return $substr; + } + + /** + * Parse SSH2-style string + * + * Returns either an array or a boolean if $data is malformed. + * + * Valid characters for $format are as follows: + * + * C = byte + * b = boolean (true/false) + * N = uint32 + * Q = uint64 + * s = string + * i = mpint + * L = name-list + * + * uint64 is not supported. + * + * @param string $format + * @param string $data + * @return mixed + */ + public static function unpackSSH2($format, &$data) + { + $format = self::formatPack($format); + $result = []; + for ($i = 0; $i < strlen($format); $i++) { + switch ($format[$i]) { + case 'C': + case 'b': + if (!strlen($data)) { + throw new \LengthException('At least one byte needs to be present for successful C / b decodes'); + } + break; + case 'N': + case 'i': + case 's': + case 'L': + if (strlen($data) < 4) { + throw new \LengthException('At least four byte needs to be present for successful N / i / s / L decodes'); + } + break; + case 'Q': + if (strlen($data) < 8) { + throw new \LengthException('At least eight byte needs to be present for successful N / i / s / L decodes'); + } + break; + + default: + throw new \InvalidArgumentException('$format contains an invalid character'); + } + switch ($format[$i]) { + case 'C': + $result[] = ord(self::shift($data)); + continue 2; + case 'b': + $result[] = ord(self::shift($data)) != 0; + continue 2; + case 'N': + list(, $temp) = unpack('N', self::shift($data, 4)); + $result[] = $temp; + continue 2; + case 'Q': + // pack() added support for Q in PHP 5.6.3 and PHP 5.6 is phpseclib 3's minimum version + // so in theory we could support this BUT, "64-bit format codes are not available for + // 32-bit versions" and phpseclib works on 32-bit installs. on 32-bit installs + // 64-bit floats can be used to get larger numbers then 32-bit signed ints would allow + // for. sure, you're not gonna get the full precision of 64-bit numbers but just because + // you need > 32-bit precision doesn't mean you need the full 64-bit precision + extract(unpack('Nupper/Nlower', self::shift($data, 8))); + $temp = $upper ? 4294967296 * $upper : 0; + $temp += $lower < 0 ? ($lower & 0x7FFFFFFFF) + 0x80000000 : $lower; + // $temp = hexdec(bin2hex(self::shift($data, 8))); + $result[] = $temp; + continue 2; + } + list(, $length) = unpack('N', self::shift($data, 4)); + if (strlen($data) < $length) { + throw new \LengthException("$length bytes needed; " . strlen($data) . ' bytes available'); + } + $temp = self::shift($data, $length); + switch ($format[$i]) { + case 'i': + $result[] = new BigInteger($temp, -256); + break; + case 's': + $result[] = $temp; + break; + case 'L': + $result[] = explode(',', $temp); + } + } + + return $result; + } + + /** + * Create SSH2-style string + * + * @param string $format + * @param string|int|float|array|bool ...$elements + * @return string + */ + public static function packSSH2($format, ...$elements) + { + $format = self::formatPack($format); + if (strlen($format) != count($elements)) { + throw new \InvalidArgumentException('There must be as many arguments as there are characters in the $format string'); + } + $result = ''; + for ($i = 0; $i < strlen($format); $i++) { + $element = $elements[$i]; + switch ($format[$i]) { + case 'C': + if (!is_int($element)) { + throw new \InvalidArgumentException('Bytes must be represented as an integer between 0 and 255, inclusive.'); + } + $result .= pack('C', $element); + break; + case 'b': + if (!is_bool($element)) { + throw new \InvalidArgumentException('A boolean parameter was expected.'); + } + $result .= $element ? "\1" : "\0"; + break; + case 'Q': + if (!is_int($element) && !is_float($element)) { + throw new \InvalidArgumentException('An integer was expected.'); + } + // 4294967296 == 1 << 32 + $result .= pack('NN', $element / 4294967296, $element); + break; + case 'N': + if (is_float($element)) { + $element = (int) $element; + } + if (!is_int($element)) { + throw new \InvalidArgumentException('An integer was expected.'); + } + $result .= pack('N', $element); + break; + case 's': + if (!self::is_stringable($element)) { + throw new \InvalidArgumentException('A string was expected.'); + } + $result .= pack('Na*', strlen($element), $element); + break; + case 'i': + if (!$element instanceof BigInteger && !$element instanceof FiniteField\Integer) { + throw new \InvalidArgumentException('A phpseclib3\Math\BigInteger or phpseclib3\Math\Common\FiniteField\Integer object was expected.'); + } + $element = $element->toBytes(true); + $result .= pack('Na*', strlen($element), $element); + break; + case 'L': + if (!is_array($element)) { + throw new \InvalidArgumentException('An array was expected.'); + } + $element = implode(',', $element); + $result .= pack('Na*', strlen($element), $element); + break; + default: + throw new \InvalidArgumentException('$format contains an invalid character'); + } + } + return $result; + } + + /** + * Expand a pack string + * + * Converts C5 to CCCCC, for example. + * + * @param string $format + * @return string + */ + private static function formatPack($format) + { + $parts = preg_split('#(\d+)#', $format, -1, PREG_SPLIT_DELIM_CAPTURE); + $format = ''; + for ($i = 1; $i < count($parts); $i += 2) { + $format .= substr($parts[$i - 1], 0, -1) . str_repeat(substr($parts[$i - 1], -1), $parts[$i]); + } + $format .= $parts[$i - 1]; + + return $format; + } + + /** + * Convert binary data into bits + * + * bin2hex / hex2bin refer to base-256 encoded data as binary, whilst + * decbin / bindec refer to base-2 encoded data as binary. For the purposes + * of this function, bin refers to base-256 encoded data whilst bits refers + * to base-2 encoded data + * + * @param string $x + * @return string + */ + public static function bits2bin($x) + { + /* + // the pure-PHP approach is faster than the GMP approach + if (function_exists('gmp_export')) { + return strlen($x) ? gmp_export(gmp_init($x, 2)) : gmp_init(0); + } + */ + + if (preg_match('#[^01]#', $x)) { + throw new \RuntimeException('The only valid characters are 0 and 1'); + } + + if (!defined('PHP_INT_MIN')) { + define('PHP_INT_MIN', ~PHP_INT_MAX); + } + + $length = strlen($x); + if (!$length) { + return ''; + } + $block_size = PHP_INT_SIZE << 3; + $pad = $block_size - ($length % $block_size); + if ($pad != $block_size) { + $x = str_repeat('0', $pad) . $x; + } + + $parts = str_split($x, $block_size); + $str = ''; + foreach ($parts as $part) { + $xor = $part[0] == '1' ? PHP_INT_MIN : 0; + $part[0] = '0'; + $str .= pack( + PHP_INT_SIZE == 4 ? 'N' : 'J', + $xor ^ eval('return 0b' . $part . ';') + ); + } + return ltrim($str, "\0"); + } + + /** + * Convert bits to binary data + * + * @param string $x + * @return string + */ + public static function bin2bits($x, $trim = true) + { + /* + // the pure-PHP approach is slower than the GMP approach BUT + // i want to the pure-PHP version to be easily unit tested as well + if (function_exists('gmp_import')) { + return gmp_strval(gmp_import($x), 2); + } + */ + + $len = strlen($x); + $mod = $len % PHP_INT_SIZE; + if ($mod) { + $x = str_pad($x, $len + PHP_INT_SIZE - $mod, "\0", STR_PAD_LEFT); + } + + $bits = ''; + if (PHP_INT_SIZE == 4) { + $digits = unpack('N*', $x); + foreach ($digits as $digit) { + $bits .= sprintf('%032b', $digit); + } + } else { + $digits = unpack('J*', $x); + foreach ($digits as $digit) { + $bits .= sprintf('%064b', $digit); + } + } + + return $trim ? ltrim($bits, '0') : $bits; + } + + /** + * Switch Endianness Bit Order + * + * @param string $x + * @return string + */ + public static function switchEndianness($x) + { + $r = ''; + for ($i = strlen($x) - 1; $i >= 0; $i--) { + $b = ord($x[$i]); + if (PHP_INT_SIZE === 8) { + // 3 operations + // from http://graphics.stanford.edu/~seander/bithacks.html#ReverseByteWith64BitsDiv + $r .= chr((($b * 0x0202020202) & 0x010884422010) % 1023); + } else { + // 7 operations + // from http://graphics.stanford.edu/~seander/bithacks.html#ReverseByteWith32Bits + $p1 = ($b * 0x0802) & 0x22110; + $p2 = ($b * 0x8020) & 0x88440; + $r .= chr( + (($p1 | $p2) * 0x10101) >> 16 + ); + } + } + return $r; + } + + /** + * Increment the current string + * + * @param string $var + * @return string + */ + public static function increment_str(&$var) + { + if (function_exists('sodium_increment')) { + $var = strrev($var); + sodium_increment($var); + $var = strrev($var); + return $var; + } + + for ($i = 4; $i <= strlen($var); $i += 4) { + $temp = substr($var, -$i, 4); + switch ($temp) { + case "\xFF\xFF\xFF\xFF": + $var = substr_replace($var, "\x00\x00\x00\x00", -$i, 4); + break; + case "\x7F\xFF\xFF\xFF": + $var = substr_replace($var, "\x80\x00\x00\x00", -$i, 4); + return $var; + default: + $temp = unpack('Nnum', $temp); + $var = substr_replace($var, pack('N', $temp['num'] + 1), -$i, 4); + return $var; + } + } + + $remainder = strlen($var) % 4; + + if ($remainder == 0) { + return $var; + } + + $temp = unpack('Nnum', str_pad(substr($var, 0, $remainder), 4, "\0", STR_PAD_LEFT)); + $temp = substr(pack('N', $temp['num'] + 1), -$remainder); + $var = substr_replace($var, $temp, 0, $remainder); + + return $var; + } + + /** + * Find whether the type of a variable is string (or could be converted to one) + * + * @param mixed $var + * @return bool + * @psalm-assert-if-true string|\Stringable $var + */ + public static function is_stringable($var) + { + return is_string($var) || (is_object($var) && method_exists($var, '__toString')); + } + + /** + * Constant Time Base64-decoding + * + * ParagoneIE\ConstantTime doesn't use libsodium if it's available so we'll do so + * ourselves. see https://github.com/paragonie/constant_time_encoding/issues/39 + * + * @param string $data + * @return string + */ + public static function base64_decode($data) + { + return function_exists('sodium_base642bin') ? + sodium_base642bin($data, SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, '=') : + Base64::decode($data); + } + + /** + * Constant Time Base64-decoding (URL safe) + * + * @param string $data + * @return string + */ + public static function base64url_decode($data) + { + // return self::base64_decode(str_replace(['-', '_'], ['+', '/'], $data)); + + return function_exists('sodium_base642bin') ? + sodium_base642bin($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, '=') : + Base64UrlSafe::decode($data); + } + + /** + * Constant Time Base64-encoding + * + * @param string $data + * @return string + */ + public static function base64_encode($data) + { + return function_exists('sodium_bin2base64') ? + sodium_bin2base64($data, SODIUM_BASE64_VARIANT_ORIGINAL) : + Base64::encode($data); + } + + /** + * Constant Time Base64-encoding (URL safe) + * + * @param string $data + * @return string + */ + public static function base64url_encode($data) + { + // return str_replace(['+', '/'], ['-', '_'], self::base64_encode($data)); + + return function_exists('sodium_bin2base64') ? + sodium_bin2base64($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING) : + Base64UrlSafe::encode($data); + } + + /** + * Constant Time Hex Decoder + * + * @param string $data + * @return string + */ + public static function hex2bin($data) + { + return function_exists('sodium_hex2bin') ? + sodium_hex2bin($data) : + Hex::decode($data); + } + + /** + * Constant Time Hex Encoder + * + * @param string $data + * @return string + */ + public static function bin2hex($data) + { + return function_exists('sodium_bin2hex') ? + sodium_bin2hex($data) : + Hex::encode($data); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/AES.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/AES.php new file mode 100644 index 0000000..4038716 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/AES.php @@ -0,0 +1,116 @@ + + * setKey('abcdefghijklmnop'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $aes->decrypt($aes->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2008 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +/** + * Pure-PHP implementation of AES. + * + * @author Jim Wigginton + */ +class AES extends Rijndael +{ + /** + * Dummy function + * + * Since \phpseclib3\Crypt\AES extends \phpseclib3\Crypt\Rijndael, this function is, technically, available, but it doesn't do anything. + * + * @see \phpseclib3\Crypt\Rijndael::setBlockLength() + * @param int $length + * @throws \BadMethodCallException anytime it's called + */ + public function setBlockLength($length) + { + throw new \BadMethodCallException('The block length cannot be set for AES.'); + } + + /** + * Sets the key length + * + * Valid key lengths are 128, 192, and 256. Set the link to bool(false) to disable a fixed key length + * + * @see \phpseclib3\Crypt\Rijndael:setKeyLength() + * @param int $length + * @throws \LengthException if the key length isn't supported + */ + public function setKeyLength($length) + { + switch ($length) { + case 128: + case 192: + case 256: + break; + default: + throw new \LengthException('Key of size ' . $length . ' not supported by this algorithm. Only keys of sizes 128, 192 or 256 supported'); + } + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Rijndael supports five different key lengths, AES only supports three. + * + * @see \phpseclib3\Crypt\Rijndael:setKey() + * @see setKeyLength() + * @param string $key + * @throws \LengthException if the key length isn't supported + */ + public function setKey($key) + { + switch (strlen($key)) { + case 16: + case 24: + case 32: + break; + default: + throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported'); + } + + parent::setKey($key); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php new file mode 100644 index 0000000..3cb2b30 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php @@ -0,0 +1,835 @@ + unpack('N*', $x), $blocks); it jumps up by an additional + * ~90MB, yielding a 106x increase in memory usage. Consequently, it bcrypt calls a different + * _encryptBlock() then the regular Blowfish does. That said, the Blowfish _encryptBlock() is + * basically just a thin wrapper around the bcrypt _encryptBlock(), so there's that. + * + * This explains 3 of the 4 _encryptBlock() implementations. the last _encryptBlock() + * implementation can best be understood by doing Ctrl + F and searching for where + * self::$use_reg_intval is defined. + * + * # phpseclib's three different _setupKey() implementations + * + * Every bcrypt round is the equivalent of encrypting 512KB of data. Since OpenSSH uses 16 + * rounds by default that's ~8MB of data that's essentially being encrypted whenever + * you use bcrypt. That's a lot of data, however, bcrypt operates within tighter constraints + * than regular Blowfish, so we can use that to our advantage. In particular, whereas Blowfish + * supports variable length keys, in bcrypt, the initial "key" is the sha512 hash of the + * password. sha512 hashes are 512 bits or 64 bytes long and thus the bcrypt keys are of a + * fixed length whereas Blowfish keys are not of a fixed length. + * + * bcrypt actually has two different key expansion steps. The first one (expandstate) is + * constantly XOR'ing every _encryptBlock() parameter against the salt prior _encryptBlock()'s + * being called. The second one (expand0state) is more similar to Blowfish's _setupKey() + * but it can still use the fixed length key optimization discussed above and can do away with + * the pack() / unpack() calls. + * + * I suppose _setupKey() could be made to be a thin wrapper around expandstate() but idk it's + * just a lot of work for very marginal benefits as _setupKey() is only called once for + * regular Blowfish vs the 128 times it's called --per round-- with bcrypt. + * + * # blowfish + bcrypt in the same class + * + * Altho there's a lot of Blowfish code that bcrypt doesn't re-use, bcrypt does re-use the + * initial S-boxes, the initial P-array and the int-only _encryptBlock() implementation. + * + * # Credit + * + * phpseclib's bcrypt implementation is based losely off of OpenSSH's implementation: + * + * https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bcrypt_pbkdf.c + * + * Here's a short example of how to use this library: + * + * setKey('12345678901234567890123456789012'); + * + * $plaintext = str_repeat('a', 1024); + * + * echo $blowfish->decrypt($blowfish->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; + +/** + * Pure-PHP implementation of Blowfish. + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + */ +class Blowfish extends BlockCipher +{ + /** + * Block Length of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 8; + + /** + * The mcrypt specific name of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt + * @var string + */ + protected $cipher_name_mcrypt = 'blowfish'; + + /** + * Optimizing value while CFB-encrypting + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cfb_init_len + * @var int + */ + protected $cfb_init_len = 500; + + /** + * The fixed subkeys boxes + * + * S-Box + * + * @var array + */ + private static $sbox = [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a, + + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7, + + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, + + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + ]; + + /** + * P-Array consists of 18 32-bit subkeys + * + * @var array + */ + private static $parray = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b + ]; + + /** + * The BCTX-working Array + * + * Holds the expanded key [p] and the key-depended s-boxes [sb] + * + * @var array + */ + private $bctx; + + /** + * Holds the last used key + * + * @var array + */ + private $kl; + + /** + * The Key Length (in bytes) + * {@internal The max value is 256 / 8 = 32, the min value is 128 / 8 = 16. Exists in conjunction with $Nk + * because the encryption / decryption / key schedule creation requires this number and not $key_length. We could + * derive this from $key_length or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once.} + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKeyLength() + * @var int + */ + protected $key_length = 16; + + /** + * Default Constructor. + * + * @param string $mode + * @throws \InvalidArgumentException if an invalid / unsupported mode is provided + */ + public function __construct($mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new \InvalidArgumentException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Sets the key length. + * + * Key lengths can be between 32 and 448 bits. + * + * @param int $length + */ + public function setKeyLength($length) + { + if ($length < 32 || $length > 448) { + throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes between 32 and 448 bits are supported'); + } + + $this->key_length = $length >> 3; + + parent::setKeyLength($length); + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + if ($engine == self::ENGINE_OPENSSL) { + if ($this->key_length < 16) { + return false; + } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl_ecb = 'bf-ecb'; + $this->cipher_name_openssl = 'bf-' . $this->openssl_translate_mode(); + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupKey() + */ + protected function setupKey() + { + if (isset($this->kl['key']) && $this->key === $this->kl['key']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key]; + + /* key-expanding p[] and S-Box building sb[] */ + $this->bctx = [ + 'p' => [], + 'sb' => self::$sbox + ]; + + // unpack binary string in unsigned chars + $key = array_values(unpack('C*', $this->key)); + $keyl = count($key); + // with bcrypt $keyl will always be 16 (because the key is the sha512 of the key you provide) + for ($j = 0, $i = 0; $i < 18; ++$i) { + // xor P1 with the first 32-bits of the key, xor P2 with the second 32-bits ... + for ($data = 0, $k = 0; $k < 4; ++$k) { + $data = ($data << 8) | $key[$j]; + if (++$j >= $keyl) { + $j = 0; + } + } + $this->bctx['p'][] = self::$parray[$i] ^ intval($data); + } + + // encrypt the zero-string, replace P1 and P2 with the encrypted data, + // encrypt P3 and P4 with the new P1 and P2, do it with all P-array and subkeys + $data = "\0\0\0\0\0\0\0\0"; + for ($i = 0; $i < 18; $i += 2) { + list($l, $r) = array_values(unpack('N*', $data = $this->encryptBlock($data))); + $this->bctx['p'][$i ] = $l; + $this->bctx['p'][$i + 1] = $r; + } + for ($i = 0; $i < 0x400; $i += 0x100) { + for ($j = 0; $j < 256; $j += 2) { + list($l, $r) = array_values(unpack('N*', $data = $this->encryptBlock($data))); + $this->bctx['sb'][$i | $j] = $l; + $this->bctx['sb'][$i | ($j + 1)] = $r; + } + } + } + + /** + * Initialize Static Variables + */ + protected static function initialize_static_variables() + { + if (is_float(self::$sbox[0x200])) { + self::$sbox = array_map('intval', self::$sbox); + self::$parray = array_map('intval', self::$parray); + } + + parent::initialize_static_variables(); + } + + /** + * bcrypt + * + * @param string $sha2pass + * @param string $sha2salt + * @access private + * @return string + */ + private static function bcrypt_hash($sha2pass, $sha2salt) + { + $p = self::$parray; + $sbox = self::$sbox; + + $cdata = array_values(unpack('N*', 'OxychromaticBlowfishSwatDynamite')); + $sha2pass = array_values(unpack('N*', $sha2pass)); + $sha2salt = array_values(unpack('N*', $sha2salt)); + + self::expandstate($sha2salt, $sha2pass, $sbox, $p); + for ($i = 0; $i < 64; $i++) { + self::expand0state($sha2salt, $sbox, $p); + self::expand0state($sha2pass, $sbox, $p); + } + + for ($i = 0; $i < 64; $i++) { + for ($j = 0; $j < 8; $j += 2) { // count($cdata) == 8 + list($cdata[$j], $cdata[$j + 1]) = self::encryptBlockHelperFast($cdata[$j], $cdata[$j + 1], $sbox, $p); + } + } + + return pack('V*', ...$cdata); + } + + /** + * Performs OpenSSH-style bcrypt + * + * @param string $pass + * @param string $salt + * @param int $keylen + * @param int $rounds + * @access public + * @return string + */ + public static function bcrypt_pbkdf($pass, $salt, $keylen, $rounds) + { + self::initialize_static_variables(); + + if (PHP_INT_SIZE == 4) { + throw new \RuntimeException('bcrypt is far too slow to be practical on 32-bit versions of PHP'); + } + + $sha2pass = hash('sha512', $pass, true); + $results = []; + $count = 1; + while (32 * count($results) < $keylen) { + $countsalt = $salt . pack('N', $count++); + $sha2salt = hash('sha512', $countsalt, true); + $out = $tmpout = self::bcrypt_hash($sha2pass, $sha2salt); + for ($i = 1; $i < $rounds; $i++) { + $sha2salt = hash('sha512', $tmpout, true); + $tmpout = self::bcrypt_hash($sha2pass, $sha2salt); + $out ^= $tmpout; + } + $results[] = $out; + } + $output = ''; + for ($i = 0; $i < 32; $i++) { + foreach ($results as $result) { + $output .= $result[$i]; + } + } + return substr($output, 0, $keylen); + } + + /** + * Key expansion without salt + * + * @access private + * @param int[] $key + * @param int[] $sbox + * @param int[] $p + * @see self::_bcrypt_hash() + */ + private static function expand0state(array $key, array &$sbox, array &$p) + { + // expand0state is basically the same thing as this: + //return self::expandstate(array_fill(0, 16, 0), $key); + // but this separate function eliminates a bunch of XORs and array lookups + + $p = [ + $p[0] ^ $key[0], + $p[1] ^ $key[1], + $p[2] ^ $key[2], + $p[3] ^ $key[3], + $p[4] ^ $key[4], + $p[5] ^ $key[5], + $p[6] ^ $key[6], + $p[7] ^ $key[7], + $p[8] ^ $key[8], + $p[9] ^ $key[9], + $p[10] ^ $key[10], + $p[11] ^ $key[11], + $p[12] ^ $key[12], + $p[13] ^ $key[13], + $p[14] ^ $key[14], + $p[15] ^ $key[15], + $p[16] ^ $key[0], + $p[17] ^ $key[1] + ]; + + // @codingStandardsIgnoreStart + list( $p[0], $p[1]) = self::encryptBlockHelperFast( 0, 0, $sbox, $p); + list( $p[2], $p[3]) = self::encryptBlockHelperFast($p[ 0], $p[ 1], $sbox, $p); + list( $p[4], $p[5]) = self::encryptBlockHelperFast($p[ 2], $p[ 3], $sbox, $p); + list( $p[6], $p[7]) = self::encryptBlockHelperFast($p[ 4], $p[ 5], $sbox, $p); + list( $p[8], $p[9]) = self::encryptBlockHelperFast($p[ 6], $p[ 7], $sbox, $p); + list($p[10], $p[11]) = self::encryptBlockHelperFast($p[ 8], $p[ 9], $sbox, $p); + list($p[12], $p[13]) = self::encryptBlockHelperFast($p[10], $p[11], $sbox, $p); + list($p[14], $p[15]) = self::encryptBlockHelperFast($p[12], $p[13], $sbox, $p); + list($p[16], $p[17]) = self::encryptBlockHelperFast($p[14], $p[15], $sbox, $p); + // @codingStandardsIgnoreEnd + + list($sbox[0], $sbox[1]) = self::encryptBlockHelperFast($p[16], $p[17], $sbox, $p); + for ($i = 2; $i < 1024; $i += 2) { + list($sbox[$i], $sbox[$i + 1]) = self::encryptBlockHelperFast($sbox[$i - 2], $sbox[$i - 1], $sbox, $p); + } + } + + /** + * Key expansion with salt + * + * @access private + * @param int[] $data + * @param int[] $key + * @param int[] $sbox + * @param int[] $p + * @see self::_bcrypt_hash() + */ + private static function expandstate(array $data, array $key, array &$sbox, array &$p) + { + $p = [ + $p[0] ^ $key[0], + $p[1] ^ $key[1], + $p[2] ^ $key[2], + $p[3] ^ $key[3], + $p[4] ^ $key[4], + $p[5] ^ $key[5], + $p[6] ^ $key[6], + $p[7] ^ $key[7], + $p[8] ^ $key[8], + $p[9] ^ $key[9], + $p[10] ^ $key[10], + $p[11] ^ $key[11], + $p[12] ^ $key[12], + $p[13] ^ $key[13], + $p[14] ^ $key[14], + $p[15] ^ $key[15], + $p[16] ^ $key[0], + $p[17] ^ $key[1] + ]; + + // @codingStandardsIgnoreStart + list( $p[0], $p[1]) = self::encryptBlockHelperFast($data[ 0] , $data[ 1] , $sbox, $p); + list( $p[2], $p[3]) = self::encryptBlockHelperFast($data[ 2] ^ $p[ 0], $data[ 3] ^ $p[ 1], $sbox, $p); + list( $p[4], $p[5]) = self::encryptBlockHelperFast($data[ 4] ^ $p[ 2], $data[ 5] ^ $p[ 3], $sbox, $p); + list( $p[6], $p[7]) = self::encryptBlockHelperFast($data[ 6] ^ $p[ 4], $data[ 7] ^ $p[ 5], $sbox, $p); + list( $p[8], $p[9]) = self::encryptBlockHelperFast($data[ 8] ^ $p[ 6], $data[ 9] ^ $p[ 7], $sbox, $p); + list($p[10], $p[11]) = self::encryptBlockHelperFast($data[10] ^ $p[ 8], $data[11] ^ $p[ 9], $sbox, $p); + list($p[12], $p[13]) = self::encryptBlockHelperFast($data[12] ^ $p[10], $data[13] ^ $p[11], $sbox, $p); + list($p[14], $p[15]) = self::encryptBlockHelperFast($data[14] ^ $p[12], $data[15] ^ $p[13], $sbox, $p); + list($p[16], $p[17]) = self::encryptBlockHelperFast($data[ 0] ^ $p[14], $data[ 1] ^ $p[15], $sbox, $p); + // @codingStandardsIgnoreEnd + + list($sbox[0], $sbox[1]) = self::encryptBlockHelperFast($data[2] ^ $p[16], $data[3] ^ $p[17], $sbox, $p); + for ($i = 2, $j = 4; $i < 1024; $i += 2, $j = ($j + 2) % 16) { // instead of 16 maybe count($data) would be better? + list($sbox[$i], $sbox[$i + 1]) = self::encryptBlockHelperFast($data[$j] ^ $sbox[$i - 2], $data[$j + 1] ^ $sbox[$i - 1], $sbox, $p); + } + } + + /** + * Encrypts a block + * + * @param string $in + * @return string + */ + protected function encryptBlock($in) + { + $p = $this->bctx['p']; + // extract($this->bctx['sb'], EXTR_PREFIX_ALL, 'sb'); // slower + $sb = $this->bctx['sb']; + + $in = unpack('N*', $in); + $l = $in[1]; + $r = $in[2]; + + list($r, $l) = PHP_INT_SIZE == 4 ? + self::encryptBlockHelperSlow($l, $r, $sb, $p) : + self::encryptBlockHelperFast($l, $r, $sb, $p); + + return pack("N*", $r, $l); + } + + /** + * Fast helper function for block encryption + * + * @access private + * @param int $x0 + * @param int $x1 + * @param int[] $sbox + * @param int[] $p + * @return int[] + */ + private static function encryptBlockHelperFast($x0, $x1, array $sbox, array $p) + { + $x0 ^= $p[0]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[1]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[2]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[3]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[4]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[5]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[6]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[7]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[8]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[9]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[10]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[11]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[12]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[13]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[14]; + $x1 ^= ((($sbox[($x0 & 0xFF000000) >> 24] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[15]; + $x0 ^= ((($sbox[($x1 & 0xFF000000) >> 24] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[16]; + + return [$x1 & 0xFFFFFFFF ^ $p[17], $x0 & 0xFFFFFFFF]; + } + + /** + * Slow helper function for block encryption + * + * @access private + * @param int $x0 + * @param int $x1 + * @param int[] $sbox + * @param int[] $p + * @return int[] + */ + private static function encryptBlockHelperSlow($x0, $x1, array $sbox, array $p) + { + // -16777216 == intval(0xFF000000) on 32-bit PHP installs + $x0 ^= $p[0]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[1]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[2]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[3]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[4]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[5]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[6]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[7]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[8]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[9]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[10]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[11]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[12]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[13]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[14]; + $x1 ^= self::safe_intval((self::safe_intval($sbox[(($x0 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x0 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x0 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x0 & 0xFF)]) ^ $p[15]; + $x0 ^= self::safe_intval((self::safe_intval($sbox[(($x1 & -16777216) >> 24) & 0xFF] + $sbox[0x100 | (($x1 & 0xFF0000) >> 16)]) ^ $sbox[0x200 | (($x1 & 0xFF00) >> 8)]) + $sbox[0x300 | ($x1 & 0xFF)]) ^ $p[16]; + + return [$x1 ^ $p[17], $x0]; + } + + /** + * Decrypts a block + * + * @param string $in + * @return string + */ + protected function decryptBlock($in) + { + $p = $this->bctx['p']; + $sb = $this->bctx['sb']; + + $in = unpack('N*', $in); + $l = $in[1]; + $r = $in[2]; + + for ($i = 17; $i > 2; $i -= 2) { + $l ^= $p[$i]; + $r ^= self::safe_intval((self::safe_intval($sb[$l >> 24 & 0xff] + $sb[0x100 + ($l >> 16 & 0xff)]) ^ + $sb[0x200 + ($l >> 8 & 0xff)]) + + $sb[0x300 + ($l & 0xff)]); + + $r ^= $p[$i - 1]; + $l ^= self::safe_intval((self::safe_intval($sb[$r >> 24 & 0xff] + $sb[0x100 + ($r >> 16 & 0xff)]) ^ + $sb[0x200 + ($r >> 8 & 0xff)]) + + $sb[0x300 + ($r & 0xff)]); + } + return pack('N*', $r ^ $p[0], $l ^ $p[1]); + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupInlineCrypt() + */ + protected function setupInlineCrypt() + { + $p = $this->bctx['p']; + $init_crypt = ' + static $sb; + if (!$sb) { + $sb = $this->bctx["sb"]; + } + '; + + $safeint = self::safe_intval_inline(); + + // Generating encrypt code: + $encrypt_block = ' + $in = unpack("N*", $in); + $l = $in[1]; + $r = $in[2]; + '; + for ($i = 0; $i < 16; $i += 2) { + $encrypt_block .= ' + $l^= ' . $p[$i] . '; + $r^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb[$l >> 24 & 0xff] + $sb[0x100 + ($l >> 16 & 0xff)]') . ' ^ + $sb[0x200 + ($l >> 8 & 0xff)]) + + $sb[0x300 + ($l & 0xff)]') . '; + + $r^= ' . $p[$i + 1] . '; + $l^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb[$r >> 24 & 0xff] + $sb[0x100 + ($r >> 16 & 0xff)]') . ' ^ + $sb[0x200 + ($r >> 8 & 0xff)]) + + $sb[0x300 + ($r & 0xff)]') . '; + '; + } + $encrypt_block .= ' + $in = pack("N*", + $r ^ ' . $p[17] . ', + $l ^ ' . $p[16] . ' + ); + '; + // Generating decrypt code: + $decrypt_block = ' + $in = unpack("N*", $in); + $l = $in[1]; + $r = $in[2]; + '; + + for ($i = 17; $i > 2; $i -= 2) { + $decrypt_block .= ' + $l^= ' . $p[$i] . '; + $r^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb[$l >> 24 & 0xff] + $sb[0x100 + ($l >> 16 & 0xff)]') . ' ^ + $sb[0x200 + ($l >> 8 & 0xff)]) + + $sb[0x300 + ($l & 0xff)]') . '; + + $r^= ' . $p[$i - 1] . '; + $l^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb[$r >> 24 & 0xff] + $sb[0x100 + ($r >> 16 & 0xff)]') . ' ^ + $sb[0x200 + ($r >> 8 & 0xff)]) + + $sb[0x300 + ($r & 0xff)]') . '; + '; + } + + $decrypt_block .= ' + $in = pack("N*", + $r ^ ' . $p[0] . ', + $l ^ ' . $p[1] . ' + ); + '; + + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'init_encrypt' => '', + 'init_decrypt' => '', + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block + ] + ); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/ChaCha20.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/ChaCha20.php new file mode 100644 index 0000000..b2691b5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/ChaCha20.php @@ -0,0 +1,799 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\InsufficientSetupException; + +/** + * Pure-PHP implementation of ChaCha20. + * + * @author Jim Wigginton + */ +class ChaCha20 extends Salsa20 +{ + /** + * The OpenSSL specific name of the cipher + * + * @var string + */ + protected $cipher_name_openssl = 'chacha20'; + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + switch ($engine) { + case self::ENGINE_LIBSODIUM: + // PHP 7.2.0 (30 Nov 2017) added support for libsodium + + // we could probably make it so that if $this->counter == 0 then the first block would be done with either OpenSSL + // or PHP and then subsequent blocks would then be done with libsodium but idk - it's not a high priority atm + + // we could also make it so that if $this->counter == 0 and $this->continuousBuffer then do the first string + // with libsodium and subsequent strings with openssl or pure-PHP but again not a high priority + return function_exists('sodium_crypto_aead_chacha20poly1305_ietf_encrypt') && + $this->key_length == 32 && + (($this->usePoly1305 && !isset($this->poly1305Key) && $this->counter == 0) || $this->counter == 1) && + !$this->continuousBuffer; + case self::ENGINE_OPENSSL: + // OpenSSL 1.1.0 (released 25 Aug 2016) added support for chacha20. + // PHP didn't support OpenSSL 1.1.0 until 7.0.19 (11 May 2017) + + // if you attempt to provide openssl with a 128 bit key (as opposed to a 256 bit key) openssl will null + // pad the key to 256 bits and still use the expansion constant for 256-bit keys. the fact that + // openssl treats the IV as both the counter and nonce, however, let's us use openssl in continuous mode + // whereas libsodium does not + if ($this->key_length != 32) { + return false; + } + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Encrypts a message. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @see self::crypt() + * @param string $plaintext + * @return string $ciphertext + */ + public function encrypt($plaintext) + { + $this->setup(); + + if ($this->engine == self::ENGINE_LIBSODIUM) { + return $this->encrypt_with_libsodium($plaintext); + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). + * At least if the continuous buffer is disabled. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see self::crypt() + * @param string $ciphertext + * @return string $plaintext + */ + public function decrypt($ciphertext) + { + $this->setup(); + + if ($this->engine == self::ENGINE_LIBSODIUM) { + return $this->decrypt_with_libsodium($ciphertext); + } + + return parent::decrypt($ciphertext); + } + + /** + * Encrypts a message with libsodium + * + * @see self::encrypt() + * @param string $plaintext + * @return string $text + */ + private function encrypt_with_libsodium($plaintext) + { + $params = [$plaintext, $this->aad, $this->nonce, $this->key]; + $ciphertext = strlen($this->nonce) == 8 ? + sodium_crypto_aead_chacha20poly1305_encrypt(...$params) : + sodium_crypto_aead_chacha20poly1305_ietf_encrypt(...$params); + if (!$this->usePoly1305) { + return substr($ciphertext, 0, strlen($plaintext)); + } + + $newciphertext = substr($ciphertext, 0, strlen($plaintext)); + + $this->newtag = $this->usingGeneratedPoly1305Key && strlen($this->nonce) == 12 ? + substr($ciphertext, strlen($plaintext)) : + $this->poly1305($newciphertext); + + return $newciphertext; + } + + /** + * Decrypts a message with libsodium + * + * @see self::decrypt() + * @param string $ciphertext + * @return string $text + */ + private function decrypt_with_libsodium($ciphertext) + { + $params = [$ciphertext, $this->aad, $this->nonce, $this->key]; + + if (isset($this->poly1305Key)) { + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + if ($this->usingGeneratedPoly1305Key && strlen($this->nonce) == 12) { + $plaintext = sodium_crypto_aead_chacha20poly1305_ietf_decrypt(...$params); + $this->oldtag = false; + if ($plaintext === false) { + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + return $plaintext; + } + $newtag = $this->poly1305($ciphertext); + if ($this->oldtag != substr($newtag, 0, strlen($this->oldtag))) { + $this->oldtag = false; + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + $this->oldtag = false; + } + + $plaintext = strlen($this->nonce) == 8 ? + sodium_crypto_aead_chacha20poly1305_encrypt(...$params) : + sodium_crypto_aead_chacha20poly1305_ietf_encrypt(...$params); + + return substr($plaintext, 0, strlen($ciphertext)); + } + + /** + * Sets the nonce. + * + * @param string $nonce + */ + public function setNonce($nonce) + { + if (!is_string($nonce)) { + throw new \UnexpectedValueException('The nonce should be a string'); + } + + /* + from https://tools.ietf.org/html/rfc7539#page-7 + + "Note also that the original ChaCha had a 64-bit nonce and 64-bit + block count. We have modified this here to be more consistent with + recommendations in Section 3.2 of [RFC5116]." + */ + switch (strlen($nonce)) { + case 8: // 64 bits + case 12: // 96 bits + break; + default: + throw new \LengthException('Nonce of size ' . strlen($nonce) . ' not supported by this algorithm. Only 64-bit nonces or 96-bit nonces are supported'); + } + + $this->nonce = $nonce; + $this->changed = true; + $this->setEngine(); + } + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setNonce() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * @see self::setKey() + * @see self::setNonce() + * @see self::disableContinuousBuffer() + */ + protected function setup() + { + if (!$this->changed) { + return; + } + + $this->enbuffer = $this->debuffer = ['ciphertext' => '', 'counter' => $this->counter]; + + $this->changed = $this->nonIVChanged = false; + + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + if ($this->usePoly1305 && !isset($this->poly1305Key)) { + $this->usingGeneratedPoly1305Key = true; + if ($this->engine == self::ENGINE_LIBSODIUM) { + return; + } + $this->createPoly1305Key(); + } + + $key = $this->key; + if (strlen($key) == 16) { + $constant = 'expand 16-byte k'; + $key .= $key; + } else { + $constant = 'expand 32-byte k'; + } + + $this->p1 = $constant . $key; + $this->p2 = $this->nonce; + if (strlen($this->nonce) == 8) { + $this->p2 = "\0\0\0\0" . $this->p2; + } + } + + /** + * The quarterround function + * + * @param int $a + * @param int $b + * @param int $c + * @param int $d + */ + protected static function quarterRound(&$a, &$b, &$c, &$d) + { + // in https://datatracker.ietf.org/doc/html/rfc7539#section-2.1 the addition, + // xor'ing and rotation are all on the same line so i'm keeping it on the same + // line here as well + // @codingStandardsIgnoreStart + $a+= $b; $d = self::leftRotate(intval($d) ^ intval($a), 16); + $c+= $d; $b = self::leftRotate(intval($b) ^ intval($c), 12); + $a+= $b; $d = self::leftRotate(intval($d) ^ intval($a), 8); + $c+= $d; $b = self::leftRotate(intval($b) ^ intval($c), 7); + // @codingStandardsIgnoreEnd + } + + /** + * The doubleround function + * + * @param int $x0 (by reference) + * @param int $x1 (by reference) + * @param int $x2 (by reference) + * @param int $x3 (by reference) + * @param int $x4 (by reference) + * @param int $x5 (by reference) + * @param int $x6 (by reference) + * @param int $x7 (by reference) + * @param int $x8 (by reference) + * @param int $x9 (by reference) + * @param int $x10 (by reference) + * @param int $x11 (by reference) + * @param int $x12 (by reference) + * @param int $x13 (by reference) + * @param int $x14 (by reference) + * @param int $x15 (by reference) + */ + protected static function doubleRound(&$x0, &$x1, &$x2, &$x3, &$x4, &$x5, &$x6, &$x7, &$x8, &$x9, &$x10, &$x11, &$x12, &$x13, &$x14, &$x15) + { + // columnRound + static::quarterRound($x0, $x4, $x8, $x12); + static::quarterRound($x1, $x5, $x9, $x13); + static::quarterRound($x2, $x6, $x10, $x14); + static::quarterRound($x3, $x7, $x11, $x15); + // rowRound + static::quarterRound($x0, $x5, $x10, $x15); + static::quarterRound($x1, $x6, $x11, $x12); + static::quarterRound($x2, $x7, $x8, $x13); + static::quarterRound($x3, $x4, $x9, $x14); + } + + /** + * The Salsa20 hash function function + * + * On my laptop this loop unrolled / function dereferenced version of parent::salsa20 encrypts 1mb of text in + * 0.65s vs the 0.85s that it takes with the parent method. + * + * If we were free to assume that the host OS would always be 64-bits then the if condition in leftRotate could + * be eliminated and we could knock this done to 0.60s. + * + * For comparison purposes, RC4 takes 0.16s and AES in CTR mode with the Eval engine takes 0.48s. + * AES in CTR mode with the PHP engine takes 1.19s. Salsa20 / ChaCha20 do not benefit as much from the Eval + * approach due to the fact that there are a lot less variables to de-reference, fewer loops to unroll, etc + * + * @param string $x + */ + protected static function salsa20($x) + { + list(, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15) = unpack('V*', $x); + $z0 = $x0; + $z1 = $x1; + $z2 = $x2; + $z3 = $x3; + $z4 = $x4; + $z5 = $x5; + $z6 = $x6; + $z7 = $x7; + $z8 = $x8; + $z9 = $x9; + $z10 = $x10; + $z11 = $x11; + $z12 = $x12; + $z13 = $x13; + $z14 = $x14; + $z15 = $x15; + + // @codingStandardsIgnoreStart + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + + // columnRound + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 16); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 12); + $x0+= $x4; $x12 = self::leftRotate(intval($x12) ^ intval($x0), 8); + $x8+= $x12; $x4 = self::leftRotate(intval($x4) ^ intval($x8), 7); + + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 16); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 12); + $x1+= $x5; $x13 = self::leftRotate(intval($x13) ^ intval($x1), 8); + $x9+= $x13; $x5 = self::leftRotate(intval($x5) ^ intval($x9), 7); + + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 16); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 12); + $x2+= $x6; $x14 = self::leftRotate(intval($x14) ^ intval($x2), 8); + $x10+= $x14; $x6 = self::leftRotate(intval($x6) ^ intval($x10), 7); + + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 16); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 12); + $x3+= $x7; $x15 = self::leftRotate(intval($x15) ^ intval($x3), 8); + $x11+= $x15; $x7 = self::leftRotate(intval($x7) ^ intval($x11), 7); + + // rowRound + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 16); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 12); + $x0+= $x5; $x15 = self::leftRotate(intval($x15) ^ intval($x0), 8); + $x10+= $x15; $x5 = self::leftRotate(intval($x5) ^ intval($x10), 7); + + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 16); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 12); + $x1+= $x6; $x12 = self::leftRotate(intval($x12) ^ intval($x1), 8); + $x11+= $x12; $x6 = self::leftRotate(intval($x6) ^ intval($x11), 7); + + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 16); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 12); + $x2+= $x7; $x13 = self::leftRotate(intval($x13) ^ intval($x2), 8); + $x8+= $x13; $x7 = self::leftRotate(intval($x7) ^ intval($x8), 7); + + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 16); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 12); + $x3+= $x4; $x14 = self::leftRotate(intval($x14) ^ intval($x3), 8); + $x9+= $x14; $x4 = self::leftRotate(intval($x4) ^ intval($x9), 7); + // @codingStandardsIgnoreEnd + + $x0 += $z0; + $x1 += $z1; + $x2 += $z2; + $x3 += $z3; + $x4 += $z4; + $x5 += $z5; + $x6 += $z6; + $x7 += $z7; + $x8 += $z8; + $x9 += $z9; + $x10 += $z10; + $x11 += $z11; + $x12 += $z12; + $x13 += $z13; + $x14 += $z14; + $x15 += $z15; + + return pack('V*', $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/AsymmetricKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/AsymmetricKey.php new file mode 100644 index 0000000..a380e43 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/AsymmetricKey.php @@ -0,0 +1,581 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common; + +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\RSA; +use phpseclib3\Exception\NoKeyLoadedException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Base Class for all asymmetric cipher classes + * + * @author Jim Wigginton + */ +abstract class AsymmetricKey +{ + /** + * Precomputed Zero + * + * @var BigInteger + */ + protected static $zero; + + /** + * Precomputed One + * + * @var BigInteger + */ + protected static $one; + + /** + * Format of the loaded key + * + * @var string + */ + protected $format; + + /** + * Hash function + * + * @var Hash + */ + protected $hash; + + /** + * HMAC function + * + * @var Hash + */ + private $hmac; + + /** + * Supported plugins (lower case) + * + * @see self::initialize_static_variables() + * @var array + */ + private static $plugins = []; + + /** + * Invisible plugins + * + * @see self::initialize_static_variables() + * @var array + */ + private static $invisiblePlugins = []; + + /** + * Available Engines + * + * @var boolean[] + */ + protected static $engines = []; + + /** + * Key Comment + * + * @var null|string + */ + private $comment; + + /** + * @param string $type + * @return array|string + */ + abstract public function toString($type, array $options = []); + + /** + * The constructor + */ + protected function __construct() + { + self::initialize_static_variables(); + + $this->hash = new Hash('sha256'); + $this->hmac = new Hash('sha256'); + } + + /** + * Initialize static variables + */ + protected static function initialize_static_variables() + { + if (!isset(self::$zero)) { + self::$zero = new BigInteger(0); + self::$one = new BigInteger(1); + } + + self::loadPlugins('Keys'); + if (static::ALGORITHM != 'RSA' && static::ALGORITHM != 'DH') { + self::loadPlugins('Signature'); + } + } + + /** + * Load the key + * + * @param string $key + * @param string $password optional + * @return PublicKey|PrivateKey + */ + public static function load($key, $password = false) + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('load() should not be called from final classes (' . static::class . ')'); + } + + $components = false; + foreach (self::$plugins[static::ALGORITHM]['Keys'] as $format) { + if (isset(self::$invisiblePlugins[static::ALGORITHM]) && in_array($format, self::$invisiblePlugins[static::ALGORITHM])) { + continue; + } + try { + $components = $format::load($key, $password); + } catch (\Exception $e) { + $components = false; + } + if ($components !== false) { + break; + } + } + + if ($components === false) { + throw new NoKeyLoadedException('Unable to read key'); + } + + $components['format'] = $format; + $components['secret'] = isset($components['secret']) ? $components['secret'] : ''; + $comment = isset($components['comment']) ? $components['comment'] : null; + $new = static::onLoad($components); + $new->format = $format; + $new->comment = $comment; + return $new instanceof PrivateKey ? + $new->withPassword($password) : + $new; + } + + /** + * Loads a private key + * + * @return PrivateKey + * @param string|array $key + * @param string $password optional + */ + public static function loadPrivateKey($key, $password = '') + { + $key = self::load($key, $password); + if (!$key instanceof PrivateKey) { + throw new NoKeyLoadedException('The key that was loaded was not a private key'); + } + return $key; + } + + /** + * Loads a public key + * + * @return PublicKey + * @param string|array $key + */ + public static function loadPublicKey($key) + { + $key = self::load($key); + if (!$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a public key'); + } + return $key; + } + + /** + * Loads parameters + * + * @return AsymmetricKey + * @param string|array $key + */ + public static function loadParameters($key) + { + $key = self::load($key); + if (!$key instanceof PrivateKey && !$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a parameter'); + } + return $key; + } + + /** + * Load the key, assuming a specific format + * + * @param string $type + * @param string $key + * @param string $password optional + * @return static + */ + public static function loadFormat($type, $key, $password = false) + { + self::initialize_static_variables(); + + $components = false; + $format = strtolower($type); + if (isset(self::$plugins[static::ALGORITHM]['Keys'][$format])) { + $format = self::$plugins[static::ALGORITHM]['Keys'][$format]; + $components = $format::load($key, $password); + } + + if ($components === false) { + throw new NoKeyLoadedException('Unable to read key'); + } + + $components['format'] = $format; + $components['secret'] = isset($components['secret']) ? $components['secret'] : ''; + + $new = static::onLoad($components); + $new->format = $format; + return $new instanceof PrivateKey ? + $new->withPassword($password) : + $new; + } + + /** + * Loads a private key + * + * @return PrivateKey + * @param string $type + * @param string $key + * @param string $password optional + */ + public static function loadPrivateKeyFormat($type, $key, $password = false) + { + $key = self::loadFormat($type, $key, $password); + if (!$key instanceof PrivateKey) { + throw new NoKeyLoadedException('The key that was loaded was not a private key'); + } + return $key; + } + + /** + * Loads a public key + * + * @return PublicKey + * @param string $type + * @param string $key + */ + public static function loadPublicKeyFormat($type, $key) + { + $key = self::loadFormat($type, $key); + if (!$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a public key'); + } + return $key; + } + + /** + * Loads parameters + * + * @return AsymmetricKey + * @param string $type + * @param string|array $key + */ + public static function loadParametersFormat($type, $key) + { + $key = self::loadFormat($type, $key); + if (!$key instanceof PrivateKey && !$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a parameter'); + } + return $key; + } + + /** + * Validate Plugin + * + * @param string $format + * @param string $type + * @param string $method optional + * @return mixed + */ + protected static function validatePlugin($format, $type, $method = null) + { + $type = strtolower($type); + if (!isset(self::$plugins[static::ALGORITHM][$format][$type])) { + throw new UnsupportedFormatException("$type is not a supported format"); + } + $type = self::$plugins[static::ALGORITHM][$format][$type]; + if (isset($method) && !method_exists($type, $method)) { + throw new UnsupportedFormatException("$type does not implement $method"); + } + + return $type; + } + + /** + * Load Plugins + * + * @param string $format + */ + private static function loadPlugins($format) + { + if (!isset(self::$plugins[static::ALGORITHM][$format])) { + self::$plugins[static::ALGORITHM][$format] = []; + foreach (new \DirectoryIterator(__DIR__ . '/../' . static::ALGORITHM . '/Formats/' . $format . '/') as $file) { + if ($file->getExtension() != 'php') { + continue; + } + $name = $file->getBasename('.php'); + if ($name[0] == '.') { + continue; + } + $type = 'phpseclib3\Crypt\\' . static::ALGORITHM . '\\Formats\\' . $format . '\\' . $name; + $reflect = new \ReflectionClass($type); + if ($reflect->isTrait()) { + continue; + } + self::$plugins[static::ALGORITHM][$format][strtolower($name)] = $type; + if ($reflect->hasConstant('IS_INVISIBLE')) { + self::$invisiblePlugins[static::ALGORITHM][] = $type; + } + } + } + } + + /** + * Returns a list of supported formats. + * + * @return array + */ + public static function getSupportedKeyFormats() + { + self::initialize_static_variables(); + + return self::$plugins[static::ALGORITHM]['Keys']; + } + + /** + * Add a fileformat plugin + * + * The plugin needs to either already be loaded or be auto-loadable. + * Loading a plugin whose shortname overwrite an existing shortname will overwrite the old plugin. + * + * @see self::load() + * @param string $fullname + * @return bool + */ + public static function addFileFormat($fullname) + { + self::initialize_static_variables(); + + if (class_exists($fullname)) { + $meta = new \ReflectionClass($fullname); + $shortname = $meta->getShortName(); + self::$plugins[static::ALGORITHM]['Keys'][strtolower($shortname)] = $fullname; + if ($meta->hasConstant('IS_INVISIBLE')) { + self::$invisiblePlugins[static::ALGORITHM][] = strtolower($shortname); + } + } + } + + /** + * Returns the format of the loaded key. + * + * If the key that was loaded wasn't in a valid or if the key was auto-generated + * with RSA::createKey() then this will throw an exception. + * + * @see self::load() + * @return mixed + */ + public function getLoadedFormat() + { + if (empty($this->format)) { + throw new NoKeyLoadedException('This key was created with createKey - it was not loaded with load. Therefore there is no "loaded format"'); + } + + $meta = new \ReflectionClass($this->format); + return $meta->getShortName(); + } + + /** + * Returns the key's comment + * + * Not all key formats support comments. If you want to set a comment use toString() + * + * @return null|string + */ + public function getComment() + { + return $this->comment; + } + + /** + * Tests engine validity + * + */ + public static function useBestEngine() + { + static::$engines = [ + 'PHP' => true, + 'OpenSSL' => extension_loaded('openssl'), + // this test can be satisfied by either of the following: + // http://php.net/manual/en/book.sodium.php + // https://github.com/paragonie/sodium_compat + 'libsodium' => function_exists('sodium_crypto_sign_keypair') + ]; + + return static::$engines; + } + + /** + * Flag to use internal engine only (useful for unit testing) + * + */ + public static function useInternalEngine() + { + static::$engines = [ + 'PHP' => true, + 'OpenSSL' => false, + 'libsodium' => false + ]; + } + + /** + * __toString() magic method + * + * @return string + */ + public function __toString() + { + return $this->toString('PKCS8'); + } + + /** + * Determines which hashing function should be used + * + * @param string $hash + */ + public function withHash($hash) + { + $new = clone $this; + + $new->hash = new Hash($hash); + $new->hmac = new Hash($hash); + + return $new; + } + + /** + * Returns the hash algorithm currently being used + * + */ + public function getHash() + { + return clone $this->hash; + } + + /** + * Compute the pseudorandom k for signature generation, + * using the process specified for deterministic DSA. + * + * @param string $h1 + * @return string + */ + protected function computek($h1) + { + $v = str_repeat("\1", strlen($h1)); + + $k = str_repeat("\0", strlen($h1)); + + $x = $this->int2octets($this->x); + $h1 = $this->bits2octets($h1); + + $this->hmac->setKey($k); + $k = $this->hmac->hash($v . "\0" . $x . $h1); + $this->hmac->setKey($k); + $v = $this->hmac->hash($v); + $k = $this->hmac->hash($v . "\1" . $x . $h1); + $this->hmac->setKey($k); + $v = $this->hmac->hash($v); + + $qlen = $this->q->getLengthInBytes(); + + while (true) { + $t = ''; + while (strlen($t) < $qlen) { + $v = $this->hmac->hash($v); + $t = $t . $v; + } + $k = $this->bits2int($t); + + if (!$k->equals(self::$zero) && $k->compare($this->q) < 0) { + break; + } + $k = $this->hmac->hash($v . "\0"); + $this->hmac->setKey($k); + $v = $this->hmac->hash($v); + } + + return $k; + } + + /** + * Integer to Octet String + * + * @param BigInteger $v + * @return string + */ + private function int2octets($v) + { + $out = $v->toBytes(); + $rolen = $this->q->getLengthInBytes(); + if (strlen($out) < $rolen) { + return str_pad($out, $rolen, "\0", STR_PAD_LEFT); + } elseif (strlen($out) > $rolen) { + return substr($out, -$rolen); + } else { + return $out; + } + } + + /** + * Bit String to Integer + * + * @param string $in + * @return BigInteger + */ + protected function bits2int($in) + { + $v = new BigInteger($in, 256); + $vlen = strlen($in) << 3; + $qlen = $this->q->getLength(); + if ($vlen > $qlen) { + return $v->bitwise_rightShift($vlen - $qlen); + } + return $v; + } + + /** + * Bit String to Octet String + * + * @param string $in + * @return string + */ + private function bits2octets($in) + { + $z1 = $this->bits2int($in); + $z2 = $z1->subtract($this->q); + return $z2->compare(self::$zero) < 0 ? + $this->int2octets($z1) : + $this->int2octets($z2); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/BlockCipher.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/BlockCipher.php new file mode 100644 index 0000000..b2642be --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/BlockCipher.php @@ -0,0 +1,24 @@ + + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common; + +/** + * Base Class for all block cipher classes + * + * @author Jim Wigginton + */ +abstract class BlockCipher extends SymmetricKey +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/JWK.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/JWK.php new file mode 100644 index 0000000..4c761b8 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/JWK.php @@ -0,0 +1,69 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; + +/** + * JSON Web Key Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class JWK +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password + * @return array + */ + public static function load($key, $password = '') + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $key = preg_replace('#\s#', '', $key); // remove whitespace + + if (PHP_VERSION_ID >= 73000) { + $key = json_decode($key, null, 512, JSON_THROW_ON_ERROR); + } else { + $key = json_decode($key); + if (!$key) { + throw new \RuntimeException('Unable to decode JSON'); + } + } + + if (isset($key->kty)) { + return $key; + } + + if (count($key->keys) != 1) { + throw new \RuntimeException('Although the JWK key format supports multiple keys phpseclib does not'); + } + + return $key->keys[0]; + } + + /** + * Wrap a key appropriately + * + * @return string + */ + protected static function wrapKey(array $key, array $options) + { + return json_encode(['keys' => [$key + $options]]); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..ab7f050 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php @@ -0,0 +1,224 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\BadDecryptionException; + +/** + * OpenSSH Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH +{ + /** + * Default comment + * + * @var string + */ + protected static $comment = 'phpseclib-generated-key'; + + /** + * Binary key flag + * + * @var bool + */ + protected static $binary = false; + + /** + * Sets the default comment + * + * @param string $comment + */ + public static function setComment($comment) + { + self::$comment = str_replace(["\r", "\n"], '', $comment); + } + + /** + * Break a public or private key down into its constituent components + * + * $type can be either ssh-dss or ssh-rsa + * + * @param string $key + * @param string $password + * @return array + */ + public static function load($key, $password = '') + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + // key format is described here: + // https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD + + if (strpos($key, 'BEGIN OPENSSH PRIVATE KEY') !== false) { + $key = preg_replace('#(?:^-.*?-[\r\n]*$)|\s#ms', '', $key); + $key = Strings::base64_decode($key); + $magic = Strings::shift($key, 15); + if ($magic != "openssh-key-v1\0") { + throw new \RuntimeException('Expected openssh-key-v1'); + } + list($ciphername, $kdfname, $kdfoptions, $numKeys) = Strings::unpackSSH2('sssN', $key); + if ($numKeys != 1) { + // if we wanted to support multiple keys we could update PublicKeyLoader to preview what the # of keys + // would be; it'd then call Common\Keys\OpenSSH.php::load() and get the paddedKey. it'd then pass + // that to the appropriate key loading parser $numKey times or something + throw new \RuntimeException('Although the OpenSSH private key format supports multiple keys phpseclib does not'); + } + switch ($ciphername) { + case 'none': + break; + case 'aes256-ctr': + if ($kdfname != 'bcrypt') { + throw new \RuntimeException('Only the bcrypt kdf is supported (' . $kdfname . ' encountered)'); + } + list($salt, $rounds) = Strings::unpackSSH2('sN', $kdfoptions); + $crypto = new AES('ctr'); + //$crypto->setKeyLength(256); + //$crypto->disablePadding(); + $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32); + break; + default: + throw new \RuntimeException('The only supported ciphers are: none, aes256-ctr (' . $ciphername . ' is being used)'); + } + + list($publicKey, $paddedKey) = Strings::unpackSSH2('ss', $key); + list($type) = Strings::unpackSSH2('s', $publicKey); + if (isset($crypto)) { + $paddedKey = $crypto->decrypt($paddedKey); + } + list($checkint1, $checkint2) = Strings::unpackSSH2('NN', $paddedKey); + // any leftover bytes in $paddedKey are for padding? but they should be sequential bytes. eg. 1, 2, 3, etc. + if ($checkint1 != $checkint2) { + if (isset($crypto)) { + throw new BadDecryptionException('Unable to decrypt key - please verify the password you are using'); + } + throw new \RuntimeException("The two checkints do not match ($checkint1 vs. $checkint2)"); + } + self::checkType($type); + + return compact('type', 'publicKey', 'paddedKey'); + } + + $parts = explode(' ', $key, 3); + + if (!isset($parts[1])) { + $key = base64_decode($parts[0]); + $comment = false; + } else { + $asciiType = $parts[0]; + self::checkType($parts[0]); + $key = base64_decode($parts[1]); + $comment = isset($parts[2]) ? $parts[2] : false; + } + if ($key === false) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + list($type) = Strings::unpackSSH2('s', $key); + self::checkType($type); + if (isset($asciiType) && $asciiType != $type) { + throw new \RuntimeException('Two different types of keys are claimed: ' . $asciiType . ' and ' . $type); + } + if (strlen($key) <= 4) { + throw new \UnexpectedValueException('Key appears to be malformed'); + } + + $publicKey = $key; + + return compact('type', 'publicKey', 'comment'); + } + + /** + * Toggle between binary and printable keys + * + * Printable keys are what are generated by default. These are the ones that go in + * $HOME/.ssh/authorized_key. + * + * @param bool $enabled + */ + public static function setBinaryOutput($enabled) + { + self::$binary = $enabled; + } + + /** + * Checks to see if the type is valid + * + * @param string $candidate + */ + private static function checkType($candidate) + { + if (!in_array($candidate, static::$types)) { + throw new \RuntimeException("The key type ($candidate) is not equal to: " . implode(',', static::$types)); + } + } + + /** + * Wrap a private key appropriately + * + * @param string $publicKey + * @param string $privateKey + * @param string $password + * @param array $options + * @return string + */ + protected static function wrapPrivateKey($publicKey, $privateKey, $password, $options) + { + list(, $checkint) = unpack('N', Random::string(4)); + + $comment = isset($options['comment']) ? $options['comment'] : self::$comment; + $paddedKey = Strings::packSSH2('NN', $checkint, $checkint) . + $privateKey . + Strings::packSSH2('s', $comment); + + $usesEncryption = !empty($password) && is_string($password); + + /* + from http://tools.ietf.org/html/rfc4253#section-6 : + + Note that the length of the concatenation of 'packet_length', + 'padding_length', 'payload', and 'random padding' MUST be a multiple + of the cipher block size or 8, whichever is larger. + */ + $blockSize = $usesEncryption ? 16 : 8; + $paddingLength = (($blockSize - 1) * strlen($paddedKey)) % $blockSize; + for ($i = 1; $i <= $paddingLength; $i++) { + $paddedKey .= chr($i); + } + if (!$usesEncryption) { + $key = Strings::packSSH2('sssNss', 'none', 'none', '', 1, $publicKey, $paddedKey); + } else { + $rounds = isset($options['rounds']) ? $options['rounds'] : 16; + $salt = Random::string(16); + $kdfoptions = Strings::packSSH2('sN', $salt, $rounds); + $crypto = new AES('ctr'); + $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32); + $paddedKey = $crypto->encrypt($paddedKey); + $key = Strings::packSSH2('sssNss', 'aes256-ctr', 'bcrypt', $kdfoptions, 1, $publicKey, $paddedKey); + } + $key = "openssh-key-v1\0$key"; + + return "-----BEGIN OPENSSH PRIVATE KEY-----\n" . + chunk_split(Strings::base64_encode($key), 70, "\n") . + "-----END OPENSSH PRIVATE KEY-----\n"; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS.php new file mode 100644 index 0000000..0219400 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS.php @@ -0,0 +1,72 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +/** + * PKCS1 Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS +{ + /** + * Auto-detect the format + */ + const MODE_ANY = 0; + /** + * Require base64-encoded PEM's be supplied + */ + const MODE_PEM = 1; + /** + * Require raw DER's be supplied + */ + const MODE_DER = 2; + /**#@-*/ + + /** + * Is the key a base-64 encoded PEM, DER or should it be auto-detected? + * + * @var int + */ + protected static $format = self::MODE_ANY; + + /** + * Require base64-encoded PEM's be supplied + * + */ + public static function requirePEM() + { + self::$format = self::MODE_PEM; + } + + /** + * Require raw DER's be supplied + * + */ + public static function requireDER() + { + self::$format = self::MODE_DER; + } + + /** + * Accept any format and auto detect the format + * + * This is the default setting + * + */ + public static function requireAny() + { + self::$format = self::MODE_ANY; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..4c639c0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS1.php @@ -0,0 +1,209 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\DES; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\TripleDES; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\File\ASN1; + +/** + * PKCS1 Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends PKCS +{ + /** + * Default encryption algorithm + * + * @var string + */ + private static $defaultEncryptionAlgorithm = 'AES-128-CBC'; + + /** + * Sets the default encryption algorithm + * + * @param string $algo + */ + public static function setEncryptionAlgorithm($algo) + { + self::$defaultEncryptionAlgorithm = $algo; + } + + /** + * Returns the mode constant corresponding to the mode string + * + * @param string $mode + * @return int + * @throws \UnexpectedValueException if the block cipher mode is unsupported + */ + private static function getEncryptionMode($mode) + { + switch ($mode) { + case 'CBC': + case 'ECB': + case 'CFB': + case 'OFB': + case 'CTR': + return $mode; + } + throw new \UnexpectedValueException('Unsupported block cipher mode of operation'); + } + + /** + * Returns a cipher object corresponding to a string + * + * @param string $algo + * @return string + * @throws \UnexpectedValueException if the encryption algorithm is unsupported + */ + private static function getEncryptionObject($algo) + { + $modes = '(CBC|ECB|CFB|OFB|CTR)'; + switch (true) { + case preg_match("#^AES-(128|192|256)-$modes$#", $algo, $matches): + $cipher = new AES(self::getEncryptionMode($matches[2])); + $cipher->setKeyLength($matches[1]); + return $cipher; + case preg_match("#^DES-EDE3-$modes$#", $algo, $matches): + return new TripleDES(self::getEncryptionMode($matches[1])); + case preg_match("#^DES-$modes$#", $algo, $matches): + return new DES(self::getEncryptionMode($matches[1])); + default: + throw new UnsupportedAlgorithmException($algo . ' is not a supported algorithm'); + } + } + + /** + * Generate a symmetric key for PKCS#1 keys + * + * @param string $password + * @param string $iv + * @param int $length + * @return string + */ + private static function generateSymmetricKey($password, $iv, $length) + { + $symkey = ''; + $iv = substr($iv, 0, 8); + while (strlen($symkey) < $length) { + $symkey .= md5($symkey . $password . $iv, true); + } + return substr($symkey, 0, $length); + } + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + protected static function load($key, $password) + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is + "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to + protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding + two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here: + + http://tools.ietf.org/html/rfc1421#section-4.6.1.1 + http://tools.ietf.org/html/rfc1421#section-4.6.1.3 + + DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell. + DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation + function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's + own implementation. ie. the implementation *is* the standard and any bugs that may exist in that + implementation are part of the standard, as well. + + * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */ + if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) { + $iv = Strings::hex2bin(trim($matches[2])); + // remove the Proc-Type / DEK-Info sections as they're no longer needed + $key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key); + $ciphertext = ASN1::extractBER($key); + if ($ciphertext === false) { + $ciphertext = $key; + } + $crypto = self::getEncryptionObject($matches[1]); + $crypto->setKey(self::generateSymmetricKey($password, $iv, $crypto->getKeyLength() >> 3)); + $crypto->setIV($iv); + $key = $crypto->decrypt($ciphertext); + } else { + if (self::$format != self::MODE_DER) { + $decoded = ASN1::extractBER($key); + if ($decoded !== false) { + $key = $decoded; + } elseif (self::$format == self::MODE_PEM) { + throw new \UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text'); + } + } + } + + return $key; + } + + /** + * Wrap a private key appropriately + * + * @param string $key + * @param string $type + * @param string $password + * @param array $options optional + * @return string + */ + protected static function wrapPrivateKey($key, $type, $password, array $options = []) + { + if (empty($password) || !is_string($password)) { + return "-----BEGIN $type PRIVATE KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END $type PRIVATE KEY-----"; + } + + $encryptionAlgorithm = isset($options['encryptionAlgorithm']) ? $options['encryptionAlgorithm'] : self::$defaultEncryptionAlgorithm; + + $cipher = self::getEncryptionObject($encryptionAlgorithm); + $iv = Random::string($cipher->getBlockLength() >> 3); + $cipher->setKey(self::generateSymmetricKey($password, $iv, $cipher->getKeyLength() >> 3)); + $cipher->setIV($iv); + $iv = strtoupper(Strings::bin2hex($iv)); + return "-----BEGIN $type PRIVATE KEY-----\r\n" . + "Proc-Type: 4,ENCRYPTED\r\n" . + "DEK-Info: " . $encryptionAlgorithm . ",$iv\r\n" . + "\r\n" . + chunk_split(Strings::base64_encode($cipher->encrypt($key)), 64) . + "-----END $type PRIVATE KEY-----"; + } + + /** + * Wrap a public key appropriately + * + * @param string $key + * @param string $type + * @return string + */ + protected static function wrapPublicKey($key, $type) + { + return "-----BEGIN $type PUBLIC KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END $type PUBLIC KEY-----"; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..732ac5d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php @@ -0,0 +1,725 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\DES; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RC2; +use phpseclib3\Crypt\RC4; +use phpseclib3\Crypt\TripleDES; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; + +/** + * PKCS#8 Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends PKCS +{ + /** + * Default encryption algorithm + * + * @var string + */ + private static $defaultEncryptionAlgorithm = 'id-PBES2'; + + /** + * Default encryption scheme + * + * Only used when defaultEncryptionAlgorithm is id-PBES2 + * + * @var string + */ + private static $defaultEncryptionScheme = 'aes128-CBC-PAD'; + + /** + * Default PRF + * + * Only used when defaultEncryptionAlgorithm is id-PBES2 + * + * @var string + */ + private static $defaultPRF = 'id-hmacWithSHA256'; + + /** + * Default Iteration Count + * + * @var int + */ + private static $defaultIterationCount = 2048; + + /** + * OIDs loaded + * + * @var bool + */ + private static $oidsLoaded = false; + + /** + * Sets the default encryption algorithm + * + * @param string $algo + */ + public static function setEncryptionAlgorithm($algo) + { + self::$defaultEncryptionAlgorithm = $algo; + } + + /** + * Sets the default encryption algorithm for PBES2 + * + * @param string $algo + */ + public static function setEncryptionScheme($algo) + { + self::$defaultEncryptionScheme = $algo; + } + + /** + * Sets the iteration count + * + * @param int $count + */ + public static function setIterationCount($count) + { + self::$defaultIterationCount = $count; + } + + /** + * Sets the PRF for PBES2 + * + * @param string $algo + */ + public static function setPRF($algo) + { + self::$defaultPRF = $algo; + } + + /** + * Returns a SymmetricKey object based on a PBES1 $algo + * + * @return \phpseclib3\Crypt\Common\SymmetricKey + * @param string $algo + */ + private static function getPBES1EncryptionObject($algo) + { + $algo = preg_match('#^pbeWith(?:MD2|MD5|SHA1|SHA)And(.*?)-CBC$#', $algo, $matches) ? + $matches[1] : + substr($algo, 13); // strlen('pbeWithSHAAnd') == 13 + + switch ($algo) { + case 'DES': + $cipher = new DES('cbc'); + break; + case 'RC2': + $cipher = new RC2('cbc'); + $cipher->setKeyLength(64); + break; + case '3-KeyTripleDES': + $cipher = new TripleDES('cbc'); + break; + case '2-KeyTripleDES': + $cipher = new TripleDES('cbc'); + $cipher->setKeyLength(128); + break; + case '128BitRC2': + $cipher = new RC2('cbc'); + $cipher->setKeyLength(128); + break; + case '40BitRC2': + $cipher = new RC2('cbc'); + $cipher->setKeyLength(40); + break; + case '128BitRC4': + $cipher = new RC4(); + $cipher->setKeyLength(128); + break; + case '40BitRC4': + $cipher = new RC4(); + $cipher->setKeyLength(40); + break; + default: + throw new UnsupportedAlgorithmException("$algo is not a supported algorithm"); + } + + return $cipher; + } + + /** + * Returns a hash based on a PBES1 $algo + * + * @return string + * @param string $algo + */ + private static function getPBES1Hash($algo) + { + if (preg_match('#^pbeWith(MD2|MD5|SHA1|SHA)And.*?-CBC$#', $algo, $matches)) { + return $matches[1] == 'SHA' ? 'sha1' : $matches[1]; + } + + return 'sha1'; + } + + /** + * Returns a KDF baesd on a PBES1 $algo + * + * @return string + * @param string $algo + */ + private static function getPBES1KDF($algo) + { + switch ($algo) { + case 'pbeWithMD2AndDES-CBC': + case 'pbeWithMD2AndRC2-CBC': + case 'pbeWithMD5AndDES-CBC': + case 'pbeWithMD5AndRC2-CBC': + case 'pbeWithSHA1AndDES-CBC': + case 'pbeWithSHA1AndRC2-CBC': + return 'pbkdf1'; + } + + return 'pkcs12'; + } + + /** + * Returns a SymmetricKey object baesd on a PBES2 $algo + * + * @return SymmetricKey + * @param string $algo + */ + private static function getPBES2EncryptionObject($algo) + { + switch ($algo) { + case 'desCBC': + $cipher = new DES('cbc'); + break; + case 'des-EDE3-CBC': + $cipher = new TripleDES('cbc'); + break; + case 'rc2CBC': + $cipher = new RC2('cbc'); + // in theory this can be changed + $cipher->setKeyLength(128); + break; + case 'rc5-CBC-PAD': + throw new UnsupportedAlgorithmException('rc5-CBC-PAD is not supported for PBES2 PKCS#8 keys'); + case 'aes128-CBC-PAD': + case 'aes192-CBC-PAD': + case 'aes256-CBC-PAD': + $cipher = new AES('cbc'); + $cipher->setKeyLength(substr($algo, 3, 3)); + break; + default: + throw new UnsupportedAlgorithmException("$algo is not supported"); + } + + return $cipher; + } + + /** + * Initialize static variables + * + */ + private static function initialize_static_variables() + { + if (!isset(static::$childOIDsLoaded)) { + throw new InsufficientSetupException('This class should not be called directly'); + } + + if (!static::$childOIDsLoaded) { + ASN1::loadOIDs(is_array(static::OID_NAME) ? + array_combine(static::OID_NAME, static::OID_VALUE) : + [static::OID_NAME => static::OID_VALUE]); + static::$childOIDsLoaded = true; + } + if (!self::$oidsLoaded) { + // from https://tools.ietf.org/html/rfc2898 + ASN1::loadOIDs([ + // PBES1 encryption schemes + 'pbeWithMD2AndDES-CBC' => '1.2.840.113549.1.5.1', + 'pbeWithMD2AndRC2-CBC' => '1.2.840.113549.1.5.4', + 'pbeWithMD5AndDES-CBC' => '1.2.840.113549.1.5.3', + 'pbeWithMD5AndRC2-CBC' => '1.2.840.113549.1.5.6', + 'pbeWithSHA1AndDES-CBC' => '1.2.840.113549.1.5.10', + 'pbeWithSHA1AndRC2-CBC' => '1.2.840.113549.1.5.11', + + // from PKCS#12: + // https://tools.ietf.org/html/rfc7292 + 'pbeWithSHAAnd128BitRC4' => '1.2.840.113549.1.12.1.1', + 'pbeWithSHAAnd40BitRC4' => '1.2.840.113549.1.12.1.2', + 'pbeWithSHAAnd3-KeyTripleDES-CBC' => '1.2.840.113549.1.12.1.3', + 'pbeWithSHAAnd2-KeyTripleDES-CBC' => '1.2.840.113549.1.12.1.4', + 'pbeWithSHAAnd128BitRC2-CBC' => '1.2.840.113549.1.12.1.5', + 'pbeWithSHAAnd40BitRC2-CBC' => '1.2.840.113549.1.12.1.6', + + 'id-PBKDF2' => '1.2.840.113549.1.5.12', + 'id-PBES2' => '1.2.840.113549.1.5.13', + 'id-PBMAC1' => '1.2.840.113549.1.5.14', + + // from PKCS#5 v2.1: + // http://www.rsa.com/rsalabs/pkcs/files/h11302-wp-pkcs5v2-1-password-based-cryptography-standard.pdf + 'id-hmacWithSHA1' => '1.2.840.113549.2.7', + 'id-hmacWithSHA224' => '1.2.840.113549.2.8', + 'id-hmacWithSHA256' => '1.2.840.113549.2.9', + 'id-hmacWithSHA384' => '1.2.840.113549.2.10', + 'id-hmacWithSHA512' => '1.2.840.113549.2.11', + 'id-hmacWithSHA512-224' => '1.2.840.113549.2.12', + 'id-hmacWithSHA512-256' => '1.2.840.113549.2.13', + + 'desCBC' => '1.3.14.3.2.7', + 'des-EDE3-CBC' => '1.2.840.113549.3.7', + 'rc2CBC' => '1.2.840.113549.3.2', + 'rc5-CBC-PAD' => '1.2.840.113549.3.9', + + 'aes128-CBC-PAD' => '2.16.840.1.101.3.4.1.2', + 'aes192-CBC-PAD' => '2.16.840.1.101.3.4.1.22', + 'aes256-CBC-PAD' => '2.16.840.1.101.3.4.1.42' + ]); + self::$oidsLoaded = true; + } + } + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + protected static function load($key, $password = '') + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $isPublic = strpos($key, 'PUBLIC') !== false; + $isPrivate = strpos($key, 'PRIVATE') !== false; + + $decoded = self::preParse($key); + + $meta = []; + + $decrypted = ASN1::asn1map($decoded[0], Maps\EncryptedPrivateKeyInfo::MAP); + if (strlen($password) && is_array($decrypted)) { + $algorithm = $decrypted['encryptionAlgorithm']['algorithm']; + switch ($algorithm) { + // PBES1 + case 'pbeWithMD2AndDES-CBC': + case 'pbeWithMD2AndRC2-CBC': + case 'pbeWithMD5AndDES-CBC': + case 'pbeWithMD5AndRC2-CBC': + case 'pbeWithSHA1AndDES-CBC': + case 'pbeWithSHA1AndRC2-CBC': + case 'pbeWithSHAAnd3-KeyTripleDES-CBC': + case 'pbeWithSHAAnd2-KeyTripleDES-CBC': + case 'pbeWithSHAAnd128BitRC2-CBC': + case 'pbeWithSHAAnd40BitRC2-CBC': + case 'pbeWithSHAAnd128BitRC4': + case 'pbeWithSHAAnd40BitRC4': + $cipher = self::getPBES1EncryptionObject($algorithm); + $hash = self::getPBES1Hash($algorithm); + $kdf = self::getPBES1KDF($algorithm); + + $meta['meta']['algorithm'] = $algorithm; + + $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + if (!$temp) { + throw new \RuntimeException('Unable to decode BER'); + } + extract(ASN1::asn1map($temp[0], Maps\PBEParameter::MAP)); + $iterationCount = (int) $iterationCount->toString(); + $cipher->setPassword($password, $kdf, $hash, $salt, $iterationCount); + $key = $cipher->decrypt($decrypted['encryptedData']); + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER 2'); + } + + break; + case 'id-PBES2': + $meta['meta']['algorithm'] = $algorithm; + + $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + if (!$temp) { + throw new \RuntimeException('Unable to decode BER'); + } + $temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP); + extract($temp); + + $cipher = self::getPBES2EncryptionObject($encryptionScheme['algorithm']); + $meta['meta']['cipher'] = $encryptionScheme['algorithm']; + + $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + if (!$temp) { + throw new \RuntimeException('Unable to decode BER'); + } + $temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP); + extract($temp); + + if (!$cipher instanceof RC2) { + $cipher->setIV($encryptionScheme['parameters']['octetString']); + } else { + $temp = ASN1::decodeBER($encryptionScheme['parameters']); + if (!$temp) { + throw new \RuntimeException('Unable to decode BER'); + } + extract(ASN1::asn1map($temp[0], Maps\RC2CBCParameter::MAP)); + $effectiveKeyLength = (int) $rc2ParametersVersion->toString(); + switch ($effectiveKeyLength) { + case 160: + $effectiveKeyLength = 40; + break; + case 120: + $effectiveKeyLength = 64; + break; + case 58: + $effectiveKeyLength = 128; + break; + //default: // should be >= 256 + } + $cipher->setIV($iv); + $cipher->setKeyLength($effectiveKeyLength); + } + + $meta['meta']['keyDerivationFunc'] = $keyDerivationFunc['algorithm']; + switch ($keyDerivationFunc['algorithm']) { + case 'id-PBKDF2': + $temp = ASN1::decodeBER($keyDerivationFunc['parameters']); + if (!$temp) { + throw new \RuntimeException('Unable to decode BER'); + } + $prf = ['algorithm' => 'id-hmacWithSHA1']; + $params = ASN1::asn1map($temp[0], Maps\PBKDF2params::MAP); + extract($params); + $meta['meta']['prf'] = $prf['algorithm']; + $hash = str_replace('-', '/', substr($prf['algorithm'], 11)); + $params = [ + $password, + 'pbkdf2', + $hash, + $salt, + (int) $iterationCount->toString() + ]; + if (isset($keyLength)) { + $params[] = (int) $keyLength->toString(); + } + $cipher->setPassword(...$params); + $key = $cipher->decrypt($decrypted['encryptedData']); + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER 3'); + } + break; + default: + throw new UnsupportedAlgorithmException('Only PBKDF2 is supported for PBES2 PKCS#8 keys'); + } + break; + case 'id-PBMAC1': + //$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']); + //$value = ASN1::asn1map($temp[0], Maps\PBMAC1params::MAP); + // since i can't find any implementation that does PBMAC1 it is unsupported + throw new UnsupportedAlgorithmException('Only PBES1 and PBES2 PKCS#8 keys are supported.'); + // at this point we'll assume that the key conforms to PublicKeyInfo + } + } + + $private = ASN1::asn1map($decoded[0], Maps\OneAsymmetricKey::MAP); + if (is_array($private)) { + if ($isPublic) { + throw new \UnexpectedValueException('Human readable string claims public key but DER encoded string claims private key'); + } + + if (isset($private['privateKeyAlgorithm']['parameters']) && !$private['privateKeyAlgorithm']['parameters'] instanceof ASN1\Element && isset($decoded[0]['content'][1]['content'][1])) { + $temp = $decoded[0]['content'][1]['content'][1]; + $private['privateKeyAlgorithm']['parameters'] = new ASN1\Element(substr($key, $temp['start'], $temp['length'])); + } + if (is_array(static::OID_NAME)) { + if (!in_array($private['privateKeyAlgorithm']['algorithm'], static::OID_NAME)) { + throw new UnsupportedAlgorithmException($private['privateKeyAlgorithm']['algorithm'] . ' is not a supported key type'); + } + } else { + if ($private['privateKeyAlgorithm']['algorithm'] != static::OID_NAME) { + throw new UnsupportedAlgorithmException('Only ' . static::OID_NAME . ' keys are supported; this is a ' . $private['privateKeyAlgorithm']['algorithm'] . ' key'); + } + } + if (isset($private['publicKey'])) { + if ($private['publicKey'][0] != "\0") { + throw new \UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($private['publicKey'][0])); + } + $private['publicKey'] = substr($private['publicKey'], 1); + } + return $private + $meta; + } + + // EncryptedPrivateKeyInfo and PublicKeyInfo have largely identical "signatures". the only difference + // is that the former has an octet string and the later has a bit string. the first byte of a bit + // string represents the number of bits in the last byte that are to be ignored but, currently, + // bit strings wanting a non-zero amount of bits trimmed are not supported + $public = ASN1::asn1map($decoded[0], Maps\PublicKeyInfo::MAP); + + if (is_array($public)) { + if ($isPrivate) { + throw new \UnexpectedValueException('Human readable string claims private key but DER encoded string claims public key'); + } + + if ($public['publicKey'][0] != "\0") { + throw new \UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($public['publicKey'][0])); + } + if (is_array(static::OID_NAME)) { + if (!in_array($public['publicKeyAlgorithm']['algorithm'], static::OID_NAME)) { + throw new UnsupportedAlgorithmException($public['publicKeyAlgorithm']['algorithm'] . ' is not a supported key type'); + } + } else { + if ($public['publicKeyAlgorithm']['algorithm'] != static::OID_NAME) { + throw new UnsupportedAlgorithmException('Only ' . static::OID_NAME . ' keys are supported; this is a ' . $public['publicKeyAlgorithm']['algorithm'] . ' key'); + } + } + if (isset($public['publicKeyAlgorithm']['parameters']) && !$public['publicKeyAlgorithm']['parameters'] instanceof ASN1\Element && isset($decoded[0]['content'][0]['content'][1])) { + $temp = $decoded[0]['content'][0]['content'][1]; + $public['publicKeyAlgorithm']['parameters'] = new ASN1\Element(substr($key, $temp['start'], $temp['length'])); + } + $public['publicKey'] = substr($public['publicKey'], 1); + return $public; + } + + throw new \RuntimeException('Unable to parse using either OneAsymmetricKey or PublicKeyInfo ASN1 maps'); + } + + /** + * Wrap a private key appropriately + * + * @param string $key + * @param string $attr + * @param mixed $params + * @param string $password + * @param string $oid optional + * @param string $publicKey optional + * @param array $options optional + * @return string + */ + protected static function wrapPrivateKey($key, $attr, $params, $password, $oid = null, $publicKey = '', array $options = []) + { + self::initialize_static_variables(); + + $key = [ + 'version' => 'v1', + 'privateKeyAlgorithm' => [ + 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid + ], + 'privateKey' => $key + ]; + if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') { + $key['privateKeyAlgorithm']['parameters'] = $params; + } + if (!empty($attr)) { + $key['attributes'] = $attr; + } + if (!empty($publicKey)) { + $key['version'] = 'v2'; + $key['publicKey'] = $publicKey; + } + $key = ASN1::encodeDER($key, Maps\OneAsymmetricKey::MAP); + if (!empty($password) && is_string($password)) { + $salt = Random::string(8); + + $iterationCount = isset($options['iterationCount']) ? $options['iterationCount'] : self::$defaultIterationCount; + $encryptionAlgorithm = isset($options['encryptionAlgorithm']) ? $options['encryptionAlgorithm'] : self::$defaultEncryptionAlgorithm; + $encryptionScheme = isset($options['encryptionScheme']) ? $options['encryptionScheme'] : self::$defaultEncryptionScheme; + $prf = isset($options['PRF']) ? $options['PRF'] : self::$defaultPRF; + + if ($encryptionAlgorithm == 'id-PBES2') { + $crypto = self::getPBES2EncryptionObject($encryptionScheme); + $hash = str_replace('-', '/', substr($prf, 11)); + $kdf = 'pbkdf2'; + $iv = Random::string($crypto->getBlockLength() >> 3); + + $PBKDF2params = [ + 'salt' => $salt, + 'iterationCount' => $iterationCount, + 'prf' => ['algorithm' => $prf, 'parameters' => null] + ]; + $PBKDF2params = ASN1::encodeDER($PBKDF2params, Maps\PBKDF2params::MAP); + + if (!$crypto instanceof RC2) { + $params = ['octetString' => $iv]; + } else { + $params = [ + 'rc2ParametersVersion' => 58, + 'iv' => $iv + ]; + $params = ASN1::encodeDER($params, Maps\RC2CBCParameter::MAP); + $params = new ASN1\Element($params); + } + + $params = [ + 'keyDerivationFunc' => [ + 'algorithm' => 'id-PBKDF2', + 'parameters' => new ASN1\Element($PBKDF2params) + ], + 'encryptionScheme' => [ + 'algorithm' => $encryptionScheme, + 'parameters' => $params + ] + ]; + $params = ASN1::encodeDER($params, Maps\PBES2params::MAP); + + $crypto->setIV($iv); + } else { + $crypto = self::getPBES1EncryptionObject($encryptionAlgorithm); + $hash = self::getPBES1Hash($encryptionAlgorithm); + $kdf = self::getPBES1KDF($encryptionAlgorithm); + + $params = [ + 'salt' => $salt, + 'iterationCount' => $iterationCount + ]; + $params = ASN1::encodeDER($params, Maps\PBEParameter::MAP); + } + $crypto->setPassword($password, $kdf, $hash, $salt, $iterationCount); + $key = $crypto->encrypt($key); + + $key = [ + 'encryptionAlgorithm' => [ + 'algorithm' => $encryptionAlgorithm, + 'parameters' => new ASN1\Element($params) + ], + 'encryptedData' => $key + ]; + + $key = ASN1::encodeDER($key, Maps\EncryptedPrivateKeyInfo::MAP); + + return "-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END ENCRYPTED PRIVATE KEY-----"; + } + + return "-----BEGIN PRIVATE KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END PRIVATE KEY-----"; + } + + /** + * Wrap a public key appropriately + * + * @param string $key + * @param mixed $params + * @param string $oid + * @return string + */ + protected static function wrapPublicKey($key, $params, $oid = null) + { + self::initialize_static_variables(); + + $key = [ + 'publicKeyAlgorithm' => [ + 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid + ], + 'publicKey' => "\0" . $key + ]; + + if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') { + $key['publicKeyAlgorithm']['parameters'] = $params; + } + + $key = ASN1::encodeDER($key, Maps\PublicKeyInfo::MAP); + + return "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + } + + /** + * Perform some preliminary parsing of the key + * + * @param string $key + * @return array + */ + private static function preParse(&$key) + { + self::initialize_static_variables(); + + if (self::$format != self::MODE_DER) { + $decoded = ASN1::extractBER($key); + if ($decoded !== false) { + $key = $decoded; + } elseif (self::$format == self::MODE_PEM) { + throw new \UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text'); + } + } + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + + return $decoded; + } + + /** + * Returns the encryption parameters used by the key + * + * @param string $key + * @return array + */ + public static function extractEncryptionAlgorithm($key) + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $decoded = self::preParse($key); + + $r = ASN1::asn1map($decoded[0], Maps\EncryptedPrivateKeyInfo::MAP); + if (!is_array($r)) { + throw new \RuntimeException('Unable to parse using EncryptedPrivateKeyInfo map'); + } + + if ($r['encryptionAlgorithm']['algorithm'] == 'id-PBES2') { + $decoded = ASN1::decodeBER($r['encryptionAlgorithm']['parameters']->element); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + $r['encryptionAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], Maps\PBES2params::MAP); + + $kdf = &$r['encryptionAlgorithm']['parameters']['keyDerivationFunc']; + switch ($kdf['algorithm']) { + case 'id-PBKDF2': + $decoded = ASN1::decodeBER($kdf['parameters']->element); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + $kdf['parameters'] = ASN1::asn1map($decoded[0], Maps\PBKDF2params::MAP); + } + } + + return $r['encryptionAlgorithm']; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..85da83a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php @@ -0,0 +1,374 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\UnsupportedAlgorithmException; + +/** + * PuTTY Formatted Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY +{ + /** + * Default comment + * + * @var string + */ + private static $comment = 'phpseclib-generated-key'; + + /** + * Default version + * + * @var int + */ + private static $version = 2; + + /** + * Sets the default comment + * + * @param string $comment + */ + public static function setComment($comment) + { + self::$comment = str_replace(["\r", "\n"], '', $comment); + } + + /** + * Sets the default version + * + * @param int $version + */ + public static function setVersion($version) + { + if ($version != 2 && $version != 3) { + throw new \RuntimeException('Only supported versions are 2 and 3'); + } + self::$version = $version; + } + + /** + * Generate a symmetric key for PuTTY v2 keys + * + * @param string $password + * @param int $length + * @return string + */ + private static function generateV2Key($password, $length) + { + $symkey = ''; + $sequence = 0; + while (strlen($symkey) < $length) { + $temp = pack('Na*', $sequence++, $password); + $symkey .= Strings::hex2bin(sha1($temp)); + } + return substr($symkey, 0, $length); + } + + /** + * Generate a symmetric key for PuTTY v3 keys + * + * @param string $password + * @param string $flavour + * @param int $memory + * @param int $passes + * @param string $salt + * @return array + */ + private static function generateV3Key($password, $flavour, $memory, $passes, $salt) + { + if (!function_exists('sodium_crypto_pwhash')) { + throw new \RuntimeException('sodium_crypto_pwhash needs to exist for Argon2 password hasing'); + } + + switch ($flavour) { + case 'Argon2i': + $flavour = SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13; + break; + case 'Argon2id': + $flavour = SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13; + break; + default: + throw new UnsupportedAlgorithmException('Only Argon2i and Argon2id are supported'); + } + + $length = 80; // keylen + ivlen + mac_keylen + $temp = sodium_crypto_pwhash($length, $password, $salt, $passes, $memory << 10, $flavour); + + $symkey = substr($temp, 0, 32); + $symiv = substr($temp, 32, 16); + $hashkey = substr($temp, -32); + + return compact('symkey', 'symiv', 'hashkey'); + } + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password + * @return array + */ + public static function load($key, $password) + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (strpos($key, 'BEGIN SSH2 PUBLIC KEY') !== false) { + $lines = preg_split('#[\r\n]+#', $key); + switch (true) { + case $lines[0] != '---- BEGIN SSH2 PUBLIC KEY ----': + throw new \UnexpectedValueException('Key doesn\'t start with ---- BEGIN SSH2 PUBLIC KEY ----'); + case $lines[count($lines) - 1] != '---- END SSH2 PUBLIC KEY ----': + throw new \UnexpectedValueException('Key doesn\'t end with ---- END SSH2 PUBLIC KEY ----'); + } + $lines = array_splice($lines, 1, -1); + $lines = array_map(function ($line) { + return rtrim($line, "\r\n"); + }, $lines); + $data = $current = ''; + $values = []; + $in_value = false; + foreach ($lines as $line) { + switch (true) { + case preg_match('#^(.*?): (.*)#', $line, $match): + $in_value = $line[strlen($line) - 1] == '\\'; + $current = strtolower($match[1]); + $values[$current] = $in_value ? substr($match[2], 0, -1) : $match[2]; + break; + case $in_value: + $in_value = $line[strlen($line) - 1] == '\\'; + $values[$current] .= $in_value ? substr($line, 0, -1) : $line; + break; + default: + $data .= $line; + } + } + + $components = call_user_func([static::PUBLIC_HANDLER, 'load'], $data); + if ($components === false) { + throw new \UnexpectedValueException('Unable to decode public key'); + } + $components += $values; + $components['comment'] = str_replace(['\\\\', '\"'], ['\\', '"'], $values['comment']); + + return $components; + } + + $components = []; + + $key = preg_split('#\r\n|\r|\n#', trim($key)); + if (Strings::shift($key[0], strlen('PuTTY-User-Key-File-')) != 'PuTTY-User-Key-File-') { + return false; + } + $version = (int) Strings::shift($key[0], 3); // should be either "2: " or "3: 0" prior to int casting + if ($version != 2 && $version != 3) { + throw new \RuntimeException('Only v2 and v3 PuTTY private keys are supported'); + } + $components['type'] = $type = rtrim($key[0]); + if (!in_array($type, static::$types)) { + $error = count(static::$types) == 1 ? + 'Only ' . static::$types[0] . ' keys are supported. ' : + ''; + throw new UnsupportedAlgorithmException($error . 'This is an unsupported ' . $type . ' key'); + } + $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1])); + $components['comment'] = trim(preg_replace('#Comment: (.+)#', '$1', $key[2])); + + $publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3])); + $public = Strings::base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength)))); + + $source = Strings::packSSH2('ssss', $type, $encryption, $components['comment'], $public); + + extract(unpack('Nlength', Strings::shift($public, 4))); + $newtype = Strings::shift($public, $length); + if ($newtype != $type) { + throw new \RuntimeException('The binary type does not match the human readable type field'); + } + + $components['public'] = $public; + + switch ($version) { + case 3: + $hashkey = ''; + break; + case 2: + $hashkey = 'putty-private-key-file-mac-key'; + } + + $offset = $publicLength + 4; + switch ($encryption) { + case 'aes256-cbc': + $crypto = new AES('cbc'); + switch ($version) { + case 3: + $flavour = trim(preg_replace('#Key-Derivation: (.*)#', '$1', $key[$offset++])); + $memory = trim(preg_replace('#Argon2-Memory: (\d+)#', '$1', $key[$offset++])); + $passes = trim(preg_replace('#Argon2-Passes: (\d+)#', '$1', $key[$offset++])); + $parallelism = trim(preg_replace('#Argon2-Parallelism: (\d+)#', '$1', $key[$offset++])); + $salt = Strings::hex2bin(trim(preg_replace('#Argon2-Salt: ([0-9a-f]+)#', '$1', $key[$offset++]))); + + extract(self::generateV3Key($password, $flavour, $memory, $passes, $salt)); + + break; + case 2: + $symkey = self::generateV2Key($password, 32); + $symiv = str_repeat("\0", $crypto->getBlockLength() >> 3); + $hashkey .= $password; + } + } + + switch ($version) { + case 3: + $hash = new Hash('sha256'); + $hash->setKey($hashkey); + break; + case 2: + $hash = new Hash('sha1'); + $hash->setKey(sha1($hashkey, true)); + } + + $privateLength = trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$offset++])); + $private = Strings::base64_decode(implode('', array_map('trim', array_slice($key, $offset, $privateLength)))); + + if ($encryption != 'none') { + $crypto->setKey($symkey); + $crypto->setIV($symiv); + $crypto->disablePadding(); + $private = $crypto->decrypt($private); + } + + $source .= Strings::packSSH2('s', $private); + + $hmac = trim(preg_replace('#Private-MAC: (.+)#', '$1', $key[$offset + $privateLength])); + $hmac = Strings::hex2bin($hmac); + + if (!hash_equals($hash->hash($source), $hmac)) { + throw new \UnexpectedValueException('MAC validation error'); + } + + $components['private'] = $private; + + return $components; + } + + /** + * Wrap a private key appropriately + * + * @param string $public + * @param string $private + * @param string $type + * @param string $password + * @param array $options optional + * @return string + */ + protected static function wrapPrivateKey($public, $private, $type, $password, array $options = []) + { + $encryption = (!empty($password) || is_string($password)) ? 'aes256-cbc' : 'none'; + $comment = isset($options['comment']) ? $options['comment'] : self::$comment; + $version = isset($options['version']) ? $options['version'] : self::$version; + + $key = "PuTTY-User-Key-File-$version: $type\r\n"; + $key .= "Encryption: $encryption\r\n"; + $key .= "Comment: $comment\r\n"; + + $public = Strings::packSSH2('s', $type) . $public; + + $source = Strings::packSSH2('ssss', $type, $encryption, $comment, $public); + + $public = Strings::base64_encode($public); + $key .= "Public-Lines: " . ((strlen($public) + 63) >> 6) . "\r\n"; + $key .= chunk_split($public, 64); + + if (empty($password) && !is_string($password)) { + $source .= Strings::packSSH2('s', $private); + switch ($version) { + case 3: + $hash = new Hash('sha256'); + $hash->setKey(''); + break; + case 2: + $hash = new Hash('sha1'); + $hash->setKey(sha1('putty-private-key-file-mac-key', true)); + } + } else { + $private .= Random::string(16 - (strlen($private) & 15)); + $source .= Strings::packSSH2('s', $private); + $crypto = new AES('cbc'); + + switch ($version) { + case 3: + $salt = Random::string(16); + $key .= "Key-Derivation: Argon2id\r\n"; + $key .= "Argon2-Memory: 8192\r\n"; + $key .= "Argon2-Passes: 13\r\n"; + $key .= "Argon2-Parallelism: 1\r\n"; + $key .= "Argon2-Salt: " . Strings::bin2hex($salt) . "\r\n"; + extract(self::generateV3Key($password, 'Argon2id', 8192, 13, $salt)); + + $hash = new Hash('sha256'); + $hash->setKey($hashkey); + + break; + case 2: + $symkey = self::generateV2Key($password, 32); + $symiv = str_repeat("\0", $crypto->getBlockLength() >> 3); + $hashkey = 'putty-private-key-file-mac-key' . $password; + + $hash = new Hash('sha1'); + $hash->setKey(sha1($hashkey, true)); + } + + $crypto->setKey($symkey); + $crypto->setIV($symiv); + $crypto->disablePadding(); + $private = $crypto->encrypt($private); + $mac = $hash->hash($source); + } + + $private = Strings::base64_encode($private); + $key .= 'Private-Lines: ' . ((strlen($private) + 63) >> 6) . "\r\n"; + $key .= chunk_split($private, 64); + $key .= 'Private-MAC: ' . Strings::bin2hex($hash->hash($source)) . "\r\n"; + + return $key; + } + + /** + * Wrap a public key appropriately + * + * This is basically the format described in RFC 4716 (https://tools.ietf.org/html/rfc4716) + * + * @param string $key + * @param string $type + * @return string + */ + protected static function wrapPublicKey($key, $type) + { + $key = pack('Na*a*', strlen($type), $type, $key); + $key = "---- BEGIN SSH2 PUBLIC KEY ----\r\n" . + 'Comment: "' . str_replace(['\\', '"'], ['\\\\', '\"'], self::$comment) . "\"\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + '---- END SSH2 PUBLIC KEY ----'; + return $key; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Signature/Raw.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Signature/Raw.php new file mode 100644 index 0000000..42a65af --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Signature/Raw.php @@ -0,0 +1,60 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Formats\Signature; + +use phpseclib3\Math\BigInteger; + +/** + * Raw Signature Handler + * + * @author Jim Wigginton + */ +abstract class Raw +{ + /** + * Loads a signature + * + * @param array $sig + * @return array|bool + */ + public static function load($sig) + { + switch (true) { + case !is_array($sig): + case !isset($sig['r']) || !isset($sig['s']): + case !$sig['r'] instanceof BigInteger: + case !$sig['s'] instanceof BigInteger: + return false; + } + + return [ + 'r' => $sig['r'], + 's' => $sig['s'] + ]; + } + + /** + * Returns a signature in the appropriate format + * + * @param BigInteger $r + * @param BigInteger $s + * @return string + */ + public static function save(BigInteger $r, BigInteger $s) + { + return compact('r', 's'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/PrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/PrivateKey.php new file mode 100644 index 0000000..a6e1eb0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/PrivateKey.php @@ -0,0 +1,31 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common; + +/** + * PrivateKey interface + * + * @author Jim Wigginton + */ +interface PrivateKey +{ + public function sign($message); + //public function decrypt($ciphertext); + public function getPublicKey(); + public function toString($type, array $options = []); + + /** + * @param string|false $password + * @return mixed + */ + public function withPassword($password = false); +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/PublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/PublicKey.php new file mode 100644 index 0000000..48a5875 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/PublicKey.php @@ -0,0 +1,25 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common; + +/** + * PublicKey interface + * + * @author Jim Wigginton + */ +interface PublicKey +{ + public function verify($message, $signature); + //public function encrypt($plaintext); + public function toString($type, array $options = []); + public function getFingerprint($algorithm); +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/StreamCipher.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/StreamCipher.php new file mode 100644 index 0000000..0d96908 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/StreamCipher.php @@ -0,0 +1,54 @@ + + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common; + +/** + * Base Class for all stream cipher classes + * + * @author Jim Wigginton + */ +abstract class StreamCipher extends SymmetricKey +{ + /** + * Block Length of the cipher + * + * Stream ciphers do not have a block size + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 0; + + /** + * Default Constructor. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @return StreamCipher + */ + public function __construct() + { + parent::__construct('stream'); + } + + /** + * Stream ciphers not use an IV + * + * @return bool + */ + public function usesIV() + { + return false; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/SymmetricKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/SymmetricKey.php new file mode 100644 index 0000000..35d7a7d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/SymmetricKey.php @@ -0,0 +1,3398 @@ + + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Blowfish; +use phpseclib3\Crypt\Hash; +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\InconsistentSetupException; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\BinaryField; +use phpseclib3\Math\PrimeField; + +/** + * Base Class for all \phpseclib3\Crypt\* cipher classes + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + */ +abstract class SymmetricKey +{ + /** + * Encrypt / decrypt using the Counter mode. + * + * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_CTR = -1; + /** + * Encrypt / decrypt using the Electronic Code Book mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_ECB = 1; + /** + * Encrypt / decrypt using the Code Book Chaining mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_CBC = 2; + /** + * Encrypt / decrypt using the Cipher Feedback mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_CFB = 3; + /** + * Encrypt / decrypt using the Cipher Feedback mode (8bit) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_CFB8 = 7; + /** + * Encrypt / decrypt using the Output Feedback mode (8bit) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_OFB8 = 8; + /** + * Encrypt / decrypt using the Output Feedback mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_OFB = 4; + /** + * Encrypt / decrypt using Galois/Counter mode. + * + * @link https://en.wikipedia.org/wiki/Galois/Counter_Mode + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_GCM = 5; + /** + * Encrypt / decrypt using streaming mode. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + */ + const MODE_STREAM = 6; + + /** + * Mode Map + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + const MODE_MAP = [ + 'ctr' => self::MODE_CTR, + 'ecb' => self::MODE_ECB, + 'cbc' => self::MODE_CBC, + 'cfb' => self::MODE_CFB, + 'cfb8' => self::MODE_CFB8, + 'ofb' => self::MODE_OFB, + 'ofb8' => self::MODE_OFB8, + 'gcm' => self::MODE_GCM, + 'stream' => self::MODE_STREAM + ]; + + /** + * Base value for the internal implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + const ENGINE_INTERNAL = 1; + /** + * Base value for the eval() implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + const ENGINE_EVAL = 2; + /** + * Base value for the mcrypt implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + const ENGINE_MCRYPT = 3; + /** + * Base value for the openssl implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + const ENGINE_OPENSSL = 4; + /** + * Base value for the libsodium implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + const ENGINE_LIBSODIUM = 5; + /** + * Base value for the openssl / gcm implementation $engine switch + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + */ + const ENGINE_OPENSSL_GCM = 6; + + /** + * Engine Reverse Map + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::getEngine() + */ + const ENGINE_MAP = [ + self::ENGINE_INTERNAL => 'PHP', + self::ENGINE_EVAL => 'Eval', + self::ENGINE_MCRYPT => 'mcrypt', + self::ENGINE_OPENSSL => 'OpenSSL', + self::ENGINE_LIBSODIUM => 'libsodium', + self::ENGINE_OPENSSL_GCM => 'OpenSSL (GCM)' + ]; + + /** + * The Encryption Mode + * + * @see self::__construct() + * @var int + */ + protected $mode; + + /** + * The Block Length of the block cipher + * + * @var int + */ + protected $block_size = 16; + + /** + * The Key + * + * @see self::setKey() + * @var string + */ + protected $key = false; + + /** + * HMAC Key + * + * @see self::setupGCM() + * @var ?string + */ + protected $hKey = false; + + /** + * The Initialization Vector + * + * @see self::setIV() + * @var string + */ + protected $iv = false; + + /** + * A "sliding" Initialization Vector + * + * @see self::enableContinuousBuffer() + * @see self::clearBuffers() + * @var string + */ + protected $encryptIV; + + /** + * A "sliding" Initialization Vector + * + * @see self::enableContinuousBuffer() + * @see self::clearBuffers() + * @var string + */ + protected $decryptIV; + + /** + * Continuous Buffer status + * + * @see self::enableContinuousBuffer() + * @var bool + */ + protected $continuousBuffer = false; + + /** + * Encryption buffer for CTR, OFB and CFB modes + * + * @see self::encrypt() + * @see self::clearBuffers() + * @var array + */ + protected $enbuffer; + + /** + * Decryption buffer for CTR, OFB and CFB modes + * + * @see self::decrypt() + * @see self::clearBuffers() + * @var array + */ + protected $debuffer; + + /** + * mcrypt resource for encryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see self::encrypt() + * @var resource + */ + private $enmcrypt; + + /** + * mcrypt resource for decryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see self::decrypt() + * @var resource + */ + private $demcrypt; + + /** + * Does the enmcrypt resource need to be (re)initialized? + * + * @see \phpseclib3\Crypt\Twofish::setKey() + * @see \phpseclib3\Crypt\Twofish::setIV() + * @var bool + */ + private $enchanged = true; + + /** + * Does the demcrypt resource need to be (re)initialized? + * + * @see \phpseclib3\Crypt\Twofish::setKey() + * @see \phpseclib3\Crypt\Twofish::setIV() + * @var bool + */ + private $dechanged = true; + + /** + * mcrypt resource for CFB mode + * + * mcrypt's CFB mode, in (and only in) buffered context, + * is broken, so phpseclib implements the CFB mode by it self, + * even when the mcrypt php extension is available. + * + * In order to do the CFB-mode work (fast) phpseclib + * use a separate ECB-mode mcrypt resource. + * + * @link http://phpseclib.sourceforge.net/cfb-demo.phps + * @see self::encrypt() + * @see self::decrypt() + * @see self::setupMcrypt() + * @var resource + */ + private $ecb; + + /** + * Optimizing value while CFB-encrypting + * + * Only relevant if $continuousBuffer enabled + * and $engine == self::ENGINE_MCRYPT + * + * It's faster to re-init $enmcrypt if + * $buffer bytes > $cfb_init_len than + * using the $ecb resource furthermore. + * + * This value depends of the chosen cipher + * and the time it would be needed for it's + * initialization [by mcrypt_generic_init()] + * which, typically, depends on the complexity + * on its internaly Key-expanding algorithm. + * + * @see self::encrypt() + * @var int + */ + protected $cfb_init_len = 600; + + /** + * Does internal cipher state need to be (re)initialized? + * + * @see self::setKey() + * @see self::setIV() + * @see self::disableContinuousBuffer() + * @var bool + */ + protected $changed = true; + + /** + * Does Eval engie need to be (re)initialized? + * + * @see self::setup() + * @var bool + */ + protected $nonIVChanged = true; + + /** + * Padding status + * + * @see self::enablePadding() + * @var bool + */ + private $padding = true; + + /** + * Is the mode one that is paddable? + * + * @see self::__construct() + * @var bool + */ + private $paddable = false; + + /** + * Holds which crypt engine internaly should be use, + * which will be determined automatically on __construct() + * + * Currently available $engines are: + * - self::ENGINE_LIBSODIUM (very fast, php-extension: libsodium, extension_loaded('libsodium') required) + * - self::ENGINE_OPENSSL_GCM (very fast, php-extension: openssl, extension_loaded('openssl') required) + * - self::ENGINE_OPENSSL (very fast, php-extension: openssl, extension_loaded('openssl') required) + * - self::ENGINE_MCRYPT (fast, php-extension: mcrypt, extension_loaded('mcrypt') required) + * - self::ENGINE_EVAL (medium, pure php-engine, no php-extension required) + * - self::ENGINE_INTERNAL (slower, pure php-engine, no php-extension required) + * + * @see self::setEngine() + * @see self::encrypt() + * @see self::decrypt() + * @var int + */ + protected $engine; + + /** + * Holds the preferred crypt engine + * + * @see self::setEngine() + * @see self::setPreferredEngine() + * @var int + */ + private $preferredEngine; + + /** + * The mcrypt specific name of the cipher + * + * Only used if $engine == self::ENGINE_MCRYPT + * + * @link http://www.php.net/mcrypt_module_open + * @link http://www.php.net/mcrypt_list_algorithms + * @see self::setupMcrypt() + * @var string + */ + protected $cipher_name_mcrypt; + + /** + * The openssl specific name of the cipher + * + * Only used if $engine == self::ENGINE_OPENSSL + * + * @link http://www.php.net/openssl-get-cipher-methods + * @var string + */ + protected $cipher_name_openssl; + + /** + * The openssl specific name of the cipher in ECB mode + * + * If OpenSSL does not support the mode we're trying to use (CTR) + * it can still be emulated with ECB mode. + * + * @link http://www.php.net/openssl-get-cipher-methods + * @var string + */ + protected $cipher_name_openssl_ecb; + + /** + * The default salt used by setPassword() + * + * @see self::setPassword() + * @var string + */ + private $password_default_salt = 'phpseclib/salt'; + + /** + * The name of the performance-optimized callback function + * + * Used by encrypt() / decrypt() + * only if $engine == self::ENGINE_INTERNAL + * + * @see self::encrypt() + * @see self::decrypt() + * @see self::setupInlineCrypt() + * @var Callback + */ + protected $inline_crypt; + + /** + * If OpenSSL can be used in ECB but not in CTR we can emulate CTR + * + * @see self::openssl_ctr_process() + * @var bool + */ + private $openssl_emulate_ctr = false; + + /** + * Don't truncate / null pad key + * + * @see self::clearBuffers() + * @var bool + */ + private $skip_key_adjustment = false; + + /** + * Has the key length explicitly been set or should it be derived from the key, itself? + * + * @see self::setKeyLength() + * @var bool + */ + protected $explicit_key_length = false; + + /** + * Hash subkey for GHASH + * + * @see self::setupGCM() + * @see self::ghash() + * @var BinaryField\Integer + */ + private $h; + + /** + * Additional authenticated data + * + * @var string + */ + protected $aad = ''; + + /** + * Authentication Tag produced after a round of encryption + * + * @var string + */ + protected $newtag = false; + + /** + * Authentication Tag to be verified during decryption + * + * @var string + */ + protected $oldtag = false; + + /** + * GCM Binary Field + * + * @see self::__construct() + * @see self::ghash() + * @var BinaryField + */ + private static $gcmField; + + /** + * Poly1305 Prime Field + * + * @see self::enablePoly1305() + * @see self::poly1305() + * @var PrimeField + */ + private static $poly1305Field; + + /** + * Flag for using regular vs "safe" intval + * + * @see self::initialize_static_variables() + * @var boolean + */ + protected static $use_reg_intval; + + /** + * Poly1305 Key + * + * @see self::setPoly1305Key() + * @see self::poly1305() + * @var string + */ + protected $poly1305Key; + + /** + * Poly1305 Flag + * + * @see self::setPoly1305Key() + * @see self::enablePoly1305() + * @var boolean + */ + protected $usePoly1305 = false; + + /** + * The Original Initialization Vector + * + * GCM uses the nonce to build the IV but we want to be able to distinguish between nonce-derived + * IV's and user-set IV's + * + * @see self::setIV() + * @var string + */ + private $origIV = false; + + /** + * Nonce + * + * Only used with GCM. We could re-use setIV() but nonce's can be of a different length and + * toggling between GCM and other modes could be more complicated if we re-used setIV() + * + * @see self::setNonce() + * @var string + */ + protected $nonce = false; + + /** + * Default Constructor. + * + * $mode could be: + * + * - ecb + * + * - cbc + * + * - ctr + * + * - cfb + * + * - cfb8 + * + * - ofb + * + * - ofb8 + * + * - gcm + * + * @param string $mode + * @throws BadModeException if an invalid / unsupported mode is provided + */ + public function __construct($mode) + { + $mode = strtolower($mode); + // necessary because of 5.6 compatibility; we can't do isset(self::MODE_MAP[$mode]) in 5.6 + $map = self::MODE_MAP; + if (!isset($map[$mode])) { + throw new BadModeException('No valid mode has been specified'); + } + + $mode = self::MODE_MAP[$mode]; + + // $mode dependent settings + switch ($mode) { + case self::MODE_ECB: + case self::MODE_CBC: + $this->paddable = true; + break; + case self::MODE_CTR: + case self::MODE_CFB: + case self::MODE_CFB8: + case self::MODE_OFB: + case self::MODE_OFB8: + case self::MODE_STREAM: + $this->paddable = false; + break; + case self::MODE_GCM: + if ($this->block_size != 16) { + throw new BadModeException('GCM is only valid for block ciphers with a block size of 128 bits'); + } + if (!isset(self::$gcmField)) { + self::$gcmField = new BinaryField(128, 7, 2, 1, 0); + } + $this->paddable = false; + break; + default: + throw new BadModeException('No valid mode has been specified'); + } + + $this->mode = $mode; + + static::initialize_static_variables(); + } + + /** + * Initialize static variables + */ + protected static function initialize_static_variables() + { + if (!isset(self::$use_reg_intval)) { + switch (true) { + // PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster + case (PHP_OS & "\xDF\xDF\xDF") === 'WIN': + case !function_exists('php_uname'): + case !is_string(php_uname('m')): + case (php_uname('m') & "\xDF\xDF\xDF") != 'ARM': + case defined('PHP_INT_SIZE') && PHP_INT_SIZE == 8: + self::$use_reg_intval = true; + break; + case (php_uname('m') & "\xDF\xDF\xDF") == 'ARM': + switch (true) { + /* PHP 7.0.0 introduced a bug that affected 32-bit ARM processors: + + https://github.com/php/php-src/commit/716da71446ebbd40fa6cf2cea8a4b70f504cc3cd + + altho the changelogs make no mention of it, this bug was fixed with this commit: + + https://github.com/php/php-src/commit/c1729272b17a1fe893d1a54e423d3b71470f3ee8 + + affected versions of PHP are: 7.0.x, 7.1.0 - 7.1.23 and 7.2.0 - 7.2.11 */ + case PHP_VERSION_ID >= 70000 && PHP_VERSION_ID <= 70123: + case PHP_VERSION_ID >= 70200 && PHP_VERSION_ID <= 70211: + self::$use_reg_intval = false; + break; + default: + self::$use_reg_intval = true; + } + } + } + } + + /** + * Sets the initialization vector. + * + * setIV() is not required when ecb or gcm modes are being used. + * + * {@internal Can be overwritten by a sub class, but does not have to be} + * + * @param string $iv + * @throws \LengthException if the IV length isn't equal to the block size + * @throws \BadMethodCallException if an IV is provided when one shouldn't be + */ + public function setIV($iv) + { + if ($this->mode == self::MODE_ECB) { + throw new \BadMethodCallException('This mode does not require an IV.'); + } + + if ($this->mode == self::MODE_GCM) { + throw new \BadMethodCallException('Use setNonce instead'); + } + + if (!$this->usesIV()) { + throw new \BadMethodCallException('This algorithm does not use an IV.'); + } + + if (strlen($iv) != $this->block_size) { + throw new \LengthException('Received initialization vector of size ' . strlen($iv) . ', but size ' . $this->block_size . ' is required'); + } + + $this->iv = $this->origIV = $iv; + $this->changed = true; + } + + /** + * Enables Poly1305 mode. + * + * Once enabled Poly1305 cannot be disabled. + * + * @throws \BadMethodCallException if Poly1305 is enabled whilst in GCM mode + */ + public function enablePoly1305() + { + if ($this->mode == self::MODE_GCM) { + throw new \BadMethodCallException('Poly1305 cannot be used in GCM mode'); + } + + $this->usePoly1305 = true; + } + + /** + * Enables Poly1305 mode. + * + * Once enabled Poly1305 cannot be disabled. If $key is not passed then an attempt to call createPoly1305Key + * will be made. + * + * @param string $key optional + * @throws \LengthException if the key isn't long enough + * @throws \BadMethodCallException if Poly1305 is enabled whilst in GCM mode + */ + public function setPoly1305Key($key = null) + { + if ($this->mode == self::MODE_GCM) { + throw new \BadMethodCallException('Poly1305 cannot be used in GCM mode'); + } + + if (!is_string($key) || strlen($key) != 32) { + throw new \LengthException('The Poly1305 key must be 32 bytes long (256 bits)'); + } + + if (!isset(self::$poly1305Field)) { + // 2^130-5 + self::$poly1305Field = new PrimeField(new BigInteger('3fffffffffffffffffffffffffffffffb', 16)); + } + + $this->poly1305Key = $key; + $this->usePoly1305 = true; + } + + /** + * Sets the nonce. + * + * setNonce() is only required when gcm is used + * + * @param string $nonce + * @throws \BadMethodCallException if an nonce is provided when one shouldn't be + */ + public function setNonce($nonce) + { + if ($this->mode != self::MODE_GCM) { + throw new \BadMethodCallException('Nonces are only used in GCM mode.'); + } + + $this->nonce = $nonce; + $this->setEngine(); + } + + /** + * Sets additional authenticated data + * + * setAAD() is only used by gcm or in poly1305 mode + * + * @param string $aad + * @throws \BadMethodCallException if mode isn't GCM or if poly1305 isn't being utilized + */ + public function setAAD($aad) + { + if ($this->mode != self::MODE_GCM && !$this->usePoly1305) { + throw new \BadMethodCallException('Additional authenticated data is only utilized in GCM mode or with Poly1305'); + } + + $this->aad = $aad; + } + + /** + * Returns whether or not the algorithm uses an IV + * + * @return bool + */ + public function usesIV() + { + return $this->mode != self::MODE_GCM && $this->mode != self::MODE_ECB; + } + + /** + * Returns whether or not the algorithm uses a nonce + * + * @return bool + */ + public function usesNonce() + { + return $this->mode == self::MODE_GCM; + } + + /** + * Returns the current key length in bits + * + * @return int + */ + public function getKeyLength() + { + return $this->key_length << 3; + } + + /** + * Returns the current block length in bits + * + * @return int + */ + public function getBlockLength() + { + return $this->block_size << 3; + } + + /** + * Returns the current block length in bytes + * + * @return int + */ + public function getBlockLengthInBytes() + { + return $this->block_size; + } + + /** + * Sets the key length. + * + * Keys with explicitly set lengths need to be treated accordingly + * + * @param int $length + */ + public function setKeyLength($length) + { + $this->explicit_key_length = $length >> 3; + + if (is_string($this->key) && strlen($this->key) != $this->explicit_key_length) { + $this->key = false; + throw new InconsistentSetupException('Key has already been set and is not ' . $this->explicit_key_length . ' bytes long'); + } + } + + /** + * Sets the key. + * + * The min/max length(s) of the key depends on the cipher which is used. + * If the key not fits the length(s) of the cipher it will paded with null bytes + * up to the closest valid key length. If the key is more than max length, + * we trim the excess bits. + * + * If the key is not explicitly set, it'll be assumed to be all null bytes. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @param string $key + */ + public function setKey($key) + { + if ($this->explicit_key_length !== false && strlen($key) != $this->explicit_key_length) { + throw new InconsistentSetupException('Key length has already been set to ' . $this->explicit_key_length . ' bytes and this key is ' . strlen($key) . ' bytes'); + } + + $this->key = $key; + $this->key_length = strlen($key); + $this->setEngine(); + } + + /** + * Sets the password. + * + * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: + * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2} or pbkdf1: + * $hash, $salt, $count, $dkLen + * + * Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php + * {@link https://en.wikipedia.org/wiki/Bcrypt bcypt}: + * $salt, $rounds, $keylen + * + * This is a modified version of bcrypt used by OpenSSH. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see Crypt/Hash.php + * @param string $password + * @param string $method + * @param int|string ...$func_args + * @throws \LengthException if pbkdf1 is being used and the derived key length exceeds the hash length + * @throws \RuntimeException if bcrypt is being used and a salt isn't provided + * @return bool + */ + public function setPassword($password, $method = 'pbkdf2', ...$func_args) + { + $key = ''; + + $method = strtolower($method); + switch ($method) { + case 'bcrypt': + if (!isset($func_args[2])) { + throw new \RuntimeException('A salt must be provided for bcrypt to work'); + } + + $salt = $func_args[0]; + + $rounds = isset($func_args[1]) ? $func_args[1] : 16; + $keylen = isset($func_args[2]) ? $func_args[2] : $this->key_length; + + $key = Blowfish::bcrypt_pbkdf($password, $salt, $keylen + $this->block_size, $rounds); + + $this->setKey(substr($key, 0, $keylen)); + $this->setIV(substr($key, $keylen)); + + return true; + case 'pkcs12': // from https://tools.ietf.org/html/rfc7292#appendix-B.2 + case 'pbkdf1': + case 'pbkdf2': + // Hash function + $hash = isset($func_args[0]) ? strtolower($func_args[0]) : 'sha1'; + $hashObj = new Hash(); + $hashObj->setHash($hash); + + // WPA and WPA2 use the SSID as the salt + $salt = isset($func_args[1]) ? $func_args[1] : $this->password_default_salt; + + // RFC2898#section-4.2 uses 1,000 iterations by default + // WPA and WPA2 use 4,096. + $count = isset($func_args[2]) ? $func_args[2] : 1000; + + // Keylength + if (isset($func_args[3])) { + if ($func_args[3] <= 0) { + throw new \LengthException('Derived key length cannot be longer 0 or less'); + } + $dkLen = $func_args[3]; + } else { + $key_length = $this->explicit_key_length !== false ? $this->explicit_key_length : $this->key_length; + $dkLen = $method == 'pbkdf1' ? 2 * $key_length : $key_length; + } + + switch (true) { + case $method == 'pkcs12': + /* + In this specification, however, all passwords are created from + BMPStrings with a NULL terminator. This means that each character in + the original BMPString is encoded in 2 bytes in big-endian format + (most-significant byte first). There are no Unicode byte order + marks. The 2 bytes produced from the last character in the BMPString + are followed by 2 additional bytes with the value 0x00. + + -- https://tools.ietf.org/html/rfc7292#appendix-B.1 + */ + $password = "\0" . chunk_split($password, 1, "\0") . "\0"; + + /* + This standard specifies 3 different values for the ID byte mentioned + above: + + 1. If ID=1, then the pseudorandom bits being produced are to be used + as key material for performing encryption or decryption. + + 2. If ID=2, then the pseudorandom bits being produced are to be used + as an IV (Initial Value) for encryption or decryption. + + 3. If ID=3, then the pseudorandom bits being produced are to be used + as an integrity key for MACing. + */ + // Construct a string, D (the "diversifier"), by concatenating v/8 + // copies of ID. + $blockLength = $hashObj->getBlockLengthInBytes(); + $d1 = str_repeat(chr(1), $blockLength); + $d2 = str_repeat(chr(2), $blockLength); + $s = ''; + if (strlen($salt)) { + while (strlen($s) < $blockLength) { + $s .= $salt; + } + } + $s = substr($s, 0, $blockLength); + + $p = ''; + if (strlen($password)) { + while (strlen($p) < $blockLength) { + $p .= $password; + } + } + $p = substr($p, 0, $blockLength); + + $i = $s . $p; + + $this->setKey(self::pkcs12helper($dkLen, $hashObj, $i, $d1, $count)); + if ($this->usesIV()) { + $this->setIV(self::pkcs12helper($this->block_size, $hashObj, $i, $d2, $count)); + } + + return true; + case $method == 'pbkdf1': + if ($dkLen > $hashObj->getLengthInBytes()) { + throw new \LengthException('Derived key length cannot be longer than the hash length'); + } + $t = $password . $salt; + for ($i = 0; $i < $count; ++$i) { + $t = $hashObj->hash($t); + } + $key = substr($t, 0, $dkLen); + + $this->setKey(substr($key, 0, $dkLen >> 1)); + if ($this->usesIV()) { + $this->setIV(substr($key, $dkLen >> 1)); + } + + return true; + case !in_array($hash, hash_algos()): + $i = 1; + $hashObj->setKey($password); + while (strlen($key) < $dkLen) { + $f = $u = $hashObj->hash($salt . pack('N', $i++)); + for ($j = 2; $j <= $count; ++$j) { + $u = $hashObj->hash($u); + $f ^= $u; + } + $key .= $f; + } + $key = substr($key, 0, $dkLen); + break; + default: + $key = hash_pbkdf2($hash, $password, $salt, $count, $dkLen, true); + } + break; + default: + throw new UnsupportedAlgorithmException($method . ' is not a supported password hashing method'); + } + + $this->setKey($key); + + return true; + } + + /** + * PKCS#12 KDF Helper Function + * + * As discussed here: + * + * {@link https://tools.ietf.org/html/rfc7292#appendix-B} + * + * @see self::setPassword() + * @param int $n + * @param Hash $hashObj + * @param string $i + * @param string $d + * @param int $count + * @return string $a + */ + private static function pkcs12helper($n, $hashObj, $i, $d, $count) + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + $blockLength = $hashObj->getBlockLength() >> 3; + + $c = ceil($n / $hashObj->getLengthInBytes()); + $a = ''; + for ($j = 1; $j <= $c; $j++) { + $ai = $d . $i; + for ($k = 0; $k < $count; $k++) { + $ai = $hashObj->hash($ai); + } + $b = ''; + while (strlen($b) < $blockLength) { + $b .= $ai; + } + $b = substr($b, 0, $blockLength); + $b = new BigInteger($b, 256); + $newi = ''; + for ($k = 0; $k < strlen($i); $k += $blockLength) { + $temp = substr($i, $k, $blockLength); + $temp = new BigInteger($temp, 256); + $temp->setPrecision($blockLength << 3); + $temp = $temp->add($b); + $temp = $temp->add($one); + $newi .= $temp->toBytes(false); + } + $i = $newi; + $a .= $ai; + } + + return substr($a, 0, $n); + } + + /** + * Encrypts a message. + * + * $plaintext will be padded with additional bytes such that it's length is a multiple of the block size. Other cipher + * implementations may or may not pad in the same manner. Other common approaches to padding and the reasons why it's + * necessary are discussed in the following + * URL: + * + * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html} + * + * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. + * strlen($plaintext) will still need to be a multiple of the block size, however, arbitrary values can be added to make it that + * length. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::decrypt() + * @param string $plaintext + * @return string $ciphertext + */ + public function encrypt($plaintext) + { + if ($this->paddable) { + $plaintext = $this->pad($plaintext); + } + + $this->setup(); + + if ($this->mode == self::MODE_GCM) { + $oldIV = $this->iv; + Strings::increment_str($this->iv); + $cipher = new static('ctr'); + $cipher->setKey($this->key); + $cipher->setIV($this->iv); + $ciphertext = $cipher->encrypt($plaintext); + + $s = $this->ghash( + self::nullPad128($this->aad) . + self::nullPad128($ciphertext) . + self::len64($this->aad) . + self::len64($ciphertext) + ); + $cipher->encryptIV = $this->iv = $this->encryptIV = $this->decryptIV = $oldIV; + $this->newtag = $cipher->encrypt($s); + return $ciphertext; + } + + if (isset($this->poly1305Key)) { + $cipher = clone $this; + unset($cipher->poly1305Key); + $this->usePoly1305 = false; + $ciphertext = $cipher->encrypt($plaintext); + $this->newtag = $this->poly1305($ciphertext); + return $ciphertext; + } + + if ($this->engine === self::ENGINE_OPENSSL) { + switch ($this->mode) { + case self::MODE_STREAM: + return openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + case self::MODE_ECB: + return openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + case self::MODE_CBC: + $result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->encryptIV); + if ($this->continuousBuffer) { + $this->encryptIV = substr($result, -$this->block_size); + } + return $result; + case self::MODE_CTR: + return $this->openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer); + case self::MODE_CFB: + // cfb loosely routines inspired by openssl's: + // {@link http://cvs.openssl.org/fileview?f=openssl/crypto/modes/cfb128.c&v=1.3.2.2.2.1} + $ciphertext = ''; + if ($this->continuousBuffer) { + $iv = &$this->encryptIV; + $pos = &$this->enbuffer['pos']; + } else { + $iv = $this->encryptIV; + $pos = 0; + } + $len = strlen($plaintext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $this->block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $blocksize + $ciphertext = substr($iv, $orig_pos) ^ $plaintext; + $iv = substr_replace($iv, $ciphertext, $orig_pos, $i); + $plaintext = substr($plaintext, $i); + } + + $overflow = $len % $this->block_size; + + if ($overflow) { + $ciphertext .= openssl_encrypt(substr($plaintext, 0, -$overflow) . str_repeat("\0", $this->block_size), $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $iv = Strings::pop($ciphertext, $this->block_size); + + $size = $len - $overflow; + $block = $iv ^ substr($plaintext, -$overflow); + $iv = substr_replace($iv, $block, 0, $overflow); + $ciphertext .= $block; + $pos = $overflow; + } elseif ($len) { + $ciphertext = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $iv = substr($ciphertext, -$this->block_size); + } + + return $ciphertext; + case self::MODE_CFB8: + $ciphertext = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->encryptIV); + if ($this->continuousBuffer) { + if (($len = strlen($ciphertext)) >= $this->block_size) { + $this->encryptIV = substr($ciphertext, -$this->block_size); + } else { + $this->encryptIV = substr($this->encryptIV, $len - $this->block_size) . substr($ciphertext, -$len); + } + } + return $ciphertext; + case self::MODE_OFB8: + $ciphertext = ''; + $len = strlen($plaintext); + $iv = $this->encryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = openssl_encrypt($iv, $this->cipher_name_openssl_ecb, $this->key, $this->openssl_options, $this->decryptIV); + $ciphertext .= $plaintext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $iv; + } + break; + case self::MODE_OFB: + return $this->openssl_ofb_process($plaintext, $this->encryptIV, $this->enbuffer); + } + } + + if ($this->engine === self::ENGINE_MCRYPT) { + set_error_handler(function () { + }); + if ($this->enchanged) { + mcrypt_generic_init($this->enmcrypt, $this->key, $this->getIV($this->encryptIV)); + $this->enchanged = false; + } + + // re: {@link http://phpseclib.sourceforge.net/cfb-demo.phps} + // using mcrypt's default handing of CFB the above would output two different things. using phpseclib's + // rewritten CFB implementation the above outputs the same thing twice. + if ($this->mode == self::MODE_CFB && $this->continuousBuffer) { + $block_size = $this->block_size; + $iv = &$this->encryptIV; + $pos = &$this->enbuffer['pos']; + $len = strlen($plaintext); + $ciphertext = ''; + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + $ciphertext = substr($iv, $orig_pos) ^ $plaintext; + $iv = substr_replace($iv, $ciphertext, $orig_pos, $i); + $this->enbuffer['enmcrypt_init'] = true; + } + if ($len >= $block_size) { + if ($this->enbuffer['enmcrypt_init'] === false || $len > $this->cfb_init_len) { + if ($this->enbuffer['enmcrypt_init'] === true) { + mcrypt_generic_init($this->enmcrypt, $this->key, $iv); + $this->enbuffer['enmcrypt_init'] = false; + } + $ciphertext .= mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % $block_size)); + $iv = substr($ciphertext, -$block_size); + $len %= $block_size; + } else { + while ($len >= $block_size) { + $iv = mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, $block_size); + $ciphertext .= $iv; + $len -= $block_size; + $i += $block_size; + } + } + } + + if ($len) { + $iv = mcrypt_generic($this->ecb, $iv); + $block = $iv ^ substr($plaintext, -$len); + $iv = substr_replace($iv, $block, 0, $len); + $ciphertext .= $block; + $pos = $len; + } + + restore_error_handler(); + + return $ciphertext; + } + + $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->enmcrypt, $this->key, $this->getIV($this->encryptIV)); + } + + restore_error_handler(); + + return $ciphertext; + } + + if ($this->engine === self::ENGINE_EVAL) { + $inline = $this->inline_crypt; + return $inline('encrypt', $plaintext); + } + + $buffer = &$this->enbuffer; + $block_size = $this->block_size; + $ciphertext = ''; + switch ($this->mode) { + case self::MODE_ECB: + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $ciphertext .= $this->encryptBlock(substr($plaintext, $i, $block_size)); + } + break; + case self::MODE_CBC: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + $block = $this->encryptBlock($block ^ $xor); + $xor = $block; + $ciphertext .= $block; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + break; + case self::MODE_CTR: + $xor = $this->encryptIV; + if (strlen($buffer['ciphertext'])) { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + if (strlen($block) > strlen($buffer['ciphertext'])) { + $buffer['ciphertext'] .= $this->encryptBlock($xor); + Strings::increment_str($xor); + } + $key = Strings::shift($buffer['ciphertext'], $block_size); + $ciphertext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + $key = $this->encryptBlock($xor); + Strings::increment_str($xor); + $ciphertext .= $block ^ $key; + } + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + if ($start = strlen($plaintext) % $block_size) { + $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext']; + } + } + break; + case self::MODE_CFB: + // cfb loosely routines inspired by openssl's: + // {@link http://cvs.openssl.org/fileview?f=openssl/crypto/modes/cfb128.c&v=1.3.2.2.2.1} + if ($this->continuousBuffer) { + $iv = &$this->encryptIV; + $pos = &$buffer['pos']; + } else { + $iv = $this->encryptIV; + $pos = 0; + } + $len = strlen($plaintext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $blocksize + $ciphertext = substr($iv, $orig_pos) ^ $plaintext; + $iv = substr_replace($iv, $ciphertext, $orig_pos, $i); + } + while ($len >= $block_size) { + $iv = $this->encryptBlock($iv) ^ substr($plaintext, $i, $block_size); + $ciphertext .= $iv; + $len -= $block_size; + $i += $block_size; + } + if ($len) { + $iv = $this->encryptBlock($iv); + $block = $iv ^ substr($plaintext, $i); + $iv = substr_replace($iv, $block, 0, $len); + $ciphertext .= $block; + $pos = $len; + } + break; + case self::MODE_CFB8: + $ciphertext = ''; + $len = strlen($plaintext); + $iv = $this->encryptIV; + + for ($i = 0; $i < $len; ++$i) { + $ciphertext .= ($c = $plaintext[$i] ^ $this->encryptBlock($iv)); + $iv = substr($iv, 1) . $c; + } + + if ($this->continuousBuffer) { + if ($len >= $block_size) { + $this->encryptIV = substr($ciphertext, -$block_size); + } else { + $this->encryptIV = substr($this->encryptIV, $len - $block_size) . substr($ciphertext, -$len); + } + } + break; + case self::MODE_OFB8: + $ciphertext = ''; + $len = strlen($plaintext); + $iv = $this->encryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = $this->encryptBlock($iv); + $ciphertext .= $plaintext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $iv; + } + break; + case self::MODE_OFB: + $xor = $this->encryptIV; + if (strlen($buffer['xor'])) { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + if (strlen($block) > strlen($buffer['xor'])) { + $xor = $this->encryptBlock($xor); + $buffer['xor'] .= $xor; + } + $key = Strings::shift($buffer['xor'], $block_size); + $ciphertext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $xor = $this->encryptBlock($xor); + $ciphertext .= substr($plaintext, $i, $block_size) ^ $xor; + } + $key = $xor; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + if ($start = strlen($plaintext) % $block_size) { + $buffer['xor'] = substr($key, $start) . $buffer['xor']; + } + } + break; + case self::MODE_STREAM: + $ciphertext = $this->encryptBlock($plaintext); + break; + } + + return $ciphertext; + } + + /** + * Decrypts a message. + * + * If strlen($ciphertext) is not a multiple of the block size, null bytes will be added to the end of the string until + * it is. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::encrypt() + * @param string $ciphertext + * @return string $plaintext + * @throws \LengthException if we're inside a block cipher and the ciphertext length is not a multiple of the block size + */ + public function decrypt($ciphertext) + { + if ($this->paddable && strlen($ciphertext) % $this->block_size) { + throw new \LengthException('The ciphertext length (' . strlen($ciphertext) . ') needs to be a multiple of the block size (' . $this->block_size . ')'); + } + $this->setup(); + + if ($this->mode == self::MODE_GCM || isset($this->poly1305Key)) { + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + + if (isset($this->poly1305Key)) { + $newtag = $this->poly1305($ciphertext); + } else { + $oldIV = $this->iv; + Strings::increment_str($this->iv); + $cipher = new static('ctr'); + $cipher->setKey($this->key); + $cipher->setIV($this->iv); + $plaintext = $cipher->decrypt($ciphertext); + + $s = $this->ghash( + self::nullPad128($this->aad) . + self::nullPad128($ciphertext) . + self::len64($this->aad) . + self::len64($ciphertext) + ); + $cipher->encryptIV = $this->iv = $this->encryptIV = $this->decryptIV = $oldIV; + $newtag = $cipher->encrypt($s); + } + if ($this->oldtag != substr($newtag, 0, strlen($newtag))) { + $cipher = clone $this; + unset($cipher->poly1305Key); + $this->usePoly1305 = false; + $plaintext = $cipher->decrypt($ciphertext); + $this->oldtag = false; + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + $this->oldtag = false; + return $plaintext; + } + + if ($this->engine === self::ENGINE_OPENSSL) { + switch ($this->mode) { + case self::MODE_STREAM: + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + break; + case self::MODE_ECB: + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + break; + case self::MODE_CBC: + $offset = $this->block_size; + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->decryptIV); + if ($this->continuousBuffer) { + $this->decryptIV = substr($ciphertext, -$offset, $this->block_size); + } + break; + case self::MODE_CTR: + $plaintext = $this->openssl_ctr_process($ciphertext, $this->decryptIV, $this->debuffer); + break; + case self::MODE_CFB: + // cfb loosely routines inspired by openssl's: + // {@link http://cvs.openssl.org/fileview?f=openssl/crypto/modes/cfb128.c&v=1.3.2.2.2.1} + $plaintext = ''; + if ($this->continuousBuffer) { + $iv = &$this->decryptIV; + $pos = &$this->debuffer['pos']; + } else { + $iv = $this->decryptIV; + $pos = 0; + } + $len = strlen($ciphertext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $this->block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $this->blocksize + $plaintext = substr($iv, $orig_pos) ^ $ciphertext; + $iv = substr_replace($iv, substr($ciphertext, 0, $i), $orig_pos, $i); + $ciphertext = substr($ciphertext, $i); + } + $overflow = $len % $this->block_size; + if ($overflow) { + $plaintext .= openssl_decrypt(substr($ciphertext, 0, -$overflow), $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + if ($len - $overflow) { + $iv = substr($ciphertext, -$overflow - $this->block_size, -$overflow); + } + $iv = openssl_encrypt(str_repeat("\0", $this->block_size), $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $plaintext .= $iv ^ substr($ciphertext, -$overflow); + $iv = substr_replace($iv, substr($ciphertext, -$overflow), 0, $overflow); + $pos = $overflow; + } elseif ($len) { + $plaintext .= openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); + $iv = substr($ciphertext, -$this->block_size); + } + break; + case self::MODE_CFB8: + $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->decryptIV); + if ($this->continuousBuffer) { + if (($len = strlen($ciphertext)) >= $this->block_size) { + $this->decryptIV = substr($ciphertext, -$this->block_size); + } else { + $this->decryptIV = substr($this->decryptIV, $len - $this->block_size) . substr($ciphertext, -$len); + } + } + break; + case self::MODE_OFB8: + $plaintext = ''; + $len = strlen($ciphertext); + $iv = $this->decryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = openssl_encrypt($iv, $this->cipher_name_openssl_ecb, $this->key, $this->openssl_options, $this->decryptIV); + $plaintext .= $ciphertext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $iv; + } + break; + case self::MODE_OFB: + $plaintext = $this->openssl_ofb_process($ciphertext, $this->decryptIV, $this->debuffer); + } + + return $this->paddable ? $this->unpad($plaintext) : $plaintext; + } + + if ($this->engine === self::ENGINE_MCRYPT) { + set_error_handler(function () { + }); + $block_size = $this->block_size; + if ($this->dechanged) { + mcrypt_generic_init($this->demcrypt, $this->key, $this->getIV($this->decryptIV)); + $this->dechanged = false; + } + + if ($this->mode == self::MODE_CFB && $this->continuousBuffer) { + $iv = &$this->decryptIV; + $pos = &$this->debuffer['pos']; + $len = strlen($ciphertext); + $plaintext = ''; + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $blocksize + $plaintext = substr($iv, $orig_pos) ^ $ciphertext; + $iv = substr_replace($iv, substr($ciphertext, 0, $i), $orig_pos, $i); + } + if ($len >= $block_size) { + $cb = substr($ciphertext, $i, $len - $len % $block_size); + $plaintext .= mcrypt_generic($this->ecb, $iv . $cb) ^ $cb; + $iv = substr($cb, -$block_size); + $len %= $block_size; + } + if ($len) { + $iv = mcrypt_generic($this->ecb, $iv); + $plaintext .= $iv ^ substr($ciphertext, -$len); + $iv = substr_replace($iv, substr($ciphertext, -$len), 0, $len); + $pos = $len; + } + + restore_error_handler(); + + return $plaintext; + } + + $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->demcrypt, $this->key, $this->getIV($this->decryptIV)); + } + + restore_error_handler(); + + return $this->paddable ? $this->unpad($plaintext) : $plaintext; + } + + if ($this->engine === self::ENGINE_EVAL) { + $inline = $this->inline_crypt; + return $inline('decrypt', $ciphertext); + } + + $block_size = $this->block_size; + + $buffer = &$this->debuffer; + $plaintext = ''; + switch ($this->mode) { + case self::MODE_ECB: + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $plaintext .= $this->decryptBlock(substr($ciphertext, $i, $block_size)); + } + break; + case self::MODE_CBC: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + $plaintext .= $this->decryptBlock($block) ^ $xor; + $xor = $block; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + break; + case self::MODE_CTR: + $xor = $this->decryptIV; + if (strlen($buffer['ciphertext'])) { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + if (strlen($block) > strlen($buffer['ciphertext'])) { + $buffer['ciphertext'] .= $this->encryptBlock($xor); + Strings::increment_str($xor); + } + $key = Strings::shift($buffer['ciphertext'], $block_size); + $plaintext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + $key = $this->encryptBlock($xor); + Strings::increment_str($xor); + $plaintext .= $block ^ $key; + } + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + if ($start = strlen($ciphertext) % $block_size) { + $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext']; + } + } + break; + case self::MODE_CFB: + if ($this->continuousBuffer) { + $iv = &$this->decryptIV; + $pos = &$buffer['pos']; + } else { + $iv = $this->decryptIV; + $pos = 0; + } + $len = strlen($ciphertext); + $i = 0; + if ($pos) { + $orig_pos = $pos; + $max = $block_size - $pos; + if ($len >= $max) { + $i = $max; + $len -= $max; + $pos = 0; + } else { + $i = $len; + $pos += $len; + $len = 0; + } + // ie. $i = min($max, $len), $len-= $i, $pos+= $i, $pos%= $blocksize + $plaintext = substr($iv, $orig_pos) ^ $ciphertext; + $iv = substr_replace($iv, substr($ciphertext, 0, $i), $orig_pos, $i); + } + while ($len >= $block_size) { + $iv = $this->encryptBlock($iv); + $cb = substr($ciphertext, $i, $block_size); + $plaintext .= $iv ^ $cb; + $iv = $cb; + $len -= $block_size; + $i += $block_size; + } + if ($len) { + $iv = $this->encryptBlock($iv); + $plaintext .= $iv ^ substr($ciphertext, $i); + $iv = substr_replace($iv, substr($ciphertext, $i), 0, $len); + $pos = $len; + } + break; + case self::MODE_CFB8: + $plaintext = ''; + $len = strlen($ciphertext); + $iv = $this->decryptIV; + + for ($i = 0; $i < $len; ++$i) { + $plaintext .= $ciphertext[$i] ^ $this->encryptBlock($iv); + $iv = substr($iv, 1) . $ciphertext[$i]; + } + + if ($this->continuousBuffer) { + if ($len >= $block_size) { + $this->decryptIV = substr($ciphertext, -$block_size); + } else { + $this->decryptIV = substr($this->decryptIV, $len - $block_size) . substr($ciphertext, -$len); + } + } + break; + case self::MODE_OFB8: + $plaintext = ''; + $len = strlen($ciphertext); + $iv = $this->decryptIV; + + for ($i = 0; $i < $len; ++$i) { + $xor = $this->encryptBlock($iv); + $plaintext .= $ciphertext[$i] ^ $xor; + $iv = substr($iv, 1) . $xor[0]; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $iv; + } + break; + case self::MODE_OFB: + $xor = $this->decryptIV; + if (strlen($buffer['xor'])) { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $block = substr($ciphertext, $i, $block_size); + if (strlen($block) > strlen($buffer['xor'])) { + $xor = $this->encryptBlock($xor); + $buffer['xor'] .= $xor; + } + $key = Strings::shift($buffer['xor'], $block_size); + $plaintext .= $block ^ $key; + } + } else { + for ($i = 0; $i < strlen($ciphertext); $i += $block_size) { + $xor = $this->encryptBlock($xor); + $plaintext .= substr($ciphertext, $i, $block_size) ^ $xor; + } + $key = $xor; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + if ($start = strlen($ciphertext) % $block_size) { + $buffer['xor'] = substr($key, $start) . $buffer['xor']; + } + } + break; + case self::MODE_STREAM: + $plaintext = $this->decryptBlock($ciphertext); + break; + } + return $this->paddable ? $this->unpad($plaintext) : $plaintext; + } + + /** + * Get the authentication tag + * + * Only used in GCM or Poly1305 mode + * + * @see self::encrypt() + * @param int $length optional + * @return string + * @throws \LengthException if $length isn't of a sufficient length + * @throws \RuntimeException if GCM mode isn't being used + */ + public function getTag($length = 16) + { + if ($this->mode != self::MODE_GCM && !$this->usePoly1305) { + throw new \BadMethodCallException('Authentication tags are only utilized in GCM mode or with Poly1305'); + } + + if ($this->newtag === false) { + throw new \BadMethodCallException('A tag can only be returned after a round of encryption has been performed'); + } + + // the tag is 128-bits. it can't be greater than 16 bytes because that's bigger than the tag is. if it + // were 0 you might as well be doing CTR and less than 4 provides minimal security that could be trivially + // easily brute forced. + // see https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=36 + // for more info + if ($length < 4 || $length > 16) { + throw new \LengthException('The authentication tag must be between 4 and 16 bytes long'); + } + + return $length == 16 ? + $this->newtag : + substr($this->newtag, 0, $length); + } + + /** + * Sets the authentication tag + * + * Only used in GCM mode + * + * @see self::decrypt() + * @param string $tag + * @throws \LengthException if $length isn't of a sufficient length + * @throws \RuntimeException if GCM mode isn't being used + */ + public function setTag($tag) + { + if ($this->usePoly1305 && !isset($this->poly1305Key) && method_exists($this, 'createPoly1305Key')) { + $this->createPoly1305Key(); + } + + if ($this->mode != self::MODE_GCM && !$this->usePoly1305) { + throw new \BadMethodCallException('Authentication tags are only utilized in GCM mode or with Poly1305'); + } + + $length = strlen($tag); + if ($length < 4 || $length > 16) { + throw new \LengthException('The authentication tag must be between 4 and 16 bytes long'); + } + $this->oldtag = $tag; + } + + /** + * Get the IV + * + * mcrypt requires an IV even if ECB is used + * + * @see self::encrypt() + * @see self::decrypt() + * @param string $iv + * @return string + */ + protected function getIV($iv) + { + return $this->mode == self::MODE_ECB ? str_repeat("\0", $this->block_size) : $iv; + } + + /** + * OpenSSL CTR Processor + * + * PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream + * for CTR is the same for both encrypting and decrypting this function is re-used by both SymmetricKey::encrypt() + * and SymmetricKey::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this + * function will emulate CTR with ECB when necessary. + * + * @see self::encrypt() + * @see self::decrypt() + * @param string $plaintext + * @param string $encryptIV + * @param array $buffer + * @return string + */ + private function openssl_ctr_process($plaintext, &$encryptIV, &$buffer) + { + $ciphertext = ''; + + $block_size = $this->block_size; + $key = $this->key; + + if ($this->openssl_emulate_ctr) { + $xor = $encryptIV; + if (strlen($buffer['ciphertext'])) { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + if (strlen($block) > strlen($buffer['ciphertext'])) { + $buffer['ciphertext'] .= openssl_encrypt($xor, $this->cipher_name_openssl_ecb, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + } + Strings::increment_str($xor); + $otp = Strings::shift($buffer['ciphertext'], $block_size); + $ciphertext .= $block ^ $otp; + } + } else { + for ($i = 0; $i < strlen($plaintext); $i += $block_size) { + $block = substr($plaintext, $i, $block_size); + $otp = openssl_encrypt($xor, $this->cipher_name_openssl_ecb, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + Strings::increment_str($xor); + $ciphertext .= $block ^ $otp; + } + } + if ($this->continuousBuffer) { + $encryptIV = $xor; + if ($start = strlen($plaintext) % $block_size) { + $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext']; + } + } + + return $ciphertext; + } + + if (strlen($buffer['ciphertext'])) { + $ciphertext = $plaintext ^ Strings::shift($buffer['ciphertext'], strlen($plaintext)); + $plaintext = substr($plaintext, strlen($ciphertext)); + + if (!strlen($plaintext)) { + return $ciphertext; + } + } + + $overflow = strlen($plaintext) % $block_size; + if ($overflow) { + $plaintext2 = Strings::pop($plaintext, $overflow); // ie. trim $plaintext to a multiple of $block_size and put rest of $plaintext in $plaintext2 + $encrypted = openssl_encrypt($plaintext . str_repeat("\0", $block_size), $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + $temp = Strings::pop($encrypted, $block_size); + $ciphertext .= $encrypted . ($plaintext2 ^ $temp); + if ($this->continuousBuffer) { + $buffer['ciphertext'] = substr($temp, $overflow); + $encryptIV = $temp; + } + } elseif (!strlen($buffer['ciphertext'])) { + $ciphertext .= openssl_encrypt($plaintext . str_repeat("\0", $block_size), $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + $temp = Strings::pop($ciphertext, $block_size); + if ($this->continuousBuffer) { + $encryptIV = $temp; + } + } + if ($this->continuousBuffer) { + $encryptIV = openssl_decrypt($encryptIV, $this->cipher_name_openssl_ecb, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING); + if ($overflow) { + Strings::increment_str($encryptIV); + } + } + + return $ciphertext; + } + + /** + * OpenSSL OFB Processor + * + * PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream + * for OFB is the same for both encrypting and decrypting this function is re-used by both SymmetricKey::encrypt() + * and SymmetricKey::decrypt(). + * + * @see self::encrypt() + * @see self::decrypt() + * @param string $plaintext + * @param string $encryptIV + * @param array $buffer + * @return string + */ + private function openssl_ofb_process($plaintext, &$encryptIV, &$buffer) + { + if (strlen($buffer['xor'])) { + $ciphertext = $plaintext ^ $buffer['xor']; + $buffer['xor'] = substr($buffer['xor'], strlen($ciphertext)); + $plaintext = substr($plaintext, strlen($ciphertext)); + } else { + $ciphertext = ''; + } + + $block_size = $this->block_size; + + $len = strlen($plaintext); + $key = $this->key; + $overflow = $len % $block_size; + + if (strlen($plaintext)) { + if ($overflow) { + $ciphertext .= openssl_encrypt(substr($plaintext, 0, -$overflow) . str_repeat("\0", $block_size), $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + $xor = Strings::pop($ciphertext, $block_size); + if ($this->continuousBuffer) { + $encryptIV = $xor; + } + $ciphertext .= Strings::shift($xor, $overflow) ^ substr($plaintext, -$overflow); + if ($this->continuousBuffer) { + $buffer['xor'] = $xor; + } + } else { + $ciphertext = openssl_encrypt($plaintext, $this->cipher_name_openssl, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $encryptIV); + if ($this->continuousBuffer) { + $encryptIV = substr($ciphertext, -$block_size) ^ substr($plaintext, -$block_size); + } + } + } + + return $ciphertext; + } + + /** + * phpseclib <-> OpenSSL Mode Mapper + * + * May need to be overwritten by classes extending this one in some cases + * + * @return string + */ + protected function openssl_translate_mode() + { + switch ($this->mode) { + case self::MODE_ECB: + return 'ecb'; + case self::MODE_CBC: + return 'cbc'; + case self::MODE_CTR: + case self::MODE_GCM: + return 'ctr'; + case self::MODE_CFB: + return 'cfb'; + case self::MODE_CFB8: + return 'cfb8'; + case self::MODE_OFB: + return 'ofb'; + } + } + + /** + * Pad "packets". + * + * Block ciphers working by encrypting between their specified [$this->]block_size at a time + * If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to + * pad the input so that it is of the proper length. + * + * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, + * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping + * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is + * transmitted separately) + * + * @see self::disablePadding() + */ + public function enablePadding() + { + $this->padding = true; + } + + /** + * Do not pad packets. + * + * @see self::enablePadding() + */ + public function disablePadding() + { + $this->padding = false; + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 32-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * + * echo $rijndael->encrypt(substr($plaintext, 0, 16)); + * echo $rijndael->encrypt(substr($plaintext, 16, 16)); + * + * + * echo $rijndael->encrypt($plaintext); + * + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * + * $rijndael->encrypt(substr($plaintext, 0, 16)); + * echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16))); + * + * + * echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16))); + * + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the \phpseclib3\Crypt\*() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::disableContinuousBuffer() + */ + public function enableContinuousBuffer() + { + if ($this->mode == self::MODE_ECB) { + return; + } + + if ($this->mode == self::MODE_GCM) { + throw new \BadMethodCallException('This mode does not run in continuous mode'); + } + + $this->continuousBuffer = true; + + $this->setEngine(); + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::enableContinuousBuffer() + */ + public function disableContinuousBuffer() + { + if ($this->mode == self::MODE_ECB) { + return; + } + if (!$this->continuousBuffer) { + return; + } + + $this->continuousBuffer = false; + + $this->setEngine(); + } + + /** + * Test for engine validity + * + * @see self::__construct() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + switch ($engine) { + case self::ENGINE_OPENSSL: + $this->openssl_emulate_ctr = false; + $result = $this->cipher_name_openssl && + extension_loaded('openssl'); + if (!$result) { + return false; + } + + $methods = openssl_get_cipher_methods(); + if (in_array($this->cipher_name_openssl, $methods)) { + return true; + } + // not all of openssl's symmetric cipher's support ctr. for those + // that don't we'll emulate it + switch ($this->mode) { + case self::MODE_CTR: + if (in_array($this->cipher_name_openssl_ecb, $methods)) { + $this->openssl_emulate_ctr = true; + return true; + } + } + return false; + case self::ENGINE_MCRYPT: + set_error_handler(function () { + }); + $result = $this->cipher_name_mcrypt && + extension_loaded('mcrypt') && + in_array($this->cipher_name_mcrypt, mcrypt_list_algorithms()); + restore_error_handler(); + return $result; + case self::ENGINE_EVAL: + return method_exists($this, 'setupInlineCrypt'); + case self::ENGINE_INTERNAL: + return true; + } + + return false; + } + + /** + * Test for engine validity + * + * @see self::__construct() + * @param string $engine + * @return bool + */ + public function isValidEngine($engine) + { + static $reverseMap; + if (!isset($reverseMap)) { + $reverseMap = array_map('strtolower', self::ENGINE_MAP); + $reverseMap = array_flip($reverseMap); + } + $engine = strtolower($engine); + if (!isset($reverseMap[$engine])) { + return false; + } + + return $this->isValidEngineHelper($reverseMap[$engine]); + } + + /** + * Sets the preferred crypt engine + * + * Currently, $engine could be: + * + * - libsodium[very fast] + * + * - OpenSSL [very fast] + * + * - mcrypt [fast] + * + * - Eval [slow] + * + * - PHP [slowest] + * + * If the preferred crypt engine is not available the fastest available one will be used + * + * @see self::__construct() + * @param string $engine + */ + public function setPreferredEngine($engine) + { + static $reverseMap; + if (!isset($reverseMap)) { + $reverseMap = array_map('strtolower', self::ENGINE_MAP); + $reverseMap = array_flip($reverseMap); + } + $engine = is_string($engine) ? strtolower($engine) : ''; + $this->preferredEngine = isset($reverseMap[$engine]) ? $reverseMap[$engine] : self::ENGINE_LIBSODIUM; + + $this->setEngine(); + } + + /** + * Returns the engine currently being utilized + * + * @see self::setEngine() + */ + public function getEngine() + { + return self::ENGINE_MAP[$this->engine]; + } + + /** + * Sets the engine as appropriate + * + * @see self::__construct() + */ + protected function setEngine() + { + $this->engine = null; + + $candidateEngines = [ + self::ENGINE_LIBSODIUM, + self::ENGINE_OPENSSL_GCM, + self::ENGINE_OPENSSL, + self::ENGINE_MCRYPT, + self::ENGINE_EVAL + ]; + if (isset($this->preferredEngine)) { + $temp = [$this->preferredEngine]; + $candidateEngines = array_merge( + $temp, + array_diff($candidateEngines, $temp) + ); + } + foreach ($candidateEngines as $engine) { + if ($this->isValidEngineHelper($engine)) { + $this->engine = $engine; + break; + } + } + if (!$this->engine) { + $this->engine = self::ENGINE_INTERNAL; + } + + if ($this->engine != self::ENGINE_MCRYPT && $this->enmcrypt) { + set_error_handler(function () { + }); + // Closing the current mcrypt resource(s). _mcryptSetup() will, if needed, + // (re)open them with the module named in $this->cipher_name_mcrypt + mcrypt_module_close($this->enmcrypt); + mcrypt_module_close($this->demcrypt); + $this->enmcrypt = null; + $this->demcrypt = null; + + if ($this->ecb) { + mcrypt_module_close($this->ecb); + $this->ecb = null; + } + restore_error_handler(); + } + + $this->changed = $this->nonIVChanged = true; + } + + /** + * Encrypts a block + * + * Note: Must be extended by the child \phpseclib3\Crypt\* class + * + * @param string $in + * @return string + */ + abstract protected function encryptBlock($in); + + /** + * Decrypts a block + * + * Note: Must be extended by the child \phpseclib3\Crypt\* class + * + * @param string $in + * @return string + */ + abstract protected function decryptBlock($in); + + /** + * Setup the key (expansion) + * + * Only used if $engine == self::ENGINE_INTERNAL + * + * Note: Must extend by the child \phpseclib3\Crypt\* class + * + * @see self::setup() + */ + abstract protected function setupKey(); + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine and flush all $buffers + * Used (only) if $engine == self::ENGINE_INTERNAL + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setIV() + * + * - disableContinuousBuffer() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * {@internal setup() is always called before en/decryption.} + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::setKey() + * @see self::setIV() + * @see self::disableContinuousBuffer() + */ + protected function setup() + { + if (!$this->changed) { + return; + } + + $this->changed = false; + + if ($this->usePoly1305 && !isset($this->poly1305Key) && method_exists($this, 'createPoly1305Key')) { + $this->createPoly1305Key(); + } + + $this->enbuffer = $this->debuffer = ['ciphertext' => '', 'xor' => '', 'pos' => 0, 'enmcrypt_init' => true]; + //$this->newtag = $this->oldtag = false; + + if ($this->usesNonce()) { + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + if ($this->mode == self::MODE_GCM && !in_array($this->engine, [self::ENGINE_LIBSODIUM, self::ENGINE_OPENSSL_GCM])) { + $this->setupGCM(); + } + } else { + $this->iv = $this->origIV; + } + + if ($this->iv === false && !in_array($this->mode, [self::MODE_STREAM, self::MODE_ECB])) { + if ($this->mode != self::MODE_GCM || !in_array($this->engine, [self::ENGINE_LIBSODIUM, self::ENGINE_OPENSSL_GCM])) { + throw new InsufficientSetupException('No IV has been defined'); + } + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + $this->encryptIV = $this->decryptIV = $this->iv; + + switch ($this->engine) { + case self::ENGINE_MCRYPT: + $this->enchanged = $this->dechanged = true; + + set_error_handler(function () { + }); + + if (!isset($this->enmcrypt)) { + static $mcrypt_modes = [ + self::MODE_CTR => 'ctr', + self::MODE_ECB => MCRYPT_MODE_ECB, + self::MODE_CBC => MCRYPT_MODE_CBC, + self::MODE_CFB => 'ncfb', + self::MODE_CFB8 => MCRYPT_MODE_CFB, + self::MODE_OFB => MCRYPT_MODE_NOFB, + self::MODE_OFB8 => MCRYPT_MODE_OFB, + self::MODE_STREAM => MCRYPT_MODE_STREAM, + ]; + + $this->demcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], ''); + $this->enmcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], ''); + + // we need the $ecb mcrypt resource (only) in MODE_CFB with enableContinuousBuffer() + // to workaround mcrypt's broken ncfb implementation in buffered mode + // see: {@link http://phpseclib.sourceforge.net/cfb-demo.phps} + if ($this->mode == self::MODE_CFB) { + $this->ecb = mcrypt_module_open($this->cipher_name_mcrypt, '', MCRYPT_MODE_ECB, ''); + } + } // else should mcrypt_generic_deinit be called? + + if ($this->mode == self::MODE_CFB) { + mcrypt_generic_init($this->ecb, $this->key, str_repeat("\0", $this->block_size)); + } + + restore_error_handler(); + + break; + case self::ENGINE_INTERNAL: + $this->setupKey(); + break; + case self::ENGINE_EVAL: + if ($this->nonIVChanged) { + $this->setupKey(); + $this->setupInlineCrypt(); + } + } + + $this->nonIVChanged = false; + } + + /** + * Pads a string + * + * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. + * $this->block_size - (strlen($text) % $this->block_size) bytes are added, each of which is equal to + * chr($this->block_size - (strlen($text) % $this->block_size) + * + * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless + * and padding will, hence forth, be enabled. + * + * @see self::unpad() + * @param string $text + * @throws \LengthException if padding is disabled and the plaintext's length is not a multiple of the block size + * @return string + */ + protected function pad($text) + { + $length = strlen($text); + + if (!$this->padding) { + if ($length % $this->block_size == 0) { + return $text; + } else { + throw new \LengthException("The plaintext's length ($length) is not a multiple of the block size ({$this->block_size}). Try enabling padding."); + } + } + + $pad = $this->block_size - ($length % $this->block_size); + + return str_pad($text, $length + $pad, chr($pad)); + } + + /** + * Unpads a string. + * + * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong + * and false will be returned. + * + * @see self::pad() + * @param string $text + * @throws \LengthException if the ciphertext's length is not a multiple of the block size + * @return string + */ + protected function unpad($text) + { + if (!$this->padding) { + return $text; + } + + $length = ord($text[strlen($text) - 1]); + + if (!$length || $length > $this->block_size) { + throw new BadDecryptionException("The ciphertext has an invalid padding length ($length) compared to the block size ({$this->block_size})"); + } + + return substr($text, 0, -$length); + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * Stores the created (or existing) callback function-name + * in $this->inline_crypt + * + * Internally for phpseclib developers: + * + * _setupInlineCrypt() would be called only if: + * + * - $this->engine === self::ENGINE_EVAL + * + * - each time on _setup(), after(!) _setupKey() + * + * + * This ensures that _setupInlineCrypt() has always a + * full ready2go initializated internal cipher $engine state + * where, for example, the keys already expanded, + * keys/block_size calculated and such. + * + * It is, each time if called, the responsibility of _setupInlineCrypt(): + * + * - to set $this->inline_crypt to a valid and fully working callback function + * as a (faster) replacement for encrypt() / decrypt() + * + * - NOT to create unlimited callback functions (for memory reasons!) + * no matter how often _setupInlineCrypt() would be called. At some + * point of amount they must be generic re-useable. + * + * - the code of _setupInlineCrypt() it self, + * and the generated callback code, + * must be, in following order: + * - 100% safe + * - 100% compatible to encrypt()/decrypt() + * - using only php5+ features/lang-constructs/php-extensions if + * compatibility (down to php4) or fallback is provided + * - readable/maintainable/understandable/commented and... not-cryptic-styled-code :-) + * - >= 10% faster than encrypt()/decrypt() [which is, by the way, + * the reason for the existence of _setupInlineCrypt() :-)] + * - memory-nice + * - short (as good as possible) + * + * Note: - _setupInlineCrypt() is using _createInlineCryptFunction() to create the full callback function code. + * - In case of using inline crypting, _setupInlineCrypt() must extend by the child \phpseclib3\Crypt\* class. + * - The following variable names are reserved: + * - $_* (all variable names prefixed with an underscore) + * - $self (object reference to it self. Do not use $this, but $self instead) + * - $in (the content of $in has to en/decrypt by the generated code) + * - The callback function should not use the 'return' statement, but en/decrypt'ing the content of $in only + * + * {@internal If a Crypt_* class providing inline crypting it must extend _setupInlineCrypt()} + * + * @see self::setup() + * @see self::createInlineCryptFunction() + * @see self::encrypt() + * @see self::decrypt() + */ + //protected function setupInlineCrypt(); + + /** + * Creates the performance-optimized function for en/decrypt() + * + * Internally for phpseclib developers: + * + * _createInlineCryptFunction(): + * + * - merge the $cipher_code [setup'ed by _setupInlineCrypt()] + * with the current [$this->]mode of operation code + * + * - create the $inline function, which called by encrypt() / decrypt() + * as its replacement to speed up the en/decryption operations. + * + * - return the name of the created $inline callback function + * + * - used to speed up en/decryption + * + * + * + * The main reason why can speed up things [up to 50%] this way are: + * + * - using variables more effective then regular. + * (ie no use of expensive arrays but integers $k_0, $k_1 ... + * or even, for example, the pure $key[] values hardcoded) + * + * - avoiding 1000's of function calls of ie _encryptBlock() + * but inlining the crypt operations. + * in the mode of operation for() loop. + * + * - full loop unroll the (sometimes key-dependent) rounds + * avoiding this way ++$i counters and runtime-if's etc... + * + * The basic code architectur of the generated $inline en/decrypt() + * lambda function, in pseudo php, is: + * + * + * +----------------------------------------------------------------------------------------------+ + * | callback $inline = create_function: | + * | lambda_function_0001_crypt_ECB($action, $text) | + * | { | + * | INSERT PHP CODE OF: | + * | $cipher_code['init_crypt']; // general init code. | + * | // ie: $sbox'es declarations used for | + * | // encrypt and decrypt'ing. | + * | | + * | switch ($action) { | + * | case 'encrypt': | + * | INSERT PHP CODE OF: | + * | $cipher_code['init_encrypt']; // encrypt sepcific init code. | + * | ie: specified $key or $box | + * | declarations for encrypt'ing. | + * | | + * | foreach ($ciphertext) { | + * | $in = $block_size of $ciphertext; | + * | | + * | INSERT PHP CODE OF: | + * | $cipher_code['encrypt_block']; // encrypt's (string) $in, which is always: | + * | // strlen($in) == $this->block_size | + * | // here comes the cipher algorithm in action | + * | // for encryption. | + * | // $cipher_code['encrypt_block'] has to | + * | // encrypt the content of the $in variable | + * | | + * | $plaintext .= $in; | + * | } | + * | return $plaintext; | + * | | + * | case 'decrypt': | + * | INSERT PHP CODE OF: | + * | $cipher_code['init_decrypt']; // decrypt sepcific init code | + * | ie: specified $key or $box | + * | declarations for decrypt'ing. | + * | foreach ($plaintext) { | + * | $in = $block_size of $plaintext; | + * | | + * | INSERT PHP CODE OF: | + * | $cipher_code['decrypt_block']; // decrypt's (string) $in, which is always | + * | // strlen($in) == $this->block_size | + * | // here comes the cipher algorithm in action | + * | // for decryption. | + * | // $cipher_code['decrypt_block'] has to | + * | // decrypt the content of the $in variable | + * | $ciphertext .= $in; | + * | } | + * | return $ciphertext; | + * | } | + * | } | + * +----------------------------------------------------------------------------------------------+ + * + * + * See also the \phpseclib3\Crypt\*::_setupInlineCrypt()'s for + * productive inline $cipher_code's how they works. + * + * Structure of: + * + * $cipher_code = [ + * 'init_crypt' => (string) '', // optional + * 'init_encrypt' => (string) '', // optional + * 'init_decrypt' => (string) '', // optional + * 'encrypt_block' => (string) '', // required + * 'decrypt_block' => (string) '' // required + * ]; + * + * + * @see self::setupInlineCrypt() + * @see self::encrypt() + * @see self::decrypt() + * @param array $cipher_code + * @return string (the name of the created callback function) + */ + protected function createInlineCryptFunction($cipher_code) + { + $block_size = $this->block_size; + + // optional + $init_crypt = isset($cipher_code['init_crypt']) ? $cipher_code['init_crypt'] : ''; + $init_encrypt = isset($cipher_code['init_encrypt']) ? $cipher_code['init_encrypt'] : ''; + $init_decrypt = isset($cipher_code['init_decrypt']) ? $cipher_code['init_decrypt'] : ''; + // required + $encrypt_block = $cipher_code['encrypt_block']; + $decrypt_block = $cipher_code['decrypt_block']; + + // Generating mode of operation inline code, + // merged with the $cipher_code algorithm + // for encrypt- and decryption. + switch ($this->mode) { + case self::MODE_ECB: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $in = substr($_text, $_i, ' . $block_size . '); + ' . $encrypt_block . ' + $_ciphertext.= $in; + } + + return $_ciphertext; + '; + + $decrypt = $init_decrypt . ' + $_plaintext = ""; + $_text = str_pad($_text, strlen($_text) + (' . $block_size . ' - strlen($_text) % ' . $block_size . ') % ' . $block_size . ', chr(0)); + $_ciphertext_len = strlen($_text); + + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $in = substr($_text, $_i, ' . $block_size . '); + ' . $decrypt_block . ' + $_plaintext.= $in; + } + + return $this->unpad($_plaintext); + '; + break; + case self::MODE_CTR: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + $_xor = $this->encryptIV; + $_buffer = &$this->enbuffer; + if (strlen($_buffer["ciphertext"])) { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["ciphertext"])) { + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_buffer["ciphertext"].= $in; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["ciphertext"], ' . $block_size . '); + $_ciphertext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_key = $in; + $_ciphertext.= $_block ^ $_key; + } + } + if ($this->continuousBuffer) { + $this->encryptIV = $_xor; + if ($_start = $_plaintext_len % ' . $block_size . ') { + $_buffer["ciphertext"] = substr($_key, $_start) . $_buffer["ciphertext"]; + } + } + + return $_ciphertext; + '; + + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_ciphertext_len = strlen($_text); + $_xor = $this->decryptIV; + $_buffer = &$this->debuffer; + + if (strlen($_buffer["ciphertext"])) { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["ciphertext"])) { + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_buffer["ciphertext"].= $in; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["ciphertext"], ' . $block_size . '); + $_plaintext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + $in = $_xor; + ' . $encrypt_block . ' + \phpseclib3\Common\Functions\Strings::increment_str($_xor); + $_key = $in; + $_plaintext.= $_block ^ $_key; + } + } + if ($this->continuousBuffer) { + $this->decryptIV = $_xor; + if ($_start = $_ciphertext_len % ' . $block_size . ') { + $_buffer["ciphertext"] = substr($_key, $_start) . $_buffer["ciphertext"]; + } + } + + return $_plaintext; + '; + break; + case self::MODE_CFB: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_buffer = &$this->enbuffer; + + if ($this->continuousBuffer) { + $_iv = &$this->encryptIV; + $_pos = &$_buffer["pos"]; + } else { + $_iv = $this->encryptIV; + $_pos = 0; + } + $_len = strlen($_text); + $_i = 0; + if ($_pos) { + $_orig_pos = $_pos; + $_max = ' . $block_size . ' - $_pos; + if ($_len >= $_max) { + $_i = $_max; + $_len-= $_max; + $_pos = 0; + } else { + $_i = $_len; + $_pos+= $_len; + $_len = 0; + } + $_ciphertext = substr($_iv, $_orig_pos) ^ $_text; + $_iv = substr_replace($_iv, $_ciphertext, $_orig_pos, $_i); + } + while ($_len >= ' . $block_size . ') { + $in = $_iv; + ' . $encrypt_block . '; + $_iv = $in ^ substr($_text, $_i, ' . $block_size . '); + $_ciphertext.= $_iv; + $_len-= ' . $block_size . '; + $_i+= ' . $block_size . '; + } + if ($_len) { + $in = $_iv; + ' . $encrypt_block . ' + $_iv = $in; + $_block = $_iv ^ substr($_text, $_i); + $_iv = substr_replace($_iv, $_block, 0, $_len); + $_ciphertext.= $_block; + $_pos = $_len; + } + return $_ciphertext; + '; + + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_buffer = &$this->debuffer; + + if ($this->continuousBuffer) { + $_iv = &$this->decryptIV; + $_pos = &$_buffer["pos"]; + } else { + $_iv = $this->decryptIV; + $_pos = 0; + } + $_len = strlen($_text); + $_i = 0; + if ($_pos) { + $_orig_pos = $_pos; + $_max = ' . $block_size . ' - $_pos; + if ($_len >= $_max) { + $_i = $_max; + $_len-= $_max; + $_pos = 0; + } else { + $_i = $_len; + $_pos+= $_len; + $_len = 0; + } + $_plaintext = substr($_iv, $_orig_pos) ^ $_text; + $_iv = substr_replace($_iv, substr($_text, 0, $_i), $_orig_pos, $_i); + } + while ($_len >= ' . $block_size . ') { + $in = $_iv; + ' . $encrypt_block . ' + $_iv = $in; + $cb = substr($_text, $_i, ' . $block_size . '); + $_plaintext.= $_iv ^ $cb; + $_iv = $cb; + $_len-= ' . $block_size . '; + $_i+= ' . $block_size . '; + } + if ($_len) { + $in = $_iv; + ' . $encrypt_block . ' + $_iv = $in; + $_plaintext.= $_iv ^ substr($_text, $_i); + $_iv = substr_replace($_iv, substr($_text, $_i), 0, $_len); + $_pos = $_len; + } + + return $_plaintext; + '; + break; + case self::MODE_CFB8: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_len = strlen($_text); + $_iv = $this->encryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_ciphertext .= ($_c = $_text[$_i] ^ $in); + $_iv = substr($_iv, 1) . $_c; + } + + if ($this->continuousBuffer) { + if ($_len >= ' . $block_size . ') { + $this->encryptIV = substr($_ciphertext, -' . $block_size . '); + } else { + $this->encryptIV = substr($this->encryptIV, $_len - ' . $block_size . ') . substr($_ciphertext, -$_len); + } + } + + return $_ciphertext; + '; + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_len = strlen($_text); + $_iv = $this->decryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_plaintext .= $_text[$_i] ^ $in; + $_iv = substr($_iv, 1) . $_text[$_i]; + } + + if ($this->continuousBuffer) { + if ($_len >= ' . $block_size . ') { + $this->decryptIV = substr($_text, -' . $block_size . '); + } else { + $this->decryptIV = substr($this->decryptIV, $_len - ' . $block_size . ') . substr($_text, -$_len); + } + } + + return $_plaintext; + '; + break; + case self::MODE_OFB8: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_len = strlen($_text); + $_iv = $this->encryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_ciphertext.= $_text[$_i] ^ $in; + $_iv = substr($_iv, 1) . $in[0]; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $_iv; + } + + return $_ciphertext; + '; + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_len = strlen($_text); + $_iv = $this->decryptIV; + + for ($_i = 0; $_i < $_len; ++$_i) { + $in = $_iv; + ' . $encrypt_block . ' + $_plaintext.= $_text[$_i] ^ $in; + $_iv = substr($_iv, 1) . $in[0]; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $_iv; + } + + return $_plaintext; + '; + break; + case self::MODE_OFB: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + $_xor = $this->encryptIV; + $_buffer = &$this->enbuffer; + + if (strlen($_buffer["xor"])) { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["xor"])) { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_buffer["xor"].= $_xor; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["xor"], ' . $block_size . '); + $_ciphertext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_ciphertext.= substr($_text, $_i, ' . $block_size . ') ^ $_xor; + } + $_key = $_xor; + } + if ($this->continuousBuffer) { + $this->encryptIV = $_xor; + if ($_start = $_plaintext_len % ' . $block_size . ') { + $_buffer["xor"] = substr($_key, $_start) . $_buffer["xor"]; + } + } + return $_ciphertext; + '; + + $decrypt = $init_encrypt . ' + $_plaintext = ""; + $_ciphertext_len = strlen($_text); + $_xor = $this->decryptIV; + $_buffer = &$this->debuffer; + + if (strlen($_buffer["xor"])) { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $_block = substr($_text, $_i, ' . $block_size . '); + if (strlen($_block) > strlen($_buffer["xor"])) { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_buffer["xor"].= $_xor; + } + $_key = \phpseclib3\Common\Functions\Strings::shift($_buffer["xor"], ' . $block_size . '); + $_plaintext.= $_block ^ $_key; + } + } else { + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $in = $_xor; + ' . $encrypt_block . ' + $_xor = $in; + $_plaintext.= substr($_text, $_i, ' . $block_size . ') ^ $_xor; + } + $_key = $_xor; + } + if ($this->continuousBuffer) { + $this->decryptIV = $_xor; + if ($_start = $_ciphertext_len % ' . $block_size . ') { + $_buffer["xor"] = substr($_key, $_start) . $_buffer["xor"]; + } + } + return $_plaintext; + '; + break; + case self::MODE_STREAM: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + ' . $encrypt_block . ' + return $_ciphertext; + '; + $decrypt = $init_decrypt . ' + $_plaintext = ""; + ' . $decrypt_block . ' + return $_plaintext; + '; + break; + // case self::MODE_CBC: + default: + $encrypt = $init_encrypt . ' + $_ciphertext = ""; + $_plaintext_len = strlen($_text); + + $in = $this->encryptIV; + + for ($_i = 0; $_i < $_plaintext_len; $_i+= ' . $block_size . ') { + $in = substr($_text, $_i, ' . $block_size . ') ^ $in; + ' . $encrypt_block . ' + $_ciphertext.= $in; + } + + if ($this->continuousBuffer) { + $this->encryptIV = $in; + } + + return $_ciphertext; + '; + + $decrypt = $init_decrypt . ' + $_plaintext = ""; + $_text = str_pad($_text, strlen($_text) + (' . $block_size . ' - strlen($_text) % ' . $block_size . ') % ' . $block_size . ', chr(0)); + $_ciphertext_len = strlen($_text); + + $_iv = $this->decryptIV; + + for ($_i = 0; $_i < $_ciphertext_len; $_i+= ' . $block_size . ') { + $in = $_block = substr($_text, $_i, ' . $block_size . '); + ' . $decrypt_block . ' + $_plaintext.= $in ^ $_iv; + $_iv = $_block; + } + + if ($this->continuousBuffer) { + $this->decryptIV = $_iv; + } + + return $this->unpad($_plaintext); + '; + break; + } + + // Before discrediting this, please read the following: + // @see https://github.com/phpseclib/phpseclib/issues/1293 + // @see https://github.com/phpseclib/phpseclib/pull/1143 + eval('$func = function ($_action, $_text) { ' . $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' }};'); + + return \Closure::bind($func, $this, static::class); + } + + /** + * Convert float to int + * + * On ARM CPUs converting floats to ints doesn't always work + * + * @param string $x + * @return int + */ + protected static function safe_intval($x) + { + if (is_int($x)) { + return $x; + } + + if (self::$use_reg_intval) { + return PHP_INT_SIZE == 4 && PHP_VERSION_ID >= 80100 ? intval($x) : $x; + } + + return (fmod($x, 0x80000000) & 0x7FFFFFFF) | + ((fmod(floor($x / 0x80000000), 2) & 1) << 31); + } + + /** + * eval()'able string for in-line float to int + * + * @return string + */ + protected static function safe_intval_inline() + { + if (self::$use_reg_intval) { + return PHP_INT_SIZE == 4 && PHP_VERSION_ID >= 80100 ? 'intval(%s)' : '%s'; + } + + $safeint = '(is_int($temp = %s) ? $temp : (fmod($temp, 0x80000000) & 0x7FFFFFFF) | '; + return $safeint . '((fmod(floor($temp / 0x80000000), 2) & 1) << 31))'; + } + + /** + * Sets up GCM parameters + * + * See steps 1-2 of https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=23 + * for more info + * + */ + private function setupGCM() + { + // don't keep on re-calculating $this->h + if (!$this->h || $this->hKey != $this->key) { + $cipher = new static('ecb'); + $cipher->setKey($this->key); + $cipher->disablePadding(); + + $this->h = self::$gcmField->newInteger( + Strings::switchEndianness($cipher->encrypt("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0")) + ); + $this->hKey = $this->key; + } + + if (strlen($this->nonce) == 12) { + $this->iv = $this->nonce . "\0\0\0\1"; + } else { + $this->iv = $this->ghash( + self::nullPad128($this->nonce) . str_repeat("\0", 8) . self::len64($this->nonce) + ); + } + } + + /** + * Performs GHASH operation + * + * See https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=20 + * for more info + * + * @see self::decrypt() + * @see self::encrypt() + * @param string $x + * @return string + */ + private function ghash($x) + { + $h = $this->h; + $y = ["\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"]; + $x = str_split($x, 16); + $n = 0; + // the switchEndianness calls are necessary because the multiplication algorithm in BinaryField/Integer + // interprets strings as polynomials in big endian order whereas in GCM they're interpreted in little + // endian order per https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=19. + // big endian order is what binary field elliptic curves use per http://www.secg.org/sec1-v2.pdf#page=18. + + // we could switchEndianness here instead of in the while loop but doing so in the while loop seems like it + // might be slightly more performant + //$x = Strings::switchEndianness($x); + foreach ($x as $xn) { + $xn = Strings::switchEndianness($xn); + $t = $y[$n] ^ $xn; + $temp = self::$gcmField->newInteger($t); + $y[++$n] = $temp->multiply($h)->toBytes(); + $y[$n] = substr($y[$n], 1); + } + $y[$n] = Strings::switchEndianness($y[$n]); + return $y[$n]; + } + + /** + * Returns the bit length of a string in a packed format + * + * @see self::decrypt() + * @see self::encrypt() + * @see self::setupGCM() + * @param string $str + * @return string + */ + private static function len64($str) + { + return "\0\0\0\0" . pack('N', 8 * strlen($str)); + } + + /** + * NULL pads a string to be a multiple of 128 + * + * @see self::decrypt() + * @see self::encrypt() + * @see self::setupGCM() + * @param string $str + * @return string + */ + protected static function nullPad128($str) + { + $len = strlen($str); + return $str . str_repeat("\0", 16 * ceil($len / 16) - $len); + } + + /** + * Calculates Poly1305 MAC + * + * On my system ChaCha20, with libsodium, takes 0.5s. With this custom Poly1305 implementation + * it takes 1.2s. + * + * @see self::decrypt() + * @see self::encrypt() + * @param string $text + * @return string + */ + protected function poly1305($text) + { + $s = $this->poly1305Key; // strlen($this->poly1305Key) == 32 + $r = Strings::shift($s, 16); + $r = strrev($r); + $r &= "\x0f\xff\xff\xfc\x0f\xff\xff\xfc\x0f\xff\xff\xfc\x0f\xff\xff\xff"; + $s = strrev($s); + + $r = self::$poly1305Field->newInteger(new BigInteger($r, 256)); + $s = self::$poly1305Field->newInteger(new BigInteger($s, 256)); + $a = self::$poly1305Field->newInteger(new BigInteger()); + + $blocks = str_split($text, 16); + foreach ($blocks as $block) { + $n = strrev($block . chr(1)); + $n = self::$poly1305Field->newInteger(new BigInteger($n, 256)); + $a = $a->add($n); + $a = $a->multiply($r); + } + $r = $a->toBigInteger()->add($s->toBigInteger()); + $mask = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"; + return strrev($r->toBytes()) & $mask; + } + + /** + * Return the mode + * + * You can do $obj instanceof AES or whatever to get the cipher but you can't do that to get the mode + * + * @return string + */ + public function getMode() + { + return array_flip(self::MODE_MAP)[$this->mode]; + } + + /** + * Is the continuous buffer enabled? + * + * @return boolean + */ + public function continuousBufferEnabled() + { + return $this->continuousBuffer; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Traits/Fingerprint.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Traits/Fingerprint.php new file mode 100644 index 0000000..9ca8926 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Traits/Fingerprint.php @@ -0,0 +1,57 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Traits; + +use phpseclib3\Crypt\Hash; + +/** + * Fingerprint Trait for Private Keys + * + * @author Jim Wigginton + */ +trait Fingerprint +{ + /** + * Returns the public key's fingerprint + * + * The public key's fingerprint is returned, which is equivalent to running `ssh-keygen -lf rsa.pub`. If there is + * no public key currently loaded, false is returned. + * Example output (md5): "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" (as specified by RFC 4716) + * + * @param string $algorithm The hashing algorithm to be used. Valid options are 'md5' and 'sha256'. False is returned + * for invalid values. + * @return mixed + */ + public function getFingerprint($algorithm = 'md5') + { + $type = self::validatePlugin('Keys', 'OpenSSH', 'savePublicKey'); + if ($type === false) { + return false; + } + $key = $this->toString('OpenSSH', ['binary' => true]); + if ($key === false) { + return false; + } + switch ($algorithm) { + case 'sha256': + $hash = new Hash('sha256'); + $base = base64_encode($hash->hash($key)); + return substr($base, 0, strlen($base) - 1); + case 'md5': + return substr(chunk_split(md5($key), 2, ':'), 0, -1); + default: + return false; + } + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Traits/PasswordProtected.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Traits/PasswordProtected.php new file mode 100644 index 0000000..0ac274e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Traits/PasswordProtected.php @@ -0,0 +1,46 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\Common\Traits; + +/** + * Password Protected Trait for Private Keys + * + * @author Jim Wigginton + */ +trait PasswordProtected +{ + /** + * Password + * + * @var string|bool + */ + private $password = false; + + /** + * Sets the password + * + * Private keys can be encrypted with a password. To unset the password, pass in the empty string or false. + * Or rather, pass in $password such that empty($password) && !is_string($password) is true. + * + * @see self::createKey() + * @see self::load() + * @param string|bool $password + */ + public function withPassword($password = false) + { + $new = clone $this; + $new->password = $password; + return $new; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DES.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DES.php new file mode 100644 index 0000000..3b03830 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DES.php @@ -0,0 +1,1392 @@ + + * setKey('abcdefgh'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $des->decrypt($des->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadModeException; + +/** + * Pure-PHP implementation of DES. + * + * @author Jim Wigginton + */ +class DES extends BlockCipher +{ + /** + * Contains $keys[self::ENCRYPT] + * + * @see \phpseclib3\Crypt\DES::setupKey() + * @see \phpseclib3\Crypt\DES::processBlock() + */ + const ENCRYPT = 0; + /** + * Contains $keys[self::DECRYPT] + * + * @see \phpseclib3\Crypt\DES::setupKey() + * @see \phpseclib3\Crypt\DES::processBlock() + */ + const DECRYPT = 1; + + /** + * Block Length of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 8; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKeyLength() + * @var int + */ + protected $key_length = 8; + + /** + * The mcrypt specific name of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt + * @var string + */ + protected $cipher_name_mcrypt = 'des'; + + /** + * The OpenSSL names of the cipher / modes + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::openssl_mode_names + * @var array + */ + protected $openssl_mode_names = [ + self::MODE_ECB => 'des-ecb', + self::MODE_CBC => 'des-cbc', + self::MODE_CFB => 'des-cfb', + self::MODE_OFB => 'des-ofb' + // self::MODE_CTR is undefined for DES + ]; + + /** + * Optimizing value while CFB-encrypting + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cfb_init_len + * @var int + */ + protected $cfb_init_len = 500; + + /** + * Switch for DES/3DES encryption + * + * Used only if $engine == self::ENGINE_INTERNAL + * + * @see self::setupKey() + * @see self::processBlock() + * @var int + */ + protected $des_rounds = 1; + + /** + * max possible size of $key + * + * @see self::setKey() + * @var string + */ + protected $key_length_max = 8; + + /** + * The Key Schedule + * + * @see self::setupKey() + * @var array + */ + private $keys; + + /** + * Key Cache "key" + * + * @see self::setupKey() + * @var array + */ + private $kl; + + /** + * Shuffle table. + * + * For each byte value index, the entry holds an 8-byte string + * with each byte containing all bits in the same state as the + * corresponding bit in the index value. + * + * @see self::processBlock() + * @see self::setupKey() + * @var array + */ + protected static $shuffle = [ + "\x00\x00\x00\x00\x00\x00\x00\x00", "\x00\x00\x00\x00\x00\x00\x00\xFF", + "\x00\x00\x00\x00\x00\x00\xFF\x00", "\x00\x00\x00\x00\x00\x00\xFF\xFF", + "\x00\x00\x00\x00\x00\xFF\x00\x00", "\x00\x00\x00\x00\x00\xFF\x00\xFF", + "\x00\x00\x00\x00\x00\xFF\xFF\x00", "\x00\x00\x00\x00\x00\xFF\xFF\xFF", + "\x00\x00\x00\x00\xFF\x00\x00\x00", "\x00\x00\x00\x00\xFF\x00\x00\xFF", + "\x00\x00\x00\x00\xFF\x00\xFF\x00", "\x00\x00\x00\x00\xFF\x00\xFF\xFF", + "\x00\x00\x00\x00\xFF\xFF\x00\x00", "\x00\x00\x00\x00\xFF\xFF\x00\xFF", + "\x00\x00\x00\x00\xFF\xFF\xFF\x00", "\x00\x00\x00\x00\xFF\xFF\xFF\xFF", + "\x00\x00\x00\xFF\x00\x00\x00\x00", "\x00\x00\x00\xFF\x00\x00\x00\xFF", + "\x00\x00\x00\xFF\x00\x00\xFF\x00", "\x00\x00\x00\xFF\x00\x00\xFF\xFF", + "\x00\x00\x00\xFF\x00\xFF\x00\x00", "\x00\x00\x00\xFF\x00\xFF\x00\xFF", + "\x00\x00\x00\xFF\x00\xFF\xFF\x00", "\x00\x00\x00\xFF\x00\xFF\xFF\xFF", + "\x00\x00\x00\xFF\xFF\x00\x00\x00", "\x00\x00\x00\xFF\xFF\x00\x00\xFF", + "\x00\x00\x00\xFF\xFF\x00\xFF\x00", "\x00\x00\x00\xFF\xFF\x00\xFF\xFF", + "\x00\x00\x00\xFF\xFF\xFF\x00\x00", "\x00\x00\x00\xFF\xFF\xFF\x00\xFF", + "\x00\x00\x00\xFF\xFF\xFF\xFF\x00", "\x00\x00\x00\xFF\xFF\xFF\xFF\xFF", + "\x00\x00\xFF\x00\x00\x00\x00\x00", "\x00\x00\xFF\x00\x00\x00\x00\xFF", + "\x00\x00\xFF\x00\x00\x00\xFF\x00", "\x00\x00\xFF\x00\x00\x00\xFF\xFF", + "\x00\x00\xFF\x00\x00\xFF\x00\x00", "\x00\x00\xFF\x00\x00\xFF\x00\xFF", + "\x00\x00\xFF\x00\x00\xFF\xFF\x00", "\x00\x00\xFF\x00\x00\xFF\xFF\xFF", + "\x00\x00\xFF\x00\xFF\x00\x00\x00", "\x00\x00\xFF\x00\xFF\x00\x00\xFF", + "\x00\x00\xFF\x00\xFF\x00\xFF\x00", "\x00\x00\xFF\x00\xFF\x00\xFF\xFF", + "\x00\x00\xFF\x00\xFF\xFF\x00\x00", "\x00\x00\xFF\x00\xFF\xFF\x00\xFF", + "\x00\x00\xFF\x00\xFF\xFF\xFF\x00", "\x00\x00\xFF\x00\xFF\xFF\xFF\xFF", + "\x00\x00\xFF\xFF\x00\x00\x00\x00", "\x00\x00\xFF\xFF\x00\x00\x00\xFF", + "\x00\x00\xFF\xFF\x00\x00\xFF\x00", "\x00\x00\xFF\xFF\x00\x00\xFF\xFF", + "\x00\x00\xFF\xFF\x00\xFF\x00\x00", "\x00\x00\xFF\xFF\x00\xFF\x00\xFF", + "\x00\x00\xFF\xFF\x00\xFF\xFF\x00", "\x00\x00\xFF\xFF\x00\xFF\xFF\xFF", + "\x00\x00\xFF\xFF\xFF\x00\x00\x00", "\x00\x00\xFF\xFF\xFF\x00\x00\xFF", + "\x00\x00\xFF\xFF\xFF\x00\xFF\x00", "\x00\x00\xFF\xFF\xFF\x00\xFF\xFF", + "\x00\x00\xFF\xFF\xFF\xFF\x00\x00", "\x00\x00\xFF\xFF\xFF\xFF\x00\xFF", + "\x00\x00\xFF\xFF\xFF\xFF\xFF\x00", "\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF", + "\x00\xFF\x00\x00\x00\x00\x00\x00", "\x00\xFF\x00\x00\x00\x00\x00\xFF", + "\x00\xFF\x00\x00\x00\x00\xFF\x00", "\x00\xFF\x00\x00\x00\x00\xFF\xFF", + "\x00\xFF\x00\x00\x00\xFF\x00\x00", "\x00\xFF\x00\x00\x00\xFF\x00\xFF", + "\x00\xFF\x00\x00\x00\xFF\xFF\x00", "\x00\xFF\x00\x00\x00\xFF\xFF\xFF", + "\x00\xFF\x00\x00\xFF\x00\x00\x00", "\x00\xFF\x00\x00\xFF\x00\x00\xFF", + "\x00\xFF\x00\x00\xFF\x00\xFF\x00", "\x00\xFF\x00\x00\xFF\x00\xFF\xFF", + "\x00\xFF\x00\x00\xFF\xFF\x00\x00", "\x00\xFF\x00\x00\xFF\xFF\x00\xFF", + "\x00\xFF\x00\x00\xFF\xFF\xFF\x00", "\x00\xFF\x00\x00\xFF\xFF\xFF\xFF", + "\x00\xFF\x00\xFF\x00\x00\x00\x00", "\x00\xFF\x00\xFF\x00\x00\x00\xFF", + "\x00\xFF\x00\xFF\x00\x00\xFF\x00", "\x00\xFF\x00\xFF\x00\x00\xFF\xFF", + "\x00\xFF\x00\xFF\x00\xFF\x00\x00", "\x00\xFF\x00\xFF\x00\xFF\x00\xFF", + "\x00\xFF\x00\xFF\x00\xFF\xFF\x00", "\x00\xFF\x00\xFF\x00\xFF\xFF\xFF", + "\x00\xFF\x00\xFF\xFF\x00\x00\x00", "\x00\xFF\x00\xFF\xFF\x00\x00\xFF", + "\x00\xFF\x00\xFF\xFF\x00\xFF\x00", "\x00\xFF\x00\xFF\xFF\x00\xFF\xFF", + "\x00\xFF\x00\xFF\xFF\xFF\x00\x00", "\x00\xFF\x00\xFF\xFF\xFF\x00\xFF", + "\x00\xFF\x00\xFF\xFF\xFF\xFF\x00", "\x00\xFF\x00\xFF\xFF\xFF\xFF\xFF", + "\x00\xFF\xFF\x00\x00\x00\x00\x00", "\x00\xFF\xFF\x00\x00\x00\x00\xFF", + "\x00\xFF\xFF\x00\x00\x00\xFF\x00", "\x00\xFF\xFF\x00\x00\x00\xFF\xFF", + "\x00\xFF\xFF\x00\x00\xFF\x00\x00", "\x00\xFF\xFF\x00\x00\xFF\x00\xFF", + "\x00\xFF\xFF\x00\x00\xFF\xFF\x00", "\x00\xFF\xFF\x00\x00\xFF\xFF\xFF", + "\x00\xFF\xFF\x00\xFF\x00\x00\x00", "\x00\xFF\xFF\x00\xFF\x00\x00\xFF", + "\x00\xFF\xFF\x00\xFF\x00\xFF\x00", "\x00\xFF\xFF\x00\xFF\x00\xFF\xFF", + "\x00\xFF\xFF\x00\xFF\xFF\x00\x00", "\x00\xFF\xFF\x00\xFF\xFF\x00\xFF", + "\x00\xFF\xFF\x00\xFF\xFF\xFF\x00", "\x00\xFF\xFF\x00\xFF\xFF\xFF\xFF", + "\x00\xFF\xFF\xFF\x00\x00\x00\x00", "\x00\xFF\xFF\xFF\x00\x00\x00\xFF", + "\x00\xFF\xFF\xFF\x00\x00\xFF\x00", "\x00\xFF\xFF\xFF\x00\x00\xFF\xFF", + "\x00\xFF\xFF\xFF\x00\xFF\x00\x00", "\x00\xFF\xFF\xFF\x00\xFF\x00\xFF", + "\x00\xFF\xFF\xFF\x00\xFF\xFF\x00", "\x00\xFF\xFF\xFF\x00\xFF\xFF\xFF", + "\x00\xFF\xFF\xFF\xFF\x00\x00\x00", "\x00\xFF\xFF\xFF\xFF\x00\x00\xFF", + "\x00\xFF\xFF\xFF\xFF\x00\xFF\x00", "\x00\xFF\xFF\xFF\xFF\x00\xFF\xFF", + "\x00\xFF\xFF\xFF\xFF\xFF\x00\x00", "\x00\xFF\xFF\xFF\xFF\xFF\x00\xFF", + "\x00\xFF\xFF\xFF\xFF\xFF\xFF\x00", "\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + "\xFF\x00\x00\x00\x00\x00\x00\x00", "\xFF\x00\x00\x00\x00\x00\x00\xFF", + "\xFF\x00\x00\x00\x00\x00\xFF\x00", "\xFF\x00\x00\x00\x00\x00\xFF\xFF", + "\xFF\x00\x00\x00\x00\xFF\x00\x00", "\xFF\x00\x00\x00\x00\xFF\x00\xFF", + "\xFF\x00\x00\x00\x00\xFF\xFF\x00", "\xFF\x00\x00\x00\x00\xFF\xFF\xFF", + "\xFF\x00\x00\x00\xFF\x00\x00\x00", "\xFF\x00\x00\x00\xFF\x00\x00\xFF", + "\xFF\x00\x00\x00\xFF\x00\xFF\x00", "\xFF\x00\x00\x00\xFF\x00\xFF\xFF", + "\xFF\x00\x00\x00\xFF\xFF\x00\x00", "\xFF\x00\x00\x00\xFF\xFF\x00\xFF", + "\xFF\x00\x00\x00\xFF\xFF\xFF\x00", "\xFF\x00\x00\x00\xFF\xFF\xFF\xFF", + "\xFF\x00\x00\xFF\x00\x00\x00\x00", "\xFF\x00\x00\xFF\x00\x00\x00\xFF", + "\xFF\x00\x00\xFF\x00\x00\xFF\x00", "\xFF\x00\x00\xFF\x00\x00\xFF\xFF", + "\xFF\x00\x00\xFF\x00\xFF\x00\x00", "\xFF\x00\x00\xFF\x00\xFF\x00\xFF", + "\xFF\x00\x00\xFF\x00\xFF\xFF\x00", "\xFF\x00\x00\xFF\x00\xFF\xFF\xFF", + "\xFF\x00\x00\xFF\xFF\x00\x00\x00", "\xFF\x00\x00\xFF\xFF\x00\x00\xFF", + "\xFF\x00\x00\xFF\xFF\x00\xFF\x00", "\xFF\x00\x00\xFF\xFF\x00\xFF\xFF", + "\xFF\x00\x00\xFF\xFF\xFF\x00\x00", "\xFF\x00\x00\xFF\xFF\xFF\x00\xFF", + "\xFF\x00\x00\xFF\xFF\xFF\xFF\x00", "\xFF\x00\x00\xFF\xFF\xFF\xFF\xFF", + "\xFF\x00\xFF\x00\x00\x00\x00\x00", "\xFF\x00\xFF\x00\x00\x00\x00\xFF", + "\xFF\x00\xFF\x00\x00\x00\xFF\x00", "\xFF\x00\xFF\x00\x00\x00\xFF\xFF", + "\xFF\x00\xFF\x00\x00\xFF\x00\x00", "\xFF\x00\xFF\x00\x00\xFF\x00\xFF", + "\xFF\x00\xFF\x00\x00\xFF\xFF\x00", "\xFF\x00\xFF\x00\x00\xFF\xFF\xFF", + "\xFF\x00\xFF\x00\xFF\x00\x00\x00", "\xFF\x00\xFF\x00\xFF\x00\x00\xFF", + "\xFF\x00\xFF\x00\xFF\x00\xFF\x00", "\xFF\x00\xFF\x00\xFF\x00\xFF\xFF", + "\xFF\x00\xFF\x00\xFF\xFF\x00\x00", "\xFF\x00\xFF\x00\xFF\xFF\x00\xFF", + "\xFF\x00\xFF\x00\xFF\xFF\xFF\x00", "\xFF\x00\xFF\x00\xFF\xFF\xFF\xFF", + "\xFF\x00\xFF\xFF\x00\x00\x00\x00", "\xFF\x00\xFF\xFF\x00\x00\x00\xFF", + "\xFF\x00\xFF\xFF\x00\x00\xFF\x00", "\xFF\x00\xFF\xFF\x00\x00\xFF\xFF", + "\xFF\x00\xFF\xFF\x00\xFF\x00\x00", "\xFF\x00\xFF\xFF\x00\xFF\x00\xFF", + "\xFF\x00\xFF\xFF\x00\xFF\xFF\x00", "\xFF\x00\xFF\xFF\x00\xFF\xFF\xFF", + "\xFF\x00\xFF\xFF\xFF\x00\x00\x00", "\xFF\x00\xFF\xFF\xFF\x00\x00\xFF", + "\xFF\x00\xFF\xFF\xFF\x00\xFF\x00", "\xFF\x00\xFF\xFF\xFF\x00\xFF\xFF", + "\xFF\x00\xFF\xFF\xFF\xFF\x00\x00", "\xFF\x00\xFF\xFF\xFF\xFF\x00\xFF", + "\xFF\x00\xFF\xFF\xFF\xFF\xFF\x00", "\xFF\x00\xFF\xFF\xFF\xFF\xFF\xFF", + "\xFF\xFF\x00\x00\x00\x00\x00\x00", "\xFF\xFF\x00\x00\x00\x00\x00\xFF", + "\xFF\xFF\x00\x00\x00\x00\xFF\x00", "\xFF\xFF\x00\x00\x00\x00\xFF\xFF", + "\xFF\xFF\x00\x00\x00\xFF\x00\x00", "\xFF\xFF\x00\x00\x00\xFF\x00\xFF", + "\xFF\xFF\x00\x00\x00\xFF\xFF\x00", "\xFF\xFF\x00\x00\x00\xFF\xFF\xFF", + "\xFF\xFF\x00\x00\xFF\x00\x00\x00", "\xFF\xFF\x00\x00\xFF\x00\x00\xFF", + "\xFF\xFF\x00\x00\xFF\x00\xFF\x00", "\xFF\xFF\x00\x00\xFF\x00\xFF\xFF", + "\xFF\xFF\x00\x00\xFF\xFF\x00\x00", "\xFF\xFF\x00\x00\xFF\xFF\x00\xFF", + "\xFF\xFF\x00\x00\xFF\xFF\xFF\x00", "\xFF\xFF\x00\x00\xFF\xFF\xFF\xFF", + "\xFF\xFF\x00\xFF\x00\x00\x00\x00", "\xFF\xFF\x00\xFF\x00\x00\x00\xFF", + "\xFF\xFF\x00\xFF\x00\x00\xFF\x00", "\xFF\xFF\x00\xFF\x00\x00\xFF\xFF", + "\xFF\xFF\x00\xFF\x00\xFF\x00\x00", "\xFF\xFF\x00\xFF\x00\xFF\x00\xFF", + "\xFF\xFF\x00\xFF\x00\xFF\xFF\x00", "\xFF\xFF\x00\xFF\x00\xFF\xFF\xFF", + "\xFF\xFF\x00\xFF\xFF\x00\x00\x00", "\xFF\xFF\x00\xFF\xFF\x00\x00\xFF", + "\xFF\xFF\x00\xFF\xFF\x00\xFF\x00", "\xFF\xFF\x00\xFF\xFF\x00\xFF\xFF", + "\xFF\xFF\x00\xFF\xFF\xFF\x00\x00", "\xFF\xFF\x00\xFF\xFF\xFF\x00\xFF", + "\xFF\xFF\x00\xFF\xFF\xFF\xFF\x00", "\xFF\xFF\x00\xFF\xFF\xFF\xFF\xFF", + "\xFF\xFF\xFF\x00\x00\x00\x00\x00", "\xFF\xFF\xFF\x00\x00\x00\x00\xFF", + "\xFF\xFF\xFF\x00\x00\x00\xFF\x00", "\xFF\xFF\xFF\x00\x00\x00\xFF\xFF", + "\xFF\xFF\xFF\x00\x00\xFF\x00\x00", "\xFF\xFF\xFF\x00\x00\xFF\x00\xFF", + "\xFF\xFF\xFF\x00\x00\xFF\xFF\x00", "\xFF\xFF\xFF\x00\x00\xFF\xFF\xFF", + "\xFF\xFF\xFF\x00\xFF\x00\x00\x00", "\xFF\xFF\xFF\x00\xFF\x00\x00\xFF", + "\xFF\xFF\xFF\x00\xFF\x00\xFF\x00", "\xFF\xFF\xFF\x00\xFF\x00\xFF\xFF", + "\xFF\xFF\xFF\x00\xFF\xFF\x00\x00", "\xFF\xFF\xFF\x00\xFF\xFF\x00\xFF", + "\xFF\xFF\xFF\x00\xFF\xFF\xFF\x00", "\xFF\xFF\xFF\x00\xFF\xFF\xFF\xFF", + "\xFF\xFF\xFF\xFF\x00\x00\x00\x00", "\xFF\xFF\xFF\xFF\x00\x00\x00\xFF", + "\xFF\xFF\xFF\xFF\x00\x00\xFF\x00", "\xFF\xFF\xFF\xFF\x00\x00\xFF\xFF", + "\xFF\xFF\xFF\xFF\x00\xFF\x00\x00", "\xFF\xFF\xFF\xFF\x00\xFF\x00\xFF", + "\xFF\xFF\xFF\xFF\x00\xFF\xFF\x00", "\xFF\xFF\xFF\xFF\x00\xFF\xFF\xFF", + "\xFF\xFF\xFF\xFF\xFF\x00\x00\x00", "\xFF\xFF\xFF\xFF\xFF\x00\x00\xFF", + "\xFF\xFF\xFF\xFF\xFF\x00\xFF\x00", "\xFF\xFF\xFF\xFF\xFF\x00\xFF\xFF", + "\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00", "\xFF\xFF\xFF\xFF\xFF\xFF\x00\xFF", + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00", "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" + ]; + + /** + * IP mapping helper table. + * + * Indexing this table with each source byte performs the initial bit permutation. + * + * @var array + */ + protected static $ipmap = [ + 0x00, 0x10, 0x01, 0x11, 0x20, 0x30, 0x21, 0x31, + 0x02, 0x12, 0x03, 0x13, 0x22, 0x32, 0x23, 0x33, + 0x40, 0x50, 0x41, 0x51, 0x60, 0x70, 0x61, 0x71, + 0x42, 0x52, 0x43, 0x53, 0x62, 0x72, 0x63, 0x73, + 0x04, 0x14, 0x05, 0x15, 0x24, 0x34, 0x25, 0x35, + 0x06, 0x16, 0x07, 0x17, 0x26, 0x36, 0x27, 0x37, + 0x44, 0x54, 0x45, 0x55, 0x64, 0x74, 0x65, 0x75, + 0x46, 0x56, 0x47, 0x57, 0x66, 0x76, 0x67, 0x77, + 0x80, 0x90, 0x81, 0x91, 0xA0, 0xB0, 0xA1, 0xB1, + 0x82, 0x92, 0x83, 0x93, 0xA2, 0xB2, 0xA3, 0xB3, + 0xC0, 0xD0, 0xC1, 0xD1, 0xE0, 0xF0, 0xE1, 0xF1, + 0xC2, 0xD2, 0xC3, 0xD3, 0xE2, 0xF2, 0xE3, 0xF3, + 0x84, 0x94, 0x85, 0x95, 0xA4, 0xB4, 0xA5, 0xB5, + 0x86, 0x96, 0x87, 0x97, 0xA6, 0xB6, 0xA7, 0xB7, + 0xC4, 0xD4, 0xC5, 0xD5, 0xE4, 0xF4, 0xE5, 0xF5, + 0xC6, 0xD6, 0xC7, 0xD7, 0xE6, 0xF6, 0xE7, 0xF7, + 0x08, 0x18, 0x09, 0x19, 0x28, 0x38, 0x29, 0x39, + 0x0A, 0x1A, 0x0B, 0x1B, 0x2A, 0x3A, 0x2B, 0x3B, + 0x48, 0x58, 0x49, 0x59, 0x68, 0x78, 0x69, 0x79, + 0x4A, 0x5A, 0x4B, 0x5B, 0x6A, 0x7A, 0x6B, 0x7B, + 0x0C, 0x1C, 0x0D, 0x1D, 0x2C, 0x3C, 0x2D, 0x3D, + 0x0E, 0x1E, 0x0F, 0x1F, 0x2E, 0x3E, 0x2F, 0x3F, + 0x4C, 0x5C, 0x4D, 0x5D, 0x6C, 0x7C, 0x6D, 0x7D, + 0x4E, 0x5E, 0x4F, 0x5F, 0x6E, 0x7E, 0x6F, 0x7F, + 0x88, 0x98, 0x89, 0x99, 0xA8, 0xB8, 0xA9, 0xB9, + 0x8A, 0x9A, 0x8B, 0x9B, 0xAA, 0xBA, 0xAB, 0xBB, + 0xC8, 0xD8, 0xC9, 0xD9, 0xE8, 0xF8, 0xE9, 0xF9, + 0xCA, 0xDA, 0xCB, 0xDB, 0xEA, 0xFA, 0xEB, 0xFB, + 0x8C, 0x9C, 0x8D, 0x9D, 0xAC, 0xBC, 0xAD, 0xBD, + 0x8E, 0x9E, 0x8F, 0x9F, 0xAE, 0xBE, 0xAF, 0xBF, + 0xCC, 0xDC, 0xCD, 0xDD, 0xEC, 0xFC, 0xED, 0xFD, + 0xCE, 0xDE, 0xCF, 0xDF, 0xEE, 0xFE, 0xEF, 0xFF + ]; + + /** + * Inverse IP mapping helper table. + * Indexing this table with a byte value reverses the bit order. + * + * @var array + */ + protected static $invipmap = [ + 0x00, 0x80, 0x40, 0xC0, 0x20, 0xA0, 0x60, 0xE0, + 0x10, 0x90, 0x50, 0xD0, 0x30, 0xB0, 0x70, 0xF0, + 0x08, 0x88, 0x48, 0xC8, 0x28, 0xA8, 0x68, 0xE8, + 0x18, 0x98, 0x58, 0xD8, 0x38, 0xB8, 0x78, 0xF8, + 0x04, 0x84, 0x44, 0xC4, 0x24, 0xA4, 0x64, 0xE4, + 0x14, 0x94, 0x54, 0xD4, 0x34, 0xB4, 0x74, 0xF4, + 0x0C, 0x8C, 0x4C, 0xCC, 0x2C, 0xAC, 0x6C, 0xEC, + 0x1C, 0x9C, 0x5C, 0xDC, 0x3C, 0xBC, 0x7C, 0xFC, + 0x02, 0x82, 0x42, 0xC2, 0x22, 0xA2, 0x62, 0xE2, + 0x12, 0x92, 0x52, 0xD2, 0x32, 0xB2, 0x72, 0xF2, + 0x0A, 0x8A, 0x4A, 0xCA, 0x2A, 0xAA, 0x6A, 0xEA, + 0x1A, 0x9A, 0x5A, 0xDA, 0x3A, 0xBA, 0x7A, 0xFA, + 0x06, 0x86, 0x46, 0xC6, 0x26, 0xA6, 0x66, 0xE6, + 0x16, 0x96, 0x56, 0xD6, 0x36, 0xB6, 0x76, 0xF6, + 0x0E, 0x8E, 0x4E, 0xCE, 0x2E, 0xAE, 0x6E, 0xEE, + 0x1E, 0x9E, 0x5E, 0xDE, 0x3E, 0xBE, 0x7E, 0xFE, + 0x01, 0x81, 0x41, 0xC1, 0x21, 0xA1, 0x61, 0xE1, + 0x11, 0x91, 0x51, 0xD1, 0x31, 0xB1, 0x71, 0xF1, + 0x09, 0x89, 0x49, 0xC9, 0x29, 0xA9, 0x69, 0xE9, + 0x19, 0x99, 0x59, 0xD9, 0x39, 0xB9, 0x79, 0xF9, + 0x05, 0x85, 0x45, 0xC5, 0x25, 0xA5, 0x65, 0xE5, + 0x15, 0x95, 0x55, 0xD5, 0x35, 0xB5, 0x75, 0xF5, + 0x0D, 0x8D, 0x4D, 0xCD, 0x2D, 0xAD, 0x6D, 0xED, + 0x1D, 0x9D, 0x5D, 0xDD, 0x3D, 0xBD, 0x7D, 0xFD, + 0x03, 0x83, 0x43, 0xC3, 0x23, 0xA3, 0x63, 0xE3, + 0x13, 0x93, 0x53, 0xD3, 0x33, 0xB3, 0x73, 0xF3, + 0x0B, 0x8B, 0x4B, 0xCB, 0x2B, 0xAB, 0x6B, 0xEB, + 0x1B, 0x9B, 0x5B, 0xDB, 0x3B, 0xBB, 0x7B, 0xFB, + 0x07, 0x87, 0x47, 0xC7, 0x27, 0xA7, 0x67, 0xE7, + 0x17, 0x97, 0x57, 0xD7, 0x37, 0xB7, 0x77, 0xF7, + 0x0F, 0x8F, 0x4F, 0xCF, 0x2F, 0xAF, 0x6F, 0xEF, + 0x1F, 0x9F, 0x5F, 0xDF, 0x3F, 0xBF, 0x7F, 0xFF + ]; + + /** + * Pre-permuted S-box1 + * + * Each box ($sbox1-$sbox8) has been vectorized, then each value pre-permuted using the + * P table: concatenation can then be replaced by exclusive ORs. + * + * @var array + */ + protected static $sbox1 = [ + 0x00808200, 0x00000000, 0x00008000, 0x00808202, + 0x00808002, 0x00008202, 0x00000002, 0x00008000, + 0x00000200, 0x00808200, 0x00808202, 0x00000200, + 0x00800202, 0x00808002, 0x00800000, 0x00000002, + 0x00000202, 0x00800200, 0x00800200, 0x00008200, + 0x00008200, 0x00808000, 0x00808000, 0x00800202, + 0x00008002, 0x00800002, 0x00800002, 0x00008002, + 0x00000000, 0x00000202, 0x00008202, 0x00800000, + 0x00008000, 0x00808202, 0x00000002, 0x00808000, + 0x00808200, 0x00800000, 0x00800000, 0x00000200, + 0x00808002, 0x00008000, 0x00008200, 0x00800002, + 0x00000200, 0x00000002, 0x00800202, 0x00008202, + 0x00808202, 0x00008002, 0x00808000, 0x00800202, + 0x00800002, 0x00000202, 0x00008202, 0x00808200, + 0x00000202, 0x00800200, 0x00800200, 0x00000000, + 0x00008002, 0x00008200, 0x00000000, 0x00808002 + ]; + + /** + * Pre-permuted S-box2 + * + * @var array + */ + protected static $sbox2 = [ + 0x40084010, 0x40004000, 0x00004000, 0x00084010, + 0x00080000, 0x00000010, 0x40080010, 0x40004010, + 0x40000010, 0x40084010, 0x40084000, 0x40000000, + 0x40004000, 0x00080000, 0x00000010, 0x40080010, + 0x00084000, 0x00080010, 0x40004010, 0x00000000, + 0x40000000, 0x00004000, 0x00084010, 0x40080000, + 0x00080010, 0x40000010, 0x00000000, 0x00084000, + 0x00004010, 0x40084000, 0x40080000, 0x00004010, + 0x00000000, 0x00084010, 0x40080010, 0x00080000, + 0x40004010, 0x40080000, 0x40084000, 0x00004000, + 0x40080000, 0x40004000, 0x00000010, 0x40084010, + 0x00084010, 0x00000010, 0x00004000, 0x40000000, + 0x00004010, 0x40084000, 0x00080000, 0x40000010, + 0x00080010, 0x40004010, 0x40000010, 0x00080010, + 0x00084000, 0x00000000, 0x40004000, 0x00004010, + 0x40000000, 0x40080010, 0x40084010, 0x00084000 + ]; + + /** + * Pre-permuted S-box3 + * + * @var array + */ + protected static $sbox3 = [ + 0x00000104, 0x04010100, 0x00000000, 0x04010004, + 0x04000100, 0x00000000, 0x00010104, 0x04000100, + 0x00010004, 0x04000004, 0x04000004, 0x00010000, + 0x04010104, 0x00010004, 0x04010000, 0x00000104, + 0x04000000, 0x00000004, 0x04010100, 0x00000100, + 0x00010100, 0x04010000, 0x04010004, 0x00010104, + 0x04000104, 0x00010100, 0x00010000, 0x04000104, + 0x00000004, 0x04010104, 0x00000100, 0x04000000, + 0x04010100, 0x04000000, 0x00010004, 0x00000104, + 0x00010000, 0x04010100, 0x04000100, 0x00000000, + 0x00000100, 0x00010004, 0x04010104, 0x04000100, + 0x04000004, 0x00000100, 0x00000000, 0x04010004, + 0x04000104, 0x00010000, 0x04000000, 0x04010104, + 0x00000004, 0x00010104, 0x00010100, 0x04000004, + 0x04010000, 0x04000104, 0x00000104, 0x04010000, + 0x00010104, 0x00000004, 0x04010004, 0x00010100 + ]; + + /** + * Pre-permuted S-box4 + * + * @var array + */ + protected static $sbox4 = [ + 0x80401000, 0x80001040, 0x80001040, 0x00000040, + 0x00401040, 0x80400040, 0x80400000, 0x80001000, + 0x00000000, 0x00401000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00400040, 0x80400000, + 0x80000000, 0x00001000, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x80001000, 0x00001040, + 0x80400040, 0x80000000, 0x00001040, 0x00400040, + 0x00001000, 0x00401040, 0x80401040, 0x80000040, + 0x00400040, 0x80400000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00000000, 0x00401000, + 0x00001040, 0x00400040, 0x80400040, 0x80000000, + 0x80401000, 0x80001040, 0x80001040, 0x00000040, + 0x80401040, 0x80000040, 0x80000000, 0x00001000, + 0x80400000, 0x80001000, 0x00401040, 0x80400040, + 0x80001000, 0x00001040, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x00001000, 0x00401040 + ]; + + /** + * Pre-permuted S-box5 + * + * @var array + */ + protected static $sbox5 = [ + 0x00000080, 0x01040080, 0x01040000, 0x21000080, + 0x00040000, 0x00000080, 0x20000000, 0x01040000, + 0x20040080, 0x00040000, 0x01000080, 0x20040080, + 0x21000080, 0x21040000, 0x00040080, 0x20000000, + 0x01000000, 0x20040000, 0x20040000, 0x00000000, + 0x20000080, 0x21040080, 0x21040080, 0x01000080, + 0x21040000, 0x20000080, 0x00000000, 0x21000000, + 0x01040080, 0x01000000, 0x21000000, 0x00040080, + 0x00040000, 0x21000080, 0x00000080, 0x01000000, + 0x20000000, 0x01040000, 0x21000080, 0x20040080, + 0x01000080, 0x20000000, 0x21040000, 0x01040080, + 0x20040080, 0x00000080, 0x01000000, 0x21040000, + 0x21040080, 0x00040080, 0x21000000, 0x21040080, + 0x01040000, 0x00000000, 0x20040000, 0x21000000, + 0x00040080, 0x01000080, 0x20000080, 0x00040000, + 0x00000000, 0x20040000, 0x01040080, 0x20000080 + ]; + + /** + * Pre-permuted S-box6 + * + * @var array + */ + protected static $sbox6 = [ + 0x10000008, 0x10200000, 0x00002000, 0x10202008, + 0x10200000, 0x00000008, 0x10202008, 0x00200000, + 0x10002000, 0x00202008, 0x00200000, 0x10000008, + 0x00200008, 0x10002000, 0x10000000, 0x00002008, + 0x00000000, 0x00200008, 0x10002008, 0x00002000, + 0x00202000, 0x10002008, 0x00000008, 0x10200008, + 0x10200008, 0x00000000, 0x00202008, 0x10202000, + 0x00002008, 0x00202000, 0x10202000, 0x10000000, + 0x10002000, 0x00000008, 0x10200008, 0x00202000, + 0x10202008, 0x00200000, 0x00002008, 0x10000008, + 0x00200000, 0x10002000, 0x10000000, 0x00002008, + 0x10000008, 0x10202008, 0x00202000, 0x10200000, + 0x00202008, 0x10202000, 0x00000000, 0x10200008, + 0x00000008, 0x00002000, 0x10200000, 0x00202008, + 0x00002000, 0x00200008, 0x10002008, 0x00000000, + 0x10202000, 0x10000000, 0x00200008, 0x10002008 + ]; + + /** + * Pre-permuted S-box7 + * + * @var array + */ + protected static $sbox7 = [ + 0x00100000, 0x02100001, 0x02000401, 0x00000000, + 0x00000400, 0x02000401, 0x00100401, 0x02100400, + 0x02100401, 0x00100000, 0x00000000, 0x02000001, + 0x00000001, 0x02000000, 0x02100001, 0x00000401, + 0x02000400, 0x00100401, 0x00100001, 0x02000400, + 0x02000001, 0x02100000, 0x02100400, 0x00100001, + 0x02100000, 0x00000400, 0x00000401, 0x02100401, + 0x00100400, 0x00000001, 0x02000000, 0x00100400, + 0x02000000, 0x00100400, 0x00100000, 0x02000401, + 0x02000401, 0x02100001, 0x02100001, 0x00000001, + 0x00100001, 0x02000000, 0x02000400, 0x00100000, + 0x02100400, 0x00000401, 0x00100401, 0x02100400, + 0x00000401, 0x02000001, 0x02100401, 0x02100000, + 0x00100400, 0x00000000, 0x00000001, 0x02100401, + 0x00000000, 0x00100401, 0x02100000, 0x00000400, + 0x02000001, 0x02000400, 0x00000400, 0x00100001 + ]; + + /** + * Pre-permuted S-box8 + * + * @var array + */ + protected static $sbox8 = [ + 0x08000820, 0x00000800, 0x00020000, 0x08020820, + 0x08000000, 0x08000820, 0x00000020, 0x08000000, + 0x00020020, 0x08020000, 0x08020820, 0x00020800, + 0x08020800, 0x00020820, 0x00000800, 0x00000020, + 0x08020000, 0x08000020, 0x08000800, 0x00000820, + 0x00020800, 0x00020020, 0x08020020, 0x08020800, + 0x00000820, 0x00000000, 0x00000000, 0x08020020, + 0x08000020, 0x08000800, 0x00020820, 0x00020000, + 0x00020820, 0x00020000, 0x08020800, 0x00000800, + 0x00000020, 0x08020020, 0x00000800, 0x00020820, + 0x08000800, 0x00000020, 0x08000020, 0x08020000, + 0x08020020, 0x08000000, 0x00020000, 0x08000820, + 0x00000000, 0x08020820, 0x00020020, 0x08000020, + 0x08020000, 0x08000800, 0x08000820, 0x00000000, + 0x08020820, 0x00020800, 0x00020800, 0x00000820, + 0x00000820, 0x00020020, 0x08000000, 0x08020800 + ]; + + /** + * Default Constructor. + * + * @param string $mode + * @throws BadModeException if an invalid / unsupported mode is provided + */ + public function __construct($mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + if ($this->key_length_max == 8) { + if ($engine == self::ENGINE_OPENSSL) { + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl_ecb = 'des-ecb'; + $this->cipher_name_openssl = 'des-' . $this->openssl_translate_mode(); + } + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the key. + * + * Keys must be 64-bits long or 8 bytes long. + * + * DES also requires that every eighth bit be a parity bit, however, we'll ignore that. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKey() + * @param string $key + */ + public function setKey($key) + { + if (!($this instanceof TripleDES) && strlen($key) != 8) { + throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of size 8 are supported'); + } + + // Sets the key + parent::setKey($key); + } + + /** + * Encrypts a block + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see self::encrypt() + * @param string $in + * @return string + */ + protected function encryptBlock($in) + { + return $this->processBlock($in, self::ENCRYPT); + } + + /** + * Decrypts a block + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::decryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @see self::decrypt() + * @param string $in + * @return string + */ + protected function decryptBlock($in) + { + return $this->processBlock($in, self::DECRYPT); + } + + /** + * Encrypts or decrypts a 64-bit block + * + * $mode should be either self::ENCRYPT or self::DECRYPT. See + * {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general + * idea of what this function does. + * + * @see self::encryptBlock() + * @see self::decryptBlock() + * @param string $block + * @param int $mode + * @return string + */ + private function processBlock($block, $mode) + { + static $sbox1, $sbox2, $sbox3, $sbox4, $sbox5, $sbox6, $sbox7, $sbox8, $shuffleip, $shuffleinvip; + if (!$sbox1) { + $sbox1 = array_map('intval', self::$sbox1); + $sbox2 = array_map('intval', self::$sbox2); + $sbox3 = array_map('intval', self::$sbox3); + $sbox4 = array_map('intval', self::$sbox4); + $sbox5 = array_map('intval', self::$sbox5); + $sbox6 = array_map('intval', self::$sbox6); + $sbox7 = array_map('intval', self::$sbox7); + $sbox8 = array_map('intval', self::$sbox8); + /* Merge $shuffle with $[inv]ipmap */ + for ($i = 0; $i < 256; ++$i) { + $shuffleip[] = self::$shuffle[self::$ipmap[$i]]; + $shuffleinvip[] = self::$shuffle[self::$invipmap[$i]]; + } + } + + $keys = $this->keys[$mode]; + $ki = -1; + + // Do the initial IP permutation. + $t = unpack('Nl/Nr', $block); + list($l, $r) = [$t['l'], $t['r']]; + $block = ($shuffleip[ $r & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleip[($r >> 8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleip[($r >> 24) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleip[ $l & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleip[($l >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleip[($l >> 16) & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleip[($l >> 24) & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01"); + + // Extract L0 and R0. + $t = unpack('Nl/Nr', $block); + list($l, $r) = [$t['l'], $t['r']]; + + for ($des_round = 0; $des_round < $this->des_rounds; ++$des_round) { + // Perform the 16 steps. + for ($i = 0; $i < 16; $i++) { + // start of "the Feistel (F) function" - see the following URL: + // http://en.wikipedia.org/wiki/Image:Data_Encryption_Standard_InfoBox_Diagram.png + // Merge key schedule. + $b1 = (($r >> 3) & 0x1FFFFFFF) ^ ($r << 29) ^ $keys[++$ki]; + $b2 = (($r >> 31) & 0x00000001) ^ ($r << 1) ^ $keys[++$ki]; + + // S-box indexing. + $t = $sbox1[($b1 >> 24) & 0x3F] ^ $sbox2[($b2 >> 24) & 0x3F] ^ + $sbox3[($b1 >> 16) & 0x3F] ^ $sbox4[($b2 >> 16) & 0x3F] ^ + $sbox5[($b1 >> 8) & 0x3F] ^ $sbox6[($b2 >> 8) & 0x3F] ^ + $sbox7[ $b1 & 0x3F] ^ $sbox8[ $b2 & 0x3F] ^ $l; + // end of "the Feistel (F) function" + + $l = $r; + $r = $t; + } + + // Last step should not permute L & R. + $t = $l; + $l = $r; + $r = $t; + } + + // Perform the inverse IP permutation. + return ($shuffleinvip[($r >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleinvip[($l >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleinvip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleinvip[($l >> 16) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleinvip[($r >> 8) & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleinvip[($l >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleinvip[ $r & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleinvip[ $l & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01"); + } + + /** + * Creates the key schedule + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey() + { + if (isset($this->kl['key']) && $this->key === $this->kl['key'] && $this->des_rounds === $this->kl['des_rounds']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key, 'des_rounds' => $this->des_rounds]; + + static $shifts = [ // number of key bits shifted per round + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 + ]; + + static $pc1map = [ + 0x00, 0x00, 0x08, 0x08, 0x04, 0x04, 0x0C, 0x0C, + 0x02, 0x02, 0x0A, 0x0A, 0x06, 0x06, 0x0E, 0x0E, + 0x10, 0x10, 0x18, 0x18, 0x14, 0x14, 0x1C, 0x1C, + 0x12, 0x12, 0x1A, 0x1A, 0x16, 0x16, 0x1E, 0x1E, + 0x20, 0x20, 0x28, 0x28, 0x24, 0x24, 0x2C, 0x2C, + 0x22, 0x22, 0x2A, 0x2A, 0x26, 0x26, 0x2E, 0x2E, + 0x30, 0x30, 0x38, 0x38, 0x34, 0x34, 0x3C, 0x3C, + 0x32, 0x32, 0x3A, 0x3A, 0x36, 0x36, 0x3E, 0x3E, + 0x40, 0x40, 0x48, 0x48, 0x44, 0x44, 0x4C, 0x4C, + 0x42, 0x42, 0x4A, 0x4A, 0x46, 0x46, 0x4E, 0x4E, + 0x50, 0x50, 0x58, 0x58, 0x54, 0x54, 0x5C, 0x5C, + 0x52, 0x52, 0x5A, 0x5A, 0x56, 0x56, 0x5E, 0x5E, + 0x60, 0x60, 0x68, 0x68, 0x64, 0x64, 0x6C, 0x6C, + 0x62, 0x62, 0x6A, 0x6A, 0x66, 0x66, 0x6E, 0x6E, + 0x70, 0x70, 0x78, 0x78, 0x74, 0x74, 0x7C, 0x7C, + 0x72, 0x72, 0x7A, 0x7A, 0x76, 0x76, 0x7E, 0x7E, + 0x80, 0x80, 0x88, 0x88, 0x84, 0x84, 0x8C, 0x8C, + 0x82, 0x82, 0x8A, 0x8A, 0x86, 0x86, 0x8E, 0x8E, + 0x90, 0x90, 0x98, 0x98, 0x94, 0x94, 0x9C, 0x9C, + 0x92, 0x92, 0x9A, 0x9A, 0x96, 0x96, 0x9E, 0x9E, + 0xA0, 0xA0, 0xA8, 0xA8, 0xA4, 0xA4, 0xAC, 0xAC, + 0xA2, 0xA2, 0xAA, 0xAA, 0xA6, 0xA6, 0xAE, 0xAE, + 0xB0, 0xB0, 0xB8, 0xB8, 0xB4, 0xB4, 0xBC, 0xBC, + 0xB2, 0xB2, 0xBA, 0xBA, 0xB6, 0xB6, 0xBE, 0xBE, + 0xC0, 0xC0, 0xC8, 0xC8, 0xC4, 0xC4, 0xCC, 0xCC, + 0xC2, 0xC2, 0xCA, 0xCA, 0xC6, 0xC6, 0xCE, 0xCE, + 0xD0, 0xD0, 0xD8, 0xD8, 0xD4, 0xD4, 0xDC, 0xDC, + 0xD2, 0xD2, 0xDA, 0xDA, 0xD6, 0xD6, 0xDE, 0xDE, + 0xE0, 0xE0, 0xE8, 0xE8, 0xE4, 0xE4, 0xEC, 0xEC, + 0xE2, 0xE2, 0xEA, 0xEA, 0xE6, 0xE6, 0xEE, 0xEE, + 0xF0, 0xF0, 0xF8, 0xF8, 0xF4, 0xF4, 0xFC, 0xFC, + 0xF2, 0xF2, 0xFA, 0xFA, 0xF6, 0xF6, 0xFE, 0xFE + ]; + + // Mapping tables for the PC-2 transformation. + static $pc2mapc1 = [ + 0x00000000, 0x00000400, 0x00200000, 0x00200400, + 0x00000001, 0x00000401, 0x00200001, 0x00200401, + 0x02000000, 0x02000400, 0x02200000, 0x02200400, + 0x02000001, 0x02000401, 0x02200001, 0x02200401 + ]; + static $pc2mapc2 = [ + 0x00000000, 0x00000800, 0x08000000, 0x08000800, + 0x00010000, 0x00010800, 0x08010000, 0x08010800, + 0x00000000, 0x00000800, 0x08000000, 0x08000800, + 0x00010000, 0x00010800, 0x08010000, 0x08010800, + 0x00000100, 0x00000900, 0x08000100, 0x08000900, + 0x00010100, 0x00010900, 0x08010100, 0x08010900, + 0x00000100, 0x00000900, 0x08000100, 0x08000900, + 0x00010100, 0x00010900, 0x08010100, 0x08010900, + 0x00000010, 0x00000810, 0x08000010, 0x08000810, + 0x00010010, 0x00010810, 0x08010010, 0x08010810, + 0x00000010, 0x00000810, 0x08000010, 0x08000810, + 0x00010010, 0x00010810, 0x08010010, 0x08010810, + 0x00000110, 0x00000910, 0x08000110, 0x08000910, + 0x00010110, 0x00010910, 0x08010110, 0x08010910, + 0x00000110, 0x00000910, 0x08000110, 0x08000910, + 0x00010110, 0x00010910, 0x08010110, 0x08010910, + 0x00040000, 0x00040800, 0x08040000, 0x08040800, + 0x00050000, 0x00050800, 0x08050000, 0x08050800, + 0x00040000, 0x00040800, 0x08040000, 0x08040800, + 0x00050000, 0x00050800, 0x08050000, 0x08050800, + 0x00040100, 0x00040900, 0x08040100, 0x08040900, + 0x00050100, 0x00050900, 0x08050100, 0x08050900, + 0x00040100, 0x00040900, 0x08040100, 0x08040900, + 0x00050100, 0x00050900, 0x08050100, 0x08050900, + 0x00040010, 0x00040810, 0x08040010, 0x08040810, + 0x00050010, 0x00050810, 0x08050010, 0x08050810, + 0x00040010, 0x00040810, 0x08040010, 0x08040810, + 0x00050010, 0x00050810, 0x08050010, 0x08050810, + 0x00040110, 0x00040910, 0x08040110, 0x08040910, + 0x00050110, 0x00050910, 0x08050110, 0x08050910, + 0x00040110, 0x00040910, 0x08040110, 0x08040910, + 0x00050110, 0x00050910, 0x08050110, 0x08050910, + 0x01000000, 0x01000800, 0x09000000, 0x09000800, + 0x01010000, 0x01010800, 0x09010000, 0x09010800, + 0x01000000, 0x01000800, 0x09000000, 0x09000800, + 0x01010000, 0x01010800, 0x09010000, 0x09010800, + 0x01000100, 0x01000900, 0x09000100, 0x09000900, + 0x01010100, 0x01010900, 0x09010100, 0x09010900, + 0x01000100, 0x01000900, 0x09000100, 0x09000900, + 0x01010100, 0x01010900, 0x09010100, 0x09010900, + 0x01000010, 0x01000810, 0x09000010, 0x09000810, + 0x01010010, 0x01010810, 0x09010010, 0x09010810, + 0x01000010, 0x01000810, 0x09000010, 0x09000810, + 0x01010010, 0x01010810, 0x09010010, 0x09010810, + 0x01000110, 0x01000910, 0x09000110, 0x09000910, + 0x01010110, 0x01010910, 0x09010110, 0x09010910, + 0x01000110, 0x01000910, 0x09000110, 0x09000910, + 0x01010110, 0x01010910, 0x09010110, 0x09010910, + 0x01040000, 0x01040800, 0x09040000, 0x09040800, + 0x01050000, 0x01050800, 0x09050000, 0x09050800, + 0x01040000, 0x01040800, 0x09040000, 0x09040800, + 0x01050000, 0x01050800, 0x09050000, 0x09050800, + 0x01040100, 0x01040900, 0x09040100, 0x09040900, + 0x01050100, 0x01050900, 0x09050100, 0x09050900, + 0x01040100, 0x01040900, 0x09040100, 0x09040900, + 0x01050100, 0x01050900, 0x09050100, 0x09050900, + 0x01040010, 0x01040810, 0x09040010, 0x09040810, + 0x01050010, 0x01050810, 0x09050010, 0x09050810, + 0x01040010, 0x01040810, 0x09040010, 0x09040810, + 0x01050010, 0x01050810, 0x09050010, 0x09050810, + 0x01040110, 0x01040910, 0x09040110, 0x09040910, + 0x01050110, 0x01050910, 0x09050110, 0x09050910, + 0x01040110, 0x01040910, 0x09040110, 0x09040910, + 0x01050110, 0x01050910, 0x09050110, 0x09050910 + ]; + static $pc2mapc3 = [ + 0x00000000, 0x00000004, 0x00001000, 0x00001004, + 0x00000000, 0x00000004, 0x00001000, 0x00001004, + 0x10000000, 0x10000004, 0x10001000, 0x10001004, + 0x10000000, 0x10000004, 0x10001000, 0x10001004, + 0x00000020, 0x00000024, 0x00001020, 0x00001024, + 0x00000020, 0x00000024, 0x00001020, 0x00001024, + 0x10000020, 0x10000024, 0x10001020, 0x10001024, + 0x10000020, 0x10000024, 0x10001020, 0x10001024, + 0x00080000, 0x00080004, 0x00081000, 0x00081004, + 0x00080000, 0x00080004, 0x00081000, 0x00081004, + 0x10080000, 0x10080004, 0x10081000, 0x10081004, + 0x10080000, 0x10080004, 0x10081000, 0x10081004, + 0x00080020, 0x00080024, 0x00081020, 0x00081024, + 0x00080020, 0x00080024, 0x00081020, 0x00081024, + 0x10080020, 0x10080024, 0x10081020, 0x10081024, + 0x10080020, 0x10080024, 0x10081020, 0x10081024, + 0x20000000, 0x20000004, 0x20001000, 0x20001004, + 0x20000000, 0x20000004, 0x20001000, 0x20001004, + 0x30000000, 0x30000004, 0x30001000, 0x30001004, + 0x30000000, 0x30000004, 0x30001000, 0x30001004, + 0x20000020, 0x20000024, 0x20001020, 0x20001024, + 0x20000020, 0x20000024, 0x20001020, 0x20001024, + 0x30000020, 0x30000024, 0x30001020, 0x30001024, + 0x30000020, 0x30000024, 0x30001020, 0x30001024, + 0x20080000, 0x20080004, 0x20081000, 0x20081004, + 0x20080000, 0x20080004, 0x20081000, 0x20081004, + 0x30080000, 0x30080004, 0x30081000, 0x30081004, + 0x30080000, 0x30080004, 0x30081000, 0x30081004, + 0x20080020, 0x20080024, 0x20081020, 0x20081024, + 0x20080020, 0x20080024, 0x20081020, 0x20081024, + 0x30080020, 0x30080024, 0x30081020, 0x30081024, + 0x30080020, 0x30080024, 0x30081020, 0x30081024, + 0x00000002, 0x00000006, 0x00001002, 0x00001006, + 0x00000002, 0x00000006, 0x00001002, 0x00001006, + 0x10000002, 0x10000006, 0x10001002, 0x10001006, + 0x10000002, 0x10000006, 0x10001002, 0x10001006, + 0x00000022, 0x00000026, 0x00001022, 0x00001026, + 0x00000022, 0x00000026, 0x00001022, 0x00001026, + 0x10000022, 0x10000026, 0x10001022, 0x10001026, + 0x10000022, 0x10000026, 0x10001022, 0x10001026, + 0x00080002, 0x00080006, 0x00081002, 0x00081006, + 0x00080002, 0x00080006, 0x00081002, 0x00081006, + 0x10080002, 0x10080006, 0x10081002, 0x10081006, + 0x10080002, 0x10080006, 0x10081002, 0x10081006, + 0x00080022, 0x00080026, 0x00081022, 0x00081026, + 0x00080022, 0x00080026, 0x00081022, 0x00081026, + 0x10080022, 0x10080026, 0x10081022, 0x10081026, + 0x10080022, 0x10080026, 0x10081022, 0x10081026, + 0x20000002, 0x20000006, 0x20001002, 0x20001006, + 0x20000002, 0x20000006, 0x20001002, 0x20001006, + 0x30000002, 0x30000006, 0x30001002, 0x30001006, + 0x30000002, 0x30000006, 0x30001002, 0x30001006, + 0x20000022, 0x20000026, 0x20001022, 0x20001026, + 0x20000022, 0x20000026, 0x20001022, 0x20001026, + 0x30000022, 0x30000026, 0x30001022, 0x30001026, + 0x30000022, 0x30000026, 0x30001022, 0x30001026, + 0x20080002, 0x20080006, 0x20081002, 0x20081006, + 0x20080002, 0x20080006, 0x20081002, 0x20081006, + 0x30080002, 0x30080006, 0x30081002, 0x30081006, + 0x30080002, 0x30080006, 0x30081002, 0x30081006, + 0x20080022, 0x20080026, 0x20081022, 0x20081026, + 0x20080022, 0x20080026, 0x20081022, 0x20081026, + 0x30080022, 0x30080026, 0x30081022, 0x30081026, + 0x30080022, 0x30080026, 0x30081022, 0x30081026 + ]; + static $pc2mapc4 = [ + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x04000000, 0x04100000, 0x04000008, 0x04100008, + 0x04000200, 0x04100200, 0x04000208, 0x04100208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x00002000, 0x00102000, 0x00002008, 0x00102008, + 0x00002200, 0x00102200, 0x00002208, 0x00102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x04002000, 0x04102000, 0x04002008, 0x04102008, + 0x04002200, 0x04102200, 0x04002208, 0x04102208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x04020000, 0x04120000, 0x04020008, 0x04120008, + 0x04020200, 0x04120200, 0x04020208, 0x04120208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x00022000, 0x00122000, 0x00022008, 0x00122008, + 0x00022200, 0x00122200, 0x00022208, 0x00122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208, + 0x04022000, 0x04122000, 0x04022008, 0x04122008, + 0x04022200, 0x04122200, 0x04022208, 0x04122208 + ]; + static $pc2mapd1 = [ + 0x00000000, 0x00000001, 0x08000000, 0x08000001, + 0x00200000, 0x00200001, 0x08200000, 0x08200001, + 0x00000002, 0x00000003, 0x08000002, 0x08000003, + 0x00200002, 0x00200003, 0x08200002, 0x08200003 + ]; + static $pc2mapd2 = [ + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x00000000, 0x00100000, 0x00000800, 0x00100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x04000000, 0x04100000, 0x04000800, 0x04100800, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x00000004, 0x00100004, 0x00000804, 0x00100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x04000004, 0x04100004, 0x04000804, 0x04100804, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x00000200, 0x00100200, 0x00000A00, 0x00100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x04000200, 0x04100200, 0x04000A00, 0x04100A00, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x00000204, 0x00100204, 0x00000A04, 0x00100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x04000204, 0x04100204, 0x04000A04, 0x04100A04, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x00020000, 0x00120000, 0x00020800, 0x00120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x04020000, 0x04120000, 0x04020800, 0x04120800, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x00020004, 0x00120004, 0x00020804, 0x00120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x04020004, 0x04120004, 0x04020804, 0x04120804, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x00020200, 0x00120200, 0x00020A00, 0x00120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x04020200, 0x04120200, 0x04020A00, 0x04120A00, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x00020204, 0x00120204, 0x00020A04, 0x00120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04, + 0x04020204, 0x04120204, 0x04020A04, 0x04120A04 + ]; + static $pc2mapd3 = [ + 0x00000000, 0x00010000, 0x02000000, 0x02010000, + 0x00000020, 0x00010020, 0x02000020, 0x02010020, + 0x00040000, 0x00050000, 0x02040000, 0x02050000, + 0x00040020, 0x00050020, 0x02040020, 0x02050020, + 0x00002000, 0x00012000, 0x02002000, 0x02012000, + 0x00002020, 0x00012020, 0x02002020, 0x02012020, + 0x00042000, 0x00052000, 0x02042000, 0x02052000, + 0x00042020, 0x00052020, 0x02042020, 0x02052020, + 0x00000000, 0x00010000, 0x02000000, 0x02010000, + 0x00000020, 0x00010020, 0x02000020, 0x02010020, + 0x00040000, 0x00050000, 0x02040000, 0x02050000, + 0x00040020, 0x00050020, 0x02040020, 0x02050020, + 0x00002000, 0x00012000, 0x02002000, 0x02012000, + 0x00002020, 0x00012020, 0x02002020, 0x02012020, + 0x00042000, 0x00052000, 0x02042000, 0x02052000, + 0x00042020, 0x00052020, 0x02042020, 0x02052020, + 0x00000010, 0x00010010, 0x02000010, 0x02010010, + 0x00000030, 0x00010030, 0x02000030, 0x02010030, + 0x00040010, 0x00050010, 0x02040010, 0x02050010, + 0x00040030, 0x00050030, 0x02040030, 0x02050030, + 0x00002010, 0x00012010, 0x02002010, 0x02012010, + 0x00002030, 0x00012030, 0x02002030, 0x02012030, + 0x00042010, 0x00052010, 0x02042010, 0x02052010, + 0x00042030, 0x00052030, 0x02042030, 0x02052030, + 0x00000010, 0x00010010, 0x02000010, 0x02010010, + 0x00000030, 0x00010030, 0x02000030, 0x02010030, + 0x00040010, 0x00050010, 0x02040010, 0x02050010, + 0x00040030, 0x00050030, 0x02040030, 0x02050030, + 0x00002010, 0x00012010, 0x02002010, 0x02012010, + 0x00002030, 0x00012030, 0x02002030, 0x02012030, + 0x00042010, 0x00052010, 0x02042010, 0x02052010, + 0x00042030, 0x00052030, 0x02042030, 0x02052030, + 0x20000000, 0x20010000, 0x22000000, 0x22010000, + 0x20000020, 0x20010020, 0x22000020, 0x22010020, + 0x20040000, 0x20050000, 0x22040000, 0x22050000, + 0x20040020, 0x20050020, 0x22040020, 0x22050020, + 0x20002000, 0x20012000, 0x22002000, 0x22012000, + 0x20002020, 0x20012020, 0x22002020, 0x22012020, + 0x20042000, 0x20052000, 0x22042000, 0x22052000, + 0x20042020, 0x20052020, 0x22042020, 0x22052020, + 0x20000000, 0x20010000, 0x22000000, 0x22010000, + 0x20000020, 0x20010020, 0x22000020, 0x22010020, + 0x20040000, 0x20050000, 0x22040000, 0x22050000, + 0x20040020, 0x20050020, 0x22040020, 0x22050020, + 0x20002000, 0x20012000, 0x22002000, 0x22012000, + 0x20002020, 0x20012020, 0x22002020, 0x22012020, + 0x20042000, 0x20052000, 0x22042000, 0x22052000, + 0x20042020, 0x20052020, 0x22042020, 0x22052020, + 0x20000010, 0x20010010, 0x22000010, 0x22010010, + 0x20000030, 0x20010030, 0x22000030, 0x22010030, + 0x20040010, 0x20050010, 0x22040010, 0x22050010, + 0x20040030, 0x20050030, 0x22040030, 0x22050030, + 0x20002010, 0x20012010, 0x22002010, 0x22012010, + 0x20002030, 0x20012030, 0x22002030, 0x22012030, + 0x20042010, 0x20052010, 0x22042010, 0x22052010, + 0x20042030, 0x20052030, 0x22042030, 0x22052030, + 0x20000010, 0x20010010, 0x22000010, 0x22010010, + 0x20000030, 0x20010030, 0x22000030, 0x22010030, + 0x20040010, 0x20050010, 0x22040010, 0x22050010, + 0x20040030, 0x20050030, 0x22040030, 0x22050030, + 0x20002010, 0x20012010, 0x22002010, 0x22012010, + 0x20002030, 0x20012030, 0x22002030, 0x22012030, + 0x20042010, 0x20052010, 0x22042010, 0x22052010, + 0x20042030, 0x20052030, 0x22042030, 0x22052030 + ]; + static $pc2mapd4 = [ + 0x00000000, 0x00000400, 0x01000000, 0x01000400, + 0x00000000, 0x00000400, 0x01000000, 0x01000400, + 0x00000100, 0x00000500, 0x01000100, 0x01000500, + 0x00000100, 0x00000500, 0x01000100, 0x01000500, + 0x10000000, 0x10000400, 0x11000000, 0x11000400, + 0x10000000, 0x10000400, 0x11000000, 0x11000400, + 0x10000100, 0x10000500, 0x11000100, 0x11000500, + 0x10000100, 0x10000500, 0x11000100, 0x11000500, + 0x00080000, 0x00080400, 0x01080000, 0x01080400, + 0x00080000, 0x00080400, 0x01080000, 0x01080400, + 0x00080100, 0x00080500, 0x01080100, 0x01080500, + 0x00080100, 0x00080500, 0x01080100, 0x01080500, + 0x10080000, 0x10080400, 0x11080000, 0x11080400, + 0x10080000, 0x10080400, 0x11080000, 0x11080400, + 0x10080100, 0x10080500, 0x11080100, 0x11080500, + 0x10080100, 0x10080500, 0x11080100, 0x11080500, + 0x00000008, 0x00000408, 0x01000008, 0x01000408, + 0x00000008, 0x00000408, 0x01000008, 0x01000408, + 0x00000108, 0x00000508, 0x01000108, 0x01000508, + 0x00000108, 0x00000508, 0x01000108, 0x01000508, + 0x10000008, 0x10000408, 0x11000008, 0x11000408, + 0x10000008, 0x10000408, 0x11000008, 0x11000408, + 0x10000108, 0x10000508, 0x11000108, 0x11000508, + 0x10000108, 0x10000508, 0x11000108, 0x11000508, + 0x00080008, 0x00080408, 0x01080008, 0x01080408, + 0x00080008, 0x00080408, 0x01080008, 0x01080408, + 0x00080108, 0x00080508, 0x01080108, 0x01080508, + 0x00080108, 0x00080508, 0x01080108, 0x01080508, + 0x10080008, 0x10080408, 0x11080008, 0x11080408, + 0x10080008, 0x10080408, 0x11080008, 0x11080408, + 0x10080108, 0x10080508, 0x11080108, 0x11080508, + 0x10080108, 0x10080508, 0x11080108, 0x11080508, + 0x00001000, 0x00001400, 0x01001000, 0x01001400, + 0x00001000, 0x00001400, 0x01001000, 0x01001400, + 0x00001100, 0x00001500, 0x01001100, 0x01001500, + 0x00001100, 0x00001500, 0x01001100, 0x01001500, + 0x10001000, 0x10001400, 0x11001000, 0x11001400, + 0x10001000, 0x10001400, 0x11001000, 0x11001400, + 0x10001100, 0x10001500, 0x11001100, 0x11001500, + 0x10001100, 0x10001500, 0x11001100, 0x11001500, + 0x00081000, 0x00081400, 0x01081000, 0x01081400, + 0x00081000, 0x00081400, 0x01081000, 0x01081400, + 0x00081100, 0x00081500, 0x01081100, 0x01081500, + 0x00081100, 0x00081500, 0x01081100, 0x01081500, + 0x10081000, 0x10081400, 0x11081000, 0x11081400, + 0x10081000, 0x10081400, 0x11081000, 0x11081400, + 0x10081100, 0x10081500, 0x11081100, 0x11081500, + 0x10081100, 0x10081500, 0x11081100, 0x11081500, + 0x00001008, 0x00001408, 0x01001008, 0x01001408, + 0x00001008, 0x00001408, 0x01001008, 0x01001408, + 0x00001108, 0x00001508, 0x01001108, 0x01001508, + 0x00001108, 0x00001508, 0x01001108, 0x01001508, + 0x10001008, 0x10001408, 0x11001008, 0x11001408, + 0x10001008, 0x10001408, 0x11001008, 0x11001408, + 0x10001108, 0x10001508, 0x11001108, 0x11001508, + 0x10001108, 0x10001508, 0x11001108, 0x11001508, + 0x00081008, 0x00081408, 0x01081008, 0x01081408, + 0x00081008, 0x00081408, 0x01081008, 0x01081408, + 0x00081108, 0x00081508, 0x01081108, 0x01081508, + 0x00081108, 0x00081508, 0x01081108, 0x01081508, + 0x10081008, 0x10081408, 0x11081008, 0x11081408, + 0x10081008, 0x10081408, 0x11081008, 0x11081408, + 0x10081108, 0x10081508, 0x11081108, 0x11081508, + 0x10081108, 0x10081508, 0x11081108, 0x11081508 + ]; + + $keys = []; + for ($des_round = 0; $des_round < $this->des_rounds; ++$des_round) { + // pad the key and remove extra characters as appropriate. + $key = str_pad(substr($this->key, $des_round * 8, 8), 8, "\0"); + + // Perform the PC/1 transformation and compute C and D. + $t = unpack('Nl/Nr', $key); + list($l, $r) = [$t['l'], $t['r']]; + $key = (self::$shuffle[$pc1map[ $r & 0xFF]] & "\x80\x80\x80\x80\x80\x80\x80\x00") | + (self::$shuffle[$pc1map[($r >> 8) & 0xFF]] & "\x40\x40\x40\x40\x40\x40\x40\x00") | + (self::$shuffle[$pc1map[($r >> 16) & 0xFF]] & "\x20\x20\x20\x20\x20\x20\x20\x00") | + (self::$shuffle[$pc1map[($r >> 24) & 0xFF]] & "\x10\x10\x10\x10\x10\x10\x10\x00") | + (self::$shuffle[$pc1map[ $l & 0xFF]] & "\x08\x08\x08\x08\x08\x08\x08\x00") | + (self::$shuffle[$pc1map[($l >> 8) & 0xFF]] & "\x04\x04\x04\x04\x04\x04\x04\x00") | + (self::$shuffle[$pc1map[($l >> 16) & 0xFF]] & "\x02\x02\x02\x02\x02\x02\x02\x00") | + (self::$shuffle[$pc1map[($l >> 24) & 0xFF]] & "\x01\x01\x01\x01\x01\x01\x01\x00"); + $key = unpack('Nc/Nd', $key); + $c = ( $key['c'] >> 4) & 0x0FFFFFFF; + $d = (($key['d'] >> 4) & 0x0FFFFFF0) | ($key['c'] & 0x0F); + + $keys[$des_round] = [ + self::ENCRYPT => [], + self::DECRYPT => array_fill(0, 32, 0) + ]; + for ($i = 0, $ki = 31; $i < 16; ++$i, $ki -= 2) { + $c <<= $shifts[$i]; + $c = ($c | ($c >> 28)) & 0x0FFFFFFF; + $d <<= $shifts[$i]; + $d = ($d | ($d >> 28)) & 0x0FFFFFFF; + + // Perform the PC-2 transformation. + $cp = $pc2mapc1[ $c >> 24 ] | $pc2mapc2[($c >> 16) & 0xFF] | + $pc2mapc3[($c >> 8) & 0xFF] | $pc2mapc4[ $c & 0xFF]; + $dp = $pc2mapd1[ $d >> 24 ] | $pc2mapd2[($d >> 16) & 0xFF] | + $pc2mapd3[($d >> 8) & 0xFF] | $pc2mapd4[ $d & 0xFF]; + + // Reorder: odd bytes/even bytes. Push the result in key schedule. + $val1 = ( $cp & intval(0xFF000000)) | (($cp << 8) & 0x00FF0000) | + (($dp >> 16) & 0x0000FF00) | (($dp >> 8) & 0x000000FF); + $val2 = (($cp << 8) & intval(0xFF000000)) | (($cp << 16) & 0x00FF0000) | + (($dp >> 8) & 0x0000FF00) | ( $dp & 0x000000FF); + $keys[$des_round][self::ENCRYPT][ ] = $val1; + $keys[$des_round][self::DECRYPT][$ki - 1] = $val1; + $keys[$des_round][self::ENCRYPT][ ] = $val2; + $keys[$des_round][self::DECRYPT][$ki ] = $val2; + } + } + + switch ($this->des_rounds) { + case 3: // 3DES keys + $this->keys = [ + self::ENCRYPT => array_merge( + $keys[0][self::ENCRYPT], + $keys[1][self::DECRYPT], + $keys[2][self::ENCRYPT] + ), + self::DECRYPT => array_merge( + $keys[2][self::DECRYPT], + $keys[1][self::ENCRYPT], + $keys[0][self::DECRYPT] + ) + ]; + break; + // case 1: // DES keys + default: + $this->keys = [ + self::ENCRYPT => $keys[0][self::ENCRYPT], + self::DECRYPT => $keys[0][self::DECRYPT] + ]; + } + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupInlineCrypt() + */ + protected function setupInlineCrypt() + { + // Engine configuration for: + // - DES ($des_rounds == 1) or + // - 3DES ($des_rounds == 3) + $des_rounds = $this->des_rounds; + + $init_crypt = 'static $sbox1, $sbox2, $sbox3, $sbox4, $sbox5, $sbox6, $sbox7, $sbox8, $shuffleip, $shuffleinvip; + if (!$sbox1) { + $sbox1 = array_map("intval", self::$sbox1); + $sbox2 = array_map("intval", self::$sbox2); + $sbox3 = array_map("intval", self::$sbox3); + $sbox4 = array_map("intval", self::$sbox4); + $sbox5 = array_map("intval", self::$sbox5); + $sbox6 = array_map("intval", self::$sbox6); + $sbox7 = array_map("intval", self::$sbox7); + $sbox8 = array_map("intval", self::$sbox8);' + /* Merge $shuffle with $[inv]ipmap */ . ' + for ($i = 0; $i < 256; ++$i) { + $shuffleip[] = self::$shuffle[self::$ipmap[$i]]; + $shuffleinvip[] = self::$shuffle[self::$invipmap[$i]]; + } + } + '; + + $k = [ + self::ENCRYPT => $this->keys[self::ENCRYPT], + self::DECRYPT => $this->keys[self::DECRYPT] + ]; + $init_encrypt = ''; + $init_decrypt = ''; + + // Creating code for en- and decryption. + $crypt_block = []; + foreach ([self::ENCRYPT, self::DECRYPT] as $c) { + /* Do the initial IP permutation. */ + $crypt_block[$c] = ' + $in = unpack("N*", $in); + $l = $in[1]; + $r = $in[2]; + $in = unpack("N*", + ($shuffleip[ $r & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleip[($r >> 8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleip[($r >> 24) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleip[ $l & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleip[($l >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleip[($l >> 16) & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleip[($l >> 24) & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01") + ); + ' . /* Extract L0 and R0 */ ' + $l = $in[1]; + $r = $in[2]; + '; + + $l = '$l'; + $r = '$r'; + + // Perform DES or 3DES. + for ($ki = -1, $des_round = 0; $des_round < $des_rounds; ++$des_round) { + // Perform the 16 steps. + for ($i = 0; $i < 16; ++$i) { + // start of "the Feistel (F) function" - see the following URL: + // http://en.wikipedia.org/wiki/Image:Data_Encryption_Standard_InfoBox_Diagram.png + // Merge key schedule. + $crypt_block[$c] .= ' + $b1 = ((' . $r . ' >> 3) & 0x1FFFFFFF) ^ (' . $r . ' << 29) ^ ' . $k[$c][++$ki] . '; + $b2 = ((' . $r . ' >> 31) & 0x00000001) ^ (' . $r . ' << 1) ^ ' . $k[$c][++$ki] . ';' . + /* S-box indexing. */ + $l . ' = $sbox1[($b1 >> 24) & 0x3F] ^ $sbox2[($b2 >> 24) & 0x3F] ^ + $sbox3[($b1 >> 16) & 0x3F] ^ $sbox4[($b2 >> 16) & 0x3F] ^ + $sbox5[($b1 >> 8) & 0x3F] ^ $sbox6[($b2 >> 8) & 0x3F] ^ + $sbox7[ $b1 & 0x3F] ^ $sbox8[ $b2 & 0x3F] ^ ' . $l . '; + '; + // end of "the Feistel (F) function" + + // swap L & R + list($l, $r) = [$r, $l]; + } + list($l, $r) = [$r, $l]; + } + + // Perform the inverse IP permutation. + $crypt_block[$c] .= '$in = + ($shuffleinvip[($l >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") | + ($shuffleinvip[($r >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") | + ($shuffleinvip[($l >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") | + ($shuffleinvip[($r >> 16) & 0xFF] & "\x10\x10\x10\x10\x10\x10\x10\x10") | + ($shuffleinvip[($l >> 8) & 0xFF] & "\x08\x08\x08\x08\x08\x08\x08\x08") | + ($shuffleinvip[($r >> 8) & 0xFF] & "\x04\x04\x04\x04\x04\x04\x04\x04") | + ($shuffleinvip[ $l & 0xFF] & "\x02\x02\x02\x02\x02\x02\x02\x02") | + ($shuffleinvip[ $r & 0xFF] & "\x01\x01\x01\x01\x01\x01\x01\x01"); + '; + } + + // Creates the inline-crypt function + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'init_encrypt' => $init_encrypt, + 'init_decrypt' => $init_decrypt, + 'encrypt_block' => $crypt_block[self::ENCRYPT], + 'decrypt_block' => $crypt_block[self::DECRYPT] + ] + ); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH.php new file mode 100644 index 0000000..b230198 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH.php @@ -0,0 +1,405 @@ + + * + * + * + * @author Jim Wigginton + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\DH\Parameters; +use phpseclib3\Crypt\DH\PrivateKey; +use phpseclib3\Crypt\DH\PublicKey; +use phpseclib3\Exception\NoKeyLoadedException; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP (EC)DH implementation + * + * @author Jim Wigginton + */ +abstract class DH extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + const ALGORITHM = 'DH'; + + /** + * DH prime + * + * @var BigInteger + */ + protected $prime; + + /** + * DH Base + * + * Prime divisor of p-1 + * + * @var BigInteger + */ + protected $base; + + /** + * Public Key + * + * @var BigInteger + */ + protected $publicKey; + + /** + * Create DH parameters + * + * This method is a bit polymorphic. It can take any of the following: + * - two BigInteger's (prime and base) + * - an integer representing the size of the prime in bits (the base is assumed to be 2) + * - a string (eg. diffie-hellman-group14-sha1) + * + * @return Parameters + */ + public static function createParameters(...$args) + { + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createParameters() should not be called from final classes (' . static::class . ')'); + } + + $params = new Parameters(); + if (count($args) == 2 && $args[0] instanceof BigInteger && $args[1] instanceof BigInteger) { + //if (!$args[0]->isPrime()) { + // throw new \InvalidArgumentException('The first parameter should be a prime number'); + //} + $params->prime = $args[0]; + $params->base = $args[1]; + return $params; + } elseif (count($args) == 1 && is_numeric($args[0])) { + $params->prime = BigInteger::randomPrime($args[0]); + $params->base = new BigInteger(2); + return $params; + } elseif (count($args) != 1 || !is_string($args[0])) { + throw new \InvalidArgumentException('Valid parameters are either: two BigInteger\'s (prime and base), a single integer (the length of the prime; base is assumed to be 2) or a string'); + } + switch ($args[0]) { + // see http://tools.ietf.org/html/rfc2409#section-6.2 and + // http://tools.ietf.org/html/rfc2412, appendex E + case 'diffie-hellman-group1-sha1': + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF'; + break; + // see http://tools.ietf.org/html/rfc3526#section-3 + case 'diffie-hellman-group14-sha1': // 2048-bit MODP Group + case 'diffie-hellman-group14-sha256': + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-4 + case 'diffie-hellman-group15-sha512': // 3072-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-5 + case 'diffie-hellman-group16-sha512': // 4096-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7' . + '88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8' . + 'DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2' . + '233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9' . + '93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-6 + case 'diffie-hellman-group17-sha512': // 6144-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7' . + '88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8' . + 'DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2' . + '233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9' . + '93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026' . + 'C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AE' . + 'B06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B' . + 'DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92EC' . + 'F032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E' . + '59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA' . + 'CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76' . + 'F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468' . + '043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF'; + break; + // see https://tools.ietf.org/html/rfc3526#section-7 + case 'diffie-hellman-group18-sha512': // 8192-bit MODP Group + $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . + '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . + '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . + '3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33' . + 'A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' . + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864' . + 'D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2' . + '08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7' . + '88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8' . + 'DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2' . + '233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9' . + '93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026' . + 'C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AE' . + 'B06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B' . + 'DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92EC' . + 'F032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E' . + '59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA' . + 'CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76' . + 'F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468' . + '043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4' . + '38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED' . + '2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652D' . + 'E3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B' . + '4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A6' . + '6D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851D' . + 'F9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92' . + '4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA' . + '9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF'; + break; + default: + throw new \InvalidArgumentException('Invalid named prime provided'); + } + + $params->prime = new BigInteger($prime, 16); + $params->base = new BigInteger(2); + + return $params; + } + + /** + * Create public / private key pair. + * + * The rationale for the second parameter is described in http://tools.ietf.org/html/rfc4419#section-6.2 : + * + * "To increase the speed of the key exchange, both client and server may + * reduce the size of their private exponents. It should be at least + * twice as long as the key material that is generated from the shared + * secret. For more details, see the paper by van Oorschot and Wiener + * [VAN-OORSCHOT]." + * + * $length is in bits + * + * @param Parameters $params + * @param int $length optional + * @return PrivateKey + */ + public static function createKey(Parameters $params, $length = 0) + { + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + $one = new BigInteger(1); + if ($length) { + $max = $one->bitwise_leftShift($length); + $max = $max->subtract($one); + } else { + $max = $params->prime->subtract($one); + } + + $key = new PrivateKey(); + $key->prime = $params->prime; + $key->base = $params->base; + $key->privateKey = BigInteger::randomRange($one, $max); + $key->publicKey = $key->base->powMod($key->privateKey, $key->prime); + return $key; + } + + /** + * Compute Shared Secret + * + * @param PrivateKey|EC $private + * @param PublicKey|BigInteger|string $public + * @return mixed + */ + public static function computeSecret($private, $public) + { + if ($private instanceof PrivateKey) { // DH\PrivateKey + switch (true) { + case $public instanceof PublicKey: + if (!$private->prime->equals($public->prime) || !$private->base->equals($public->base)) { + throw new \InvalidArgumentException('The public and private key do not share the same prime and / or base numbers'); + } + return $public->publicKey->powMod($private->privateKey, $private->prime)->toBytes(true); + case is_string($public): + $public = new BigInteger($public, -256); + // fall-through + case $public instanceof BigInteger: + return $public->powMod($private->privateKey, $private->prime)->toBytes(true); + default: + throw new \InvalidArgumentException('$public needs to be an instance of DH\PublicKey, a BigInteger or a string'); + } + } + + if ($private instanceof EC\PrivateKey) { + switch (true) { + case $public instanceof EC\PublicKey: + $public = $public->getEncodedCoordinates(); + // fall-through + case is_string($public): + $point = $private->multiply($public); + switch ($private->getCurve()) { + case 'Curve25519': + case 'Curve448': + $secret = $point; + break; + default: + // according to https://www.secg.org/sec1-v2.pdf#page=33 only X is returned + $secret = substr($point, 1, (strlen($point) - 1) >> 1); + } + /* + if (($secret[0] & "\x80") === "\x80") { + $secret = "\0$secret"; + } + */ + return $secret; + default: + throw new \InvalidArgumentException('$public needs to be an instance of EC\PublicKey or a string (an encoded coordinate)'); + } + } + } + + /** + * Load the key + * + * @param string $key + * @param string $password optional + * @return AsymmetricKey + */ + public static function load($key, $password = false) + { + try { + return EC::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + return parent::load($key, $password); + } + + /** + * OnLoad Handler + * + * @return bool + */ + protected static function onLoad(array $components) + { + if (!isset($components['privateKey']) && !isset($components['publicKey'])) { + $new = new Parameters(); + } else { + $new = isset($components['privateKey']) ? + new PrivateKey() : + new PublicKey(); + } + + $new->prime = $components['prime']; + $new->base = $components['base']; + + if (isset($components['privateKey'])) { + $new->privateKey = $components['privateKey']; + } + if (isset($components['publicKey'])) { + $new->publicKey = $components['publicKey']; + } + + return $new; + } + + /** + * Determines which hashing function should be used + * + * @param string $hash + */ + public function withHash($hash) + { + throw new UnsupportedOperationException('DH does not use a hash algorithm'); + } + + /** + * Returns the hash algorithm currently being used + * + */ + public function getHash() + { + throw new UnsupportedOperationException('DH does not use a hash algorithm'); + } + + /** + * Returns the parameters + * + * A public / private key is only returned if the currently loaded "key" contains an x or y + * value. + * + * @see self::getPublicKey() + * @return mixed + */ + public function getParameters() + { + $type = DH::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + $key = $type::saveParameters($this->prime, $this->base); + return DH::load($key, 'PKCS1'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Formats/Keys/PKCS1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..65a0a5d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Formats/Keys/PKCS1.php @@ -0,0 +1,77 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DH\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * "PKCS1" Formatted DH Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + + $components = ASN1::asn1map($decoded[0], Maps\DHParameter::MAP); + if (!is_array($components)) { + throw new \RuntimeException('Unable to perform ASN1 mapping on parameters'); + } + + return $components; + } + + /** + * Convert EC parameters to the appropriate format + * + * @return string + */ + public static function saveParameters(BigInteger $prime, BigInteger $base, array $options = []) + { + $params = [ + 'prime' => $prime, + 'base' => $base + ]; + $params = ASN1::encodeDER($params, Maps\DHParameter::MAP); + + return "-----BEGIN DH PARAMETERS-----\r\n" . + chunk_split(base64_encode($params), 64) . + "-----END DH PARAMETERS-----\r\n"; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Formats/Keys/PKCS8.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..7d02e5f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Formats/Keys/PKCS8.php @@ -0,0 +1,132 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DH\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted DH Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + const OID_NAME = 'dhKeyAgreement'; + + /** + * OID Value + * + * @var string + */ + const OID_VALUE = '1.2.840.113549.1.3.1'; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'privateKey' : 'publicKey'; + + $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element); + if (empty($decoded)) { + throw new \RuntimeException('Unable to decode BER of parameters'); + } + $components = ASN1::asn1map($decoded[0], Maps\DHParameter::MAP); + if (!is_array($components)) { + throw new \RuntimeException('Unable to perform ASN1 mapping on parameters'); + } + + $decoded = ASN1::decodeBER($key[$type]); + switch (true) { + case !isset($decoded): + case !isset($decoded[0]['content']): + case !$decoded[0]['content'] instanceof BigInteger: + throw new \RuntimeException('Unable to decode BER of parameters'); + } + $components[$type] = $decoded[0]['content']; + + return $components; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $prime + * @param BigInteger $base + * @param BigInteger $privateKey + * @param BigInteger $publicKey + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $prime, BigInteger $base, BigInteger $privateKey, BigInteger $publicKey, $password = '', array $options = []) + { + $params = [ + 'prime' => $prime, + 'base' => $base + ]; + $params = ASN1::encodeDER($params, Maps\DHParameter::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($privateKey, ['type' => ASN1::TYPE_INTEGER]); + return self::wrapPrivateKey($key, [], $params, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $prime + * @param BigInteger $base + * @param BigInteger $publicKey + * @param array $options optional + * @return string + */ + public static function savePublicKey(BigInteger $prime, BigInteger $base, BigInteger $publicKey, array $options = []) + { + $params = [ + 'prime' => $prime, + 'base' => $base + ]; + $params = ASN1::encodeDER($params, Maps\DHParameter::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($publicKey, ['type' => ASN1::TYPE_INTEGER]); + return self::wrapPublicKey($key, $params); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Parameters.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Parameters.php new file mode 100644 index 0000000..c0ded84 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/Parameters.php @@ -0,0 +1,36 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DH; + +use phpseclib3\Crypt\DH; + +/** + * DH Parameters + * + * @author Jim Wigginton + */ +final class Parameters extends DH +{ + /** + * Returns the parameters + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type = 'PKCS1', array $options = []) + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + return $type::saveParameters($this->prime, $this->base, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/PrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/PrivateKey.php new file mode 100644 index 0000000..e2407e3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/PrivateKey.php @@ -0,0 +1,75 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DH; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DH; + +/** + * DH Private Key + * + * @author Jim Wigginton + */ +final class PrivateKey extends DH +{ + use Common\Traits\PasswordProtected; + + /** + * Private Key + * + * @var \phpseclib3\Math\BigInteger + */ + protected $privateKey; + + /** + * Public Key + * + * @var \phpseclib3\Math\BigInteger + */ + protected $publicKey; + + /** + * Returns the public key + * + * @return PublicKey + */ + public function getPublicKey() + { + $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey'); + + if (!isset($this->publicKey)) { + $this->publicKey = $this->base->powMod($this->privateKey, $this->prime); + } + + $key = $type::savePublicKey($this->prime, $this->base, $this->publicKey); + + return DH::loadFormat('PKCS8', $key); + } + + /** + * Returns the private key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin('Keys', $type, 'savePrivateKey'); + + if (!isset($this->publicKey)) { + $this->publicKey = $this->base->powMod($this->privateKey, $this->prime); + } + + return $type::savePrivateKey($this->prime, $this->base, $this->privateKey, $this->publicKey, $this->password, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/PublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/PublicKey.php new file mode 100644 index 0000000..87726a5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DH/PublicKey.php @@ -0,0 +1,49 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DH; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DH; + +/** + * DH Public Key + * + * @author Jim Wigginton + */ +final class PublicKey extends DH +{ + use Common\Traits\Fingerprint; + + /** + * Returns the public key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + return $type::savePublicKey($this->prime, $this->base, $this->publicKey, $options); + } + + /** + * Returns the public key as a BigInteger + * + * @return \phpseclib3\Math\BigInteger + */ + public function toBigInteger() + { + return $this->publicKey; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA.php new file mode 100644 index 0000000..92c777d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA.php @@ -0,0 +1,337 @@ + + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $signature = $private->sign($plaintext); + * + * echo $public->verify($plaintext, $signature) ? 'verified' : 'unverified'; + * ?> + * + * + * @author Jim Wigginton + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\DSA\Parameters; +use phpseclib3\Crypt\DSA\PrivateKey; +use phpseclib3\Crypt\DSA\PublicKey; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP FIPS 186-4 compliant implementation of DSA. + * + * @author Jim Wigginton + */ +abstract class DSA extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + const ALGORITHM = 'DSA'; + + /** + * DSA Prime P + * + * @var BigInteger + */ + protected $p; + + /** + * DSA Group Order q + * + * Prime divisor of p-1 + * + * @var BigInteger + */ + protected $q; + + /** + * DSA Group Generator G + * + * @var BigInteger + */ + protected $g; + + /** + * DSA public key value y + * + * @var BigInteger + */ + protected $y; + + /** + * Signature Format + * + * @var string + */ + protected $sigFormat; + + /** + * Signature Format (Short) + * + * @var string + */ + protected $shortFormat; + + /** + * Create DSA parameters + * + * @param int $L + * @param int $N + * @return DSA|bool + */ + public static function createParameters($L = 2048, $N = 224) + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createParameters() should not be called from final classes (' . static::class . ')'); + } + + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + switch (true) { + case $N == 160: + /* + in FIPS 186-1 and 186-2 N was fixed at 160 whereas K had an upper bound of 1024. + RFC 4253 (SSH Transport Layer Protocol) references FIPS 186-2 and as such most + SSH DSA implementations only support keys with an N of 160. + puttygen let's you set the size of L (but not the size of N) and uses 2048 as the + default L value. that's not really compliant with any of the FIPS standards, however, + for the purposes of maintaining compatibility with puttygen, we'll support it + */ + //case ($L >= 512 || $L <= 1024) && (($L & 0x3F) == 0) && $N == 160: + // FIPS 186-3 changed this as follows: + //case $L == 1024 && $N == 160: + case $L == 2048 && $N == 224: + case $L == 2048 && $N == 256: + case $L == 3072 && $N == 256: + break; + default: + throw new \InvalidArgumentException('Invalid values for N and L'); + } + + $two = new BigInteger(2); + + $q = BigInteger::randomPrime($N); + $divisor = $q->multiply($two); + + do { + $x = BigInteger::random($L); + list(, $c) = $x->divide($divisor); + $p = $x->subtract($c->subtract(self::$one)); + } while ($p->getLength() != $L || !$p->isPrime()); + + $p_1 = $p->subtract(self::$one); + list($e) = $p_1->divide($q); + + // quoting http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=50 , + // "h could be obtained from a random number generator or from a counter that + // changes after each use". PuTTY (sshdssg.c) starts h off at 1 and increments + // it on each loop. wikipedia says "commonly h = 2 is used" so we'll just do that + $h = clone $two; + while (true) { + $g = $h->powMod($e, $p); + if (!$g->equals(self::$one)) { + break; + } + $h = $h->add(self::$one); + } + + $dsa = new Parameters(); + $dsa->p = $p; + $dsa->q = $q; + $dsa->g = $g; + + return $dsa; + } + + /** + * Create public / private key pair. + * + * This method is a bit polymorphic. It can take a DSA/Parameters object, L / N as two distinct parameters or + * no parameters (at which point L and N will be generated with this method) + * + * Returns the private key, from which the publickey can be extracted + * + * @param int[] ...$args + * @return PrivateKey + */ + public static function createKey(...$args) + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + if (count($args) == 2 && is_int($args[0]) && is_int($args[1])) { + $params = self::createParameters($args[0], $args[1]); + } elseif (count($args) == 1 && $args[0] instanceof Parameters) { + $params = $args[0]; + } elseif (!count($args)) { + $params = self::createParameters(); + } else { + throw new InsufficientSetupException('Valid parameters are either two integers (L and N), a single DSA object or no parameters at all.'); + } + + $private = new PrivateKey(); + $private->p = $params->p; + $private->q = $params->q; + $private->g = $params->g; + + $private->x = BigInteger::randomRange(self::$one, $private->q->subtract(self::$one)); + $private->y = $private->g->powMod($private->x, $private->p); + + //$public = clone $private; + //unset($public->x); + + return $private + ->withHash($params->hash->getHash()) + ->withSignatureFormat($params->shortFormat); + } + + /** + * OnLoad Handler + * + * @return bool + */ + protected static function onLoad(array $components) + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + if (!isset($components['x']) && !isset($components['y'])) { + $new = new Parameters(); + } elseif (isset($components['x'])) { + $new = new PrivateKey(); + $new->x = $components['x']; + } else { + $new = new PublicKey(); + } + + $new->p = $components['p']; + $new->q = $components['q']; + $new->g = $components['g']; + + if (isset($components['y'])) { + $new->y = $components['y']; + } + + return $new; + } + + /** + * Constructor + * + * PublicKey and PrivateKey objects can only be created from abstract RSA class + */ + protected function __construct() + { + $this->sigFormat = self::validatePlugin('Signature', 'ASN1'); + $this->shortFormat = 'ASN1'; + + parent::__construct(); + } + + /** + * Returns the key size + * + * More specifically, this L (the length of DSA Prime P) and N (the length of DSA Group Order q) + * + * @return array + */ + public function getLength() + { + return ['L' => $this->p->getLength(), 'N' => $this->q->getLength()]; + } + + /** + * Returns the current engine being used + * + * @see self::useInternalEngine() + * @see self::useBestEngine() + * @return string + */ + public function getEngine() + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + return self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods()) ? + 'OpenSSL' : 'PHP'; + } + + /** + * Returns the parameters + * + * A public / private key is only returned if the currently loaded "key" contains an x or y + * value. + * + * @see self::getPublicKey() + * @return mixed + */ + public function getParameters() + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + $key = $type::saveParameters($this->p, $this->q, $this->g); + return DSA::load($key, 'PKCS1') + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + } + + /** + * Determines the signature padding mode + * + * Valid values are: ASN1, SSH2, Raw + * + * @param string $format + */ + public function withSignatureFormat($format) + { + $new = clone $this; + $new->shortFormat = $format; + $new->sigFormat = self::validatePlugin('Signature', $format); + return $new; + } + + /** + * Returns the signature format currently being used + * + */ + public function getSignatureFormat() + { + return $this->shortFormat; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..bc41fcf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php @@ -0,0 +1,118 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\OpenSSH as Progenitor; +use phpseclib3\Math\BigInteger; + +/** + * OpenSSH Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH extends Progenitor +{ + /** + * Supported Key Types + * + * @var array + */ + protected static $types = ['ssh-dss']; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $parsed = parent::load($key, $password); + + if (isset($parsed['paddedKey'])) { + list($type) = Strings::unpackSSH2('s', $parsed['paddedKey']); + if ($type != $parsed['type']) { + throw new \RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])"); + } + + list($p, $q, $g, $y, $x, $comment) = Strings::unpackSSH2('i5s', $parsed['paddedKey']); + + return compact('p', 'q', 'g', 'y', 'x', 'comment'); + } + + list($p, $q, $g, $y) = Strings::unpackSSH2('iiii', $parsed['publicKey']); + + $comment = $parsed['comment']; + + return compact('p', 'q', 'g', 'y', 'comment'); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @param array $options optional + * @return string + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = []) + { + if ($q->getLength() != 160) { + throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160'); + } + + // from : + // string "ssh-dss" + // mpint p + // mpint q + // mpint g + // mpint y + $DSAPublicKey = Strings::packSSH2('siiii', 'ssh-dss', $p, $q, $g, $y); + + if (isset($options['binary']) ? $options['binary'] : self::$binary) { + return $DSAPublicKey; + } + + $comment = isset($options['comment']) ? $options['comment'] : self::$comment; + $DSAPublicKey = 'ssh-dss ' . base64_encode($DSAPublicKey) . ' ' . $comment; + + return $DSAPublicKey; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @param BigInteger $x + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '', array $options = []) + { + $publicKey = self::savePublicKey($p, $q, $g, $y, ['binary' => true]); + $privateKey = Strings::packSSH2('si5', 'ssh-dss', $p, $q, $g, $y, $x); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..800cfb3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php @@ -0,0 +1,143 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#1 Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + + $key = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP); + if (is_array($key)) { + return $key; + } + + $key = ASN1::asn1map($decoded[0], Maps\DSAPrivateKey::MAP); + if (is_array($key)) { + return $key; + } + + $key = ASN1::asn1map($decoded[0], Maps\DSAPublicKey::MAP); + if (is_array($key)) { + return $key; + } + + throw new \RuntimeException('Unable to perform ASN1 mapping'); + } + + /** + * Convert DSA parameters to the appropriate format + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @return string + */ + public static function saveParameters(BigInteger $p, BigInteger $q, BigInteger $g) + { + $key = [ + 'p' => $p, + 'q' => $q, + 'g' => $g + ]; + + $key = ASN1::encodeDER($key, Maps\DSAParams::MAP); + + return "-----BEGIN DSA PARAMETERS-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END DSA PARAMETERS-----\r\n"; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @param BigInteger $x + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '', array $options = []) + { + $key = [ + 'version' => 0, + 'p' => $p, + 'q' => $q, + 'g' => $g, + 'y' => $y, + 'x' => $x + ]; + + $key = ASN1::encodeDER($key, Maps\DSAPrivateKey::MAP); + + return self::wrapPrivateKey($key, 'DSA', $password, $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @return string + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y) + { + $key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP); + + return self::wrapPublicKey($key, 'DSA'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..238f42c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php @@ -0,0 +1,146 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + const OID_NAME = 'id-dsa'; + + /** + * OID Value + * + * @var string + */ + const OID_VALUE = '1.2.840.10040.4.1'; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'privateKey' : 'publicKey'; + + $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER of parameters'); + } + $components = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP); + if (!is_array($components)) { + throw new \RuntimeException('Unable to perform ASN1 mapping on parameters'); + } + + $decoded = ASN1::decodeBER($key[$type]); + if (empty($decoded)) { + throw new \RuntimeException('Unable to decode BER'); + } + + $var = $type == 'privateKey' ? 'x' : 'y'; + $components[$var] = ASN1::asn1map($decoded[0], Maps\DSAPublicKey::MAP); + if (!$components[$var] instanceof BigInteger) { + throw new \RuntimeException('Unable to perform ASN1 mapping'); + } + + if (isset($key['meta'])) { + $components['meta'] = $key['meta']; + } + + return $components; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @param BigInteger $x + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '', array $options = []) + { + $params = [ + 'p' => $p, + 'q' => $q, + 'g' => $g + ]; + $params = ASN1::encodeDER($params, Maps\DSAParams::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($x, Maps\DSAPublicKey::MAP); + return self::wrapPrivateKey($key, [], $params, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @param array $options optional + * @return string + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = []) + { + $params = [ + 'p' => $p, + 'q' => $q, + 'g' => $g + ]; + $params = ASN1::encodeDER($params, Maps\DSAParams::MAP); + $params = new ASN1\Element($params); + $key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP); + return self::wrapPublicKey($key, $params); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..f6177f4 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php @@ -0,0 +1,109 @@ + 160 kinda useless, hence this handlers not supporting such keys. + * + * PHP version 5 + * + * @author Jim Wigginton + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PuTTY as Progenitor; +use phpseclib3\Math\BigInteger; + +/** + * PuTTY Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY extends Progenitor +{ + /** + * Public Handler + * + * @var string + */ + const PUBLIC_HANDLER = 'phpseclib3\Crypt\DSA\Formats\Keys\OpenSSH'; + + /** + * Algorithm Identifier + * + * @var array + */ + protected static $types = ['ssh-dss']; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $components = parent::load($key, $password); + if (!isset($components['private'])) { + return $components; + } + extract($components); + unset($components['public'], $components['private']); + + list($p, $q, $g, $y) = Strings::unpackSSH2('iiii', $public); + list($x) = Strings::unpackSSH2('i', $private); + + return compact('p', 'q', 'g', 'y', 'x', 'comment'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @param BigInteger $x + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = false, array $options = []) + { + if ($q->getLength() != 160) { + throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160'); + } + + $public = Strings::packSSH2('iiii', $p, $q, $g, $y); + $private = Strings::packSSH2('i', $x); + + return self::wrapPrivateKey($public, $private, 'ssh-dss', $password, $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @return string + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y) + { + if ($q->getLength() != 160) { + throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160'); + } + + return self::wrapPublicKey(Strings::packSSH2('iiii', $p, $q, $g, $y), 'ssh-dss'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/Raw.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/Raw.php new file mode 100644 index 0000000..8e2ef01 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/Raw.php @@ -0,0 +1,85 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Math\BigInteger; + +/** + * Raw DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class Raw +{ + /** + * Break a public or private key down into its constituent components + * + * @param array $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + if (!is_array($key)) { + throw new \UnexpectedValueException('Key should be a array - not a ' . gettype($key)); + } + + switch (true) { + case !isset($key['p']) || !isset($key['q']) || !isset($key['g']): + case !$key['p'] instanceof BigInteger: + case !$key['q'] instanceof BigInteger: + case !$key['g'] instanceof BigInteger: + case !isset($key['x']) && !isset($key['y']): + case isset($key['x']) && !$key['x'] instanceof BigInteger: + case isset($key['y']) && !$key['y'] instanceof BigInteger: + throw new \UnexpectedValueException('Key appears to be malformed'); + } + + $options = ['p' => 1, 'q' => 1, 'g' => 1, 'x' => 1, 'y' => 1]; + + return array_intersect_key($key, $options); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @param BigInteger $x + * @param string $password optional + * @return string + */ + public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '') + { + return compact('p', 'q', 'g', 'y', 'x'); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @return string + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y) + { + return compact('p', 'q', 'g', 'y'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/XML.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/XML.php new file mode 100644 index 0000000..f77cbf2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/XML.php @@ -0,0 +1,132 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Math\BigInteger; + +/** + * XML Formatted DSA Key Handler + * + * @author Jim Wigginton + */ +abstract class XML +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (!class_exists('DOMDocument')) { + throw new BadConfigurationException('The dom extension is not setup correctly on this system'); + } + + $use_errors = libxml_use_internal_errors(true); + + $dom = new \DOMDocument(); + if (substr($key, 0, 5) != '' . $key . ''; + } + if (!$dom->loadXML($key)) { + libxml_use_internal_errors($use_errors); + throw new \UnexpectedValueException('Key does not appear to contain XML'); + } + $xpath = new \DOMXPath($dom); + $keys = ['p', 'q', 'g', 'y', 'j', 'seed', 'pgencounter']; + foreach ($keys as $key) { + // $dom->getElementsByTagName($key) is case-sensitive + $temp = $xpath->query("//*[translate(local-name(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='$key']"); + if (!$temp->length) { + continue; + } + $value = new BigInteger(Strings::base64_decode($temp->item(0)->nodeValue), 256); + switch ($key) { + case 'p': // a prime modulus meeting the [DSS] requirements + // Parameters P, Q, and G can be public and common to a group of users. They might be known + // from application context. As such, they are optional but P and Q must either both appear + // or both be absent + $components['p'] = $value; + break; + case 'q': // an integer in the range 2**159 < Q < 2**160 which is a prime divisor of P-1 + $components['q'] = $value; + break; + case 'g': // an integer with certain properties with respect to P and Q + $components['g'] = $value; + break; + case 'y': // G**X mod P (where X is part of the private key and not made public) + $components['y'] = $value; + // the remaining options do not do anything + case 'j': // (P - 1) / Q + // Parameter J is available for inclusion solely for efficiency as it is calculatable from + // P and Q + case 'seed': // a DSA prime generation seed + // Parameters seed and pgenCounter are used in the DSA prime number generation algorithm + // specified in [DSS]. As such, they are optional but must either both be present or both + // be absent + case 'pgencounter': // a DSA prime generation counter + } + } + + libxml_use_internal_errors($use_errors); + + if (!isset($components['y'])) { + throw new \UnexpectedValueException('Key is missing y component'); + } + + switch (true) { + case !isset($components['p']): + case !isset($components['q']): + case !isset($components['g']): + return ['y' => $components['y']]; + } + + return $components; + } + + /** + * Convert a public key to the appropriate format + * + * See https://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue + * + * @param BigInteger $p + * @param BigInteger $q + * @param BigInteger $g + * @param BigInteger $y + * @return string + */ + public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y) + { + return "\r\n" . + '

' . Strings::base64_encode($p->toBytes()) . "

\r\n" . + ' ' . Strings::base64_encode($q->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($g->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($y->toBytes()) . "\r\n" . + ''; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/ASN1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/ASN1.php new file mode 100644 index 0000000..f800602 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/ASN1.php @@ -0,0 +1,62 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Signature; + +use phpseclib3\File\ASN1 as Encoder; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * ASN1 Signature Handler + * + * @author Jim Wigginton + */ +abstract class ASN1 +{ + /** + * Loads a signature + * + * @param string $sig + * @return array|bool + */ + public static function load($sig) + { + if (!is_string($sig)) { + return false; + } + + $decoded = Encoder::decodeBER($sig); + if (empty($decoded)) { + return false; + } + $components = Encoder::asn1map($decoded[0], Maps\DssSigValue::MAP); + + return $components; + } + + /** + * Returns a signature in the appropriate format + * + * @param BigInteger $r + * @param BigInteger $s + * @return string + */ + public static function save(BigInteger $r, BigInteger $s) + { + return Encoder::encodeDER(compact('r', 's'), Maps\DssSigValue::MAP); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/Raw.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/Raw.php new file mode 100644 index 0000000..2657a2a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/Raw.php @@ -0,0 +1,25 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Signature; + +use phpseclib3\Crypt\Common\Formats\Signature\Raw as Progenitor; + +/** + * Raw DSA Signature Handler + * + * @author Jim Wigginton + */ +abstract class Raw extends Progenitor +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/SSH2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/SSH2.php new file mode 100644 index 0000000..88807b5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Signature/SSH2.php @@ -0,0 +1,74 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA\Formats\Signature; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BigInteger; + +/** + * SSH2 Signature Handler + * + * @author Jim Wigginton + */ +abstract class SSH2 +{ + /** + * Loads a signature + * + * @param string $sig + * @return mixed + */ + public static function load($sig) + { + if (!is_string($sig)) { + return false; + } + + $result = Strings::unpackSSH2('ss', $sig); + if ($result === false) { + return false; + } + list($type, $blob) = $result; + if ($type != 'ssh-dss' || strlen($blob) != 40) { + return false; + } + + return [ + 'r' => new BigInteger(substr($blob, 0, 20), 256), + 's' => new BigInteger(substr($blob, 20), 256) + ]; + } + + /** + * Returns a signature in the appropriate format + * + * @param BigInteger $r + * @param BigInteger $s + * @return string + */ + public static function save(BigInteger $r, BigInteger $s) + { + if ($r->getLength() > 160 || $s->getLength() > 160) { + return false; + } + return Strings::packSSH2( + 'ss', + 'ssh-dss', + str_pad($r->toBytes(), 20, "\0", STR_PAD_LEFT) . + str_pad($s->toBytes(), 20, "\0", STR_PAD_LEFT) + ); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Parameters.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Parameters.php new file mode 100644 index 0000000..84d16ba --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Parameters.php @@ -0,0 +1,36 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA; + +use phpseclib3\Crypt\DSA; + +/** + * DSA Parameters + * + * @author Jim Wigginton + */ +final class Parameters extends DSA +{ + /** + * Returns the parameters + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type = 'PKCS1', array $options = []) + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + return $type::saveParameters($this->p, $this->q, $this->g, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PrivateKey.php new file mode 100644 index 0000000..87cd77a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PrivateKey.php @@ -0,0 +1,152 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\DSA\Formats\Signature\ASN1 as ASN1Signature; +use phpseclib3\Math\BigInteger; + +/** + * DSA Private Key + * + * @author Jim Wigginton + */ +final class PrivateKey extends DSA implements Common\PrivateKey +{ + use Common\Traits\PasswordProtected; + + /** + * DSA secret exponent x + * + * @var BigInteger + */ + protected $x; + + /** + * Returns the public key + * + * If you do "openssl rsa -in private.rsa -pubout -outform PEM" you get a PKCS8 formatted key + * that contains a publicKeyAlgorithm AlgorithmIdentifier and a publicKey BIT STRING. + * An AlgorithmIdentifier contains an OID and a parameters field. With RSA public keys this + * parameters field is NULL. With DSA PKCS8 public keys it is not - it contains the p, q and g + * variables. The publicKey BIT STRING contains, simply, the y variable. This can be verified + * by getting a DSA PKCS8 public key: + * + * "openssl dsa -in private.dsa -pubout -outform PEM" + * + * ie. just swap out rsa with dsa in the rsa command above. + * + * A PKCS1 public key corresponds to the publicKey portion of the PKCS8 key. In the case of RSA + * the publicKey portion /is/ the key. In the case of DSA it is not. You cannot verify a signature + * without the parameters and the PKCS1 DSA public key format does not include the parameters. + * + * @see self::getPrivateKey() + * @return mixed + */ + public function getPublicKey() + { + $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey'); + + if (!isset($this->y)) { + $this->y = $this->g->powMod($this->x, $this->p); + } + + $key = $type::savePublicKey($this->p, $this->q, $this->g, $this->y); + + return DSA::loadFormat('PKCS8', $key) + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + } + + /** + * Create a signature + * + * @see self::verify() + * @param string $message + * @return mixed + */ + public function sign($message) + { + $format = $this->sigFormat; + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $signature = ''; + $result = openssl_sign($message, $signature, $this->toString('PKCS8'), $this->hash->getHash()); + + if ($result) { + if ($this->shortFormat == 'ASN1') { + return $signature; + } + + extract(ASN1Signature::load($signature)); + + return $format::save($r, $s); + } + } + + $h = $this->hash->hash($message); + $h = $this->bits2int($h); + + while (true) { + $k = BigInteger::randomRange(self::$one, $this->q->subtract(self::$one)); + $r = $this->g->powMod($k, $this->p); + list(, $r) = $r->divide($this->q); + if ($r->equals(self::$zero)) { + continue; + } + $kinv = $k->modInverse($this->q); + $temp = $h->add($this->x->multiply($r)); + $temp = $kinv->multiply($temp); + list(, $s) = $temp->divide($this->q); + if (!$s->equals(self::$zero)) { + break; + } + } + + // the following is an RFC6979 compliant implementation of deterministic DSA + // it's unused because it's mainly intended for use when a good CSPRNG isn't + // available. if phpseclib's CSPRNG isn't good then even key generation is + // suspect + /* + $h1 = $this->hash->hash($message); + $k = $this->computek($h1); + $r = $this->g->powMod($k, $this->p); + list(, $r) = $r->divide($this->q); + $kinv = $k->modInverse($this->q); + $h1 = $this->bits2int($h1); + $temp = $h1->add($this->x->multiply($r)); + $temp = $kinv->multiply($temp); + list(, $s) = $temp->divide($this->q); + */ + + return $format::save($r, $s); + } + + /** + * Returns the private key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin('Keys', $type, 'savePrivateKey'); + + if (!isset($this->y)) { + $this->y = $this->g->powMod($this->x, $this->p); + } + + return $type::savePrivateKey($this->p, $this->q, $this->g, $this->y, $this->x, $this->password, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PublicKey.php new file mode 100644 index 0000000..c14ffbd --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PublicKey.php @@ -0,0 +1,86 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\DSA; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\DSA\Formats\Signature\ASN1 as ASN1Signature; + +/** + * DSA Public Key + * + * @author Jim Wigginton + */ +final class PublicKey extends DSA implements Common\PublicKey +{ + use Common\Traits\Fingerprint; + + /** + * Verify a signature + * + * @see self::verify() + * @param string $message + * @param string $signature + * @return mixed + */ + public function verify($message, $signature) + { + $format = $this->sigFormat; + + $params = $format::load($signature); + if ($params === false || count($params) != 2) { + return false; + } + extract($params); + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $sig = $format != 'ASN1' ? ASN1Signature::save($r, $s) : $signature; + + $result = openssl_verify($message, $sig, $this->toString('PKCS8'), $this->hash->getHash()); + + if ($result != -1) { + return (bool) $result; + } + } + + $q_1 = $this->q->subtract(self::$one); + if (!$r->between(self::$one, $q_1) || !$s->between(self::$one, $q_1)) { + return false; + } + + $w = $s->modInverse($this->q); + $h = $this->hash->hash($message); + $h = $this->bits2int($h); + list(, $u1) = $h->multiply($w)->divide($this->q); + list(, $u2) = $r->multiply($w)->divide($this->q); + $v1 = $this->g->powMod($u1, $this->p); + $v2 = $this->y->powMod($u2, $this->p); + list(, $v) = $v1->multiply($v2)->divide($this->p); + list(, $v) = $v->divide($this->q); + + return $v->equals($r); + } + + /** + * Returns the public key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + return $type::savePublicKey($this->p, $this->q, $this->g, $this->y, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC.php new file mode 100644 index 0000000..dc82dd0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC.php @@ -0,0 +1,480 @@ + + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $signature = $private->sign($plaintext); + * + * echo $public->verify($plaintext, $signature) ? 'verified' : 'unverified'; + * ?> + * + * + * @author Jim Wigginton + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Curves\Ed448; +use phpseclib3\Crypt\EC\Formats\Keys\PKCS1; +use phpseclib3\Crypt\EC\Parameters; +use phpseclib3\Crypt\EC\PrivateKey; +use phpseclib3\Crypt\EC\PublicKey; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps\ECParameters; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP implementation of EC. + * + * @author Jim Wigginton + */ +abstract class EC extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + const ALGORITHM = 'EC'; + + /** + * Public Key QA + * + * @var object[] + */ + protected $QA; + + /** + * Curve + * + * @var EC\BaseCurves\Base + */ + protected $curve; + + /** + * Signature Format + * + * @var string + */ + protected $format; + + /** + * Signature Format (Short) + * + * @var string + */ + protected $shortFormat; + + /** + * Curve Name + * + * @var string + */ + private $curveName; + + /** + * Curve Order + * + * Used for deterministic ECDSA + * + * @var BigInteger + */ + protected $q; + + /** + * Alias for the private key + * + * Used for deterministic ECDSA. AsymmetricKey expects $x. I don't like x because + * with x you have x * the base point yielding an (x, y)-coordinate that is the + * public key. But the x is different depending on which side of the equal sign + * you're on. It's less ambiguous if you do dA * base point = (x, y)-coordinate. + * + * @var BigInteger + */ + protected $x; + + /** + * Context + * + * @var string + */ + protected $context; + + /** + * Signature Format + * + * @var string + */ + protected $sigFormat; + + /** + * Create public / private key pair. + * + * @param string $curve + * @return PrivateKey + */ + public static function createKey($curve) + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + $curve = strtolower($curve); + if (self::$engines['libsodium'] && $curve == 'ed25519' && function_exists('sodium_crypto_sign_keypair')) { + $kp = sodium_crypto_sign_keypair(); + + $privatekey = EC::loadFormat('libsodium', sodium_crypto_sign_secretkey($kp)); + //$publickey = EC::loadFormat('libsodium', sodium_crypto_sign_publickey($kp)); + + $privatekey->curveName = 'Ed25519'; + //$publickey->curveName = $curve; + + return $privatekey; + } + + $privatekey = new PrivateKey(); + + $curveName = $curve; + if (preg_match('#(?:^curve|^ed)\d+$#', $curveName)) { + $curveName = ucfirst($curveName); + } elseif (substr($curveName, 0, 10) == 'brainpoolp') { + $curveName = 'brainpoolP' . substr($curveName, 10); + } + $curve = '\phpseclib3\Crypt\EC\Curves\\' . $curveName; + + if (!class_exists($curve)) { + throw new UnsupportedCurveException('Named Curve of ' . $curveName . ' is not supported'); + } + + $reflect = new \ReflectionClass($curve); + $curveName = $reflect->isFinal() ? + $reflect->getParentClass()->getShortName() : + $reflect->getShortName(); + + $curve = new $curve(); + if ($curve instanceof TwistedEdwardsCurve) { + $arr = $curve->extractSecret(Random::string($curve instanceof Ed448 ? 57 : 32)); + $privatekey->dA = $dA = $arr['dA']; + $privatekey->secret = $arr['secret']; + } else { + $privatekey->dA = $dA = $curve->createRandomMultiplier(); + } + if ($curve instanceof Curve25519 && self::$engines['libsodium']) { + //$r = pack('H*', '0900000000000000000000000000000000000000000000000000000000000000'); + //$QA = sodium_crypto_scalarmult($dA->toBytes(), $r); + $QA = sodium_crypto_box_publickey_from_secretkey($dA->toBytes()); + $privatekey->QA = [$curve->convertInteger(new BigInteger(strrev($QA), 256))]; + } else { + $privatekey->QA = $curve->multiplyPoint($curve->getBasePoint(), $dA); + } + $privatekey->curve = $curve; + + //$publickey = clone $privatekey; + //unset($publickey->dA); + //unset($publickey->x); + + $privatekey->curveName = $curveName; + //$publickey->curveName = $curveName; + + if ($privatekey->curve instanceof TwistedEdwardsCurve) { + return $privatekey->withHash($curve::HASH); + } + + return $privatekey; + } + + /** + * OnLoad Handler + * + * @return bool + */ + protected static function onLoad(array $components) + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + if (!isset($components['dA']) && !isset($components['QA'])) { + $new = new Parameters(); + $new->curve = $components['curve']; + return $new; + } + + $new = isset($components['dA']) ? + new PrivateKey() : + new PublicKey(); + $new->curve = $components['curve']; + $new->QA = $components['QA']; + + if (isset($components['dA'])) { + $new->dA = $components['dA']; + $new->secret = $components['secret']; + } + + if ($new->curve instanceof TwistedEdwardsCurve) { + return $new->withHash($components['curve']::HASH); + } + + return $new; + } + + /** + * Constructor + * + * PublicKey and PrivateKey objects can only be created from abstract RSA class + */ + protected function __construct() + { + $this->sigFormat = self::validatePlugin('Signature', 'ASN1'); + $this->shortFormat = 'ASN1'; + + parent::__construct(); + } + + /** + * Returns the curve + * + * Returns a string if it's a named curve, an array if not + * + * @return string|array + */ + public function getCurve() + { + if ($this->curveName) { + return $this->curveName; + } + + if ($this->curve instanceof MontgomeryCurve) { + $this->curveName = $this->curve instanceof Curve25519 ? 'Curve25519' : 'Curve448'; + return $this->curveName; + } + + if ($this->curve instanceof TwistedEdwardsCurve) { + $this->curveName = $this->curve instanceof Ed25519 ? 'Ed25519' : 'Ed448'; + return $this->curveName; + } + + $params = $this->getParameters()->toString('PKCS8', ['namedCurve' => true]); + $decoded = ASN1::extractBER($params); + $decoded = ASN1::decodeBER($decoded); + $decoded = ASN1::asn1map($decoded[0], ECParameters::MAP); + if (isset($decoded['namedCurve'])) { + $this->curveName = $decoded['namedCurve']; + return $decoded['namedCurve']; + } + + if (!$namedCurves) { + PKCS1::useSpecifiedCurve(); + } + + return $decoded; + } + + /** + * Returns the key size + * + * Quoting https://tools.ietf.org/html/rfc5656#section-2, + * + * "The size of a set of elliptic curve domain parameters on a prime + * curve is defined as the number of bits in the binary representation + * of the field order, commonly denoted by p. Size on a + * characteristic-2 curve is defined as the number of bits in the binary + * representation of the field, commonly denoted by m. A set of + * elliptic curve domain parameters defines a group of order n generated + * by a base point P" + * + * @return int + */ + public function getLength() + { + return $this->curve->getLength(); + } + + /** + * Returns the current engine being used + * + * @see self::useInternalEngine() + * @see self::useBestEngine() + * @return string + */ + public function getEngine() + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + if ($this->curve instanceof TwistedEdwardsCurve) { + return $this->curve instanceof Ed25519 && self::$engines['libsodium'] && !isset($this->context) ? + 'libsodium' : 'PHP'; + } + + return self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods()) ? + 'OpenSSL' : 'PHP'; + } + + /** + * Returns the public key coordinates as a string + * + * Used by ECDH + * + * @return string + */ + public function getEncodedCoordinates() + { + if ($this->curve instanceof MontgomeryCurve) { + return strrev($this->QA[0]->toBytes(true)); + } + if ($this->curve instanceof TwistedEdwardsCurve) { + return $this->curve->encodePoint($this->QA); + } + return "\4" . $this->QA[0]->toBytes(true) . $this->QA[1]->toBytes(true); + } + + /** + * Returns the parameters + * + * @see self::getPublicKey() + * @param string $type optional + * @return mixed + */ + public function getParameters($type = 'PKCS1') + { + $type = self::validatePlugin('Keys', $type, 'saveParameters'); + + $key = $type::saveParameters($this->curve); + + return EC::load($key, 'PKCS1') + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + } + + /** + * Determines the signature padding mode + * + * Valid values are: ASN1, SSH2, Raw + * + * @param string $format + */ + public function withSignatureFormat($format) + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + + $new = clone $this; + $new->shortFormat = $format; + $new->sigFormat = self::validatePlugin('Signature', $format); + return $new; + } + + /** + * Returns the signature format currently being used + * + */ + public function getSignatureFormat() + { + return $this->shortFormat; + } + + /** + * Sets the context + * + * Used by Ed25519 / Ed448. + * + * @see self::sign() + * @see self::verify() + * @param string $context optional + */ + public function withContext($context = null) + { + if (!$this->curve instanceof TwistedEdwardsCurve) { + throw new UnsupportedCurveException('Only Ed25519 and Ed448 support contexts'); + } + + $new = clone $this; + if (!isset($context)) { + $new->context = null; + return $new; + } + if (!is_string($context)) { + throw new \InvalidArgumentException('setContext expects a string'); + } + if (strlen($context) > 255) { + throw new \LengthException('The context is supposed to be, at most, 255 bytes long'); + } + $new->context = $context; + return $new; + } + + /** + * Returns the signature format currently being used + * + */ + public function getContext() + { + return $this->context; + } + + /** + * Determines which hashing function should be used + * + * @param string $hash + */ + public function withHash($hash) + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + if ($this->curve instanceof Ed25519 && $hash != 'sha512') { + throw new UnsupportedAlgorithmException('Ed25519 only supports sha512 as a hash'); + } + if ($this->curve instanceof Ed448 && $hash != 'shake256-912') { + throw new UnsupportedAlgorithmException('Ed448 only supports shake256 with a length of 114 bytes'); + } + + return parent::withHash($hash); + } + + /** + * __toString() magic method + * + * @return string + */ + public function __toString() + { + if ($this->curve instanceof MontgomeryCurve) { + return ''; + } + + return parent::__toString(); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Base.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Base.php new file mode 100644 index 0000000..d76562d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Base.php @@ -0,0 +1,218 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Math\BigInteger; + +/** + * Base + * + * @author Jim Wigginton + */ +abstract class Base +{ + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Finite Field Integer factory + * + * @var FiniteField\Integer + */ + protected $factory; + + /** + * Returns a random integer + * + * @return object + */ + public function randomInteger() + { + return $this->factory->randomInteger(); + } + + /** + * Converts a BigInteger to a FiniteField\Integer integer + * + * @return object + */ + public function convertInteger(BigInteger $x) + { + return $this->factory->newInteger($x); + } + + /** + * Returns the length, in bytes, of the modulo + * + * @return integer + */ + public function getLengthInBytes() + { + return $this->factory->getLengthInBytes(); + } + + /** + * Returns the length, in bits, of the modulo + * + * @return integer + */ + public function getLength() + { + return $this->factory->getLength(); + } + + /** + * Multiply a point on the curve by a scalar + * + * Uses the montgomery ladder technique as described here: + * + * https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder + * https://github.com/phpecc/phpecc/issues/16#issuecomment-59176772 + * + * @return array + */ + public function multiplyPoint(array $p, BigInteger $d) + { + $alreadyInternal = isset($p[2]); + $r = $alreadyInternal ? + [[], $p] : + [[], $this->convertToInternal($p)]; + + $d = $d->toBits(); + for ($i = 0; $i < strlen($d); $i++) { + $d_i = (int) $d[$i]; + $r[1 - $d_i] = $this->addPoint($r[0], $r[1]); + $r[$d_i] = $this->doublePoint($r[$d_i]); + } + + return $alreadyInternal ? $r[0] : $this->convertToAffine($r[0]); + } + + /** + * Creates a random scalar multiplier + * + * @return BigInteger + */ + public function createRandomMultiplier() + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + return BigInteger::randomRange($one, $this->order->subtract($one)); + } + + /** + * Performs range check + */ + public function rangeCheck(BigInteger $x) + { + static $zero; + if (!isset($zero)) { + $zero = new BigInteger(); + } + + if (!isset($this->order)) { + throw new \RuntimeException('setOrder needs to be called before this method'); + } + if ($x->compare($this->order) > 0 || $x->compare($zero) <= 0) { + throw new \RangeException('x must be between 1 and the order of the curve'); + } + } + + /** + * Sets the Order + */ + public function setOrder(BigInteger $order) + { + $this->order = $order; + } + + /** + * Returns the Order + * + * @return BigInteger + */ + public function getOrder() + { + return $this->order; + } + + /** + * Use a custom defined modular reduction function + * + * @return object + */ + public function setReduction(callable $func) + { + $this->factory->setReduction($func); + } + + /** + * Returns the affine point + * + * @return object[] + */ + public function convertToAffine(array $p) + { + return $p; + } + + /** + * Converts an affine point to a jacobian coordinate + * + * @return object[] + */ + public function convertToInternal(array $p) + { + return $p; + } + + /** + * Negates a point + * + * @return object[] + */ + public function negatePoint(array $p) + { + $temp = [ + $p[0], + $p[1]->negate() + ]; + if (isset($p[2])) { + $temp[] = $p[2]; + } + return $temp; + } + + /** + * Multiply and Add Points + * + * @return int[] + */ + public function multiplyAddPoints(array $points, array $scalars) + { + $p1 = $this->convertToInternal($points[0]); + $p2 = $this->convertToInternal($points[1]); + $p1 = $this->multiplyPoint($p1, $scalars[0]); + $p2 = $this->multiplyPoint($p2, $scalars[1]); + $r = $this->addPoint($p1, $p2); + return $this->convertToAffine($r); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Binary.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Binary.php new file mode 100644 index 0000000..66da11d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Binary.php @@ -0,0 +1,373 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\BinaryField; +use phpseclib3\Math\BinaryField\Integer as BinaryInteger; + +/** + * Curves over y^2 + x*y = x^3 + a*x^2 + b + * + * @author Jim Wigginton + */ +class Binary extends Base +{ + /** + * Binary Field Integer factory + * + * @var BinaryField + */ + protected $factory; + + /** + * Cofficient for x^1 + * + * @var object + */ + protected $a; + + /** + * Cofficient for x^0 + * + * @var object + */ + protected $b; + + /** + * Base Point + * + * @var object + */ + protected $p; + + /** + * The number one over the specified finite field + * + * @var object + */ + protected $one; + + /** + * The modulo + * + * @var BigInteger + */ + protected $modulo; + + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Sets the modulo + */ + public function setModulo(...$modulo) + { + $this->modulo = $modulo; + $this->factory = new BinaryField(...$modulo); + + $this->one = $this->factory->newInteger("\1"); + } + + /** + * Set coefficients a and b + * + * @param string $a + * @param string $b + */ + public function setCoefficients($a, $b) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger(pack('H*', $a)); + $this->b = $this->factory->newInteger(pack('H*', $b)); + } + + /** + * Set x and y coordinates for the base point + * + * @param string|BinaryInteger $x + * @param string|BinaryInteger $y + */ + public function setBasePoint($x, $y) + { + switch (true) { + case !is_string($x) && !$x instanceof BinaryInteger: + throw new \UnexpectedValueException('Argument 1 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer'); + case !is_string($y) && !$y instanceof BinaryInteger: + throw new \UnexpectedValueException('Argument 2 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer'); + } + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + is_string($x) ? $this->factory->newInteger(pack('H*', $x)) : $x, + is_string($y) ? $this->factory->newInteger(pack('H*', $y)) : $y + ]; + } + + /** + * Retrieve the base point as an array + * + * @return array + */ + public function getBasePoint() + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + if (!isset($p[2]) || !isset($q[2])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + return !$p[1]->equals($q[1]) ? [] : $this->doublePoint($p); + } + + // formulas from http://hyperelliptic.org/EFD/g12o/auto-shortw-jacobian.html + + list($x1, $y1, $z1) = $p; + list($x2, $y2, $z2) = $q; + + $o1 = $z1->multiply($z1); + $b = $x2->multiply($o1); + + if ($z2->equals($this->one)) { + $d = $y2->multiply($o1)->multiply($z1); + $e = $x1->add($b); + $f = $y1->add($d); + $z3 = $e->multiply($z1); + $h = $f->multiply($x2)->add($z3->multiply($y2)); + $i = $f->add($z3); + $g = $z3->multiply($z3); + $p1 = $this->a->multiply($g); + $p2 = $f->multiply($i); + $p3 = $e->multiply($e)->multiply($e); + $x3 = $p1->add($p2)->add($p3); + $y3 = $i->multiply($x3)->add($g->multiply($h)); + + return [$x3, $y3, $z3]; + } + + $o2 = $z2->multiply($z2); + $a = $x1->multiply($o2); + $c = $y1->multiply($o2)->multiply($z2); + $d = $y2->multiply($o1)->multiply($z1); + $e = $a->add($b); + $f = $c->add($d); + $g = $e->multiply($z1); + $h = $f->multiply($x2)->add($g->multiply($y2)); + $z3 = $g->multiply($z2); + $i = $f->add($z3); + $p1 = $this->a->multiply($z3->multiply($z3)); + $p2 = $f->multiply($i); + $p3 = $e->multiply($e)->multiply($e); + $x3 = $p1->add($p2)->add($p3); + $y3 = $i->multiply($x3)->add($g->multiply($g)->multiply($h)); + + return [$x3, $y3, $z3]; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + if (!isset($p[2])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + // formulas from http://hyperelliptic.org/EFD/g12o/auto-shortw-jacobian.html + + list($x1, $y1, $z1) = $p; + + $a = $x1->multiply($x1); + $b = $a->multiply($a); + + if ($z1->equals($this->one)) { + $x3 = $b->add($this->b); + $z3 = clone $x1; + $p1 = $a->add($y1)->add($z3)->multiply($this->b); + $p2 = $a->add($y1)->multiply($b); + $y3 = $p1->add($p2); + + return [$x3, $y3, $z3]; + } + + $c = $z1->multiply($z1); + $d = $c->multiply($c); + $x3 = $b->add($this->b->multiply($d->multiply($d))); + $z3 = $x1->multiply($c); + $p1 = $b->multiply($z3); + $p2 = $a->add($y1->multiply($z1))->add($z3)->multiply($x3); + $y3 = $p1->add($p2); + + return [$x3, $y3, $z3]; + } + + /** + * Returns the X coordinate and the derived Y coordinate + * + * Not supported because it is covered by patents. + * Quoting https://www.openssl.org/docs/man1.1.0/apps/ecparam.html , + * + * "Due to patent issues the compressed option is disabled by default for binary curves + * and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at + * compile time." + * + * @return array + */ + public function derivePoint($m) + { + throw new \RuntimeException('Point compression on binary finite field elliptic curves is not supported'); + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p) + { + list($x, $y) = $p; + $lhs = $y->multiply($y); + $lhs = $lhs->add($x->multiply($y)); + $x2 = $x->multiply($x); + $x3 = $x2->multiply($x); + $rhs = $x3->add($this->a->multiply($x2))->add($this->b); + + return $lhs->equals($rhs); + } + + /** + * Returns the modulo + * + * @return BigInteger + */ + public function getModulo() + { + return $this->modulo; + } + + /** + * Returns the a coefficient + * + * @return \phpseclib3\Math\PrimeField\Integer + */ + public function getA() + { + return $this->a; + } + + /** + * Returns the a coefficient + * + * @return \phpseclib3\Math\PrimeField\Integer + */ + public function getB() + { + return $this->b; + } + + /** + * Returns the affine point + * + * A Jacobian Coordinate is of the form (x, y, z). + * To convert a Jacobian Coordinate to an Affine Point + * you do (x / z^2, y / z^3) + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToAffine(array $p) + { + if (!isset($p[2])) { + return $p; + } + list($x, $y, $z) = $p; + $z = $this->one->divide($z); + $z2 = $z->multiply($z); + return [ + $x->multiply($z2), + $y->multiply($z2)->multiply($z) + ]; + } + + /** + * Converts an affine point to a jacobian coordinate + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToInternal(array $p) + { + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + $p['fresh'] = true; + return $p; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/KoblitzPrime.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/KoblitzPrime.php new file mode 100644 index 0000000..d8492eb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/KoblitzPrime.php @@ -0,0 +1,335 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; + +/** + * Curves over y^2 = x^3 + b + * + * @author Jim Wigginton + */ +class KoblitzPrime extends Prime +{ + /** + * Basis + * + * @var list + */ + protected $basis; + + /** + * Beta + * + * @var PrimeField\Integer + */ + protected $beta; + + // don't overwrite setCoefficients() with one that only accepts one parameter so that + // one might be able to switch between KoblitzPrime and Prime more easily (for benchmarking + // purposes). + + /** + * Multiply and Add Points + * + * Uses a efficiently computable endomorphism to achieve a slight speedup + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/curve/short.js#L219 + * + * @return int[] + */ + public function multiplyAddPoints(array $points, array $scalars) + { + static $zero, $one, $two; + if (!isset($two)) { + $two = new BigInteger(2); + $one = new BigInteger(1); + } + + if (!isset($this->beta)) { + // get roots + $inv = $this->one->divide($this->two)->negate(); + $s = $this->three->negate()->squareRoot()->multiply($inv); + $betas = [ + $inv->add($s), + $inv->subtract($s) + ]; + $this->beta = $betas[0]->compare($betas[1]) < 0 ? $betas[0] : $betas[1]; + //echo strtoupper($this->beta->toHex(true)) . "\n"; exit; + } + + if (!isset($this->basis)) { + $factory = new PrimeField($this->order); + $tempOne = $factory->newInteger($one); + $tempTwo = $factory->newInteger($two); + $tempThree = $factory->newInteger(new BigInteger(3)); + + $inv = $tempOne->divide($tempTwo)->negate(); + $s = $tempThree->negate()->squareRoot()->multiply($inv); + + $lambdas = [ + $inv->add($s), + $inv->subtract($s) + ]; + + $lhs = $this->multiplyPoint($this->p, $lambdas[0])[0]; + $rhs = $this->p[0]->multiply($this->beta); + $lambda = $lhs->equals($rhs) ? $lambdas[0] : $lambdas[1]; + + $this->basis = static::extendedGCD($lambda->toBigInteger(), $this->order); + ///* + foreach ($this->basis as $basis) { + echo strtoupper($basis['a']->toHex(true)) . "\n"; + echo strtoupper($basis['b']->toHex(true)) . "\n\n"; + } + exit; + //*/ + } + + $npoints = $nscalars = []; + for ($i = 0; $i < count($points); $i++) { + $p = $points[$i]; + $k = $scalars[$i]->toBigInteger(); + + // begin split + list($v1, $v2) = $this->basis; + + $c1 = $v2['b']->multiply($k); + list($c1, $r) = $c1->divide($this->order); + if ($this->order->compare($r->multiply($two)) <= 0) { + $c1 = $c1->add($one); + } + + $c2 = $v1['b']->negate()->multiply($k); + list($c2, $r) = $c2->divide($this->order); + if ($this->order->compare($r->multiply($two)) <= 0) { + $c2 = $c2->add($one); + } + + $p1 = $c1->multiply($v1['a']); + $p2 = $c2->multiply($v2['a']); + $q1 = $c1->multiply($v1['b']); + $q2 = $c2->multiply($v2['b']); + + $k1 = $k->subtract($p1)->subtract($p2); + $k2 = $q1->add($q2)->negate(); + // end split + + $beta = [ + $p[0]->multiply($this->beta), + $p[1], + clone $this->one + ]; + + if (isset($p['naf'])) { + $beta['naf'] = array_map(function ($p) { + return [ + $p[0]->multiply($this->beta), + $p[1], + clone $this->one + ]; + }, $p['naf']); + $beta['nafwidth'] = $p['nafwidth']; + } + + if ($k1->isNegative()) { + $k1 = $k1->negate(); + $p = $this->negatePoint($p); + } + + if ($k2->isNegative()) { + $k2 = $k2->negate(); + $beta = $this->negatePoint($beta); + } + + $pos = 2 * $i; + $npoints[$pos] = $p; + $nscalars[$pos] = $this->factory->newInteger($k1); + + $pos++; + $npoints[$pos] = $beta; + $nscalars[$pos] = $this->factory->newInteger($k2); + } + + return parent::multiplyAddPoints($npoints, $nscalars); + } + + /** + * Returns the numerator and denominator of the slope + * + * @return FiniteField[] + */ + protected function doublePointHelper(array $p) + { + $numerator = $this->three->multiply($p[0])->multiply($p[0]); + $denominator = $this->two->multiply($p[1]); + return [$numerator, $denominator]; + } + + /** + * Doubles a jacobian coordinate on the curve + * + * See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l + * + * @return FiniteField[] + */ + protected function jacobianDoublePoint(array $p) + { + list($x1, $y1, $z1) = $p; + $a = $x1->multiply($x1); + $b = $y1->multiply($y1); + $c = $b->multiply($b); + $d = $x1->add($b); + $d = $d->multiply($d)->subtract($a)->subtract($c)->multiply($this->two); + $e = $this->three->multiply($a); + $f = $e->multiply($e); + $x3 = $f->subtract($this->two->multiply($d)); + $y3 = $e->multiply($d->subtract($x3))->subtract( + $this->eight->multiply($c) + ); + $z3 = $this->two->multiply($y1)->multiply($z1); + return [$x3, $y3, $z3]; + } + + /** + * Doubles a "fresh" jacobian coordinate on the curve + * + * See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-mdbl-2007-bl + * + * @return FiniteField[] + */ + protected function jacobianDoublePointMixed(array $p) + { + list($x1, $y1) = $p; + $xx = $x1->multiply($x1); + $yy = $y1->multiply($y1); + $yyyy = $yy->multiply($yy); + $s = $x1->add($yy); + $s = $s->multiply($s)->subtract($xx)->subtract($yyyy)->multiply($this->two); + $m = $this->three->multiply($xx); + $t = $m->multiply($m)->subtract($this->two->multiply($s)); + $x3 = $t; + $y3 = $s->subtract($t); + $y3 = $m->multiply($y3)->subtract($this->eight->multiply($yyyy)); + $z3 = $this->two->multiply($y1); + return [$x3, $y3, $z3]; + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p) + { + list($x, $y) = $p; + $lhs = $y->multiply($y); + $temp = $x->multiply($x)->multiply($x); + $rhs = $temp->add($this->b); + + return $lhs->equals($rhs); + } + + /** + * Calculates the parameters needed from the Euclidean algorithm as discussed at + * http://diamond.boisestate.edu/~liljanab/MATH308/GuideToECC.pdf#page=148 + * + * @param BigInteger $u + * @param BigInteger $v + * @return BigInteger[] + */ + protected static function extendedGCD(BigInteger $u, BigInteger $v) + { + $one = new BigInteger(1); + $zero = new BigInteger(); + + $a = clone $one; + $b = clone $zero; + $c = clone $zero; + $d = clone $one; + + $stop = $v->bitwise_rightShift($v->getLength() >> 1); + + $a1 = clone $zero; + $b1 = clone $zero; + $a2 = clone $zero; + $b2 = clone $zero; + + $postGreatestIndex = 0; + + while (!$v->equals($zero)) { + list($q) = $u->divide($v); + + $temp = $u; + $u = $v; + $v = $temp->subtract($v->multiply($q)); + + $temp = $a; + $a = $c; + $c = $temp->subtract($a->multiply($q)); + + $temp = $b; + $b = $d; + $d = $temp->subtract($b->multiply($q)); + + if ($v->compare($stop) > 0) { + $a0 = $v; + $b0 = $c; + } else { + $postGreatestIndex++; + } + + if ($postGreatestIndex == 1) { + $a1 = $v; + $b1 = $c->negate(); + } + + if ($postGreatestIndex == 2) { + $rhs = $a0->multiply($a0)->add($b0->multiply($b0)); + $lhs = $v->multiply($v)->add($b->multiply($b)); + if ($lhs->compare($rhs) <= 0) { + $a2 = $a0; + $b2 = $b0->negate(); + } else { + $a2 = $v; + $b2 = $c->negate(); + } + + break; + } + } + + return [ + ['a' => $a1, 'b' => $b1], + ['a' => $a2, 'b' => $b2] + ]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Montgomery.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Montgomery.php new file mode 100644 index 0000000..bf02569 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Montgomery.php @@ -0,0 +1,279 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; +use phpseclib3\Math\PrimeField\Integer as PrimeInteger; + +/** + * Curves over y^2 = x^3 + a*x + x + * + * @author Jim Wigginton + */ +class Montgomery extends Base +{ + /** + * Prime Field Integer factory + * + * @var PrimeField + */ + protected $factory; + + /** + * Cofficient for x + * + * @var object + */ + protected $a; + + /** + * Constant used for point doubling + * + * @var object + */ + protected $a24; + + /** + * The Number Zero + * + * @var object + */ + protected $zero; + + /** + * The Number One + * + * @var object + */ + protected $one; + + /** + * Base Point + * + * @var object + */ + protected $p; + + /** + * The modulo + * + * @var BigInteger + */ + protected $modulo; + + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Sets the modulo + */ + public function setModulo(BigInteger $modulo) + { + $this->modulo = $modulo; + $this->factory = new PrimeField($modulo); + $this->zero = $this->factory->newInteger(new BigInteger()); + $this->one = $this->factory->newInteger(new BigInteger(1)); + } + + /** + * Set coefficients a + */ + public function setCoefficients(BigInteger $a) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger($a); + $two = $this->factory->newInteger(new BigInteger(2)); + $four = $this->factory->newInteger(new BigInteger(4)); + $this->a24 = $this->a->subtract($two)->divide($four); + } + + /** + * Set x and y coordinates for the base point + * + * @param BigInteger|PrimeInteger $x + * @param BigInteger|PrimeInteger $y + * @return PrimeInteger[] + */ + public function setBasePoint($x, $y) + { + switch (true) { + case !$x instanceof BigInteger && !$x instanceof PrimeInteger: + throw new \UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + case !$y instanceof BigInteger && !$y instanceof PrimeInteger: + throw new \UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + } + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + $x instanceof BigInteger ? $this->factory->newInteger($x) : $x, + $y instanceof BigInteger ? $this->factory->newInteger($y) : $y + ]; + } + + /** + * Retrieve the base point as an array + * + * @return array + */ + public function getBasePoint() + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Doubles and adds a point on a curve + * + * See https://tools.ietf.org/html/draft-ietf-tls-curve25519-01#appendix-A.1.3 + * + * @return FiniteField[][] + */ + private function doubleAndAddPoint(array $p, array $q, PrimeInteger $x1) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + return []; + } + + if (!isset($p[1])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to XZ coordinates'); + } + + list($x2, $z2) = $p; + list($x3, $z3) = $q; + + $a = $x2->add($z2); + $aa = $a->multiply($a); + $b = $x2->subtract($z2); + $bb = $b->multiply($b); + $e = $aa->subtract($bb); + $c = $x3->add($z3); + $d = $x3->subtract($z3); + $da = $d->multiply($a); + $cb = $c->multiply($b); + $temp = $da->add($cb); + $x5 = $temp->multiply($temp); + $temp = $da->subtract($cb); + $z5 = $x1->multiply($temp->multiply($temp)); + $x4 = $aa->multiply($bb); + $temp = static::class == Curve25519::class ? $bb : $aa; + $z4 = $e->multiply($temp->add($this->a24->multiply($e))); + + return [ + [$x4, $z4], + [$x5, $z5] + ]; + } + + /** + * Multiply a point on the curve by a scalar + * + * Uses the montgomery ladder technique as described here: + * + * https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder + * https://github.com/phpecc/phpecc/issues/16#issuecomment-59176772 + * + * @return array + */ + public function multiplyPoint(array $p, BigInteger $d) + { + $p1 = [$this->one, $this->zero]; + $alreadyInternal = isset($x[1]); + $p2 = $this->convertToInternal($p); + $x = $p[0]; + + $b = $d->toBits(); + $b = str_pad($b, 256, '0', STR_PAD_LEFT); + for ($i = 0; $i < strlen($b); $i++) { + $b_i = (int) $b[$i]; + if ($b_i) { + list($p2, $p1) = $this->doubleAndAddPoint($p2, $p1, $x); + } else { + list($p1, $p2) = $this->doubleAndAddPoint($p1, $p2, $x); + } + } + + return $alreadyInternal ? $p1 : $this->convertToAffine($p1); + } + + /** + * Converts an affine point to an XZ coordinate + * + * From https://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html + * + * XZ coordinates represent x y as X Z satsfying the following equations: + * + * x=X/Z + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToInternal(array $p) + { + if (empty($p)) { + return [clone $this->zero, clone $this->one]; + } + + if (isset($p[1])) { + return $p; + } + + $p[1] = clone $this->one; + + return $p; + } + + /** + * Returns the affine point + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToAffine(array $p) + { + if (!isset($p[1])) { + return $p; + } + list($x, $z) = $p; + return [$x->divide($z)]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Prime.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Prime.php new file mode 100644 index 0000000..6200401 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Prime.php @@ -0,0 +1,785 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer; +use phpseclib3\Math\PrimeField; +use phpseclib3\Math\PrimeField\Integer as PrimeInteger; + +/** + * Curves over y^2 = x^3 + a*x + b + * + * @author Jim Wigginton + */ +class Prime extends Base +{ + /** + * Prime Field Integer factory + * + * @var \phpseclib3\Math\PrimeFields + */ + protected $factory; + + /** + * Cofficient for x^1 + * + * @var object + */ + protected $a; + + /** + * Cofficient for x^0 + * + * @var object + */ + protected $b; + + /** + * Base Point + * + * @var object + */ + protected $p; + + /** + * The number one over the specified finite field + * + * @var object + */ + protected $one; + + /** + * The number two over the specified finite field + * + * @var object + */ + protected $two; + + /** + * The number three over the specified finite field + * + * @var object + */ + protected $three; + + /** + * The number four over the specified finite field + * + * @var object + */ + protected $four; + + /** + * The number eight over the specified finite field + * + * @var object + */ + protected $eight; + + /** + * The modulo + * + * @var BigInteger + */ + protected $modulo; + + /** + * The Order + * + * @var BigInteger + */ + protected $order; + + /** + * Sets the modulo + */ + public function setModulo(BigInteger $modulo) + { + $this->modulo = $modulo; + $this->factory = new PrimeField($modulo); + $this->two = $this->factory->newInteger(new BigInteger(2)); + $this->three = $this->factory->newInteger(new BigInteger(3)); + // used by jacobian coordinates + $this->one = $this->factory->newInteger(new BigInteger(1)); + $this->four = $this->factory->newInteger(new BigInteger(4)); + $this->eight = $this->factory->newInteger(new BigInteger(8)); + } + + /** + * Set coefficients a and b + */ + public function setCoefficients(BigInteger $a, BigInteger $b) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger($a); + $this->b = $this->factory->newInteger($b); + } + + /** + * Set x and y coordinates for the base point + * + * @param BigInteger|PrimeInteger $x + * @param BigInteger|PrimeInteger $y + * @return PrimeInteger[] + */ + public function setBasePoint($x, $y) + { + switch (true) { + case !$x instanceof BigInteger && !$x instanceof PrimeInteger: + throw new \UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + case !$y instanceof BigInteger && !$y instanceof PrimeInteger: + throw new \UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + } + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + $x instanceof BigInteger ? $this->factory->newInteger($x) : $x, + $y instanceof BigInteger ? $this->factory->newInteger($y) : $y + ]; + } + + /** + * Retrieve the base point as an array + * + * @return array + */ + public function getBasePoint() + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Adds two "fresh" jacobian form on the curve + * + * @return FiniteField[] + */ + protected function jacobianAddPointMixedXY(array $p, array $q) + { + list($u1, $s1) = $p; + list($u2, $s2) = $q; + if ($u1->equals($u2)) { + if (!$s1->equals($s2)) { + return []; + } else { + return $this->doublePoint($p); + } + } + $h = $u2->subtract($u1); + $r = $s2->subtract($s1); + $h2 = $h->multiply($h); + $h3 = $h2->multiply($h); + $v = $u1->multiply($h2); + $x3 = $r->multiply($r)->subtract($h3)->subtract($v->multiply($this->two)); + $y3 = $r->multiply( + $v->subtract($x3) + )->subtract( + $s1->multiply($h3) + ); + return [$x3, $y3, $h]; + } + + /** + * Adds one "fresh" jacobian form on the curve + * + * The second parameter should be the "fresh" one + * + * @return FiniteField[] + */ + protected function jacobianAddPointMixedX(array $p, array $q) + { + list($u1, $s1, $z1) = $p; + list($x2, $y2) = $q; + + $z12 = $z1->multiply($z1); + + $u2 = $x2->multiply($z12); + $s2 = $y2->multiply($z12->multiply($z1)); + if ($u1->equals($u2)) { + if (!$s1->equals($s2)) { + return []; + } else { + return $this->doublePoint($p); + } + } + $h = $u2->subtract($u1); + $r = $s2->subtract($s1); + $h2 = $h->multiply($h); + $h3 = $h2->multiply($h); + $v = $u1->multiply($h2); + $x3 = $r->multiply($r)->subtract($h3)->subtract($v->multiply($this->two)); + $y3 = $r->multiply( + $v->subtract($x3) + )->subtract( + $s1->multiply($h3) + ); + $z3 = $h->multiply($z1); + return [$x3, $y3, $z3]; + } + + /** + * Adds two jacobian coordinates on the curve + * + * @return FiniteField[] + */ + protected function jacobianAddPoint(array $p, array $q) + { + list($x1, $y1, $z1) = $p; + list($x2, $y2, $z2) = $q; + + $z12 = $z1->multiply($z1); + $z22 = $z2->multiply($z2); + + $u1 = $x1->multiply($z22); + $u2 = $x2->multiply($z12); + $s1 = $y1->multiply($z22->multiply($z2)); + $s2 = $y2->multiply($z12->multiply($z1)); + if ($u1->equals($u2)) { + if (!$s1->equals($s2)) { + return []; + } else { + return $this->doublePoint($p); + } + } + $h = $u2->subtract($u1); + $r = $s2->subtract($s1); + $h2 = $h->multiply($h); + $h3 = $h2->multiply($h); + $v = $u1->multiply($h2); + $x3 = $r->multiply($r)->subtract($h3)->subtract($v->multiply($this->two)); + $y3 = $r->multiply( + $v->subtract($x3) + )->subtract( + $s1->multiply($h3) + ); + $z3 = $h->multiply($z1)->multiply($z2); + return [$x3, $y3, $z3]; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + // use jacobian coordinates + if (isset($p[2]) && isset($q[2])) { + if (isset($p['fresh']) && isset($q['fresh'])) { + return $this->jacobianAddPointMixedXY($p, $q); + } + if (isset($p['fresh'])) { + return $this->jacobianAddPointMixedX($q, $p); + } + if (isset($q['fresh'])) { + return $this->jacobianAddPointMixedX($p, $q); + } + return $this->jacobianAddPoint($p, $q); + } + + if (isset($p[2]) || isset($q[2])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to Jacobi coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + if (!$p[1]->equals($q[1])) { + return []; + } else { // eg. doublePoint + list($numerator, $denominator) = $this->doublePointHelper($p); + } + } else { + $numerator = $q[1]->subtract($p[1]); + $denominator = $q[0]->subtract($p[0]); + } + $slope = $numerator->divide($denominator); + $x = $slope->multiply($slope)->subtract($p[0])->subtract($q[0]); + $y = $slope->multiply($p[0]->subtract($x))->subtract($p[1]); + + return [$x, $y]; + } + + /** + * Returns the numerator and denominator of the slope + * + * @return FiniteField[] + */ + protected function doublePointHelper(array $p) + { + $numerator = $this->three->multiply($p[0])->multiply($p[0])->add($this->a); + $denominator = $this->two->multiply($p[1]); + return [$numerator, $denominator]; + } + + /** + * Doubles a jacobian coordinate on the curve + * + * @return FiniteField[] + */ + protected function jacobianDoublePoint(array $p) + { + list($x, $y, $z) = $p; + $x2 = $x->multiply($x); + $y2 = $y->multiply($y); + $z2 = $z->multiply($z); + $s = $this->four->multiply($x)->multiply($y2); + $m1 = $this->three->multiply($x2); + $m2 = $this->a->multiply($z2->multiply($z2)); + $m = $m1->add($m2); + $x1 = $m->multiply($m)->subtract($this->two->multiply($s)); + $y1 = $m->multiply($s->subtract($x1))->subtract( + $this->eight->multiply($y2->multiply($y2)) + ); + $z1 = $this->two->multiply($y)->multiply($z); + return [$x1, $y1, $z1]; + } + + /** + * Doubles a "fresh" jacobian coordinate on the curve + * + * @return FiniteField[] + */ + protected function jacobianDoublePointMixed(array $p) + { + list($x, $y) = $p; + $x2 = $x->multiply($x); + $y2 = $y->multiply($y); + $s = $this->four->multiply($x)->multiply($y2); + $m1 = $this->three->multiply($x2); + $m = $m1->add($this->a); + $x1 = $m->multiply($m)->subtract($this->two->multiply($s)); + $y1 = $m->multiply($s->subtract($x1))->subtract( + $this->eight->multiply($y2->multiply($y2)) + ); + $z1 = $this->two->multiply($y); + return [$x1, $y1, $z1]; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + // use jacobian coordinates + if (isset($p[2])) { + if (isset($p['fresh'])) { + return $this->jacobianDoublePointMixed($p); + } + return $this->jacobianDoublePoint($p); + } + + list($numerator, $denominator) = $this->doublePointHelper($p); + + $slope = $numerator->divide($denominator); + + $x = $slope->multiply($slope)->subtract($p[0])->subtract($p[0]); + $y = $slope->multiply($p[0]->subtract($x))->subtract($p[1]); + + return [$x, $y]; + } + + /** + * Returns the X coordinate and the derived Y coordinate + * + * @return array + */ + public function derivePoint($m) + { + $y = ord(Strings::shift($m)); + $x = new BigInteger($m, 256); + $xp = $this->convertInteger($x); + switch ($y) { + case 2: + $ypn = false; + break; + case 3: + $ypn = true; + break; + default: + throw new \RuntimeException('Coordinate not in recognized format'); + } + $temp = $xp->multiply($this->a); + $temp = $xp->multiply($xp)->multiply($xp)->add($temp); + $temp = $temp->add($this->b); + $b = $temp->squareRoot(); + if (!$b) { + throw new \RuntimeException('Unable to derive Y coordinate'); + } + $bn = $b->isOdd(); + $yp = $ypn == $bn ? $b : $b->negate(); + return [$xp, $yp]; + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p) + { + list($x, $y) = $p; + $lhs = $y->multiply($y); + $temp = $x->multiply($this->a); + $temp = $x->multiply($x)->multiply($x)->add($temp); + $rhs = $temp->add($this->b); + + return $lhs->equals($rhs); + } + + /** + * Returns the modulo + * + * @return BigInteger + */ + public function getModulo() + { + return $this->modulo; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getA() + { + return $this->a; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getB() + { + return $this->b; + } + + /** + * Multiply and Add Points + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/curve/base.js#L125 + * + * @return int[] + */ + public function multiplyAddPoints(array $points, array $scalars) + { + $length = count($points); + + foreach ($points as &$point) { + $point = $this->convertToInternal($point); + } + + $wnd = [$this->getNAFPoints($points[0], 7)]; + $wndWidth = [isset($points[0]['nafwidth']) ? $points[0]['nafwidth'] : 7]; + for ($i = 1; $i < $length; $i++) { + $wnd[] = $this->getNAFPoints($points[$i], 1); + $wndWidth[] = isset($points[$i]['nafwidth']) ? $points[$i]['nafwidth'] : 1; + } + + $naf = []; + + // comb all window NAFs + + $max = 0; + for ($i = $length - 1; $i >= 1; $i -= 2) { + $a = $i - 1; + $b = $i; + if ($wndWidth[$a] != 1 || $wndWidth[$b] != 1) { + $naf[$a] = $scalars[$a]->getNAF($wndWidth[$a]); + $naf[$b] = $scalars[$b]->getNAF($wndWidth[$b]); + $max = max(count($naf[$a]), count($naf[$b]), $max); + continue; + } + + $comb = [ + $points[$a], // 1 + null, // 3 + null, // 5 + $points[$b] // 7 + ]; + + $comb[1] = $this->addPoint($points[$a], $points[$b]); + $comb[2] = $this->addPoint($points[$a], $this->negatePoint($points[$b])); + + $index = [ + -3, /* -1 -1 */ + -1, /* -1 0 */ + -5, /* -1 1 */ + -7, /* 0 -1 */ + 0, /* 0 -1 */ + 7, /* 0 1 */ + 5, /* 1 -1 */ + 1, /* 1 0 */ + 3 /* 1 1 */ + ]; + + $jsf = self::getJSFPoints($scalars[$a], $scalars[$b]); + + $max = max(count($jsf[0]), $max); + if ($max > 0) { + $naf[$a] = array_fill(0, $max, 0); + $naf[$b] = array_fill(0, $max, 0); + } else { + $naf[$a] = []; + $naf[$b] = []; + } + + for ($j = 0; $j < $max; $j++) { + $ja = isset($jsf[0][$j]) ? $jsf[0][$j] : 0; + $jb = isset($jsf[1][$j]) ? $jsf[1][$j] : 0; + + $naf[$a][$j] = $index[3 * ($ja + 1) + $jb + 1]; + $naf[$b][$j] = 0; + $wnd[$a] = $comb; + } + } + + $acc = []; + $temp = [0, 0, 0, 0]; + for ($i = $max; $i >= 0; $i--) { + $k = 0; + while ($i >= 0) { + $zero = true; + for ($j = 0; $j < $length; $j++) { + $temp[$j] = isset($naf[$j][$i]) ? $naf[$j][$i] : 0; + if ($temp[$j] != 0) { + $zero = false; + } + } + if (!$zero) { + break; + } + $k++; + $i--; + } + + if ($i >= 0) { + $k++; + } + while ($k--) { + $acc = $this->doublePoint($acc); + } + + if ($i < 0) { + break; + } + + for ($j = 0; $j < $length; $j++) { + $z = $temp[$j]; + $p = null; + if ($z == 0) { + continue; + } + $p = $z > 0 ? + $wnd[$j][($z - 1) >> 1] : + $this->negatePoint($wnd[$j][(-$z - 1) >> 1]); + $acc = $this->addPoint($acc, $p); + } + } + + return $this->convertToAffine($acc); + } + + /** + * Precomputes NAF points + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/curve/base.js#L351 + * + * @return int[] + */ + private function getNAFPoints(array $point, $wnd) + { + if (isset($point['naf'])) { + return $point['naf']; + } + + $res = [$point]; + $max = (1 << $wnd) - 1; + $dbl = $max == 1 ? null : $this->doublePoint($point); + for ($i = 1; $i < $max; $i++) { + $res[] = $this->addPoint($res[$i - 1], $dbl); + } + + $point['naf'] = $res; + + /* + $str = ''; + foreach ($res as $re) { + $re[0] = bin2hex($re[0]->toBytes()); + $re[1] = bin2hex($re[1]->toBytes()); + $str.= " ['$re[0]', '$re[1]'],\r\n"; + } + file_put_contents('temp.txt', $str); + exit; + */ + + return $res; + } + + /** + * Precomputes points in Joint Sparse Form + * + * Adapted from: + * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/utils.js#L96 + * + * @return int[] + */ + private static function getJSFPoints(Integer $k1, Integer $k2) + { + static $three; + if (!isset($three)) { + $three = new BigInteger(3); + } + + $jsf = [[], []]; + $k1 = $k1->toBigInteger(); + $k2 = $k2->toBigInteger(); + $d1 = 0; + $d2 = 0; + + while ($k1->compare(new BigInteger(-$d1)) > 0 || $k2->compare(new BigInteger(-$d2)) > 0) { + // first phase + $m14 = $k1->testBit(0) + 2 * $k1->testBit(1); + $m14 += $d1; + $m14 &= 3; + + $m24 = $k2->testBit(0) + 2 * $k2->testBit(1); + $m24 += $d2; + $m24 &= 3; + + if ($m14 == 3) { + $m14 = -1; + } + if ($m24 == 3) { + $m24 = -1; + } + + $u1 = 0; + if ($m14 & 1) { // if $m14 is odd + $m8 = $k1->testBit(0) + 2 * $k1->testBit(1) + 4 * $k1->testBit(2); + $m8 += $d1; + $m8 &= 7; + $u1 = ($m8 == 3 || $m8 == 5) && $m24 == 2 ? -$m14 : $m14; + } + $jsf[0][] = $u1; + + $u2 = 0; + if ($m24 & 1) { // if $m24 is odd + $m8 = $k2->testBit(0) + 2 * $k2->testBit(1) + 4 * $k2->testBit(2); + $m8 += $d2; + $m8 &= 7; + $u2 = ($m8 == 3 || $m8 == 5) && $m14 == 2 ? -$m24 : $m24; + } + $jsf[1][] = $u2; + + // second phase + if (2 * $d1 == $u1 + 1) { + $d1 = 1 - $d1; + } + if (2 * $d2 == $u2 + 1) { + $d2 = 1 - $d2; + } + $k1 = $k1->bitwise_rightShift(1); + $k2 = $k2->bitwise_rightShift(1); + } + + return $jsf; + } + + /** + * Returns the affine point + * + * A Jacobian Coordinate is of the form (x, y, z). + * To convert a Jacobian Coordinate to an Affine Point + * you do (x / z^2, y / z^3) + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToAffine(array $p) + { + if (!isset($p[2])) { + return $p; + } + list($x, $y, $z) = $p; + $z = $this->one->divide($z); + $z2 = $z->multiply($z); + return [ + $x->multiply($z2), + $y->multiply($z2)->multiply($z) + ]; + } + + /** + * Converts an affine point to a jacobian coordinate + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToInternal(array $p) + { + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + $p['fresh'] = true; + return $p; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php new file mode 100644 index 0000000..004406a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php @@ -0,0 +1,215 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\BaseCurves; + +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; +use phpseclib3\Math\PrimeField\Integer as PrimeInteger; + +/** + * Curves over a*x^2 + y^2 = 1 + d*x^2*y^2 + * + * @author Jim Wigginton + */ +class TwistedEdwards extends Base +{ + /** + * The modulo + * + * @var BigInteger + */ + protected $modulo; + + /** + * Cofficient for x^2 + * + * @var object + */ + protected $a; + + /** + * Cofficient for x^2*y^2 + * + * @var object + */ + protected $d; + + /** + * Base Point + * + * @var object[] + */ + protected $p; + + /** + * The number zero over the specified finite field + * + * @var object + */ + protected $zero; + + /** + * The number one over the specified finite field + * + * @var object + */ + protected $one; + + /** + * The number two over the specified finite field + * + * @var object + */ + protected $two; + + /** + * Sets the modulo + */ + public function setModulo(BigInteger $modulo) + { + $this->modulo = $modulo; + $this->factory = new PrimeField($modulo); + $this->zero = $this->factory->newInteger(new BigInteger(0)); + $this->one = $this->factory->newInteger(new BigInteger(1)); + $this->two = $this->factory->newInteger(new BigInteger(2)); + } + + /** + * Set coefficients a and b + */ + public function setCoefficients(BigInteger $a, BigInteger $d) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->a = $this->factory->newInteger($a); + $this->d = $this->factory->newInteger($d); + } + + /** + * Set x and y coordinates for the base point + */ + public function setBasePoint($x, $y) + { + switch (true) { + case !$x instanceof BigInteger && !$x instanceof PrimeInteger: + throw new \UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + case !$y instanceof BigInteger && !$y instanceof PrimeInteger: + throw new \UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer'); + } + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + $this->p = [ + $x instanceof BigInteger ? $this->factory->newInteger($x) : $x, + $y instanceof BigInteger ? $this->factory->newInteger($y) : $y + ]; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getA() + { + return $this->a; + } + + /** + * Returns the a coefficient + * + * @return PrimeInteger + */ + public function getD() + { + return $this->d; + } + + /** + * Retrieve the base point as an array + * + * @return array + */ + public function getBasePoint() + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + /* + if (!isset($this->p)) { + throw new \RuntimeException('setBasePoint needs to be called before this method'); + } + */ + return $this->p; + } + + /** + * Returns the affine point + * + * @return PrimeField\Integer[] + */ + public function convertToAffine(array $p) + { + if (!isset($p[2])) { + return $p; + } + list($x, $y, $z) = $p; + $z = $this->one->divide($z); + return [ + $x->multiply($z), + $y->multiply($z) + ]; + } + + /** + * Returns the modulo + * + * @return BigInteger + */ + public function getModulo() + { + return $this->modulo; + } + + /** + * Tests whether or not the x / y values satisfy the equation + * + * @return boolean + */ + public function verifyPoint(array $p) + { + list($x, $y) = $p; + $x2 = $x->multiply($x); + $y2 = $y->multiply($y); + + $lhs = $this->a->multiply($x2)->add($y2); + $rhs = $this->d->multiply($x2)->multiply($y2)->add($this->one); + + return $lhs->equals($rhs); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Curve25519.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Curve25519.php new file mode 100644 index 0000000..0f3f4d8 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Curve25519.php @@ -0,0 +1,81 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery; +use phpseclib3\Math\BigInteger; + +class Curve25519 extends Montgomery +{ + public function __construct() + { + // 2^255 - 19 + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED', 16)); + $this->a24 = $this->factory->newInteger(new BigInteger('121666')); + $this->p = [$this->factory->newInteger(new BigInteger(9))]; + // 2^252 + 0x14def9dea2f79cd65812631a5cf5d3ed + $this->setOrder(new BigInteger('1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED', 16)); + + /* + $this->setCoefficients( + new BigInteger('486662'), // a + ); + $this->setBasePoint( + new BigInteger(9), + new BigInteger('14781619447589544791020593568409986887264606134616475288964881837755586237401') + ); + */ + } + + /** + * Multiply a point on the curve by a scalar + * + * Modifies the scalar as described at https://tools.ietf.org/html/rfc7748#page-8 + * + * @return array + */ + public function multiplyPoint(array $p, BigInteger $d) + { + //$r = strrev(sodium_crypto_scalarmult($d->toBytes(), strrev($p[0]->toBytes()))); + //return [$this->factory->newInteger(new BigInteger($r, 256))]; + + $d = $d->toBytes(); + $d &= "\xF8" . str_repeat("\xFF", 30) . "\x7F"; + $d = strrev($d); + $d |= "\x40"; + $d = new BigInteger($d, -256); + + return parent::multiplyPoint($p, $d); + } + + /** + * Creates a random scalar multiplier + * + * @return BigInteger + */ + public function createRandomMultiplier() + { + return BigInteger::random(256); + } + + /** + * Performs range check + */ + public function rangeCheck(BigInteger $x) + { + if ($x->getLength() > 256 || $x->isNegative()) { + throw new \RangeException('x must be a positive integer less than 256 bytes in length'); + } + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Curve448.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Curve448.php new file mode 100644 index 0000000..f4a4423 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Curve448.php @@ -0,0 +1,92 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery; +use phpseclib3\Math\BigInteger; + +class Curve448 extends Montgomery +{ + public function __construct() + { + // 2^448 - 2^224 - 1 + $this->setModulo(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF', + 16 + )); + $this->a24 = $this->factory->newInteger(new BigInteger('39081')); + $this->p = [$this->factory->newInteger(new BigInteger(5))]; + // 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d + $this->setOrder(new BigInteger( + '3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + '7CCA23E9C44EDB49AED63690216CC2728DC58F552378C292AB5844F3', + 16 + )); + + /* + $this->setCoefficients( + new BigInteger('156326'), // a + ); + $this->setBasePoint( + new BigInteger(5), + new BigInteger( + '355293926785568175264127502063783334808976399387714271831880898' . + '435169088786967410002932673765864550910142774147268105838985595290' . + '606362') + ); + */ + } + + /** + * Multiply a point on the curve by a scalar + * + * Modifies the scalar as described at https://tools.ietf.org/html/rfc7748#page-8 + * + * @return array + */ + public function multiplyPoint(array $p, BigInteger $d) + { + //$r = strrev(sodium_crypto_scalarmult($d->toBytes(), strrev($p[0]->toBytes()))); + //return [$this->factory->newInteger(new BigInteger($r, 256))]; + + $d = $d->toBytes(); + $d[0] = $d[0] & "\xFC"; + $d = strrev($d); + $d |= "\x80"; + $d = new BigInteger($d, 256); + + return parent::multiplyPoint($p, $d); + } + + /** + * Creates a random scalar multiplier + * + * @return BigInteger + */ + public function createRandomMultiplier() + { + return BigInteger::random(446); + } + + /** + * Performs range check + */ + public function rangeCheck(BigInteger $x) + { + if ($x->getLength() > 448 || $x->isNegative()) { + throw new \RangeException('x must be a positive integer less than 446 bytes in length'); + } + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Ed25519.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Ed25519.php new file mode 100644 index 0000000..9d3de68 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Ed25519.php @@ -0,0 +1,333 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Math\BigInteger; + +class Ed25519 extends TwistedEdwards +{ + const HASH = 'sha512'; + /* + Per https://tools.ietf.org/html/rfc8032#page-6 EdDSA has several parameters, one of which is b: + + 2. An integer b with 2^(b-1) > p. EdDSA public keys have exactly b + bits, and EdDSA signatures have exactly 2*b bits. b is + recommended to be a multiple of 8, so public key and signature + lengths are an integral number of octets. + + SIZE corresponds to b + */ + const SIZE = 32; + + public function __construct() + { + // 2^255 - 19 + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED', 16)); + $this->setCoefficients( + // -1 + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC', 16), // a + // -121665/121666 + new BigInteger('52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3', 16) // d + ); + $this->setBasePoint( + new BigInteger('216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A', 16), + new BigInteger('6666666666666666666666666666666666666666666666666666666666666658', 16) + ); + $this->setOrder(new BigInteger('1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED', 16)); + // algorithm 14.47 from http://cacr.uwaterloo.ca/hac/about/chap14.pdf#page=16 + /* + $this->setReduction(function($x) { + $parts = $x->bitwise_split(255); + $className = $this->className; + + if (count($parts) > 2) { + list(, $r) = $x->divide($className::$modulo); + return $r; + } + + $zero = new BigInteger(); + $c = new BigInteger(19); + + switch (count($parts)) { + case 2: + list($qi, $ri) = $parts; + break; + case 1: + $qi = $zero; + list($ri) = $parts; + break; + case 0: + return $zero; + } + $r = $ri; + + while ($qi->compare($zero) > 0) { + $temp = $qi->multiply($c)->bitwise_split(255); + if (count($temp) == 2) { + list($qi, $ri) = $temp; + } else { + $qi = $zero; + list($ri) = $temp; + } + $r = $r->add($ri); + } + + while ($r->compare($className::$modulo) > 0) { + $r = $r->subtract($className::$modulo); + } + return $r; + }); + */ + } + + /** + * Recover X from Y + * + * Implements steps 2-4 at https://tools.ietf.org/html/rfc8032#section-5.1.3 + * + * Used by EC\Keys\Common.php + * + * @param BigInteger $y + * @param boolean $sign + * @return object[] + */ + public function recoverX(BigInteger $y, $sign) + { + $y = $this->factory->newInteger($y); + + $y2 = $y->multiply($y); + $u = $y2->subtract($this->one); + $v = $this->d->multiply($y2)->add($this->one); + $x2 = $u->divide($v); + if ($x2->equals($this->zero)) { + if ($sign) { + throw new \RuntimeException('Unable to recover X coordinate (x2 = 0)'); + } + return clone $this->zero; + } + // find the square root + /* we don't do $x2->squareRoot() because, quoting from + https://tools.ietf.org/html/rfc8032#section-5.1.1: + + "For point decoding or "decompression", square roots modulo p are + needed. They can be computed using the Tonelli-Shanks algorithm or + the special case for p = 5 (mod 8). To find a square root of a, + first compute the candidate root x = a^((p+3)/8) (mod p)." + */ + $exp = $this->getModulo()->add(new BigInteger(3)); + $exp = $exp->bitwise_rightShift(3); + $x = $x2->pow($exp); + + // If v x^2 = -u (mod p), set x <-- x * 2^((p-1)/4), which is a square root. + if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) { + $temp = $this->getModulo()->subtract(new BigInteger(1)); + $temp = $temp->bitwise_rightShift(2); + $temp = $this->two->pow($temp); + $x = $x->multiply($temp); + if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) { + throw new \RuntimeException('Unable to recover X coordinate'); + } + } + if ($x->isOdd() != $sign) { + $x = $x->negate(); + } + + return [$x, $y]; + } + + /** + * Extract Secret Scalar + * + * Implements steps 1-3 at https://tools.ietf.org/html/rfc8032#section-5.1.5 + * + * Used by the various key handlers + * + * @param string $str + * @return array + */ + public function extractSecret($str) + { + if (strlen($str) != 32) { + throw new \LengthException('Private Key should be 32-bytes long'); + } + // 1. Hash the 32-byte private key using SHA-512, storing the digest in + // a 64-octet large buffer, denoted h. Only the lower 32 bytes are + // used for generating the public key. + $hash = new Hash('sha512'); + $h = $hash->hash($str); + $h = substr($h, 0, 32); + // 2. Prune the buffer: The lowest three bits of the first octet are + // cleared, the highest bit of the last octet is cleared, and the + // second highest bit of the last octet is set. + $h[0] = $h[0] & chr(0xF8); + $h = strrev($h); + $h[0] = ($h[0] & chr(0x3F)) | chr(0x40); + // 3. Interpret the buffer as the little-endian integer, forming a + // secret scalar s. + $dA = new BigInteger($h, 256); + + return [ + 'dA' => $dA, + 'secret' => $str + ]; + } + + /** + * Encode a point as a string + * + * @param array $point + * @return string + */ + public function encodePoint($point) + { + list($x, $y) = $point; + $y = $y->toBytes(); + $y[0] = $y[0] & chr(0x7F); + if ($x->isOdd()) { + $y[0] = $y[0] | chr(0x80); + } + $y = strrev($y); + + return $y; + } + + /** + * Creates a random scalar multiplier + * + * @return \phpseclib3\Math\PrimeField\Integer + */ + public function createRandomMultiplier() + { + return $this->extractSecret(Random::string(32))['dA']; + } + + /** + * Converts an affine point to an extended homogeneous coordinate + * + * From https://tools.ietf.org/html/rfc8032#section-5.1.4 : + * + * A point (x,y) is represented in extended homogeneous coordinates (X, Y, Z, T), + * with x = X/Z, y = Y/Z, x * y = T/Z. + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToInternal(array $p) + { + if (empty($p)) { + return [clone $this->zero, clone $this->one, clone $this->one, clone $this->zero]; + } + + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + $p[3] = $p[0]->multiply($p[1]); + + return $p; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + if (!isset($p[2])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + // from https://tools.ietf.org/html/rfc8032#page-12 + + list($x1, $y1, $z1, $t1) = $p; + + $a = $x1->multiply($x1); + $b = $y1->multiply($y1); + $c = $this->two->multiply($z1)->multiply($z1); + $h = $a->add($b); + $temp = $x1->add($y1); + $e = $h->subtract($temp->multiply($temp)); + $g = $a->subtract($b); + $f = $c->add($g); + + $x3 = $e->multiply($f); + $y3 = $g->multiply($h); + $t3 = $e->multiply($h); + $z3 = $f->multiply($g); + + return [$x3, $y3, $z3, $t3]; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + if (!isset($p[2]) || !isset($q[2])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + return !$p[1]->equals($q[1]) ? [] : $this->doublePoint($p); + } + + // from https://tools.ietf.org/html/rfc8032#page-12 + + list($x1, $y1, $z1, $t1) = $p; + list($x2, $y2, $z2, $t2) = $q; + + $a = $y1->subtract($x1)->multiply($y2->subtract($x2)); + $b = $y1->add($x1)->multiply($y2->add($x2)); + $c = $t1->multiply($this->two)->multiply($this->d)->multiply($t2); + $d = $z1->multiply($this->two)->multiply($z2); + $e = $b->subtract($a); + $f = $d->subtract($c); + $g = $d->add($c); + $h = $b->add($a); + + $x3 = $e->multiply($f); + $y3 = $g->multiply($h); + $t3 = $e->multiply($h); + $z3 = $f->multiply($g); + + return [$x3, $y3, $z3, $t3]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Ed448.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Ed448.php new file mode 100644 index 0000000..5451f90 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/Ed448.php @@ -0,0 +1,273 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Math\BigInteger; + +class Ed448 extends TwistedEdwards +{ + const HASH = 'shake256-912'; + const SIZE = 57; + + public function __construct() + { + // 2^448 - 2^224 - 1 + $this->setModulo(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF', + 16 + )); + $this->setCoefficients( + new BigInteger(1), + // -39081 + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6756', 16) + ); + $this->setBasePoint( + new BigInteger('4F1970C66BED0DED221D15A622BF36DA9E146570470F1767EA6DE324' . + 'A3D3A46412AE1AF72AB66511433B80E18B00938E2626A82BC70CC05E', 16), + new BigInteger('693F46716EB6BC248876203756C9C7624BEA73736CA3984087789C1E' . + '05A0C2D73AD3FF1CE67C39C4FDBD132C4ED7C8AD9808795BF230FA14', 16) + ); + $this->setOrder(new BigInteger( + '3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + '7CCA23E9C44EDB49AED63690216CC2728DC58F552378C292AB5844F3', + 16 + )); + } + + /** + * Recover X from Y + * + * Implements steps 2-4 at https://tools.ietf.org/html/rfc8032#section-5.2.3 + * + * Used by EC\Keys\Common.php + * + * @param BigInteger $y + * @param boolean $sign + * @return object[] + */ + public function recoverX(BigInteger $y, $sign) + { + $y = $this->factory->newInteger($y); + + $y2 = $y->multiply($y); + $u = $y2->subtract($this->one); + $v = $this->d->multiply($y2)->subtract($this->one); + $x2 = $u->divide($v); + if ($x2->equals($this->zero)) { + if ($sign) { + throw new \RuntimeException('Unable to recover X coordinate (x2 = 0)'); + } + return clone $this->zero; + } + // find the square root + $exp = $this->getModulo()->add(new BigInteger(1)); + $exp = $exp->bitwise_rightShift(2); + $x = $x2->pow($exp); + + if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) { + throw new \RuntimeException('Unable to recover X coordinate'); + } + if ($x->isOdd() != $sign) { + $x = $x->negate(); + } + + return [$x, $y]; + } + + /** + * Extract Secret Scalar + * + * Implements steps 1-3 at https://tools.ietf.org/html/rfc8032#section-5.2.5 + * + * Used by the various key handlers + * + * @param string $str + * @return array + */ + public function extractSecret($str) + { + if (strlen($str) != 57) { + throw new \LengthException('Private Key should be 57-bytes long'); + } + // 1. Hash the 57-byte private key using SHAKE256(x, 114), storing the + // digest in a 114-octet large buffer, denoted h. Only the lower 57 + // bytes are used for generating the public key. + $hash = new Hash('shake256-912'); + $h = $hash->hash($str); + $h = substr($h, 0, 57); + // 2. Prune the buffer: The two least significant bits of the first + // octet are cleared, all eight bits the last octet are cleared, and + // the highest bit of the second to last octet is set. + $h[0] = $h[0] & chr(0xFC); + $h = strrev($h); + $h[0] = "\0"; + $h[1] = $h[1] | chr(0x80); + // 3. Interpret the buffer as the little-endian integer, forming a + // secret scalar s. + $dA = new BigInteger($h, 256); + + return [ + 'dA' => $dA, + 'secret' => $str + ]; + + $dA->secret = $str; + return $dA; + } + + /** + * Encode a point as a string + * + * @param array $point + * @return string + */ + public function encodePoint($point) + { + list($x, $y) = $point; + $y = "\0" . $y->toBytes(); + if ($x->isOdd()) { + $y[0] = $y[0] | chr(0x80); + } + $y = strrev($y); + + return $y; + } + + /** + * Creates a random scalar multiplier + * + * @return \phpseclib3\Math\PrimeField\Integer + */ + public function createRandomMultiplier() + { + return $this->extractSecret(Random::string(57))['dA']; + } + + /** + * Converts an affine point to an extended homogeneous coordinate + * + * From https://tools.ietf.org/html/rfc8032#section-5.2.4 : + * + * A point (x,y) is represented in extended homogeneous coordinates (X, Y, Z, T), + * with x = X/Z, y = Y/Z, x * y = T/Z. + * + * @return \phpseclib3\Math\PrimeField\Integer[] + */ + public function convertToInternal(array $p) + { + if (empty($p)) { + return [clone $this->zero, clone $this->one, clone $this->one]; + } + + if (isset($p[2])) { + return $p; + } + + $p[2] = clone $this->one; + + return $p; + } + + /** + * Doubles a point on a curve + * + * @return FiniteField[] + */ + public function doublePoint(array $p) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p)) { + return []; + } + + if (!isset($p[2])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + // from https://tools.ietf.org/html/rfc8032#page-18 + + list($x1, $y1, $z1) = $p; + + $b = $x1->add($y1); + $b = $b->multiply($b); + $c = $x1->multiply($x1); + $d = $y1->multiply($y1); + $e = $c->add($d); + $h = $z1->multiply($z1); + $j = $e->subtract($this->two->multiply($h)); + + $x3 = $b->subtract($e)->multiply($j); + $y3 = $c->subtract($d)->multiply($e); + $z3 = $e->multiply($j); + + return [$x3, $y3, $z3]; + } + + /** + * Adds two points on the curve + * + * @return FiniteField[] + */ + public function addPoint(array $p, array $q) + { + if (!isset($this->factory)) { + throw new \RuntimeException('setModulo needs to be called before this method'); + } + + if (!count($p) || !count($q)) { + if (count($q)) { + return $q; + } + if (count($p)) { + return $p; + } + return []; + } + + if (!isset($p[2]) || !isset($q[2])) { + throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa'); + } + + if ($p[0]->equals($q[0])) { + return !$p[1]->equals($q[1]) ? [] : $this->doublePoint($p); + } + + // from https://tools.ietf.org/html/rfc8032#page-17 + + list($x1, $y1, $z1) = $p; + list($x2, $y2, $z2) = $q; + + $a = $z1->multiply($z2); + $b = $a->multiply($a); + $c = $x1->multiply($x2); + $d = $y1->multiply($y2); + $e = $this->d->multiply($c)->multiply($d); + $f = $b->subtract($e); + $g = $b->add($e); + $h = $x1->add($y1)->multiply($x2->add($y2)); + + $x3 = $a->multiply($f)->multiply($h->subtract($c)->subtract($d)); + $y3 = $a->multiply($g)->multiply($d->subtract($c)); + $z3 = $f->multiply($g); + + return [$x3, $y3, $z3]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP160r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP160r1.php new file mode 100644 index 0000000..7bc2272 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP160r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP160r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('E95E4A5F737059DC60DFC7AD95B3D8139515620F', 16)); + $this->setCoefficients( + new BigInteger('340E7BE2A280EB74E2BE61BADA745D97E8F7C300', 16), + new BigInteger('1E589A8595423412134FAA2DBDEC95C8D8675E58', 16) + ); + $this->setBasePoint( + new BigInteger('BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3', 16), + new BigInteger('1667CB477A1A8EC338F94741669C976316DA6321', 16) + ); + $this->setOrder(new BigInteger('E95E4A5F737059DC60DF5991D45029409E60FC09', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP160t1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP160t1.php new file mode 100644 index 0000000..ebfb29a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP160t1.php @@ -0,0 +1,47 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP160t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('E95E4A5F737059DC60DFC7AD95B3D8139515620F', 16)); + $this->setCoefficients( + new BigInteger('E95E4A5F737059DC60DFC7AD95B3D8139515620C', 16), // eg. -3 + new BigInteger('7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380', 16) + ); + $this->setBasePoint( + new BigInteger('B199B13B9B34EFC1397E64BAEB05ACC265FF2378', 16), + new BigInteger('ADD6718B7C7C1961F0991B842443772152C9E0AD', 16) + ); + $this->setOrder(new BigInteger('E95E4A5F737059DC60DF5991D45029409E60FC09', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP192r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP192r1.php new file mode 100644 index 0000000..6ec848b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP192r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP192r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297', 16)); + $this->setCoefficients( + new BigInteger('6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF', 16), + new BigInteger('469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9', 16) + ); + $this->setBasePoint( + new BigInteger('C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6', 16), + new BigInteger('14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F', 16) + ); + $this->setOrder(new BigInteger('C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP192t1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP192t1.php new file mode 100644 index 0000000..e6a86bb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP192t1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP192t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297', 16)); + $this->setCoefficients( + new BigInteger('C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294', 16), // eg. -3 + new BigInteger('13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79', 16) + ); + $this->setBasePoint( + new BigInteger('3AE9E58C82F63C30282E1FE7BBF43FA72C446AF6F4618129', 16), + new BigInteger('097E2C5667C2223A902AB5CA449D0084B7E5B3DE7CCC01C9', 16) + ); + $this->setOrder(new BigInteger('C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP224r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP224r1.php new file mode 100644 index 0000000..3d7d872 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP224r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP224r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF', 16)); + $this->setCoefficients( + new BigInteger('68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43', 16), + new BigInteger('2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B', 16) + ); + $this->setBasePoint( + new BigInteger('0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D', 16), + new BigInteger('58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD', 16) + ); + $this->setOrder(new BigInteger('D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP224t1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP224t1.php new file mode 100644 index 0000000..3d4f928 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP224t1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP224t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF', 16)); + $this->setCoefficients( + new BigInteger('D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC', 16), // eg. -3 + new BigInteger('4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D', 16) + ); + $this->setBasePoint( + new BigInteger('6AB1E344CE25FF3896424E7FFE14762ECB49F8928AC0C76029B4D580', 16), + new BigInteger('0374E9F5143E568CD23F3F4D7C0D4B1E41C8CC0D1C6ABD5F1A46DB4C', 16) + ); + $this->setOrder(new BigInteger('D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP256r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP256r1.php new file mode 100644 index 0000000..5780da7 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP256r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP256r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377', 16)); + $this->setCoefficients( + new BigInteger('7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9', 16), + new BigInteger('26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6', 16) + ); + $this->setBasePoint( + new BigInteger('8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262', 16), + new BigInteger('547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997', 16) + ); + $this->setOrder(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP256t1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP256t1.php new file mode 100644 index 0000000..724d8b8 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP256t1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP256t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377', 16)); + $this->setCoefficients( + new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374', 16), // eg. -3 + new BigInteger('662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04', 16) + ); + $this->setBasePoint( + new BigInteger('A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4', 16), + new BigInteger('2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE', 16) + ); + $this->setOrder(new BigInteger('A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP320r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP320r1.php new file mode 100644 index 0000000..182e622 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP320r1.php @@ -0,0 +1,40 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP320r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F9' . + '2B9EC7893EC28FCD412B1F1B32E27', 16)); + $this->setCoefficients( + new BigInteger('3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F4' . + '92F375A97D860EB4', 16), + new BigInteger('520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD88453981' . + '6F5EB4AC8FB1F1A6', 16) + ); + $this->setBasePoint( + new BigInteger('43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C7' . + '10AF8D0D39E20611', 16), + new BigInteger('14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7' . + 'D35245D1692E8EE1', 16) + ); + $this->setOrder(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D4' . + '82EC7EE8658E98691555B44C59311', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP320t1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP320t1.php new file mode 100644 index 0000000..d5a620d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP320t1.php @@ -0,0 +1,40 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP320t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F9' . + '2B9EC7893EC28FCD412B1F1B32E27', 16)); + $this->setCoefficients( + new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28' . + 'FCD412B1F1B32E24', 16), // eg. -3 + new BigInteger('A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CE' . + 'B5B4FEF422340353', 16) + ); + $this->setBasePoint( + new BigInteger('925BE9FB01AFC6FB4D3E7D4990010F813408AB106C4F09CB7EE07868CC136FFF' . + '3357F624A21BED52', 16), + new BigInteger('63BA3A7A27483EBF6671DBEF7ABB30EBEE084E58A0B077AD42A5A0989D1EE71B' . + '1B9BC0455FB0D2C3', 16) + ); + $this->setOrder(new BigInteger('D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D4' . + '82EC7EE8658E98691555B44C59311', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP384r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP384r1.php new file mode 100644 index 0000000..a20b4b4 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP384r1.php @@ -0,0 +1,58 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP384r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A7' . + '1874700133107EC53', + 16 + )); + $this->setCoefficients( + new BigInteger( + '7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503' . + 'AD4EB04A8C7DD22CE2826', + 16 + ), + new BigInteger( + '4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DB' . + 'C9943AB78696FA504C11', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D' . + '646AAEF87B2E247D4AF1E', + 16 + ), + new BigInteger( + '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E464621779' . + '1811142820341263C5315', + 16 + ) + ); + $this->setOrder(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC31' . + '03B883202E9046565', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP384t1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP384t1.php new file mode 100644 index 0000000..366660e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP384t1.php @@ -0,0 +1,58 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP384t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A7' . + '1874700133107EC53', + 16 + )); + $this->setCoefficients( + new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901' . + 'D1A71874700133107EC50', + 16 + ), // eg. -3 + new BigInteger( + '7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B8' . + '8805CED70355A33B471EE', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '18DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946' . + 'A5F54D8D0AA2F418808CC', + 16 + ), + new BigInteger( + '25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC' . + '2B2912675BF5B9E582928', + 16 + ) + ); + $this->setOrder(new BigInteger( + '8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC31' . + '03B883202E9046565', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP512r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP512r1.php new file mode 100644 index 0000000..5efe5e1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP512r1.php @@ -0,0 +1,58 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP512r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC' . + '66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3', + 16 + )); + $this->setCoefficients( + new BigInteger( + '7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA82' . + '53AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA', + 16 + ), + new BigInteger( + '3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C' . + '1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D' . + '0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822', + 16 + ), + new BigInteger( + '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5' . + 'F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892', + 16 + ) + ); + $this->setOrder(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA' . + '92619418661197FAC10471DB1D381085DDADDB58796829CA90069', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP512t1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP512t1.php new file mode 100644 index 0000000..745863a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/brainpoolP512t1.php @@ -0,0 +1,58 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class brainpoolP512t1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC' . + '66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3', + 16 + )); + $this->setCoefficients( + new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC' . + '66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F0', + 16 + ), // eg. -3 + new BigInteger( + '7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA23049' . + '76540F6450085F2DAE145C22553B465763689180EA2571867423E', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + '640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CD' . + 'B3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA', + 16 + ), + new BigInteger( + '5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEE' . + 'F216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332', + 16 + ) + ); + $this->setOrder(new BigInteger( + 'AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA' . + '92619418661197FAC10471DB1D381085DDADDB58796829CA90069', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistb233.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistb233.php new file mode 100644 index 0000000..bae12b0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistb233.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistb233 extends sect233r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistb409.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistb409.php new file mode 100644 index 0000000..a46153d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistb409.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistb409 extends sect409r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk163.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk163.php new file mode 100644 index 0000000..8b26376 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk163.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk163 extends sect163k1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk233.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk233.php new file mode 100644 index 0000000..69e1413 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk233.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk233 extends sect233k1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk283.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk283.php new file mode 100644 index 0000000..9e95f10 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk283.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk283 extends sect283k1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk409.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk409.php new file mode 100644 index 0000000..06bd9af --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistk409.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistk409 extends sect409k1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp192.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp192.php new file mode 100644 index 0000000..ddead3c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp192.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp192 extends secp192r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp224.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp224.php new file mode 100644 index 0000000..746571b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp224.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp224 extends secp224r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp256.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp256.php new file mode 100644 index 0000000..a26c0f9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp256.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp256 extends secp256r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp384.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp384.php new file mode 100644 index 0000000..1f20c02 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp384.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp384 extends secp384r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp521.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp521.php new file mode 100644 index 0000000..86fa050 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistp521.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistp521 extends secp521r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistt571.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistt571.php new file mode 100644 index 0000000..7908b38 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/nistt571.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class nistt571 extends sect571k1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v1.php new file mode 100644 index 0000000..e9c13cd --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v1.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class prime192v1 extends secp192r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v2.php new file mode 100644 index 0000000..e3e341f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v2.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime192v2 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC', 16), + new BigInteger('CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953', 16) + ); + $this->setBasePoint( + new BigInteger('EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A', 16), + new BigInteger('6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v3.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v3.php new file mode 100644 index 0000000..1e97992 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime192v3.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime192v3 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC', 16), + new BigInteger('22123DC2395A05CAA7423DAECCC94760A7D462256BD56916', 16) + ); + $this->setBasePoint( + new BigInteger('7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896', 16), + new BigInteger('38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v1.php new file mode 100644 index 0000000..084be9d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime239v1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC', 16), + new BigInteger('6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A', 16) + ); + $this->setBasePoint( + new BigInteger('0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF', 16), + new BigInteger('7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE', 16) + ); + $this->setOrder(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v2.php new file mode 100644 index 0000000..21941b8 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v2.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime239v2 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC', 16), + new BigInteger('617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C', 16) + ); + $this->setBasePoint( + new BigInteger('38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7', 16), + new BigInteger('5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA', 16) + ); + $this->setOrder(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v3.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v3.php new file mode 100644 index 0000000..78c50f0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime239v3.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class prime239v3 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC', 16), + new BigInteger('255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E', 16) + ); + $this->setBasePoint( + new BigInteger('6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A', 16), + new BigInteger('1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3', 16) + ); + $this->setOrder(new BigInteger('7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime256v1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime256v1.php new file mode 100644 index 0000000..c72b22e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/prime256v1.php @@ -0,0 +1,18 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +final class prime256v1 extends secp256r1 +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp112r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp112r1.php new file mode 100644 index 0000000..d1d3194 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp112r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp112r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('DB7C2ABF62E35E668076BEAD208B', 16)); + $this->setCoefficients( + new BigInteger('DB7C2ABF62E35E668076BEAD2088', 16), + new BigInteger('659EF8BA043916EEDE8911702B22', 16) + ); + $this->setBasePoint( + new BigInteger('09487239995A5EE76B55F9C2F098', 16), + new BigInteger('A89CE5AF8724C0A23E0E0FF77500', 16) + ); + $this->setOrder(new BigInteger('DB7C2ABF62E35E7628DFAC6561C5', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp112r2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp112r2.php new file mode 100644 index 0000000..da44e7f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp112r2.php @@ -0,0 +1,35 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp112r2 extends Prime +{ + public function __construct() + { + // same modulo as secp112r1 + $this->setModulo(new BigInteger('DB7C2ABF62E35E668076BEAD208B', 16)); + $this->setCoefficients( + new BigInteger('6127C24C05F38A0AAAF65C0EF02C', 16), + new BigInteger('51DEF1815DB5ED74FCC34C85D709', 16) + ); + $this->setBasePoint( + new BigInteger('4BA30AB5E892B4E1649DD0928643', 16), + new BigInteger('ADCD46F5882E3747DEF36E956E97', 16) + ); + $this->setOrder(new BigInteger('36DF0AAFD8B8D7597CA10520D04B', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp128r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp128r1.php new file mode 100644 index 0000000..34456bc --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp128r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp128r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC', 16), + new BigInteger('E87579C11079F43DD824993C2CEE5ED3', 16) + ); + $this->setBasePoint( + new BigInteger('161FF7528B899B2D0C28607CA52C5B86', 16), + new BigInteger('CF5AC8395BAFEB13C02DA292DDED7A83', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFE0000000075A30D1B9038A115', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp128r2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp128r2.php new file mode 100644 index 0000000..e102c34 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp128r2.php @@ -0,0 +1,35 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp128r2 extends Prime +{ + public function __construct() + { + // same as secp128r1 + $this->setModulo(new BigInteger('FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('D6031998D1B3BBFEBF59CC9BBFF9AEE1', 16), + new BigInteger('5EEEFCA380D02919DC2C6558BB6D8A5D', 16) + ); + $this->setBasePoint( + new BigInteger('7B6AA5D85E572983E6FB32A7CDEBC140', 16), + new BigInteger('27B6916A894D3AEE7106FE805FC34B44', 16) + ); + $this->setOrder(new BigInteger('3FFFFFFF7FFFFFFFBE0024720613B5A3', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160k1.php new file mode 100644 index 0000000..c6a3334 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160k1.php @@ -0,0 +1,46 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +class secp160k1 extends KoblitzPrime +{ + public function __construct() + { + // same as secp160r2 + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73', 16)); + $this->setCoefficients( + new BigInteger('0000000000000000000000000000000000000000', 16), + new BigInteger('0000000000000000000000000000000000000007', 16) + ); + $this->setBasePoint( + new BigInteger('3B4C382CE37AA192A4019E763036F4F5DD4D7EBB', 16), + new BigInteger('938CF935318FDCED6BC28286531733C3F03C4FEE', 16) + ); + $this->setOrder(new BigInteger('0100000000000000000001B8FA16DFAB9ACA16B6B3', 16)); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('0096341F1138933BC2F505', -16), + 'b' => new BigInteger('FF6E9D0418C67BB8D5F562', -16) + ]; + $this->basis[] = [ + 'a' => new BigInteger('01BDCB3A09AAAABEAFF4A8', -16), + 'b' => new BigInteger('04D12329FF0EF498EA67', -16) + ]; + $this->beta = $this->factory->newInteger(new BigInteger('645B7345A143464942CC46D7CF4D5D1E1E6CBB68', -16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160r1.php new file mode 100644 index 0000000..af46877 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp160r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC', 16), + new BigInteger('1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45', 16) + ); + $this->setBasePoint( + new BigInteger('4A96B5688EF573284664698968C38BB913CBFC82', 16), + new BigInteger('23A628553168947D59DCC912042351377AC5FB32', 16) + ); + $this->setOrder(new BigInteger('0100000000000000000001F4C8F927AED3CA752257', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160r2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160r2.php new file mode 100644 index 0000000..9bd23d2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp160r2.php @@ -0,0 +1,35 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp160r2 extends Prime +{ + public function __construct() + { + // same as secp160k1 + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70', 16), + new BigInteger('B4E134D3FB59EB8BAB57274904664D5AF50388BA', 16) + ); + $this->setBasePoint( + new BigInteger('52DCB034293A117E1F4FF11B30F7199D3144CE6D', 16), + new BigInteger('FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E', 16) + ); + $this->setOrder(new BigInteger('0100000000000000000000351EE786A818F3A1A16B', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp192k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp192k1.php new file mode 100644 index 0000000..79ff2e0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp192k1.php @@ -0,0 +1,45 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +class secp192k1 extends KoblitzPrime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37', 16)); + $this->setCoefficients( + new BigInteger('000000000000000000000000000000000000000000000000', 16), + new BigInteger('000000000000000000000000000000000000000000000003', 16) + ); + $this->setBasePoint( + new BigInteger('DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D', 16), + new BigInteger('9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D', 16)); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('00B3FB3400DEC5C4ADCEB8655C', -16), + 'b' => new BigInteger('8EE96418CCF4CFC7124FDA0F', -16) + ]; + $this->basis[] = [ + 'a' => new BigInteger('01D90D03E8F096B9948B20F0A9', -16), + 'b' => new BigInteger('42E49819ABBA9474E1083F6B', -16) + ]; + $this->beta = $this->factory->newInteger(new BigInteger('447A96E6C647963E2F7809FEAAB46947F34B0AA3CA0BBA74', -16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp192r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp192r1.php new file mode 100644 index 0000000..83ab1c7 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp192r1.php @@ -0,0 +1,78 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp192r1 extends Prime +{ + public function __construct() + { + $modulo = new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF', 16); + $this->setModulo($modulo); + + // algorithm 2.27 from http://diamond.boisestate.edu/~liljanab/MATH308/GuideToECC.pdf#page=66 + /* in theory this should be faster than regular modular reductions save for one small issue. + to convert to / from base-2**8 with BCMath you have to call bcmul() and bcdiv() a lot. + to convert to / from base-2**8 with PHP64 you have to call base256_rshift() a lot. + in short, converting to / from base-2**8 is pretty expensive and that expense is + enough to offset whatever else might be gained by a simplified reduction algorithm. + now, if PHP supported unsigned integers things might be different. no bit-shifting + would be required for the PHP engine and it'd be a lot faster. but as is, BigInteger + uses base-2**31 or base-2**26 depending on whether or not the system is has a 32-bit + or a 64-bit OS. + */ + /* + $m_length = $this->getLengthInBytes(); + $this->setReduction(function($c) use ($m_length) { + $cBytes = $c->toBytes(); + $className = $this->className; + + if (strlen($cBytes) > 2 * $m_length) { + list(, $r) = $c->divide($className::$modulo); + return $r; + } + + $c = str_pad($cBytes, 48, "\0", STR_PAD_LEFT); + $c = array_reverse(str_split($c, 8)); + + $null = "\0\0\0\0\0\0\0\0"; + $s1 = new BigInteger($c[2] . $c[1] . $c[0], 256); + $s2 = new BigInteger($null . $c[3] . $c[3], 256); + $s3 = new BigInteger($c[4] . $c[4] . $null, 256); + $s4 = new BigInteger($c[5] . $c[5] . $c[5], 256); + + $r = $s1->add($s2)->add($s3)->add($s4); + while ($r->compare($className::$modulo) >= 0) { + $r = $r->subtract($className::$modulo); + } + + return $r; + }); + */ + + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC', 16), + new BigInteger('64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1', 16) + ); + $this->setBasePoint( + new BigInteger('188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012', 16), + new BigInteger('07192B95FFC8DA78631011ED6B24CDD573F977A11E794811', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp224k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp224k1.php new file mode 100644 index 0000000..79a5c54 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp224k1.php @@ -0,0 +1,45 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +class secp224k1 extends KoblitzPrime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D', 16)); + $this->setCoefficients( + new BigInteger('00000000000000000000000000000000000000000000000000000000', 16), + new BigInteger('00000000000000000000000000000000000000000000000000000005', 16) + ); + $this->setBasePoint( + new BigInteger('A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C', 16), + new BigInteger('7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5', 16) + ); + $this->setOrder(new BigInteger('010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7', 16)); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('00B8ADF1378A6EB73409FA6C9C637D', -16), + 'b' => new BigInteger('94730F82B358A3776A826298FA6F', -16) + ]; + $this->basis[] = [ + 'a' => new BigInteger('01DCE8D2EC6184CAF0A972769FCC8B', -16), + 'b' => new BigInteger('4D2100BA3DC75AAB747CCF355DEC', -16) + ]; + $this->beta = $this->factory->newInteger(new BigInteger('01F178FFA4B17C89E6F73AECE2AAD57AF4C0A748B63C830947B27E04', -16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp224r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp224r1.php new file mode 100644 index 0000000..a9e474a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp224r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp224r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE', 16), + new BigInteger('B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4', 16) + ); + $this->setBasePoint( + new BigInteger('B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21', 16), + new BigInteger('BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp256k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp256k1.php new file mode 100644 index 0000000..462e7a1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp256k1.php @@ -0,0 +1,49 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +//use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime; +use phpseclib3\Math\BigInteger; + +//class secp256k1 extends Prime +class secp256k1 extends KoblitzPrime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F', 16)); + $this->setCoefficients( + new BigInteger('0000000000000000000000000000000000000000000000000000000000000000', 16), + new BigInteger('0000000000000000000000000000000000000000000000000000000000000007', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141', 16)); + $this->setBasePoint( + new BigInteger('79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798', 16), + new BigInteger('483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8', 16) + ); + + $this->basis = []; + $this->basis[] = [ + 'a' => new BigInteger('3086D221A7D46BCDE86C90E49284EB15', -16), + 'b' => new BigInteger('FF1BBC8129FEF177D790AB8056F5401B3D', -16) + ]; + $this->basis[] = [ + 'a' => new BigInteger('114CA50F7A8E2F3F657C1108D9D44CFD8', -16), + 'b' => new BigInteger('3086D221A7D46BCDE86C90E49284EB15', -16) + ]; + $this->beta = $this->factory->newInteger(new BigInteger('7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE', -16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp256r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp256r1.php new file mode 100644 index 0000000..9003373 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp256r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp256r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF', 16)); + $this->setCoefficients( + new BigInteger('FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC', 16), + new BigInteger('5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B', 16) + ); + $this->setBasePoint( + new BigInteger('6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296', 16), + new BigInteger('4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5', 16) + ); + $this->setOrder(new BigInteger('FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp384r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp384r1.php new file mode 100644 index 0000000..98764a3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp384r1.php @@ -0,0 +1,52 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp384r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF', + 16 + )); + $this->setCoefficients( + new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC', + 16 + ), + new BigInteger( + 'B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF', + 16 + ) + ); + $this->setBasePoint( + new BigInteger( + 'AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7', + 16 + ), + new BigInteger( + '3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F', + 16 + ) + ); + $this->setOrder(new BigInteger( + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp521r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp521r1.php new file mode 100644 index 0000000..b89a4ea --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/secp521r1.php @@ -0,0 +1,46 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Prime; +use phpseclib3\Math\BigInteger; + +class secp521r1 extends Prime +{ + public function __construct() + { + $this->setModulo(new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFF', 16)); + $this->setCoefficients( + new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFC', 16), + new BigInteger('0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF1' . + '09E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B50' . + '3F00', 16) + ); + $this->setBasePoint( + new BigInteger('00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D' . + '3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5' . + 'BD66', 16), + new BigInteger('011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E' . + '662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD1' . + '6650', 16) + ); + $this->setOrder(new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'FFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E9138' . + '6409', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect113r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect113r1.php new file mode 100644 index 0000000..77ec760 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect113r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect113r1 extends Binary +{ + public function __construct() + { + $this->setModulo(113, 9, 0); + $this->setCoefficients( + '003088250CA6E7C7FE649CE85820F7', + '00E8BEE4D3E2260744188BE0E9C723' + ); + $this->setBasePoint( + '009D73616F35F4AB1407D73562C10F', + '00A52830277958EE84D1315ED31886' + ); + $this->setOrder(new BigInteger('0100000000000000D9CCEC8A39E56F', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect113r2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect113r2.php new file mode 100644 index 0000000..2185d60 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect113r2.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect113r2 extends Binary +{ + public function __construct() + { + $this->setModulo(113, 9, 0); + $this->setCoefficients( + '00689918DBEC7E5A0DD6DFC0AA55C7', + '0095E9A9EC9B297BD4BF36E059184F' + ); + $this->setBasePoint( + '01A57A6A7B26CA5EF52FCDB8164797', + '00B3ADC94ED1FE674C06E695BABA1D' + ); + $this->setOrder(new BigInteger('010000000000000108789B2496AF93', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect131r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect131r1.php new file mode 100644 index 0000000..1365cb6 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect131r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect131r1 extends Binary +{ + public function __construct() + { + $this->setModulo(131, 8, 3, 2, 0); + $this->setCoefficients( + '07A11B09A76B562144418FF3FF8C2570B8', + '0217C05610884B63B9C6C7291678F9D341' + ); + $this->setBasePoint( + '0081BAF91FDF9833C40F9C181343638399', + '078C6E7EA38C001F73C8134B1B4EF9E150' + ); + $this->setOrder(new BigInteger('0400000000000000023123953A9464B54D', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect131r2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect131r2.php new file mode 100644 index 0000000..93c11b2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect131r2.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect131r2 extends Binary +{ + public function __construct() + { + $this->setModulo(131, 8, 3, 2, 0); + $this->setCoefficients( + '03E5A88919D7CAFCBF415F07C2176573B2', + '04B8266A46C55657AC734CE38F018F2192' + ); + $this->setBasePoint( + '0356DCD8F2F95031AD652D23951BB366A8', + '0648F06D867940A5366D9E265DE9EB240F' + ); + $this->setOrder(new BigInteger('0400000000000000016954A233049BA98F', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163k1.php new file mode 100644 index 0000000..3c8574b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163k1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect163k1 extends Binary +{ + public function __construct() + { + $this->setModulo(163, 7, 6, 3, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000001', + '000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8', + '0289070FB05D38FF58321F2E800536D538CCDAA3D9' + ); + $this->setOrder(new BigInteger('04000000000000000000020108A2E0CC0D99F8A5EF', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163r1.php new file mode 100644 index 0000000..26afd87 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect163r1 extends Binary +{ + public function __construct() + { + $this->setModulo(163, 7, 6, 3, 0); + $this->setCoefficients( + '07B6882CAAEFA84F9554FF8428BD88E246D2782AE2', + '0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9' + ); + $this->setBasePoint( + '0369979697AB43897789566789567F787A7876A654', + '00435EDB42EFAFB2989D51FEFCE3C80988F41FF883' + ); + $this->setOrder(new BigInteger('03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163r2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163r2.php new file mode 100644 index 0000000..38f9466 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect163r2.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect163r2 extends Binary +{ + public function __construct() + { + $this->setModulo(163, 7, 6, 3, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000001', + '020A601907B8C953CA1481EB10512F78744A3205FD' + ); + $this->setBasePoint( + '03F0EBA16286A2D57EA0991168D4994637E8343E36', + '00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1' + ); + $this->setOrder(new BigInteger('040000000000000000000292FE77E70C12A4234C33', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect193r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect193r1.php new file mode 100644 index 0000000..951f261 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect193r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect193r1 extends Binary +{ + public function __construct() + { + $this->setModulo(193, 15, 0); + $this->setCoefficients( + '0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01', + '00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814' + ); + $this->setBasePoint( + '01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1', + '0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05' + ); + $this->setOrder(new BigInteger('01000000000000000000000000C7F34A778F443ACC920EBA49', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect193r2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect193r2.php new file mode 100644 index 0000000..e3ff47a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect193r2.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect193r2 extends Binary +{ + public function __construct() + { + $this->setModulo(193, 15, 0); + $this->setCoefficients( + '0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B', + '00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE' + ); + $this->setBasePoint( + '00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F', + '01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C' + ); + $this->setOrder(new BigInteger('010000000000000000000000015AAB561B005413CCD4EE99D5', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect233k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect233k1.php new file mode 100644 index 0000000..eea3f7a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect233k1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect233k1 extends Binary +{ + public function __construct() + { + $this->setModulo(233, 74, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126', + '01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3' + ); + $this->setOrder(new BigInteger('8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect233r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect233r1.php new file mode 100644 index 0000000..68219f0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect233r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect233r1 extends Binary +{ + public function __construct() + { + $this->setModulo(233, 74, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000001', + '0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD' + ); + $this->setBasePoint( + '00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B', + '01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052' + ); + $this->setOrder(new BigInteger('01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect239k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect239k1.php new file mode 100644 index 0000000..0e6994b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect239k1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect239k1 extends Binary +{ + public function __construct() + { + $this->setModulo(239, 158, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC', + '76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA' + ); + $this->setOrder(new BigInteger('2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect283k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect283k1.php new file mode 100644 index 0000000..279c24a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect283k1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect283k1 extends Binary +{ + public function __construct() + { + $this->setModulo(283, 12, 7, 5, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836', + '01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259' + ); + $this->setOrder(new BigInteger('01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect283r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect283r1.php new file mode 100644 index 0000000..e44a607 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect283r1.php @@ -0,0 +1,34 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect283r1 extends Binary +{ + public function __construct() + { + $this->setModulo(283, 12, 7, 5, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000001', + '027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5' + ); + $this->setBasePoint( + '05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053', + '03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4' + ); + $this->setOrder(new BigInteger('03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307', 16)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect409k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect409k1.php new file mode 100644 index 0000000..1fe329d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect409k1.php @@ -0,0 +1,38 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect409k1 extends Binary +{ + public function __construct() + { + $this->setModulo(409, 87, 0); + $this->setCoefficients( + '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', + '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746', + '01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B' + ); + $this->setOrder(new BigInteger( + '7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F' . + '83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect409r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect409r1.php new file mode 100644 index 0000000..3e209ef --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect409r1.php @@ -0,0 +1,38 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect409r1 extends Binary +{ + public function __construct() + { + $this->setModulo(409, 87, 0); + $this->setCoefficients( + '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001', + '0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F' + ); + $this->setBasePoint( + '015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7', + '0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706' + ); + $this->setOrder(new BigInteger( + '010000000000000000000000000000000000000000000000000001E2' . + 'AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php new file mode 100644 index 0000000..3c54eab --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php @@ -0,0 +1,42 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect571k1 extends Binary +{ + public function __construct() + { + $this->setModulo(571, 10, 5, 2, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000000' . + '000000000000000000000000000000000000000000000000000000000000000000000000', + '000000000000000000000000000000000000000000000000000000000000000000000000' . + '000000000000000000000000000000000000000000000000000000000000000000000001' + ); + $this->setBasePoint( + '026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709584' . + '93B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972', + '0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0' . + 'AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3' + ); + $this->setOrder(new BigInteger( + '020000000000000000000000000000000000000000000000000000000000000000000000' . + '131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php new file mode 100644 index 0000000..172c1af --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php @@ -0,0 +1,42 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Crypt\EC\Curves; + +use phpseclib3\Crypt\EC\BaseCurves\Binary; +use phpseclib3\Math\BigInteger; + +class sect571r1 extends Binary +{ + public function __construct() + { + $this->setModulo(571, 10, 5, 2, 0); + $this->setCoefficients( + '000000000000000000000000000000000000000000000000000000000000000000000000' . + '000000000000000000000000000000000000000000000000000000000000000000000001', + '02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD' . + '8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A' + ); + $this->setBasePoint( + '0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950' . + 'F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19', + '037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43' . + 'BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B' + ); + $this->setOrder(new BigInteger( + '03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' . + 'E661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47', + 16 + )); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/Common.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/Common.php new file mode 100644 index 0000000..743c07c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/Common.php @@ -0,0 +1,549 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Binary as BinaryCurve; +use phpseclib3\Crypt\EC\BaseCurves\Prime as PrimeCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * Generic EC Key Parsing Helper functions + * + * @author Jim Wigginton + */ +trait Common +{ + /** + * Curve OIDs + * + * @var array + */ + private static $curveOIDs = []; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Use Named Curves + * + * @var bool + */ + private static $useNamedCurves = true; + + /** + * Initialize static variables + */ + private static function initialize_static_variables() + { + if (empty(self::$curveOIDs)) { + // the sec* curves are from the standards for efficient cryptography group + // sect* curves are curves over binary finite fields + // secp* curves are curves over prime finite fields + // sec*r* curves are regular curves; sec*k* curves are koblitz curves + // brainpool*r* curves are regular prime finite field curves + // brainpool*t* curves are twisted versions of the brainpool*r* curves + self::$curveOIDs = [ + 'prime192v1' => '1.2.840.10045.3.1.1', // J.5.1, example 1 (aka secp192r1) + 'prime192v2' => '1.2.840.10045.3.1.2', // J.5.1, example 2 + 'prime192v3' => '1.2.840.10045.3.1.3', // J.5.1, example 3 + 'prime239v1' => '1.2.840.10045.3.1.4', // J.5.2, example 1 + 'prime239v2' => '1.2.840.10045.3.1.5', // J.5.2, example 2 + 'prime239v3' => '1.2.840.10045.3.1.6', // J.5.2, example 3 + 'prime256v1' => '1.2.840.10045.3.1.7', // J.5.3, example 1 (aka secp256r1) + + // https://tools.ietf.org/html/rfc5656#section-10 + 'nistp256' => '1.2.840.10045.3.1.7', // aka secp256r1 + 'nistp384' => '1.3.132.0.34', // aka secp384r1 + 'nistp521' => '1.3.132.0.35', // aka secp521r1 + + 'nistk163' => '1.3.132.0.1', // aka sect163k1 + 'nistp192' => '1.2.840.10045.3.1.1', // aka secp192r1 + 'nistp224' => '1.3.132.0.33', // aka secp224r1 + 'nistk233' => '1.3.132.0.26', // aka sect233k1 + 'nistb233' => '1.3.132.0.27', // aka sect233r1 + 'nistk283' => '1.3.132.0.16', // aka sect283k1 + 'nistk409' => '1.3.132.0.36', // aka sect409k1 + 'nistb409' => '1.3.132.0.37', // aka sect409r1 + 'nistt571' => '1.3.132.0.38', // aka sect571k1 + + // from https://tools.ietf.org/html/rfc5915 + 'secp192r1' => '1.2.840.10045.3.1.1', // aka prime192v1 + 'sect163k1' => '1.3.132.0.1', + 'sect163r2' => '1.3.132.0.15', + 'secp224r1' => '1.3.132.0.33', + 'sect233k1' => '1.3.132.0.26', + 'sect233r1' => '1.3.132.0.27', + 'secp256r1' => '1.2.840.10045.3.1.7', // aka prime256v1 + 'sect283k1' => '1.3.132.0.16', + 'sect283r1' => '1.3.132.0.17', + 'secp384r1' => '1.3.132.0.34', + 'sect409k1' => '1.3.132.0.36', + 'sect409r1' => '1.3.132.0.37', + 'secp521r1' => '1.3.132.0.35', + 'sect571k1' => '1.3.132.0.38', + 'sect571r1' => '1.3.132.0.39', + // from http://www.secg.org/SEC2-Ver-1.0.pdf + 'secp112r1' => '1.3.132.0.6', + 'secp112r2' => '1.3.132.0.7', + 'secp128r1' => '1.3.132.0.28', + 'secp128r2' => '1.3.132.0.29', + 'secp160k1' => '1.3.132.0.9', + 'secp160r1' => '1.3.132.0.8', + 'secp160r2' => '1.3.132.0.30', + 'secp192k1' => '1.3.132.0.31', + 'secp224k1' => '1.3.132.0.32', + 'secp256k1' => '1.3.132.0.10', + + 'sect113r1' => '1.3.132.0.4', + 'sect113r2' => '1.3.132.0.5', + 'sect131r1' => '1.3.132.0.22', + 'sect131r2' => '1.3.132.0.23', + 'sect163r1' => '1.3.132.0.2', + 'sect193r1' => '1.3.132.0.24', + 'sect193r2' => '1.3.132.0.25', + 'sect239k1' => '1.3.132.0.3', + + // from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977&rep=rep1&type=pdf#page=36 + /* + 'c2pnb163v1' => '1.2.840.10045.3.0.1', // J.4.1, example 1 + 'c2pnb163v2' => '1.2.840.10045.3.0.2', // J.4.1, example 2 + 'c2pnb163v3' => '1.2.840.10045.3.0.3', // J.4.1, example 3 + 'c2pnb172w1' => '1.2.840.10045.3.0.4', // J.4.2, example 1 + 'c2tnb191v1' => '1.2.840.10045.3.0.5', // J.4.3, example 1 + 'c2tnb191v2' => '1.2.840.10045.3.0.6', // J.4.3, example 2 + 'c2tnb191v3' => '1.2.840.10045.3.0.7', // J.4.3, example 3 + 'c2onb191v4' => '1.2.840.10045.3.0.8', // J.4.3, example 4 + 'c2onb191v5' => '1.2.840.10045.3.0.9', // J.4.3, example 5 + 'c2pnb208w1' => '1.2.840.10045.3.0.10', // J.4.4, example 1 + 'c2tnb239v1' => '1.2.840.10045.3.0.11', // J.4.5, example 1 + 'c2tnb239v2' => '1.2.840.10045.3.0.12', // J.4.5, example 2 + 'c2tnb239v3' => '1.2.840.10045.3.0.13', // J.4.5, example 3 + 'c2onb239v4' => '1.2.840.10045.3.0.14', // J.4.5, example 4 + 'c2onb239v5' => '1.2.840.10045.3.0.15', // J.4.5, example 5 + 'c2pnb272w1' => '1.2.840.10045.3.0.16', // J.4.6, example 1 + 'c2pnb304w1' => '1.2.840.10045.3.0.17', // J.4.7, example 1 + 'c2tnb359v1' => '1.2.840.10045.3.0.18', // J.4.8, example 1 + 'c2pnb368w1' => '1.2.840.10045.3.0.19', // J.4.9, example 1 + 'c2tnb431r1' => '1.2.840.10045.3.0.20', // J.4.10, example 1 + */ + + // http://www.ecc-brainpool.org/download/Domain-parameters.pdf + // https://tools.ietf.org/html/rfc5639 + 'brainpoolP160r1' => '1.3.36.3.3.2.8.1.1.1', + 'brainpoolP160t1' => '1.3.36.3.3.2.8.1.1.2', + 'brainpoolP192r1' => '1.3.36.3.3.2.8.1.1.3', + 'brainpoolP192t1' => '1.3.36.3.3.2.8.1.1.4', + 'brainpoolP224r1' => '1.3.36.3.3.2.8.1.1.5', + 'brainpoolP224t1' => '1.3.36.3.3.2.8.1.1.6', + 'brainpoolP256r1' => '1.3.36.3.3.2.8.1.1.7', + 'brainpoolP256t1' => '1.3.36.3.3.2.8.1.1.8', + 'brainpoolP320r1' => '1.3.36.3.3.2.8.1.1.9', + 'brainpoolP320t1' => '1.3.36.3.3.2.8.1.1.10', + 'brainpoolP384r1' => '1.3.36.3.3.2.8.1.1.11', + 'brainpoolP384t1' => '1.3.36.3.3.2.8.1.1.12', + 'brainpoolP512r1' => '1.3.36.3.3.2.8.1.1.13', + 'brainpoolP512t1' => '1.3.36.3.3.2.8.1.1.14' + ]; + ASN1::loadOIDs([ + 'prime-field' => '1.2.840.10045.1.1', + 'characteristic-two-field' => '1.2.840.10045.1.2', + 'characteristic-two-basis' => '1.2.840.10045.1.2.3', + // per http://www.secg.org/SEC1-Ver-1.0.pdf#page=84, gnBasis "not used here" + 'gnBasis' => '1.2.840.10045.1.2.3.1', // NULL + 'tpBasis' => '1.2.840.10045.1.2.3.2', // Trinomial + 'ppBasis' => '1.2.840.10045.1.2.3.3' // Pentanomial + ] + self::$curveOIDs); + } + } + + /** + * Explicitly set the curve + * + * If the key contains an implicit curve phpseclib needs the curve + * to be explicitly provided + * + * @param BaseCurve $curve + */ + public static function setImplicitCurve(BaseCurve $curve) + { + self::$implicitCurve = $curve; + } + + /** + * Returns an instance of \phpseclib3\Crypt\EC\BaseCurves\Base based + * on the curve parameters + * + * @param array $params + * @return BaseCurve|false + */ + protected static function loadCurveByParam(array $params) + { + if (count($params) > 1) { + throw new \RuntimeException('No parameters are present'); + } + if (isset($params['namedCurve'])) { + $curve = '\phpseclib3\Crypt\EC\Curves\\' . $params['namedCurve']; + if (!class_exists($curve)) { + throw new UnsupportedCurveException('Named Curve of ' . $params['namedCurve'] . ' is not supported'); + } + return new $curve(); + } + if (isset($params['implicitCurve'])) { + if (!isset(self::$implicitCurve)) { + throw new \RuntimeException('Implicit curves can be provided by calling setImplicitCurve'); + } + return self::$implicitCurve; + } + if (isset($params['specifiedCurve'])) { + $data = $params['specifiedCurve']; + switch ($data['fieldID']['fieldType']) { + case 'prime-field': + $curve = new PrimeCurve(); + $curve->setModulo($data['fieldID']['parameters']); + $curve->setCoefficients( + new BigInteger($data['curve']['a'], 256), + new BigInteger($data['curve']['b'], 256) + ); + $point = self::extractPoint("\0" . $data['base'], $curve); + $curve->setBasePoint(...$point); + $curve->setOrder($data['order']); + return $curve; + case 'characteristic-two-field': + $curve = new BinaryCurve(); + $params = ASN1::decodeBER($data['fieldID']['parameters']); + $params = ASN1::asn1map($params[0], Maps\Characteristic_two::MAP); + $modulo = [(int) $params['m']->toString()]; + switch ($params['basis']) { + case 'tpBasis': + $modulo[] = (int) $params['parameters']->toString(); + break; + case 'ppBasis': + $temp = ASN1::decodeBER($params['parameters']); + $temp = ASN1::asn1map($temp[0], Maps\Pentanomial::MAP); + $modulo[] = (int) $temp['k3']->toString(); + $modulo[] = (int) $temp['k2']->toString(); + $modulo[] = (int) $temp['k1']->toString(); + } + $modulo[] = 0; + $curve->setModulo(...$modulo); + $len = ceil($modulo[0] / 8); + $curve->setCoefficients( + Strings::bin2hex($data['curve']['a']), + Strings::bin2hex($data['curve']['b']) + ); + $point = self::extractPoint("\0" . $data['base'], $curve); + $curve->setBasePoint(...$point); + $curve->setOrder($data['order']); + return $curve; + default: + throw new UnsupportedCurveException('Field Type of ' . $data['fieldID']['fieldType'] . ' is not supported'); + } + } + throw new \RuntimeException('No valid parameters are present'); + } + + /** + * Extract points from a string + * + * Supports both compressed and uncompressed points + * + * @param string $str + * @param BaseCurve $curve + * @return object[] + */ + public static function extractPoint($str, BaseCurve $curve) + { + if ($curve instanceof TwistedEdwardsCurve) { + // first step of point deciding as discussed at the following URL's: + // https://tools.ietf.org/html/rfc8032#section-5.1.3 + // https://tools.ietf.org/html/rfc8032#section-5.2.3 + $y = $str; + $y = strrev($y); + $sign = (bool) (ord($y[0]) & 0x80); + $y[0] = $y[0] & chr(0x7F); + $y = new BigInteger($y, 256); + if ($y->compare($curve->getModulo()) >= 0) { + throw new \RuntimeException('The Y coordinate should not be >= the modulo'); + } + $point = $curve->recoverX($y, $sign); + if (!$curve->verifyPoint($point)) { + throw new \RuntimeException('Unable to verify that point exists on curve'); + } + return $point; + } + + // the first byte of a bit string represents the number of bits in the last byte that are to be ignored but, + // currently, bit strings wanting a non-zero amount of bits trimmed are not supported + if (($val = Strings::shift($str)) != "\0") { + throw new \UnexpectedValueException('extractPoint expects the first byte to be null - not ' . Strings::bin2hex($val)); + } + if ($str == "\0") { + return []; + } + + $keylen = strlen($str); + $order = $curve->getLengthInBytes(); + // point compression is being used + if ($keylen == $order + 1) { + return $curve->derivePoint($str); + } + + // point compression is not being used + if ($keylen == 2 * $order + 1) { + preg_match("#(.)(.{{$order}})(.{{$order}})#s", $str, $matches); + list(, $w, $x, $y) = $matches; + if ($w != "\4") { + throw new \UnexpectedValueException('The first byte of an uncompressed point should be 04 - not ' . Strings::bin2hex($val)); + } + $point = [ + $curve->convertInteger(new BigInteger($x, 256)), + $curve->convertInteger(new BigInteger($y, 256)) + ]; + + if (!$curve->verifyPoint($point)) { + throw new \RuntimeException('Unable to verify that point exists on curve'); + } + + return $point; + } + + throw new \UnexpectedValueException('The string representation of the points is not of an appropriate length'); + } + + /** + * Encode Parameters + * + * @todo Maybe at some point this could be moved to __toString() for each of the curves? + * @param BaseCurve $curve + * @param bool $returnArray optional + * @param array $options optional + * @return string|false + */ + private static function encodeParameters(BaseCurve $curve, $returnArray = false, array $options = []) + { + $useNamedCurves = isset($options['namedCurve']) ? $options['namedCurve'] : self::$useNamedCurves; + + $reflect = new \ReflectionClass($curve); + $name = $reflect->getShortName(); + if ($useNamedCurves) { + if (isset(self::$curveOIDs[$name])) { + if ($reflect->isFinal()) { + $reflect = $reflect->getParentClass(); + $name = $reflect->getShortName(); + } + return $returnArray ? + ['namedCurve' => $name] : + ASN1::encodeDER(['namedCurve' => $name], Maps\ECParameters::MAP); + } + foreach (new \DirectoryIterator(__DIR__ . '/../../Curves/') as $file) { + if ($file->getExtension() != 'php') { + continue; + } + $testName = $file->getBasename('.php'); + $class = 'phpseclib3\Crypt\EC\Curves\\' . $testName; + $reflect = new \ReflectionClass($class); + if ($reflect->isFinal()) { + continue; + } + $candidate = new $class(); + switch ($name) { + case 'Prime': + if (!$candidate instanceof PrimeCurve) { + break; + } + if (!$candidate->getModulo()->equals($curve->getModulo())) { + break; + } + if ($candidate->getA()->toBytes() != $curve->getA()->toBytes()) { + break; + } + if ($candidate->getB()->toBytes() != $curve->getB()->toBytes()) { + break; + } + + list($candidateX, $candidateY) = $candidate->getBasePoint(); + list($curveX, $curveY) = $curve->getBasePoint(); + if ($candidateX->toBytes() != $curveX->toBytes()) { + break; + } + if ($candidateY->toBytes() != $curveY->toBytes()) { + break; + } + + return $returnArray ? + ['namedCurve' => $testName] : + ASN1::encodeDER(['namedCurve' => $testName], Maps\ECParameters::MAP); + case 'Binary': + if (!$candidate instanceof BinaryCurve) { + break; + } + if ($candidate->getModulo() != $curve->getModulo()) { + break; + } + if ($candidate->getA()->toBytes() != $curve->getA()->toBytes()) { + break; + } + if ($candidate->getB()->toBytes() != $curve->getB()->toBytes()) { + break; + } + + list($candidateX, $candidateY) = $candidate->getBasePoint(); + list($curveX, $curveY) = $curve->getBasePoint(); + if ($candidateX->toBytes() != $curveX->toBytes()) { + break; + } + if ($candidateY->toBytes() != $curveY->toBytes()) { + break; + } + + return $returnArray ? + ['namedCurve' => $testName] : + ASN1::encodeDER(['namedCurve' => $testName], Maps\ECParameters::MAP); + } + } + } + + $order = $curve->getOrder(); + // we could try to calculate the order thusly: + // https://crypto.stackexchange.com/a/27914/4520 + // https://en.wikipedia.org/wiki/Schoof%E2%80%93Elkies%E2%80%93Atkin_algorithm + if (!$order) { + throw new \RuntimeException('Specified Curves need the order to be specified'); + } + $point = $curve->getBasePoint(); + $x = $point[0]->toBytes(); + $y = $point[1]->toBytes(); + + if ($curve instanceof PrimeCurve) { + /* + * valid versions are: + * + * ecdpVer1: + * - neither the curve or the base point are generated verifiably randomly. + * ecdpVer2: + * - curve and base point are generated verifiably at random and curve.seed is present + * ecdpVer3: + * - base point is generated verifiably at random but curve is not. curve.seed is present + */ + // other (optional) parameters can be calculated using the methods discused at + // https://crypto.stackexchange.com/q/28947/4520 + $data = [ + 'version' => 'ecdpVer1', + 'fieldID' => [ + 'fieldType' => 'prime-field', + 'parameters' => $curve->getModulo() + ], + 'curve' => [ + 'a' => $curve->getA()->toBytes(), + 'b' => $curve->getB()->toBytes() + ], + 'base' => "\4" . $x . $y, + 'order' => $order + ]; + + return $returnArray ? + ['specifiedCurve' => $data] : + ASN1::encodeDER(['specifiedCurve' => $data], Maps\ECParameters::MAP); + } + if ($curve instanceof BinaryCurve) { + $modulo = $curve->getModulo(); + $basis = count($modulo); + $m = array_shift($modulo); + array_pop($modulo); // the last parameter should always be 0 + //rsort($modulo); + switch ($basis) { + case 3: + $basis = 'tpBasis'; + $modulo = new BigInteger($modulo[0]); + break; + case 5: + $basis = 'ppBasis'; + // these should be in strictly ascending order (hence the commented out rsort above) + $modulo = [ + 'k1' => new BigInteger($modulo[2]), + 'k2' => new BigInteger($modulo[1]), + 'k3' => new BigInteger($modulo[0]) + ]; + $modulo = ASN1::encodeDER($modulo, Maps\Pentanomial::MAP); + $modulo = new ASN1\Element($modulo); + } + $params = ASN1::encodeDER([ + 'm' => new BigInteger($m), + 'basis' => $basis, + 'parameters' => $modulo + ], Maps\Characteristic_two::MAP); + $params = new ASN1\Element($params); + $a = ltrim($curve->getA()->toBytes(), "\0"); + if (!strlen($a)) { + $a = "\0"; + } + $b = ltrim($curve->getB()->toBytes(), "\0"); + if (!strlen($b)) { + $b = "\0"; + } + $data = [ + 'version' => 'ecdpVer1', + 'fieldID' => [ + 'fieldType' => 'characteristic-two-field', + 'parameters' => $params + ], + 'curve' => [ + 'a' => $a, + 'b' => $b + ], + 'base' => "\4" . $x . $y, + 'order' => $order + ]; + + return $returnArray ? + ['specifiedCurve' => $data] : + ASN1::encodeDER(['specifiedCurve' => $data], Maps\ECParameters::MAP); + } + + throw new UnsupportedCurveException('Curve cannot be serialized'); + } + + /** + * Use Specified Curve + * + * A specified curve has all the coefficients, the base points, etc, explicitely included. + * A specified curve is a more verbose way of representing a curve + */ + public static function useSpecifiedCurve() + { + self::$useNamedCurves = false; + } + + /** + * Use Named Curve + * + * A named curve does not include any parameters. It is up to the EC parameters to + * know what the coefficients, the base points, etc, are from the name of the curve. + * A named curve is a more concise way of representing a curve + */ + public static function useNamedCurve() + { + self::$useNamedCurves = true; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/JWK.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/JWK.php new file mode 100644 index 0000000..5bc5184 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/JWK.php @@ -0,0 +1,189 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\JWK as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Curves\secp256k1; +use phpseclib3\Crypt\EC\Curves\secp256r1; +use phpseclib3\Crypt\EC\Curves\secp384r1; +use phpseclib3\Crypt\EC\Curves\secp521r1; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; + +/** + * JWK Formatted EC Handler + * + * @author Jim Wigginton + */ +abstract class JWK extends Progenitor +{ + use Common; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $key = parent::load($key, $password); + + switch ($key->kty) { + case 'EC': + switch ($key->crv) { + case 'P-256': + case 'P-384': + case 'P-521': + case 'secp256k1': + break; + default: + throw new UnsupportedCurveException('Only P-256, P-384, P-521 and secp256k1 curves are accepted (' . $key->crv . ' provided)'); + } + break; + case 'OKP': + switch ($key->crv) { + case 'Ed25519': + case 'Ed448': + break; + default: + throw new UnsupportedCurveException('Only Ed25519 and Ed448 curves are accepted (' . $key->crv . ' provided)'); + } + break; + default: + throw new \Exception('Only EC and OKP JWK keys are supported'); + } + + $curve = '\phpseclib3\Crypt\EC\Curves\\' . str_replace('P-', 'nistp', $key->crv); + $curve = new $curve(); + + if ($curve instanceof TwistedEdwardsCurve) { + $QA = self::extractPoint(Strings::base64url_decode($key->x), $curve); + if (!isset($key->d)) { + return compact('curve', 'QA'); + } + $arr = $curve->extractSecret(Strings::base64url_decode($key->d)); + return compact('curve', 'QA') + $arr; + } + + $QA = [ + $curve->convertInteger(new BigInteger(Strings::base64url_decode($key->x), 256)), + $curve->convertInteger(new BigInteger(Strings::base64url_decode($key->y), 256)) + ]; + + if (!$curve->verifyPoint($QA)) { + throw new \RuntimeException('Unable to verify that point exists on curve'); + } + + if (!isset($key->d)) { + return compact('curve', 'QA'); + } + + $dA = new BigInteger(Strings::base64url_decode($key->d), 256); + + $curve->rangeCheck($dA); + + return compact('curve', 'dA', 'QA'); + } + + /** + * Returns the alias that corresponds to a curve + * + * @return string + */ + private static function getAlias(BaseCurve $curve) + { + switch (true) { + case $curve instanceof secp256r1: + return 'P-256'; + case $curve instanceof secp384r1: + return 'P-384'; + case $curve instanceof secp521r1: + return 'P-521'; + case $curve instanceof secp256k1: + return 'secp256k1'; + } + + $reflect = new \ReflectionClass($curve); + $curveName = $reflect->isFinal() ? + $reflect->getParentClass()->getShortName() : + $reflect->getShortName(); + throw new UnsupportedCurveException("$curveName is not a supported curve"); + } + + /** + * Return the array superstructure for an EC public key + * + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @return array + */ + private static function savePublicKeyHelper(BaseCurve $curve, array $publicKey) + { + if ($curve instanceof TwistedEdwardsCurve) { + return [ + 'kty' => 'OKP', + 'crv' => $curve instanceof Ed25519 ? 'Ed25519' : 'Ed448', + 'x' => Strings::base64url_encode($curve->encodePoint($publicKey)) + ]; + } + + return [ + 'kty' => 'EC', + 'crv' => self::getAlias($curve), + 'x' => Strings::base64url_encode($publicKey[0]->toBytes()), + 'y' => Strings::base64url_encode($publicKey[1]->toBytes()) + ]; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param array $options optional + * @return string + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []) + { + $key = self::savePublicKeyHelper($curve, $publicKey); + + return self::wrapKey($key, $options); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $privateKey + * @param Ed25519 $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param string $secret optional + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, $secret = null, $password = '', array $options = []) + { + $key = self::savePublicKeyHelper($curve, $publicKey); + $key['d'] = $curve instanceof TwistedEdwardsCurve ? $secret : $privateKey->toBytes(); + $key['d'] = Strings::base64url_encode($key['d']); + + return self::wrapKey($key, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php new file mode 100644 index 0000000..aa64f79 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php @@ -0,0 +1,101 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Curve448; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Montgomery Curve Private Key Handler + * + * @author Jim Wigginton + */ +abstract class MontgomeryPrivate +{ + /** + * Is invisible flag + * + */ + const IS_INVISIBLE = true; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + switch (strlen($key)) { + case 32: + $curve = new Curve25519(); + break; + case 56: + $curve = new Curve448(); + break; + default: + throw new \LengthException('The only supported lengths are 32 and 56'); + } + + $components = ['curve' => $curve]; + $components['dA'] = new BigInteger($key, 256); + $curve->rangeCheck($components['dA']); + // note that EC::getEncodedCoordinates does some additional "magic" (it does strrev on the result) + $components['QA'] = $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param MontgomeryCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @return string + */ + public static function savePublicKey(MontgomeryCurve $curve, array $publicKey) + { + return strrev($publicKey[0]->toBytes()); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $privateKey + * @param MontgomeryCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param string $secret optional + * @param string $password optional + * @return string + */ + public static function savePrivateKey(BigInteger $privateKey, MontgomeryCurve $curve, array $publicKey, $secret = null, $password = '') + { + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('MontgomeryPrivate private keys do not support encryption'); + } + + return $privateKey->toBytes(); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPublic.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPublic.php new file mode 100644 index 0000000..257c26e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPublic.php @@ -0,0 +1,71 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Curve448; +use phpseclib3\Math\BigInteger; + +/** + * Montgomery Public Key Handler + * + * @author Jim Wigginton + */ +abstract class MontgomeryPublic +{ + /** + * Is invisible flag + * + */ + const IS_INVISIBLE = true; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + switch (strlen($key)) { + case 32: + $curve = new Curve25519(); + break; + case 56: + $curve = new Curve448(); + break; + default: + throw new \LengthException('The only supported lengths are 32 and 56'); + } + + $components = ['curve' => $curve]; + $components['QA'] = [$components['curve']->convertInteger(new BigInteger(strrev($key), 256))]; + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param MontgomeryCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @return string + */ + public static function savePublicKey(MontgomeryCurve $curve, array $publicKey) + { + return strrev($publicKey[0]->toBytes()); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..0ef1160 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/OpenSSH.php @@ -0,0 +1,209 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\OpenSSH as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; + +/** + * OpenSSH Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH extends Progenitor +{ + use Common; + + /** + * Supported Key Types + * + * @var array + */ + protected static $types = [ + 'ecdsa-sha2-nistp256', + 'ecdsa-sha2-nistp384', + 'ecdsa-sha2-nistp521', + 'ssh-ed25519' + ]; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $parsed = parent::load($key, $password); + + if (isset($parsed['paddedKey'])) { + $paddedKey = $parsed['paddedKey']; + list($type) = Strings::unpackSSH2('s', $paddedKey); + if ($type != $parsed['type']) { + throw new \RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])"); + } + if ($type == 'ssh-ed25519') { + list(, $key, $comment) = Strings::unpackSSH2('sss', $paddedKey); + $key = libsodium::load($key); + $key['comment'] = $comment; + return $key; + } + list($curveName, $publicKey, $privateKey, $comment) = Strings::unpackSSH2('ssis', $paddedKey); + $curve = self::loadCurveByParam(['namedCurve' => $curveName]); + $curve->rangeCheck($privateKey); + return [ + 'curve' => $curve, + 'dA' => $privateKey, + 'QA' => self::extractPoint("\0$publicKey", $curve), + 'comment' => $comment + ]; + } + + if ($parsed['type'] == 'ssh-ed25519') { + if (Strings::shift($parsed['publicKey'], 4) != "\0\0\0\x20") { + throw new \RuntimeException('Length of ssh-ed25519 key should be 32'); + } + + $curve = new Ed25519(); + $qa = self::extractPoint($parsed['publicKey'], $curve); + } else { + list($curveName, $publicKey) = Strings::unpackSSH2('ss', $parsed['publicKey']); + $curveName = '\phpseclib3\Crypt\EC\Curves\\' . $curveName; + $curve = new $curveName(); + + $qa = self::extractPoint("\0" . $publicKey, $curve); + } + + return [ + 'curve' => $curve, + 'QA' => $qa, + 'comment' => $parsed['comment'] + ]; + } + + /** + * Returns the alias that corresponds to a curve + * + * @return string + */ + private static function getAlias(BaseCurve $curve) + { + self::initialize_static_variables(); + + $reflect = new \ReflectionClass($curve); + $name = $reflect->getShortName(); + + $oid = self::$curveOIDs[$name]; + $aliases = array_filter(self::$curveOIDs, function ($v) use ($oid) { + return $v == $oid; + }); + $aliases = array_keys($aliases); + + for ($i = 0; $i < count($aliases); $i++) { + if (in_array('ecdsa-sha2-' . $aliases[$i], self::$types)) { + $alias = $aliases[$i]; + break; + } + } + + if (!isset($alias)) { + throw new UnsupportedCurveException($name . ' is not a curve that the OpenSSH plugin supports'); + } + + return $alias; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param array $options optional + * @return string + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []) + { + $comment = isset($options['comment']) ? $options['comment'] : self::$comment; + + if ($curve instanceof Ed25519) { + $key = Strings::packSSH2('ss', 'ssh-ed25519', $curve->encodePoint($publicKey)); + + if (isset($options['binary']) ? $options['binary'] : self::$binary) { + return $key; + } + + $key = 'ssh-ed25519 ' . base64_encode($key) . ' ' . $comment; + return $key; + } + + $alias = self::getAlias($curve); + + $points = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + $key = Strings::packSSH2('sss', 'ecdsa-sha2-' . $alias, $alias, $points); + + if (isset($options['binary']) ? $options['binary'] : self::$binary) { + return $key; + } + + $key = 'ecdsa-sha2-' . $alias . ' ' . base64_encode($key) . ' ' . $comment; + + return $key; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $privateKey + * @param Ed25519 $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param string $secret optional + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, $secret = null, $password = '', array $options = []) + { + if ($curve instanceof Ed25519) { + if (!isset($secret)) { + throw new \RuntimeException('Private Key does not have a secret set'); + } + if (strlen($secret) != 32) { + throw new \RuntimeException('Private Key secret is not of the correct length'); + } + + $pubKey = $curve->encodePoint($publicKey); + + $publicKey = Strings::packSSH2('ss', 'ssh-ed25519', $pubKey); + $privateKey = Strings::packSSH2('sss', 'ssh-ed25519', $pubKey, $secret . $pubKey); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } + + $alias = self::getAlias($curve); + + $points = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + $publicKey = self::savePublicKey($curve, $publicKey, ['binary' => true]); + + $privateKey = Strings::packSSH2('sssi', 'ecdsa-sha2-' . $alias, $alias, $points, $privateKey); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PKCS1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..756ffb9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PKCS1.php @@ -0,0 +1,194 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * "PKCS1" (RFC5915) Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + use Common; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + self::initialize_static_variables(); + + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (strpos($key, 'BEGIN EC PARAMETERS') && strpos($key, 'BEGIN EC PRIVATE KEY')) { + $components = []; + + preg_match('#-*BEGIN EC PRIVATE KEY-*[^-]*-*END EC PRIVATE KEY-*#s', $key, $matches); + $decoded = parent::load($matches[0], $password); + $decoded = ASN1::decodeBER($decoded); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + + $ecPrivate = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP); + if (!is_array($ecPrivate)) { + throw new \RuntimeException('Unable to perform ASN1 mapping'); + } + + if (isset($ecPrivate['parameters'])) { + $components['curve'] = self::loadCurveByParam($ecPrivate['parameters']); + } + + preg_match('#-*BEGIN EC PARAMETERS-*[^-]*-*END EC PARAMETERS-*#s', $key, $matches); + $decoded = parent::load($matches[0], ''); + $decoded = ASN1::decodeBER($decoded); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + $ecParams = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP); + if (!is_array($ecParams)) { + throw new \RuntimeException('Unable to perform ASN1 mapping'); + } + $ecParams = self::loadCurveByParam($ecParams); + + // comparing $ecParams and $components['curve'] directly won't work because they'll have different Math\Common\FiniteField classes + // even if the modulo is the same + if (isset($components['curve']) && self::encodeParameters($ecParams, false, []) != self::encodeParameters($components['curve'], false, [])) { + throw new \RuntimeException('EC PARAMETERS does not correspond to EC PRIVATE KEY'); + } + + if (!isset($components['curve'])) { + $components['curve'] = $ecParams; + } + + $components['dA'] = new BigInteger($ecPrivate['privateKey'], 256); + $components['curve']->rangeCheck($components['dA']); + $components['QA'] = isset($ecPrivate['publicKey']) ? + self::extractPoint($ecPrivate['publicKey'], $components['curve']) : + $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + + $key = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP); + if (is_array($key)) { + return ['curve' => self::loadCurveByParam($key)]; + } + + $key = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP); + if (!is_array($key)) { + throw new \RuntimeException('Unable to perform ASN1 mapping'); + } + if (!isset($key['parameters'])) { + throw new \RuntimeException('Key cannot be loaded without parameters'); + } + + $components = []; + $components['curve'] = self::loadCurveByParam($key['parameters']); + $components['dA'] = new BigInteger($key['privateKey'], 256); + $components['QA'] = isset($ecPrivate['publicKey']) ? + self::extractPoint($ecPrivate['publicKey'], $components['curve']) : + $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Convert EC parameters to the appropriate format + * + * @return string + */ + public static function saveParameters(BaseCurve $curve, array $options = []) + { + self::initialize_static_variables(); + + if ($curve instanceof TwistedEdwardsCurve || $curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('TwistedEdwards and Montgomery Curves are not supported'); + } + + $key = self::encodeParameters($curve, false, $options); + + return "-----BEGIN EC PARAMETERS-----\r\n" . + chunk_split(Strings::base64_encode($key), 64) . + "-----END EC PARAMETERS-----\r\n"; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $privateKey + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param string $secret optional + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, $secret = null, $password = '', array $options = []) + { + self::initialize_static_variables(); + + if ($curve instanceof TwistedEdwardsCurve || $curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('TwistedEdwards Curves are not supported'); + } + + $publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + $key = [ + 'version' => 'ecPrivkeyVer1', + 'privateKey' => $privateKey->toBytes(), + 'parameters' => new ASN1\Element(self::encodeParameters($curve)), + 'publicKey' => "\0" . $publicKey + ]; + + $key = ASN1::encodeDER($key, Maps\ECPrivateKey::MAP); + + return self::wrapPrivateKey($key, 'EC', $password, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..66ec030 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php @@ -0,0 +1,236 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Curves\Ed448; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + use Common; + + /** + * OID Name + * + * @var array + */ + const OID_NAME = ['id-ecPublicKey', 'id-Ed25519', 'id-Ed448']; + + /** + * OID Value + * + * @var string + */ + const OID_VALUE = ['1.2.840.10045.2.1', '1.3.101.112', '1.3.101.113']; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + // initialize_static_variables() is defined in both the trait and the parent class + // when it's defined in two places it's the traits one that's called + // the parent one is needed, as well, but the parent one is called by other methods + // in the parent class as needed and in the context of the parent it's the parent + // one that's called + self::initialize_static_variables(); + + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'privateKey' : 'publicKey'; + + switch ($key[$type . 'Algorithm']['algorithm']) { + case 'id-Ed25519': + case 'id-Ed448': + return self::loadEdDSA($key); + } + + $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + $params = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP); + if (!$params) { + throw new \RuntimeException('Unable to decode the parameters using Maps\ECParameters'); + } + + $components = []; + $components['curve'] = self::loadCurveByParam($params); + + if ($type == 'publicKey') { + $components['QA'] = self::extractPoint("\0" . $key['publicKey'], $components['curve']); + + return $components; + } + + $decoded = ASN1::decodeBER($key['privateKey']); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + $key = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP); + if (isset($key['parameters']) && $params != $key['parameters']) { + throw new \RuntimeException('The PKCS8 parameter field does not match the private key parameter field'); + } + + $components['dA'] = new BigInteger($key['privateKey'], 256); + $components['curve']->rangeCheck($components['dA']); + $components['QA'] = isset($key['publicKey']) ? + self::extractPoint($key['publicKey'], $components['curve']) : + $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Break a public or private EdDSA key down into its constituent components + * + * @return array + */ + private static function loadEdDSA(array $key) + { + $components = []; + + if (isset($key['privateKey'])) { + $components['curve'] = $key['privateKeyAlgorithm']['algorithm'] == 'id-Ed25519' ? new Ed25519() : new Ed448(); + $expected = chr(ASN1::TYPE_OCTET_STRING) . ASN1::encodeLength($components['curve']::SIZE); + if (substr($key['privateKey'], 0, 2) != $expected) { + throw new \RuntimeException( + 'The first two bytes of the ' . + $key['privateKeyAlgorithm']['algorithm'] . + ' private key field should be 0x' . bin2hex($expected) + ); + } + $arr = $components['curve']->extractSecret(substr($key['privateKey'], 2)); + $components['dA'] = $arr['dA']; + $components['secret'] = $arr['secret']; + } + + if (isset($key['publicKey'])) { + if (!isset($components['curve'])) { + $components['curve'] = $key['publicKeyAlgorithm']['algorithm'] == 'id-Ed25519' ? new Ed25519() : new Ed448(); + } + + $components['QA'] = self::extractPoint($key['publicKey'], $components['curve']); + } + + if (isset($key['privateKey']) && !isset($components['QA'])) { + $components['QA'] = $components['curve']->multiplyPoint($components['curve']->getBasePoint(), $components['dA']); + } + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param array $options optional + * @return string + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []) + { + self::initialize_static_variables(); + + if ($curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('Montgomery Curves are not supported'); + } + + if ($curve instanceof TwistedEdwardsCurve) { + return self::wrapPublicKey( + $curve->encodePoint($publicKey), + null, + $curve instanceof Ed25519 ? 'id-Ed25519' : 'id-Ed448' + ); + } + + $params = new ASN1\Element(self::encodeParameters($curve, false, $options)); + + $key = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + return self::wrapPublicKey($key, $params, 'id-ecPublicKey'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $privateKey + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param string $secret optional + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, $secret = null, $password = '', array $options = []) + { + self::initialize_static_variables(); + + if ($curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('Montgomery Curves are not supported'); + } + + if ($curve instanceof TwistedEdwardsCurve) { + return self::wrapPrivateKey( + chr(ASN1::TYPE_OCTET_STRING) . ASN1::encodeLength($curve::SIZE) . $secret, + [], + null, + $password, + $curve instanceof Ed25519 ? 'id-Ed25519' : 'id-Ed448' + ); + } + + $publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + $params = new ASN1\Element(self::encodeParameters($curve, false, $options)); + + $key = [ + 'version' => 'ecPrivkeyVer1', + 'privateKey' => $privateKey->toBytes(), + //'parameters' => $params, + 'publicKey' => "\0" . $publicKey + ]; + + $key = ASN1::encodeDER($key, Maps\ECPrivateKey::MAP); + + return self::wrapPrivateKey($key, [], $params, $password, 'id-ecPublicKey', '', $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..7e1e917 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php @@ -0,0 +1,138 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PuTTY as Progenitor; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Math\BigInteger; + +/** + * PuTTY Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY extends Progenitor +{ + use Common; + + /** + * Public Handler + * + * @var string + */ + const PUBLIC_HANDLER = 'phpseclib3\Crypt\EC\Formats\Keys\OpenSSH'; + + /** + * Supported Key Types + * + * @var array + */ + protected static $types = [ + 'ecdsa-sha2-nistp256', + 'ecdsa-sha2-nistp384', + 'ecdsa-sha2-nistp521', + 'ssh-ed25519' + ]; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $components = parent::load($key, $password); + if (!isset($components['private'])) { + return $components; + } + + $private = $components['private']; + + $temp = Strings::base64_encode(Strings::packSSH2('s', $components['type']) . $components['public']); + $components = OpenSSH::load($components['type'] . ' ' . $temp . ' ' . $components['comment']); + + if ($components['curve'] instanceof TwistedEdwardsCurve) { + if (Strings::shift($private, 4) != "\0\0\0\x20") { + throw new \RuntimeException('Length of ssh-ed25519 key should be 32'); + } + $arr = $components['curve']->extractSecret($private); + $components['dA'] = $arr['dA']; + $components['secret'] = $arr['secret']; + } else { + list($components['dA']) = Strings::unpackSSH2('i', $private); + $components['curve']->rangeCheck($components['dA']); + } + + return $components; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $privateKey + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param string $secret optional + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, $secret = null, $password = false, array $options = []) + { + self::initialize_static_variables(); + + $public = explode(' ', OpenSSH::savePublicKey($curve, $publicKey)); + $name = $public[0]; + $public = Strings::base64_decode($public[1]); + list(, $length) = unpack('N', Strings::shift($public, 4)); + Strings::shift($public, $length); + + // PuTTY pads private keys with a null byte per the following: + // https://github.com/github/putty/blob/a3d14d77f566a41fc61dfdc5c2e0e384c9e6ae8b/sshecc.c#L1926 + if (!$curve instanceof TwistedEdwardsCurve) { + $private = $privateKey->toBytes(); + if (!(strlen($privateKey->toBits()) & 7)) { + $private = "\0$private"; + } + } + + $private = $curve instanceof TwistedEdwardsCurve ? + Strings::packSSH2('s', $secret) : + Strings::packSSH2('s', $private); + + return self::wrapPrivateKey($public, $private, $name, $password, $options); + } + + /** + * Convert an EC public key to the appropriate format + * + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField[] $publicKey + * @return string + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey) + { + $public = explode(' ', OpenSSH::savePublicKey($curve, $publicKey)); + $type = $public[0]; + $public = Strings::base64_decode($public[1]); + list(, $length) = unpack('N', Strings::shift($public, 4)); + Strings::shift($public, $length); + + return self::wrapPublicKey($public, $type); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/XML.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/XML.php new file mode 100644 index 0000000..b0cb126 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/XML.php @@ -0,0 +1,485 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\Prime as PrimeCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; + +/** + * XML Formatted EC Key Handler + * + * @author Jim Wigginton + */ +abstract class XML +{ + use Common; + + /** + * Default namespace + * + * @var string + */ + private static $namespace; + + /** + * Flag for using RFC4050 syntax + * + * @var bool + */ + private static $rfc4050 = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + self::initialize_static_variables(); + + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (!class_exists('DOMDocument')) { + throw new BadConfigurationException('The dom extension is not setup correctly on this system'); + } + + $use_errors = libxml_use_internal_errors(true); + + $temp = self::isolateNamespace($key, 'http://www.w3.org/2009/xmldsig11#'); + if ($temp) { + $key = $temp; + } + + $temp = self::isolateNamespace($key, 'http://www.w3.org/2001/04/xmldsig-more#'); + if ($temp) { + $key = $temp; + } + + $dom = new \DOMDocument(); + if (substr($key, 0, 5) != '' . $key . ''; + } + + if (!$dom->loadXML($key)) { + libxml_use_internal_errors($use_errors); + throw new \UnexpectedValueException('Key does not appear to contain XML'); + } + $xpath = new \DOMXPath($dom); + libxml_use_internal_errors($use_errors); + $curve = self::loadCurveByParam($xpath); + + $pubkey = self::query($xpath, 'publickey', 'Public Key is not present'); + + $QA = self::query($xpath, 'ecdsakeyvalue')->length ? + self::extractPointRFC4050($xpath, $curve) : + self::extractPoint("\0" . $pubkey, $curve); + + libxml_use_internal_errors($use_errors); + + return compact('curve', 'QA'); + } + + /** + * Case-insensitive xpath query + * + * @param \DOMXPath $xpath + * @param string $name + * @param string $error optional + * @param bool $decode optional + * @return \DOMNodeList + */ + private static function query(\DOMXPath $xpath, $name, $error = null, $decode = true) + { + $query = '/'; + $names = explode('/', $name); + foreach ($names as $name) { + $query .= "/*[translate(local-name(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='$name']"; + } + $result = $xpath->query($query); + if (!isset($error)) { + return $result; + } + + if (!$result->length) { + throw new \RuntimeException($error); + } + return $decode ? self::decodeValue($result->item(0)->textContent) : $result->item(0)->textContent; + } + + /** + * Finds the first element in the relevant namespace, strips the namespacing and returns the XML for that element. + * + * @param string $xml + * @param string $ns + */ + private static function isolateNamespace($xml, $ns) + { + $dom = new \DOMDocument(); + if (!$dom->loadXML($xml)) { + return false; + } + $xpath = new \DOMXPath($dom); + $nodes = $xpath->query("//*[namespace::*[.='$ns'] and not(../namespace::*[.='$ns'])]"); + if (!$nodes->length) { + return false; + } + $node = $nodes->item(0); + $ns_name = $node->lookupPrefix($ns); + if ($ns_name) { + $node->removeAttributeNS($ns, $ns_name); + } + return $dom->saveXML($node); + } + + /** + * Decodes the value + * + * @param string $value + */ + private static function decodeValue($value) + { + return Strings::base64_decode(str_replace(["\r", "\n", ' ', "\t"], '', $value)); + } + + /** + * Extract points from an XML document + * + * @param \DOMXPath $xpath + * @param BaseCurve $curve + * @return object[] + */ + private static function extractPointRFC4050(\DOMXPath $xpath, BaseCurve $curve) + { + $x = self::query($xpath, 'publickey/x'); + $y = self::query($xpath, 'publickey/y'); + if (!$x->length || !$x->item(0)->hasAttribute('Value')) { + throw new \RuntimeException('Public Key / X coordinate not found'); + } + if (!$y->length || !$y->item(0)->hasAttribute('Value')) { + throw new \RuntimeException('Public Key / Y coordinate not found'); + } + $point = [ + $curve->convertInteger(new BigInteger($x->item(0)->getAttribute('Value'))), + $curve->convertInteger(new BigInteger($y->item(0)->getAttribute('Value'))) + ]; + if (!$curve->verifyPoint($point)) { + throw new \RuntimeException('Unable to verify that point exists on curve'); + } + return $point; + } + + /** + * Returns an instance of \phpseclib3\Crypt\EC\BaseCurves\Base based + * on the curve parameters + * + * @param \DomXPath $xpath + * @return BaseCurve|false + */ + private static function loadCurveByParam(\DOMXPath $xpath) + { + $namedCurve = self::query($xpath, 'namedcurve'); + if ($namedCurve->length == 1) { + $oid = $namedCurve->item(0)->getAttribute('URN'); + $oid = preg_replace('#[^\d.]#', '', $oid); + $name = array_search($oid, self::$curveOIDs); + if ($name === false) { + throw new UnsupportedCurveException('Curve with OID of ' . $oid . ' is not supported'); + } + + $curve = '\phpseclib3\Crypt\EC\Curves\\' . $name; + if (!class_exists($curve)) { + throw new UnsupportedCurveException('Named Curve of ' . $name . ' is not supported'); + } + return new $curve(); + } + + $params = self::query($xpath, 'explicitparams'); + if ($params->length) { + return self::loadCurveByParamRFC4050($xpath); + } + + $params = self::query($xpath, 'ecparameters'); + if (!$params->length) { + throw new \RuntimeException('No parameters are present'); + } + + $fieldTypes = [ + 'prime-field' => ['fieldid/prime/p'], + 'gnb' => ['fieldid/gnb/m'], + 'tnb' => ['fieldid/tnb/k'], + 'pnb' => ['fieldid/pnb/k1', 'fieldid/pnb/k2', 'fieldid/pnb/k3'], + 'unknown' => [] + ]; + + foreach ($fieldTypes as $type => $queries) { + foreach ($queries as $query) { + $result = self::query($xpath, $query); + if (!$result->length) { + continue 2; + } + $param = preg_replace('#.*/#', '', $query); + $$param = self::decodeValue($result->item(0)->textContent); + } + break; + } + + $a = self::query($xpath, 'curve/a', 'A coefficient is not present'); + $b = self::query($xpath, 'curve/b', 'B coefficient is not present'); + $base = self::query($xpath, 'base', 'Base point is not present'); + $order = self::query($xpath, 'order', 'Order is not present'); + + switch ($type) { + case 'prime-field': + $curve = new PrimeCurve(); + $curve->setModulo(new BigInteger($p, 256)); + $curve->setCoefficients( + new BigInteger($a, 256), + new BigInteger($b, 256) + ); + $point = self::extractPoint("\0" . $base, $curve); + $curve->setBasePoint(...$point); + $curve->setOrder(new BigInteger($order, 256)); + return $curve; + case 'gnb': + case 'tnb': + case 'pnb': + default: + throw new UnsupportedCurveException('Field Type of ' . $type . ' is not supported'); + } + } + + /** + * Returns an instance of \phpseclib3\Crypt\EC\BaseCurves\Base based + * on the curve parameters + * + * @param \DomXPath $xpath + * @return BaseCurve|false + */ + private static function loadCurveByParamRFC4050(\DOMXPath $xpath) + { + $fieldTypes = [ + 'prime-field' => ['primefieldparamstype/p'], + 'unknown' => [] + ]; + + foreach ($fieldTypes as $type => $queries) { + foreach ($queries as $query) { + $result = self::query($xpath, $query); + if (!$result->length) { + continue 2; + } + $param = preg_replace('#.*/#', '', $query); + $$param = $result->item(0)->textContent; + } + break; + } + + $a = self::query($xpath, 'curveparamstype/a', 'A coefficient is not present', false); + $b = self::query($xpath, 'curveparamstype/b', 'B coefficient is not present', false); + $x = self::query($xpath, 'basepointparams/basepoint/ecpointtype/x', 'Base Point X is not present', false); + $y = self::query($xpath, 'basepointparams/basepoint/ecpointtype/y', 'Base Point Y is not present', false); + $order = self::query($xpath, 'order', 'Order is not present', false); + + switch ($type) { + case 'prime-field': + $curve = new PrimeCurve(); + + $p = str_replace(["\r", "\n", ' ', "\t"], '', $p); + $curve->setModulo(new BigInteger($p)); + + $a = str_replace(["\r", "\n", ' ', "\t"], '', $a); + $b = str_replace(["\r", "\n", ' ', "\t"], '', $b); + $curve->setCoefficients( + new BigInteger($a), + new BigInteger($b) + ); + + $x = str_replace(["\r", "\n", ' ', "\t"], '', $x); + $y = str_replace(["\r", "\n", ' ', "\t"], '', $y); + $curve->setBasePoint( + new BigInteger($x), + new BigInteger($y) + ); + + $order = str_replace(["\r", "\n", ' ', "\t"], '', $order); + $curve->setOrder(new BigInteger($order)); + return $curve; + default: + throw new UnsupportedCurveException('Field Type of ' . $type . ' is not supported'); + } + } + + /** + * Sets the namespace. dsig11 is the most common one. + * + * Set to null to unset. Used only for creating public keys. + * + * @param string $namespace + */ + public static function setNamespace($namespace) + { + self::$namespace = $namespace; + } + + /** + * Uses the XML syntax specified in https://tools.ietf.org/html/rfc4050 + */ + public static function enableRFC4050Syntax() + { + self::$rfc4050 = true; + } + + /** + * Uses the XML syntax specified in https://www.w3.org/TR/xmldsig-core/#sec-ECParameters + */ + public static function disableRFC4050Syntax() + { + self::$rfc4050 = false; + } + + /** + * Convert a public key to the appropriate format + * + * @param BaseCurve $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param array $options optional + * @return string + */ + public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []) + { + self::initialize_static_variables(); + + if ($curve instanceof TwistedEdwardsCurve || $curve instanceof MontgomeryCurve) { + throw new UnsupportedCurveException('TwistedEdwards and Montgomery Curves are not supported'); + } + + if (empty(static::$namespace)) { + $pre = $post = ''; + } else { + $pre = static::$namespace . ':'; + $post = ':' . static::$namespace; + } + + if (self::$rfc4050) { + return '<' . $pre . 'ECDSAKeyValue xmlns' . $post . '="http://www.w3.org/2001/04/xmldsig-more#">' . "\r\n" . + self::encodeXMLParameters($curve, $pre, $options) . "\r\n" . + '<' . $pre . 'PublicKey>' . "\r\n" . + '<' . $pre . 'X Value="' . $publicKey[0] . '" />' . "\r\n" . + '<' . $pre . 'Y Value="' . $publicKey[1] . '" />' . "\r\n" . + '' . "\r\n" . + ''; + } + + $publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); + + return '<' . $pre . 'ECDSAKeyValue xmlns' . $post . '="http://www.w3.org/2009/xmldsig11#">' . "\r\n" . + self::encodeXMLParameters($curve, $pre, $options) . "\r\n" . + '<' . $pre . 'PublicKey>' . Strings::base64_encode($publicKey) . '' . "\r\n" . + ''; + } + + /** + * Encode Parameters + * + * @param BaseCurve $curve + * @param string $pre + * @param array $options optional + * @return string|false + */ + private static function encodeXMLParameters(BaseCurve $curve, $pre, array $options = []) + { + $result = self::encodeParameters($curve, true, $options); + + if (isset($result['namedCurve'])) { + $namedCurve = '<' . $pre . 'NamedCurve URI="urn:oid:' . self::$curveOIDs[$result['namedCurve']] . '" />'; + return self::$rfc4050 ? + '' . str_replace('URI', 'URN', $namedCurve) . '' : + $namedCurve; + } + + if (self::$rfc4050) { + $xml = '<' . $pre . 'ExplicitParams>' . "\r\n" . + '<' . $pre . 'FieldParams>' . "\r\n"; + $temp = $result['specifiedCurve']; + switch ($temp['fieldID']['fieldType']) { + case 'prime-field': + $xml .= '<' . $pre . 'PrimeFieldParamsType>' . "\r\n" . + '<' . $pre . 'P>' . $temp['fieldID']['parameters'] . '' . "\r\n" . + '' . "\r\n"; + $a = $curve->getA(); + $b = $curve->getB(); + list($x, $y) = $curve->getBasePoint(); + break; + default: + throw new UnsupportedCurveException('Field Type of ' . $temp['fieldID']['fieldType'] . ' is not supported'); + } + $xml .= '' . "\r\n" . + '<' . $pre . 'CurveParamsType>' . "\r\n" . + '<' . $pre . 'A>' . $a . '' . "\r\n" . + '<' . $pre . 'B>' . $b . '' . "\r\n" . + '' . "\r\n" . + '<' . $pre . 'BasePointParams>' . "\r\n" . + '<' . $pre . 'BasePoint>' . "\r\n" . + '<' . $pre . 'ECPointType>' . "\r\n" . + '<' . $pre . 'X>' . $x . '' . "\r\n" . + '<' . $pre . 'Y>' . $y . '' . "\r\n" . + '' . "\r\n" . + '' . "\r\n" . + '<' . $pre . 'Order>' . $curve->getOrder() . '' . "\r\n" . + '' . "\r\n" . + '' . "\r\n"; + + return $xml; + } + + if (isset($result['specifiedCurve'])) { + $xml = '<' . $pre . 'ECParameters>' . "\r\n" . + '<' . $pre . 'FieldID>' . "\r\n"; + $temp = $result['specifiedCurve']; + switch ($temp['fieldID']['fieldType']) { + case 'prime-field': + $xml .= '<' . $pre . 'Prime>' . "\r\n" . + '<' . $pre . 'P>' . Strings::base64_encode($temp['fieldID']['parameters']->toBytes()) . '' . "\r\n" . + '' . "\r\n" ; + break; + default: + throw new UnsupportedCurveException('Field Type of ' . $temp['fieldID']['fieldType'] . ' is not supported'); + } + $xml .= '' . "\r\n" . + '<' . $pre . 'Curve>' . "\r\n" . + '<' . $pre . 'A>' . Strings::base64_encode($temp['curve']['a']) . '' . "\r\n" . + '<' . $pre . 'B>' . Strings::base64_encode($temp['curve']['b']) . '' . "\r\n" . + '' . "\r\n" . + '<' . $pre . 'Base>' . Strings::base64_encode($temp['base']) . '' . "\r\n" . + '<' . $pre . 'Order>' . Strings::base64_encode($temp['order']) . '' . "\r\n" . + ''; + return $xml; + } + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/libsodium.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/libsodium.php new file mode 100644 index 0000000..cce37ba --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/libsodium.php @@ -0,0 +1,116 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Keys; + +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * libsodium Key Handler + * + * @author Jim Wigginton + */ +abstract class libsodium +{ + use Common; + + /** + * Is invisible flag + * + */ + const IS_INVISIBLE = true; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + switch (strlen($key)) { + case 32: + $public = $key; + break; + case 64: + $private = substr($key, 0, 32); + $public = substr($key, -32); + break; + case 96: + $public = substr($key, -32); + if (substr($key, 32, 32) != $public) { + throw new \RuntimeException('Keys with 96 bytes should have the 2nd and 3rd set of 32 bytes match'); + } + $private = substr($key, 0, 32); + break; + default: + throw new \RuntimeException('libsodium keys need to either be 32 bytes long, 64 bytes long or 96 bytes long'); + } + + $curve = new Ed25519(); + $components = ['curve' => $curve]; + if (isset($private)) { + $arr = $curve->extractSecret($private); + $components['dA'] = $arr['dA']; + $components['secret'] = $arr['secret']; + } + $components['QA'] = isset($public) ? + self::extractPoint($public, $curve) : + $curve->multiplyPoint($curve->getBasePoint(), $components['dA']); + + return $components; + } + + /** + * Convert an EC public key to the appropriate format + * + * @param Ed25519 $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @return string + */ + public static function savePublicKey(Ed25519 $curve, array $publicKey) + { + return $curve->encodePoint($publicKey); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $privateKey + * @param Ed25519 $curve + * @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey + * @param string $secret optional + * @param string $password optional + * @return string + */ + public static function savePrivateKey(BigInteger $privateKey, Ed25519 $curve, array $publicKey, $secret = null, $password = '') + { + if (!isset($secret)) { + throw new \RuntimeException('Private Key does not have a secret set'); + } + if (strlen($secret) != 32) { + throw new \RuntimeException('Private Key secret is not of the correct length'); + } + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('libsodium private keys do not support encryption'); + } + return $secret . $curve->encodePoint($publicKey); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/ASN1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/ASN1.php new file mode 100644 index 0000000..385028b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/ASN1.php @@ -0,0 +1,62 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\File\ASN1 as Encoder; +use phpseclib3\File\ASN1\Maps\EcdsaSigValue; +use phpseclib3\Math\BigInteger; + +/** + * ASN1 Signature Handler + * + * @author Jim Wigginton + */ +abstract class ASN1 +{ + /** + * Loads a signature + * + * @param string $sig + * @return array + */ + public static function load($sig) + { + if (!is_string($sig)) { + return false; + } + + $decoded = Encoder::decodeBER($sig); + if (empty($decoded)) { + return false; + } + $components = Encoder::asn1map($decoded[0], EcdsaSigValue::MAP); + + return $components; + } + + /** + * Returns a signature in the appropriate format + * + * @param BigInteger $r + * @param BigInteger $s + * @return string + */ + public static function save(BigInteger $r, BigInteger $s) + { + return Encoder::encodeDER(compact('r', 's'), EcdsaSigValue::MAP); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/IEEE.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/IEEE.php new file mode 100644 index 0000000..c5e622a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/IEEE.php @@ -0,0 +1,68 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\Math\BigInteger; + +/** + * ASN1 Signature Handler + * + * @author Jim Wigginton + */ +abstract class IEEE +{ + /** + * Loads a signature + * + * @param string $sig + * @return array + */ + public static function load($sig) + { + if (!is_string($sig)) { + return false; + } + + $len = strlen($sig); + if ($len & 1) { + return false; + } + + $r = new BigInteger(substr($sig, 0, $len >> 1), 256); + $s = new BigInteger(substr($sig, $len >> 1), 256); + + return compact('r', 's'); + } + + /** + * Returns a signature in the appropriate format + * + * @param BigInteger $r + * @param BigInteger $s + * @param string $curve + * @param int $length + * @return string + */ + public static function save(BigInteger $r, BigInteger $s, $curve, $length) + { + $r = $r->toBytes(); + $s = $s->toBytes(); + $length = (int) ceil($length / 8); + return str_pad($r, $length, "\0", STR_PAD_LEFT) . str_pad($s, $length, "\0", STR_PAD_LEFT); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/Raw.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/Raw.php new file mode 100644 index 0000000..7e4b47f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/Raw.php @@ -0,0 +1,25 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\Crypt\Common\Formats\Signature\Raw as Progenitor; + +/** + * Raw DSA Signature Handler + * + * @author Jim Wigginton + */ +abstract class Raw extends Progenitor +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/SSH2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/SSH2.php new file mode 100644 index 0000000..698c8e4 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Signature/SSH2.php @@ -0,0 +1,94 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC\Formats\Signature; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BigInteger; + +/** + * SSH2 Signature Handler + * + * @author Jim Wigginton + */ +abstract class SSH2 +{ + /** + * Loads a signature + * + * @param string $sig + * @return mixed + */ + public static function load($sig) + { + if (!is_string($sig)) { + return false; + } + + $result = Strings::unpackSSH2('ss', $sig); + if ($result === false) { + return false; + } + list($type, $blob) = $result; + switch ($type) { + // see https://tools.ietf.org/html/rfc5656#section-3.1.2 + case 'ecdsa-sha2-nistp256': + case 'ecdsa-sha2-nistp384': + case 'ecdsa-sha2-nistp521': + break; + default: + return false; + } + + $result = Strings::unpackSSH2('ii', $blob); + if ($result === false) { + return false; + } + + return [ + 'r' => $result[0], + 's' => $result[1] + ]; + } + + /** + * Returns a signature in the appropriate format + * + * @param BigInteger $r + * @param BigInteger $s + * @param string $curve + * @return string + */ + public static function save(BigInteger $r, BigInteger $s, $curve) + { + switch ($curve) { + case 'secp256r1': + $curve = 'nistp256'; + break; + case 'secp384r1': + $curve = 'nistp384'; + break; + case 'secp521r1': + $curve = 'nistp521'; + break; + default: + return false; + } + + $blob = Strings::packSSH2('ii', $r, $s); + + return Strings::packSSH2('ss', 'ecdsa-sha2-' . $curve, $blob); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Parameters.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Parameters.php new file mode 100644 index 0000000..c0ed64a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Parameters.php @@ -0,0 +1,36 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC; + +use phpseclib3\Crypt\EC; + +/** + * EC Parameters + * + * @author Jim Wigginton + */ +final class Parameters extends EC +{ + /** + * Returns the parameters + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type = 'PKCS1', array $options = []) + { + $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters'); + + return $type::saveParameters($this->curve, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PrivateKey.php new file mode 100644 index 0000000..91253b8 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PrivateKey.php @@ -0,0 +1,280 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Curve25519; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Formats\Keys\PKCS1; +use phpseclib3\Crypt\EC\Formats\Signature\ASN1 as ASN1Signature; +use phpseclib3\Crypt\Hash; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\Math\BigInteger; + +/** + * EC Private Key + * + * @author Jim Wigginton + */ +final class PrivateKey extends EC implements Common\PrivateKey +{ + use Common\Traits\PasswordProtected; + + /** + * Private Key dA + * + * sign() converts this to a BigInteger so one might wonder why this is a FiniteFieldInteger instead of + * a BigInteger. That's because a FiniteFieldInteger, when converted to a byte string, is null padded by + * a certain amount whereas a BigInteger isn't. + * + * @var object + */ + protected $dA; + + /** + * @var string + */ + protected $secret; + + /** + * Multiplies an encoded point by the private key + * + * Used by ECDH + * + * @param string $coordinates + * @return string + */ + public function multiply($coordinates) + { + if ($this->curve instanceof MontgomeryCurve) { + if ($this->curve instanceof Curve25519 && self::$engines['libsodium']) { + return sodium_crypto_scalarmult($this->dA->toBytes(), $coordinates); + } + + $point = [$this->curve->convertInteger(new BigInteger(strrev($coordinates), 256))]; + $point = $this->curve->multiplyPoint($point, $this->dA); + return strrev($point[0]->toBytes(true)); + } + if (!$this->curve instanceof TwistedEdwardsCurve) { + $coordinates = "\0$coordinates"; + } + $point = PKCS1::extractPoint($coordinates, $this->curve); + $point = $this->curve->multiplyPoint($point, $this->dA); + if ($this->curve instanceof TwistedEdwardsCurve) { + return $this->curve->encodePoint($point); + } + if (empty($point)) { + throw new \RuntimeException('The infinity point is invalid'); + } + return "\4" . $point[0]->toBytes(true) . $point[1]->toBytes(true); + } + + /** + * Create a signature + * + * @see self::verify() + * @param string $message + * @return mixed + */ + public function sign($message) + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + + $dA = $this->dA; + $order = $this->curve->getOrder(); + + $shortFormat = $this->shortFormat; + $format = $this->sigFormat; + if ($format === false) { + return false; + } + + if ($this->curve instanceof TwistedEdwardsCurve) { + if ($this->curve instanceof Ed25519 && self::$engines['libsodium'] && !isset($this->context)) { + $result = sodium_crypto_sign_detached($message, $this->withPassword()->toString('libsodium')); + return $shortFormat == 'SSH2' ? Strings::packSSH2('ss', 'ssh-' . strtolower($this->getCurve()), $result) : $result; + } + + // contexts (Ed25519ctx) are supported but prehashing (Ed25519ph) is not. + // quoting https://tools.ietf.org/html/rfc8032#section-8.5 , + // "The Ed25519ph and Ed448ph variants ... SHOULD NOT be used" + $A = $this->curve->encodePoint($this->QA); + $curve = $this->curve; + $hash = new Hash($curve::HASH); + + $secret = substr($hash->hash($this->secret), $curve::SIZE); + + if ($curve instanceof Ed25519) { + $dom = !isset($this->context) ? '' : + 'SigEd25519 no Ed25519 collisions' . "\0" . chr(strlen($this->context)) . $this->context; + } else { + $context = isset($this->context) ? $this->context : ''; + $dom = 'SigEd448' . "\0" . chr(strlen($context)) . $context; + } + // SHA-512(dom2(F, C) || prefix || PH(M)) + $r = $hash->hash($dom . $secret . $message); + $r = strrev($r); + $r = new BigInteger($r, 256); + list(, $r) = $r->divide($order); + $R = $curve->multiplyPoint($curve->getBasePoint(), $r); + $R = $curve->encodePoint($R); + $k = $hash->hash($dom . $R . $A . $message); + $k = strrev($k); + $k = new BigInteger($k, 256); + list(, $k) = $k->divide($order); + $S = $k->multiply($dA)->add($r); + list(, $S) = $S->divide($order); + $S = str_pad(strrev($S->toBytes()), $curve::SIZE, "\0"); + return $shortFormat == 'SSH2' ? Strings::packSSH2('ss', 'ssh-' . strtolower($this->getCurve()), $R . $S) : $R . $S; + } + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $signature = ''; + // altho PHP's OpenSSL bindings only supported EC key creation in PHP 7.1 they've long + // supported signing / verification + // we use specified curves to avoid issues with OpenSSL possibly not supporting a given named curve; + // doing this may mean some curve-specific optimizations can't be used but idk if OpenSSL even + // has curve-specific optimizations + $result = openssl_sign($message, $signature, $this->withPassword()->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash()); + + if ($result) { + if ($shortFormat == 'ASN1') { + return $signature; + } + + extract(ASN1Signature::load($signature)); + + return $this->formatSignature($r, $s); + } + } + + $e = $this->hash->hash($message); + $e = new BigInteger($e, 256); + + $Ln = $this->hash->getLength() - $order->getLength(); + $z = $Ln > 0 ? $e->bitwise_rightShift($Ln) : $e; + + while (true) { + $k = BigInteger::randomRange(self::$one, $order->subtract(self::$one)); + list($x, $y) = $this->curve->multiplyPoint($this->curve->getBasePoint(), $k); + $x = $x->toBigInteger(); + list(, $r) = $x->divide($order); + if ($r->equals(self::$zero)) { + continue; + } + $kinv = $k->modInverse($order); + $temp = $z->add($dA->multiply($r)); + $temp = $kinv->multiply($temp); + list(, $s) = $temp->divide($order); + if (!$s->equals(self::$zero)) { + break; + } + } + + // the following is an RFC6979 compliant implementation of deterministic ECDSA + // it's unused because it's mainly intended for use when a good CSPRNG isn't + // available. if phpseclib's CSPRNG isn't good then even key generation is + // suspect + /* + // if this were actually being used it'd probably be better if this lived in load() and createKey() + $this->q = $this->curve->getOrder(); + $dA = $this->dA->toBigInteger(); + $this->x = $dA; + + $h1 = $this->hash->hash($message); + $k = $this->computek($h1); + list($x, $y) = $this->curve->multiplyPoint($this->curve->getBasePoint(), $k); + $x = $x->toBigInteger(); + list(, $r) = $x->divide($this->q); + $kinv = $k->modInverse($this->q); + $h1 = $this->bits2int($h1); + $temp = $h1->add($dA->multiply($r)); + $temp = $kinv->multiply($temp); + list(, $s) = $temp->divide($this->q); + */ + + return $this->formatSignature($r, $s); + } + + /** + * Returns the private key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin('Keys', $type, 'savePrivateKey'); + + return $type::savePrivateKey($this->dA, $this->curve, $this->QA, $this->secret, $this->password, $options); + } + + /** + * Returns the public key + * + * @see self::getPrivateKey() + * @return mixed + */ + public function getPublicKey() + { + $format = 'PKCS8'; + if ($this->curve instanceof MontgomeryCurve) { + $format = 'MontgomeryPublic'; + } + + $type = self::validatePlugin('Keys', $format, 'savePublicKey'); + + $key = $type::savePublicKey($this->curve, $this->QA); + $key = EC::loadFormat($format, $key); + if ($this->curve instanceof MontgomeryCurve) { + return $key; + } + $key = $key + ->withHash($this->hash->getHash()) + ->withSignatureFormat($this->shortFormat); + if ($this->curve instanceof TwistedEdwardsCurve) { + $key = $key->withContext($this->context); + } + return $key; + } + + /** + * Returns a signature in the appropriate format + * + * @return string + */ + private function formatSignature(BigInteger $r, BigInteger $s) + { + $format = $this->sigFormat; + + $temp = new \ReflectionMethod($format, 'save'); + $paramCount = $temp->getNumberOfRequiredParameters(); + + // @codingStandardsIgnoreStart + switch ($paramCount) { + case 2: return $format::save($r, $s); + case 3: return $format::save($r, $s, $this->getCurve()); + case 4: return $format::save($r, $s, $this->getCurve(), $this->getLength()); + } + // @codingStandardsIgnoreEnd + + // presumably the only way you could get to this is if you were using a custom plugin + throw new UnsupportedOperationException("$format::save() has $paramCount parameters - the only valid parameter counts are 2 or 3"); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PublicKey.php new file mode 100644 index 0000000..4558ce3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PublicKey.php @@ -0,0 +1,172 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\EC; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; +use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve; +use phpseclib3\Crypt\EC\Curves\Ed25519; +use phpseclib3\Crypt\EC\Formats\Keys\PKCS1; +use phpseclib3\Crypt\EC\Formats\Signature\ASN1 as ASN1Signature; +use phpseclib3\Crypt\Hash; +use phpseclib3\Exception\UnsupportedOperationException; +use phpseclib3\Math\BigInteger; + +/** + * EC Public Key + * + * @author Jim Wigginton + */ +final class PublicKey extends EC implements Common\PublicKey +{ + use Common\Traits\Fingerprint; + + /** + * Verify a signature + * + * @see self::verify() + * @param string $message + * @param string $signature + * @return mixed + */ + public function verify($message, $signature) + { + if ($this->curve instanceof MontgomeryCurve) { + throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures'); + } + + $shortFormat = $this->shortFormat; + $format = $this->sigFormat; + if ($format === false) { + return false; + } + + $order = $this->curve->getOrder(); + + if ($this->curve instanceof TwistedEdwardsCurve) { + if ($shortFormat == 'SSH2') { + list(, $signature) = Strings::unpackSSH2('ss', $signature); + } + + if ($this->curve instanceof Ed25519 && self::$engines['libsodium'] && !isset($this->context)) { + return sodium_crypto_sign_verify_detached($signature, $message, $this->toString('libsodium')); + } + + $curve = $this->curve; + if (strlen($signature) != 2 * $curve::SIZE) { + return false; + } + + $R = substr($signature, 0, $curve::SIZE); + $S = substr($signature, $curve::SIZE); + + try { + $R = PKCS1::extractPoint($R, $curve); + $R = $this->curve->convertToInternal($R); + } catch (\Exception $e) { + return false; + } + + $S = strrev($S); + $S = new BigInteger($S, 256); + + if ($S->compare($order) >= 0) { + return false; + } + + $A = $curve->encodePoint($this->QA); + + if ($curve instanceof Ed25519) { + $dom2 = !isset($this->context) ? '' : + 'SigEd25519 no Ed25519 collisions' . "\0" . chr(strlen($this->context)) . $this->context; + } else { + $context = isset($this->context) ? $this->context : ''; + $dom2 = 'SigEd448' . "\0" . chr(strlen($context)) . $context; + } + + $hash = new Hash($curve::HASH); + $k = $hash->hash($dom2 . substr($signature, 0, $curve::SIZE) . $A . $message); + $k = strrev($k); + $k = new BigInteger($k, 256); + list(, $k) = $k->divide($order); + + $qa = $curve->convertToInternal($this->QA); + + $lhs = $curve->multiplyPoint($curve->getBasePoint(), $S); + $rhs = $curve->multiplyPoint($qa, $k); + $rhs = $curve->addPoint($rhs, $R); + $rhs = $curve->convertToAffine($rhs); + + return $lhs[0]->equals($rhs[0]) && $lhs[1]->equals($rhs[1]); + } + + $params = $format::load($signature); + if ($params === false || count($params) != 2) { + return false; + } + extract($params); + + if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { + $sig = $format != 'ASN1' ? ASN1Signature::save($r, $s) : $signature; + + $result = openssl_verify($message, $sig, $this->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash()); + + if ($result != -1) { + return (bool) $result; + } + } + + $n_1 = $order->subtract(self::$one); + if (!$r->between(self::$one, $n_1) || !$s->between(self::$one, $n_1)) { + return false; + } + + $e = $this->hash->hash($message); + $e = new BigInteger($e, 256); + + $Ln = $this->hash->getLength() - $order->getLength(); + $z = $Ln > 0 ? $e->bitwise_rightShift($Ln) : $e; + + $w = $s->modInverse($order); + list(, $u1) = $z->multiply($w)->divide($order); + list(, $u2) = $r->multiply($w)->divide($order); + + $u1 = $this->curve->convertInteger($u1); + $u2 = $this->curve->convertInteger($u2); + + list($x1, $y1) = $this->curve->multiplyAddPoints( + [$this->curve->getBasePoint(), $this->QA], + [$u1, $u2] + ); + + $x1 = $x1->toBigInteger(); + list(, $x1) = $x1->divide($order); + + return $x1->equals($r); + } + + /** + * Returns the public key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + return $type::savePublicKey($this->curve, $this->QA, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Hash.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Hash.php new file mode 100644 index 0000000..61aac86 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Hash.php @@ -0,0 +1,1455 @@ + + * setKey('abcdefg'); + * + * echo base64_encode($hash->hash('abcdefg')); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2015 Jim Wigginton + * @author Andreas Fischer + * @copyright 2015 Andreas Fischer + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\PrimeField; + +/** + * @author Jim Wigginton + * @author Andreas Fischer + */ +class Hash +{ + /** + * Padding Types + * + */ + const PADDING_KECCAK = 1; + + /** + * Padding Types + * + */ + const PADDING_SHA3 = 2; + + /** + * Padding Types + * + */ + const PADDING_SHAKE = 3; + + /** + * Padding Type + * + * Only used by SHA3 + * + * @var int + */ + private $paddingType = 0; + + /** + * Hash Parameter + * + * @see self::setHash() + * @var int + */ + private $hashParam; + + /** + * Byte-length of hash output (Internal HMAC) + * + * @see self::setHash() + * @var int + */ + private $length; + + /** + * Hash Algorithm + * + * @see self::setHash() + * @var string + */ + private $algo; + + /** + * Key + * + * @see self::setKey() + * @var string + */ + private $key = false; + + /** + * Nonce + * + * @see self::setNonce() + * @var string + */ + private $nonce = false; + + /** + * Hash Parameters + * + * @var array + */ + private $parameters = []; + + /** + * Computed Key + * + * @see self::_computeKey() + * @var string + */ + private $computedKey = false; + + /** + * Outer XOR (Internal HMAC) + * + * Used only for sha512/* + * + * @see self::hash() + * @var string + */ + private $opad; + + /** + * Inner XOR (Internal HMAC) + * + * Used only for sha512/* + * + * @see self::hash() + * @var string + */ + private $ipad; + + /** + * Recompute AES Key + * + * Used only for umac + * + * @see self::hash() + * @var boolean + */ + private $recomputeAESKey; + + /** + * umac cipher object + * + * @see self::hash() + * @var AES + */ + private $c; + + /** + * umac pad + * + * @see self::hash() + * @var string + */ + private $pad; + + /** + * Block Size + * + * @var int + */ + private $blockSize; + + /**#@+ + * UMAC variables + * + * @var PrimeField + */ + private static $factory36; + private static $factory64; + private static $factory128; + private static $offset64; + private static $offset128; + private static $marker64; + private static $marker128; + private static $maxwordrange64; + private static $maxwordrange128; + /**#@-*/ + + /** + * Default Constructor. + * + * @param string $hash + */ + public function __construct($hash = 'sha256') + { + $this->setHash($hash); + } + + /** + * Sets the key for HMACs + * + * Keys can be of any length. + * + * @param string $key + */ + public function setKey($key = false) + { + $this->key = $key; + $this->computeKey(); + $this->recomputeAESKey = true; + } + + /** + * Sets the nonce for UMACs + * + * Keys can be of any length. + * + * @param string $nonce + */ + public function setNonce($nonce = false) + { + switch (true) { + case !is_string($nonce): + case strlen($nonce) > 0 && strlen($nonce) <= 16: + $this->recomputeAESKey = true; + $this->nonce = $nonce; + return; + } + + throw new \LengthException('The nonce length must be between 1 and 16 bytes, inclusive'); + } + + /** + * Pre-compute the key used by the HMAC + * + * Quoting http://tools.ietf.org/html/rfc2104#section-2, "Applications that use keys longer than B bytes + * will first hash the key using H and then use the resultant L byte string as the actual key to HMAC." + * + * As documented in https://www.reddit.com/r/PHP/comments/9nct2l/symfonypolyfill_hash_pbkdf2_correct_fix_for/ + * when doing an HMAC multiple times it's faster to compute the hash once instead of computing it during + * every call + * + */ + private function computeKey() + { + if ($this->key === false) { + $this->computedKey = false; + return; + } + + if (strlen($this->key) <= $this->getBlockLengthInBytes()) { + $this->computedKey = $this->key; + return; + } + + $this->computedKey = is_array($this->algo) ? + call_user_func($this->algo, $this->key) : + hash($this->algo, $this->key, true); + } + + /** + * Gets the hash function. + * + * As set by the constructor or by the setHash() method. + * + * @return string + */ + public function getHash() + { + return $this->hashParam; + } + + /** + * Sets the hash function. + * + * @param string $hash + */ + public function setHash($hash) + { + $this->hashParam = $hash = strtolower($hash); + switch ($hash) { + case 'umac-32': + case 'umac-64': + case 'umac-96': + case 'umac-128': + $this->blockSize = 128; + $this->length = abs(substr($hash, -3)) >> 3; + $this->algo = 'umac'; + return; + case 'md2-96': + case 'md5-96': + case 'sha1-96': + case 'sha224-96': + case 'sha256-96': + case 'sha384-96': + case 'sha512-96': + case 'sha512/224-96': + case 'sha512/256-96': + $hash = substr($hash, 0, -3); + $this->length = 12; // 96 / 8 = 12 + break; + case 'md2': + case 'md5': + $this->length = 16; + break; + case 'sha1': + $this->length = 20; + break; + case 'sha224': + case 'sha512/224': + case 'sha3-224': + $this->length = 28; + break; + case 'keccak256': + $this->paddingType = self::PADDING_KECCAK; + // fall-through + case 'sha256': + case 'sha512/256': + case 'sha3-256': + $this->length = 32; + break; + case 'sha384': + case 'sha3-384': + $this->length = 48; + break; + case 'sha512': + case 'sha3-512': + $this->length = 64; + break; + default: + if (preg_match('#^(shake(?:128|256))-(\d+)$#', $hash, $matches)) { + $this->paddingType = self::PADDING_SHAKE; + $hash = $matches[1]; + $this->length = $matches[2] >> 3; + } else { + throw new UnsupportedAlgorithmException( + "$hash is not a supported algorithm" + ); + } + } + + switch ($hash) { + case 'md2': + case 'md2-96': + $this->blockSize = 128; + break; + case 'md5-96': + case 'sha1-96': + case 'sha224-96': + case 'sha256-96': + case 'md5': + case 'sha1': + case 'sha224': + case 'sha256': + $this->blockSize = 512; + break; + case 'sha3-224': + $this->blockSize = 1152; // 1600 - 2*224 + break; + case 'sha3-256': + case 'shake256': + case 'keccak256': + $this->blockSize = 1088; // 1600 - 2*256 + break; + case 'sha3-384': + $this->blockSize = 832; // 1600 - 2*384 + break; + case 'sha3-512': + $this->blockSize = 576; // 1600 - 2*512 + break; + case 'shake128': + $this->blockSize = 1344; // 1600 - 2*128 + break; + default: + $this->blockSize = 1024; + } + + if (in_array(substr($hash, 0, 5), ['sha3-', 'shake', 'kecca'])) { + // PHP 7.1.0 introduced support for "SHA3 fixed mode algorithms": + // http://php.net/ChangeLog-7.php#7.1.0 + if (version_compare(PHP_VERSION, '7.1.0') < 0 || substr($hash, 0, 5) != 'sha3-') { + //preg_match('#(\d+)$#', $hash, $matches); + //$this->parameters['capacity'] = 2 * $matches[1]; // 1600 - $this->blockSize + //$this->parameters['rate'] = 1600 - $this->parameters['capacity']; // == $this->blockSize + if (!$this->paddingType) { + $this->paddingType = self::PADDING_SHA3; + } + $this->parameters = [ + 'capacity' => 1600 - $this->blockSize, + 'rate' => $this->blockSize, + 'length' => $this->length, + 'padding' => $this->paddingType + ]; + $hash = ['phpseclib3\Crypt\Hash', PHP_INT_SIZE == 8 ? 'sha3_64' : 'sha3_32']; + } + } + + if ($hash == 'sha512/224' || $hash == 'sha512/256') { + // PHP 7.1.0 introduced sha512/224 and sha512/256 support: + // http://php.net/ChangeLog-7.php#7.1.0 + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + // from http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf#page=24 + $initial = $hash == 'sha512/256' ? + [ + '22312194FC2BF72C', '9F555FA3C84C64C2', '2393B86B6F53B151', '963877195940EABD', + '96283EE2A88EFFE3', 'BE5E1E2553863992', '2B0199FC2C85B8AA', '0EB72DDC81C52CA2' + ] : + [ + '8C3D37C819544DA2', '73E1996689DCD4D6', '1DFAB7AE32FF9C82', '679DD514582F9FCF', + '0F6D2B697BD44DA8', '77E36F7304C48942', '3F9D85A86A1D36C8', '1112E6AD91D692A1' + ]; + for ($i = 0; $i < 8; $i++) { + $initial[$i] = new BigInteger($initial[$i], 16); + $initial[$i]->setPrecision(64); + } + + $this->parameters = compact('initial'); + + $hash = ['phpseclib3\Crypt\Hash', 'sha512']; + } + } + + if (is_array($hash)) { + $b = $this->blockSize >> 3; + $this->ipad = str_repeat(chr(0x36), $b); + $this->opad = str_repeat(chr(0x5C), $b); + } + + $this->algo = $hash; + + $this->computeKey(); + } + + /** + * KDF: Key-Derivation Function + * + * The key-derivation function generates pseudorandom bits used to key the hash functions. + * + * @param int $index a non-negative integer less than 2^64 + * @param int $numbytes a non-negative integer less than 2^64 + * @return string string of length numbytes bytes + */ + private function kdf($index, $numbytes) + { + $this->c->setIV(pack('N4', 0, $index, 0, 1)); + + return $this->c->encrypt(str_repeat("\0", $numbytes)); + } + + /** + * PDF Algorithm + * + * @return string string of length taglen bytes. + */ + private function pdf() + { + $k = $this->key; + $nonce = $this->nonce; + $taglen = $this->length; + + // + // Extract and zero low bit(s) of Nonce if needed + // + if ($taglen <= 8) { + $last = strlen($nonce) - 1; + $mask = $taglen == 4 ? "\3" : "\1"; + $index = $nonce[$last] & $mask; + $nonce[$last] = $nonce[$last] ^ $index; + } + + // + // Make Nonce BLOCKLEN bytes by appending zeroes if needed + // + $nonce = str_pad($nonce, 16, "\0"); + + // + // Generate subkey, encipher and extract indexed substring + // + $kp = $this->kdf(0, 16); + $c = new AES('ctr'); + $c->disablePadding(); + $c->setKey($kp); + $c->setIV($nonce); + $t = $c->encrypt("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); + + // we could use ord() but per https://paragonie.com/blog/2016/06/constant-time-encoding-boring-cryptography-rfc-4648-and-you + // unpack() doesn't leak timing info + return $taglen <= 8 ? + substr($t, unpack('C', $index)[1] * $taglen, $taglen) : + substr($t, 0, $taglen); + } + + /** + * UHASH Algorithm + * + * @param string $m string of length less than 2^67 bits. + * @param int $taglen the integer 4, 8, 12 or 16. + * @return string string of length taglen bytes. + */ + private function uhash($m, $taglen) + { + // + // One internal iteration per 4 bytes of output + // + $iters = $taglen >> 2; + + // + // Define total key needed for all iterations using KDF. + // L1Key reuses most key material between iterations. + // + //$L1Key = $this->kdf(1, 1024 + ($iters - 1) * 16); + $L1Key = $this->kdf(1, (1024 + ($iters - 1)) * 16); + $L2Key = $this->kdf(2, $iters * 24); + $L3Key1 = $this->kdf(3, $iters * 64); + $L3Key2 = $this->kdf(4, $iters * 4); + + // + // For each iteration, extract key and do three-layer hash. + // If bytelength(M) <= 1024, then skip L2-HASH. + // + $y = ''; + for ($i = 0; $i < $iters; $i++) { + $L1Key_i = substr($L1Key, $i * 16, 1024); + $L2Key_i = substr($L2Key, $i * 24, 24); + $L3Key1_i = substr($L3Key1, $i * 64, 64); + $L3Key2_i = substr($L3Key2, $i * 4, 4); + + $a = self::L1Hash($L1Key_i, $m); + $b = strlen($m) <= 1024 ? "\0\0\0\0\0\0\0\0$a" : self::L2Hash($L2Key_i, $a); + $c = self::L3Hash($L3Key1_i, $L3Key2_i, $b); + $y .= $c; + } + + return $y; + } + + /** + * L1-HASH Algorithm + * + * The first-layer hash breaks the message into 1024-byte chunks and + * hashes each with a function called NH. Concatenating the results + * forms a string, which is up to 128 times shorter than the original. + * + * @param string $k string of length 1024 bytes. + * @param string $m string of length less than 2^67 bits. + * @return string string of length (8 * ceil(bitlength(M)/8192)) bytes. + */ + private static function L1Hash($k, $m) + { + // + // Break M into 1024 byte chunks (final chunk may be shorter) + // + $m = str_split($m, 1024); + + // + // For each chunk, except the last: endian-adjust, NH hash + // and add bit-length. Use results to build Y. + // + $length = new BigInteger(1024 * 8); + $y = ''; + for ($i = 0; $i < count($m) - 1; $i++) { + $m[$i] = pack('N*', ...unpack('V*', $m[$i])); // ENDIAN-SWAP + $y .= static::nh($k, $m[$i], $length); + } + + // + // For the last chunk: pad to 32-byte boundary, endian-adjust, + // NH hash and add bit-length. Concatenate the result to Y. + // + $length = count($m) ? strlen($m[$i]) : 0; + $pad = 32 - ($length % 32); + $pad = max(32, $length + $pad % 32); + $m[$i] = str_pad(isset($m[$i]) ? $m[$i] : '', $pad, "\0"); // zeropad + $m[$i] = pack('N*', ...unpack('V*', $m[$i])); // ENDIAN-SWAP + + $y .= static::nh($k, $m[$i], new BigInteger($length * 8)); + + return $y; + } + + /** + * NH Algorithm + * + * @param string $k string of length 1024 bytes. + * @param string $m string with length divisible by 32 bytes. + * @return string string of length 8 bytes. + */ + private static function nh($k, $m, $length) + { + $toUInt32 = function ($x) { + $x = new BigInteger($x, 256); + $x->setPrecision(32); + return $x; + }; + + // + // Break M and K into 4-byte chunks + // + //$t = strlen($m) >> 2; + $m = str_split($m, 4); + $t = count($m); + $k = str_split($k, 4); + $k = array_pad(array_slice($k, 0, $t), $t, 0); + + $m = array_map($toUInt32, $m); + $k = array_map($toUInt32, $k); + + // + // Perform NH hash on the chunks, pairing words for multiplication + // which are 4 apart to accommodate vector-parallelism. + // + $y = new BigInteger(); + $y->setPrecision(64); + $i = 0; + while ($i < $t) { + $temp = $m[$i]->add($k[$i]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 4]->add($k[$i + 4])); + $y = $y->add($temp); + + $temp = $m[$i + 1]->add($k[$i + 1]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 5]->add($k[$i + 5])); + $y = $y->add($temp); + + $temp = $m[$i + 2]->add($k[$i + 2]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 6]->add($k[$i + 6])); + $y = $y->add($temp); + + $temp = $m[$i + 3]->add($k[$i + 3]); + $temp->setPrecision(64); + $temp = $temp->multiply($m[$i + 7]->add($k[$i + 7])); + $y = $y->add($temp); + + $i += 8; + } + + return $y->add($length)->toBytes(); + } + + /** + * L2-HASH: Second-Layer Hash + * + * The second-layer rehashes the L1-HASH output using a polynomial hash + * called POLY. If the L1-HASH output is long, then POLY is called once + * on a prefix of the L1-HASH output and called using different settings + * on the remainder. (This two-step hashing of the L1-HASH output is + * needed only if the message length is greater than 16 megabytes.) + * Careful implementation of POLY is necessary to avoid a possible + * timing attack (see Section 6.6 for more information). + * + * @param string $k string of length 24 bytes. + * @param string $m string of length less than 2^64 bytes. + * @return string string of length 16 bytes. + */ + private static function L2Hash($k, $m) + { + // + // Extract keys and restrict to special key-sets + // + $k64 = $k & "\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF"; + $k64 = new BigInteger($k64, 256); + $k128 = substr($k, 8) & "\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF\x01\xFF\xFF\xFF"; + $k128 = new BigInteger($k128, 256); + + // + // If M is no more than 2^17 bytes, hash under 64-bit prime, + // otherwise, hash first 2^17 bytes under 64-bit prime and + // remainder under 128-bit prime. + // + if (strlen($m) <= 0x20000) { // 2^14 64-bit words + $y = self::poly(64, self::$maxwordrange64, $k64, $m); + } else { + $m_1 = substr($m, 0, 0x20000); // 1 << 17 + $m_2 = substr($m, 0x20000) . "\x80"; + $length = strlen($m_2); + $pad = 16 - ($length % 16); + $pad %= 16; + $m_2 = str_pad($m_2, $length + $pad, "\0"); // zeropad + $y = self::poly(64, self::$maxwordrange64, $k64, $m_1); + $y = str_pad($y, 16, "\0", STR_PAD_LEFT); + $y = self::poly(128, self::$maxwordrange128, $k128, $y . $m_2); + } + + return str_pad($y, 16, "\0", STR_PAD_LEFT); + } + + /** + * POLY Algorithm + * + * @param int $wordbits the integer 64 or 128. + * @param BigInteger $maxwordrange positive integer less than 2^wordbits. + * @param BigInteger $k integer in the range 0 ... prime(wordbits) - 1. + * @param string $m string with length divisible by (wordbits / 8) bytes. + * @return integer in the range 0 ... prime(wordbits) - 1. + */ + private static function poly($wordbits, $maxwordrange, $k, $m) + { + // + // Define constants used for fixing out-of-range words + // + $wordbytes = $wordbits >> 3; + if ($wordbits == 128) { + $factory = self::$factory128; + $offset = self::$offset128; + $marker = self::$marker128; + } else { + $factory = self::$factory64; + $offset = self::$offset64; + $marker = self::$marker64; + } + + $k = $factory->newInteger($k); + + // + // Break M into chunks of length wordbytes bytes + // + $m_i = str_split($m, $wordbytes); + + // + // Each input word m is compared with maxwordrange. If not smaller + // then 'marker' and (m - offset), both in range, are hashed. + // + $y = $factory->newInteger(new BigInteger(1)); + foreach ($m_i as $m) { + $m = $factory->newInteger(new BigInteger($m, 256)); + if ($m->compare($maxwordrange) >= 0) { + $y = $k->multiply($y)->add($marker); + $y = $k->multiply($y)->add($m->subtract($offset)); + } else { + $y = $k->multiply($y)->add($m); + } + } + + return $y->toBytes(); + } + + /** + * L3-HASH: Third-Layer Hash + * + * The output from L2-HASH is 16 bytes long. This final hash function + * hashes the 16-byte string to a fixed length of 4 bytes. + * + * @param string $k1 string of length 64 bytes. + * @param string $k2 string of length 4 bytes. + * @param string $m string of length 16 bytes. + * @return string string of length 4 bytes. + */ + private static function L3Hash($k1, $k2, $m) + { + $factory = self::$factory36; + + $y = $factory->newInteger(new BigInteger()); + for ($i = 0; $i < 8; $i++) { + $m_i = $factory->newInteger(new BigInteger(substr($m, 2 * $i, 2), 256)); + $k_i = $factory->newInteger(new BigInteger(substr($k1, 8 * $i, 8), 256)); + $y = $y->add($m_i->multiply($k_i)); + } + $y = str_pad(substr($y->toBytes(), -4), 4, "\0", STR_PAD_LEFT); + $y = $y ^ $k2; + + return $y; + } + + /** + * Compute the Hash / HMAC / UMAC. + * + * @param string $text + * @return string + */ + public function hash($text) + { + $algo = $this->algo; + if ($algo == 'umac') { + if ($this->recomputeAESKey) { + if (!is_string($this->nonce)) { + throw new InsufficientSetupException('No nonce has been set'); + } + if (!is_string($this->key)) { + throw new InsufficientSetupException('No key has been set'); + } + if (strlen($this->key) != 16) { + throw new \LengthException('Key must be 16 bytes long'); + } + + if (!isset(self::$maxwordrange64)) { + $one = new BigInteger(1); + + $prime36 = new BigInteger("\x00\x00\x00\x0F\xFF\xFF\xFF\xFB", 256); + self::$factory36 = new PrimeField($prime36); + + $prime64 = new BigInteger("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC5", 256); + self::$factory64 = new PrimeField($prime64); + + $prime128 = new BigInteger("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x61", 256); + self::$factory128 = new PrimeField($prime128); + + self::$offset64 = new BigInteger("\1\0\0\0\0\0\0\0\0", 256); + self::$offset64 = self::$factory64->newInteger(self::$offset64->subtract($prime64)); + self::$offset128 = new BigInteger("\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256); + self::$offset128 = self::$factory128->newInteger(self::$offset128->subtract($prime128)); + + self::$marker64 = self::$factory64->newInteger($prime64->subtract($one)); + self::$marker128 = self::$factory128->newInteger($prime128->subtract($one)); + + $maxwordrange64 = $one->bitwise_leftShift(64)->subtract($one->bitwise_leftShift(32)); + self::$maxwordrange64 = self::$factory64->newInteger($maxwordrange64); + + $maxwordrange128 = $one->bitwise_leftShift(128)->subtract($one->bitwise_leftShift(96)); + self::$maxwordrange128 = self::$factory128->newInteger($maxwordrange128); + } + + $this->c = new AES('ctr'); + $this->c->disablePadding(); + $this->c->setKey($this->key); + + $this->pad = $this->pdf(); + + $this->recomputeAESKey = false; + } + + $hashedmessage = $this->uhash($text, $this->length); + return $hashedmessage ^ $this->pad; + } + + if (is_array($algo)) { + if (empty($this->key) || !is_string($this->key)) { + return substr($algo($text, ...array_values($this->parameters)), 0, $this->length); + } + + // SHA3 HMACs are discussed at https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf#page=30 + + $key = str_pad($this->computedKey, $b, chr(0)); + $temp = $this->ipad ^ $key; + $temp .= $text; + $temp = substr($algo($temp, ...array_values($this->parameters)), 0, $this->length); + $output = $this->opad ^ $key; + $output .= $temp; + $output = $algo($output, ...array_values($this->parameters)); + + return substr($output, 0, $this->length); + } + + $output = !empty($this->key) || is_string($this->key) ? + hash_hmac($algo, $text, $this->computedKey, true) : + hash($algo, $text, true); + + return strlen($output) > $this->length + ? substr($output, 0, $this->length) + : $output; + } + + /** + * Returns the hash length (in bits) + * + * @return int + */ + public function getLength() + { + return $this->length << 3; + } + + /** + * Returns the hash length (in bytes) + * + * @return int + */ + public function getLengthInBytes() + { + return $this->length; + } + + /** + * Returns the block length (in bits) + * + * @return int + */ + public function getBlockLength() + { + return $this->blockSize; + } + + /** + * Returns the block length (in bytes) + * + * @return int + */ + public function getBlockLengthInBytes() + { + return $this->blockSize >> 3; + } + + /** + * Pads SHA3 based on the mode + * + * @param int $padLength + * @param int $padType + * @return string + */ + private static function sha3_pad($padLength, $padType) + { + switch ($padType) { + case self::PADDING_KECCAK: + $temp = chr(0x01) . str_repeat("\0", $padLength - 1); + $temp[$padLength - 1] = $temp[$padLength - 1] | chr(0x80); + return $temp; + case self::PADDING_SHAKE: + $temp = chr(0x1F) . str_repeat("\0", $padLength - 1); + $temp[$padLength - 1] = $temp[$padLength - 1] | chr(0x80); + return $temp; + //case self::PADDING_SHA3: + default: + // from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf#page=36 + return $padLength == 1 ? chr(0x86) : chr(0x06) . str_repeat("\0", $padLength - 2) . chr(0x80); + } + } + + /** + * Pure-PHP 32-bit implementation of SHA3 + * + * Whereas BigInteger.php's 32-bit engine works on PHP 64-bit this 32-bit implementation + * of SHA3 will *not* work on PHP 64-bit. This is because this implementation + * employees bitwise NOTs and bitwise left shifts. And the round constants only work + * on 32-bit PHP. eg. dechex(-2147483648) returns 80000000 on 32-bit PHP and + * FFFFFFFF80000000 on 64-bit PHP. Sure, we could do bitwise ANDs but that would slow + * things down. + * + * SHA512 requires BigInteger to simulate 64-bit unsigned integers because SHA2 employees + * addition whereas SHA3 just employees bitwise operators. PHP64 only supports signed + * 64-bit integers, which complicates addition, whereas that limitation isn't an issue + * for SHA3. + * + * In https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=919061#page=16 KECCAK[C] is + * defined as "the KECCAK instance with KECCAK-f[1600] as the underlying permutation and + * capacity c". This is relevant because, altho the KECCAK standard defines a mode + * (KECCAK-f[800]) designed for 32-bit machines that mode is incompatible with SHA3 + * + * @param string $p + * @param int $c + * @param int $r + * @param int $d + * @param int $padType + */ + private static function sha3_32($p, $c, $r, $d, $padType) + { + $block_size = $r >> 3; + $padLength = $block_size - (strlen($p) % $block_size); + $num_ints = $block_size >> 2; + + $p .= static::sha3_pad($padLength, $padType); + + $n = strlen($p) / $r; // number of blocks + + $s = [ + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]], + [[0, 0], [0, 0], [0, 0], [0, 0], [0, 0]] + ]; + + $p = str_split($p, $block_size); + + foreach ($p as $pi) { + $pi = unpack('V*', $pi); + $x = $y = 0; + for ($i = 1; $i <= $num_ints; $i += 2) { + $s[$x][$y][0] ^= $pi[$i + 1]; + $s[$x][$y][1] ^= $pi[$i]; + if (++$y == 5) { + $y = 0; + $x++; + } + } + static::processSHA3Block32($s); + } + + $z = ''; + $i = $j = 0; + while (strlen($z) < $d) { + $z .= pack('V2', $s[$i][$j][1], $s[$i][$j++][0]); + if ($j == 5) { + $j = 0; + $i++; + if ($i == 5) { + $i = 0; + static::processSHA3Block32($s); + } + } + } + + return $z; + } + + /** + * 32-bit block processing method for SHA3 + * + * @param array $s + */ + private static function processSHA3Block32(&$s) + { + static $rotationOffsets = [ + [ 0, 1, 62, 28, 27], + [36, 44, 6, 55, 20], + [ 3, 10, 43, 25, 39], + [41, 45, 15, 21, 8], + [18, 2, 61, 56, 14] + ]; + + // the standards give these constants in hexadecimal notation. it's tempting to want to use + // that same notation, here, however, we can't, because 0x80000000, on PHP32, is a positive + // float - not the negative int that we need to be in PHP32. so we use -2147483648 instead + static $roundConstants = [ + [0, 1], + [0, 32898], + [-2147483648, 32906], + [-2147483648, -2147450880], + [0, 32907], + [0, -2147483647], + [-2147483648, -2147450751], + [-2147483648, 32777], + [0, 138], + [0, 136], + [0, -2147450871], + [0, -2147483638], + [0, -2147450741], + [-2147483648, 139], + [-2147483648, 32905], + [-2147483648, 32771], + [-2147483648, 32770], + [-2147483648, 128], + [0, 32778], + [-2147483648, -2147483638], + [-2147483648, -2147450751], + [-2147483648, 32896], + [0, -2147483647], + [-2147483648, -2147450872] + ]; + + for ($round = 0; $round < 24; $round++) { + // theta step + $parity = $rotated = []; + for ($i = 0; $i < 5; $i++) { + $parity[] = [ + $s[0][$i][0] ^ $s[1][$i][0] ^ $s[2][$i][0] ^ $s[3][$i][0] ^ $s[4][$i][0], + $s[0][$i][1] ^ $s[1][$i][1] ^ $s[2][$i][1] ^ $s[3][$i][1] ^ $s[4][$i][1] + ]; + $rotated[] = static::rotateLeft32($parity[$i], 1); + } + + $temp = [ + [$parity[4][0] ^ $rotated[1][0], $parity[4][1] ^ $rotated[1][1]], + [$parity[0][0] ^ $rotated[2][0], $parity[0][1] ^ $rotated[2][1]], + [$parity[1][0] ^ $rotated[3][0], $parity[1][1] ^ $rotated[3][1]], + [$parity[2][0] ^ $rotated[4][0], $parity[2][1] ^ $rotated[4][1]], + [$parity[3][0] ^ $rotated[0][0], $parity[3][1] ^ $rotated[0][1]] + ]; + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $s[$i][$j][0] ^= $temp[$j][0]; + $s[$i][$j][1] ^= $temp[$j][1]; + } + } + + $st = $s; + + // rho and pi steps + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $st[(2 * $i + 3 * $j) % 5][$j] = static::rotateLeft32($s[$j][$i], $rotationOffsets[$j][$i]); + } + } + + // chi step + for ($i = 0; $i < 5; $i++) { + $s[$i][0] = [ + $st[$i][0][0] ^ (~$st[$i][1][0] & $st[$i][2][0]), + $st[$i][0][1] ^ (~$st[$i][1][1] & $st[$i][2][1]) + ]; + $s[$i][1] = [ + $st[$i][1][0] ^ (~$st[$i][2][0] & $st[$i][3][0]), + $st[$i][1][1] ^ (~$st[$i][2][1] & $st[$i][3][1]) + ]; + $s[$i][2] = [ + $st[$i][2][0] ^ (~$st[$i][3][0] & $st[$i][4][0]), + $st[$i][2][1] ^ (~$st[$i][3][1] & $st[$i][4][1]) + ]; + $s[$i][3] = [ + $st[$i][3][0] ^ (~$st[$i][4][0] & $st[$i][0][0]), + $st[$i][3][1] ^ (~$st[$i][4][1] & $st[$i][0][1]) + ]; + $s[$i][4] = [ + $st[$i][4][0] ^ (~$st[$i][0][0] & $st[$i][1][0]), + $st[$i][4][1] ^ (~$st[$i][0][1] & $st[$i][1][1]) + ]; + } + + // iota step + $s[0][0][0] ^= $roundConstants[$round][0]; + $s[0][0][1] ^= $roundConstants[$round][1]; + } + } + + /** + * Rotate 32-bit int + * + * @param array $x + * @param int $shift + */ + private static function rotateLeft32($x, $shift) + { + if ($shift < 32) { + list($hi, $lo) = $x; + } else { + $shift -= 32; + list($lo, $hi) = $x; + } + + return [ + ($hi << $shift) | (($lo >> (32 - $shift)) & (1 << $shift) - 1), + ($lo << $shift) | (($hi >> (32 - $shift)) & (1 << $shift) - 1) + ]; + } + + /** + * Pure-PHP 64-bit implementation of SHA3 + * + * @param string $p + * @param int $c + * @param int $r + * @param int $d + * @param int $padType + */ + private static function sha3_64($p, $c, $r, $d, $padType) + { + $block_size = $r >> 3; + $padLength = $block_size - (strlen($p) % $block_size); + $num_ints = $block_size >> 2; + + $p .= static::sha3_pad($padLength, $padType); + + $n = strlen($p) / $r; // number of blocks + + $s = [ + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0], + [0, 0, 0, 0, 0] + ]; + + $p = str_split($p, $block_size); + + foreach ($p as $pi) { + $pi = unpack('P*', $pi); + $x = $y = 0; + foreach ($pi as $subpi) { + $s[$x][$y++] ^= $subpi; + if ($y == 5) { + $y = 0; + $x++; + } + } + static::processSHA3Block64($s); + } + + $z = ''; + $i = $j = 0; + while (strlen($z) < $d) { + $z .= pack('P', $s[$i][$j++]); + if ($j == 5) { + $j = 0; + $i++; + if ($i == 5) { + $i = 0; + static::processSHA3Block64($s); + } + } + } + + return $z; + } + + /** + * 64-bit block processing method for SHA3 + * + * @param array $s + */ + private static function processSHA3Block64(&$s) + { + static $rotationOffsets = [ + [ 0, 1, 62, 28, 27], + [36, 44, 6, 55, 20], + [ 3, 10, 43, 25, 39], + [41, 45, 15, 21, 8], + [18, 2, 61, 56, 14] + ]; + + static $roundConstants = [ + 1, + 32898, + -9223372036854742902, + -9223372034707259392, + 32907, + 2147483649, + -9223372034707259263, + -9223372036854743031, + 138, + 136, + 2147516425, + 2147483658, + 2147516555, + -9223372036854775669, + -9223372036854742903, + -9223372036854743037, + -9223372036854743038, + -9223372036854775680, + 32778, + -9223372034707292150, + -9223372034707259263, + -9223372036854742912, + 2147483649, + -9223372034707259384 + ]; + + for ($round = 0; $round < 24; $round++) { + // theta step + $parity = []; + for ($i = 0; $i < 5; $i++) { + $parity[] = $s[0][$i] ^ $s[1][$i] ^ $s[2][$i] ^ $s[3][$i] ^ $s[4][$i]; + } + $temp = [ + $parity[4] ^ static::rotateLeft64($parity[1], 1), + $parity[0] ^ static::rotateLeft64($parity[2], 1), + $parity[1] ^ static::rotateLeft64($parity[3], 1), + $parity[2] ^ static::rotateLeft64($parity[4], 1), + $parity[3] ^ static::rotateLeft64($parity[0], 1) + ]; + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $s[$i][$j] ^= $temp[$j]; + } + } + + $st = $s; + + // rho and pi steps + for ($i = 0; $i < 5; $i++) { + for ($j = 0; $j < 5; $j++) { + $st[(2 * $i + 3 * $j) % 5][$j] = static::rotateLeft64($s[$j][$i], $rotationOffsets[$j][$i]); + } + } + + // chi step + for ($i = 0; $i < 5; $i++) { + $s[$i] = [ + $st[$i][0] ^ (~$st[$i][1] & $st[$i][2]), + $st[$i][1] ^ (~$st[$i][2] & $st[$i][3]), + $st[$i][2] ^ (~$st[$i][3] & $st[$i][4]), + $st[$i][3] ^ (~$st[$i][4] & $st[$i][0]), + $st[$i][4] ^ (~$st[$i][0] & $st[$i][1]) + ]; + } + + // iota step + $s[0][0] ^= $roundConstants[$round]; + } + } + + /** + * Rotate 64-bit int + * + * @param int $x + * @param int $shift + */ + private static function rotateLeft64($x, $shift) + { + return ($x << $shift) | (($x >> (64 - $shift)) & ((1 << $shift) - 1)); + } + + /** + * Pure-PHP implementation of SHA512 + * + * @param string $m + * @param array $hash + * @return string + */ + private static function sha512($m, $hash) + { + static $k; + + if (!isset($k)) { + // Initialize table of round constants + // (first 64 bits of the fractional parts of the cube roots of the first 80 primes 2..409) + $k = [ + '428a2f98d728ae22', '7137449123ef65cd', 'b5c0fbcfec4d3b2f', 'e9b5dba58189dbbc', + '3956c25bf348b538', '59f111f1b605d019', '923f82a4af194f9b', 'ab1c5ed5da6d8118', + 'd807aa98a3030242', '12835b0145706fbe', '243185be4ee4b28c', '550c7dc3d5ffb4e2', + '72be5d74f27b896f', '80deb1fe3b1696b1', '9bdc06a725c71235', 'c19bf174cf692694', + 'e49b69c19ef14ad2', 'efbe4786384f25e3', '0fc19dc68b8cd5b5', '240ca1cc77ac9c65', + '2de92c6f592b0275', '4a7484aa6ea6e483', '5cb0a9dcbd41fbd4', '76f988da831153b5', + '983e5152ee66dfab', 'a831c66d2db43210', 'b00327c898fb213f', 'bf597fc7beef0ee4', + 'c6e00bf33da88fc2', 'd5a79147930aa725', '06ca6351e003826f', '142929670a0e6e70', + '27b70a8546d22ffc', '2e1b21385c26c926', '4d2c6dfc5ac42aed', '53380d139d95b3df', + '650a73548baf63de', '766a0abb3c77b2a8', '81c2c92e47edaee6', '92722c851482353b', + 'a2bfe8a14cf10364', 'a81a664bbc423001', 'c24b8b70d0f89791', 'c76c51a30654be30', + 'd192e819d6ef5218', 'd69906245565a910', 'f40e35855771202a', '106aa07032bbd1b8', + '19a4c116b8d2d0c8', '1e376c085141ab53', '2748774cdf8eeb99', '34b0bcb5e19b48a8', + '391c0cb3c5c95a63', '4ed8aa4ae3418acb', '5b9cca4f7763e373', '682e6ff3d6b2b8a3', + '748f82ee5defb2fc', '78a5636f43172f60', '84c87814a1f0ab72', '8cc702081a6439ec', + '90befffa23631e28', 'a4506cebde82bde9', 'bef9a3f7b2c67915', 'c67178f2e372532b', + 'ca273eceea26619c', 'd186b8c721c0c207', 'eada7dd6cde0eb1e', 'f57d4f7fee6ed178', + '06f067aa72176fba', '0a637dc5a2c898a6', '113f9804bef90dae', '1b710b35131c471b', + '28db77f523047d84', '32caab7b40c72493', '3c9ebe0a15c9bebc', '431d67c49c100d4c', + '4cc5d4becb3e42b6', '597f299cfc657e2a', '5fcb6fab3ad6faec', '6c44198c4a475817' + ]; + + for ($i = 0; $i < 80; $i++) { + $k[$i] = new BigInteger($k[$i], 16); + } + } + + // Pre-processing + $length = strlen($m); + // to round to nearest 112 mod 128, we'll add 128 - (length + (128 - 112)) % 128 + $m .= str_repeat(chr(0), 128 - (($length + 16) & 0x7F)); + $m[$length] = chr(0x80); + // we don't support hashing strings 512MB long + $m .= pack('N4', 0, 0, 0, $length << 3); + + // Process the message in successive 1024-bit chunks + $chunks = str_split($m, 128); + foreach ($chunks as $chunk) { + $w = []; + for ($i = 0; $i < 16; $i++) { + $temp = new BigInteger(Strings::shift($chunk, 8), 256); + $temp->setPrecision(64); + $w[] = $temp; + } + + // Extend the sixteen 32-bit words into eighty 32-bit words + for ($i = 16; $i < 80; $i++) { + $temp = [ + $w[$i - 15]->bitwise_rightRotate(1), + $w[$i - 15]->bitwise_rightRotate(8), + $w[$i - 15]->bitwise_rightShift(7) + ]; + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = [ + $w[$i - 2]->bitwise_rightRotate(19), + $w[$i - 2]->bitwise_rightRotate(61), + $w[$i - 2]->bitwise_rightShift(6) + ]; + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $w[$i] = clone $w[$i - 16]; + $w[$i] = $w[$i]->add($s0); + $w[$i] = $w[$i]->add($w[$i - 7]); + $w[$i] = $w[$i]->add($s1); + } + + // Initialize hash value for this chunk + $a = clone $hash[0]; + $b = clone $hash[1]; + $c = clone $hash[2]; + $d = clone $hash[3]; + $e = clone $hash[4]; + $f = clone $hash[5]; + $g = clone $hash[6]; + $h = clone $hash[7]; + + // Main loop + for ($i = 0; $i < 80; $i++) { + $temp = [ + $a->bitwise_rightRotate(28), + $a->bitwise_rightRotate(34), + $a->bitwise_rightRotate(39) + ]; + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = [ + $a->bitwise_and($b), + $a->bitwise_and($c), + $b->bitwise_and($c) + ]; + $maj = $temp[0]->bitwise_xor($temp[1]); + $maj = $maj->bitwise_xor($temp[2]); + $t2 = $s0->add($maj); + + $temp = [ + $e->bitwise_rightRotate(14), + $e->bitwise_rightRotate(18), + $e->bitwise_rightRotate(41) + ]; + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $temp = [ + $e->bitwise_and($f), + $g->bitwise_and($e->bitwise_not()) + ]; + $ch = $temp[0]->bitwise_xor($temp[1]); + $t1 = $h->add($s1); + $t1 = $t1->add($ch); + $t1 = $t1->add($k[$i]); + $t1 = $t1->add($w[$i]); + + $h = clone $g; + $g = clone $f; + $f = clone $e; + $e = $d->add($t1); + $d = clone $c; + $c = clone $b; + $b = clone $a; + $a = $t1->add($t2); + } + + // Add this chunk's hash to result so far + $hash = [ + $hash[0]->add($a), + $hash[1]->add($b), + $hash[2]->add($c), + $hash[3]->add($d), + $hash[4]->add($e), + $hash[5]->add($f), + $hash[6]->add($g), + $hash[7]->add($h) + ]; + } + + // Produce the final hash value (big-endian) + // (\phpseclib3\Crypt\Hash::hash() trims the output for hashes but not for HMACs. as such, we trim the output here) + $temp = $hash[0]->toBytes() . $hash[1]->toBytes() . $hash[2]->toBytes() . $hash[3]->toBytes() . + $hash[4]->toBytes() . $hash[5]->toBytes() . $hash[6]->toBytes() . $hash[7]->toBytes(); + + return $temp; + } + + /** + * __toString() magic method + */ + public function __toString() + { + return $this->getHash(); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/PublicKeyLoader.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/PublicKeyLoader.php new file mode 100644 index 0000000..61afbae --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/PublicKeyLoader.php @@ -0,0 +1,111 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Exception\NoKeyLoadedException; +use phpseclib3\File\X509; + +/** + * PublicKeyLoader + * + * @author Jim Wigginton + */ +abstract class PublicKeyLoader +{ + /** + * Loads a public or private key + * + * @return AsymmetricKey + * @param string|array $key + * @param string $password optional + */ + public static function load($key, $password = false) + { + try { + return EC::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + try { + return RSA::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + try { + return DSA::load($key, $password); + } catch (NoKeyLoadedException $e) { + } + + try { + $x509 = new X509(); + $x509->loadX509($key); + $key = $x509->getPublicKey(); + if ($key) { + return $key; + } + } catch (\Exception $e) { + } + + throw new NoKeyLoadedException('Unable to read key'); + } + + /** + * Loads a private key + * + * @return PrivateKey + * @param string|array $key + * @param string $password optional + */ + public static function loadPrivateKey($key, $password = false) + { + $key = self::load($key, $password); + if (!$key instanceof PrivateKey) { + throw new NoKeyLoadedException('The key that was loaded was not a private key'); + } + return $key; + } + + /** + * Loads a public key + * + * @return PublicKey + * @param string|array $key + */ + public static function loadPublicKey($key) + { + $key = self::load($key); + if (!$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a public key'); + } + return $key; + } + + /** + * Loads parameters + * + * @return AsymmetricKey + * @param string|array $key + */ + public static function loadParameters($key) + { + $key = self::load($key); + if (!$key instanceof PrivateKey && !$key instanceof PublicKey) { + throw new NoKeyLoadedException('The key that was loaded was not a parameter'); + } + return $key; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC2.php new file mode 100644 index 0000000..654c906 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC2.php @@ -0,0 +1,640 @@ + + * setKey('abcdefgh'); + * + * $plaintext = str_repeat('a', 1024); + * + * echo $rc2->decrypt($rc2->encrypt($plaintext)); + * ?> + * + * + * @author Patrick Monnerat + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadModeException; + +/** + * Pure-PHP implementation of RC2. + * + */ +class RC2 extends BlockCipher +{ + /** + * Block Length of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::block_size + * @var int + */ + protected $block_size = 8; + + /** + * The Key + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::key + * @see self::setKey() + * @var string + */ + protected $key; + + /** + * The Original (unpadded) Key + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::key + * @see self::setKey() + * @see self::encrypt() + * @see self::decrypt() + * @var string + */ + private $orig_key; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\RC2::setKeyLength() + * @var int + */ + protected $key_length = 16; // = 128 bits + + /** + * The mcrypt specific name of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt + * @var string + */ + protected $cipher_name_mcrypt = 'rc2'; + + /** + * Optimizing value while CFB-encrypting + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cfb_init_len + * @var int + */ + protected $cfb_init_len = 500; + + /** + * The key length in bits. + * + * {@internal Should be in range [1..1024].} + * + * {@internal Changing this value after setting the key has no effect.} + * + * @see self::setKeyLength() + * @see self::setKey() + * @var int + */ + private $default_key_length = 1024; + + /** + * The key length in bits. + * + * {@internal Should be in range [1..1024].} + * + * @see self::isValidEnine() + * @see self::setKey() + * @var int + */ + private $current_key_length; + + /** + * The Key Schedule + * + * @see self::setupKey() + * @var array + */ + private $keys; + + /** + * Key expansion randomization table. + * Twice the same 256-value sequence to save a modulus in key expansion. + * + * @see self::setKey() + * @var array + */ + private static $pitable = [ + 0xD9, 0x78, 0xF9, 0xC4, 0x19, 0xDD, 0xB5, 0xED, + 0x28, 0xE9, 0xFD, 0x79, 0x4A, 0xA0, 0xD8, 0x9D, + 0xC6, 0x7E, 0x37, 0x83, 0x2B, 0x76, 0x53, 0x8E, + 0x62, 0x4C, 0x64, 0x88, 0x44, 0x8B, 0xFB, 0xA2, + 0x17, 0x9A, 0x59, 0xF5, 0x87, 0xB3, 0x4F, 0x13, + 0x61, 0x45, 0x6D, 0x8D, 0x09, 0x81, 0x7D, 0x32, + 0xBD, 0x8F, 0x40, 0xEB, 0x86, 0xB7, 0x7B, 0x0B, + 0xF0, 0x95, 0x21, 0x22, 0x5C, 0x6B, 0x4E, 0x82, + 0x54, 0xD6, 0x65, 0x93, 0xCE, 0x60, 0xB2, 0x1C, + 0x73, 0x56, 0xC0, 0x14, 0xA7, 0x8C, 0xF1, 0xDC, + 0x12, 0x75, 0xCA, 0x1F, 0x3B, 0xBE, 0xE4, 0xD1, + 0x42, 0x3D, 0xD4, 0x30, 0xA3, 0x3C, 0xB6, 0x26, + 0x6F, 0xBF, 0x0E, 0xDA, 0x46, 0x69, 0x07, 0x57, + 0x27, 0xF2, 0x1D, 0x9B, 0xBC, 0x94, 0x43, 0x03, + 0xF8, 0x11, 0xC7, 0xF6, 0x90, 0xEF, 0x3E, 0xE7, + 0x06, 0xC3, 0xD5, 0x2F, 0xC8, 0x66, 0x1E, 0xD7, + 0x08, 0xE8, 0xEA, 0xDE, 0x80, 0x52, 0xEE, 0xF7, + 0x84, 0xAA, 0x72, 0xAC, 0x35, 0x4D, 0x6A, 0x2A, + 0x96, 0x1A, 0xD2, 0x71, 0x5A, 0x15, 0x49, 0x74, + 0x4B, 0x9F, 0xD0, 0x5E, 0x04, 0x18, 0xA4, 0xEC, + 0xC2, 0xE0, 0x41, 0x6E, 0x0F, 0x51, 0xCB, 0xCC, + 0x24, 0x91, 0xAF, 0x50, 0xA1, 0xF4, 0x70, 0x39, + 0x99, 0x7C, 0x3A, 0x85, 0x23, 0xB8, 0xB4, 0x7A, + 0xFC, 0x02, 0x36, 0x5B, 0x25, 0x55, 0x97, 0x31, + 0x2D, 0x5D, 0xFA, 0x98, 0xE3, 0x8A, 0x92, 0xAE, + 0x05, 0xDF, 0x29, 0x10, 0x67, 0x6C, 0xBA, 0xC9, + 0xD3, 0x00, 0xE6, 0xCF, 0xE1, 0x9E, 0xA8, 0x2C, + 0x63, 0x16, 0x01, 0x3F, 0x58, 0xE2, 0x89, 0xA9, + 0x0D, 0x38, 0x34, 0x1B, 0xAB, 0x33, 0xFF, 0xB0, + 0xBB, 0x48, 0x0C, 0x5F, 0xB9, 0xB1, 0xCD, 0x2E, + 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, + 0x0A, 0xA6, 0x20, 0x68, 0xFE, 0x7F, 0xC1, 0xAD, + 0xD9, 0x78, 0xF9, 0xC4, 0x19, 0xDD, 0xB5, 0xED, + 0x28, 0xE9, 0xFD, 0x79, 0x4A, 0xA0, 0xD8, 0x9D, + 0xC6, 0x7E, 0x37, 0x83, 0x2B, 0x76, 0x53, 0x8E, + 0x62, 0x4C, 0x64, 0x88, 0x44, 0x8B, 0xFB, 0xA2, + 0x17, 0x9A, 0x59, 0xF5, 0x87, 0xB3, 0x4F, 0x13, + 0x61, 0x45, 0x6D, 0x8D, 0x09, 0x81, 0x7D, 0x32, + 0xBD, 0x8F, 0x40, 0xEB, 0x86, 0xB7, 0x7B, 0x0B, + 0xF0, 0x95, 0x21, 0x22, 0x5C, 0x6B, 0x4E, 0x82, + 0x54, 0xD6, 0x65, 0x93, 0xCE, 0x60, 0xB2, 0x1C, + 0x73, 0x56, 0xC0, 0x14, 0xA7, 0x8C, 0xF1, 0xDC, + 0x12, 0x75, 0xCA, 0x1F, 0x3B, 0xBE, 0xE4, 0xD1, + 0x42, 0x3D, 0xD4, 0x30, 0xA3, 0x3C, 0xB6, 0x26, + 0x6F, 0xBF, 0x0E, 0xDA, 0x46, 0x69, 0x07, 0x57, + 0x27, 0xF2, 0x1D, 0x9B, 0xBC, 0x94, 0x43, 0x03, + 0xF8, 0x11, 0xC7, 0xF6, 0x90, 0xEF, 0x3E, 0xE7, + 0x06, 0xC3, 0xD5, 0x2F, 0xC8, 0x66, 0x1E, 0xD7, + 0x08, 0xE8, 0xEA, 0xDE, 0x80, 0x52, 0xEE, 0xF7, + 0x84, 0xAA, 0x72, 0xAC, 0x35, 0x4D, 0x6A, 0x2A, + 0x96, 0x1A, 0xD2, 0x71, 0x5A, 0x15, 0x49, 0x74, + 0x4B, 0x9F, 0xD0, 0x5E, 0x04, 0x18, 0xA4, 0xEC, + 0xC2, 0xE0, 0x41, 0x6E, 0x0F, 0x51, 0xCB, 0xCC, + 0x24, 0x91, 0xAF, 0x50, 0xA1, 0xF4, 0x70, 0x39, + 0x99, 0x7C, 0x3A, 0x85, 0x23, 0xB8, 0xB4, 0x7A, + 0xFC, 0x02, 0x36, 0x5B, 0x25, 0x55, 0x97, 0x31, + 0x2D, 0x5D, 0xFA, 0x98, 0xE3, 0x8A, 0x92, 0xAE, + 0x05, 0xDF, 0x29, 0x10, 0x67, 0x6C, 0xBA, 0xC9, + 0xD3, 0x00, 0xE6, 0xCF, 0xE1, 0x9E, 0xA8, 0x2C, + 0x63, 0x16, 0x01, 0x3F, 0x58, 0xE2, 0x89, 0xA9, + 0x0D, 0x38, 0x34, 0x1B, 0xAB, 0x33, 0xFF, 0xB0, + 0xBB, 0x48, 0x0C, 0x5F, 0xB9, 0xB1, 0xCD, 0x2E, + 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, + 0x0A, 0xA6, 0x20, 0x68, 0xFE, 0x7F, 0xC1, 0xAD + ]; + + /** + * Inverse key expansion randomization table. + * + * @see self::setKey() + * @var array + */ + private static $invpitable = [ + 0xD1, 0xDA, 0xB9, 0x6F, 0x9C, 0xC8, 0x78, 0x66, + 0x80, 0x2C, 0xF8, 0x37, 0xEA, 0xE0, 0x62, 0xA4, + 0xCB, 0x71, 0x50, 0x27, 0x4B, 0x95, 0xD9, 0x20, + 0x9D, 0x04, 0x91, 0xE3, 0x47, 0x6A, 0x7E, 0x53, + 0xFA, 0x3A, 0x3B, 0xB4, 0xA8, 0xBC, 0x5F, 0x68, + 0x08, 0xCA, 0x8F, 0x14, 0xD7, 0xC0, 0xEF, 0x7B, + 0x5B, 0xBF, 0x2F, 0xE5, 0xE2, 0x8C, 0xBA, 0x12, + 0xE1, 0xAF, 0xB2, 0x54, 0x5D, 0x59, 0x76, 0xDB, + 0x32, 0xA2, 0x58, 0x6E, 0x1C, 0x29, 0x64, 0xF3, + 0xE9, 0x96, 0x0C, 0x98, 0x19, 0x8D, 0x3E, 0x26, + 0xAB, 0xA5, 0x85, 0x16, 0x40, 0xBD, 0x49, 0x67, + 0xDC, 0x22, 0x94, 0xBB, 0x3C, 0xC1, 0x9B, 0xEB, + 0x45, 0x28, 0x18, 0xD8, 0x1A, 0x42, 0x7D, 0xCC, + 0xFB, 0x65, 0x8E, 0x3D, 0xCD, 0x2A, 0xA3, 0x60, + 0xAE, 0x93, 0x8A, 0x48, 0x97, 0x51, 0x15, 0xF7, + 0x01, 0x0B, 0xB7, 0x36, 0xB1, 0x2E, 0x11, 0xFD, + 0x84, 0x2D, 0x3F, 0x13, 0x88, 0xB3, 0x34, 0x24, + 0x1B, 0xDE, 0xC5, 0x1D, 0x4D, 0x2B, 0x17, 0x31, + 0x74, 0xA9, 0xC6, 0x43, 0x6D, 0x39, 0x90, 0xBE, + 0xC3, 0xB0, 0x21, 0x6B, 0xF6, 0x0F, 0xD5, 0x99, + 0x0D, 0xAC, 0x1F, 0x5C, 0x9E, 0xF5, 0xF9, 0x4C, + 0xD6, 0xDF, 0x89, 0xE4, 0x8B, 0xFF, 0xC7, 0xAA, + 0xE7, 0xED, 0x46, 0x25, 0xB6, 0x06, 0x5E, 0x35, + 0xB5, 0xEC, 0xCE, 0xE8, 0x6C, 0x30, 0x55, 0x61, + 0x4A, 0xFE, 0xA0, 0x79, 0x03, 0xF0, 0x10, 0x72, + 0x7C, 0xCF, 0x52, 0xA6, 0xA7, 0xEE, 0x44, 0xD3, + 0x9A, 0x57, 0x92, 0xD0, 0x5A, 0x7A, 0x41, 0x7F, + 0x0E, 0x00, 0x63, 0xF2, 0x4F, 0x05, 0x83, 0xC9, + 0xA1, 0xD4, 0xDD, 0xC4, 0x56, 0xF4, 0xD2, 0x77, + 0x81, 0x09, 0x82, 0x33, 0x9F, 0x07, 0x86, 0x75, + 0x38, 0x4E, 0x69, 0xF1, 0xAD, 0x23, 0x73, 0x87, + 0x70, 0x02, 0xC2, 0x1E, 0xB8, 0x0A, 0xFC, 0xE6 + ]; + + /** + * Default Constructor. + * + * @param string $mode + * @throws \InvalidArgumentException if an invalid / unsupported mode is provided + */ + public function __construct($mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + switch ($engine) { + case self::ENGINE_OPENSSL: + if ($this->current_key_length != 128 || strlen($this->orig_key) < 16) { + return false; + } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl_ecb = 'rc2-ecb'; + $this->cipher_name_openssl = 'rc2-' . $this->openssl_translate_mode(); + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the key length. + * + * Valid key lengths are 8 to 1024. + * Calling this function after setting the key has no effect until the next + * \phpseclib3\Crypt\RC2::setKey() call. + * + * @param int $length in bits + * @throws \LengthException if the key length isn't supported + */ + public function setKeyLength($length) + { + if ($length < 8 || $length > 1024) { + throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys between 1 and 1024 bits, inclusive, are supported'); + } + + $this->default_key_length = $this->current_key_length = $length; + $this->explicit_key_length = $length >> 3; + } + + /** + * Returns the current key length + * + * @return int + */ + public function getKeyLength() + { + return $this->current_key_length; + } + + /** + * Sets the key. + * + * Keys can be of any length. RC2, itself, uses 8 to 1024 bit keys (eg. + * strlen($key) <= 128), however, we only use the first 128 bytes if $key + * has more then 128 bytes in it, and set $key to a single null byte if + * it is empty. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKey() + * @param string $key + * @param int|boolean $t1 optional Effective key length in bits. + * @throws \LengthException if the key length isn't supported + */ + public function setKey($key, $t1 = false) + { + $this->orig_key = $key; + + if ($t1 === false) { + $t1 = $this->default_key_length; + } + + if ($t1 < 1 || $t1 > 1024) { + throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys between 1 and 1024 bits, inclusive, are supported'); + } + + $this->current_key_length = $t1; + if (strlen($key) < 1 || strlen($key) > 128) { + throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes between 8 and 1024 bits, inclusive, are supported'); + } + + $t = strlen($key); + + // The mcrypt RC2 implementation only supports effective key length + // of 1024 bits. It is however possible to handle effective key + // lengths in range 1..1024 by expanding the key and applying + // inverse pitable mapping to the first byte before submitting it + // to mcrypt. + + // Key expansion. + $l = array_values(unpack('C*', $key)); + $t8 = ($t1 + 7) >> 3; + $tm = 0xFF >> (8 * $t8 - $t1); + + // Expand key. + $pitable = self::$pitable; + for ($i = $t; $i < 128; $i++) { + $l[$i] = $pitable[$l[$i - 1] + $l[$i - $t]]; + } + $i = 128 - $t8; + $l[$i] = $pitable[$l[$i] & $tm]; + while ($i--) { + $l[$i] = $pitable[$l[$i + 1] ^ $l[$i + $t8]]; + } + + // Prepare the key for mcrypt. + $l[0] = self::$invpitable[$l[0]]; + array_unshift($l, 'C*'); + + $this->key = pack(...$l); + $this->key_length = strlen($this->key); + $this->changed = $this->nonIVChanged = true; + $this->setEngine(); + } + + /** + * Encrypts a message. + * + * Mostly a wrapper for \phpseclib3\Crypt\Common\SymmetricKey::encrypt, with some additional OpenSSL handling code + * + * @see self::decrypt() + * @param string $plaintext + * @return string $ciphertext + */ + public function encrypt($plaintext) + { + if ($this->engine == self::ENGINE_OPENSSL) { + $temp = $this->key; + $this->key = $this->orig_key; + $result = parent::encrypt($plaintext); + $this->key = $temp; + return $result; + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * Mostly a wrapper for \phpseclib3\Crypt\Common\SymmetricKey::decrypt, with some additional OpenSSL handling code + * + * @see self::encrypt() + * @param string $ciphertext + * @return string $plaintext + */ + public function decrypt($ciphertext) + { + if ($this->engine == self::ENGINE_OPENSSL) { + $temp = $this->key; + $this->key = $this->orig_key; + $result = parent::decrypt($ciphertext); + $this->key = $temp; + return $result; + } + + return parent::decrypt($ciphertext); + } + + /** + * Encrypts a block + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @param string $in + * @return string + */ + protected function encryptBlock($in) + { + list($r0, $r1, $r2, $r3) = array_values(unpack('v*', $in)); + $keys = $this->keys; + $limit = 20; + $actions = [$limit => 44, 44 => 64]; + $j = 0; + + for (;;) { + // Mixing round. + $r0 = (($r0 + $keys[$j++] + ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF) << 1; + $r0 |= $r0 >> 16; + $r1 = (($r1 + $keys[$j++] + ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF) << 2; + $r1 |= $r1 >> 16; + $r2 = (($r2 + $keys[$j++] + ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF) << 3; + $r2 |= $r2 >> 16; + $r3 = (($r3 + $keys[$j++] + ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF) << 5; + $r3 |= $r3 >> 16; + + if ($j === $limit) { + if ($limit === 64) { + break; + } + + // Mashing round. + $r0 += $keys[$r3 & 0x3F]; + $r1 += $keys[$r0 & 0x3F]; + $r2 += $keys[$r1 & 0x3F]; + $r3 += $keys[$r2 & 0x3F]; + $limit = $actions[$limit]; + } + } + + return pack('vvvv', $r0, $r1, $r2, $r3); + } + + /** + * Decrypts a block + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::decryptBlock() + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @param string $in + * @return string + */ + protected function decryptBlock($in) + { + list($r0, $r1, $r2, $r3) = array_values(unpack('v*', $in)); + $keys = $this->keys; + $limit = 44; + $actions = [$limit => 20, 20 => 0]; + $j = 64; + + for (;;) { + // R-mixing round. + $r3 = ($r3 | ($r3 << 16)) >> 5; + $r3 = ($r3 - $keys[--$j] - ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF; + $r2 = ($r2 | ($r2 << 16)) >> 3; + $r2 = ($r2 - $keys[--$j] - ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF; + $r1 = ($r1 | ($r1 << 16)) >> 2; + $r1 = ($r1 - $keys[--$j] - ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF; + $r0 = ($r0 | ($r0 << 16)) >> 1; + $r0 = ($r0 - $keys[--$j] - ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF; + + if ($j === $limit) { + if ($limit === 0) { + break; + } + + // R-mashing round. + $r3 = ($r3 - $keys[$r2 & 0x3F]) & 0xFFFF; + $r2 = ($r2 - $keys[$r1 & 0x3F]) & 0xFFFF; + $r1 = ($r1 - $keys[$r0 & 0x3F]) & 0xFFFF; + $r0 = ($r0 - $keys[$r3 & 0x3F]) & 0xFFFF; + $limit = $actions[$limit]; + } + } + + return pack('vvvv', $r0, $r1, $r2, $r3); + } + + /** + * Creates the key schedule + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey() + { + if (!isset($this->key)) { + $this->setKey(''); + } + + // Key has already been expanded in \phpseclib3\Crypt\RC2::setKey(): + // Only the first value must be altered. + $l = unpack('Ca/Cb/v*', $this->key); + array_unshift($l, self::$pitable[$l['a']] | ($l['b'] << 8)); + unset($l['a']); + unset($l['b']); + $this->keys = $l; + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupInlineCrypt() + */ + protected function setupInlineCrypt() + { + // Init code for both, encrypt and decrypt. + $init_crypt = '$keys = $this->keys;'; + + $keys = $this->keys; + + // $in is the current 8 bytes block which has to be en/decrypt + $encrypt_block = $decrypt_block = ' + $in = unpack("v4", $in); + $r0 = $in[1]; + $r1 = $in[2]; + $r2 = $in[3]; + $r3 = $in[4]; + '; + + // Create code for encryption. + $limit = 20; + $actions = [$limit => 44, 44 => 64]; + $j = 0; + + for (;;) { + // Mixing round. + $encrypt_block .= ' + $r0 = (($r0 + ' . $keys[$j++] . ' + + ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF) << 1; + $r0 |= $r0 >> 16; + $r1 = (($r1 + ' . $keys[$j++] . ' + + ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF) << 2; + $r1 |= $r1 >> 16; + $r2 = (($r2 + ' . $keys[$j++] . ' + + ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF) << 3; + $r2 |= $r2 >> 16; + $r3 = (($r3 + ' . $keys[$j++] . ' + + ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF) << 5; + $r3 |= $r3 >> 16;'; + + if ($j === $limit) { + if ($limit === 64) { + break; + } + + // Mashing round. + $encrypt_block .= ' + $r0 += $keys[$r3 & 0x3F]; + $r1 += $keys[$r0 & 0x3F]; + $r2 += $keys[$r1 & 0x3F]; + $r3 += $keys[$r2 & 0x3F];'; + $limit = $actions[$limit]; + } + } + + $encrypt_block .= '$in = pack("v4", $r0, $r1, $r2, $r3);'; + + // Create code for decryption. + $limit = 44; + $actions = [$limit => 20, 20 => 0]; + $j = 64; + + for (;;) { + // R-mixing round. + $decrypt_block .= ' + $r3 = ($r3 | ($r3 << 16)) >> 5; + $r3 = ($r3 - ' . $keys[--$j] . ' - + ((($r0 ^ $r1) & $r2) ^ $r0)) & 0xFFFF; + $r2 = ($r2 | ($r2 << 16)) >> 3; + $r2 = ($r2 - ' . $keys[--$j] . ' - + ((($r3 ^ $r0) & $r1) ^ $r3)) & 0xFFFF; + $r1 = ($r1 | ($r1 << 16)) >> 2; + $r1 = ($r1 - ' . $keys[--$j] . ' - + ((($r2 ^ $r3) & $r0) ^ $r2)) & 0xFFFF; + $r0 = ($r0 | ($r0 << 16)) >> 1; + $r0 = ($r0 - ' . $keys[--$j] . ' - + ((($r1 ^ $r2) & $r3) ^ $r1)) & 0xFFFF;'; + + if ($j === $limit) { + if ($limit === 0) { + break; + } + + // R-mashing round. + $decrypt_block .= ' + $r3 = ($r3 - $keys[$r2 & 0x3F]) & 0xFFFF; + $r2 = ($r2 - $keys[$r1 & 0x3F]) & 0xFFFF; + $r1 = ($r1 - $keys[$r0 & 0x3F]) & 0xFFFF; + $r0 = ($r0 - $keys[$r3 & 0x3F]) & 0xFFFF;'; + $limit = $actions[$limit]; + } + } + + $decrypt_block .= '$in = pack("v4", $r0, $r1, $r2, $r3);'; + + // Creates the inline-crypt function + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block + ] + ); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php new file mode 100644 index 0000000..5f3bff2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php @@ -0,0 +1,280 @@ + + * setKey('abcdefgh'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $rc4->decrypt($rc4->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\StreamCipher; + +/** + * Pure-PHP implementation of RC4. + * + * @author Jim Wigginton + */ +class RC4 extends StreamCipher +{ + /** + * @see \phpseclib3\Crypt\RC4::_crypt() + */ + const ENCRYPT = 0; + + /** + * @see \phpseclib3\Crypt\RC4::_crypt() + */ + const DECRYPT = 1; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\RC4::setKeyLength() + * @var int + */ + protected $key_length = 128; // = 1024 bits + + /** + * The mcrypt specific name of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt + * @var string + */ + protected $cipher_name_mcrypt = 'arcfour'; + + /** + * The Key + * + * @see self::setKey() + * @var string + */ + protected $key; + + /** + * The Key Stream for decryption and encryption + * + * @see self::setKey() + * @var array + */ + private $stream; + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + if ($engine == self::ENGINE_OPENSSL) { + if ($this->continuousBuffer) { + return false; + } + // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 + // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" + // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + return false; + } + $this->cipher_name_openssl = 'rc4-40'; + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the key length + * + * Keys can be between 1 and 256 bytes long. + * + * @param int $length + * @throws \LengthException if the key length is invalid + */ + public function setKeyLength($length) + { + if ($length < 8 || $length > 2048) { + throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys between 1 and 256 bytes are supported'); + } + + $this->key_length = $length >> 3; + + parent::setKeyLength($length); + } + + /** + * Sets the key length + * + * Keys can be between 1 and 256 bytes long. + * + * @param string $key + */ + public function setKey($key) + { + $length = strlen($key); + if ($length < 1 || $length > 256) { + throw new \LengthException('Key size of ' . $length . ' bytes is not supported by RC4. Keys must be between 1 and 256 bytes long'); + } + + parent::setKey($key); + } + + /** + * Encrypts a message. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @see self::crypt() + * @param string $plaintext + * @return string $ciphertext + */ + public function encrypt($plaintext) + { + if ($this->engine != self::ENGINE_INTERNAL) { + return parent::encrypt($plaintext); + } + return $this->crypt($plaintext, self::ENCRYPT); + } + + /** + * Decrypts a message. + * + * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). + * At least if the continuous buffer is disabled. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see self::crypt() + * @param string $ciphertext + * @return string $plaintext + */ + public function decrypt($ciphertext) + { + if ($this->engine != self::ENGINE_INTERNAL) { + return parent::decrypt($ciphertext); + } + return $this->crypt($ciphertext, self::DECRYPT); + } + + /** + * Encrypts a block + * + * @param string $in + */ + protected function encryptBlock($in) + { + // RC4 does not utilize this method + } + + /** + * Decrypts a block + * + * @param string $in + */ + protected function decryptBlock($in) + { + // RC4 does not utilize this method + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupKey() + */ + protected function setupKey() + { + $key = $this->key; + $keyLength = strlen($key); + $keyStream = range(0, 255); + $j = 0; + for ($i = 0; $i < 256; $i++) { + $j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255; + $temp = $keyStream[$i]; + $keyStream[$i] = $keyStream[$j]; + $keyStream[$j] = $temp; + } + + $this->stream = []; + $this->stream[self::DECRYPT] = $this->stream[self::ENCRYPT] = [ + 0, // index $i + 0, // index $j + $keyStream + ]; + } + + /** + * Encrypts or decrypts a message. + * + * @see self::encrypt() + * @see self::decrypt() + * @param string $text + * @param int $mode + * @return string $text + */ + private function crypt($text, $mode) + { + if ($this->changed) { + $this->setup(); + } + + $stream = &$this->stream[$mode]; + if ($this->continuousBuffer) { + $i = &$stream[0]; + $j = &$stream[1]; + $keyStream = &$stream[2]; + } else { + $i = $stream[0]; + $j = $stream[1]; + $keyStream = $stream[2]; + } + + $len = strlen($text); + for ($k = 0; $k < $len; ++$k) { + $i = ($i + 1) & 255; + $ksi = $keyStream[$i]; + $j = ($j + $ksi) & 255; + $ksj = $keyStream[$j]; + + $keyStream[$i] = $ksj; + $keyStream[$j] = $ksi; + $text[$k] = $text[$k] ^ chr($keyStream[($ksj + $ksi) & 255]); + } + + return $text; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php new file mode 100644 index 0000000..9cbe6bf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php @@ -0,0 +1,934 @@ + + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $ciphertext = $public->encrypt($plaintext); + * + * echo $private->decrypt($ciphertext); + * ?> + * + * + * Here's an example of how to create signatures and verify signatures with this library: + * + * getPublicKey(); + * + * $plaintext = 'terrafrost'; + * + * $signature = $private->sign($plaintext); + * + * echo $public->verify($plaintext, $signature) ? 'verified' : 'unverified'; + * ?> + * + * + * One thing to consider when using this: so phpseclib uses PSS mode by default. + * Technically, id-RSASSA-PSS has a different key format than rsaEncryption. So + * should phpseclib save to the id-RSASSA-PSS format by default or the + * rsaEncryption format? For stand-alone keys I figure rsaEncryption is better + * because SSH doesn't use PSS and idk how many SSH servers would be able to + * decode an id-RSASSA-PSS key. For X.509 certificates the id-RSASSA-PSS + * format is used by default (unless you change it up to use PKCS1 instead) + * + * @author Jim Wigginton + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Crypt\RSA\PrivateKey; +use phpseclib3\Crypt\RSA\PublicKey; +use phpseclib3\Exception\InconsistentSetupException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP PKCS#1 compliant implementation of RSA. + * + * @author Jim Wigginton + */ +abstract class RSA extends AsymmetricKey +{ + /** + * Algorithm Name + * + * @var string + */ + const ALGORITHM = 'RSA'; + + /** + * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding} + * (OAEP) for encryption / decryption. + * + * Uses sha256 by default + * + * @see self::setHash() + * @see self::setMGFHash() + * @see self::encrypt() + * @see self::decrypt() + */ + const ENCRYPTION_OAEP = 1; + + /** + * Use PKCS#1 padding. + * + * Although self::PADDING_OAEP / self::PADDING_PSS offers more security, including PKCS#1 padding is necessary for purposes of backwards + * compatibility with protocols (like SSH-1) written before OAEP's introduction. + * + * @see self::encrypt() + * @see self::decrypt() + */ + const ENCRYPTION_PKCS1 = 2; + + /** + * Do not use any padding + * + * Although this method is not recommended it can none-the-less sometimes be useful if you're trying to decrypt some legacy + * stuff, if you're trying to diagnose why an encrypted message isn't decrypting, etc. + * + * @see self::encrypt() + * @see self::decrypt() + */ + const ENCRYPTION_NONE = 4; + + /** + * Use the Probabilistic Signature Scheme for signing + * + * Uses sha256 and 0 as the salt length + * + * @see self::setSaltLength() + * @see self::setMGFHash() + * @see self::setHash() + * @see self::sign() + * @see self::verify() + * @see self::setHash() + */ + const SIGNATURE_PSS = 16; + + /** + * Use a relaxed version of PKCS#1 padding for signature verification + * + * @see self::sign() + * @see self::verify() + * @see self::setHash() + */ + const SIGNATURE_RELAXED_PKCS1 = 32; + + /** + * Use PKCS#1 padding for signature verification + * + * @see self::sign() + * @see self::verify() + * @see self::setHash() + */ + const SIGNATURE_PKCS1 = 64; + + /** + * Encryption padding mode + * + * @var int + */ + protected $encryptionPadding = self::ENCRYPTION_OAEP; + + /** + * Signature padding mode + * + * @var int + */ + protected $signaturePadding = self::SIGNATURE_PSS; + + /** + * Length of hash function output + * + * @var int + */ + protected $hLen; + + /** + * Length of salt + * + * @var int + */ + protected $sLen; + + /** + * Label + * + * @var string + */ + protected $label = ''; + + /** + * Hash function for the Mask Generation Function + * + * @var Hash + */ + protected $mgfHash; + + /** + * Length of MGF hash function output + * + * @var int + */ + protected $mgfHLen; + + /** + * Modulus (ie. n) + * + * @var Math\BigInteger + */ + protected $modulus; + + /** + * Modulus length + * + * @var Math\BigInteger + */ + protected $k; + + /** + * Exponent (ie. e or d) + * + * @var Math\BigInteger + */ + protected $exponent; + + /** + * Default public exponent + * + * @var int + * @link http://en.wikipedia.org/wiki/65537_%28number%29 + */ + private static $defaultExponent = 65537; + + /** + * Enable Blinding? + * + * @var bool + */ + protected static $enableBlinding = true; + + /** + * OpenSSL configuration file name. + * + * @see self::createKey() + * @var ?string + */ + protected static $configFile; + + /** + * Smallest Prime + * + * Per , this number ought not result in primes smaller + * than 256 bits. As a consequence if the key you're trying to create is 1024 bits and you've set smallestPrime + * to 384 bits then you're going to get a 384 bit prime and a 640 bit prime (384 + 1024 % 384). At least if + * engine is set to self::ENGINE_INTERNAL. If Engine is set to self::ENGINE_OPENSSL then smallest Prime is + * ignored (ie. multi-prime RSA support is more intended as a way to speed up RSA key generation when there's + * a chance neither gmp nor OpenSSL are installed) + * + * @var int + */ + private static $smallestPrime = 4096; + + /** + * Public Exponent + * + * @var Math\BigInteger + */ + protected $publicExponent; + + /** + * Sets the public exponent for key generation + * + * This will be 65537 unless changed. + * + * @param int $val + */ + public static function setExponent($val) + { + self::$defaultExponent = $val; + } + + /** + * Sets the smallest prime number in bits. Used for key generation + * + * This will be 4096 unless changed. + * + * @param int $val + */ + public static function setSmallestPrime($val) + { + self::$smallestPrime = $val; + } + + /** + * Sets the OpenSSL config file path + * + * Set to the empty string to use the default config file + * + * @param string $val + */ + public static function setOpenSSLConfigPath($val) + { + self::$configFile = $val; + } + + /** + * Create a private key + * + * The public key can be extracted from the private key + * + * @return PrivateKey + * @param int $bits + */ + public static function createKey($bits = 2048) + { + self::initialize_static_variables(); + + $class = new \ReflectionClass(static::class); + if ($class->isFinal()) { + throw new \RuntimeException('createKey() should not be called from final classes (' . static::class . ')'); + } + + $regSize = $bits >> 1; // divide by two to see how many bits P and Q would be + if ($regSize > self::$smallestPrime) { + $num_primes = floor($bits / self::$smallestPrime); + $regSize = self::$smallestPrime; + } else { + $num_primes = 2; + } + + if ($num_primes == 2 && $bits >= 384 && self::$defaultExponent == 65537) { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + + // OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum + if (self::$engines['OpenSSL']) { + $config = []; + if (self::$configFile) { + $config['config'] = self::$configFile; + } + $rsa = openssl_pkey_new(['private_key_bits' => $bits] + $config); + openssl_pkey_export($rsa, $privatekeystr, null, $config); + + // clear the buffer of error strings stemming from a minimalistic openssl.cnf + // https://github.com/php/php-src/issues/11054 talks about other errors this'll pick up + while (openssl_error_string() !== false) { + } + + return RSA::load($privatekeystr); + } + } + + static $e; + if (!isset($e)) { + $e = new BigInteger(self::$defaultExponent); + } + + $n = clone self::$one; + $exponents = $coefficients = $primes = []; + $lcm = [ + 'top' => clone self::$one, + 'bottom' => false + ]; + + do { + for ($i = 1; $i <= $num_primes; $i++) { + if ($i != $num_primes) { + $primes[$i] = BigInteger::randomPrime($regSize); + } else { + extract(BigInteger::minMaxBits($bits)); + /** @var BigInteger $min + * @var BigInteger $max + */ + list($min) = $min->divide($n); + $min = $min->add(self::$one); + list($max) = $max->divide($n); + $primes[$i] = BigInteger::randomRangePrime($min, $max); + } + + // the first coefficient is calculated differently from the rest + // ie. instead of being $primes[1]->modInverse($primes[2]), it's $primes[2]->modInverse($primes[1]) + if ($i > 2) { + $coefficients[$i] = $n->modInverse($primes[$i]); + } + + $n = $n->multiply($primes[$i]); + + $temp = $primes[$i]->subtract(self::$one); + + // textbook RSA implementations use Euler's totient function instead of the least common multiple. + // see http://en.wikipedia.org/wiki/Euler%27s_totient_function + $lcm['top'] = $lcm['top']->multiply($temp); + $lcm['bottom'] = $lcm['bottom'] === false ? $temp : $lcm['bottom']->gcd($temp); + } + + list($temp) = $lcm['top']->divide($lcm['bottom']); + $gcd = $temp->gcd($e); + $i0 = 1; + } while (!$gcd->equals(self::$one)); + + $coefficients[2] = $primes[2]->modInverse($primes[1]); + + $d = $e->modInverse($temp); + + foreach ($primes as $i => $prime) { + $temp = $prime->subtract(self::$one); + $exponents[$i] = $e->modInverse($temp); + } + + // from : + // RSAPrivateKey ::= SEQUENCE { + // version Version, + // modulus INTEGER, -- n + // publicExponent INTEGER, -- e + // privateExponent INTEGER, -- d + // prime1 INTEGER, -- p + // prime2 INTEGER, -- q + // exponent1 INTEGER, -- d mod (p-1) + // exponent2 INTEGER, -- d mod (q-1) + // coefficient INTEGER, -- (inverse of q) mod p + // otherPrimeInfos OtherPrimeInfos OPTIONAL + // } + $privatekey = new PrivateKey(); + $privatekey->modulus = $n; + $privatekey->k = $bits >> 3; + $privatekey->publicExponent = $e; + $privatekey->exponent = $d; + $privatekey->primes = $primes; + $privatekey->exponents = $exponents; + $privatekey->coefficients = $coefficients; + + /* + $publickey = new PublicKey; + $publickey->modulus = $n; + $publickey->k = $bits >> 3; + $publickey->exponent = $e; + $publickey->publicExponent = $e; + $publickey->isPublic = true; + */ + + return $privatekey; + } + + /** + * OnLoad Handler + * + * @return bool + */ + protected static function onLoad(array $components) + { + $key = $components['isPublicKey'] ? + new PublicKey() : + new PrivateKey(); + + $key->modulus = $components['modulus']; + $key->publicExponent = $components['publicExponent']; + $key->k = $key->modulus->getLengthInBytes(); + + if ($components['isPublicKey'] || !isset($components['privateExponent'])) { + $key->exponent = $key->publicExponent; + } else { + $key->privateExponent = $components['privateExponent']; + $key->exponent = $key->privateExponent; + $key->primes = $components['primes']; + $key->exponents = $components['exponents']; + $key->coefficients = $components['coefficients']; + } + + if ($components['format'] == PSS::class) { + // in the X509 world RSA keys are assumed to use PKCS1 padding by default. only if the key is + // explicitly a PSS key is the use of PSS assumed. phpseclib does not work like this. phpseclib + // uses PSS padding by default. it assumes the more secure method by default and altho it provides + // for the less secure PKCS1 method you have to go out of your way to use it. this is consistent + // with the latest trends in crypto. libsodium (NaCl) is actually a little more extreme in that + // not only does it defaults to the most secure methods - it doesn't even let you choose less + // secure methods + //$key = $key->withPadding(self::SIGNATURE_PSS); + if (isset($components['hash'])) { + $key = $key->withHash($components['hash']); + } + if (isset($components['MGFHash'])) { + $key = $key->withMGFHash($components['MGFHash']); + } + if (isset($components['saltLength'])) { + $key = $key->withSaltLength($components['saltLength']); + } + } + + return $key; + } + + /** + * Initialize static variables + */ + protected static function initialize_static_variables() + { + if (!isset(self::$configFile)) { + self::$configFile = dirname(__FILE__) . '/../openssl.cnf'; + } + + parent::initialize_static_variables(); + } + + /** + * Constructor + * + * PublicKey and PrivateKey objects can only be created from abstract RSA class + */ + protected function __construct() + { + parent::__construct(); + + $this->hLen = $this->hash->getLengthInBytes(); + $this->mgfHash = new Hash('sha256'); + $this->mgfHLen = $this->mgfHash->getLengthInBytes(); + } + + /** + * Integer-to-Octet-String primitive + * + * See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}. + * + * @param bool|Math\BigInteger $x + * @param int $xLen + * @return bool|string + */ + protected function i2osp($x, $xLen) + { + if ($x === false) { + return false; + } + $x = $x->toBytes(); + if (strlen($x) > $xLen) { + throw new \OutOfRangeException('Resultant string length out of range'); + } + return str_pad($x, $xLen, chr(0), STR_PAD_LEFT); + } + + /** + * Octet-String-to-Integer primitive + * + * See {@link http://tools.ietf.org/html/rfc3447#section-4.2 RFC3447#section-4.2}. + * + * @param string $x + * @return Math\BigInteger + */ + protected function os2ip($x) + { + return new BigInteger($x, 256); + } + + /** + * EMSA-PKCS1-V1_5-ENCODE + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.2 RFC3447#section-9.2}. + * + * @param string $m + * @param int $emLen + * @throws \LengthException if the intended encoded message length is too short + * @return string + */ + protected function emsa_pkcs1_v1_5_encode($m, $emLen) + { + $h = $this->hash->hash($m); + + // see http://tools.ietf.org/html/rfc3447#page-43 + switch ($this->hash->getHash()) { + case 'md2': + $t = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x02\x05\x00\x04\x10"; + break; + case 'md5': + $t = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10"; + break; + case 'sha1': + $t = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14"; + break; + case 'sha256': + $t = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20"; + break; + case 'sha384': + $t = "\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30"; + break; + case 'sha512': + $t = "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40"; + break; + // from https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf#page=40 + case 'sha224': + $t = "\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x05\x00\x04\x1c"; + break; + case 'sha512/224': + $t = "\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x05\x05\x00\x04\x1c"; + break; + case 'sha512/256': + $t = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x06\x05\x00\x04\x20"; + } + $t .= $h; + $tLen = strlen($t); + + if ($emLen < $tLen + 11) { + throw new \LengthException('Intended encoded message length too short'); + } + + $ps = str_repeat(chr(0xFF), $emLen - $tLen - 3); + + $em = "\0\1$ps\0$t"; + + return $em; + } + + /** + * EMSA-PKCS1-V1_5-ENCODE (without NULL) + * + * Quoting https://tools.ietf.org/html/rfc8017#page-65, + * + * "The parameters field associated with id-sha1, id-sha224, id-sha256, + * id-sha384, id-sha512, id-sha512/224, and id-sha512/256 should + * generally be omitted, but if present, it shall have a value of type + * NULL" + * + * @param string $m + * @param int $emLen + * @return string + */ + protected function emsa_pkcs1_v1_5_encode_without_null($m, $emLen) + { + $h = $this->hash->hash($m); + + // see http://tools.ietf.org/html/rfc3447#page-43 + switch ($this->hash->getHash()) { + case 'sha1': + $t = "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14"; + break; + case 'sha256': + $t = "\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x04\x20"; + break; + case 'sha384': + $t = "\x30\x3f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x04\x30"; + break; + case 'sha512': + $t = "\x30\x4f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x04\x40"; + break; + // from https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf#page=40 + case 'sha224': + $t = "\x30\x2b\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x04\x1c"; + break; + case 'sha512/224': + $t = "\x30\x2b\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x05\x04\x1c"; + break; + case 'sha512/256': + $t = "\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x06\x04\x20"; + break; + default: + throw new UnsupportedAlgorithmException('md2 and md5 require NULLs'); + } + $t .= $h; + $tLen = strlen($t); + + if ($emLen < $tLen + 11) { + throw new \LengthException('Intended encoded message length too short'); + } + + $ps = str_repeat(chr(0xFF), $emLen - $tLen - 3); + + $em = "\0\1$ps\0$t"; + + return $em; + } + + /** + * MGF1 + * + * See {@link http://tools.ietf.org/html/rfc3447#appendix-B.2.1 RFC3447#appendix-B.2.1}. + * + * @param string $mgfSeed + * @param int $maskLen + * @return string + */ + protected function mgf1($mgfSeed, $maskLen) + { + // if $maskLen would yield strings larger than 4GB, PKCS#1 suggests a "Mask too long" error be output. + + $t = ''; + $count = ceil($maskLen / $this->mgfHLen); + for ($i = 0; $i < $count; $i++) { + $c = pack('N', $i); + $t .= $this->mgfHash->hash($mgfSeed . $c); + } + + return substr($t, 0, $maskLen); + } + + /** + * Returns the key size + * + * More specifically, this returns the size of the modulo in bits. + * + * @return int + */ + public function getLength() + { + return !isset($this->modulus) ? 0 : $this->modulus->getLength(); + } + + /** + * Determines which hashing function should be used + * + * Used with signature production / verification and (if the encryption mode is self::PADDING_OAEP) encryption and + * decryption. + * + * @param string $hash + */ + public function withHash($hash) + { + $new = clone $this; + + // Crypt\Hash supports algorithms that PKCS#1 doesn't support. md5-96 and sha1-96, for example. + switch (strtolower($hash)) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha256': + case 'sha384': + case 'sha512': + case 'sha224': + case 'sha512/224': + case 'sha512/256': + $new->hash = new Hash($hash); + break; + default: + throw new UnsupportedAlgorithmException( + 'The only supported hash algorithms are: md2, md5, sha1, sha256, sha384, sha512, sha224, sha512/224, sha512/256' + ); + } + $new->hLen = $new->hash->getLengthInBytes(); + + return $new; + } + + /** + * Determines which hashing function should be used for the mask generation function + * + * The mask generation function is used by self::PADDING_OAEP and self::PADDING_PSS and although it's + * best if Hash and MGFHash are set to the same thing this is not a requirement. + * + * @param string $hash + */ + public function withMGFHash($hash) + { + $new = clone $this; + + // Crypt\Hash supports algorithms that PKCS#1 doesn't support. md5-96 and sha1-96, for example. + switch (strtolower($hash)) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha256': + case 'sha384': + case 'sha512': + case 'sha224': + case 'sha512/224': + case 'sha512/256': + $new->mgfHash = new Hash($hash); + break; + default: + throw new UnsupportedAlgorithmException( + 'The only supported hash algorithms are: md2, md5, sha1, sha256, sha384, sha512, sha224, sha512/224, sha512/256' + ); + } + $new->mgfHLen = $new->mgfHash->getLengthInBytes(); + + return $new; + } + + /** + * Returns the MGF hash algorithm currently being used + * + */ + public function getMGFHash() + { + return clone $this->mgfHash; + } + + /** + * Determines the salt length + * + * Used by RSA::PADDING_PSS + * + * To quote from {@link http://tools.ietf.org/html/rfc3447#page-38 RFC3447#page-38}: + * + * Typical salt lengths in octets are hLen (the length of the output + * of the hash function Hash) and 0. + * + * @param int $sLen + */ + public function withSaltLength($sLen) + { + $new = clone $this; + $new->sLen = $sLen; + return $new; + } + + /** + * Returns the salt length currently being used + * + */ + public function getSaltLength() + { + return $this->sLen !== null ? $this->sLen : $this->hLen; + } + + /** + * Determines the label + * + * Used by RSA::PADDING_OAEP + * + * To quote from {@link http://tools.ietf.org/html/rfc3447#page-17 RFC3447#page-17}: + * + * Both the encryption and the decryption operations of RSAES-OAEP take + * the value of a label L as input. In this version of PKCS #1, L is + * the empty string; other uses of the label are outside the scope of + * this document. + * + * @param string $label + */ + public function withLabel($label) + { + $new = clone $this; + $new->label = $label; + return $new; + } + + /** + * Returns the label currently being used + * + */ + public function getLabel() + { + return $this->label; + } + + /** + * Determines the padding modes + * + * Example: $key->withPadding(RSA::ENCRYPTION_PKCS1 | RSA::SIGNATURE_PKCS1); + * + * @param int $padding + */ + public function withPadding($padding) + { + $masks = [ + self::ENCRYPTION_OAEP, + self::ENCRYPTION_PKCS1, + self::ENCRYPTION_NONE + ]; + $encryptedCount = 0; + $selected = 0; + foreach ($masks as $mask) { + if ($padding & $mask) { + $selected = $mask; + $encryptedCount++; + } + } + if ($encryptedCount > 1) { + throw new InconsistentSetupException('Multiple encryption padding modes have been selected; at most only one should be selected'); + } + $encryptionPadding = $selected; + + $masks = [ + self::SIGNATURE_PSS, + self::SIGNATURE_RELAXED_PKCS1, + self::SIGNATURE_PKCS1 + ]; + $signatureCount = 0; + $selected = 0; + foreach ($masks as $mask) { + if ($padding & $mask) { + $selected = $mask; + $signatureCount++; + } + } + if ($signatureCount > 1) { + throw new InconsistentSetupException('Multiple signature padding modes have been selected; at most only one should be selected'); + } + $signaturePadding = $selected; + + $new = clone $this; + if ($encryptedCount) { + $new->encryptionPadding = $encryptionPadding; + } + if ($signatureCount) { + $new->signaturePadding = $signaturePadding; + } + return $new; + } + + /** + * Returns the padding currently being used + * + */ + public function getPadding() + { + return $this->signaturePadding | $this->encryptionPadding; + } + + /** + * Returns the current engine being used + * + * OpenSSL is only used in this class (and it's subclasses) for key generation + * Even then it depends on the parameters you're using. It's not used for + * multi-prime RSA nor is it used if the key length is outside of the range + * supported by OpenSSL + * + * @see self::useInternalEngine() + * @see self::useBestEngine() + * @return string + */ + public function getEngine() + { + if (!isset(self::$engines['PHP'])) { + self::useBestEngine(); + } + return self::$engines['OpenSSL'] && self::$defaultExponent == 65537 ? + 'OpenSSL' : + 'PHP'; + } + + /** + * Enable RSA Blinding + * + */ + public static function enableBlinding() + { + static::$enableBlinding = true; + } + + /** + * Disable RSA Blinding + * + */ + public static function disableBlinding() + { + static::$enableBlinding = false; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/JWK.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/JWK.php new file mode 100644 index 0000000..6dcf1cb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/JWK.php @@ -0,0 +1,142 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\JWK as Progenitor; +use phpseclib3\Math\BigInteger; + +/** + * JWK Formatted RSA Handler + * + * @author Jim Wigginton + */ +abstract class JWK extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $key = parent::load($key, $password); + + if ($key->kty != 'RSA') { + throw new \RuntimeException('Only RSA JWK keys are supported'); + } + + $count = $publicCount = 0; + $vars = ['n', 'e', 'd', 'p', 'q', 'dp', 'dq', 'qi']; + foreach ($vars as $var) { + if (!isset($key->$var) || !is_string($key->$var)) { + continue; + } + $count++; + $value = new BigInteger(Strings::base64url_decode($key->$var), 256); + switch ($var) { + case 'n': + $publicCount++; + $components['modulus'] = $value; + break; + case 'e': + $publicCount++; + $components['publicExponent'] = $value; + break; + case 'd': + $components['privateExponent'] = $value; + break; + case 'p': + $components['primes'][1] = $value; + break; + case 'q': + $components['primes'][2] = $value; + break; + case 'dp': + $components['exponents'][1] = $value; + break; + case 'dq': + $components['exponents'][2] = $value; + break; + case 'qi': + $components['coefficients'][2] = $value; + } + } + + if ($count == count($vars)) { + return $components + ['isPublicKey' => false]; + } + + if ($count == 2 && $publicCount == 2) { + return $components + ['isPublicKey' => true]; + } + + throw new \UnexpectedValueException('Key does not have an appropriate number of RSA parameters'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = []) + { + if (count($primes) != 2) { + throw new \InvalidArgumentException('JWK does not support multi-prime RSA keys'); + } + + $key = [ + 'kty' => 'RSA', + 'n' => Strings::base64url_encode($n->toBytes()), + 'e' => Strings::base64url_encode($e->toBytes()), + 'd' => Strings::base64url_encode($d->toBytes()), + 'p' => Strings::base64url_encode($primes[1]->toBytes()), + 'q' => Strings::base64url_encode($primes[2]->toBytes()), + 'dp' => Strings::base64url_encode($exponents[1]->toBytes()), + 'dq' => Strings::base64url_encode($exponents[2]->toBytes()), + 'qi' => Strings::base64url_encode($coefficients[2]->toBytes()) + ]; + + return self::wrapKey($key, $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @param array $options optional + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []) + { + $key = [ + 'kty' => 'RSA', + 'n' => Strings::base64url_encode($n->toBytes()), + 'e' => Strings::base64url_encode($e->toBytes()) + ]; + + return self::wrapKey($key, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php new file mode 100644 index 0000000..b60e48e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php @@ -0,0 +1,228 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Microsoft BLOB Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class MSBLOB +{ + /** + * Public/Private Key Pair + * + */ + const PRIVATEKEYBLOB = 0x7; + /** + * Public Key + * + */ + const PUBLICKEYBLOB = 0x6; + /** + * Public Key + * + */ + const PUBLICKEYBLOBEX = 0xA; + /** + * RSA public key exchange algorithm + * + */ + const CALG_RSA_KEYX = 0x0000A400; + /** + * RSA public key exchange algorithm + * + */ + const CALG_RSA_SIGN = 0x00002400; + /** + * Public Key + * + */ + const RSA1 = 0x31415352; + /** + * Private Key + * + */ + const RSA2 = 0x32415352; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $key = Strings::base64_decode($key); + + if (!is_string($key)) { + throw new \UnexpectedValueException('Base64 decoding produced an error'); + } + if (strlen($key) < 20) { + throw new \UnexpectedValueException('Key appears to be malformed'); + } + + // PUBLICKEYSTRUC publickeystruc + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa387453(v=vs.85).aspx + extract(unpack('atype/aversion/vreserved/Valgo', Strings::shift($key, 8))); + /** + * @var string $type + * @var string $version + * @var integer $reserved + * @var integer $algo + */ + switch (ord($type)) { + case self::PUBLICKEYBLOB: + case self::PUBLICKEYBLOBEX: + $publickey = true; + break; + case self::PRIVATEKEYBLOB: + $publickey = false; + break; + default: + throw new \UnexpectedValueException('Key appears to be malformed'); + } + + $components = ['isPublicKey' => $publickey]; + + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549(v=vs.85).aspx + switch ($algo) { + case self::CALG_RSA_KEYX: + case self::CALG_RSA_SIGN: + break; + default: + throw new \UnexpectedValueException('Key appears to be malformed'); + } + + // RSAPUBKEY rsapubkey + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa387685(v=vs.85).aspx + // could do V for pubexp but that's unsigned 32-bit whereas some PHP installs only do signed 32-bit + extract(unpack('Vmagic/Vbitlen/a4pubexp', Strings::shift($key, 12))); + /** + * @var integer $magic + * @var integer $bitlen + * @var string $pubexp + */ + switch ($magic) { + case self::RSA2: + $components['isPublicKey'] = false; + // fall-through + case self::RSA1: + break; + default: + throw new \UnexpectedValueException('Key appears to be malformed'); + } + + $baseLength = $bitlen / 16; + if (strlen($key) != 2 * $baseLength && strlen($key) != 9 * $baseLength) { + throw new \UnexpectedValueException('Key appears to be malformed'); + } + + $components[$components['isPublicKey'] ? 'publicExponent' : 'privateExponent'] = new BigInteger(strrev($pubexp), 256); + // BYTE modulus[rsapubkey.bitlen/8] + $components['modulus'] = new BigInteger(strrev(Strings::shift($key, $bitlen / 8)), 256); + + if ($publickey) { + return $components; + } + + $components['isPublicKey'] = false; + + // BYTE prime1[rsapubkey.bitlen/16] + $components['primes'] = [1 => new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256)]; + // BYTE prime2[rsapubkey.bitlen/16] + $components['primes'][] = new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256); + // BYTE exponent1[rsapubkey.bitlen/16] + $components['exponents'] = [1 => new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256)]; + // BYTE exponent2[rsapubkey.bitlen/16] + $components['exponents'][] = new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256); + // BYTE coefficient[rsapubkey.bitlen/16] + $components['coefficients'] = [2 => new BigInteger(strrev(Strings::shift($key, $bitlen / 16)), 256)]; + if (isset($components['privateExponent'])) { + $components['publicExponent'] = $components['privateExponent']; + } + // BYTE privateExponent[rsapubkey.bitlen/8] + $components['privateExponent'] = new BigInteger(strrev(Strings::shift($key, $bitlen / 8)), 256); + + return $components; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '') + { + if (count($primes) != 2) { + throw new \InvalidArgumentException('MSBLOB does not support multi-prime RSA keys'); + } + + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('MSBLOB private keys do not support encryption'); + } + + $n = strrev($n->toBytes()); + $e = str_pad(strrev($e->toBytes()), 4, "\0"); + $key = pack('aavV', chr(self::PRIVATEKEYBLOB), chr(2), 0, self::CALG_RSA_KEYX); + $key .= pack('VVa*', self::RSA2, 8 * strlen($n), $e); + $key .= $n; + $key .= strrev($primes[1]->toBytes()); + $key .= strrev($primes[2]->toBytes()); + $key .= strrev($exponents[1]->toBytes()); + $key .= strrev($exponents[2]->toBytes()); + $key .= strrev($coefficients[2]->toBytes()); + $key .= strrev($d->toBytes()); + + return Strings::base64_encode($key); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e) + { + $n = strrev($n->toBytes()); + $e = str_pad(strrev($e->toBytes()), 4, "\0"); + $key = pack('aavV', chr(self::PUBLICKEYBLOB), chr(2), 0, self::CALG_RSA_KEYX); + $key .= pack('VVa*', self::RSA1, 8 * strlen($n), $e); + $key .= $n; + + return Strings::base64_encode($key); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/OpenSSH.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/OpenSSH.php new file mode 100644 index 0000000..ca74ea4 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/OpenSSH.php @@ -0,0 +1,132 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\OpenSSH as Progenitor; +use phpseclib3\Math\BigInteger; + +/** + * OpenSSH Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class OpenSSH extends Progenitor +{ + /** + * Supported Key Types + * + * @var array + */ + protected static $types = ['ssh-rsa']; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + $parsed = parent::load($key, $password); + + if (isset($parsed['paddedKey'])) { + list($type) = Strings::unpackSSH2('s', $parsed['paddedKey']); + if ($type != $parsed['type']) { + throw new \RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])"); + } + + $primes = $coefficients = []; + + list( + $modulus, + $publicExponent, + $privateExponent, + $coefficients[2], + $primes[1], + $primes[2], + $comment, + ) = Strings::unpackSSH2('i6s', $parsed['paddedKey']); + + $temp = $primes[1]->subtract($one); + $exponents = [1 => $publicExponent->modInverse($temp)]; + $temp = $primes[2]->subtract($one); + $exponents[] = $publicExponent->modInverse($temp); + + $isPublicKey = false; + + return compact('publicExponent', 'modulus', 'privateExponent', 'primes', 'coefficients', 'exponents', 'comment', 'isPublicKey'); + } + + list($publicExponent, $modulus) = Strings::unpackSSH2('ii', $parsed['publicKey']); + + return [ + 'isPublicKey' => true, + 'modulus' => $modulus, + 'publicExponent' => $publicExponent, + 'comment' => $parsed['comment'] + ]; + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @param array $options optional + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []) + { + $RSAPublicKey = Strings::packSSH2('sii', 'ssh-rsa', $e, $n); + + if (isset($options['binary']) ? $options['binary'] : self::$binary) { + return $RSAPublicKey; + } + + $comment = isset($options['comment']) ? $options['comment'] : self::$comment; + $RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . $comment; + + return $RSAPublicKey; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = []) + { + $publicKey = self::savePublicKey($n, $e, ['binary' => true]); + $privateKey = Strings::packSSH2('si6', 'ssh-rsa', $n, $e, $d, $coefficients[2], $primes[1], $primes[2]); + + return self::wrapPrivateKey($publicKey, $privateKey, $password, $options); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PKCS1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PKCS1.php new file mode 100644 index 0000000..7633556 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PKCS1.php @@ -0,0 +1,160 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#1 Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS1 extends Progenitor +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (strpos($key, 'PUBLIC') !== false) { + $components = ['isPublicKey' => true]; + } elseif (strpos($key, 'PRIVATE') !== false) { + $components = ['isPublicKey' => false]; + } else { + $components = []; + } + + $key = parent::load($key, $password); + + $decoded = ASN1::decodeBER($key); + if (!$decoded) { + throw new \RuntimeException('Unable to decode BER'); + } + + $key = ASN1::asn1map($decoded[0], Maps\RSAPrivateKey::MAP); + if (is_array($key)) { + $components += [ + 'modulus' => $key['modulus'], + 'publicExponent' => $key['publicExponent'], + 'privateExponent' => $key['privateExponent'], + 'primes' => [1 => $key['prime1'], $key['prime2']], + 'exponents' => [1 => $key['exponent1'], $key['exponent2']], + 'coefficients' => [2 => $key['coefficient']] + ]; + if ($key['version'] == 'multi') { + foreach ($key['otherPrimeInfos'] as $primeInfo) { + $components['primes'][] = $primeInfo['prime']; + $components['exponents'][] = $primeInfo['exponent']; + $components['coefficients'][] = $primeInfo['coefficient']; + } + } + if (!isset($components['isPublicKey'])) { + $components['isPublicKey'] = false; + } + return $components; + } + + $key = ASN1::asn1map($decoded[0], Maps\RSAPublicKey::MAP); + + if (!is_array($key)) { + throw new \RuntimeException('Unable to perform ASN1 mapping'); + } + + if (!isset($components['isPublicKey'])) { + $components['isPublicKey'] = true; + } + + return $components + $key; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = []) + { + $num_primes = count($primes); + $key = [ + 'version' => $num_primes == 2 ? 'two-prime' : 'multi', + 'modulus' => $n, + 'publicExponent' => $e, + 'privateExponent' => $d, + 'prime1' => $primes[1], + 'prime2' => $primes[2], + 'exponent1' => $exponents[1], + 'exponent2' => $exponents[2], + 'coefficient' => $coefficients[2] + ]; + for ($i = 3; $i <= $num_primes; $i++) { + $key['otherPrimeInfos'][] = [ + 'prime' => $primes[$i], + 'exponent' => $exponents[$i], + 'coefficient' => $coefficients[$i] + ]; + } + + $key = ASN1::encodeDER($key, Maps\RSAPrivateKey::MAP); + + return self::wrapPrivateKey($key, 'RSA', $password, $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e) + { + $key = [ + 'modulus' => $n, + 'publicExponent' => $e + ]; + + $key = ASN1::encodeDER($key, Maps\RSAPublicKey::MAP); + + return self::wrapPublicKey($key, 'RSA'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PKCS8.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PKCS8.php new file mode 100644 index 0000000..53918bc --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PKCS8.php @@ -0,0 +1,122 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PKCS8 extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + const OID_NAME = 'rsaEncryption'; + + /** + * OID Value + * + * @var string + */ + const OID_VALUE = '1.2.840.113549.1.1.1'; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + $key = parent::load($key, $password); + + if (isset($key['privateKey'])) { + $components['isPublicKey'] = false; + $type = 'private'; + } else { + $components['isPublicKey'] = true; + $type = 'public'; + } + + $result = $components + PKCS1::load($key[$type . 'Key']); + + if (isset($key['meta'])) { + $result['meta'] = $key['meta']; + } + + return $result; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = []) + { + $key = PKCS1::savePrivateKey($n, $e, $d, $primes, $exponents, $coefficients); + $key = ASN1::extractBER($key); + return self::wrapPrivateKey($key, [], null, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @param array $options optional + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []) + { + $key = PKCS1::savePublicKey($n, $e); + $key = ASN1::extractBER($key); + return self::wrapPublicKey($key, null); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PSS.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PSS.php new file mode 100644 index 0000000..bf51bcf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PSS.php @@ -0,0 +1,238 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * PKCS#8 Formatted RSA-PSS Key Handler + * + * @author Jim Wigginton + */ +abstract class PSS extends Progenitor +{ + /** + * OID Name + * + * @var string + */ + const OID_NAME = 'id-RSASSA-PSS'; + + /** + * OID Value + * + * @var string + */ + const OID_VALUE = '1.2.840.113549.1.1.10'; + + /** + * OIDs loaded + * + * @var bool + */ + private static $oidsLoaded = false; + + /** + * Child OIDs loaded + * + * @var bool + */ + protected static $childOIDsLoaded = false; + + /** + * Initialize static variables + */ + private static function initialize_static_variables() + { + if (!self::$oidsLoaded) { + ASN1::loadOIDs([ + 'md2' => '1.2.840.113549.2.2', + 'md4' => '1.2.840.113549.2.4', + 'md5' => '1.2.840.113549.2.5', + 'id-sha1' => '1.3.14.3.2.26', + 'id-sha256' => '2.16.840.1.101.3.4.2.1', + 'id-sha384' => '2.16.840.1.101.3.4.2.2', + 'id-sha512' => '2.16.840.1.101.3.4.2.3', + 'id-sha224' => '2.16.840.1.101.3.4.2.4', + 'id-sha512/224' => '2.16.840.1.101.3.4.2.5', + 'id-sha512/256' => '2.16.840.1.101.3.4.2.6', + + 'id-mgf1' => '1.2.840.113549.1.1.8' + ]); + self::$oidsLoaded = true; + } + } + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + self::initialize_static_variables(); + + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + $components = ['isPublicKey' => strpos($key, 'PUBLIC') !== false]; + + $key = parent::load($key, $password); + + $type = isset($key['privateKey']) ? 'private' : 'public'; + + $result = $components + PKCS1::load($key[$type . 'Key']); + + if (isset($key[$type . 'KeyAlgorithm']['parameters'])) { + $decoded = ASN1::decodeBER($key[$type . 'KeyAlgorithm']['parameters']); + if ($decoded === false) { + throw new \UnexpectedValueException('Unable to decode parameters'); + } + $params = ASN1::asn1map($decoded[0], Maps\RSASSA_PSS_params::MAP); + } else { + $params = []; + } + + if (isset($params['maskGenAlgorithm']['parameters'])) { + $decoded = ASN1::decodeBER($params['maskGenAlgorithm']['parameters']); + if ($decoded === false) { + throw new \UnexpectedValueException('Unable to decode parameters'); + } + $params['maskGenAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], Maps\HashAlgorithm::MAP); + } else { + $params['maskGenAlgorithm'] = [ + 'algorithm' => 'id-mgf1', + 'parameters' => ['algorithm' => 'id-sha1'] + ]; + } + + if (!isset($params['hashAlgorithm']['algorithm'])) { + $params['hashAlgorithm']['algorithm'] = 'id-sha1'; + } + + $result['hash'] = str_replace('id-', '', $params['hashAlgorithm']['algorithm']); + $result['MGFHash'] = str_replace('id-', '', $params['maskGenAlgorithm']['parameters']['algorithm']); + if (isset($params['saltLength'])) { + $result['saltLength'] = (int) $params['saltLength']->toString(); + } + + if (isset($key['meta'])) { + $result['meta'] = $key['meta']; + } + + return $result; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = []) + { + self::initialize_static_variables(); + + $key = PKCS1::savePrivateKey($n, $e, $d, $primes, $exponents, $coefficients); + $key = ASN1::extractBER($key); + $params = self::savePSSParams($options); + return self::wrapPrivateKey($key, [], $params, $password, null, '', $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @param array $options optional + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []) + { + self::initialize_static_variables(); + + $key = PKCS1::savePublicKey($n, $e); + $key = ASN1::extractBER($key); + $params = self::savePSSParams($options); + return self::wrapPublicKey($key, $params); + } + + /** + * Encodes PSS parameters + * + * @param array $options + * @return string + */ + public static function savePSSParams(array $options) + { + /* + The trailerField field is an integer. It provides + compatibility with IEEE Std 1363a-2004 [P1363A]. The value + MUST be 1, which represents the trailer field with hexadecimal + value 0xBC. Other trailer fields, including the trailer field + composed of HashID concatenated with 0xCC that is specified in + IEEE Std 1363a, are not supported. Implementations that + perform signature generation MUST omit the trailerField field, + indicating that the default trailer field value was used. + Implementations that perform signature validation MUST + recognize both a present trailerField field with value 1 and an + absent trailerField field. + + source: https://tools.ietf.org/html/rfc4055#page-9 + */ + $params = [ + 'trailerField' => new BigInteger(1) + ]; + if (isset($options['hash'])) { + $params['hashAlgorithm']['algorithm'] = 'id-' . $options['hash']; + } + if (isset($options['MGFHash'])) { + $temp = ['algorithm' => 'id-' . $options['MGFHash']]; + $temp = ASN1::encodeDER($temp, Maps\HashAlgorithm::MAP); + $params['maskGenAlgorithm'] = [ + 'algorithm' => 'id-mgf1', + 'parameters' => new ASN1\Element($temp) + ]; + } + if (isset($options['saltLength'])) { + $params['saltLength'] = new BigInteger($options['saltLength']); + } + + return new ASN1\Element(ASN1::encodeDER($params, Maps\RSASSA_PSS_params::MAP)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PuTTY.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PuTTY.php new file mode 100644 index 0000000..293903c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PuTTY.php @@ -0,0 +1,121 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\Formats\Keys\PuTTY as Progenitor; +use phpseclib3\Math\BigInteger; + +/** + * PuTTY Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class PuTTY extends Progenitor +{ + /** + * Public Handler + * + * @var string + */ + const PUBLIC_HANDLER = 'phpseclib3\Crypt\RSA\Formats\Keys\OpenSSH'; + + /** + * Algorithm Identifier + * + * @var array + */ + protected static $types = ['ssh-rsa']; + + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + $components = parent::load($key, $password); + if (!isset($components['private'])) { + return $components; + } + extract($components); + unset($components['public'], $components['private']); + + $isPublicKey = false; + + $result = Strings::unpackSSH2('ii', $public); + if ($result === false) { + throw new \UnexpectedValueException('Key appears to be malformed'); + } + list($publicExponent, $modulus) = $result; + + $result = Strings::unpackSSH2('iiii', $private); + if ($result === false) { + throw new \UnexpectedValueException('Key appears to be malformed'); + } + $primes = $coefficients = []; + list($privateExponent, $primes[1], $primes[2], $coefficients[2]) = $result; + + $temp = $primes[1]->subtract($one); + $exponents = [1 => $publicExponent->modInverse($temp)]; + $temp = $primes[2]->subtract($one); + $exponents[] = $publicExponent->modInverse($temp); + + return compact('publicExponent', 'modulus', 'privateExponent', 'primes', 'coefficients', 'exponents', 'comment', 'isPublicKey'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @param array $options optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = []) + { + if (count($primes) != 2) { + throw new \InvalidArgumentException('PuTTY does not support multi-prime RSA keys'); + } + + $public = Strings::packSSH2('ii', $e, $n); + $private = Strings::packSSH2('iiii', $d, $primes[1], $primes[2], $coefficients[2]); + + return self::wrapPrivateKey($public, $private, 'ssh-rsa', $password, $options); + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e) + { + return self::wrapPublicKey(Strings::packSSH2('ii', $e, $n), 'ssh-rsa'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/Raw.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/Raw.php new file mode 100644 index 0000000..55c7ccd --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/Raw.php @@ -0,0 +1,184 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Math\BigInteger; + +/** + * Raw RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class Raw +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + if (!is_array($key)) { + throw new \UnexpectedValueException('Key should be a array - not a ' . gettype($key)); + } + + $key = array_change_key_case($key, CASE_LOWER); + + $components = ['isPublicKey' => false]; + + foreach (['e', 'exponent', 'publicexponent', 0, 'privateexponent', 'd'] as $index) { + if (isset($key[$index])) { + $components['publicExponent'] = $key[$index]; + break; + } + } + + foreach (['n', 'modulo', 'modulus', 1] as $index) { + if (isset($key[$index])) { + $components['modulus'] = $key[$index]; + break; + } + } + + if (!isset($components['publicExponent']) || !isset($components['modulus'])) { + throw new \UnexpectedValueException('Modulus / exponent not present'); + } + + if (isset($key['primes'])) { + $components['primes'] = $key['primes']; + } elseif (isset($key['p']) && isset($key['q'])) { + $indices = [ + ['p', 'q'], + ['prime1', 'prime2'] + ]; + foreach ($indices as $index) { + list($i0, $i1) = $index; + if (isset($key[$i0]) && isset($key[$i1])) { + $components['primes'] = [1 => $key[$i0], $key[$i1]]; + } + } + } + + if (isset($key['exponents'])) { + $components['exponents'] = $key['exponents']; + } else { + $indices = [ + ['dp', 'dq'], + ['exponent1', 'exponent2'] + ]; + foreach ($indices as $index) { + list($i0, $i1) = $index; + if (isset($key[$i0]) && isset($key[$i1])) { + $components['exponents'] = [1 => $key[$i0], $key[$i1]]; + } + } + } + + if (isset($key['coefficients'])) { + $components['coefficients'] = $key['coefficients']; + } else { + foreach (['inverseq', 'q\'', 'coefficient'] as $index) { + if (isset($key[$index])) { + $components['coefficients'] = [2 => $key[$index]]; + } + } + } + + if (!isset($components['primes'])) { + $components['isPublicKey'] = true; + return $components; + } + + if (!isset($components['exponents'])) { + $one = new BigInteger(1); + $temp = $components['primes'][1]->subtract($one); + $exponents = [1 => $components['publicExponent']->modInverse($temp)]; + $temp = $components['primes'][2]->subtract($one); + $exponents[] = $components['publicExponent']->modInverse($temp); + $components['exponents'] = $exponents; + } + + if (!isset($components['coefficients'])) { + $components['coefficients'] = [2 => $components['primes'][2]->modInverse($components['primes'][1])]; + } + + foreach (['privateexponent', 'd'] as $index) { + if (isset($key[$index])) { + $components['privateExponent'] = $key[$index]; + break; + } + } + + return $components; + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @param array $options optional + * @return array + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = []) + { + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('Raw private keys do not support encryption'); + } + + return [ + 'e' => clone $e, + 'n' => clone $n, + 'd' => clone $d, + 'primes' => array_map(function ($var) { + return clone $var; + }, $primes), + 'exponents' => array_map(function ($var) { + return clone $var; + }, $exponents), + 'coefficients' => array_map(function ($var) { + return clone $var; + }, $coefficients) + ]; + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @return array + */ + public static function savePublicKey(BigInteger $n, BigInteger $e) + { + return ['e' => clone $e, 'n' => clone $n]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/XML.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/XML.php new file mode 100644 index 0000000..d569dea --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/XML.php @@ -0,0 +1,171 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA\Formats\Keys; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * XML Formatted RSA Key Handler + * + * @author Jim Wigginton + */ +abstract class XML +{ + /** + * Break a public or private key down into its constituent components + * + * @param string $key + * @param string $password optional + * @return array + */ + public static function load($key, $password = '') + { + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (!class_exists('DOMDocument')) { + throw new BadConfigurationException('The dom extension is not setup correctly on this system'); + } + + $components = [ + 'isPublicKey' => false, + 'primes' => [], + 'exponents' => [], + 'coefficients' => [] + ]; + + $use_errors = libxml_use_internal_errors(true); + + $dom = new \DOMDocument(); + if (substr($key, 0, 5) != '' . $key . ''; + } + if (!$dom->loadXML($key)) { + libxml_use_internal_errors($use_errors); + throw new \UnexpectedValueException('Key does not appear to contain XML'); + } + $xpath = new \DOMXPath($dom); + $keys = ['modulus', 'exponent', 'p', 'q', 'dp', 'dq', 'inverseq', 'd']; + foreach ($keys as $key) { + // $dom->getElementsByTagName($key) is case-sensitive + $temp = $xpath->query("//*[translate(local-name(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='$key']"); + if (!$temp->length) { + continue; + } + $value = new BigInteger(Strings::base64_decode($temp->item(0)->nodeValue), 256); + switch ($key) { + case 'modulus': + $components['modulus'] = $value; + break; + case 'exponent': + $components['publicExponent'] = $value; + break; + case 'p': + $components['primes'][1] = $value; + break; + case 'q': + $components['primes'][2] = $value; + break; + case 'dp': + $components['exponents'][1] = $value; + break; + case 'dq': + $components['exponents'][2] = $value; + break; + case 'inverseq': + $components['coefficients'][2] = $value; + break; + case 'd': + $components['privateExponent'] = $value; + } + } + + libxml_use_internal_errors($use_errors); + + foreach ($components as $key => $value) { + if (is_array($value) && !count($value)) { + unset($components[$key]); + } + } + + if (isset($components['modulus']) && isset($components['publicExponent'])) { + if (count($components) == 3) { + $components['isPublicKey'] = true; + } + return $components; + } + + throw new \UnexpectedValueException('Modulus / exponent not present'); + } + + /** + * Convert a private key to the appropriate format. + * + * @param BigInteger $n + * @param BigInteger $e + * @param BigInteger $d + * @param array $primes + * @param array $exponents + * @param array $coefficients + * @param string $password optional + * @return string + */ + public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '') + { + if (count($primes) != 2) { + throw new \InvalidArgumentException('XML does not support multi-prime RSA keys'); + } + + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('XML private keys do not support encryption'); + } + + return "\r\n" . + ' ' . Strings::base64_encode($n->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($e->toBytes()) . "\r\n" . + '

' . Strings::base64_encode($primes[1]->toBytes()) . "

\r\n" . + ' ' . Strings::base64_encode($primes[2]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($exponents[1]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($exponents[2]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($coefficients[2]->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($d->toBytes()) . "\r\n" . + ''; + } + + /** + * Convert a public key to the appropriate format + * + * @param BigInteger $n + * @param BigInteger $e + * @return string + */ + public static function savePublicKey(BigInteger $n, BigInteger $e) + { + return "\r\n" . + ' ' . Strings::base64_encode($n->toBytes()) . "\r\n" . + ' ' . Strings::base64_encode($e->toBytes()) . "\r\n" . + ''; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PrivateKey.php new file mode 100644 index 0000000..8c828b3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PrivateKey.php @@ -0,0 +1,530 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA; + +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\Math\BigInteger; + +/** + * Raw RSA Key Handler + * + * @author Jim Wigginton + */ +final class PrivateKey extends RSA implements Common\PrivateKey +{ + use Common\Traits\PasswordProtected; + + /** + * Primes for Chinese Remainder Theorem (ie. p and q) + * + * @var array + */ + protected $primes; + + /** + * Exponents for Chinese Remainder Theorem (ie. dP and dQ) + * + * @var array + */ + protected $exponents; + + /** + * Coefficients for Chinese Remainder Theorem (ie. qInv) + * + * @var array + */ + protected $coefficients; + + /** + * Private Exponent + * + * @var BigInteger + */ + protected $privateExponent; + + /** + * RSADP + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.2 RFC3447#section-5.1.2}. + * + * @return bool|BigInteger + */ + private function rsadp(BigInteger $c) + { + if ($c->compare(self::$zero) < 0 || $c->compare($this->modulus) > 0) { + throw new \OutOfRangeException('Ciphertext representative out of range'); + } + return $this->exponentiate($c); + } + + /** + * RSASP1 + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.1 RFC3447#section-5.2.1}. + * + * @return bool|BigInteger + */ + private function rsasp1(BigInteger $m) + { + if ($m->compare(self::$zero) < 0 || $m->compare($this->modulus) > 0) { + throw new \OutOfRangeException('Signature representative out of range'); + } + return $this->exponentiate($m); + } + + /** + * Exponentiate + * + * @param BigInteger $x + * @return BigInteger + */ + protected function exponentiate(BigInteger $x) + { + switch (true) { + case empty($this->primes): + case $this->primes[1]->equals(self::$zero): + case empty($this->coefficients): + case $this->coefficients[2]->equals(self::$zero): + case empty($this->exponents): + case $this->exponents[1]->equals(self::$zero): + return $x->modPow($this->exponent, $this->modulus); + } + + $num_primes = count($this->primes); + + if (!static::$enableBlinding) { + $m_i = [ + 1 => $x->modPow($this->exponents[1], $this->primes[1]), + 2 => $x->modPow($this->exponents[2], $this->primes[2]) + ]; + $h = $m_i[1]->subtract($m_i[2]); + $h = $h->multiply($this->coefficients[2]); + list(, $h) = $h->divide($this->primes[1]); + $m = $m_i[2]->add($h->multiply($this->primes[2])); + + $r = $this->primes[1]; + for ($i = 3; $i <= $num_primes; $i++) { + $m_i = $x->modPow($this->exponents[$i], $this->primes[$i]); + + $r = $r->multiply($this->primes[$i - 1]); + + $h = $m_i->subtract($m); + $h = $h->multiply($this->coefficients[$i]); + list(, $h) = $h->divide($this->primes[$i]); + + $m = $m->add($r->multiply($h)); + } + } else { + $smallest = $this->primes[1]; + for ($i = 2; $i <= $num_primes; $i++) { + if ($smallest->compare($this->primes[$i]) > 0) { + $smallest = $this->primes[$i]; + } + } + + $r = BigInteger::randomRange(self::$one, $smallest->subtract(self::$one)); + + $m_i = [ + 1 => $this->blind($x, $r, 1), + 2 => $this->blind($x, $r, 2) + ]; + $h = $m_i[1]->subtract($m_i[2]); + $h = $h->multiply($this->coefficients[2]); + list(, $h) = $h->divide($this->primes[1]); + $m = $m_i[2]->add($h->multiply($this->primes[2])); + + $r = $this->primes[1]; + for ($i = 3; $i <= $num_primes; $i++) { + $m_i = $this->blind($x, $r, $i); + + $r = $r->multiply($this->primes[$i - 1]); + + $h = $m_i->subtract($m); + $h = $h->multiply($this->coefficients[$i]); + list(, $h) = $h->divide($this->primes[$i]); + + $m = $m->add($r->multiply($h)); + } + } + + return $m; + } + + /** + * Performs RSA Blinding + * + * Protects against timing attacks by employing RSA Blinding. + * Returns $x->modPow($this->exponents[$i], $this->primes[$i]) + * + * @param BigInteger $x + * @param BigInteger $r + * @param int $i + * @return BigInteger + */ + private function blind(BigInteger $x, BigInteger $r, $i) + { + $x = $x->multiply($r->modPow($this->publicExponent, $this->primes[$i])); + $x = $x->modPow($this->exponents[$i], $this->primes[$i]); + + $r = $r->modInverse($this->primes[$i]); + $x = $x->multiply($r); + list(, $x) = $x->divide($this->primes[$i]); + + return $x; + } + + /** + * EMSA-PSS-ENCODE + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.1 RFC3447#section-9.1.1}. + * + * @return string + * @param string $m + * @throws \RuntimeException on encoding error + * @param int $emBits + */ + private function emsa_pss_encode($m, $emBits) + { + // if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + $emLen = ($emBits + 1) >> 3; // ie. ceil($emBits / 8) + $sLen = $this->sLen !== null ? $this->sLen : $this->hLen; + + $mHash = $this->hash->hash($m); + if ($emLen < $this->hLen + $sLen + 2) { + throw new \LengthException('RSA modulus too short'); + } + + $salt = Random::string($sLen); + $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; + $h = $this->hash->hash($m2); + $ps = str_repeat(chr(0), $emLen - $sLen - $this->hLen - 2); + $db = $ps . chr(1) . $salt; + $dbMask = $this->mgf1($h, $emLen - $this->hLen - 1); // ie. stlren($db) + $maskedDB = $db ^ $dbMask; + $maskedDB[0] = ~chr(0xFF << ($emBits & 7)) & $maskedDB[0]; + $em = $maskedDB . $h . chr(0xBC); + + return $em; + } + + /** + * RSASSA-PSS-SIGN + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.1 RFC3447#section-8.1.1}. + * + * @param string $m + * @return bool|string + */ + private function rsassa_pss_sign($m) + { + // EMSA-PSS encoding + + $em = $this->emsa_pss_encode($m, 8 * $this->k - 1); + + // RSA signature + + $m = $this->os2ip($em); + $s = $this->rsasp1($m); + $s = $this->i2osp($s, $this->k); + + // Output the signature S + + return $s; + } + + /** + * RSASSA-PKCS1-V1_5-SIGN + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.1 RFC3447#section-8.2.1}. + * + * @param string $m + * @throws \LengthException if the RSA modulus is too short + * @return bool|string + */ + private function rsassa_pkcs1_v1_5_sign($m) + { + // EMSA-PKCS1-v1_5 encoding + + // If the encoding operation outputs "intended encoded message length too short," output "RSA modulus + // too short" and stop. + try { + $em = $this->emsa_pkcs1_v1_5_encode($m, $this->k); + } catch (\LengthException $e) { + throw new \LengthException('RSA modulus too short'); + } + + // RSA signature + + $m = $this->os2ip($em); + $s = $this->rsasp1($m); + $s = $this->i2osp($s, $this->k); + + // Output the signature S + + return $s; + } + + /** + * Create a signature + * + * @see self::verify() + * @param string $message + * @return string + */ + public function sign($message) + { + switch ($this->signaturePadding) { + case self::SIGNATURE_PKCS1: + case self::SIGNATURE_RELAXED_PKCS1: + return $this->rsassa_pkcs1_v1_5_sign($message); + //case self::SIGNATURE_PSS: + default: + return $this->rsassa_pss_sign($message); + } + } + + /** + * RSAES-PKCS1-V1_5-DECRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}. + * + * @param string $c + * @return bool|string + */ + private function rsaes_pkcs1_v1_5_decrypt($c) + { + // Length checking + + if (strlen($c) != $this->k) { // or if k < 11 + throw new \LengthException('Ciphertext representative too long'); + } + + // RSA decryption + + $c = $this->os2ip($c); + $m = $this->rsadp($c); + $em = $this->i2osp($m, $this->k); + + // EME-PKCS1-v1_5 decoding + + if (ord($em[0]) != 0 || ord($em[1]) > 2) { + throw new \RuntimeException('Decryption error'); + } + + $ps = substr($em, 2, strpos($em, chr(0), 2) - 2); + $m = substr($em, strlen($ps) + 3); + + if (strlen($ps) < 8) { + throw new \RuntimeException('Decryption error'); + } + + // Output M + + return $m; + } + + /** + * RSAES-OAEP-DECRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error + * messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2: + * + * Note. Care must be taken to ensure that an opponent cannot + * distinguish the different error conditions in Step 3.g, whether by + * error message or timing, or, more generally, learn partial + * information about the encoded message EM. Otherwise an opponent may + * be able to obtain useful information about the decryption of the + * ciphertext C, leading to a chosen-ciphertext attack such as the one + * observed by Manger [36]. + * + * @param string $c + * @return bool|string + */ + private function rsaes_oaep_decrypt($c) + { + // Length checking + + // if $l is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + if (strlen($c) != $this->k || $this->k < 2 * $this->hLen + 2) { + throw new \LengthException('Ciphertext representative too long'); + } + + // RSA decryption + + $c = $this->os2ip($c); + $m = $this->rsadp($c); + $em = $this->i2osp($m, $this->k); + + // EME-OAEP decoding + + $lHash = $this->hash->hash($this->label); + $y = ord($em[0]); + $maskedSeed = substr($em, 1, $this->hLen); + $maskedDB = substr($em, $this->hLen + 1); + $seedMask = $this->mgf1($maskedDB, $this->hLen); + $seed = $maskedSeed ^ $seedMask; + $dbMask = $this->mgf1($seed, $this->k - $this->hLen - 1); + $db = $maskedDB ^ $dbMask; + $lHash2 = substr($db, 0, $this->hLen); + $m = substr($db, $this->hLen); + $hashesMatch = hash_equals($lHash, $lHash2); + $leadingZeros = 1; + $patternMatch = 0; + $offset = 0; + for ($i = 0; $i < strlen($m); $i++) { + $patternMatch |= $leadingZeros & ($m[$i] === "\1"); + $leadingZeros &= $m[$i] === "\0"; + $offset += $patternMatch ? 0 : 1; + } + + // we do | instead of || to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation + // to protect against timing attacks + if (!$hashesMatch | !$patternMatch) { + throw new \RuntimeException('Decryption error'); + } + + // Output the message M + + return substr($m, $offset + 1); + } + + /** + * Raw Encryption / Decryption + * + * Doesn't use padding and is not recommended. + * + * @param string $m + * @return bool|string + * @throws \LengthException if strlen($m) > $this->k + */ + private function raw_encrypt($m) + { + if (strlen($m) > $this->k) { + throw new \LengthException('Ciphertext representative too long'); + } + + $temp = $this->os2ip($m); + $temp = $this->rsadp($temp); + return $this->i2osp($temp, $this->k); + } + + /** + * Decryption + * + * @see self::encrypt() + * @param string $ciphertext + * @return bool|string + */ + public function decrypt($ciphertext) + { + switch ($this->encryptionPadding) { + case self::ENCRYPTION_NONE: + return $this->raw_encrypt($ciphertext); + case self::ENCRYPTION_PKCS1: + return $this->rsaes_pkcs1_v1_5_decrypt($ciphertext); + //case self::ENCRYPTION_OAEP: + default: + return $this->rsaes_oaep_decrypt($ciphertext); + } + } + + /** + * Returns the public key + * + * @return mixed + */ + public function getPublicKey() + { + $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey'); + if (empty($this->modulus) || empty($this->publicExponent)) { + throw new \RuntimeException('Public key components not found'); + } + + $key = $type::savePublicKey($this->modulus, $this->publicExponent); + return RSA::loadFormat('PKCS8', $key) + ->withHash($this->hash->getHash()) + ->withMGFHash($this->mgfHash->getHash()) + ->withSaltLength($this->sLen) + ->withLabel($this->label) + ->withPadding($this->signaturePadding | $this->encryptionPadding); + } + + /** + * Returns the private key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin( + 'Keys', + $type, + empty($this->primes) ? 'savePublicKey' : 'savePrivateKey' + ); + + if ($type == PSS::class) { + if ($this->signaturePadding == self::SIGNATURE_PSS) { + $options += [ + 'hash' => $this->hash->getHash(), + 'MGFHash' => $this->mgfHash->getHash(), + 'saltLength' => $this->getSaltLength() + ]; + } else { + throw new UnsupportedFormatException('The PSS format can only be used when the signature method has been explicitly set to PSS'); + } + } + + if (empty($this->primes)) { + return $type::savePublicKey($this->modulus, $this->exponent, $options); + } + + return $type::savePrivateKey($this->modulus, $this->publicExponent, $this->exponent, $this->primes, $this->exponents, $this->coefficients, $this->password, $options); + + /* + $key = $type::savePrivateKey($this->modulus, $this->publicExponent, $this->exponent, $this->primes, $this->exponents, $this->coefficients, $this->password, $options); + if ($key !== false || count($this->primes) == 2) { + return $key; + } + + $nSize = $this->getSize() >> 1; + + $primes = [1 => clone self::$one, clone self::$one]; + $i = 1; + foreach ($this->primes as $prime) { + $primes[$i] = $primes[$i]->multiply($prime); + if ($primes[$i]->getLength() >= $nSize) { + $i++; + } + } + + $exponents = []; + $coefficients = [2 => $primes[2]->modInverse($primes[1])]; + + foreach ($primes as $i => $prime) { + $temp = $prime->subtract(self::$one); + $exponents[$i] = $this->modulus->modInverse($temp); + } + + return $type::savePrivateKey($this->modulus, $this->publicExponent, $this->exponent, $primes, $exponents, $coefficients, $this->password, $options); + */ + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PublicKey.php new file mode 100644 index 0000000..ff80ae7 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PublicKey.php @@ -0,0 +1,513 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt\RSA; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Exception\UnsupportedFormatException; +use phpseclib3\File\ASN1; +use phpseclib3\File\ASN1\Maps\DigestInfo; +use phpseclib3\Math\BigInteger; + +/** + * Raw RSA Key Handler + * + * @author Jim Wigginton + */ +final class PublicKey extends RSA implements Common\PublicKey +{ + use Common\Traits\Fingerprint; + + /** + * Exponentiate + * + * @param BigInteger $x + * @return BigInteger + */ + private function exponentiate(BigInteger $x) + { + return $x->modPow($this->exponent, $this->modulus); + } + + /** + * RSAVP1 + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}. + * + * @param BigInteger $s + * @return bool|BigInteger + */ + private function rsavp1($s) + { + if ($s->compare(self::$zero) < 0 || $s->compare($this->modulus) > 0) { + return false; + } + return $this->exponentiate($s); + } + + /** + * RSASSA-PKCS1-V1_5-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.2 RFC3447#section-8.2.2}. + * + * @param string $m + * @param string $s + * @throws \LengthException if the RSA modulus is too short + * @return bool + */ + private function rsassa_pkcs1_v1_5_verify($m, $s) + { + // Length checking + + if (strlen($s) != $this->k) { + return false; + } + + // RSA verification + + $s = $this->os2ip($s); + $m2 = $this->rsavp1($s); + if ($m2 === false) { + return false; + } + $em = $this->i2osp($m2, $this->k); + if ($em === false) { + return false; + } + + // EMSA-PKCS1-v1_5 encoding + + $exception = false; + + // If the encoding operation outputs "intended encoded message length too short," output "RSA modulus + // too short" and stop. + try { + $em2 = $this->emsa_pkcs1_v1_5_encode($m, $this->k); + $r1 = hash_equals($em, $em2); + } catch (\LengthException $e) { + $exception = true; + } + + try { + $em3 = $this->emsa_pkcs1_v1_5_encode_without_null($m, $this->k); + $r2 = hash_equals($em, $em3); + } catch (\LengthException $e) { + $exception = true; + } catch (UnsupportedAlgorithmException $e) { + $r2 = false; + } + + if ($exception) { + throw new \LengthException('RSA modulus too short'); + } + + // Compare + return $r1 || $r2; + } + + /** + * RSASSA-PKCS1-V1_5-VERIFY (relaxed matching) + * + * Per {@link http://tools.ietf.org/html/rfc3447#page-43 RFC3447#page-43} PKCS1 v1.5 + * specified the use BER encoding rather than DER encoding that PKCS1 v2.0 specified. + * This means that under rare conditions you can have a perfectly valid v1.5 signature + * that fails to validate with _rsassa_pkcs1_v1_5_verify(). PKCS1 v2.1 also recommends + * that if you're going to validate these types of signatures you "should indicate + * whether the underlying BER encoding is a DER encoding and hence whether the signature + * is valid with respect to the specification given in [PKCS1 v2.0+]". so if you do + * $rsa->getLastPadding() and get RSA::PADDING_RELAXED_PKCS1 back instead of + * RSA::PADDING_PKCS1... that means BER encoding was used. + * + * @param string $m + * @param string $s + * @return bool + */ + private function rsassa_pkcs1_v1_5_relaxed_verify($m, $s) + { + // Length checking + + if (strlen($s) != $this->k) { + return false; + } + + // RSA verification + + $s = $this->os2ip($s); + $m2 = $this->rsavp1($s); + if ($m2 === false) { + return false; + } + $em = $this->i2osp($m2, $this->k); + if ($em === false) { + return false; + } + + if (Strings::shift($em, 2) != "\0\1") { + return false; + } + + $em = ltrim($em, "\xFF"); + if (Strings::shift($em) != "\0") { + return false; + } + + $decoded = ASN1::decodeBER($em); + if (!is_array($decoded) || empty($decoded[0]) || strlen($em) > $decoded[0]['length']) { + return false; + } + + static $oids; + if (!isset($oids)) { + $oids = [ + 'md2' => '1.2.840.113549.2.2', + 'md4' => '1.2.840.113549.2.4', // from PKCS1 v1.5 + 'md5' => '1.2.840.113549.2.5', + 'id-sha1' => '1.3.14.3.2.26', + 'id-sha256' => '2.16.840.1.101.3.4.2.1', + 'id-sha384' => '2.16.840.1.101.3.4.2.2', + 'id-sha512' => '2.16.840.1.101.3.4.2.3', + // from PKCS1 v2.2 + 'id-sha224' => '2.16.840.1.101.3.4.2.4', + 'id-sha512/224' => '2.16.840.1.101.3.4.2.5', + 'id-sha512/256' => '2.16.840.1.101.3.4.2.6', + ]; + ASN1::loadOIDs($oids); + } + + $decoded = ASN1::asn1map($decoded[0], DigestInfo::MAP); + if (!isset($decoded) || $decoded === false) { + return false; + } + + if (!isset($oids[$decoded['digestAlgorithm']['algorithm']])) { + return false; + } + + if (isset($decoded['digestAlgorithm']['parameters']) && $decoded['digestAlgorithm']['parameters'] !== ['null' => '']) { + return false; + } + + $hash = $decoded['digestAlgorithm']['algorithm']; + $hash = substr($hash, 0, 3) == 'id-' ? + substr($hash, 3) : + $hash; + $hash = new Hash($hash); + $em = $hash->hash($m); + $em2 = $decoded['digest']; + + return hash_equals($em, $em2); + } + + /** + * EMSA-PSS-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.2 RFC3447#section-9.1.2}. + * + * @param string $m + * @param string $em + * @param int $emBits + * @return string + */ + private function emsa_pss_verify($m, $em, $emBits) + { + // if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + $emLen = ($emBits + 7) >> 3; // ie. ceil($emBits / 8); + $sLen = $this->sLen !== null ? $this->sLen : $this->hLen; + + $mHash = $this->hash->hash($m); + if ($emLen < $this->hLen + $sLen + 2) { + return false; + } + + if ($em[strlen($em) - 1] != chr(0xBC)) { + return false; + } + + $maskedDB = substr($em, 0, -$this->hLen - 1); + $h = substr($em, -$this->hLen - 1, $this->hLen); + $temp = chr(0xFF << ($emBits & 7)); + if ((~$maskedDB[0] & $temp) != $temp) { + return false; + } + $dbMask = $this->mgf1($h, $emLen - $this->hLen - 1); + $db = $maskedDB ^ $dbMask; + $db[0] = ~chr(0xFF << ($emBits & 7)) & $db[0]; + $temp = $emLen - $this->hLen - $sLen - 2; + if (substr($db, 0, $temp) != str_repeat(chr(0), $temp) || ord($db[$temp]) != 1) { + return false; + } + $salt = substr($db, $temp + 1); // should be $sLen long + $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; + $h2 = $this->hash->hash($m2); + return hash_equals($h, $h2); + } + + /** + * RSASSA-PSS-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.2 RFC3447#section-8.1.2}. + * + * @param string $m + * @param string $s + * @return bool|string + */ + private function rsassa_pss_verify($m, $s) + { + // Length checking + + if (strlen($s) != $this->k) { + return false; + } + + // RSA verification + + $modBits = strlen($this->modulus->toBits()); + + $s2 = $this->os2ip($s); + $m2 = $this->rsavp1($s2); + $em = $this->i2osp($m2, $this->k); + if ($em === false) { + return false; + } + + // EMSA-PSS verification + + return $this->emsa_pss_verify($m, $em, $modBits - 1); + } + + /** + * Verifies a signature + * + * @see self::sign() + * @param string $message + * @param string $signature + * @return bool + */ + public function verify($message, $signature) + { + switch ($this->signaturePadding) { + case self::SIGNATURE_RELAXED_PKCS1: + return $this->rsassa_pkcs1_v1_5_relaxed_verify($message, $signature); + case self::SIGNATURE_PKCS1: + return $this->rsassa_pkcs1_v1_5_verify($message, $signature); + //case self::SIGNATURE_PSS: + default: + return $this->rsassa_pss_verify($message, $signature); + } + } + + /** + * RSAES-PKCS1-V1_5-ENCRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.1 RFC3447#section-7.2.1}. + * + * @param string $m + * @param bool $pkcs15_compat optional + * @throws \LengthException if strlen($m) > $this->k - 11 + * @return bool|string + */ + private function rsaes_pkcs1_v1_5_encrypt($m, $pkcs15_compat = false) + { + $mLen = strlen($m); + + // Length checking + + if ($mLen > $this->k - 11) { + throw new \LengthException('Message too long'); + } + + // EME-PKCS1-v1_5 encoding + + $psLen = $this->k - $mLen - 3; + $ps = ''; + while (strlen($ps) != $psLen) { + $temp = Random::string($psLen - strlen($ps)); + $temp = str_replace("\x00", '', $temp); + $ps .= $temp; + } + $type = 2; + $em = chr(0) . chr($type) . $ps . chr(0) . $m; + + // RSA encryption + $m = $this->os2ip($em); + $c = $this->rsaep($m); + $c = $this->i2osp($c, $this->k); + + // Output the ciphertext C + + return $c; + } + + /** + * RSAES-OAEP-ENCRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.1 RFC3447#section-7.1.1} and + * {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}. + * + * @param string $m + * @throws \LengthException if strlen($m) > $this->k - 2 * $this->hLen - 2 + * @return string + */ + private function rsaes_oaep_encrypt($m) + { + $mLen = strlen($m); + + // Length checking + + // if $l is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + if ($mLen > $this->k - 2 * $this->hLen - 2) { + throw new \LengthException('Message too long'); + } + + // EME-OAEP encoding + + $lHash = $this->hash->hash($this->label); + $ps = str_repeat(chr(0), $this->k - $mLen - 2 * $this->hLen - 2); + $db = $lHash . $ps . chr(1) . $m; + $seed = Random::string($this->hLen); + $dbMask = $this->mgf1($seed, $this->k - $this->hLen - 1); + $maskedDB = $db ^ $dbMask; + $seedMask = $this->mgf1($maskedDB, $this->hLen); + $maskedSeed = $seed ^ $seedMask; + $em = chr(0) . $maskedSeed . $maskedDB; + + // RSA encryption + + $m = $this->os2ip($em); + $c = $this->rsaep($m); + $c = $this->i2osp($c, $this->k); + + // Output the ciphertext C + + return $c; + } + + /** + * RSAEP + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.1}. + * + * @param BigInteger $m + * @return bool|BigInteger + */ + private function rsaep($m) + { + if ($m->compare(self::$zero) < 0 || $m->compare($this->modulus) > 0) { + throw new \OutOfRangeException('Message representative out of range'); + } + return $this->exponentiate($m); + } + + /** + * Raw Encryption / Decryption + * + * Doesn't use padding and is not recommended. + * + * @param string $m + * @return bool|string + * @throws \LengthException if strlen($m) > $this->k + */ + private function raw_encrypt($m) + { + if (strlen($m) > $this->k) { + throw new \LengthException('Message too long'); + } + + $temp = $this->os2ip($m); + $temp = $this->rsaep($temp); + return $this->i2osp($temp, $this->k); + } + + /** + * Encryption + * + * Both self::PADDING_OAEP and self::PADDING_PKCS1 both place limits on how long $plaintext can be. + * If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will + * be concatenated together. + * + * @see self::decrypt() + * @param string $plaintext + * @return bool|string + * @throws \LengthException if the RSA modulus is too short + */ + public function encrypt($plaintext) + { + switch ($this->encryptionPadding) { + case self::ENCRYPTION_NONE: + return $this->raw_encrypt($plaintext); + case self::ENCRYPTION_PKCS1: + return $this->rsaes_pkcs1_v1_5_encrypt($plaintext); + //case self::ENCRYPTION_OAEP: + default: + return $this->rsaes_oaep_encrypt($plaintext); + } + } + + /** + * Returns the public key + * + * The public key is only returned under two circumstances - if the private key had the public key embedded within it + * or if the public key was set via setPublicKey(). If the currently loaded key is supposed to be the public key this + * function won't return it since this library, for the most part, doesn't distinguish between public and private keys. + * + * @param string $type + * @param array $options optional + * @return mixed + */ + public function toString($type, array $options = []) + { + $type = self::validatePlugin('Keys', $type, 'savePublicKey'); + + if ($type == PSS::class) { + if ($this->signaturePadding == self::SIGNATURE_PSS) { + $options += [ + 'hash' => $this->hash->getHash(), + 'MGFHash' => $this->mgfHash->getHash(), + 'saltLength' => $this->getSaltLength() + ]; + } else { + throw new UnsupportedFormatException('The PSS format can only be used when the signature method has been explicitly set to PSS'); + } + } + + return $type::savePublicKey($this->modulus, $this->publicExponent, $options); + } + + /** + * Converts a public key to a private key + * + * @return RSA + */ + public function asPrivateKey() + { + $new = new PrivateKey(); + $new->exponent = $this->exponent; + $new->modulus = $this->modulus; + $new->k = $this->k; + $new->format = $this->format; + return $new + ->withHash($this->hash->getHash()) + ->withMGFHash($this->mgfHash->getHash()) + ->withSaltLength($this->sLen) + ->withLabel($this->label) + ->withPadding($this->signaturePadding | $this->encryptionPadding); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Random.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Random.php new file mode 100644 index 0000000..f813a2e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Random.php @@ -0,0 +1,222 @@ + + * + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +/** + * Pure-PHP Random Number Generator + * + * @author Jim Wigginton + */ +abstract class Random +{ + /** + * Generate a random string. + * + * Although microoptimizations are generally discouraged as they impair readability this function is ripe with + * microoptimizations because this function has the potential of being called a huge number of times. + * eg. for RSA key generation. + * + * @param int $length + * @throws \RuntimeException if a symmetric cipher is needed but not loaded + * @return string + */ + public static function string($length) + { + if (!$length) { + return ''; + } + + try { + return random_bytes($length); + } catch (\Exception $e) { + // random_compat will throw an Exception, which in PHP 5 does not implement Throwable + } catch (\Throwable $e) { + // If a sufficient source of randomness is unavailable, random_bytes() will throw an + // object that implements the Throwable interface (Exception, TypeError, Error). + // We don't actually need to do anything here. The string() method should just continue + // as normal. Note, however, that if we don't have a sufficient source of randomness for + // random_bytes(), most of the other calls here will fail too, so we'll end up using + // the PHP implementation. + } + // at this point we have no choice but to use a pure-PHP CSPRNG + + // cascade entropy across multiple PHP instances by fixing the session and collecting all + // environmental variables, including the previous session data and the current session + // data. + // + // mt_rand seeds itself by looking at the PID and the time, both of which are (relatively) + // easy to guess at. linux uses mouse clicks, keyboard timings, etc, as entropy sources, but + // PHP isn't low level to be able to use those as sources and on a web server there's not likely + // going to be a ton of keyboard or mouse action. web servers do have one thing that we can use + // however, a ton of people visiting the website. obviously you don't want to base your seeding + // solely on parameters a potential attacker sends but (1) not everything in $_SERVER is controlled + // by the user and (2) this isn't just looking at the data sent by the current user - it's based + // on the data sent by all users. one user requests the page and a hash of their info is saved. + // another user visits the page and the serialization of their data is utilized along with the + // server environment stuff and a hash of the previous http request data (which itself utilizes + // a hash of the session data before that). certainly an attacker should be assumed to have + // full control over his own http requests. he, however, is not going to have control over + // everyone's http requests. + static $crypto = false, $v; + if ($crypto === false) { + // save old session data + $old_session_id = session_id(); + $old_use_cookies = ini_get('session.use_cookies'); + $old_session_cache_limiter = session_cache_limiter(); + $_OLD_SESSION = isset($_SESSION) ? $_SESSION : false; + if ($old_session_id != '') { + session_write_close(); + } + + session_id(1); + ini_set('session.use_cookies', 0); + session_cache_limiter(''); + session_start(); + + $v = (isset($_SERVER) ? self::safe_serialize($_SERVER) : '') . + (isset($_POST) ? self::safe_serialize($_POST) : '') . + (isset($_GET) ? self::safe_serialize($_GET) : '') . + (isset($_COOKIE) ? self::safe_serialize($_COOKIE) : '') . + // as of PHP 8.1 $GLOBALS can't be accessed by reference, which eliminates + // the need for phpseclib_safe_serialize. see https://wiki.php.net/rfc/restrict_globals_usage + // for more info + (version_compare(PHP_VERSION, '8.1.0', '>=') ? serialize($GLOBALS) : self::safe_serialize($GLOBALS)) . + self::safe_serialize($_SESSION) . + self::safe_serialize($_OLD_SESSION); + $v = $seed = $_SESSION['seed'] = sha1($v, true); + if (!isset($_SESSION['count'])) { + $_SESSION['count'] = 0; + } + $_SESSION['count']++; + + session_write_close(); + + // restore old session data + if ($old_session_id != '') { + session_id($old_session_id); + session_start(); + ini_set('session.use_cookies', $old_use_cookies); + session_cache_limiter($old_session_cache_limiter); + } else { + if ($_OLD_SESSION !== false) { + $_SESSION = $_OLD_SESSION; + unset($_OLD_SESSION); + } else { + unset($_SESSION); + } + } + + // in SSH2 a shared secret and an exchange hash are generated through the key exchange process. + // the IV client to server is the hash of that "nonce" with the letter A and for the encryption key it's the letter C. + // if the hash doesn't produce enough a key or an IV that's long enough concat successive hashes of the + // original hash and the current hash. we'll be emulating that. for more info see the following URL: + // + // http://tools.ietf.org/html/rfc4253#section-7.2 + // + // see the is_string($crypto) part for an example of how to expand the keys + $key = sha1($seed . 'A', true); + $iv = sha1($seed . 'C', true); + + // ciphers are used as per the nist.gov link below. also, see this link: + // + // http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Designs_based_on_cryptographic_primitives + switch (true) { + case class_exists('\phpseclib3\Crypt\AES'): + $crypto = new AES('ctr'); + break; + case class_exists('\phpseclib3\Crypt\Twofish'): + $crypto = new Twofish('ctr'); + break; + case class_exists('\phpseclib3\Crypt\Blowfish'): + $crypto = new Blowfish('ctr'); + break; + case class_exists('\phpseclib3\Crypt\TripleDES'): + $crypto = new TripleDES('ctr'); + break; + case class_exists('\phpseclib3\Crypt\DES'): + $crypto = new DES('ctr'); + break; + case class_exists('\phpseclib3\Crypt\RC4'): + $crypto = new RC4(); + break; + default: + throw new \RuntimeException(__CLASS__ . ' requires at least one symmetric cipher be loaded'); + } + + $crypto->setKey(substr($key, 0, $crypto->getKeyLength() >> 3)); + $crypto->setIV(substr($iv, 0, $crypto->getBlockLength() >> 3)); + $crypto->enableContinuousBuffer(); + } + + //return $crypto->encrypt(str_repeat("\0", $length)); + + // the following is based off of ANSI X9.31: + // + // http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf + // + // OpenSSL uses that same standard for it's random numbers: + // + // http://www.opensource.apple.com/source/OpenSSL/OpenSSL-38/openssl/fips-1.0/rand/fips_rand.c + // (do a search for "ANS X9.31 A.2.4") + $result = ''; + while (strlen($result) < $length) { + $i = $crypto->encrypt(microtime()); // strlen(microtime()) == 21 + $r = $crypto->encrypt($i ^ $v); // strlen($v) == 20 + $v = $crypto->encrypt($r ^ $i); // strlen($r) == 20 + $result .= $r; + } + + return substr($result, 0, $length); + } + + /** + * Safely serialize variables + * + * If a class has a private __sleep() it'll emit a warning + * @return mixed + * @param mixed $arr + */ + private static function safe_serialize(&$arr) + { + if (is_object($arr)) { + return ''; + } + if (!is_array($arr)) { + return serialize($arr); + } + // prevent circular array recursion + if (isset($arr['__phpseclib_marker'])) { + return ''; + } + $safearr = []; + $arr['__phpseclib_marker'] = true; + foreach (array_keys($arr) as $key) { + // do not recurse on the '__phpseclib_marker' key itself, for smaller memory usage + if ($key !== '__phpseclib_marker') { + $safearr[$key] = self::safe_serialize($arr[$key]); + } + } + unset($arr['__phpseclib_marker']); + return serialize($safearr); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php new file mode 100644 index 0000000..ff31f9c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php @@ -0,0 +1,1036 @@ + + * setKey('abcdefghijklmnop'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $rijndael->decrypt($rijndael->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2008 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\BadModeException; +use phpseclib3\Exception\InconsistentSetupException; +use phpseclib3\Exception\InsufficientSetupException; + +/** + * Pure-PHP implementation of Rijndael. + * + * @author Jim Wigginton + */ +class Rijndael extends BlockCipher +{ + /** + * The mcrypt specific name of the cipher + * + * Mcrypt is useable for 128/192/256-bit $block_size/$key_length. For 160/224 not. + * \phpseclib3\Crypt\Rijndael determines automatically whether mcrypt is useable + * or not for the current $block_size/$key_length. + * In case of, $cipher_name_mcrypt will be set dynamically at run time accordingly. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt + * @see \phpseclib3\Crypt\Common\SymmetricKey::engine + * @see self::isValidEngine() + * @var string + */ + protected $cipher_name_mcrypt = 'rijndael-128'; + + /** + * The Key Schedule + * + * @see self::setup() + * @var array + */ + private $w; + + /** + * The Inverse Key Schedule + * + * @see self::setup() + * @var array + */ + private $dw; + + /** + * The Block Length divided by 32 + * + * {@internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4. Exists in conjunction with $block_size + * because the encryption / decryption / key schedule creation requires this number and not $block_size. We could + * derive this from $block_size or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once.} + * + * @see self::setBlockLength() + * @var int + */ + private $Nb = 4; + + /** + * The Key Length (in bytes) + * + * {@internal The max value is 256 / 8 = 32, the min value is 128 / 8 = 16. Exists in conjunction with $Nk + * because the encryption / decryption / key schedule creation requires this number and not $key_length. We could + * derive this from $key_length or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once.} + * + * @see self::setKeyLength() + * @var int + */ + protected $key_length = 16; + + /** + * The Key Length divided by 32 + * + * @see self::setKeyLength() + * @var int + * @internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4 + */ + private $Nk = 4; + + /** + * The Number of Rounds + * + * {@internal The max value is 14, the min value is 10.} + * + * @var int + */ + private $Nr; + + /** + * Shift offsets + * + * @var array + */ + private $c; + + /** + * Holds the last used key- and block_size information + * + * @var array + */ + private $kl; + + /** + * Default Constructor. + * + * @param string $mode + * @throws \InvalidArgumentException if an invalid / unsupported mode is provided + */ + public function __construct($mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Sets the key length. + * + * Valid key lengths are 128, 160, 192, 224, and 256. + * + * Note: phpseclib extends Rijndael (and AES) for using 160- and 224-bit keys but they are officially not defined + * and the most (if not all) implementations are not able using 160/224-bit keys but round/pad them up to + * 192/256 bits as, for example, mcrypt will do. + * + * That said, if you want be compatible with other Rijndael and AES implementations, + * you should not setKeyLength(160) or setKeyLength(224). + * + * Additional: In case of 160- and 224-bit keys, phpseclib will/can, for that reason, not use + * the mcrypt php extension, even if available. + * This results then in slower encryption. + * + * @throws \LengthException if the key length is invalid + * @param int $length + */ + public function setKeyLength($length) + { + switch ($length) { + case 128: + case 160: + case 192: + case 224: + case 256: + $this->key_length = $length >> 3; + break; + default: + throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes 128, 160, 192, 224 or 256 bits are supported'); + } + + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Rijndael supports five different key lengths + * + * @see setKeyLength() + * @param string $key + * @throws \LengthException if the key length isn't supported + */ + public function setKey($key) + { + switch (strlen($key)) { + case 16: + case 20: + case 24: + case 28: + case 32: + break; + default: + throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 20, 24, 28 or 32 are supported'); + } + + parent::setKey($key); + } + + /** + * Sets the block length + * + * Valid block lengths are 128, 160, 192, 224, and 256. + * + * @param int $length + */ + public function setBlockLength($length) + { + switch ($length) { + case 128: + case 160: + case 192: + case 224: + case 256: + break; + default: + throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes 128, 160, 192, 224 or 256 bits are supported'); + } + + $this->Nb = $length >> 5; + $this->block_size = $length >> 3; + $this->changed = $this->nonIVChanged = true; + $this->setEngine(); + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + switch ($engine) { + case self::ENGINE_LIBSODIUM: + return function_exists('sodium_crypto_aead_aes256gcm_is_available') && + sodium_crypto_aead_aes256gcm_is_available() && + $this->mode == self::MODE_GCM && + $this->key_length == 32 && + $this->nonce && strlen($this->nonce) == 12 && + $this->block_size == 16; + case self::ENGINE_OPENSSL_GCM: + if (!extension_loaded('openssl')) { + return false; + } + $methods = openssl_get_cipher_methods(); + return $this->mode == self::MODE_GCM && + version_compare(PHP_VERSION, '7.1.0', '>=') && + in_array('aes-' . $this->getKeyLength() . '-gcm', $methods) && + $this->block_size == 16; + case self::ENGINE_OPENSSL: + if ($this->block_size != 16) { + return false; + } + $this->cipher_name_openssl_ecb = 'aes-' . ($this->key_length << 3) . '-ecb'; + $this->cipher_name_openssl = 'aes-' . ($this->key_length << 3) . '-' . $this->openssl_translate_mode(); + break; + case self::ENGINE_MCRYPT: + $this->cipher_name_mcrypt = 'rijndael-' . ($this->block_size << 3); + if ($this->key_length % 8) { // is it a 160/224-bit key? + // mcrypt is not usable for them, only for 128/192/256-bit keys + return false; + } + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Encrypts a block + * + * @param string $in + * @return string + */ + protected function encryptBlock($in) + { + static $tables; + if (empty($tables)) { + $tables = &$this->getTables(); + } + $t0 = $tables[0]; + $t1 = $tables[1]; + $t2 = $tables[2]; + $t3 = $tables[3]; + $sbox = $tables[4]; + + $state = []; + $words = unpack('N*', $in); + + $c = $this->c; + $w = $this->w; + $Nb = $this->Nb; + $Nr = $this->Nr; + + // addRoundKey + $wc = $Nb - 1; + foreach ($words as $word) { + $state[] = $word ^ $w[++$wc]; + } + + // fips-197.pdf#page=19, "Figure 5. Pseudo Code for the Cipher", states that this loop has four components - + // subBytes, shiftRows, mixColumns, and addRoundKey. fips-197.pdf#page=30, "Implementation Suggestions Regarding + // Various Platforms" suggests that performs enhanced implementations are described in Rijndael-ammended.pdf. + // Rijndael-ammended.pdf#page=20, "Implementation aspects / 32-bit processor", discusses such an optimization. + // Unfortunately, the description given there is not quite correct. Per aes.spec.v316.pdf#page=19 [1], + // equation (7.4.7) is supposed to use addition instead of subtraction, so we'll do that here, as well. + + // [1] http://fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.v316.pdf + $temp = []; + for ($round = 1; $round < $Nr; ++$round) { + $i = 0; // $c[0] == 0 + $j = $c[1]; + $k = $c[2]; + $l = $c[3]; + + while ($i < $Nb) { + $temp[$i] = $t0[$state[$i] >> 24 & 0x000000FF] ^ + $t1[$state[$j] >> 16 & 0x000000FF] ^ + $t2[$state[$k] >> 8 & 0x000000FF] ^ + $t3[$state[$l] & 0x000000FF] ^ + $w[++$wc]; + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + $state = $temp; + } + + // subWord + for ($i = 0; $i < $Nb; ++$i) { + $state[$i] = $sbox[$state[$i] & 0x000000FF] | + ($sbox[$state[$i] >> 8 & 0x000000FF] << 8) | + ($sbox[$state[$i] >> 16 & 0x000000FF] << 16) | + ($sbox[$state[$i] >> 24 & 0x000000FF] << 24); + } + + // shiftRows + addRoundKey + $i = 0; // $c[0] == 0 + $j = $c[1]; + $k = $c[2]; + $l = $c[3]; + while ($i < $Nb) { + $temp[$i] = ($state[$i] & intval(0xFF000000)) ^ + ($state[$j] & 0x00FF0000) ^ + ($state[$k] & 0x0000FF00) ^ + ($state[$l] & 0x000000FF) ^ + $w[$i]; + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + + return pack('N*', ...$temp); + } + + /** + * Decrypts a block + * + * @param string $in + * @return string + */ + protected function decryptBlock($in) + { + static $invtables; + if (empty($invtables)) { + $invtables = &$this->getInvTables(); + } + $dt0 = $invtables[0]; + $dt1 = $invtables[1]; + $dt2 = $invtables[2]; + $dt3 = $invtables[3]; + $isbox = $invtables[4]; + + $state = []; + $words = unpack('N*', $in); + + $c = $this->c; + $dw = $this->dw; + $Nb = $this->Nb; + $Nr = $this->Nr; + + // addRoundKey + $wc = $Nb - 1; + foreach ($words as $word) { + $state[] = $word ^ $dw[++$wc]; + } + + $temp = []; + for ($round = $Nr - 1; $round > 0; --$round) { + $i = 0; // $c[0] == 0 + $j = $Nb - $c[1]; + $k = $Nb - $c[2]; + $l = $Nb - $c[3]; + + while ($i < $Nb) { + $temp[$i] = $dt0[$state[$i] >> 24 & 0x000000FF] ^ + $dt1[$state[$j] >> 16 & 0x000000FF] ^ + $dt2[$state[$k] >> 8 & 0x000000FF] ^ + $dt3[$state[$l] & 0x000000FF] ^ + $dw[++$wc]; + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + $state = $temp; + } + + // invShiftRows + invSubWord + addRoundKey + $i = 0; // $c[0] == 0 + $j = $Nb - $c[1]; + $k = $Nb - $c[2]; + $l = $Nb - $c[3]; + + while ($i < $Nb) { + $word = ($state[$i] & intval(0xFF000000)) | + ($state[$j] & 0x00FF0000) | + ($state[$k] & 0x0000FF00) | + ($state[$l] & 0x000000FF); + + $temp[$i] = $dw[$i] ^ ($isbox[$word & 0x000000FF] | + ($isbox[$word >> 8 & 0x000000FF] << 8) | + ($isbox[$word >> 16 & 0x000000FF] << 16) | + ($isbox[$word >> 24 & 0x000000FF] << 24)); + ++$i; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + + return pack('N*', ...$temp); + } + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine and flush all $buffers + * Used (only) if $engine == self::ENGINE_INTERNAL + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setIV() + * + * - disableContinuousBuffer() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * {@internal setup() is always called before en/decryption.} + * + * {@internal Could, but not must, extend by the child Crypt_* class} + * + * @see self::setKey() + * @see self::setIV() + * @see self::disableContinuousBuffer() + */ + protected function setup() + { + if (!$this->changed) { + return; + } + + parent::setup(); + + if (is_string($this->iv) && strlen($this->iv) != $this->block_size) { + throw new InconsistentSetupException('The IV length (' . strlen($this->iv) . ') does not match the block size (' . $this->block_size . ')'); + } + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey() + { + // Each number in $rcon is equal to the previous number multiplied by two in Rijndael's finite field. + // See http://en.wikipedia.org/wiki/Finite_field_arithmetic#Multiplicative_inverse + static $rcon; + + if (!isset($rcon)) { + $rcon = [0, + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, + 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000, + 0x6C000000, 0xD8000000, 0xAB000000, 0x4D000000, 0x9A000000, + 0x2F000000, 0x5E000000, 0xBC000000, 0x63000000, 0xC6000000, + 0x97000000, 0x35000000, 0x6A000000, 0xD4000000, 0xB3000000, + 0x7D000000, 0xFA000000, 0xEF000000, 0xC5000000, 0x91000000 + ]; + $rcon = array_map('intval', $rcon); + } + + if (isset($this->kl['key']) && $this->key === $this->kl['key'] && $this->key_length === $this->kl['key_length'] && $this->block_size === $this->kl['block_size']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key, 'key_length' => $this->key_length, 'block_size' => $this->block_size]; + + $this->Nk = $this->key_length >> 2; + // see Rijndael-ammended.pdf#page=44 + $this->Nr = max($this->Nk, $this->Nb) + 6; + + // shift offsets for Nb = 5, 7 are defined in Rijndael-ammended.pdf#page=44, + // "Table 8: Shift offsets in Shiftrow for the alternative block lengths" + // shift offsets for Nb = 4, 6, 8 are defined in Rijndael-ammended.pdf#page=14, + // "Table 2: Shift offsets for different block lengths" + switch ($this->Nb) { + case 4: + case 5: + case 6: + $this->c = [0, 1, 2, 3]; + break; + case 7: + $this->c = [0, 1, 2, 4]; + break; + case 8: + $this->c = [0, 1, 3, 4]; + } + + $w = array_values(unpack('N*words', $this->key)); + + $length = $this->Nb * ($this->Nr + 1); + for ($i = $this->Nk; $i < $length; $i++) { + $temp = $w[$i - 1]; + if ($i % $this->Nk == 0) { + // according to , "the size of an integer is platform-dependent". + // on a 32-bit machine, it's 32-bits, and on a 64-bit machine, it's 64-bits. on a 32-bit machine, + // 0xFFFFFFFF << 8 == 0xFFFFFF00, but on a 64-bit machine, it equals 0xFFFFFFFF00. as such, doing 'and' + // with 0xFFFFFFFF (or 0xFFFFFF00) on a 32-bit machine is unnecessary, but on a 64-bit machine, it is. + $temp = (($temp << 8) & intval(0xFFFFFF00)) | (($temp >> 24) & 0x000000FF); // rotWord + $temp = $this->subWord($temp) ^ $rcon[$i / $this->Nk]; + } elseif ($this->Nk > 6 && $i % $this->Nk == 4) { + $temp = $this->subWord($temp); + } + $w[$i] = $w[$i - $this->Nk] ^ $temp; + } + + // convert the key schedule from a vector of $Nb * ($Nr + 1) length to a matrix with $Nr + 1 rows and $Nb columns + // and generate the inverse key schedule. more specifically, + // according to (section 5.3.3), + // "The key expansion for the Inverse Cipher is defined as follows: + // 1. Apply the Key Expansion. + // 2. Apply InvMixColumn to all Round Keys except the first and the last one." + // also, see fips-197.pdf#page=27, "5.3.5 Equivalent Inverse Cipher" + list($dt0, $dt1, $dt2, $dt3) = $this->getInvTables(); + $temp = $this->w = $this->dw = []; + for ($i = $row = $col = 0; $i < $length; $i++, $col++) { + if ($col == $this->Nb) { + if ($row == 0) { + $this->dw[0] = $this->w[0]; + } else { + // subWord + invMixColumn + invSubWord = invMixColumn + $j = 0; + while ($j < $this->Nb) { + $dw = $this->subWord($this->w[$row][$j]); + $temp[$j] = $dt0[$dw >> 24 & 0x000000FF] ^ + $dt1[$dw >> 16 & 0x000000FF] ^ + $dt2[$dw >> 8 & 0x000000FF] ^ + $dt3[$dw & 0x000000FF]; + $j++; + } + $this->dw[$row] = $temp; + } + + $col = 0; + $row++; + } + $this->w[$row][$col] = $w[$i]; + } + + $this->dw[$row] = $this->w[$row]; + + // Converting to 1-dim key arrays (both ascending) + $this->dw = array_reverse($this->dw); + $w = array_pop($this->w); + $dw = array_pop($this->dw); + foreach ($this->w as $r => $wr) { + foreach ($wr as $c => $wc) { + $w[] = $wc; + $dw[] = $this->dw[$r][$c]; + } + } + $this->w = $w; + $this->dw = $dw; + } + + /** + * Performs S-Box substitutions + * + * @return array + * @param int $word + */ + private function subWord($word) + { + static $sbox; + if (empty($sbox)) { + list(, , , , $sbox) = self::getTables(); + } + + return $sbox[$word & 0x000000FF] | + ($sbox[$word >> 8 & 0x000000FF] << 8) | + ($sbox[$word >> 16 & 0x000000FF] << 16) | + ($sbox[$word >> 24 & 0x000000FF] << 24); + } + + /** + * Provides the mixColumns and sboxes tables + * + * @see self::encryptBlock() + * @see self::setupInlineCrypt() + * @see self::subWord() + * @return array &$tables + */ + protected function &getTables() + { + static $tables; + if (empty($tables)) { + // according to (section 5.2.1), + // precomputed tables can be used in the mixColumns phase. in that example, they're assigned t0...t3, so + // those are the names we'll use. + $t3 = array_map('intval', [ + // with array_map('intval', ...) we ensure we have only int's and not + // some slower floats converted by php automatically on high values + 0x6363A5C6, 0x7C7C84F8, 0x777799EE, 0x7B7B8DF6, 0xF2F20DFF, 0x6B6BBDD6, 0x6F6FB1DE, 0xC5C55491, + 0x30305060, 0x01010302, 0x6767A9CE, 0x2B2B7D56, 0xFEFE19E7, 0xD7D762B5, 0xABABE64D, 0x76769AEC, + 0xCACA458F, 0x82829D1F, 0xC9C94089, 0x7D7D87FA, 0xFAFA15EF, 0x5959EBB2, 0x4747C98E, 0xF0F00BFB, + 0xADADEC41, 0xD4D467B3, 0xA2A2FD5F, 0xAFAFEA45, 0x9C9CBF23, 0xA4A4F753, 0x727296E4, 0xC0C05B9B, + 0xB7B7C275, 0xFDFD1CE1, 0x9393AE3D, 0x26266A4C, 0x36365A6C, 0x3F3F417E, 0xF7F702F5, 0xCCCC4F83, + 0x34345C68, 0xA5A5F451, 0xE5E534D1, 0xF1F108F9, 0x717193E2, 0xD8D873AB, 0x31315362, 0x15153F2A, + 0x04040C08, 0xC7C75295, 0x23236546, 0xC3C35E9D, 0x18182830, 0x9696A137, 0x05050F0A, 0x9A9AB52F, + 0x0707090E, 0x12123624, 0x80809B1B, 0xE2E23DDF, 0xEBEB26CD, 0x2727694E, 0xB2B2CD7F, 0x75759FEA, + 0x09091B12, 0x83839E1D, 0x2C2C7458, 0x1A1A2E34, 0x1B1B2D36, 0x6E6EB2DC, 0x5A5AEEB4, 0xA0A0FB5B, + 0x5252F6A4, 0x3B3B4D76, 0xD6D661B7, 0xB3B3CE7D, 0x29297B52, 0xE3E33EDD, 0x2F2F715E, 0x84849713, + 0x5353F5A6, 0xD1D168B9, 0x00000000, 0xEDED2CC1, 0x20206040, 0xFCFC1FE3, 0xB1B1C879, 0x5B5BEDB6, + 0x6A6ABED4, 0xCBCB468D, 0xBEBED967, 0x39394B72, 0x4A4ADE94, 0x4C4CD498, 0x5858E8B0, 0xCFCF4A85, + 0xD0D06BBB, 0xEFEF2AC5, 0xAAAAE54F, 0xFBFB16ED, 0x4343C586, 0x4D4DD79A, 0x33335566, 0x85859411, + 0x4545CF8A, 0xF9F910E9, 0x02020604, 0x7F7F81FE, 0x5050F0A0, 0x3C3C4478, 0x9F9FBA25, 0xA8A8E34B, + 0x5151F3A2, 0xA3A3FE5D, 0x4040C080, 0x8F8F8A05, 0x9292AD3F, 0x9D9DBC21, 0x38384870, 0xF5F504F1, + 0xBCBCDF63, 0xB6B6C177, 0xDADA75AF, 0x21216342, 0x10103020, 0xFFFF1AE5, 0xF3F30EFD, 0xD2D26DBF, + 0xCDCD4C81, 0x0C0C1418, 0x13133526, 0xECEC2FC3, 0x5F5FE1BE, 0x9797A235, 0x4444CC88, 0x1717392E, + 0xC4C45793, 0xA7A7F255, 0x7E7E82FC, 0x3D3D477A, 0x6464ACC8, 0x5D5DE7BA, 0x19192B32, 0x737395E6, + 0x6060A0C0, 0x81819819, 0x4F4FD19E, 0xDCDC7FA3, 0x22226644, 0x2A2A7E54, 0x9090AB3B, 0x8888830B, + 0x4646CA8C, 0xEEEE29C7, 0xB8B8D36B, 0x14143C28, 0xDEDE79A7, 0x5E5EE2BC, 0x0B0B1D16, 0xDBDB76AD, + 0xE0E03BDB, 0x32325664, 0x3A3A4E74, 0x0A0A1E14, 0x4949DB92, 0x06060A0C, 0x24246C48, 0x5C5CE4B8, + 0xC2C25D9F, 0xD3D36EBD, 0xACACEF43, 0x6262A6C4, 0x9191A839, 0x9595A431, 0xE4E437D3, 0x79798BF2, + 0xE7E732D5, 0xC8C8438B, 0x3737596E, 0x6D6DB7DA, 0x8D8D8C01, 0xD5D564B1, 0x4E4ED29C, 0xA9A9E049, + 0x6C6CB4D8, 0x5656FAAC, 0xF4F407F3, 0xEAEA25CF, 0x6565AFCA, 0x7A7A8EF4, 0xAEAEE947, 0x08081810, + 0xBABAD56F, 0x787888F0, 0x25256F4A, 0x2E2E725C, 0x1C1C2438, 0xA6A6F157, 0xB4B4C773, 0xC6C65197, + 0xE8E823CB, 0xDDDD7CA1, 0x74749CE8, 0x1F1F213E, 0x4B4BDD96, 0xBDBDDC61, 0x8B8B860D, 0x8A8A850F, + 0x707090E0, 0x3E3E427C, 0xB5B5C471, 0x6666AACC, 0x4848D890, 0x03030506, 0xF6F601F7, 0x0E0E121C, + 0x6161A3C2, 0x35355F6A, 0x5757F9AE, 0xB9B9D069, 0x86869117, 0xC1C15899, 0x1D1D273A, 0x9E9EB927, + 0xE1E138D9, 0xF8F813EB, 0x9898B32B, 0x11113322, 0x6969BBD2, 0xD9D970A9, 0x8E8E8907, 0x9494A733, + 0x9B9BB62D, 0x1E1E223C, 0x87879215, 0xE9E920C9, 0xCECE4987, 0x5555FFAA, 0x28287850, 0xDFDF7AA5, + 0x8C8C8F03, 0xA1A1F859, 0x89898009, 0x0D0D171A, 0xBFBFDA65, 0xE6E631D7, 0x4242C684, 0x6868B8D0, + 0x4141C382, 0x9999B029, 0x2D2D775A, 0x0F0F111E, 0xB0B0CB7B, 0x5454FCA8, 0xBBBBD66D, 0x16163A2C + ]); + + foreach ($t3 as $t3i) { + $t0[] = (($t3i << 24) & intval(0xFF000000)) | (($t3i >> 8) & 0x00FFFFFF); + $t1[] = (($t3i << 16) & intval(0xFFFF0000)) | (($t3i >> 16) & 0x0000FFFF); + $t2[] = (($t3i << 8) & intval(0xFFFFFF00)) | (($t3i >> 24) & 0x000000FF); + } + + $tables = [ + // The Precomputed mixColumns tables t0 - t3 + $t0, + $t1, + $t2, + $t3, + // The SubByte S-Box + [ + 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, + 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, + 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, + 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, + 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, + 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, + 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, + 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, + 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, + 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, + 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, + 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, + 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, + 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, + 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, + 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 + ] + ]; + } + return $tables; + } + + /** + * Provides the inverse mixColumns and inverse sboxes tables + * + * @see self::decryptBlock() + * @see self::setupInlineCrypt() + * @see self::setupKey() + * @return array &$tables + */ + protected function &getInvTables() + { + static $tables; + if (empty($tables)) { + $dt3 = array_map('intval', [ + 0xF4A75051, 0x4165537E, 0x17A4C31A, 0x275E963A, 0xAB6BCB3B, 0x9D45F11F, 0xFA58ABAC, 0xE303934B, + 0x30FA5520, 0x766DF6AD, 0xCC769188, 0x024C25F5, 0xE5D7FC4F, 0x2ACBD7C5, 0x35448026, 0x62A38FB5, + 0xB15A49DE, 0xBA1B6725, 0xEA0E9845, 0xFEC0E15D, 0x2F7502C3, 0x4CF01281, 0x4697A38D, 0xD3F9C66B, + 0x8F5FE703, 0x929C9515, 0x6D7AEBBF, 0x5259DA95, 0xBE832DD4, 0x7421D358, 0xE0692949, 0xC9C8448E, + 0xC2896A75, 0x8E7978F4, 0x583E6B99, 0xB971DD27, 0xE14FB6BE, 0x88AD17F0, 0x20AC66C9, 0xCE3AB47D, + 0xDF4A1863, 0x1A3182E5, 0x51336097, 0x537F4562, 0x6477E0B1, 0x6BAE84BB, 0x81A01CFE, 0x082B94F9, + 0x48685870, 0x45FD198F, 0xDE6C8794, 0x7BF8B752, 0x73D323AB, 0x4B02E272, 0x1F8F57E3, 0x55AB2A66, + 0xEB2807B2, 0xB5C2032F, 0xC57B9A86, 0x3708A5D3, 0x2887F230, 0xBFA5B223, 0x036ABA02, 0x16825CED, + 0xCF1C2B8A, 0x79B492A7, 0x07F2F0F3, 0x69E2A14E, 0xDAF4CD65, 0x05BED506, 0x34621FD1, 0xA6FE8AC4, + 0x2E539D34, 0xF355A0A2, 0x8AE13205, 0xF6EB75A4, 0x83EC390B, 0x60EFAA40, 0x719F065E, 0x6E1051BD, + 0x218AF93E, 0xDD063D96, 0x3E05AEDD, 0xE6BD464D, 0x548DB591, 0xC45D0571, 0x06D46F04, 0x5015FF60, + 0x98FB2419, 0xBDE997D6, 0x4043CC89, 0xD99E7767, 0xE842BDB0, 0x898B8807, 0x195B38E7, 0xC8EEDB79, + 0x7C0A47A1, 0x420FE97C, 0x841EC9F8, 0x00000000, 0x80868309, 0x2BED4832, 0x1170AC1E, 0x5A724E6C, + 0x0EFFFBFD, 0x8538560F, 0xAED51E3D, 0x2D392736, 0x0FD9640A, 0x5CA62168, 0x5B54D19B, 0x362E3A24, + 0x0A67B10C, 0x57E70F93, 0xEE96D2B4, 0x9B919E1B, 0xC0C54F80, 0xDC20A261, 0x774B695A, 0x121A161C, + 0x93BA0AE2, 0xA02AE5C0, 0x22E0433C, 0x1B171D12, 0x090D0B0E, 0x8BC7ADF2, 0xB6A8B92D, 0x1EA9C814, + 0xF1198557, 0x75074CAF, 0x99DDBBEE, 0x7F60FDA3, 0x01269FF7, 0x72F5BC5C, 0x663BC544, 0xFB7E345B, + 0x4329768B, 0x23C6DCCB, 0xEDFC68B6, 0xE4F163B8, 0x31DCCAD7, 0x63851042, 0x97224013, 0xC6112084, + 0x4A247D85, 0xBB3DF8D2, 0xF93211AE, 0x29A16DC7, 0x9E2F4B1D, 0xB230F3DC, 0x8652EC0D, 0xC1E3D077, + 0xB3166C2B, 0x70B999A9, 0x9448FA11, 0xE9642247, 0xFC8CC4A8, 0xF03F1AA0, 0x7D2CD856, 0x3390EF22, + 0x494EC787, 0x38D1C1D9, 0xCAA2FE8C, 0xD40B3698, 0xF581CFA6, 0x7ADE28A5, 0xB78E26DA, 0xADBFA43F, + 0x3A9DE42C, 0x78920D50, 0x5FCC9B6A, 0x7E466254, 0x8D13C2F6, 0xD8B8E890, 0x39F75E2E, 0xC3AFF582, + 0x5D80BE9F, 0xD0937C69, 0xD52DA96F, 0x2512B3CF, 0xAC993BC8, 0x187DA710, 0x9C636EE8, 0x3BBB7BDB, + 0x267809CD, 0x5918F46E, 0x9AB701EC, 0x4F9AA883, 0x956E65E6, 0xFFE67EAA, 0xBCCF0821, 0x15E8E6EF, + 0xE79BD9BA, 0x6F36CE4A, 0x9F09D4EA, 0xB07CD629, 0xA4B2AF31, 0x3F23312A, 0xA59430C6, 0xA266C035, + 0x4EBC3774, 0x82CAA6FC, 0x90D0B0E0, 0xA7D81533, 0x04984AF1, 0xECDAF741, 0xCD500E7F, 0x91F62F17, + 0x4DD68D76, 0xEFB04D43, 0xAA4D54CC, 0x9604DFE4, 0xD1B5E39E, 0x6A881B4C, 0x2C1FB8C1, 0x65517F46, + 0x5EEA049D, 0x8C355D01, 0x877473FA, 0x0B412EFB, 0x671D5AB3, 0xDBD25292, 0x105633E9, 0xD647136D, + 0xD7618C9A, 0xA10C7A37, 0xF8148E59, 0x133C89EB, 0xA927EECE, 0x61C935B7, 0x1CE5EDE1, 0x47B13C7A, + 0xD2DF599C, 0xF2733F55, 0x14CE7918, 0xC737BF73, 0xF7CDEA53, 0xFDAA5B5F, 0x3D6F14DF, 0x44DB8678, + 0xAFF381CA, 0x68C43EB9, 0x24342C38, 0xA3405FC2, 0x1DC37216, 0xE2250CBC, 0x3C498B28, 0x0D9541FF, + 0xA8017139, 0x0CB3DE08, 0xB4E49CD8, 0x56C19064, 0xCB84617B, 0x32B670D5, 0x6C5C7448, 0xB85742D0 + ]); + + foreach ($dt3 as $dt3i) { + $dt0[] = (($dt3i << 24) & intval(0xFF000000)) | (($dt3i >> 8) & 0x00FFFFFF); + $dt1[] = (($dt3i << 16) & intval(0xFFFF0000)) | (($dt3i >> 16) & 0x0000FFFF); + $dt2[] = (($dt3i << 8) & intval(0xFFFFFF00)) | (($dt3i >> 24) & 0x000000FF); + }; + + $tables = [ + // The Precomputed inverse mixColumns tables dt0 - dt3 + $dt0, + $dt1, + $dt2, + $dt3, + // The inverse SubByte S-Box + [ + 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, + 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, + 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, + 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, + 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, + 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, + 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, + 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, + 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, + 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, + 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, + 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, + 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, + 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, + 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D + ] + ]; + } + return $tables; + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupInlineCrypt() + */ + protected function setupInlineCrypt() + { + $w = $this->w; + $dw = $this->dw; + $init_encrypt = ''; + $init_decrypt = ''; + + $Nr = $this->Nr; + $Nb = $this->Nb; + $c = $this->c; + + // Generating encrypt code: + $init_encrypt .= ' + if (empty($tables)) { + $tables = &$this->getTables(); + } + $t0 = $tables[0]; + $t1 = $tables[1]; + $t2 = $tables[2]; + $t3 = $tables[3]; + $sbox = $tables[4]; + '; + + $s = 'e'; + $e = 's'; + $wc = $Nb - 1; + + // Preround: addRoundKey + $encrypt_block = '$in = unpack("N*", $in);' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= '$s' . $i . ' = $in[' . ($i + 1) . '] ^ ' . $w[++$wc] . ";\n"; + } + + // Mainrounds: shiftRows + subWord + mixColumns + addRoundKey + for ($round = 1; $round < $Nr; ++$round) { + list($s, $e) = [$e, $s]; + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= + '$' . $e . $i . ' = + $t0[($' . $s . $i . ' >> 24) & 0xff] ^ + $t1[($' . $s . (($i + $c[1]) % $Nb) . ' >> 16) & 0xff] ^ + $t2[($' . $s . (($i + $c[2]) % $Nb) . ' >> 8) & 0xff] ^ + $t3[ $' . $s . (($i + $c[3]) % $Nb) . ' & 0xff] ^ + ' . $w[++$wc] . ";\n"; + } + } + + // Finalround: subWord + shiftRows + addRoundKey + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= + '$' . $e . $i . ' = + $sbox[ $' . $e . $i . ' & 0xff] | + ($sbox[($' . $e . $i . ' >> 8) & 0xff] << 8) | + ($sbox[($' . $e . $i . ' >> 16) & 0xff] << 16) | + ($sbox[($' . $e . $i . ' >> 24) & 0xff] << 24);' . "\n"; + } + $encrypt_block .= '$in = pack("N*"' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $encrypt_block .= ', + ($' . $e . $i . ' & ' . ((int)0xFF000000) . ') ^ + ($' . $e . (($i + $c[1]) % $Nb) . ' & 0x00FF0000 ) ^ + ($' . $e . (($i + $c[2]) % $Nb) . ' & 0x0000FF00 ) ^ + ($' . $e . (($i + $c[3]) % $Nb) . ' & 0x000000FF ) ^ + ' . $w[$i] . "\n"; + } + $encrypt_block .= ');'; + + // Generating decrypt code: + $init_decrypt .= ' + if (empty($invtables)) { + $invtables = &$this->getInvTables(); + } + $dt0 = $invtables[0]; + $dt1 = $invtables[1]; + $dt2 = $invtables[2]; + $dt3 = $invtables[3]; + $isbox = $invtables[4]; + '; + + $s = 'e'; + $e = 's'; + $wc = $Nb - 1; + + // Preround: addRoundKey + $decrypt_block = '$in = unpack("N*", $in);' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= '$s' . $i . ' = $in[' . ($i + 1) . '] ^ ' . $dw[++$wc] . ';' . "\n"; + } + + // Mainrounds: shiftRows + subWord + mixColumns + addRoundKey + for ($round = 1; $round < $Nr; ++$round) { + list($s, $e) = [$e, $s]; + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= + '$' . $e . $i . ' = + $dt0[($' . $s . $i . ' >> 24) & 0xff] ^ + $dt1[($' . $s . (($Nb + $i - $c[1]) % $Nb) . ' >> 16) & 0xff] ^ + $dt2[($' . $s . (($Nb + $i - $c[2]) % $Nb) . ' >> 8) & 0xff] ^ + $dt3[ $' . $s . (($Nb + $i - $c[3]) % $Nb) . ' & 0xff] ^ + ' . $dw[++$wc] . ";\n"; + } + } + + // Finalround: subWord + shiftRows + addRoundKey + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= + '$' . $e . $i . ' = + $isbox[ $' . $e . $i . ' & 0xff] | + ($isbox[($' . $e . $i . ' >> 8) & 0xff] << 8) | + ($isbox[($' . $e . $i . ' >> 16) & 0xff] << 16) | + ($isbox[($' . $e . $i . ' >> 24) & 0xff] << 24);' . "\n"; + } + $decrypt_block .= '$in = pack("N*"' . "\n"; + for ($i = 0; $i < $Nb; ++$i) { + $decrypt_block .= ', + ($' . $e . $i . ' & ' . ((int)0xFF000000) . ') ^ + ($' . $e . (($Nb + $i - $c[1]) % $Nb) . ' & 0x00FF0000 ) ^ + ($' . $e . (($Nb + $i - $c[2]) % $Nb) . ' & 0x0000FF00 ) ^ + ($' . $e . (($Nb + $i - $c[3]) % $Nb) . ' & 0x000000FF ) ^ + ' . $dw[$i] . "\n"; + } + $decrypt_block .= ');'; + + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => 'static $tables; static $invtables;', + 'init_encrypt' => $init_encrypt, + 'init_decrypt' => $init_decrypt, + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block + ] + ); + } + + /** + * Encrypts a message. + * + * @see self::decrypt() + * @see parent::encrypt() + * @param string $plaintext + * @return string + */ + public function encrypt($plaintext) + { + $this->setup(); + + switch ($this->engine) { + case self::ENGINE_LIBSODIUM: + $this->newtag = sodium_crypto_aead_aes256gcm_encrypt($plaintext, $this->aad, $this->nonce, $this->key); + return Strings::shift($this->newtag, strlen($plaintext)); + case self::ENGINE_OPENSSL_GCM: + return openssl_encrypt( + $plaintext, + 'aes-' . $this->getKeyLength() . '-gcm', + $this->key, + OPENSSL_RAW_DATA, + $this->nonce, + $this->newtag, + $this->aad + ); + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * @see self::encrypt() + * @see parent::decrypt() + * @param string $ciphertext + * @return string + */ + public function decrypt($ciphertext) + { + $this->setup(); + + switch ($this->engine) { + case self::ENGINE_LIBSODIUM: + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + if (strlen($this->oldtag) != 16) { + break; + } + $plaintext = sodium_crypto_aead_aes256gcm_decrypt($ciphertext . $this->oldtag, $this->aad, $this->nonce, $this->key); + if ($plaintext === false) { + $this->oldtag = false; + throw new BadDecryptionException('Error decrypting ciphertext with libsodium'); + } + return $plaintext; + case self::ENGINE_OPENSSL_GCM: + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + $plaintext = openssl_decrypt( + $ciphertext, + 'aes-' . $this->getKeyLength() . '-gcm', + $this->key, + OPENSSL_RAW_DATA, + $this->nonce, + $this->oldtag, + $this->aad + ); + if ($plaintext === false) { + $this->oldtag = false; + throw new BadDecryptionException('Error decrypting ciphertext with OpenSSL'); + } + return $plaintext; + } + + return parent::decrypt($ciphertext); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Salsa20.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Salsa20.php new file mode 100644 index 0000000..0a35f47 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Salsa20.php @@ -0,0 +1,526 @@ + + * @copyright 2019 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\StreamCipher; +use phpseclib3\Exception\BadDecryptionException; +use phpseclib3\Exception\InsufficientSetupException; + +/** + * Pure-PHP implementation of Salsa20. + * + * @author Jim Wigginton + */ +class Salsa20 extends StreamCipher +{ + /** + * Part 1 of the state + * + * @var string|false + */ + protected $p1 = false; + + /** + * Part 2 of the state + * + * @var string|false + */ + protected $p2 = false; + + /** + * Key Length (in bytes) + * + * @var int + */ + protected $key_length = 32; // = 256 bits + + /** + * @see \phpseclib3\Crypt\Salsa20::crypt() + */ + const ENCRYPT = 0; + + /** + * @see \phpseclib3\Crypt\Salsa20::crypt() + */ + const DECRYPT = 1; + + /** + * Encryption buffer for continuous mode + * + * @var array + */ + protected $enbuffer; + + /** + * Decryption buffer for continuous mode + * + * @var array + */ + protected $debuffer; + + /** + * Counter + * + * @var int + */ + protected $counter = 0; + + /** + * Using Generated Poly1305 Key + * + * @var boolean + */ + protected $usingGeneratedPoly1305Key = false; + + /** + * Salsa20 uses a nonce + * + * @return bool + */ + public function usesNonce() + { + return true; + } + + /** + * Sets the key. + * + * @param string $key + * @throws \LengthException if the key length isn't supported + */ + public function setKey($key) + { + switch (strlen($key)) { + case 16: + case 32: + break; + default: + throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16 or 32 are supported'); + } + + parent::setKey($key); + } + + /** + * Sets the nonce. + * + * @param string $nonce + */ + public function setNonce($nonce) + { + if (strlen($nonce) != 8) { + throw new \LengthException('Nonce of size ' . strlen($key) . ' not supported by this algorithm. Only an 64-bit nonce is supported'); + } + + $this->nonce = $nonce; + $this->changed = true; + $this->setEngine(); + } + + /** + * Sets the counter. + * + * @param int $counter + */ + public function setCounter($counter) + { + $this->counter = $counter; + $this->setEngine(); + } + + /** + * Creates a Poly1305 key using the method discussed in RFC8439 + * + * See https://tools.ietf.org/html/rfc8439#section-2.6.1 + */ + protected function createPoly1305Key() + { + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + $c = clone $this; + $c->setCounter(0); + $c->usePoly1305 = false; + $block = $c->encrypt(str_repeat("\0", 256)); + $this->setPoly1305Key(substr($block, 0, 32)); + + if ($this->counter == 0) { + $this->counter++; + } + } + + /** + * Setup the self::ENGINE_INTERNAL $engine + * + * (re)init, if necessary, the internal cipher $engine + * + * _setup() will be called each time if $changed === true + * typically this happens when using one or more of following public methods: + * + * - setKey() + * + * - setNonce() + * + * - First run of encrypt() / decrypt() with no init-settings + * + * @see self::setKey() + * @see self::setNonce() + * @see self::disableContinuousBuffer() + */ + protected function setup() + { + if (!$this->changed) { + return; + } + + $this->enbuffer = $this->debuffer = ['ciphertext' => '', 'counter' => $this->counter]; + + $this->changed = $this->nonIVChanged = false; + + if ($this->nonce === false) { + throw new InsufficientSetupException('No nonce has been defined'); + } + + if ($this->key === false) { + throw new InsufficientSetupException('No key has been defined'); + } + + if ($this->usePoly1305 && !isset($this->poly1305Key)) { + $this->usingGeneratedPoly1305Key = true; + $this->createPoly1305Key(); + } + + $key = $this->key; + if (strlen($key) == 16) { + $constant = 'expand 16-byte k'; + $key .= $key; + } else { + $constant = 'expand 32-byte k'; + } + + $this->p1 = substr($constant, 0, 4) . + substr($key, 0, 16) . + substr($constant, 4, 4) . + $this->nonce . + "\0\0\0\0"; + $this->p2 = substr($constant, 8, 4) . + substr($key, 16, 16) . + substr($constant, 12, 4); + } + + /** + * Setup the key (expansion) + */ + protected function setupKey() + { + // Salsa20 does not utilize this method + } + + /** + * Encrypts a message. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @see self::crypt() + * @param string $plaintext + * @return string $ciphertext + */ + public function encrypt($plaintext) + { + $ciphertext = $this->crypt($plaintext, self::ENCRYPT); + if (isset($this->poly1305Key)) { + $this->newtag = $this->poly1305($ciphertext); + } + return $ciphertext; + } + + /** + * Decrypts a message. + * + * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). + * At least if the continuous buffer is disabled. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @see self::crypt() + * @param string $ciphertext + * @return string $plaintext + */ + public function decrypt($ciphertext) + { + if (isset($this->poly1305Key)) { + if ($this->oldtag === false) { + throw new InsufficientSetupException('Authentication Tag has not been set'); + } + $newtag = $this->poly1305($ciphertext); + if ($this->oldtag != substr($newtag, 0, strlen($this->oldtag))) { + $this->oldtag = false; + throw new BadDecryptionException('Derived authentication tag and supplied authentication tag do not match'); + } + $this->oldtag = false; + } + + return $this->crypt($ciphertext, self::DECRYPT); + } + + /** + * Encrypts a block + * + * @param string $in + */ + protected function encryptBlock($in) + { + // Salsa20 does not utilize this method + } + + /** + * Decrypts a block + * + * @param string $in + */ + protected function decryptBlock($in) + { + // Salsa20 does not utilize this method + } + + /** + * Encrypts or decrypts a message. + * + * @see self::encrypt() + * @see self::decrypt() + * @param string $text + * @param int $mode + * @return string $text + */ + private function crypt($text, $mode) + { + $this->setup(); + if (!$this->continuousBuffer) { + if ($this->engine == self::ENGINE_OPENSSL) { + $iv = pack('V', $this->counter) . $this->p2; + return openssl_encrypt( + $text, + $this->cipher_name_openssl, + $this->key, + OPENSSL_RAW_DATA, + $iv + ); + } + $i = $this->counter; + $blocks = str_split($text, 64); + foreach ($blocks as &$block) { + $block ^= static::salsa20($this->p1 . pack('V', $i++) . $this->p2); + } + + return implode('', $blocks); + } + + if ($mode == self::ENCRYPT) { + $buffer = &$this->enbuffer; + } else { + $buffer = &$this->debuffer; + } + if (!strlen($buffer['ciphertext'])) { + $ciphertext = ''; + } else { + $ciphertext = $text ^ Strings::shift($buffer['ciphertext'], strlen($text)); + $text = substr($text, strlen($ciphertext)); + if (!strlen($text)) { + return $ciphertext; + } + } + + $overflow = strlen($text) % 64; // & 0x3F + if ($overflow) { + $text2 = Strings::pop($text, $overflow); + if ($this->engine == self::ENGINE_OPENSSL) { + $iv = pack('V', $buffer['counter']) . $this->p2; + // at this point $text should be a multiple of 64 + $buffer['counter'] += (strlen($text) >> 6) + 1; // ie. divide by 64 + $encrypted = openssl_encrypt( + $text . str_repeat("\0", 64), + $this->cipher_name_openssl, + $this->key, + OPENSSL_RAW_DATA, + $iv + ); + $temp = Strings::pop($encrypted, 64); + } else { + $blocks = str_split($text, 64); + if (strlen($text)) { + foreach ($blocks as &$block) { + $block ^= static::salsa20($this->p1 . pack('V', $buffer['counter']++) . $this->p2); + } + } + $encrypted = implode('', $blocks); + $temp = static::salsa20($this->p1 . pack('V', $buffer['counter']++) . $this->p2); + } + $ciphertext .= $encrypted . ($text2 ^ $temp); + $buffer['ciphertext'] = substr($temp, $overflow); + } elseif (!strlen($buffer['ciphertext'])) { + if ($this->engine == self::ENGINE_OPENSSL) { + $iv = pack('V', $buffer['counter']) . $this->p2; + $buffer['counter'] += (strlen($text) >> 6); + $ciphertext .= openssl_encrypt( + $text, + $this->cipher_name_openssl, + $this->key, + OPENSSL_RAW_DATA, + $iv + ); + } else { + $blocks = str_split($text, 64); + foreach ($blocks as &$block) { + $block ^= static::salsa20($this->p1 . pack('V', $buffer['counter']++) . $this->p2); + } + $ciphertext .= implode('', $blocks); + } + } + + return $ciphertext; + } + + /** + * Left Rotate + * + * @param int $x + * @param int $n + * @return int + */ + protected static function leftRotate($x, $n) + { + if (PHP_INT_SIZE == 8) { + $r1 = $x << $n; + $r1 &= 0xFFFFFFFF; + $r2 = ($x & 0xFFFFFFFF) >> (32 - $n); + } else { + $x = (int) $x; + $r1 = $x << $n; + $r2 = $x >> (32 - $n); + $r2 &= (1 << $n) - 1; + } + return $r1 | $r2; + } + + /** + * The quarterround function + * + * @param int $a + * @param int $b + * @param int $c + * @param int $d + */ + protected static function quarterRound(&$a, &$b, &$c, &$d) + { + $b ^= self::leftRotate($a + $d, 7); + $c ^= self::leftRotate($b + $a, 9); + $d ^= self::leftRotate($c + $b, 13); + $a ^= self::leftRotate($d + $c, 18); + } + + /** + * The doubleround function + * + * @param int $x0 (by reference) + * @param int $x1 (by reference) + * @param int $x2 (by reference) + * @param int $x3 (by reference) + * @param int $x4 (by reference) + * @param int $x5 (by reference) + * @param int $x6 (by reference) + * @param int $x7 (by reference) + * @param int $x8 (by reference) + * @param int $x9 (by reference) + * @param int $x10 (by reference) + * @param int $x11 (by reference) + * @param int $x12 (by reference) + * @param int $x13 (by reference) + * @param int $x14 (by reference) + * @param int $x15 (by reference) + */ + protected static function doubleRound(&$x0, &$x1, &$x2, &$x3, &$x4, &$x5, &$x6, &$x7, &$x8, &$x9, &$x10, &$x11, &$x12, &$x13, &$x14, &$x15) + { + // columnRound + static::quarterRound($x0, $x4, $x8, $x12); + static::quarterRound($x5, $x9, $x13, $x1); + static::quarterRound($x10, $x14, $x2, $x6); + static::quarterRound($x15, $x3, $x7, $x11); + // rowRound + static::quarterRound($x0, $x1, $x2, $x3); + static::quarterRound($x5, $x6, $x7, $x4); + static::quarterRound($x10, $x11, $x8, $x9); + static::quarterRound($x15, $x12, $x13, $x14); + } + + /** + * The Salsa20 hash function function + * + * @param string $x + */ + protected static function salsa20($x) + { + $z = $x = unpack('V*', $x); + for ($i = 0; $i < 10; $i++) { + static::doubleRound($z[1], $z[2], $z[3], $z[4], $z[5], $z[6], $z[7], $z[8], $z[9], $z[10], $z[11], $z[12], $z[13], $z[14], $z[15], $z[16]); + } + + for ($i = 1; $i <= 16; $i++) { + $x[$i] += $z[$i]; + } + + return pack('V*', ...$x); + } + + /** + * Calculates Poly1305 MAC + * + * @see self::decrypt() + * @see self::encrypt() + * @param string $ciphertext + * @return string + */ + protected function poly1305($ciphertext) + { + if (!$this->usingGeneratedPoly1305Key) { + return parent::poly1305($this->aad . $ciphertext); + } else { + /* + sodium_crypto_aead_chacha20poly1305_encrypt does not calculate the poly1305 tag + the same way sodium_crypto_aead_chacha20poly1305_ietf_encrypt does. you can see + how the latter encrypts it in Salsa20::encrypt(). here's how the former encrypts + it: + + $this->newtag = $this->poly1305( + $this->aad . + pack('V', strlen($this->aad)) . "\0\0\0\0" . + $ciphertext . + pack('V', strlen($ciphertext)) . "\0\0\0\0" + ); + + phpseclib opts to use the IETF construction, even when the nonce is 64-bits + instead of 96-bits + */ + return parent::poly1305( + self::nullPad128($this->aad) . + self::nullPad128($ciphertext) . + pack('V', strlen($this->aad)) . "\0\0\0\0" . + pack('V', strlen($ciphertext)) . "\0\0\0\0" + ); + } + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/TripleDES.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/TripleDES.php new file mode 100644 index 0000000..1ff5ed0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/TripleDES.php @@ -0,0 +1,436 @@ + + * setKey('abcdefghijklmnopqrstuvwx'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $des->decrypt($des->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +/** + * Pure-PHP implementation of Triple DES. + * + * @author Jim Wigginton + */ +class TripleDES extends DES +{ + /** + * Encrypt / decrypt using inner chaining + * + * Inner chaining is used by SSH-1 and is generally considered to be less secure then outer chaining (self::MODE_CBC3). + */ + const MODE_3CBC = -2; + + /** + * Encrypt / decrypt using outer chaining + * + * Outer chaining is used by SSH-2 and when the mode is set to \phpseclib3\Crypt\Common\BlockCipher::MODE_CBC. + */ + const MODE_CBC3 = self::MODE_CBC; + + /** + * Key Length (in bytes) + * + * @see \phpseclib3\Crypt\TripleDES::setKeyLength() + * @var int + */ + protected $key_length = 24; + + /** + * The mcrypt specific name of the cipher + * + * @see \phpseclib3\Crypt\DES::cipher_name_mcrypt + * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt + * @var string + */ + protected $cipher_name_mcrypt = 'tripledes'; + + /** + * Optimizing value while CFB-encrypting + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cfb_init_len + * @var int + */ + protected $cfb_init_len = 750; + + /** + * max possible size of $key + * + * @see self::setKey() + * @see \phpseclib3\Crypt\DES::setKey() + * @var string + */ + protected $key_length_max = 24; + + /** + * Internal flag whether using self::MODE_3CBC or not + * + * @var bool + */ + private $mode_3cbc; + + /** + * The \phpseclib3\Crypt\DES objects + * + * Used only if $mode_3cbc === true + * + * @var array + */ + private $des; + + /** + * Default Constructor. + * + * Determines whether or not the mcrypt or OpenSSL extensions should be used. + * + * $mode could be: + * + * - ecb + * + * - cbc + * + * - ctr + * + * - cfb + * + * - ofb + * + * - 3cbc + * + * - cbc3 (same as cbc) + * + * @see \phpseclib3\Crypt\DES::__construct() + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @param string $mode + */ + public function __construct($mode) + { + switch (strtolower($mode)) { + // In case of self::MODE_3CBC, we init as CRYPT_DES_MODE_CBC + // and additional flag us internally as 3CBC + case '3cbc': + parent::__construct('cbc'); + $this->mode_3cbc = true; + + // This three $des'es will do the 3CBC work (if $key > 64bits) + $this->des = [ + new DES('cbc'), + new DES('cbc'), + new DES('cbc'), + ]; + + // we're going to be doing the padding, ourselves, so disable it in the \phpseclib3\Crypt\DES objects + $this->des[0]->disablePadding(); + $this->des[1]->disablePadding(); + $this->des[2]->disablePadding(); + break; + case 'cbc3': + $mode = 'cbc'; + // fall-through + // If not 3CBC, we init as usual + default: + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + } + + /** + * Test for engine validity + * + * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @param int $engine + * @return bool + */ + protected function isValidEngineHelper($engine) + { + if ($engine == self::ENGINE_OPENSSL) { + $this->cipher_name_openssl_ecb = 'des-ede3'; + $mode = $this->openssl_translate_mode(); + $this->cipher_name_openssl = $mode == 'ecb' ? 'des-ede3' : 'des-ede3-' . $mode; + } + + return parent::isValidEngineHelper($engine); + } + + /** + * Sets the initialization vector. + * + * SetIV is not required when \phpseclib3\Crypt\Common\SymmetricKey::MODE_ECB is being used. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::setIV() + * @param string $iv + */ + public function setIV($iv) + { + parent::setIV($iv); + if ($this->mode_3cbc) { + $this->des[0]->setIV($iv); + $this->des[1]->setIV($iv); + $this->des[2]->setIV($iv); + } + } + + /** + * Sets the key length. + * + * Valid key lengths are 128 and 192 bits. + * + * If you want to use a 64-bit key use DES.php + * + * @see \phpseclib3\Crypt\Common\SymmetricKey:setKeyLength() + * @throws \LengthException if the key length is invalid + * @param int $length + */ + public function setKeyLength($length) + { + switch ($length) { + case 128: + case 192: + break; + default: + throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes 128 or 192 bits are supported'); + } + + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Triple DES can use 128-bit (eg. strlen($key) == 16) or 192-bit (eg. strlen($key) == 24) keys. + * + * DES also requires that every eighth bit be a parity bit, however, we'll ignore that. + * + * @see \phpseclib3\Crypt\DES::setKey() + * @see \phpseclib3\Crypt\Common\SymmetricKey::setKey() + * @throws \LengthException if the key length is invalid + * @param string $key + */ + public function setKey($key) + { + if ($this->explicit_key_length !== false && strlen($key) != $this->explicit_key_length) { + throw new \LengthException('Key length has already been set to ' . $this->explicit_key_length . ' bytes and this key is ' . strlen($key) . ' bytes'); + } + + switch (strlen($key)) { + case 16: + $key .= substr($key, 0, 8); + break; + case 24: + break; + default: + throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16 or 24 are supported'); + } + + // copied from self::setKey() + $this->key = $key; + $this->key_length = strlen($key); + $this->changed = $this->nonIVChanged = true; + $this->setEngine(); + + if ($this->mode_3cbc) { + $this->des[0]->setKey(substr($key, 0, 8)); + $this->des[1]->setKey(substr($key, 8, 8)); + $this->des[2]->setKey(substr($key, 16, 8)); + } + } + + /** + * Encrypts a message. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt() + * @param string $plaintext + * @return string $cipertext + */ + public function encrypt($plaintext) + { + // parent::en/decrypt() is able to do all the work for all modes and keylengths, + // except for: self::MODE_3CBC (inner chaining CBC) with a key > 64bits + + // if the key is smaller then 8, do what we'd normally do + if ($this->mode_3cbc && strlen($this->key) > 8) { + return $this->des[2]->encrypt( + $this->des[1]->decrypt( + $this->des[0]->encrypt( + $this->pad($plaintext) + ) + ) + ); + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt() + * @param string $ciphertext + * @return string $plaintext + */ + public function decrypt($ciphertext) + { + if ($this->mode_3cbc && strlen($this->key) > 8) { + return $this->unpad( + $this->des[0]->decrypt( + $this->des[1]->encrypt( + $this->des[2]->decrypt( + str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, "\0") + ) + ) + ) + ); + } + + return parent::decrypt($ciphertext); + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * + * echo $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->encrypt(substr($plaintext, 8, 8)); + * + * + * echo $des->encrypt($plaintext); + * + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * + * $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * + * + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the \phpseclib3\Crypt\DES() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::enableContinuousBuffer() + * @see self::disableContinuousBuffer() + */ + public function enableContinuousBuffer() + { + parent::enableContinuousBuffer(); + if ($this->mode_3cbc) { + $this->des[0]->enableContinuousBuffer(); + $this->des[1]->enableContinuousBuffer(); + $this->des[2]->enableContinuousBuffer(); + } + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::disableContinuousBuffer() + * @see self::enableContinuousBuffer() + */ + public function disableContinuousBuffer() + { + parent::disableContinuousBuffer(); + if ($this->mode_3cbc) { + $this->des[0]->disableContinuousBuffer(); + $this->des[1]->disableContinuousBuffer(); + $this->des[2]->disableContinuousBuffer(); + } + } + + /** + * Creates the key schedule + * + * @see \phpseclib3\Crypt\DES::setupKey() + * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey() + */ + protected function setupKey() + { + switch (true) { + // if $key <= 64bits we configure our internal pure-php cipher engine + // to act as regular [1]DES, not as 3DES. mcrypt.so::tripledes does the same. + case strlen($this->key) <= 8: + $this->des_rounds = 1; + break; + + // otherwise, if $key > 64bits, we configure our engine to work as 3DES. + default: + $this->des_rounds = 3; + + // (only) if 3CBC is used we have, of course, to setup the $des[0-2] keys also separately. + if ($this->mode_3cbc) { + $this->des[0]->setupKey(); + $this->des[1]->setupKey(); + $this->des[2]->setupKey(); + + // because $des[0-2] will, now, do all the work we can return here + // not need unnecessary stress parent::setupKey() with our, now unused, $key. + return; + } + } + // setup our key + parent::setupKey(); + } + + /** + * Sets the internal crypt engine + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct() + * @see \phpseclib3\Crypt\Common\SymmetricKey::setPreferredEngine() + * @param int $engine + */ + public function setPreferredEngine($engine) + { + if ($this->mode_3cbc) { + $this->des[0]->setPreferredEngine($engine); + $this->des[1]->setPreferredEngine($engine); + $this->des[2]->setPreferredEngine($engine); + } + + parent::setPreferredEngine($engine); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Twofish.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Twofish.php new file mode 100644 index 0000000..bf76563 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Crypt/Twofish.php @@ -0,0 +1,816 @@ + + * setKey('12345678901234567890123456789012'); + * + * $plaintext = str_repeat('a', 1024); + * + * echo $twofish->decrypt($twofish->encrypt($plaintext)); + * ?> + * + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Crypt; + +use phpseclib3\Crypt\Common\BlockCipher; +use phpseclib3\Exception\BadModeException; + +/** + * Pure-PHP implementation of Twofish. + * + * @author Jim Wigginton + * @author Hans-Juergen Petrich + */ +class Twofish extends BlockCipher +{ + /** + * The mcrypt specific name of the cipher + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt + * @var string + */ + protected $cipher_name_mcrypt = 'twofish'; + + /** + * Optimizing value while CFB-encrypting + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::cfb_init_len + * @var int + */ + protected $cfb_init_len = 800; + + /** + * Q-Table + * + * @var array + */ + private static $q0 = [ + 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, + 0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38, + 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, + 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, + 0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23, + 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, + 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, + 0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61, + 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, + 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, + 0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66, + 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, + 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, + 0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71, + 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, + 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, + 0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2, + 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, + 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, + 0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF, + 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, + 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, + 0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A, + 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, + 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, + 0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D, + 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, + 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, + 0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8, + 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, + 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, + 0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0 + ]; + + /** + * Q-Table + * + * @var array + */ + private static $q1 = [ + 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, + 0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B, + 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, + 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, + 0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D, + 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, + 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, + 0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51, + 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, + 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, + 0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70, + 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, + 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, + 0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2, + 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, + 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, + 0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3, + 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, + 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, + 0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9, + 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, + 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, + 0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19, + 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, + 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, + 0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69, + 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, + 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, + 0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB, + 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, + 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, + 0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91 + ]; + + /** + * M-Table + * + * @var array + */ + private static $m0 = [ + 0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, 0xE2E22BFB, 0x9E9EFAC8, + 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, + 0x3C3C57D6, 0x93938A32, 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, + 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, 0xB0B0B306, 0x7575DE3F, + 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, + 0xAEAE2C6D, 0x7F7FABC1, 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, + 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, 0x3131272C, 0x808065A3, + 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, + 0x2A2A3638, 0xC4C49CB0, 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, + 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, 0x6767C027, 0xE9E9AF8C, + 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, + 0x29294CCA, 0xF0F035E3, 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, + 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, 0xC8C81DC3, 0x9999FFCC, + 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, + 0xB5B53D79, 0x09090F0C, 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, + 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, 0xEDEDD07A, 0x4343FC17, + 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, + 0x5656E70B, 0xE3E3DA72, 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, + 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, 0x8181942A, 0x91910149, + 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, + 0x7878AEC5, 0xC5C56D39, 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, + 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, 0x55559DF9, 0x7E7E5A48, + 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, + 0x0606F48D, 0x404086E5, 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, + 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, 0x2D2D333C, 0x3030D6A5, + 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, + 0xD9D97929, 0x8686912E, 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, + 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, 0xC1C112CF, 0x8585EBDC, + 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, + 0xABABA212, 0x6F6F3EA2, 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, + 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, 0x04047FF6, 0x272746C2, + 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91 + ]; + + /** + * M-Table + * + * @var array + */ + private static $m1 = [ + 0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, 0xA3658080, 0x76DFE4E4, + 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, + 0x0D54E6E6, 0xC6432020, 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, + 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, 0x94B1FBFB, 0x485A7E7E, + 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, + 0x1945FDFD, 0x5BA33A3A, 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, + 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, 0x9B53AAAA, 0x7C635D5D, + 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, + 0xC0F09090, 0x8CAFE9E9, 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, + 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, 0xB499C3C3, 0xF1975B5B, + 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, + 0xCCFF9999, 0x95EA1414, 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, + 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, 0xBF7E9595, 0xBA207D7D, + 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, + 0x81FB0F0F, 0x793DB5B5, 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, + 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, 0x86135050, 0xE730F7F7, + 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, + 0x410B9F9F, 0x7B8B0202, 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, + 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, 0xB1C72B2B, 0xAB6F8E8E, + 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, + 0x91EF1313, 0x85FE0808, 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, + 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, 0x6929A9A9, 0x647D4F4F, + 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, + 0xAC87D1D1, 0x7F8E0505, 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, + 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, 0x4C5F7979, 0x02B6B7B7, + 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, + 0x57AC3333, 0xC718CFCF, 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, + 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, 0x99E51D1D, 0x34392323, + 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, + 0xC8FA9E9E, 0xA882D6D6, 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, + 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, 0x0FE25151, 0x00000000, + 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8 + ]; + + /** + * M-Table + * + * @var array + */ + private static $m2 = [ + 0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, 0xE2FBE22B, 0x9EC89EFA, + 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, + 0x3CD63C57, 0x9332938A, 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, + 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, 0xB006B0B3, 0x753F75DE, + 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, + 0xAE6DAE2C, 0x7FC17FAB, 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, + 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, 0x312C3127, 0x80A38065, + 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, + 0x2A382A36, 0xC4B0C49C, 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, + 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, 0x672767C0, 0xE98CE9AF, + 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, + 0x29CA294C, 0xF0E3F035, 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, + 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, 0xC8C3C81D, 0x99CC99FF, + 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, + 0xB579B53D, 0x090C090F, 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, + 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, 0xED7AEDD0, 0x431743FC, + 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, + 0x560B56E7, 0xE372E3DA, 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, + 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, 0x812A8194, 0x91499101, + 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, + 0x78C578AE, 0xC539C56D, 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, + 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, 0x55F9559D, 0x7E487E5A, + 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, + 0x068D06F4, 0x40E54086, 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, + 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, 0x2D3C2D33, 0x30A530D6, + 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, + 0xD929D979, 0x862E8691, 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, + 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, 0xC1CFC112, 0x85DC85EB, + 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, + 0xAB12ABA2, 0x6FA26F3E, 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, + 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, 0x04F6047F, 0x27C22746, + 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF + ]; + + /** + * M-Table + * + * @var array + */ + private static $m3 = [ + 0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, 0x6580A365, 0xDFE476DF, + 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, + 0x54E60D54, 0x4320C643, 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, + 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, 0xB1FB94B1, 0x5A7E485A, + 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, + 0x45FD1945, 0xA33A5BA3, 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, + 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, 0x53AA9B53, 0x635D7C63, + 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, + 0xF090C0F0, 0xAFE98CAF, 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, + 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, 0x99C3B499, 0x975BF197, + 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, + 0xFF99CCFF, 0xEA1495EA, 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, + 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, 0x7E95BF7E, 0x207DBA20, + 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, + 0xFB0F81FB, 0x3DB5793D, 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, + 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, 0x13508613, 0x30F7E730, + 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, + 0x0B9F410B, 0x8B027B8B, 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, + 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, 0xC72BB1C7, 0x6F8EAB6F, + 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, + 0xEF1391EF, 0xFE0885FE, 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, + 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, 0x29A96929, 0x7D4F647D, + 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, + 0x87D1AC87, 0x8E057F8E, 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, + 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, 0x5F794C5F, 0xB6B702B6, + 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, + 0xAC3357AC, 0x18CFC718, 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, + 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, 0xE51D99E5, 0x39233439, + 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, + 0xFA9EC8FA, 0x82D6A882, 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, + 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, 0xE2510FE2, 0x00000000, + 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8 + ]; + + /** + * The Key Schedule Array + * + * @var array + */ + private $K = []; + + /** + * The Key depended S-Table 0 + * + * @var array + */ + private $S0 = []; + + /** + * The Key depended S-Table 1 + * + * @var array + */ + private $S1 = []; + + /** + * The Key depended S-Table 2 + * + * @var array + */ + private $S2 = []; + + /** + * The Key depended S-Table 3 + * + * @var array + */ + private $S3 = []; + + /** + * Holds the last used key + * + * @var array + */ + private $kl; + + /** + * The Key Length (in bytes) + * + * @see Crypt_Twofish::setKeyLength() + * @var int + */ + protected $key_length = 16; + + /** + * Default Constructor. + * + * @param string $mode + * @throws BadModeException if an invalid / unsupported mode is provided + */ + public function __construct($mode) + { + parent::__construct($mode); + + if ($this->mode == self::MODE_STREAM) { + throw new BadModeException('Block ciphers cannot be ran in stream mode'); + } + } + + /** + * Initialize Static Variables + */ + protected static function initialize_static_variables() + { + if (is_float(self::$m3[0])) { + self::$m0 = array_map('intval', self::$m0); + self::$m1 = array_map('intval', self::$m1); + self::$m2 = array_map('intval', self::$m2); + self::$m3 = array_map('intval', self::$m3); + self::$q0 = array_map('intval', self::$q0); + self::$q1 = array_map('intval', self::$q1); + } + + parent::initialize_static_variables(); + } + + /** + * Sets the key length. + * + * Valid key lengths are 128, 192 or 256 bits + * + * @param int $length + */ + public function setKeyLength($length) + { + switch ($length) { + case 128: + case 192: + case 256: + break; + default: + throw new \LengthException('Key of size ' . $length . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported'); + } + + parent::setKeyLength($length); + } + + /** + * Sets the key. + * + * Rijndael supports five different key lengths + * + * @see setKeyLength() + * @param string $key + * @throws \LengthException if the key length isn't supported + */ + public function setKey($key) + { + switch (strlen($key)) { + case 16: + case 24: + case 32: + break; + default: + throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported'); + } + + parent::setKey($key); + } + + /** + * Setup the key (expansion) + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupKey() + */ + protected function setupKey() + { + if (isset($this->kl['key']) && $this->key === $this->kl['key']) { + // already expanded + return; + } + $this->kl = ['key' => $this->key]; + + /* Key expanding and generating the key-depended s-boxes */ + $le_longs = unpack('V*', $this->key); + $key = unpack('C*', $this->key); + $m0 = self::$m0; + $m1 = self::$m1; + $m2 = self::$m2; + $m3 = self::$m3; + $q0 = self::$q0; + $q1 = self::$q1; + + $K = $S0 = $S1 = $S2 = $S3 = []; + + switch (strlen($this->key)) { + case 16: + list($s7, $s6, $s5, $s4) = $this->mdsrem($le_longs[1], $le_longs[2]); + list($s3, $s2, $s1, $s0) = $this->mdsrem($le_longs[3], $le_longs[4]); + for ($i = 0, $j = 1; $i < 40; $i += 2, $j += 2) { + $A = $m0[$q0[$q0[$i] ^ $key[ 9]] ^ $key[1]] ^ + $m1[$q0[$q1[$i] ^ $key[10]] ^ $key[2]] ^ + $m2[$q1[$q0[$i] ^ $key[11]] ^ $key[3]] ^ + $m3[$q1[$q1[$i] ^ $key[12]] ^ $key[4]]; + $B = $m0[$q0[$q0[$j] ^ $key[13]] ^ $key[5]] ^ + $m1[$q0[$q1[$j] ^ $key[14]] ^ $key[6]] ^ + $m2[$q1[$q0[$j] ^ $key[15]] ^ $key[7]] ^ + $m3[$q1[$q1[$j] ^ $key[16]] ^ $key[8]]; + $B = ($B << 8) | ($B >> 24 & 0xff); + $A = self::safe_intval($A + $B); + $K[] = $A; + $A = self::safe_intval($A + $B); + $K[] = ($A << 9 | $A >> 23 & 0x1ff); + } + for ($i = 0; $i < 256; ++$i) { + $S0[$i] = $m0[$q0[$q0[$i] ^ $s4] ^ $s0]; + $S1[$i] = $m1[$q0[$q1[$i] ^ $s5] ^ $s1]; + $S2[$i] = $m2[$q1[$q0[$i] ^ $s6] ^ $s2]; + $S3[$i] = $m3[$q1[$q1[$i] ^ $s7] ^ $s3]; + } + break; + case 24: + list($sb, $sa, $s9, $s8) = $this->mdsrem($le_longs[1], $le_longs[2]); + list($s7, $s6, $s5, $s4) = $this->mdsrem($le_longs[3], $le_longs[4]); + list($s3, $s2, $s1, $s0) = $this->mdsrem($le_longs[5], $le_longs[6]); + for ($i = 0, $j = 1; $i < 40; $i += 2, $j += 2) { + $A = $m0[$q0[$q0[$q1[$i] ^ $key[17]] ^ $key[ 9]] ^ $key[1]] ^ + $m1[$q0[$q1[$q1[$i] ^ $key[18]] ^ $key[10]] ^ $key[2]] ^ + $m2[$q1[$q0[$q0[$i] ^ $key[19]] ^ $key[11]] ^ $key[3]] ^ + $m3[$q1[$q1[$q0[$i] ^ $key[20]] ^ $key[12]] ^ $key[4]]; + $B = $m0[$q0[$q0[$q1[$j] ^ $key[21]] ^ $key[13]] ^ $key[5]] ^ + $m1[$q0[$q1[$q1[$j] ^ $key[22]] ^ $key[14]] ^ $key[6]] ^ + $m2[$q1[$q0[$q0[$j] ^ $key[23]] ^ $key[15]] ^ $key[7]] ^ + $m3[$q1[$q1[$q0[$j] ^ $key[24]] ^ $key[16]] ^ $key[8]]; + $B = ($B << 8) | ($B >> 24 & 0xff); + $A = self::safe_intval($A + $B); + $K[] = $A; + $A = self::safe_intval($A + $B); + $K[] = ($A << 9 | $A >> 23 & 0x1ff); + } + for ($i = 0; $i < 256; ++$i) { + $S0[$i] = $m0[$q0[$q0[$q1[$i] ^ $s8] ^ $s4] ^ $s0]; + $S1[$i] = $m1[$q0[$q1[$q1[$i] ^ $s9] ^ $s5] ^ $s1]; + $S2[$i] = $m2[$q1[$q0[$q0[$i] ^ $sa] ^ $s6] ^ $s2]; + $S3[$i] = $m3[$q1[$q1[$q0[$i] ^ $sb] ^ $s7] ^ $s3]; + } + break; + default: // 32 + list($sf, $se, $sd, $sc) = $this->mdsrem($le_longs[1], $le_longs[2]); + list($sb, $sa, $s9, $s8) = $this->mdsrem($le_longs[3], $le_longs[4]); + list($s7, $s6, $s5, $s4) = $this->mdsrem($le_longs[5], $le_longs[6]); + list($s3, $s2, $s1, $s0) = $this->mdsrem($le_longs[7], $le_longs[8]); + for ($i = 0, $j = 1; $i < 40; $i += 2, $j += 2) { + $A = $m0[$q0[$q0[$q1[$q1[$i] ^ $key[25]] ^ $key[17]] ^ $key[ 9]] ^ $key[1]] ^ + $m1[$q0[$q1[$q1[$q0[$i] ^ $key[26]] ^ $key[18]] ^ $key[10]] ^ $key[2]] ^ + $m2[$q1[$q0[$q0[$q0[$i] ^ $key[27]] ^ $key[19]] ^ $key[11]] ^ $key[3]] ^ + $m3[$q1[$q1[$q0[$q1[$i] ^ $key[28]] ^ $key[20]] ^ $key[12]] ^ $key[4]]; + $B = $m0[$q0[$q0[$q1[$q1[$j] ^ $key[29]] ^ $key[21]] ^ $key[13]] ^ $key[5]] ^ + $m1[$q0[$q1[$q1[$q0[$j] ^ $key[30]] ^ $key[22]] ^ $key[14]] ^ $key[6]] ^ + $m2[$q1[$q0[$q0[$q0[$j] ^ $key[31]] ^ $key[23]] ^ $key[15]] ^ $key[7]] ^ + $m3[$q1[$q1[$q0[$q1[$j] ^ $key[32]] ^ $key[24]] ^ $key[16]] ^ $key[8]]; + $B = ($B << 8) | ($B >> 24 & 0xff); + $A = self::safe_intval($A + $B); + $K[] = $A; + $A = self::safe_intval($A + $B); + $K[] = ($A << 9 | $A >> 23 & 0x1ff); + } + for ($i = 0; $i < 256; ++$i) { + $S0[$i] = $m0[$q0[$q0[$q1[$q1[$i] ^ $sc] ^ $s8] ^ $s4] ^ $s0]; + $S1[$i] = $m1[$q0[$q1[$q1[$q0[$i] ^ $sd] ^ $s9] ^ $s5] ^ $s1]; + $S2[$i] = $m2[$q1[$q0[$q0[$q0[$i] ^ $se] ^ $sa] ^ $s6] ^ $s2]; + $S3[$i] = $m3[$q1[$q1[$q0[$q1[$i] ^ $sf] ^ $sb] ^ $s7] ^ $s3]; + } + } + + $this->K = $K; + $this->S0 = $S0; + $this->S1 = $S1; + $this->S2 = $S2; + $this->S3 = $S3; + } + + /** + * _mdsrem function using by the twofish cipher algorithm + * + * @param string $A + * @param string $B + * @return array + */ + private function mdsrem($A, $B) + { + // No gain by unrolling this loop. + for ($i = 0; $i < 8; ++$i) { + // Get most significant coefficient. + $t = 0xff & ($B >> 24); + + // Shift the others up. + $B = ($B << 8) | (0xff & ($A >> 24)); + $A <<= 8; + + $u = $t << 1; + + // Subtract the modular polynomial on overflow. + if ($t & 0x80) { + $u ^= 0x14d; + } + + // Remove t * (a * x^2 + 1). + $B ^= $t ^ ($u << 16); + + // Form u = a*t + t/a = t*(a + 1/a). + $u ^= 0x7fffffff & ($t >> 1); + + // Add the modular polynomial on underflow. + if ($t & 0x01) { + $u ^= 0xa6 ; + } + + // Remove t * (a + 1/a) * (x^3 + x). + $B ^= ($u << 24) | ($u << 8); + } + + return [ + 0xff & $B >> 24, + 0xff & $B >> 16, + 0xff & $B >> 8, + 0xff & $B]; + } + + /** + * Encrypts a block + * + * @param string $in + * @return string + */ + protected function encryptBlock($in) + { + $S0 = $this->S0; + $S1 = $this->S1; + $S2 = $this->S2; + $S3 = $this->S3; + $K = $this->K; + + $in = unpack("V4", $in); + $R0 = $K[0] ^ $in[1]; + $R1 = $K[1] ^ $in[2]; + $R2 = $K[2] ^ $in[3]; + $R3 = $K[3] ^ $in[4]; + + $ki = 7; + while ($ki < 39) { + $t0 = $S0[ $R0 & 0xff] ^ + $S1[($R0 >> 8) & 0xff] ^ + $S2[($R0 >> 16) & 0xff] ^ + $S3[($R0 >> 24) & 0xff]; + $t1 = $S0[($R1 >> 24) & 0xff] ^ + $S1[ $R1 & 0xff] ^ + $S2[($R1 >> 8) & 0xff] ^ + $S3[($R1 >> 16) & 0xff]; + $R2 ^= self::safe_intval($t0 + $t1 + $K[++$ki]); + $R2 = ($R2 >> 1 & 0x7fffffff) | ($R2 << 31); + $R3 = ((($R3 >> 31) & 1) | ($R3 << 1)) ^ self::safe_intval($t0 + ($t1 << 1) + $K[++$ki]); + + $t0 = $S0[ $R2 & 0xff] ^ + $S1[($R2 >> 8) & 0xff] ^ + $S2[($R2 >> 16) & 0xff] ^ + $S3[($R2 >> 24) & 0xff]; + $t1 = $S0[($R3 >> 24) & 0xff] ^ + $S1[ $R3 & 0xff] ^ + $S2[($R3 >> 8) & 0xff] ^ + $S3[($R3 >> 16) & 0xff]; + $R0 ^= self::safe_intval($t0 + $t1 + $K[++$ki]); + $R0 = ($R0 >> 1 & 0x7fffffff) | ($R0 << 31); + $R1 = ((($R1 >> 31) & 1) | ($R1 << 1)) ^ self::safe_intval($t0 + ($t1 << 1) + $K[++$ki]); + } + + // @codingStandardsIgnoreStart + return pack("V4", $K[4] ^ $R2, + $K[5] ^ $R3, + $K[6] ^ $R0, + $K[7] ^ $R1); + // @codingStandardsIgnoreEnd + } + + /** + * Decrypts a block + * + * @param string $in + * @return string + */ + protected function decryptBlock($in) + { + $S0 = $this->S0; + $S1 = $this->S1; + $S2 = $this->S2; + $S3 = $this->S3; + $K = $this->K; + + $in = unpack("V4", $in); + $R0 = $K[4] ^ $in[1]; + $R1 = $K[5] ^ $in[2]; + $R2 = $K[6] ^ $in[3]; + $R3 = $K[7] ^ $in[4]; + + $ki = 40; + while ($ki > 8) { + $t0 = $S0[$R0 & 0xff] ^ + $S1[$R0 >> 8 & 0xff] ^ + $S2[$R0 >> 16 & 0xff] ^ + $S3[$R0 >> 24 & 0xff]; + $t1 = $S0[$R1 >> 24 & 0xff] ^ + $S1[$R1 & 0xff] ^ + $S2[$R1 >> 8 & 0xff] ^ + $S3[$R1 >> 16 & 0xff]; + $R3 ^= self::safe_intval($t0 + ($t1 << 1) + $K[--$ki]); + $R3 = $R3 >> 1 & 0x7fffffff | $R3 << 31; + $R2 = ($R2 >> 31 & 0x1 | $R2 << 1) ^ self::safe_intval($t0 + $t1 + $K[--$ki]); + + $t0 = $S0[$R2 & 0xff] ^ + $S1[$R2 >> 8 & 0xff] ^ + $S2[$R2 >> 16 & 0xff] ^ + $S3[$R2 >> 24 & 0xff]; + $t1 = $S0[$R3 >> 24 & 0xff] ^ + $S1[$R3 & 0xff] ^ + $S2[$R3 >> 8 & 0xff] ^ + $S3[$R3 >> 16 & 0xff]; + $R1 ^= self::safe_intval($t0 + ($t1 << 1) + $K[--$ki]); + $R1 = $R1 >> 1 & 0x7fffffff | $R1 << 31; + $R0 = ($R0 >> 31 & 0x1 | $R0 << 1) ^ self::safe_intval($t0 + $t1 + $K[--$ki]); + } + + // @codingStandardsIgnoreStart + return pack("V4", $K[0] ^ $R2, + $K[1] ^ $R3, + $K[2] ^ $R0, + $K[3] ^ $R1); + // @codingStandardsIgnoreEnd + } + + /** + * Setup the performance-optimized function for de/encrypt() + * + * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupInlineCrypt() + */ + protected function setupInlineCrypt() + { + $K = $this->K; + $init_crypt = ' + static $S0, $S1, $S2, $S3; + if (!$S0) { + for ($i = 0; $i < 256; ++$i) { + $S0[] = (int)$this->S0[$i]; + $S1[] = (int)$this->S1[$i]; + $S2[] = (int)$this->S2[$i]; + $S3[] = (int)$this->S3[$i]; + } + } + '; + + $safeint = self::safe_intval_inline(); + + // Generating encrypt code: + $encrypt_block = ' + $in = unpack("V4", $in); + $R0 = ' . $K[0] . ' ^ $in[1]; + $R1 = ' . $K[1] . ' ^ $in[2]; + $R2 = ' . $K[2] . ' ^ $in[3]; + $R3 = ' . $K[3] . ' ^ $in[4]; + '; + for ($ki = 7, $i = 0; $i < 8; ++$i) { + $encrypt_block .= ' + $t0 = $S0[ $R0 & 0xff] ^ + $S1[($R0 >> 8) & 0xff] ^ + $S2[($R0 >> 16) & 0xff] ^ + $S3[($R0 >> 24) & 0xff]; + $t1 = $S0[($R1 >> 24) & 0xff] ^ + $S1[ $R1 & 0xff] ^ + $S2[($R1 >> 8) & 0xff] ^ + $S3[($R1 >> 16) & 0xff]; + $R2^= ' . sprintf($safeint, '$t0 + $t1 + ' . $K[++$ki]) . '; + $R2 = ($R2 >> 1 & 0x7fffffff) | ($R2 << 31); + $R3 = ((($R3 >> 31) & 1) | ($R3 << 1)) ^ ' . sprintf($safeint, '($t0 + ($t1 << 1) + ' . $K[++$ki] . ')') . '; + + $t0 = $S0[ $R2 & 0xff] ^ + $S1[($R2 >> 8) & 0xff] ^ + $S2[($R2 >> 16) & 0xff] ^ + $S3[($R2 >> 24) & 0xff]; + $t1 = $S0[($R3 >> 24) & 0xff] ^ + $S1[ $R3 & 0xff] ^ + $S2[($R3 >> 8) & 0xff] ^ + $S3[($R3 >> 16) & 0xff]; + $R0^= ' . sprintf($safeint, '($t0 + $t1 + ' . $K[++$ki] . ')') . '; + $R0 = ($R0 >> 1 & 0x7fffffff) | ($R0 << 31); + $R1 = ((($R1 >> 31) & 1) | ($R1 << 1)) ^ ' . sprintf($safeint, '($t0 + ($t1 << 1) + ' . $K[++$ki] . ')') . '; + '; + } + $encrypt_block .= ' + $in = pack("V4", ' . $K[4] . ' ^ $R2, + ' . $K[5] . ' ^ $R3, + ' . $K[6] . ' ^ $R0, + ' . $K[7] . ' ^ $R1); + '; + + // Generating decrypt code: + $decrypt_block = ' + $in = unpack("V4", $in); + $R0 = ' . $K[4] . ' ^ $in[1]; + $R1 = ' . $K[5] . ' ^ $in[2]; + $R2 = ' . $K[6] . ' ^ $in[3]; + $R3 = ' . $K[7] . ' ^ $in[4]; + '; + for ($ki = 40, $i = 0; $i < 8; ++$i) { + $decrypt_block .= ' + $t0 = $S0[$R0 & 0xff] ^ + $S1[$R0 >> 8 & 0xff] ^ + $S2[$R0 >> 16 & 0xff] ^ + $S3[$R0 >> 24 & 0xff]; + $t1 = $S0[$R1 >> 24 & 0xff] ^ + $S1[$R1 & 0xff] ^ + $S2[$R1 >> 8 & 0xff] ^ + $S3[$R1 >> 16 & 0xff]; + $R3^= ' . sprintf($safeint, '$t0 + ($t1 << 1) + ' . $K[--$ki]) . '; + $R3 = $R3 >> 1 & 0x7fffffff | $R3 << 31; + $R2 = ($R2 >> 31 & 0x1 | $R2 << 1) ^ ' . sprintf($safeint, '($t0 + $t1 + ' . $K[--$ki] . ')') . '; + + $t0 = $S0[$R2 & 0xff] ^ + $S1[$R2 >> 8 & 0xff] ^ + $S2[$R2 >> 16 & 0xff] ^ + $S3[$R2 >> 24 & 0xff]; + $t1 = $S0[$R3 >> 24 & 0xff] ^ + $S1[$R3 & 0xff] ^ + $S2[$R3 >> 8 & 0xff] ^ + $S3[$R3 >> 16 & 0xff]; + $R1^= ' . sprintf($safeint, '$t0 + ($t1 << 1) + ' . $K[--$ki]) . '; + $R1 = $R1 >> 1 & 0x7fffffff | $R1 << 31; + $R0 = ($R0 >> 31 & 0x1 | $R0 << 1) ^ ' . sprintf($safeint, '($t0 + $t1 + ' . $K[--$ki] . ')') . '; + '; + } + $decrypt_block .= ' + $in = pack("V4", ' . $K[0] . ' ^ $R2, + ' . $K[1] . ' ^ $R3, + ' . $K[2] . ' ^ $R0, + ' . $K[3] . ' ^ $R1); + '; + + $this->inline_crypt = $this->createInlineCryptFunction( + [ + 'init_crypt' => $init_crypt, + 'init_encrypt' => '', + 'init_decrypt' => '', + 'encrypt_block' => $encrypt_block, + 'decrypt_block' => $decrypt_block + ] + ); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadConfigurationException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadConfigurationException.php new file mode 100644 index 0000000..1aabcae --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadConfigurationException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * BadConfigurationException + * + * @author Jim Wigginton + */ +class BadConfigurationException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadDecryptionException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadDecryptionException.php new file mode 100644 index 0000000..88331dc --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadDecryptionException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * BadDecryptionException + * + * @author Jim Wigginton + */ +class BadDecryptionException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadModeException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadModeException.php new file mode 100644 index 0000000..87689b2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/BadModeException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * BadModeException + * + * @author Jim Wigginton + */ +class BadModeException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/ConnectionClosedException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/ConnectionClosedException.php new file mode 100644 index 0000000..6aaccba --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/ConnectionClosedException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * ConnectionClosedException + * + * @author Jim Wigginton + */ +class ConnectionClosedException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/FileNotFoundException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/FileNotFoundException.php new file mode 100644 index 0000000..66e7270 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/FileNotFoundException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * FileNotFoundException + * + * @author Jim Wigginton + */ +class FileNotFoundException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InconsistentSetupException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InconsistentSetupException.php new file mode 100644 index 0000000..23c38fb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InconsistentSetupException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * InconsistentSetupException + * + * @author Jim Wigginton + */ +class InconsistentSetupException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InsufficientSetupException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InsufficientSetupException.php new file mode 100644 index 0000000..4f4114d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InsufficientSetupException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * InsufficientSetupException + * + * @author Jim Wigginton + */ +class InsufficientSetupException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InvalidPacketLengthException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InvalidPacketLengthException.php new file mode 100644 index 0000000..b96ead1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/InvalidPacketLengthException.php @@ -0,0 +1,10 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * NoKeyLoadedException + * + * @author Jim Wigginton + */ +class NoKeyLoadedException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/NoSupportedAlgorithmsException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/NoSupportedAlgorithmsException.php new file mode 100644 index 0000000..b3ea8f3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/NoSupportedAlgorithmsException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * NoSupportedAlgorithmsException + * + * @author Jim Wigginton + */ +class NoSupportedAlgorithmsException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/TimeoutException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/TimeoutException.php new file mode 100644 index 0000000..8701f8d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/TimeoutException.php @@ -0,0 +1,10 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * UnableToConnectException + * + * @author Jim Wigginton + */ +class UnableToConnectException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedAlgorithmException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedAlgorithmException.php new file mode 100644 index 0000000..210a9a5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedAlgorithmException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * UnsupportedAlgorithmException + * + * @author Jim Wigginton + */ +class UnsupportedAlgorithmException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedCurveException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedCurveException.php new file mode 100644 index 0000000..9915215 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedCurveException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * UnsupportedCurveException + * + * @author Jim Wigginton + */ +class UnsupportedCurveException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedFormatException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedFormatException.php new file mode 100644 index 0000000..e207d7e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedFormatException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * UnsupportedFormatException + * + * @author Jim Wigginton + */ +class UnsupportedFormatException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedOperationException.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedOperationException.php new file mode 100644 index 0000000..9a11544 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Exception/UnsupportedOperationException.php @@ -0,0 +1,23 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Exception; + +/** + * UnsupportedOperationException + * + * @author Jim Wigginton + */ +class UnsupportedOperationException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ANSI.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ANSI.php new file mode 100644 index 0000000..41477ba --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ANSI.php @@ -0,0 +1,551 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File; + +/** + * Pure-PHP ANSI Decoder + * + * @author Jim Wigginton + */ +class ANSI +{ + /** + * Max Width + * + * @var int + */ + private $max_x; + + /** + * Max Height + * + * @var int + */ + private $max_y; + + /** + * Max History + * + * @var int + */ + private $max_history; + + /** + * History + * + * @var array + */ + private $history; + + /** + * History Attributes + * + * @var array + */ + private $history_attrs; + + /** + * Current Column + * + * @var int + */ + private $x; + + /** + * Current Row + * + * @var int + */ + private $y; + + /** + * Old Column + * + * @var int + */ + private $old_x; + + /** + * Old Row + * + * @var int + */ + private $old_y; + + /** + * An empty attribute cell + * + * @var object + */ + private $base_attr_cell; + + /** + * The current attribute cell + * + * @var object + */ + private $attr_cell; + + /** + * An empty attribute row + * + * @var array + */ + private $attr_row; + + /** + * The current screen text + * + * @var list + */ + private $screen; + + /** + * The current screen attributes + * + * @var array + */ + private $attrs; + + /** + * Current ANSI code + * + * @var string + */ + private $ansi; + + /** + * Tokenization + * + * @var array + */ + private $tokenization; + + /** + * Default Constructor. + * + * @return ANSI + */ + public function __construct() + { + $attr_cell = new \stdClass(); + $attr_cell->bold = false; + $attr_cell->underline = false; + $attr_cell->blink = false; + $attr_cell->background = 'black'; + $attr_cell->foreground = 'white'; + $attr_cell->reverse = false; + $this->base_attr_cell = clone $attr_cell; + $this->attr_cell = clone $attr_cell; + + $this->setHistory(200); + $this->setDimensions(80, 24); + } + + /** + * Set terminal width and height + * + * Resets the screen as well + * + * @param int $x + * @param int $y + */ + public function setDimensions($x, $y) + { + $this->max_x = $x - 1; + $this->max_y = $y - 1; + $this->x = $this->y = 0; + $this->history = $this->history_attrs = []; + $this->attr_row = array_fill(0, $this->max_x + 2, $this->base_attr_cell); + $this->screen = array_fill(0, $this->max_y + 1, ''); + $this->attrs = array_fill(0, $this->max_y + 1, $this->attr_row); + $this->ansi = ''; + } + + /** + * Set the number of lines that should be logged past the terminal height + * + * @param int $history + */ + public function setHistory($history) + { + $this->max_history = $history; + } + + /** + * Load a string + * + * @param string $source + */ + public function loadString($source) + { + $this->setDimensions($this->max_x + 1, $this->max_y + 1); + $this->appendString($source); + } + + /** + * Appdend a string + * + * @param string $source + */ + public function appendString($source) + { + $this->tokenization = ['']; + for ($i = 0; $i < strlen($source); $i++) { + if (strlen($this->ansi)) { + $this->ansi .= $source[$i]; + $chr = ord($source[$i]); + // http://en.wikipedia.org/wiki/ANSI_escape_code#Sequence_elements + // single character CSI's not currently supported + switch (true) { + case $this->ansi == "\x1B=": + $this->ansi = ''; + continue 2; + case strlen($this->ansi) == 2 && $chr >= 64 && $chr <= 95 && $chr != ord('['): + case strlen($this->ansi) > 2 && $chr >= 64 && $chr <= 126: + break; + default: + continue 2; + } + $this->tokenization[] = $this->ansi; + $this->tokenization[] = ''; + // http://ascii-table.com/ansi-escape-sequences-vt-100.php + switch ($this->ansi) { + case "\x1B[H": // Move cursor to upper left corner + $this->old_x = $this->x; + $this->old_y = $this->y; + $this->x = $this->y = 0; + break; + case "\x1B[J": // Clear screen from cursor down + $this->history = array_merge($this->history, array_slice(array_splice($this->screen, $this->y + 1), 0, $this->old_y)); + $this->screen = array_merge($this->screen, array_fill($this->y, $this->max_y, '')); + + $this->history_attrs = array_merge($this->history_attrs, array_slice(array_splice($this->attrs, $this->y + 1), 0, $this->old_y)); + $this->attrs = array_merge($this->attrs, array_fill($this->y, $this->max_y, $this->attr_row)); + + if (count($this->history) == $this->max_history) { + array_shift($this->history); + array_shift($this->history_attrs); + } + // fall-through + case "\x1B[K": // Clear screen from cursor right + $this->screen[$this->y] = substr($this->screen[$this->y], 0, $this->x); + + array_splice($this->attrs[$this->y], $this->x + 1, $this->max_x - $this->x, array_fill($this->x, $this->max_x - ($this->x - 1), $this->base_attr_cell)); + break; + case "\x1B[2K": // Clear entire line + $this->screen[$this->y] = str_repeat(' ', $this->x); + $this->attrs[$this->y] = $this->attr_row; + break; + case "\x1B[?1h": // set cursor key to application + case "\x1B[?25h": // show the cursor + case "\x1B(B": // set united states g0 character set + break; + case "\x1BE": // Move to next line + $this->newLine(); + $this->x = 0; + break; + default: + switch (true) { + case preg_match('#\x1B\[(\d+)B#', $this->ansi, $match): // Move cursor down n lines + $this->old_y = $this->y; + $this->y += (int) $match[1]; + break; + case preg_match('#\x1B\[(\d+);(\d+)H#', $this->ansi, $match): // Move cursor to screen location v,h + $this->old_x = $this->x; + $this->old_y = $this->y; + $this->x = $match[2] - 1; + $this->y = (int) $match[1] - 1; + break; + case preg_match('#\x1B\[(\d+)C#', $this->ansi, $match): // Move cursor right n lines + $this->old_x = $this->x; + $this->x += $match[1]; + break; + case preg_match('#\x1B\[(\d+)D#', $this->ansi, $match): // Move cursor left n lines + $this->old_x = $this->x; + $this->x -= $match[1]; + if ($this->x < 0) { + $this->x = 0; + } + break; + case preg_match('#\x1B\[(\d+);(\d+)r#', $this->ansi, $match): // Set top and bottom lines of a window + break; + case preg_match('#\x1B\[(\d*(?:;\d*)*)m#', $this->ansi, $match): // character attributes + $attr_cell = &$this->attr_cell; + $mods = explode(';', $match[1]); + foreach ($mods as $mod) { + switch ($mod) { + case '': + case '0': // Turn off character attributes + $attr_cell = clone $this->base_attr_cell; + break; + case '1': // Turn bold mode on + $attr_cell->bold = true; + break; + case '4': // Turn underline mode on + $attr_cell->underline = true; + break; + case '5': // Turn blinking mode on + $attr_cell->blink = true; + break; + case '7': // Turn reverse video on + $attr_cell->reverse = !$attr_cell->reverse; + $temp = $attr_cell->background; + $attr_cell->background = $attr_cell->foreground; + $attr_cell->foreground = $temp; + break; + default: // set colors + //$front = $attr_cell->reverse ? &$attr_cell->background : &$attr_cell->foreground; + $front = &$attr_cell->{ $attr_cell->reverse ? 'background' : 'foreground' }; + //$back = $attr_cell->reverse ? &$attr_cell->foreground : &$attr_cell->background; + $back = &$attr_cell->{ $attr_cell->reverse ? 'foreground' : 'background' }; + switch ($mod) { + // @codingStandardsIgnoreStart + case '30': $front = 'black'; break; + case '31': $front = 'red'; break; + case '32': $front = 'green'; break; + case '33': $front = 'yellow'; break; + case '34': $front = 'blue'; break; + case '35': $front = 'magenta'; break; + case '36': $front = 'cyan'; break; + case '37': $front = 'white'; break; + + case '40': $back = 'black'; break; + case '41': $back = 'red'; break; + case '42': $back = 'green'; break; + case '43': $back = 'yellow'; break; + case '44': $back = 'blue'; break; + case '45': $back = 'magenta'; break; + case '46': $back = 'cyan'; break; + case '47': $back = 'white'; break; + // @codingStandardsIgnoreEnd + + default: + //user_error('Unsupported attribute: ' . $mod); + $this->ansi = ''; + break 2; + } + } + } + break; + default: + //user_error("{$this->ansi} is unsupported\r\n"); + } + } + $this->ansi = ''; + continue; + } + + $this->tokenization[count($this->tokenization) - 1] .= $source[$i]; + switch ($source[$i]) { + case "\r": + $this->x = 0; + break; + case "\n": + $this->newLine(); + break; + case "\x08": // backspace + if ($this->x) { + $this->x--; + $this->attrs[$this->y][$this->x] = clone $this->base_attr_cell; + $this->screen[$this->y] = substr_replace( + $this->screen[$this->y], + $source[$i], + $this->x, + 1 + ); + } + break; + case "\x0F": // shift + break; + case "\x1B": // start ANSI escape code + $this->tokenization[count($this->tokenization) - 1] = substr($this->tokenization[count($this->tokenization) - 1], 0, -1); + //if (!strlen($this->tokenization[count($this->tokenization) - 1])) { + // array_pop($this->tokenization); + //} + $this->ansi .= "\x1B"; + break; + default: + $this->attrs[$this->y][$this->x] = clone $this->attr_cell; + if ($this->x > strlen($this->screen[$this->y])) { + $this->screen[$this->y] = str_repeat(' ', $this->x); + } + $this->screen[$this->y] = substr_replace( + $this->screen[$this->y], + $source[$i], + $this->x, + 1 + ); + + if ($this->x > $this->max_x) { + $this->x = 0; + $this->newLine(); + } else { + $this->x++; + } + } + } + } + + /** + * Add a new line + * + * Also update the $this->screen and $this->history buffers + * + */ + private function newLine() + { + //if ($this->y < $this->max_y) { + // $this->y++; + //} + + while ($this->y >= $this->max_y) { + $this->history = array_merge($this->history, [array_shift($this->screen)]); + $this->screen[] = ''; + + $this->history_attrs = array_merge($this->history_attrs, [array_shift($this->attrs)]); + $this->attrs[] = $this->attr_row; + + if (count($this->history) >= $this->max_history) { + array_shift($this->history); + array_shift($this->history_attrs); + } + + $this->y--; + } + $this->y++; + } + + /** + * Returns the current coordinate without preformating + * + * @param \stdClass $last_attr + * @param \stdClass $cur_attr + * @param string $char + * @return string + */ + private function processCoordinate(\stdClass $last_attr, \stdClass $cur_attr, $char) + { + $output = ''; + + if ($last_attr != $cur_attr) { + $close = $open = ''; + if ($last_attr->foreground != $cur_attr->foreground) { + if ($cur_attr->foreground != 'white') { + $open .= ''; + } + if ($last_attr->foreground != 'white') { + $close = '' . $close; + } + } + if ($last_attr->background != $cur_attr->background) { + if ($cur_attr->background != 'black') { + $open .= ''; + } + if ($last_attr->background != 'black') { + $close = '' . $close; + } + } + if ($last_attr->bold != $cur_attr->bold) { + if ($cur_attr->bold) { + $open .= ''; + } else { + $close = '' . $close; + } + } + if ($last_attr->underline != $cur_attr->underline) { + if ($cur_attr->underline) { + $open .= ''; + } else { + $close = '' . $close; + } + } + if ($last_attr->blink != $cur_attr->blink) { + if ($cur_attr->blink) { + $open .= ''; + } else { + $close = '' . $close; + } + } + $output .= $close . $open; + } + + $output .= htmlspecialchars($char); + + return $output; + } + + /** + * Returns the current screen without preformating + * + * @return string + */ + private function getScreenHelper() + { + $output = ''; + $last_attr = $this->base_attr_cell; + for ($i = 0; $i <= $this->max_y; $i++) { + for ($j = 0; $j <= $this->max_x; $j++) { + $cur_attr = $this->attrs[$i][$j]; + $output .= $this->processCoordinate($last_attr, $cur_attr, isset($this->screen[$i][$j]) ? $this->screen[$i][$j] : ''); + $last_attr = $this->attrs[$i][$j]; + } + $output .= "\r\n"; + } + $output = substr($output, 0, -2); + // close any remaining open tags + $output .= $this->processCoordinate($last_attr, $this->base_attr_cell, ''); + return rtrim($output); + } + + /** + * Returns the current screen + * + * @return string + */ + public function getScreen() + { + return '
' . $this->getScreenHelper() . '
'; + } + + /** + * Returns the current screen and the x previous lines + * + * @return string + */ + public function getHistory() + { + $scrollback = ''; + $last_attr = $this->base_attr_cell; + for ($i = 0; $i < count($this->history); $i++) { + for ($j = 0; $j <= $this->max_x + 1; $j++) { + $cur_attr = $this->history_attrs[$i][$j]; + $scrollback .= $this->processCoordinate($last_attr, $cur_attr, isset($this->history[$i][$j]) ? $this->history[$i][$j] : ''); + $last_attr = $this->history_attrs[$i][$j]; + } + $scrollback .= "\r\n"; + } + $base_attr_cell = $this->base_attr_cell; + $this->base_attr_cell = $last_attr; + $scrollback .= $this->getScreen(); + $this->base_attr_cell = $base_attr_cell; + + return '
' . $scrollback . '
'; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php new file mode 100644 index 0000000..c4b06a5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php @@ -0,0 +1,1513 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\File\ASN1\Element; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP ASN.1 Parser + * + * @author Jim Wigginton + */ +abstract class ASN1 +{ + // Tag Classes + // http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=12 + const CLASS_UNIVERSAL = 0; + const CLASS_APPLICATION = 1; + const CLASS_CONTEXT_SPECIFIC = 2; + const CLASS_PRIVATE = 3; + + // Tag Classes + // http://www.obj-sys.com/asn1tutorial/node124.html + const TYPE_BOOLEAN = 1; + const TYPE_INTEGER = 2; + const TYPE_BIT_STRING = 3; + const TYPE_OCTET_STRING = 4; + const TYPE_NULL = 5; + const TYPE_OBJECT_IDENTIFIER = 6; + //const TYPE_OBJECT_DESCRIPTOR = 7; + //const TYPE_INSTANCE_OF = 8; // EXTERNAL + const TYPE_REAL = 9; + const TYPE_ENUMERATED = 10; + //const TYPE_EMBEDDED = 11; + const TYPE_UTF8_STRING = 12; + //const TYPE_RELATIVE_OID = 13; + const TYPE_SEQUENCE = 16; // SEQUENCE OF + const TYPE_SET = 17; // SET OF + + // More Tag Classes + // http://www.obj-sys.com/asn1tutorial/node10.html + const TYPE_NUMERIC_STRING = 18; + const TYPE_PRINTABLE_STRING = 19; + const TYPE_TELETEX_STRING = 20; // T61String + const TYPE_VIDEOTEX_STRING = 21; + const TYPE_IA5_STRING = 22; + const TYPE_UTC_TIME = 23; + const TYPE_GENERALIZED_TIME = 24; + const TYPE_GRAPHIC_STRING = 25; + const TYPE_VISIBLE_STRING = 26; // ISO646String + const TYPE_GENERAL_STRING = 27; + const TYPE_UNIVERSAL_STRING = 28; + //const TYPE_CHARACTER_STRING = 29; + const TYPE_BMP_STRING = 30; + + // Tag Aliases + // These tags are kinda place holders for other tags. + const TYPE_CHOICE = -1; + const TYPE_ANY = -2; + + /** + * ASN.1 object identifiers + * + * @var array + * @link http://en.wikipedia.org/wiki/Object_identifier + */ + private static $oids = []; + + /** + * ASN.1 object identifier reverse mapping + * + * @var array + */ + private static $reverseOIDs = []; + + /** + * Default date format + * + * @var string + * @link http://php.net/class.datetime + */ + private static $format = 'D, d M Y H:i:s O'; + + /** + * Filters + * + * If the mapping type is self::TYPE_ANY what do we actually encode it as? + * + * @var array + * @see self::encode_der() + */ + private static $filters; + + /** + * Current Location of most recent ASN.1 encode process + * + * Useful for debug purposes + * + * @var array + * @see self::encode_der() + */ + private static $location; + + /** + * DER Encoded String + * + * In case we need to create ASN1\Element object's.. + * + * @var string + * @see self::decodeDER() + */ + private static $encoded; + + /** + * Type mapping table for the ANY type. + * + * Structured or unknown types are mapped to a \phpseclib3\File\ASN1\Element. + * Unambiguous types get the direct mapping (int/real/bool). + * Others are mapped as a choice, with an extra indexing level. + * + * @var array + */ + const ANY_MAP = [ + self::TYPE_BOOLEAN => true, + self::TYPE_INTEGER => true, + self::TYPE_BIT_STRING => 'bitString', + self::TYPE_OCTET_STRING => 'octetString', + self::TYPE_NULL => 'null', + self::TYPE_OBJECT_IDENTIFIER => 'objectIdentifier', + self::TYPE_REAL => true, + self::TYPE_ENUMERATED => 'enumerated', + self::TYPE_UTF8_STRING => 'utf8String', + self::TYPE_NUMERIC_STRING => 'numericString', + self::TYPE_PRINTABLE_STRING => 'printableString', + self::TYPE_TELETEX_STRING => 'teletexString', + self::TYPE_VIDEOTEX_STRING => 'videotexString', + self::TYPE_IA5_STRING => 'ia5String', + self::TYPE_UTC_TIME => 'utcTime', + self::TYPE_GENERALIZED_TIME => 'generalTime', + self::TYPE_GRAPHIC_STRING => 'graphicString', + self::TYPE_VISIBLE_STRING => 'visibleString', + self::TYPE_GENERAL_STRING => 'generalString', + self::TYPE_UNIVERSAL_STRING => 'universalString', + //self::TYPE_CHARACTER_STRING => 'characterString', + self::TYPE_BMP_STRING => 'bmpString' + ]; + + /** + * String type to character size mapping table. + * + * Non-convertable types are absent from this table. + * size == 0 indicates variable length encoding. + * + * @var array + */ + const STRING_TYPE_SIZE = [ + self::TYPE_UTF8_STRING => 0, + self::TYPE_BMP_STRING => 2, + self::TYPE_UNIVERSAL_STRING => 4, + self::TYPE_PRINTABLE_STRING => 1, + self::TYPE_TELETEX_STRING => 1, + self::TYPE_IA5_STRING => 1, + self::TYPE_VISIBLE_STRING => 1, + ]; + + /** + * Parse BER-encoding + * + * Serves a similar purpose to openssl's asn1parse + * + * @param Element|string $encoded + * @return ?array + */ + public static function decodeBER($encoded) + { + if ($encoded instanceof Element) { + $encoded = $encoded->element; + } + + self::$encoded = $encoded; + + $decoded = self::decode_ber($encoded); + if ($decoded === false) { + return null; + } + + return [$decoded]; + } + + /** + * Parse BER-encoding (Helper function) + * + * Sometimes we want to get the BER encoding of a particular tag. $start lets us do that without having to reencode. + * $encoded is passed by reference for the recursive calls done for self::TYPE_BIT_STRING and + * self::TYPE_OCTET_STRING. In those cases, the indefinite length is used. + * + * @param string $encoded + * @param int $start + * @param int $encoded_pos + * @return array|bool + */ + private static function decode_ber($encoded, $start = 0, $encoded_pos = 0) + { + $current = ['start' => $start]; + + if (!isset($encoded[$encoded_pos])) { + return false; + } + $type = ord($encoded[$encoded_pos++]); + $startOffset = 1; + + $constructed = ($type >> 5) & 1; + + $tag = $type & 0x1F; + if ($tag == 0x1F) { + $tag = 0; + // process septets (since the eighth bit is ignored, it's not an octet) + do { + if (!isset($encoded[$encoded_pos])) { + return false; + } + $temp = ord($encoded[$encoded_pos++]); + $startOffset++; + $loop = $temp >> 7; + $tag <<= 7; + $temp &= 0x7F; + // "bits 7 to 1 of the first subsequent octet shall not all be zero" + if ($startOffset == 2 && $temp == 0) { + return false; + } + $tag |= $temp; + } while ($loop); + } + + $start += $startOffset; + + // Length, as discussed in paragraph 8.1.3 of X.690-0207.pdf#page=13 + if (!isset($encoded[$encoded_pos])) { + return false; + } + $length = ord($encoded[$encoded_pos++]); + $start++; + if ($length == 0x80) { // indefinite length + // "[A sender shall] use the indefinite form (see 8.1.3.6) if the encoding is constructed and is not all + // immediately available." -- paragraph 8.1.3.2.c + $length = strlen($encoded) - $encoded_pos; + } elseif ($length & 0x80) { // definite length, long form + // technically, the long form of the length can be represented by up to 126 octets (bytes), but we'll only + // support it up to four. + $length &= 0x7F; + $temp = substr($encoded, $encoded_pos, $length); + $encoded_pos += $length; + // tags of indefinte length don't really have a header length; this length includes the tag + $current += ['headerlength' => $length + 2]; + $start += $length; + extract(unpack('Nlength', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4))); + /** @var integer $length */ + } else { + $current += ['headerlength' => 2]; + } + + if ($length > (strlen($encoded) - $encoded_pos)) { + return false; + } + + $content = substr($encoded, $encoded_pos, $length); + $content_pos = 0; + + // at this point $length can be overwritten. it's only accurate for definite length things as is + + /* Class is UNIVERSAL, APPLICATION, PRIVATE, or CONTEXT-SPECIFIC. The UNIVERSAL class is restricted to the ASN.1 + built-in types. It defines an application-independent data type that must be distinguishable from all other + data types. The other three classes are user defined. The APPLICATION class distinguishes data types that + have a wide, scattered use within a particular presentation context. PRIVATE distinguishes data types within + a particular organization or country. CONTEXT-SPECIFIC distinguishes members of a sequence or set, the + alternatives of a CHOICE, or universally tagged set members. Only the class number appears in braces for this + data type; the term CONTEXT-SPECIFIC does not appear. + + -- http://www.obj-sys.com/asn1tutorial/node12.html */ + $class = ($type >> 6) & 3; + switch ($class) { + case self::CLASS_APPLICATION: + case self::CLASS_PRIVATE: + case self::CLASS_CONTEXT_SPECIFIC: + if (!$constructed) { + return [ + 'type' => $class, + 'constant' => $tag, + 'content' => $content, + 'length' => $length + $start - $current['start'] + ] + $current; + } + + $newcontent = []; + $remainingLength = $length; + while ($remainingLength > 0) { + $temp = self::decode_ber($content, $start, $content_pos); + if ($temp === false) { + break; + } + $length = $temp['length']; + // end-of-content octets - see paragraph 8.1.5 + if (substr($content, $content_pos + $length, 2) == "\0\0") { + $length += 2; + $start += $length; + $newcontent[] = $temp; + break; + } + $start += $length; + $remainingLength -= $length; + $newcontent[] = $temp; + $content_pos += $length; + } + + return [ + 'type' => $class, + 'constant' => $tag, + // the array encapsulation is for BC with the old format + 'content' => $newcontent, + // the only time when $content['headerlength'] isn't defined is when the length is indefinite. + // the absence of $content['headerlength'] is how we know if something is indefinite or not. + // technically, it could be defined to be 2 and then another indicator could be used but whatever. + 'length' => $start - $current['start'] + ] + $current; + } + + $current += ['type' => $tag]; + + // decode UNIVERSAL tags + switch ($tag) { + case self::TYPE_BOOLEAN: + // "The contents octets shall consist of a single octet." -- paragraph 8.2.1 + if ($constructed || strlen($content) != 1) { + return false; + } + $current['content'] = (bool) ord($content[$content_pos]); + break; + case self::TYPE_INTEGER: + case self::TYPE_ENUMERATED: + if ($constructed) { + return false; + } + $current['content'] = new BigInteger(substr($content, $content_pos), -256); + break; + case self::TYPE_REAL: // not currently supported + return false; + case self::TYPE_BIT_STRING: + // The initial octet shall encode, as an unsigned binary integer with bit 1 as the least significant bit, + // the number of unused bits in the final subsequent octet. The number shall be in the range zero to + // seven. + if (!$constructed) { + $current['content'] = substr($content, $content_pos); + } else { + $temp = self::decode_ber($content, $start, $content_pos); + if ($temp === false) { + return false; + } + $length -= (strlen($content) - $content_pos); + $last = count($temp) - 1; + for ($i = 0; $i < $last; $i++) { + // all subtags should be bit strings + if ($temp[$i]['type'] != self::TYPE_BIT_STRING) { + return false; + } + $current['content'] .= substr($temp[$i]['content'], 1); + } + // all subtags should be bit strings + if ($temp[$last]['type'] != self::TYPE_BIT_STRING) { + return false; + } + $current['content'] = $temp[$last]['content'][0] . $current['content'] . substr($temp[$i]['content'], 1); + } + break; + case self::TYPE_OCTET_STRING: + if (!$constructed) { + $current['content'] = substr($content, $content_pos); + } else { + $current['content'] = ''; + $length = 0; + while (substr($content, $content_pos, 2) != "\0\0") { + $temp = self::decode_ber($content, $length + $start, $content_pos); + if ($temp === false) { + return false; + } + $content_pos += $temp['length']; + // all subtags should be octet strings + if ($temp['type'] != self::TYPE_OCTET_STRING) { + return false; + } + $current['content'] .= $temp['content']; + $length += $temp['length']; + } + if (substr($content, $content_pos, 2) == "\0\0") { + $length += 2; // +2 for the EOC + } + } + break; + case self::TYPE_NULL: + // "The contents octets shall not contain any octets." -- paragraph 8.8.2 + if ($constructed || strlen($content)) { + return false; + } + break; + case self::TYPE_SEQUENCE: + case self::TYPE_SET: + if (!$constructed) { + return false; + } + $offset = 0; + $current['content'] = []; + $content_len = strlen($content); + while ($content_pos < $content_len) { + // if indefinite length construction was used and we have an end-of-content string next + // see paragraphs 8.1.1.3, 8.1.3.2, 8.1.3.6, 8.1.5, and (for an example) 8.6.4.2 + if (!isset($current['headerlength']) && substr($content, $content_pos, 2) == "\0\0") { + $length = $offset + 2; // +2 for the EOC + break 2; + } + $temp = self::decode_ber($content, $start + $offset, $content_pos); + if ($temp === false) { + return false; + } + $content_pos += $temp['length']; + $current['content'][] = $temp; + $offset += $temp['length']; + } + break; + case self::TYPE_OBJECT_IDENTIFIER: + if ($constructed) { + return false; + } + $current['content'] = self::decodeOID(substr($content, $content_pos)); + if ($current['content'] === false) { + return false; + } + break; + /* Each character string type shall be encoded as if it had been declared: + [UNIVERSAL x] IMPLICIT OCTET STRING + + -- X.690-0207.pdf#page=23 (paragraph 8.21.3) + + Per that, we're not going to do any validation. If there are any illegal characters in the string, + we don't really care */ + case self::TYPE_NUMERIC_STRING: + // 0,1,2,3,4,5,6,7,8,9, and space + case self::TYPE_PRINTABLE_STRING: + // Upper and lower case letters, digits, space, apostrophe, left/right parenthesis, plus sign, comma, + // hyphen, full stop, solidus, colon, equal sign, question mark + case self::TYPE_TELETEX_STRING: + // The Teletex character set in CCITT's T61, space, and delete + // see http://en.wikipedia.org/wiki/Teletex#Character_sets + case self::TYPE_VIDEOTEX_STRING: + // The Videotex character set in CCITT's T.100 and T.101, space, and delete + case self::TYPE_VISIBLE_STRING: + // Printing character sets of international ASCII, and space + case self::TYPE_IA5_STRING: + // International Alphabet 5 (International ASCII) + case self::TYPE_GRAPHIC_STRING: + // All registered G sets, and space + case self::TYPE_GENERAL_STRING: + // All registered C and G sets, space and delete + case self::TYPE_UTF8_STRING: + // ???? + case self::TYPE_BMP_STRING: + if ($constructed) { + return false; + } + $current['content'] = substr($content, $content_pos); + break; + case self::TYPE_UTC_TIME: + case self::TYPE_GENERALIZED_TIME: + if ($constructed) { + return false; + } + $current['content'] = self::decodeTime(substr($content, $content_pos), $tag); + break; + default: + return false; + } + + $start += $length; + + // ie. length is the length of the full TLV encoding - it's not just the length of the value + return $current + ['length' => $start - $current['start']]; + } + + /** + * ASN.1 Map + * + * Provides an ASN.1 semantic mapping ($mapping) from a parsed BER-encoding to a human readable format. + * + * "Special" mappings may be applied on a per tag-name basis via $special. + * + * @param array $decoded + * @param array $mapping + * @param array $special + * @return array|bool|Element|string|null + */ + public static function asn1map(array $decoded, $mapping, $special = []) + { + if (isset($mapping['explicit']) && is_array($decoded['content'])) { + $decoded = $decoded['content'][0]; + } + + switch (true) { + case $mapping['type'] == self::TYPE_ANY: + $intype = $decoded['type']; + // !isset(self::ANY_MAP[$intype]) produces a fatal error on PHP 5.6 + if (isset($decoded['constant']) || !array_key_exists($intype, self::ANY_MAP) || (ord(self::$encoded[$decoded['start']]) & 0x20)) { + return new Element(substr(self::$encoded, $decoded['start'], $decoded['length'])); + } + $inmap = self::ANY_MAP[$intype]; + if (is_string($inmap)) { + return [$inmap => self::asn1map($decoded, ['type' => $intype] + $mapping, $special)]; + } + break; + case $mapping['type'] == self::TYPE_CHOICE: + foreach ($mapping['children'] as $key => $option) { + switch (true) { + case isset($option['constant']) && $option['constant'] == $decoded['constant']: + case !isset($option['constant']) && $option['type'] == $decoded['type']: + $value = self::asn1map($decoded, $option, $special); + break; + case !isset($option['constant']) && $option['type'] == self::TYPE_CHOICE: + $v = self::asn1map($decoded, $option, $special); + if (isset($v)) { + $value = $v; + } + } + if (isset($value)) { + if (isset($special[$key])) { + $value = $special[$key]($value); + } + return [$key => $value]; + } + } + return null; + case isset($mapping['implicit']): + case isset($mapping['explicit']): + case $decoded['type'] == $mapping['type']: + break; + default: + // if $decoded['type'] and $mapping['type'] are both strings, but different types of strings, + // let it through + switch (true) { + case $decoded['type'] < 18: // self::TYPE_NUMERIC_STRING == 18 + case $decoded['type'] > 30: // self::TYPE_BMP_STRING == 30 + case $mapping['type'] < 18: + case $mapping['type'] > 30: + return null; + } + } + + if (isset($mapping['implicit'])) { + $decoded['type'] = $mapping['type']; + } + + switch ($decoded['type']) { + case self::TYPE_SEQUENCE: + $map = []; + + // ignore the min and max + if (isset($mapping['min']) && isset($mapping['max'])) { + $child = $mapping['children']; + foreach ($decoded['content'] as $content) { + if (($map[] = self::asn1map($content, $child, $special)) === null) { + return null; + } + } + + return $map; + } + + $n = count($decoded['content']); + $i = 0; + + foreach ($mapping['children'] as $key => $child) { + $maymatch = $i < $n; // Match only existing input. + if ($maymatch) { + $temp = $decoded['content'][$i]; + + if ($child['type'] != self::TYPE_CHOICE) { + // Get the mapping and input class & constant. + $childClass = $tempClass = self::CLASS_UNIVERSAL; + $constant = null; + if (isset($temp['constant'])) { + $tempClass = $temp['type']; + } + if (isset($child['class'])) { + $childClass = $child['class']; + $constant = $child['cast']; + } elseif (isset($child['constant'])) { + $childClass = self::CLASS_CONTEXT_SPECIFIC; + $constant = $child['constant']; + } + + if (isset($constant) && isset($temp['constant'])) { + // Can only match if constants and class match. + $maymatch = $constant == $temp['constant'] && $childClass == $tempClass; + } else { + // Can only match if no constant expected and type matches or is generic. + $maymatch = !isset($child['constant']) && array_search($child['type'], [$temp['type'], self::TYPE_ANY, self::TYPE_CHOICE]) !== false; + } + } + } + + if ($maymatch) { + // Attempt submapping. + $candidate = self::asn1map($temp, $child, $special); + $maymatch = $candidate !== null; + } + + if ($maymatch) { + // Got the match: use it. + if (isset($special[$key])) { + $candidate = $special[$key]($candidate); + } + $map[$key] = $candidate; + $i++; + } elseif (isset($child['default'])) { + $map[$key] = $child['default']; + } elseif (!isset($child['optional'])) { + return null; // Syntax error. + } + } + + // Fail mapping if all input items have not been consumed. + return $i < $n ? null : $map; + + // the main diff between sets and sequences is the encapsulation of the foreach in another for loop + case self::TYPE_SET: + $map = []; + + // ignore the min and max + if (isset($mapping['min']) && isset($mapping['max'])) { + $child = $mapping['children']; + foreach ($decoded['content'] as $content) { + if (($map[] = self::asn1map($content, $child, $special)) === null) { + return null; + } + } + + return $map; + } + + for ($i = 0; $i < count($decoded['content']); $i++) { + $temp = $decoded['content'][$i]; + $tempClass = self::CLASS_UNIVERSAL; + if (isset($temp['constant'])) { + $tempClass = $temp['type']; + } + + foreach ($mapping['children'] as $key => $child) { + if (isset($map[$key])) { + continue; + } + $maymatch = true; + if ($child['type'] != self::TYPE_CHOICE) { + $childClass = self::CLASS_UNIVERSAL; + $constant = null; + if (isset($child['class'])) { + $childClass = $child['class']; + $constant = $child['cast']; + } elseif (isset($child['constant'])) { + $childClass = self::CLASS_CONTEXT_SPECIFIC; + $constant = $child['constant']; + } + + if (isset($constant) && isset($temp['constant'])) { + // Can only match if constants and class match. + $maymatch = $constant == $temp['constant'] && $childClass == $tempClass; + } else { + // Can only match if no constant expected and type matches or is generic. + $maymatch = !isset($child['constant']) && array_search($child['type'], [$temp['type'], self::TYPE_ANY, self::TYPE_CHOICE]) !== false; + } + } + + if ($maymatch) { + // Attempt submapping. + $candidate = self::asn1map($temp, $child, $special); + $maymatch = $candidate !== null; + } + + if (!$maymatch) { + break; + } + + // Got the match: use it. + if (isset($special[$key])) { + $candidate = $special[$key]($candidate); + } + $map[$key] = $candidate; + break; + } + } + + foreach ($mapping['children'] as $key => $child) { + if (!isset($map[$key])) { + if (isset($child['default'])) { + $map[$key] = $child['default']; + } elseif (!isset($child['optional'])) { + return null; + } + } + } + return $map; + case self::TYPE_OBJECT_IDENTIFIER: + return isset(self::$oids[$decoded['content']]) ? self::$oids[$decoded['content']] : $decoded['content']; + case self::TYPE_UTC_TIME: + case self::TYPE_GENERALIZED_TIME: + // for explicitly tagged optional stuff + if (is_array($decoded['content'])) { + $decoded['content'] = $decoded['content'][0]['content']; + } + // for implicitly tagged optional stuff + // in theory, doing isset($mapping['implicit']) would work but malformed certs do exist + // in the wild that OpenSSL decodes without issue so we'll support them as well + if (!is_object($decoded['content'])) { + $decoded['content'] = self::decodeTime($decoded['content'], $decoded['type']); + } + return $decoded['content'] ? $decoded['content']->format(self::$format) : false; + case self::TYPE_BIT_STRING: + if (isset($mapping['mapping'])) { + $offset = ord($decoded['content'][0]); + $size = (strlen($decoded['content']) - 1) * 8 - $offset; + /* + From X.680-0207.pdf#page=46 (21.7): + + "When a "NamedBitList" is used in defining a bitstring type ASN.1 encoding rules are free to add (or remove) + arbitrarily any trailing 0 bits to (or from) values that are being encoded or decoded. Application designers should + therefore ensure that different semantics are not associated with such values which differ only in the number of trailing + 0 bits." + */ + $bits = count($mapping['mapping']) == $size ? [] : array_fill(0, count($mapping['mapping']) - $size, false); + for ($i = strlen($decoded['content']) - 1; $i > 0; $i--) { + $current = ord($decoded['content'][$i]); + for ($j = $offset; $j < 8; $j++) { + $bits[] = (bool) ($current & (1 << $j)); + } + $offset = 0; + } + $values = []; + $map = array_reverse($mapping['mapping']); + foreach ($map as $i => $value) { + if ($bits[$i]) { + $values[] = $value; + } + } + return $values; + } + // fall-through + case self::TYPE_OCTET_STRING: + return $decoded['content']; + case self::TYPE_NULL: + return ''; + case self::TYPE_BOOLEAN: + case self::TYPE_NUMERIC_STRING: + case self::TYPE_PRINTABLE_STRING: + case self::TYPE_TELETEX_STRING: + case self::TYPE_VIDEOTEX_STRING: + case self::TYPE_IA5_STRING: + case self::TYPE_GRAPHIC_STRING: + case self::TYPE_VISIBLE_STRING: + case self::TYPE_GENERAL_STRING: + case self::TYPE_UNIVERSAL_STRING: + case self::TYPE_UTF8_STRING: + case self::TYPE_BMP_STRING: + return $decoded['content']; + case self::TYPE_INTEGER: + case self::TYPE_ENUMERATED: + $temp = $decoded['content']; + if (isset($mapping['implicit'])) { + $temp = new BigInteger($decoded['content'], -256); + } + if (isset($mapping['mapping'])) { + $temp = (int) $temp->toString(); + return isset($mapping['mapping'][$temp]) ? + $mapping['mapping'][$temp] : + false; + } + return $temp; + } + } + + /** + * DER-decode the length + * + * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See + * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. + * + * @param string $string + * @return int + */ + public static function decodeLength(&$string) + { + $length = ord(Strings::shift($string)); + if ($length & 0x80) { // definite length, long form + $length &= 0x7F; + $temp = Strings::shift($string, $length); + list(, $length) = unpack('N', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4)); + } + return $length; + } + + /** + * ASN.1 Encode + * + * DER-encodes an ASN.1 semantic mapping ($mapping). Some libraries would probably call this function + * an ASN.1 compiler. + * + * "Special" mappings can be applied via $special. + * + * @param Element|string|array $source + * @param array $mapping + * @param array $special + * @return string + */ + public static function encodeDER($source, $mapping, $special = []) + { + self::$location = []; + return self::encode_der($source, $mapping, null, $special); + } + + /** + * ASN.1 Encode (Helper function) + * + * @param Element|string|array|null $source + * @param array $mapping + * @param int $idx + * @param array $special + * @return string + */ + private static function encode_der($source, array $mapping, $idx = null, array $special = []) + { + if ($source instanceof Element) { + return $source->element; + } + + // do not encode (implicitly optional) fields with value set to default + if (isset($mapping['default']) && $source === $mapping['default']) { + return ''; + } + + if (isset($idx)) { + if (isset($special[$idx])) { + $source = $special[$idx]($source); + } + self::$location[] = $idx; + } + + $tag = $mapping['type']; + + switch ($tag) { + case self::TYPE_SET: // Children order is not important, thus process in sequence. + case self::TYPE_SEQUENCE: + $tag |= 0x20; // set the constructed bit + + // ignore the min and max + if (isset($mapping['min']) && isset($mapping['max'])) { + $value = []; + $child = $mapping['children']; + + foreach ($source as $content) { + $temp = self::encode_der($content, $child, null, $special); + if ($temp === false) { + return false; + } + $value[] = $temp; + } + /* "The encodings of the component values of a set-of value shall appear in ascending order, the encodings being compared + as octet strings with the shorter components being padded at their trailing end with 0-octets. + NOTE - The padding octets are for comparison purposes only and do not appear in the encodings." + + -- sec 11.6 of http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ + if ($mapping['type'] == self::TYPE_SET) { + sort($value); + } + $value = implode('', $value); + break; + } + + $value = ''; + foreach ($mapping['children'] as $key => $child) { + if (!array_key_exists($key, $source)) { + if (!isset($child['optional'])) { + return false; + } + continue; + } + + $temp = self::encode_der($source[$key], $child, $key, $special); + if ($temp === false) { + return false; + } + + // An empty child encoding means it has been optimized out. + // Else we should have at least one tag byte. + if ($temp === '') { + continue; + } + + // if isset($child['constant']) is true then isset($child['optional']) should be true as well + if (isset($child['constant'])) { + /* + From X.680-0207.pdf#page=58 (30.6): + + "The tagging construction specifies explicit tagging if any of the following holds: + ... + c) the "Tag Type" alternative is used and the value of "TagDefault" for the module is IMPLICIT TAGS or + AUTOMATIC TAGS, but the type defined by "Type" is an untagged choice type, an untagged open type, or + an untagged "DummyReference" (see ITU-T Rec. X.683 | ISO/IEC 8824-4, 8.3)." + */ + if (isset($child['explicit']) || $child['type'] == self::TYPE_CHOICE) { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | 0x20 | $child['constant']); + $temp = $subtag . self::encodeLength(strlen($temp)) . $temp; + } else { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | (ord($temp[0]) & 0x20) | $child['constant']); + $temp = $subtag . substr($temp, 1); + } + } + $value .= $temp; + } + break; + case self::TYPE_CHOICE: + $temp = false; + + foreach ($mapping['children'] as $key => $child) { + if (!isset($source[$key])) { + continue; + } + + $temp = self::encode_der($source[$key], $child, $key, $special); + if ($temp === false) { + return false; + } + + // An empty child encoding means it has been optimized out. + // Else we should have at least one tag byte. + if ($temp === '') { + continue; + } + + $tag = ord($temp[0]); + + // if isset($child['constant']) is true then isset($child['optional']) should be true as well + if (isset($child['constant'])) { + if (isset($child['explicit']) || $child['type'] == self::TYPE_CHOICE) { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | 0x20 | $child['constant']); + $temp = $subtag . self::encodeLength(strlen($temp)) . $temp; + } else { + $subtag = chr((self::CLASS_CONTEXT_SPECIFIC << 6) | (ord($temp[0]) & 0x20) | $child['constant']); + $temp = $subtag . substr($temp, 1); + } + } + } + + if (isset($idx)) { + array_pop(self::$location); + } + + if ($temp && isset($mapping['cast'])) { + $temp[0] = chr(($mapping['class'] << 6) | ($tag & 0x20) | $mapping['cast']); + } + + return $temp; + case self::TYPE_INTEGER: + case self::TYPE_ENUMERATED: + if (!isset($mapping['mapping'])) { + if (is_numeric($source)) { + $source = new BigInteger($source); + } + $value = $source->toBytes(true); + } else { + $value = array_search($source, $mapping['mapping']); + if ($value === false) { + return false; + } + $value = new BigInteger($value); + $value = $value->toBytes(true); + } + if (!strlen($value)) { + $value = chr(0); + } + break; + case self::TYPE_UTC_TIME: + case self::TYPE_GENERALIZED_TIME: + $format = $mapping['type'] == self::TYPE_UTC_TIME ? 'y' : 'Y'; + $format .= 'mdHis'; + // if $source does _not_ include timezone information within it then assume that the timezone is GMT + $date = new \DateTime($source, new \DateTimeZone('GMT')); + // if $source _does_ include timezone information within it then convert the time to GMT + $date->setTimezone(new \DateTimeZone('GMT')); + $value = $date->format($format) . 'Z'; + break; + case self::TYPE_BIT_STRING: + if (isset($mapping['mapping'])) { + $bits = array_fill(0, count($mapping['mapping']), 0); + $size = 0; + for ($i = 0; $i < count($mapping['mapping']); $i++) { + if (in_array($mapping['mapping'][$i], $source)) { + $bits[$i] = 1; + $size = $i; + } + } + + if (isset($mapping['min']) && $mapping['min'] >= 1 && $size < $mapping['min']) { + $size = $mapping['min'] - 1; + } + + $offset = 8 - (($size + 1) & 7); + $offset = $offset !== 8 ? $offset : 0; + + $value = chr($offset); + + for ($i = $size + 1; $i < count($mapping['mapping']); $i++) { + unset($bits[$i]); + } + + $bits = implode('', array_pad($bits, $size + $offset + 1, 0)); + $bytes = explode(' ', rtrim(chunk_split($bits, 8, ' '))); + foreach ($bytes as $byte) { + $value .= chr(bindec($byte)); + } + + break; + } + // fall-through + case self::TYPE_OCTET_STRING: + /* The initial octet shall encode, as an unsigned binary integer with bit 1 as the least significant bit, + the number of unused bits in the final subsequent octet. The number shall be in the range zero to seven. + + -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=16 */ + $value = $source; + break; + case self::TYPE_OBJECT_IDENTIFIER: + $value = self::encodeOID($source); + break; + case self::TYPE_ANY: + $loc = self::$location; + if (isset($idx)) { + array_pop(self::$location); + } + + switch (true) { + case !isset($source): + return self::encode_der(null, ['type' => self::TYPE_NULL] + $mapping, null, $special); + case is_int($source): + case $source instanceof BigInteger: + return self::encode_der($source, ['type' => self::TYPE_INTEGER] + $mapping, null, $special); + case is_float($source): + return self::encode_der($source, ['type' => self::TYPE_REAL] + $mapping, null, $special); + case is_bool($source): + return self::encode_der($source, ['type' => self::TYPE_BOOLEAN] + $mapping, null, $special); + case is_array($source) && count($source) == 1: + $typename = implode('', array_keys($source)); + $outtype = array_search($typename, self::ANY_MAP, true); + if ($outtype !== false) { + return self::encode_der($source[$typename], ['type' => $outtype] + $mapping, null, $special); + } + } + + $filters = self::$filters; + foreach ($loc as $part) { + if (!isset($filters[$part])) { + $filters = false; + break; + } + $filters = $filters[$part]; + } + if ($filters === false) { + throw new \RuntimeException('No filters defined for ' . implode('/', $loc)); + } + return self::encode_der($source, $filters + $mapping, null, $special); + case self::TYPE_NULL: + $value = ''; + break; + case self::TYPE_NUMERIC_STRING: + case self::TYPE_TELETEX_STRING: + case self::TYPE_PRINTABLE_STRING: + case self::TYPE_UNIVERSAL_STRING: + case self::TYPE_UTF8_STRING: + case self::TYPE_BMP_STRING: + case self::TYPE_IA5_STRING: + case self::TYPE_VISIBLE_STRING: + case self::TYPE_VIDEOTEX_STRING: + case self::TYPE_GRAPHIC_STRING: + case self::TYPE_GENERAL_STRING: + $value = $source; + break; + case self::TYPE_BOOLEAN: + $value = $source ? "\xFF" : "\x00"; + break; + default: + throw new \RuntimeException('Mapping provides no type definition for ' . implode('/', self::$location)); + } + + if (isset($idx)) { + array_pop(self::$location); + } + + if (isset($mapping['cast'])) { + if (isset($mapping['explicit']) || $mapping['type'] == self::TYPE_CHOICE) { + $value = chr($tag) . self::encodeLength(strlen($value)) . $value; + $tag = ($mapping['class'] << 6) | 0x20 | $mapping['cast']; + } else { + $tag = ($mapping['class'] << 6) | (ord($temp[0]) & 0x20) | $mapping['cast']; + } + } + + return chr($tag) . self::encodeLength(strlen($value)) . $value; + } + + /** + * BER-decode the OID + * + * Called by _decode_ber() + * + * @param string $content + * @return string + */ + public static function decodeOID($content) + { + static $eighty; + if (!$eighty) { + $eighty = new BigInteger(80); + } + + $oid = []; + $pos = 0; + $len = strlen($content); + // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55 + if ($len > 4096) { + //throw new \RuntimeException("Object identifier size is limited to 4096 bytes ($len bytes present)"); + return false; + } + + if (ord($content[$len - 1]) & 0x80) { + return false; + } + + $n = new BigInteger(); + while ($pos < $len) { + $temp = ord($content[$pos++]); + $n = $n->bitwise_leftShift(7); + $n = $n->bitwise_or(new BigInteger($temp & 0x7F)); + if (~$temp & 0x80) { + $oid[] = $n; + $n = new BigInteger(); + } + } + $part1 = array_shift($oid); + $first = floor(ord($content[0]) / 40); + /* + "This packing of the first two object identifier components recognizes that only three values are allocated from the root + node, and at most 39 subsequent values from nodes reached by X = 0 and X = 1." + + -- https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=22 + */ + if ($first <= 2) { // ie. 0 <= ord($content[0]) < 120 (0x78) + array_unshift($oid, ord($content[0]) % 40); + array_unshift($oid, $first); + } else { + array_unshift($oid, $part1->subtract($eighty)); + array_unshift($oid, 2); + } + + return implode('.', $oid); + } + + /** + * DER-encode the OID + * + * Called by _encode_der() + * + * @param string $source + * @return string + */ + public static function encodeOID($source) + { + static $mask, $zero, $forty; + if (!$mask) { + $mask = new BigInteger(0x7F); + $zero = new BigInteger(); + $forty = new BigInteger(40); + } + + if (!preg_match('#(?:\d+\.)+#', $source)) { + $oid = isset(self::$reverseOIDs[$source]) ? self::$reverseOIDs[$source] : false; + } else { + $oid = $source; + } + if ($oid === false) { + throw new \RuntimeException('Invalid OID'); + } + + $parts = explode('.', $oid); + $part1 = array_shift($parts); + $part2 = array_shift($parts); + + $first = new BigInteger($part1); + $first = $first->multiply($forty); + $first = $first->add(new BigInteger($part2)); + + array_unshift($parts, $first->toString()); + + $value = ''; + foreach ($parts as $part) { + if (!$part) { + $temp = "\0"; + } else { + $temp = ''; + $part = new BigInteger($part); + while (!$part->equals($zero)) { + $submask = $part->bitwise_and($mask); + $submask->setPrecision(8); + $temp = (chr(0x80) | $submask->toBytes()) . $temp; + $part = $part->bitwise_rightShift(7); + } + $temp[strlen($temp) - 1] = $temp[strlen($temp) - 1] & chr(0x7F); + } + $value .= $temp; + } + + return $value; + } + + /** + * BER-decode the time + * + * Called by _decode_ber() and in the case of implicit tags asn1map(). + * + * @param string $content + * @param int $tag + * @return \DateTime|false + */ + private static function decodeTime($content, $tag) + { + /* UTCTime: + http://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 + http://www.obj-sys.com/asn1tutorial/node15.html + + GeneralizedTime: + http://tools.ietf.org/html/rfc5280#section-4.1.2.5.2 + http://www.obj-sys.com/asn1tutorial/node14.html */ + + $format = 'YmdHis'; + + if ($tag == self::TYPE_UTC_TIME) { + // https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=28 says "the seconds + // element shall always be present" but none-the-less I've seen X509 certs where it isn't and if the + // browsers parse it phpseclib ought to too + if (preg_match('#^(\d{10})(Z|[+-]\d{4})$#', $content, $matches)) { + $content = $matches[1] . '00' . $matches[2]; + } + $prefix = substr($content, 0, 2) >= 50 ? '19' : '20'; + $content = $prefix . $content; + } elseif (strpos($content, '.') !== false) { + $format .= '.u'; + } + + if ($content[strlen($content) - 1] == 'Z') { + $content = substr($content, 0, -1) . '+0000'; + } + + if (strpos($content, '-') !== false || strpos($content, '+') !== false) { + $format .= 'O'; + } + + // error supression isn't necessary as of PHP 7.0: + // http://php.net/manual/en/migration70.other-changes.php + return @\DateTime::createFromFormat($format, $content); + } + + /** + * Set the time format + * + * Sets the time / date format for asn1map(). + * + * @param string $format + */ + public static function setTimeFormat($format) + { + self::$format = $format; + } + + /** + * Load OIDs + * + * Load the relevant OIDs for a particular ASN.1 semantic mapping. + * Previously loaded OIDs are retained. + * + * @param array $oids + */ + public static function loadOIDs(array $oids) + { + self::$reverseOIDs += $oids; + self::$oids = array_flip(self::$reverseOIDs); + } + + /** + * Set filters + * + * See \phpseclib3\File\X509, etc, for an example. + * Previously loaded filters are not retained. + * + * @param array $filters + */ + public static function setFilters(array $filters) + { + self::$filters = $filters; + } + + /** + * String type conversion + * + * This is a lazy conversion, dealing only with character size. + * No real conversion table is used. + * + * @param string $in + * @param int $from + * @param int $to + * @return string + */ + public static function convert($in, $from = self::TYPE_UTF8_STRING, $to = self::TYPE_UTF8_STRING) + { + // isset(self::STRING_TYPE_SIZE[$from] returns a fatal error on PHP 5.6 + if (!array_key_exists($from, self::STRING_TYPE_SIZE) || !array_key_exists($to, self::STRING_TYPE_SIZE)) { + return false; + } + $insize = self::STRING_TYPE_SIZE[$from]; + $outsize = self::STRING_TYPE_SIZE[$to]; + $inlength = strlen($in); + $out = ''; + + for ($i = 0; $i < $inlength;) { + if ($inlength - $i < $insize) { + return false; + } + + // Get an input character as a 32-bit value. + $c = ord($in[$i++]); + switch (true) { + case $insize == 4: + $c = ($c << 8) | ord($in[$i++]); + $c = ($c << 8) | ord($in[$i++]); + // fall-through + case $insize == 2: + $c = ($c << 8) | ord($in[$i++]); + // fall-through + case $insize == 1: + break; + case ($c & 0x80) == 0x00: + break; + case ($c & 0x40) == 0x00: + return false; + default: + $bit = 6; + do { + if ($bit > 25 || $i >= $inlength || (ord($in[$i]) & 0xC0) != 0x80) { + return false; + } + $c = ($c << 6) | (ord($in[$i++]) & 0x3F); + $bit += 5; + $mask = 1 << $bit; + } while ($c & $bit); + $c &= $mask - 1; + break; + } + + // Convert and append the character to output string. + $v = ''; + switch (true) { + case $outsize == 4: + $v .= chr($c & 0xFF); + $c >>= 8; + $v .= chr($c & 0xFF); + $c >>= 8; + // fall-through + case $outsize == 2: + $v .= chr($c & 0xFF); + $c >>= 8; + // fall-through + case $outsize == 1: + $v .= chr($c & 0xFF); + $c >>= 8; + if ($c) { + return false; + } + break; + case ($c & (PHP_INT_SIZE == 8 ? 0x80000000 : (1 << 31))) != 0: + return false; + case $c >= 0x04000000: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x04000000; + // fall-through + case $c >= 0x00200000: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x00200000; + // fall-through + case $c >= 0x00010000: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x00010000; + // fall-through + case $c >= 0x00000800: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x00000800; + // fall-through + case $c >= 0x00000080: + $v .= chr(0x80 | ($c & 0x3F)); + $c = ($c >> 6) | 0x000000C0; + // fall-through + default: + $v .= chr($c); + break; + } + $out .= strrev($v); + } + return $out; + } + + /** + * Extract raw BER from Base64 encoding + * + * @param string $str + * @return string + */ + public static function extractBER($str) + { + /* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them + * above and beyond the ceritificate. + * ie. some may have the following preceding the -----BEGIN CERTIFICATE----- line: + * + * Bag Attributes + * localKeyID: 01 00 00 00 + * subject=/O=organization/OU=org unit/CN=common name + * issuer=/O=organization/CN=common name + */ + if (strlen($str) > ini_get('pcre.backtrack_limit')) { + $temp = $str; + } else { + $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1); + $temp = preg_replace('#-+END.*[\r\n ]*.*#ms', '', $temp, 1); + } + // remove new lines + $temp = str_replace(["\r", "\n", ' '], '', $temp); + // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff + $temp = preg_replace('#^-+[^-]+-+|-+[^-]+-+$#', '', $temp); + $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Strings::base64_decode($temp) : false; + return $temp != false ? $temp : $str; + } + + /** + * DER-encode the length + * + * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See + * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. + * + * @param int $length + * @return string + */ + public static function encodeLength($length) + { + if ($length <= 0x7F) { + return chr($length); + } + + $temp = ltrim(pack('N', $length), chr(0)); + return pack('Ca*', 0x80 | strlen($temp), $temp); + } + + /** + * Returns the OID corresponding to a name + * + * What's returned in the associative array returned by loadX509() (or load*()) is either a name or an OID if + * no OID to name mapping is available. The problem with this is that what may be an unmapped OID in one version + * of phpseclib may not be unmapped in the next version, so apps that are looking at this OID may not be able + * to work from version to version. + * + * This method will return the OID if a name is passed to it and if no mapping is avialable it'll assume that + * what's being passed to it already is an OID and return that instead. A few examples. + * + * getOID('2.16.840.1.101.3.4.2.1') == '2.16.840.1.101.3.4.2.1' + * getOID('id-sha256') == '2.16.840.1.101.3.4.2.1' + * getOID('zzz') == 'zzz' + * + * @param string $name + * @return string + */ + public static function getOID($name) + { + return isset(self::$reverseOIDs[$name]) ? self::$reverseOIDs[$name] : $name; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Element.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Element.php new file mode 100644 index 0000000..ae4b764 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Element.php @@ -0,0 +1,43 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1; + +/** + * ASN.1 Raw Element + * + * An ASN.1 ANY mapping will return an ASN1\Element object. Use of this object + * will also bypass the normal encoding rules in ASN1::encodeDER() + * + * @author Jim Wigginton + */ +class Element +{ + /** + * Raw element value + * + * @var string + */ + public $element; + + /** + * Constructor + * + * @param string $encoded + * @return Element + */ + public function __construct($encoded) + { + $this->element = $encoded; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AccessDescription.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AccessDescription.php new file mode 100644 index 0000000..1cbc5a5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AccessDescription.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AccessDescription + * + * @author Jim Wigginton + */ +abstract class AccessDescription +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'accessMethod' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'accessLocation' => GeneralName::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AdministrationDomainName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AdministrationDomainName.php new file mode 100644 index 0000000..04183a1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AdministrationDomainName.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AdministrationDomainName + * + * @author Jim Wigginton + */ +abstract class AdministrationDomainName +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + // if class isn't present it's assumed to be \phpseclib3\File\ASN1::CLASS_UNIVERSAL or + // (if constant is present) \phpseclib3\File\ASN1::CLASS_CONTEXT_SPECIFIC + 'class' => ASN1::CLASS_APPLICATION, + 'cast' => 2, + 'children' => [ + 'numeric' => ['type' => ASN1::TYPE_NUMERIC_STRING], + 'printable' => ['type' => ASN1::TYPE_PRINTABLE_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AlgorithmIdentifier.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AlgorithmIdentifier.php new file mode 100644 index 0000000..0da7eb1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AlgorithmIdentifier.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AlgorithmIdentifier + * + * @author Jim Wigginton + */ +abstract class AlgorithmIdentifier +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'algorithm' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'parameters' => [ + 'type' => ASN1::TYPE_ANY, + 'optional' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AnotherName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AnotherName.php new file mode 100644 index 0000000..d96c170 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AnotherName.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AnotherName + * + * @author Jim Wigginton + */ +abstract class AnotherName +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type-id' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'value' => [ + 'type' => ASN1::TYPE_ANY, + 'constant' => 0, + 'optional' => true, + 'explicit' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Attribute.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Attribute.php new file mode 100644 index 0000000..38a6aee --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Attribute.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Attribute + * + * @author Jim Wigginton + */ +abstract class Attribute +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type' => AttributeType::MAP, + 'value' => [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => -1, + 'children' => AttributeValue::MAP + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeType.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeType.php new file mode 100644 index 0000000..5cbc2bc --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeType.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AttributeType + * + * @author Jim Wigginton + */ +abstract class AttributeType +{ + const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeTypeAndValue.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeTypeAndValue.php new file mode 100644 index 0000000..fe414f1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeTypeAndValue.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AttributeTypeAndValue + * + * @author Jim Wigginton + */ +abstract class AttributeTypeAndValue +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type' => AttributeType::MAP, + 'value' => AttributeValue::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeValue.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeValue.php new file mode 100644 index 0000000..3b3b6d2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AttributeValue.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AttributeValue + * + * @author Jim Wigginton + */ +abstract class AttributeValue +{ + const MAP = ['type' => ASN1::TYPE_ANY]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Attributes.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Attributes.php new file mode 100644 index 0000000..cd53ecf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Attributes.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Attributes + * + * @author Jim Wigginton + */ +abstract class Attributes +{ + const MAP = [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => -1, + 'children' => Attribute::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AuthorityInfoAccessSyntax.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AuthorityInfoAccessSyntax.php new file mode 100644 index 0000000..3e80a55 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AuthorityInfoAccessSyntax.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AuthorityInfoAccessSyntax + * + * @author Jim Wigginton + */ +abstract class AuthorityInfoAccessSyntax +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => AccessDescription::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AuthorityKeyIdentifier.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AuthorityKeyIdentifier.php new file mode 100644 index 0000000..e7ec5b2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/AuthorityKeyIdentifier.php @@ -0,0 +1,45 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * AuthorityKeyIdentifier + * + * @author Jim Wigginton + */ +abstract class AuthorityKeyIdentifier +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'keyIdentifier' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + KeyIdentifier::MAP, + 'authorityCertIssuer' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + GeneralNames::MAP, + 'authorityCertSerialNumber' => [ + 'constant' => 2, + 'optional' => true, + 'implicit' => true + ] + CertificateSerialNumber::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BaseDistance.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BaseDistance.php new file mode 100644 index 0000000..e59668a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BaseDistance.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BaseDistance + * + * @author Jim Wigginton + */ +abstract class BaseDistance +{ + const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BasicConstraints.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BasicConstraints.php new file mode 100644 index 0000000..587ef1b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BasicConstraints.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BasicConstraints + * + * @author Jim Wigginton + */ +abstract class BasicConstraints +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'cA' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'optional' => true, + 'default' => false + ], + 'pathLenConstraint' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttribute.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttribute.php new file mode 100644 index 0000000..e81bc78 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttribute.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BuiltInDomainDefinedAttribute + * + * @author Jim Wigginton + */ +abstract class BuiltInDomainDefinedAttribute +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'type' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + 'value' => ['type' => ASN1::TYPE_PRINTABLE_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttributes.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttributes.php new file mode 100644 index 0000000..471e88f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInDomainDefinedAttributes.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BuiltInDomainDefinedAttributes + * + * @author Jim Wigginton + */ +abstract class BuiltInDomainDefinedAttributes +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => 4, // ub-domain-defined-attributes + 'children' => BuiltInDomainDefinedAttribute::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInStandardAttributes.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInStandardAttributes.php new file mode 100644 index 0000000..752f400 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/BuiltInStandardAttributes.php @@ -0,0 +1,67 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * BuiltInStandardAttributes + * + * @author Jim Wigginton + */ +abstract class BuiltInStandardAttributes +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'country-name' => ['optional' => true] + CountryName::MAP, + 'administration-domain-name' => ['optional' => true] + AdministrationDomainName::MAP, + 'network-address' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + NetworkAddress::MAP, + 'terminal-identifier' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + TerminalIdentifier::MAP, + 'private-domain-name' => [ + 'constant' => 2, + 'optional' => true, + 'explicit' => true + ] + PrivateDomainName::MAP, + 'organization-name' => [ + 'constant' => 3, + 'optional' => true, + 'implicit' => true + ] + OrganizationName::MAP, + 'numeric-user-identifier' => [ + 'constant' => 4, + 'optional' => true, + 'implicit' => true + ] + NumericUserIdentifier::MAP, + 'personal-name' => [ + 'constant' => 5, + 'optional' => true, + 'implicit' => true + ] + PersonalName::MAP, + 'organizational-unit-names' => [ + 'constant' => 6, + 'optional' => true, + 'implicit' => true + ] + OrganizationalUnitNames::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CPSuri.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CPSuri.php new file mode 100644 index 0000000..56e5888 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CPSuri.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CPSuri + * + * @author Jim Wigginton + */ +abstract class CPSuri +{ + const MAP = ['type' => ASN1::TYPE_IA5_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLDistributionPoints.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLDistributionPoints.php new file mode 100644 index 0000000..79860b2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLDistributionPoints.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CRLDistributionPoints + * + * @author Jim Wigginton + */ +abstract class CRLDistributionPoints +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => DistributionPoint::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLNumber.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLNumber.php new file mode 100644 index 0000000..f6cb956 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLNumber.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CRLNumber + * + * @author Jim Wigginton + */ +abstract class CRLNumber +{ + const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLReason.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLReason.php new file mode 100644 index 0000000..d373652 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CRLReason.php @@ -0,0 +1,41 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CRLReason + * + * @author Jim Wigginton + */ +abstract class CRLReason +{ + const MAP = [ + 'type' => ASN1::TYPE_ENUMERATED, + 'mapping' => [ + 'unspecified', + 'keyCompromise', + 'cACompromise', + 'affiliationChanged', + 'superseded', + 'cessationOfOperation', + 'certificateHold', + // Value 7 is not used. + 8 => 'removeFromCRL', + 'privilegeWithdrawn', + 'aACompromise' + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertPolicyId.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertPolicyId.php new file mode 100644 index 0000000..d7e7776 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertPolicyId.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertPolicyId + * + * @author Jim Wigginton + */ +abstract class CertPolicyId +{ + const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Certificate.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Certificate.php new file mode 100644 index 0000000..01943a0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Certificate.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Certificate + * + * @author Jim Wigginton + */ +abstract class Certificate +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'tbsCertificate' => TBSCertificate::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateIssuer.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateIssuer.php new file mode 100644 index 0000000..ccd68dd --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateIssuer.php @@ -0,0 +1,24 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +/** + * CertificateIssuer + * + * @author Jim Wigginton + */ +abstract class CertificateIssuer +{ + const MAP = GeneralNames::MAP; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateList.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateList.php new file mode 100644 index 0000000..d54ed6d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateList.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificateList + * + * @author Jim Wigginton + */ +abstract class CertificateList +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'tbsCertList' => TBSCertList::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificatePolicies.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificatePolicies.php new file mode 100644 index 0000000..ec0fa6b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificatePolicies.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificatePolicies + * + * @author Jim Wigginton + */ +abstract class CertificatePolicies +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => PolicyInformation::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateSerialNumber.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateSerialNumber.php new file mode 100644 index 0000000..06ec944 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificateSerialNumber.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificateSerialNumber + * + * @author Jim Wigginton + */ +abstract class CertificateSerialNumber +{ + const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificationRequest.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificationRequest.php new file mode 100644 index 0000000..2da70ed --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificationRequest.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificationRequest + * + * @author Jim Wigginton + */ +abstract class CertificationRequest +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'certificationRequestInfo' => CertificationRequestInfo::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificationRequestInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificationRequestInfo.php new file mode 100644 index 0000000..ce6dc88 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CertificationRequestInfo.php @@ -0,0 +1,41 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CertificationRequestInfo + * + * @author Jim Wigginton + */ +abstract class CertificationRequestInfo +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1'] + ], + 'subject' => Name::MAP, + 'subjectPKInfo' => SubjectPublicKeyInfo::MAP, + 'attributes' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + Attributes::MAP, + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Characteristic_two.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Characteristic_two.php new file mode 100644 index 0000000..5bf59bb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Characteristic_two.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Characteristic_two + * + * @author Jim Wigginton + */ +abstract class Characteristic_two +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'm' => ['type' => ASN1::TYPE_INTEGER], // field size 2**m + 'basis' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'parameters' => [ + 'type' => ASN1::TYPE_ANY, + 'optional' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CountryName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CountryName.php new file mode 100644 index 0000000..737d844 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/CountryName.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * CountryName + * + * @author Jim Wigginton + */ +abstract class CountryName +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + // if class isn't present it's assumed to be \phpseclib3\File\ASN1::CLASS_UNIVERSAL or + // (if constant is present) \phpseclib3\File\ASN1::CLASS_CONTEXT_SPECIFIC + 'class' => ASN1::CLASS_APPLICATION, + 'cast' => 1, + 'children' => [ + 'x121-dcc-code' => ['type' => ASN1::TYPE_NUMERIC_STRING], + 'iso-3166-alpha2-code' => ['type' => ASN1::TYPE_PRINTABLE_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Curve.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Curve.php new file mode 100644 index 0000000..621f103 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Curve.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Curve + * + * @author Jim Wigginton + */ +abstract class Curve +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'a' => FieldElement::MAP, + 'b' => FieldElement::MAP, + 'seed' => [ + 'type' => ASN1::TYPE_BIT_STRING, + 'optional' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DHParameter.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DHParameter.php new file mode 100644 index 0000000..26863db --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DHParameter.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DHParameter + * + * @author Jim Wigginton + */ +abstract class DHParameter +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'prime' => ['type' => ASN1::TYPE_INTEGER], + 'base' => ['type' => ASN1::TYPE_INTEGER], + 'privateValueLength' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAParams.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAParams.php new file mode 100644 index 0000000..7af397b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAParams.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DSAParams + * + * @author Jim Wigginton + */ +abstract class DSAParams +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'p' => ['type' => ASN1::TYPE_INTEGER], + 'q' => ['type' => ASN1::TYPE_INTEGER], + 'g' => ['type' => ASN1::TYPE_INTEGER] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAPrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAPrivateKey.php new file mode 100644 index 0000000..d97cd02 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAPrivateKey.php @@ -0,0 +1,36 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DSAPrivateKey + * + * @author Jim Wigginton + */ +abstract class DSAPrivateKey +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => ['type' => ASN1::TYPE_INTEGER], + 'p' => ['type' => ASN1::TYPE_INTEGER], + 'q' => ['type' => ASN1::TYPE_INTEGER], + 'g' => ['type' => ASN1::TYPE_INTEGER], + 'y' => ['type' => ASN1::TYPE_INTEGER], + 'x' => ['type' => ASN1::TYPE_INTEGER] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAPublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAPublicKey.php new file mode 100644 index 0000000..f795747 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DSAPublicKey.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DSAPublicKey + * + * @author Jim Wigginton + */ +abstract class DSAPublicKey +{ + const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DigestInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DigestInfo.php new file mode 100644 index 0000000..b38ff3c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DigestInfo.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DigestInfo + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class DigestInfo +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'digestAlgorithm' => AlgorithmIdentifier::MAP, + 'digest' => ['type' => ASN1::TYPE_OCTET_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DirectoryString.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DirectoryString.php new file mode 100644 index 0000000..45218e3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DirectoryString.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DirectoryString + * + * @author Jim Wigginton + */ +abstract class DirectoryString +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'teletexString' => ['type' => ASN1::TYPE_TELETEX_STRING], + 'printableString' => ['type' => ASN1::TYPE_PRINTABLE_STRING], + 'universalString' => ['type' => ASN1::TYPE_UNIVERSAL_STRING], + 'utf8String' => ['type' => ASN1::TYPE_UTF8_STRING], + 'bmpString' => ['type' => ASN1::TYPE_BMP_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DisplayText.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DisplayText.php new file mode 100644 index 0000000..a13e6a6 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DisplayText.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DisplayText + * + * @author Jim Wigginton + */ +abstract class DisplayText +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'ia5String' => ['type' => ASN1::TYPE_IA5_STRING], + 'visibleString' => ['type' => ASN1::TYPE_VISIBLE_STRING], + 'bmpString' => ['type' => ASN1::TYPE_BMP_STRING], + 'utf8String' => ['type' => ASN1::TYPE_UTF8_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DistributionPoint.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DistributionPoint.php new file mode 100644 index 0000000..4d9af6b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DistributionPoint.php @@ -0,0 +1,45 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DistributionPoint + * + * @author Jim Wigginton + */ +abstract class DistributionPoint +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'distributionPoint' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true + ] + DistributionPointName::MAP, + 'reasons' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + ReasonFlags::MAP, + 'cRLIssuer' => [ + 'constant' => 2, + 'optional' => true, + 'implicit' => true + ] + GeneralNames::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DistributionPointName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DistributionPointName.php new file mode 100644 index 0000000..bc0cec8 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DistributionPointName.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DistributionPointName + * + * @author Jim Wigginton + */ +abstract class DistributionPointName +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'fullName' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + GeneralNames::MAP, + 'nameRelativeToCRLIssuer' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + RelativeDistinguishedName::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DssSigValue.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DssSigValue.php new file mode 100644 index 0000000..2af7408 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/DssSigValue.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * DssSigValue + * + * @author Jim Wigginton + */ +abstract class DssSigValue +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'r' => ['type' => ASN1::TYPE_INTEGER], + 's' => ['type' => ASN1::TYPE_INTEGER] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECParameters.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECParameters.php new file mode 100644 index 0000000..f25f6fa --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECParameters.php @@ -0,0 +1,45 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ECParameters + * + * ECParameters ::= CHOICE { + * namedCurve OBJECT IDENTIFIER + * -- implicitCurve NULL + * -- specifiedCurve SpecifiedECDomain + * } + * -- implicitCurve and specifiedCurve MUST NOT be used in PKIX. + * -- Details for SpecifiedECDomain can be found in [X9.62]. + * -- Any future additions to this CHOICE should be coordinated + * -- with ANSI X9. + * + * @author Jim Wigginton + */ +abstract class ECParameters +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'namedCurve' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'implicitCurve' => ['type' => ASN1::TYPE_NULL], + 'specifiedCurve' => SpecifiedECDomain::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECPoint.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECPoint.php new file mode 100644 index 0000000..fb11db8 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECPoint.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ECPoint + * + * @author Jim Wigginton + */ +abstract class ECPoint +{ + const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECPrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECPrivateKey.php new file mode 100644 index 0000000..7454f38 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ECPrivateKey.php @@ -0,0 +1,48 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ECPrivateKey + * + * @author Jim Wigginton + */ +abstract class ECPrivateKey +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => [1 => 'ecPrivkeyVer1'] + ], + 'privateKey' => ['type' => ASN1::TYPE_OCTET_STRING], + 'parameters' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true + ] + ECParameters::MAP, + 'publicKey' => [ + 'type' => ASN1::TYPE_BIT_STRING, + 'constant' => 1, + 'optional' => true, + 'explicit' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EDIPartyName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EDIPartyName.php new file mode 100644 index 0000000..ea7dcf1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EDIPartyName.php @@ -0,0 +1,42 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EDIPartyName + * + * @author Jim Wigginton + */ +abstract class EDIPartyName +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'nameAssigner' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + DirectoryString::MAP, + // partyName is technically required but \phpseclib3\File\ASN1 doesn't currently support non-optional constants and + // setting it to optional gets the job done in any event. + 'partyName' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + DirectoryString::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EcdsaSigValue.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EcdsaSigValue.php new file mode 100644 index 0000000..8ab9ff1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EcdsaSigValue.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EcdsaSigValue + * + * @author Jim Wigginton + */ +abstract class EcdsaSigValue +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'r' => ['type' => ASN1::TYPE_INTEGER], + 's' => ['type' => ASN1::TYPE_INTEGER] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EncryptedData.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EncryptedData.php new file mode 100644 index 0000000..8d8739e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EncryptedData.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EncryptedData + * + * @author Jim Wigginton + */ +abstract class EncryptedData +{ + const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EncryptedPrivateKeyInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EncryptedPrivateKeyInfo.php new file mode 100644 index 0000000..2c93567 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/EncryptedPrivateKeyInfo.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * EncryptedPrivateKeyInfo + * + * @author Jim Wigginton + */ +abstract class EncryptedPrivateKeyInfo +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'encryptionAlgorithm' => AlgorithmIdentifier::MAP, + 'encryptedData' => EncryptedData::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtKeyUsageSyntax.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtKeyUsageSyntax.php new file mode 100644 index 0000000..f9bc5de --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtKeyUsageSyntax.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ExtKeyUsageSyntax + * + * @author Jim Wigginton + */ +abstract class ExtKeyUsageSyntax +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => KeyPurposeId::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Extension.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Extension.php new file mode 100644 index 0000000..e32668f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Extension.php @@ -0,0 +1,43 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Extension + * + * A certificate using system MUST reject the certificate if it encounters + * a critical extension it does not recognize; however, a non-critical + * extension may be ignored if it is not recognized. + * + * http://tools.ietf.org/html/rfc5280#section-4.2 + * + * @author Jim Wigginton + */ +abstract class Extension +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'extnId' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'critical' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'optional' => true, + 'default' => false + ], + 'extnValue' => ['type' => ASN1::TYPE_OCTET_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtensionAttribute.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtensionAttribute.php new file mode 100644 index 0000000..565b36d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtensionAttribute.php @@ -0,0 +1,42 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ExtensionAttribute + * + * @author Jim Wigginton + */ +abstract class ExtensionAttribute +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'extension-attribute-type' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ], + 'extension-attribute-value' => [ + 'type' => ASN1::TYPE_ANY, + 'constant' => 1, + 'optional' => true, + 'explicit' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtensionAttributes.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtensionAttributes.php new file mode 100644 index 0000000..a2e9bfa --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ExtensionAttributes.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ExtensionAttributes + * + * @author Jim Wigginton + */ +abstract class ExtensionAttributes +{ + const MAP = [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => 256, // ub-extension-attributes + 'children' => ExtensionAttribute::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Extensions.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Extensions.php new file mode 100644 index 0000000..5015c97 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Extensions.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Extensions + * + * @author Jim Wigginton + */ +abstract class Extensions +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + // technically, it's MAX, but we'll assume anything < 0 is MAX + 'max' => -1, + // if 'children' isn't an array then 'min' and 'max' must be defined + 'children' => Extension::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/FieldElement.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/FieldElement.php new file mode 100644 index 0000000..3173407 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/FieldElement.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * FieldElement + * + * @author Jim Wigginton + */ +abstract class FieldElement +{ + const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/FieldID.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/FieldID.php new file mode 100644 index 0000000..e32a9c0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/FieldID.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * FieldID + * + * @author Jim Wigginton + */ +abstract class FieldID +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'fieldType' => ['type' => ASN1::TYPE_OBJECT_IDENTIFIER], + 'parameters' => [ + 'type' => ASN1::TYPE_ANY, + 'optional' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralName.php new file mode 100644 index 0000000..57d86da --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralName.php @@ -0,0 +1,80 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralName + * + * @author Jim Wigginton + */ +abstract class GeneralName +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'otherName' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + AnotherName::MAP, + 'rfc822Name' => [ + 'type' => ASN1::TYPE_IA5_STRING, + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ], + 'dNSName' => [ + 'type' => ASN1::TYPE_IA5_STRING, + 'constant' => 2, + 'optional' => true, + 'implicit' => true + ], + 'x400Address' => [ + 'constant' => 3, + 'optional' => true, + 'implicit' => true + ] + ORAddress::MAP, + 'directoryName' => [ + 'constant' => 4, + 'optional' => true, + 'explicit' => true + ] + Name::MAP, + 'ediPartyName' => [ + 'constant' => 5, + 'optional' => true, + 'implicit' => true + ] + EDIPartyName::MAP, + 'uniformResourceIdentifier' => [ + 'type' => ASN1::TYPE_IA5_STRING, + 'constant' => 6, + 'optional' => true, + 'implicit' => true + ], + 'iPAddress' => [ + 'type' => ASN1::TYPE_OCTET_STRING, + 'constant' => 7, + 'optional' => true, + 'implicit' => true + ], + 'registeredID' => [ + 'type' => ASN1::TYPE_OBJECT_IDENTIFIER, + 'constant' => 8, + 'optional' => true, + 'implicit' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralNames.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralNames.php new file mode 100644 index 0000000..5d93153 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralNames.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralNames + * + * @author Jim Wigginton + */ +abstract class GeneralNames +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => GeneralName::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralSubtree.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralSubtree.php new file mode 100644 index 0000000..5388db5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralSubtree.php @@ -0,0 +1,42 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralSubtree + * + * @author Jim Wigginton + */ +abstract class GeneralSubtree +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'base' => GeneralName::MAP, + 'minimum' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + 'default' => '0' + ] + BaseDistance::MAP, + 'maximum' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + ] + BaseDistance::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralSubtrees.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralSubtrees.php new file mode 100644 index 0000000..27548cf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/GeneralSubtrees.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * GeneralSubtrees + * + * @author Jim Wigginton + */ +abstract class GeneralSubtrees +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => GeneralSubtree::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/HashAlgorithm.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/HashAlgorithm.php new file mode 100644 index 0000000..deb13ca --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/HashAlgorithm.php @@ -0,0 +1,24 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +/** + * HashAglorithm + * + * @author Jim Wigginton + */ +abstract class HashAlgorithm +{ + const MAP = AlgorithmIdentifier::MAP; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/HoldInstructionCode.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/HoldInstructionCode.php new file mode 100644 index 0000000..88d6ff3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/HoldInstructionCode.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * HoldInstructionCode + * + * @author Jim Wigginton + */ +abstract class HoldInstructionCode +{ + const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/InvalidityDate.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/InvalidityDate.php new file mode 100644 index 0000000..f34b5f7 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/InvalidityDate.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * InvalidityDate + * + * @author Jim Wigginton + */ +abstract class InvalidityDate +{ + const MAP = ['type' => ASN1::TYPE_GENERALIZED_TIME]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/IssuerAltName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/IssuerAltName.php new file mode 100644 index 0000000..e9d0324 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/IssuerAltName.php @@ -0,0 +1,24 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +/** + * IssuerAltName + * + * @author Jim Wigginton + */ +abstract class IssuerAltName +{ + const MAP = GeneralNames::MAP; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/IssuingDistributionPoint.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/IssuingDistributionPoint.php new file mode 100644 index 0000000..415996f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/IssuingDistributionPoint.php @@ -0,0 +1,68 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * IssuingDistributionPoint + * + * @author Jim Wigginton + */ +abstract class IssuingDistributionPoint +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'distributionPoint' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true + ] + DistributionPointName::MAP, + 'onlyContainsUserCerts' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 1, + 'optional' => true, + 'default' => false, + 'implicit' => true + ], + 'onlyContainsCACerts' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 2, + 'optional' => true, + 'default' => false, + 'implicit' => true + ], + 'onlySomeReasons' => [ + 'constant' => 3, + 'optional' => true, + 'implicit' => true + ] + ReasonFlags::MAP, + 'indirectCRL' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 4, + 'optional' => true, + 'default' => false, + 'implicit' => true + ], + 'onlyContainsAttributeCerts' => [ + 'type' => ASN1::TYPE_BOOLEAN, + 'constant' => 5, + 'optional' => true, + 'default' => false, + 'implicit' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyIdentifier.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyIdentifier.php new file mode 100644 index 0000000..82a4151 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyIdentifier.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * KeyIdentifier + * + * @author Jim Wigginton + */ +abstract class KeyIdentifier +{ + const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyPurposeId.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyPurposeId.php new file mode 100644 index 0000000..b8509f1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyPurposeId.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * KeyPurposeId + * + * @author Jim Wigginton + */ +abstract class KeyPurposeId +{ + const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyUsage.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyUsage.php new file mode 100644 index 0000000..827ce03 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/KeyUsage.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * KeyUsage + * + * @author Jim Wigginton + */ +abstract class KeyUsage +{ + const MAP = [ + 'type' => ASN1::TYPE_BIT_STRING, + 'mapping' => [ + 'digitalSignature', + 'nonRepudiation', + 'keyEncipherment', + 'dataEncipherment', + 'keyAgreement', + 'keyCertSign', + 'cRLSign', + 'encipherOnly', + 'decipherOnly' + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/MaskGenAlgorithm.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/MaskGenAlgorithm.php new file mode 100644 index 0000000..ea3f998 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/MaskGenAlgorithm.php @@ -0,0 +1,24 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +/** + * MaskGenAglorithm + * + * @author Jim Wigginton + */ +abstract class MaskGenAlgorithm +{ + const MAP = AlgorithmIdentifier::MAP; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Name.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Name.php new file mode 100644 index 0000000..a6a9009 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Name.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Name + * + * @author Jim Wigginton + */ +abstract class Name +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'rdnSequence' => RDNSequence::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NameConstraints.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NameConstraints.php new file mode 100644 index 0000000..80486f9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NameConstraints.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NameConstraints + * + * @author Jim Wigginton + */ +abstract class NameConstraints +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'permittedSubtrees' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + GeneralSubtrees::MAP, + 'excludedSubtrees' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + GeneralSubtrees::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NetworkAddress.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NetworkAddress.php new file mode 100644 index 0000000..6c68df0 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NetworkAddress.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NetworkAddress + * + * @author Jim Wigginton + */ +abstract class NetworkAddress +{ + const MAP = ['type' => ASN1::TYPE_NUMERIC_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NoticeReference.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NoticeReference.php new file mode 100644 index 0000000..9eec123 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NoticeReference.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NoticeReference + * + * @author Jim Wigginton + */ +abstract class NoticeReference +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'organization' => DisplayText::MAP, + 'noticeNumbers' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => 200, + 'children' => ['type' => ASN1::TYPE_INTEGER] + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NumericUserIdentifier.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NumericUserIdentifier.php new file mode 100644 index 0000000..635a89d --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/NumericUserIdentifier.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * NumericUserIdentifier + * + * @author Jim Wigginton + */ +abstract class NumericUserIdentifier +{ + const MAP = ['type' => ASN1::TYPE_NUMERIC_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ORAddress.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ORAddress.php new file mode 100644 index 0000000..b853abe --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ORAddress.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ORAddress + * + * @author Jim Wigginton + */ +abstract class ORAddress +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'built-in-standard-attributes' => BuiltInStandardAttributes::MAP, + 'built-in-domain-defined-attributes' => ['optional' => true] + BuiltInDomainDefinedAttributes::MAP, + 'extension-attributes' => ['optional' => true] + ExtensionAttributes::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OneAsymmetricKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OneAsymmetricKey.php new file mode 100644 index 0000000..5953024 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OneAsymmetricKey.php @@ -0,0 +1,48 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OneAsymmetricKey + * + * @author Jim Wigginton + */ +abstract class OneAsymmetricKey +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1', 'v2'] + ], + 'privateKeyAlgorithm' => AlgorithmIdentifier::MAP, + 'privateKey' => PrivateKey::MAP, + 'attributes' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + Attributes::MAP, + 'publicKey' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + PublicKey::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OrganizationName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OrganizationName.php new file mode 100644 index 0000000..b5cc949 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OrganizationName.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OrganizationName + * + * @author Jim Wigginton + */ +abstract class OrganizationName +{ + const MAP = ['type' => ASN1::TYPE_PRINTABLE_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OrganizationalUnitNames.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OrganizationalUnitNames.php new file mode 100644 index 0000000..b3e5780 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OrganizationalUnitNames.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OrganizationalUnitNames + * + * @author Jim Wigginton + */ +abstract class OrganizationalUnitNames +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => 4, // ub-organizational-units + 'children' => ['type' => ASN1::TYPE_PRINTABLE_STRING] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OtherPrimeInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OtherPrimeInfo.php new file mode 100644 index 0000000..5d56560 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OtherPrimeInfo.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OtherPrimeInfo + * + * @author Jim Wigginton + */ +abstract class OtherPrimeInfo +{ + // version must be multi if otherPrimeInfos present + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'prime' => ['type' => ASN1::TYPE_INTEGER], // ri + 'exponent' => ['type' => ASN1::TYPE_INTEGER], // di + 'coefficient' => ['type' => ASN1::TYPE_INTEGER] // ti + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OtherPrimeInfos.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OtherPrimeInfos.php new file mode 100644 index 0000000..9802a80 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/OtherPrimeInfos.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * OtherPrimeInfos + * + * @author Jim Wigginton + */ +abstract class OtherPrimeInfos +{ + // version must be multi if otherPrimeInfos present + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => OtherPrimeInfo::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBEParameter.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBEParameter.php new file mode 100644 index 0000000..8eb27cf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBEParameter.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBEParameter + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBEParameter +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'salt' => ['type' => ASN1::TYPE_OCTET_STRING], + 'iterationCount' => ['type' => ASN1::TYPE_INTEGER] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBES2params.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBES2params.php new file mode 100644 index 0000000..bd31699 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBES2params.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBES2params + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBES2params +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'keyDerivationFunc' => AlgorithmIdentifier::MAP, + 'encryptionScheme' => AlgorithmIdentifier::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBKDF2params.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBKDF2params.php new file mode 100644 index 0000000..2dafed9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBKDF2params.php @@ -0,0 +1,41 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBKDF2params + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBKDF2params +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + // technically, this is a CHOICE in RFC2898 but the other "choice" is, currently, more of a placeholder + // in the RFC + 'salt' => ['type' => ASN1::TYPE_OCTET_STRING], + 'iterationCount' => ['type' => ASN1::TYPE_INTEGER], + 'keyLength' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true + ], + 'prf' => AlgorithmIdentifier::MAP + ['optional' => true] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBMAC1params.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBMAC1params.php new file mode 100644 index 0000000..91319f5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PBMAC1params.php @@ -0,0 +1,34 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PBMAC1params + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class PBMAC1params +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'keyDerivationFunc' => AlgorithmIdentifier::MAP, + 'messageAuthScheme' => AlgorithmIdentifier::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PKCS9String.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PKCS9String.php new file mode 100644 index 0000000..87d0862 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PKCS9String.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PKCS9String + * + * @author Jim Wigginton + */ +abstract class PKCS9String +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'ia5String' => ['type' => ASN1::TYPE_IA5_STRING], + 'directoryString' => DirectoryString::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Pentanomial.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Pentanomial.php new file mode 100644 index 0000000..b8c8c02 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Pentanomial.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Pentanomial + * + * @author Jim Wigginton + */ +abstract class Pentanomial +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'k1' => ['type' => ASN1::TYPE_INTEGER], // k1 > 0 + 'k2' => ['type' => ASN1::TYPE_INTEGER], // k2 > k1 + 'k3' => ['type' => ASN1::TYPE_INTEGER], // k3 > h2 + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PersonalName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PersonalName.php new file mode 100644 index 0000000..14e2860 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PersonalName.php @@ -0,0 +1,54 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PersonalName + * + * @author Jim Wigginton + */ +abstract class PersonalName +{ + const MAP = [ + 'type' => ASN1::TYPE_SET, + 'children' => [ + 'surname' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ], + 'given-name' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ], + 'initials' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 2, + 'optional' => true, + 'implicit' => true + ], + 'generation-qualifier' => [ + 'type' => ASN1::TYPE_PRINTABLE_STRING, + 'constant' => 3, + 'optional' => true, + 'implicit' => true + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyInformation.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyInformation.php new file mode 100644 index 0000000..1625d19 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyInformation.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyInformation + * + * @author Jim Wigginton + */ +abstract class PolicyInformation +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'policyIdentifier' => CertPolicyId::MAP, + 'policyQualifiers' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 0, + 'max' => -1, + 'optional' => true, + 'children' => PolicyQualifierInfo::MAP + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyMappings.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyMappings.php new file mode 100644 index 0000000..d30b852 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyMappings.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyMappings + * + * @author Jim Wigginton + */ +abstract class PolicyMappings +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'issuerDomainPolicy' => CertPolicyId::MAP, + 'subjectDomainPolicy' => CertPolicyId::MAP + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyQualifierId.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyQualifierId.php new file mode 100644 index 0000000..7b7cd6a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyQualifierId.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyQualifierId + * + * @author Jim Wigginton + */ +abstract class PolicyQualifierId +{ + const MAP = ['type' => ASN1::TYPE_OBJECT_IDENTIFIER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyQualifierInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyQualifierInfo.php new file mode 100644 index 0000000..d227702 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PolicyQualifierInfo.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PolicyQualifierInfo + * + * @author Jim Wigginton + */ +abstract class PolicyQualifierInfo +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'policyQualifierId' => PolicyQualifierId::MAP, + 'qualifier' => ['type' => ASN1::TYPE_ANY] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PostalAddress.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PostalAddress.php new file mode 100644 index 0000000..142b309 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PostalAddress.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PostalAddress + * + * @author Jim Wigginton + */ +abstract class PostalAddress +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'optional' => true, + 'min' => 1, + 'max' => -1, + 'children' => DirectoryString::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Prime_p.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Prime_p.php new file mode 100644 index 0000000..7743034 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Prime_p.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Prime_p + * + * @author Jim Wigginton + */ +abstract class Prime_p +{ + const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateDomainName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateDomainName.php new file mode 100644 index 0000000..195dcaa --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateDomainName.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateDomainName + * + * @author Jim Wigginton + */ +abstract class PrivateDomainName +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'numeric' => ['type' => ASN1::TYPE_NUMERIC_STRING], + 'printable' => ['type' => ASN1::TYPE_PRINTABLE_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKey.php new file mode 100644 index 0000000..3c89594 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKey.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateKey + * + * @author Jim Wigginton + */ +abstract class PrivateKey +{ + const MAP = ['type' => ASN1::TYPE_OCTET_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKeyInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKeyInfo.php new file mode 100644 index 0000000..b440b78 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKeyInfo.php @@ -0,0 +1,41 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateKeyInfo + * + * @author Jim Wigginton + */ +abstract class PrivateKeyInfo +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1'] + ], + 'privateKeyAlgorithm' => AlgorithmIdentifier::MAP, + 'privateKey' => PrivateKey::MAP, + 'attributes' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true + ] + Attributes::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKeyUsagePeriod.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKeyUsagePeriod.php new file mode 100644 index 0000000..5b87036 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PrivateKeyUsagePeriod.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PrivateKeyUsagePeriod + * + * @author Jim Wigginton + */ +abstract class PrivateKeyUsagePeriod +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'notBefore' => [ + 'constant' => 0, + 'optional' => true, + 'implicit' => true, + 'type' => ASN1::TYPE_GENERALIZED_TIME], + 'notAfter' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true, + 'type' => ASN1::TYPE_GENERALIZED_TIME] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKey.php new file mode 100644 index 0000000..4840920 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKey.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PublicKey + * + * @author Jim Wigginton + */ +abstract class PublicKey +{ + const MAP = ['type' => ASN1::TYPE_BIT_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKeyAndChallenge.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKeyAndChallenge.php new file mode 100644 index 0000000..432581e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKeyAndChallenge.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PublicKeyAndChallenge + * + * @author Jim Wigginton + */ +abstract class PublicKeyAndChallenge +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'spki' => SubjectPublicKeyInfo::MAP, + 'challenge' => ['type' => ASN1::TYPE_IA5_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKeyInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKeyInfo.php new file mode 100644 index 0000000..b39a341 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/PublicKeyInfo.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * PublicKeyInfo + * + * this format is not formally defined anywhere but is none-the-less the form you + * get when you do "openssl rsa -in private.pem -outform PEM -pubout" + * + * @author Jim Wigginton + */ +abstract class PublicKeyInfo +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'publicKeyAlgorithm' => AlgorithmIdentifier::MAP, + 'publicKey' => ['type' => ASN1::TYPE_BIT_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RC2CBCParameter.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RC2CBCParameter.php new file mode 100644 index 0000000..48649ab --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RC2CBCParameter.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RC2CBCParameter + * + * from https://tools.ietf.org/html/rfc2898#appendix-A.3 + * + * @author Jim Wigginton + */ +abstract class RC2CBCParameter +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'rc2ParametersVersion' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true + ], + 'iv' => ['type' => ASN1::TYPE_OCTET_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RDNSequence.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RDNSequence.php new file mode 100644 index 0000000..04b071c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RDNSequence.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RDNSequence + * + * In practice, RDNs containing multiple name-value pairs (called "multivalued RDNs") are rare, + * but they can be useful at times when either there is no unique attribute in the entry or you + * want to ensure that the entry's DN contains some useful identifying information. + * + * - https://www.opends.org/wiki/page/DefinitionRelativeDistinguishedName + * + * @author Jim Wigginton + */ +abstract class RDNSequence +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + // RDNSequence does not define a min or a max, which means it doesn't have one + 'min' => 0, + 'max' => -1, + 'children' => RelativeDistinguishedName::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSAPrivateKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSAPrivateKey.php new file mode 100644 index 0000000..8c19c65 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSAPrivateKey.php @@ -0,0 +1,44 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RSAPrivateKey + * + * @author Jim Wigginton + */ +abstract class RSAPrivateKey +{ + // version must be multi if otherPrimeInfos present + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['two-prime', 'multi'] + ], + 'modulus' => ['type' => ASN1::TYPE_INTEGER], // n + 'publicExponent' => ['type' => ASN1::TYPE_INTEGER], // e + 'privateExponent' => ['type' => ASN1::TYPE_INTEGER], // d + 'prime1' => ['type' => ASN1::TYPE_INTEGER], // p + 'prime2' => ['type' => ASN1::TYPE_INTEGER], // q + 'exponent1' => ['type' => ASN1::TYPE_INTEGER], // d mod (p-1) + 'exponent2' => ['type' => ASN1::TYPE_INTEGER], // d mod (q-1) + 'coefficient' => ['type' => ASN1::TYPE_INTEGER], // (inverse of q) mod p + 'otherPrimeInfos' => OtherPrimeInfos::MAP + ['optional' => true] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSAPublicKey.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSAPublicKey.php new file mode 100644 index 0000000..b14c32c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSAPublicKey.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RSAPublicKey + * + * @author Jim Wigginton + */ +abstract class RSAPublicKey +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'modulus' => ['type' => ASN1::TYPE_INTEGER], + 'publicExponent' => ['type' => ASN1::TYPE_INTEGER] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSASSA_PSS_params.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSASSA_PSS_params.php new file mode 100644 index 0000000..1a784bf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RSASSA_PSS_params.php @@ -0,0 +1,58 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RSASSA_PSS_params + * + * @author Jim Wigginton + */ +abstract class RSASSA_PSS_params +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'hashAlgorithm' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + //'default' => 'sha1Identifier' + ] + HashAlgorithm::MAP, + 'maskGenAlgorithm' => [ + 'constant' => 1, + 'optional' => true, + 'explicit' => true, + //'default' => 'mgf1SHA1Identifier' + ] + MaskGenAlgorithm::MAP, + 'saltLength' => [ + 'type' => ASN1::TYPE_INTEGER, + 'constant' => 2, + 'optional' => true, + 'explicit' => true, + 'default' => 20 + ], + 'trailerField' => [ + 'type' => ASN1::TYPE_INTEGER, + 'constant' => 3, + 'optional' => true, + 'explicit' => true, + 'default' => 1 + ] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ReasonFlags.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ReasonFlags.php new file mode 100644 index 0000000..2e62fcd --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/ReasonFlags.php @@ -0,0 +1,39 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * ReasonFlags + * + * @author Jim Wigginton + */ +abstract class ReasonFlags +{ + const MAP = [ + 'type' => ASN1::TYPE_BIT_STRING, + 'mapping' => [ + 'unused', + 'keyCompromise', + 'cACompromise', + 'affiliationChanged', + 'superseded', + 'cessationOfOperation', + 'certificateHold', + 'privilegeWithdrawn', + 'aACompromise' + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RelativeDistinguishedName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RelativeDistinguishedName.php new file mode 100644 index 0000000..a0421f7 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RelativeDistinguishedName.php @@ -0,0 +1,37 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RelativeDistinguishedName + * + * In practice, RDNs containing multiple name-value pairs (called "multivalued RDNs") are rare, + * but they can be useful at times when either there is no unique attribute in the entry or you + * want to ensure that the entry's DN contains some useful identifying information. + * + * - https://www.opends.org/wiki/page/DefinitionRelativeDistinguishedName + * + * @author Jim Wigginton + */ +abstract class RelativeDistinguishedName +{ + const MAP = [ + 'type' => ASN1::TYPE_SET, + 'min' => 1, + 'max' => -1, + 'children' => AttributeTypeAndValue::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RevokedCertificate.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RevokedCertificate.php new file mode 100644 index 0000000..ff759eb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/RevokedCertificate.php @@ -0,0 +1,35 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * RevokedCertificate + * + * @author Jim Wigginton + */ +abstract class RevokedCertificate +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'userCertificate' => CertificateSerialNumber::MAP, + 'revocationDate' => Time::MAP, + 'crlEntryExtensions' => [ + 'optional' => true + ] + Extensions::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SignedPublicKeyAndChallenge.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SignedPublicKeyAndChallenge.php new file mode 100644 index 0000000..0f482a2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SignedPublicKeyAndChallenge.php @@ -0,0 +1,33 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SignedPublicKeyAndChallenge + * + * @author Jim Wigginton + */ +abstract class SignedPublicKeyAndChallenge +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'publicKeyAndChallenge' => PublicKeyAndChallenge::MAP, + 'signatureAlgorithm' => AlgorithmIdentifier::MAP, + 'signature' => ['type' => ASN1::TYPE_BIT_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SpecifiedECDomain.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SpecifiedECDomain.php new file mode 100644 index 0000000..7408a56 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SpecifiedECDomain.php @@ -0,0 +1,45 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SpecifiedECDomain + * + * @author Jim Wigginton + */ +abstract class SpecifiedECDomain +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => [1 => 'ecdpVer1', 'ecdpVer2', 'ecdpVer3'] + ], + 'fieldID' => FieldID::MAP, + 'curve' => Curve::MAP, + 'base' => ECPoint::MAP, + 'order' => ['type' => ASN1::TYPE_INTEGER], + 'cofactor' => [ + 'type' => ASN1::TYPE_INTEGER, + 'optional' => true + ], + 'hash' => ['optional' => true] + HashAlgorithm::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectAltName.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectAltName.php new file mode 100644 index 0000000..39138a9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectAltName.php @@ -0,0 +1,24 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +/** + * SubjectAltName + * + * @author Jim Wigginton + */ +abstract class SubjectAltName +{ + const MAP = GeneralNames::MAP; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectDirectoryAttributes.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectDirectoryAttributes.php new file mode 100644 index 0000000..f2e206f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectDirectoryAttributes.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SubjectDirectoryAttributes + * + * @author Jim Wigginton + */ +abstract class SubjectDirectoryAttributes +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => Attribute::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php new file mode 100644 index 0000000..1ff241f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php @@ -0,0 +1,31 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SubjectInfoAccessSyntax + * + * @author Jim Wigginton + */ +abstract class SubjectInfoAccessSyntax +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'min' => 1, + 'max' => -1, + 'children' => AccessDescription::MAP + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectPublicKeyInfo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectPublicKeyInfo.php new file mode 100644 index 0000000..0d53d54 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/SubjectPublicKeyInfo.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * SubjectPublicKeyInfo + * + * @author Jim Wigginton + */ +abstract class SubjectPublicKeyInfo +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'algorithm' => AlgorithmIdentifier::MAP, + 'subjectPublicKey' => ['type' => ASN1::TYPE_BIT_STRING] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TBSCertList.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TBSCertList.php new file mode 100644 index 0000000..49b3cfc --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TBSCertList.php @@ -0,0 +1,54 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * TBSCertList + * + * @author Jim Wigginton + */ +abstract class TBSCertList +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'mapping' => ['v1', 'v2', 'v3'], + 'optional' => true, + 'default' => 'v2' + ], + 'signature' => AlgorithmIdentifier::MAP, + 'issuer' => Name::MAP, + 'thisUpdate' => Time::MAP, + 'nextUpdate' => [ + 'optional' => true + ] + Time::MAP, + 'revokedCertificates' => [ + 'type' => ASN1::TYPE_SEQUENCE, + 'optional' => true, + 'min' => 0, + 'max' => -1, + 'children' => RevokedCertificate::MAP + ], + 'crlExtensions' => [ + 'constant' => 0, + 'optional' => true, + 'explicit' => true + ] + Extensions::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TBSCertificate.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TBSCertificate.php new file mode 100644 index 0000000..007360c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TBSCertificate.php @@ -0,0 +1,65 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * TBSCertificate + * + * @author Jim Wigginton + */ +abstract class TBSCertificate +{ + // assert($TBSCertificate['children']['signature'] == $Certificate['children']['signatureAlgorithm']) + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + // technically, default implies optional, but we'll define it as being optional, none-the-less, just to + // reenforce that fact + 'version' => [ + 'type' => ASN1::TYPE_INTEGER, + 'constant' => 0, + 'optional' => true, + 'explicit' => true, + 'mapping' => ['v1', 'v2', 'v3'], + 'default' => 'v1' + ], + 'serialNumber' => CertificateSerialNumber::MAP, + 'signature' => AlgorithmIdentifier::MAP, + 'issuer' => Name::MAP, + 'validity' => Validity::MAP, + 'subject' => Name::MAP, + 'subjectPublicKeyInfo' => SubjectPublicKeyInfo::MAP, + // implicit means that the T in the TLV structure is to be rewritten, regardless of the type + 'issuerUniqueID' => [ + 'constant' => 1, + 'optional' => true, + 'implicit' => true + ] + UniqueIdentifier::MAP, + 'subjectUniqueID' => [ + 'constant' => 2, + 'optional' => true, + 'implicit' => true + ] + UniqueIdentifier::MAP, + // doesn't use the EXPLICIT keyword but if + // it's not IMPLICIT, it's EXPLICIT + 'extensions' => [ + 'constant' => 3, + 'optional' => true, + 'explicit' => true + ] + Extensions::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TerminalIdentifier.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TerminalIdentifier.php new file mode 100644 index 0000000..7f6d9d2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/TerminalIdentifier.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * TerminalIdentifier + * + * @author Jim Wigginton + */ +abstract class TerminalIdentifier +{ + const MAP = ['type' => ASN1::TYPE_PRINTABLE_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Time.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Time.php new file mode 100644 index 0000000..744ee70 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Time.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Time + * + * @author Jim Wigginton + */ +abstract class Time +{ + const MAP = [ + 'type' => ASN1::TYPE_CHOICE, + 'children' => [ + 'utcTime' => ['type' => ASN1::TYPE_UTC_TIME], + 'generalTime' => ['type' => ASN1::TYPE_GENERALIZED_TIME] + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Trinomial.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Trinomial.php new file mode 100644 index 0000000..33baa91 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Trinomial.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Trinomial + * + * @author Jim Wigginton + */ +abstract class Trinomial +{ + const MAP = ['type' => ASN1::TYPE_INTEGER]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/UniqueIdentifier.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/UniqueIdentifier.php new file mode 100644 index 0000000..f4c954b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/UniqueIdentifier.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * UniqueIdentifier + * + * @author Jim Wigginton + */ +abstract class UniqueIdentifier +{ + const MAP = ['type' => ASN1::TYPE_BIT_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/UserNotice.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/UserNotice.php new file mode 100644 index 0000000..98d527b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/UserNotice.php @@ -0,0 +1,38 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * UserNotice + * + * @author Jim Wigginton + */ +abstract class UserNotice +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'noticeRef' => [ + 'optional' => true, + 'implicit' => true + ] + NoticeReference::MAP, + 'explicitText' => [ + 'optional' => true, + 'implicit' => true + ] + DisplayText::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Validity.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Validity.php new file mode 100644 index 0000000..8ef64cf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/Validity.php @@ -0,0 +1,32 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * Validity + * + * @author Jim Wigginton + */ +abstract class Validity +{ + const MAP = [ + 'type' => ASN1::TYPE_SEQUENCE, + 'children' => [ + 'notBefore' => Time::MAP, + 'notAfter' => Time::MAP + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_ca_policy_url.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_ca_policy_url.php new file mode 100644 index 0000000..2ab1572 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_ca_policy_url.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * netscape_ca_policy_url + * + * @author Jim Wigginton + */ +abstract class netscape_ca_policy_url +{ + const MAP = ['type' => ASN1::TYPE_IA5_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_cert_type.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_cert_type.php new file mode 100644 index 0000000..49e8da4 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_cert_type.php @@ -0,0 +1,40 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * netscape_cert_type + * + * mapping is from + * + * @author Jim Wigginton + */ +abstract class netscape_cert_type +{ + const MAP = [ + 'type' => ASN1::TYPE_BIT_STRING, + 'mapping' => [ + 'SSLClient', + 'SSLServer', + 'Email', + 'ObjectSigning', + 'Reserved', + 'SSLCA', + 'EmailCA', + 'ObjectSigningCA' + ] + ]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_comment.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_comment.php new file mode 100644 index 0000000..d3ff4dd --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/ASN1/Maps/netscape_comment.php @@ -0,0 +1,26 @@ + + * @copyright 2016 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File\ASN1\Maps; + +use phpseclib3\File\ASN1; + +/** + * netscape_comment + * + * @author Jim Wigginton + */ +abstract class netscape_comment +{ + const MAP = ['type' => ASN1::TYPE_IA5_STRING]; +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/X509.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/X509.php new file mode 100644 index 0000000..18d2f53 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/File/X509.php @@ -0,0 +1,4006 @@ + + * @copyright 2012 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\File; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\PublicKeyLoader; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\RSA\Formats\Keys\PSS; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\File\ASN1\Element; +use phpseclib3\File\ASN1\Maps; +use phpseclib3\Math\BigInteger; + +/** + * Pure-PHP X.509 Parser + * + * @author Jim Wigginton + */ +class X509 +{ + /** + * Flag to only accept signatures signed by certificate authorities + * + * Not really used anymore but retained all the same to suppress E_NOTICEs from old installs + * + */ + const VALIDATE_SIGNATURE_BY_CA = 1; + + /** + * Return internal array representation + * + * @see \phpseclib3\File\X509::getDN() + */ + const DN_ARRAY = 0; + /** + * Return string + * + * @see \phpseclib3\File\X509::getDN() + */ + const DN_STRING = 1; + /** + * Return ASN.1 name string + * + * @see \phpseclib3\File\X509::getDN() + */ + const DN_ASN1 = 2; + /** + * Return OpenSSL compatible array + * + * @see \phpseclib3\File\X509::getDN() + */ + const DN_OPENSSL = 3; + /** + * Return canonical ASN.1 RDNs string + * + * @see \phpseclib3\File\X509::getDN() + */ + const DN_CANON = 4; + /** + * Return name hash for file indexing + * + * @see \phpseclib3\File\X509::getDN() + */ + const DN_HASH = 5; + + /** + * Save as PEM + * + * ie. a base64-encoded PEM with a header and a footer + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + */ + const FORMAT_PEM = 0; + /** + * Save as DER + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + */ + const FORMAT_DER = 1; + /** + * Save as a SPKAC + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + * + * Only works on CSRs. Not currently supported. + */ + const FORMAT_SPKAC = 2; + /** + * Auto-detect the format + * + * Used only by the load*() functions + * + * @see \phpseclib3\File\X509::saveX509() + * @see \phpseclib3\File\X509::saveCSR() + * @see \phpseclib3\File\X509::saveCRL() + */ + const FORMAT_AUTO_DETECT = 3; + + /** + * Attribute value disposition. + * If disposition is >= 0, this is the index of the target value. + */ + const ATTR_ALL = -1; // All attribute values (array). + const ATTR_APPEND = -2; // Add a value. + const ATTR_REPLACE = -3; // Clear first, then add a value. + + /** + * Distinguished Name + * + * @var array + */ + private $dn; + + /** + * Public key + * + * @var string|PublicKey + */ + private $publicKey; + + /** + * Private key + * + * @var string|PrivateKey + */ + private $privateKey; + + /** + * The certificate authorities + * + * @var array + */ + private $CAs = []; + + /** + * The currently loaded certificate + * + * @var array + */ + private $currentCert; + + /** + * The signature subject + * + * There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally + * encoded so we take save the portion of the original cert that the signature would have made for. + * + * @var string + */ + private $signatureSubject; + + /** + * Certificate Start Date + * + * @var string + */ + private $startDate; + + /** + * Certificate End Date + * + * @var string|Element + */ + private $endDate; + + /** + * Serial Number + * + * @var string + */ + private $serialNumber; + + /** + * Key Identifier + * + * See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and + * {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}. + * + * @var string + */ + private $currentKeyIdentifier; + + /** + * CA Flag + * + * @var bool + */ + private $caFlag = false; + + /** + * SPKAC Challenge + * + * @var string + */ + private $challenge; + + /** + * @var array + */ + private $extensionValues = []; + + /** + * OIDs loaded + * + * @var bool + */ + private static $oidsLoaded = false; + + /** + * Recursion Limit + * + * @var int + */ + private static $recur_limit = 5; + + /** + * URL fetch flag + * + * @var bool + */ + private static $disable_url_fetch = false; + + /** + * @var array + */ + private static $extensions = []; + + /** + * @var ?array + */ + private $ipAddresses = null; + + /** + * @var ?array + */ + private $domains = null; + + /** + * Default Constructor. + * + * @return X509 + */ + public function __construct() + { + // Explicitly Tagged Module, 1988 Syntax + // http://tools.ietf.org/html/rfc5280#appendix-A.1 + + if (!self::$oidsLoaded) { + // OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2 + ASN1::loadOIDs([ + //'id-pkix' => '1.3.6.1.5.5.7', + //'id-pe' => '1.3.6.1.5.5.7.1', + //'id-qt' => '1.3.6.1.5.5.7.2', + //'id-kp' => '1.3.6.1.5.5.7.3', + //'id-ad' => '1.3.6.1.5.5.7.48', + 'id-qt-cps' => '1.3.6.1.5.5.7.2.1', + 'id-qt-unotice' => '1.3.6.1.5.5.7.2.2', + 'id-ad-ocsp' => '1.3.6.1.5.5.7.48.1', + 'id-ad-caIssuers' => '1.3.6.1.5.5.7.48.2', + 'id-ad-timeStamping' => '1.3.6.1.5.5.7.48.3', + 'id-ad-caRepository' => '1.3.6.1.5.5.7.48.5', + //'id-at' => '2.5.4', + 'id-at-name' => '2.5.4.41', + 'id-at-surname' => '2.5.4.4', + 'id-at-givenName' => '2.5.4.42', + 'id-at-initials' => '2.5.4.43', + 'id-at-generationQualifier' => '2.5.4.44', + 'id-at-commonName' => '2.5.4.3', + 'id-at-localityName' => '2.5.4.7', + 'id-at-stateOrProvinceName' => '2.5.4.8', + 'id-at-organizationName' => '2.5.4.10', + 'id-at-organizationalUnitName' => '2.5.4.11', + 'id-at-title' => '2.5.4.12', + 'id-at-description' => '2.5.4.13', + 'id-at-dnQualifier' => '2.5.4.46', + 'id-at-countryName' => '2.5.4.6', + 'id-at-serialNumber' => '2.5.4.5', + 'id-at-pseudonym' => '2.5.4.65', + 'id-at-postalCode' => '2.5.4.17', + 'id-at-streetAddress' => '2.5.4.9', + 'id-at-uniqueIdentifier' => '2.5.4.45', + 'id-at-role' => '2.5.4.72', + 'id-at-postalAddress' => '2.5.4.16', + 'jurisdictionOfIncorporationCountryName' => '1.3.6.1.4.1.311.60.2.1.3', + 'jurisdictionOfIncorporationStateOrProvinceName' => '1.3.6.1.4.1.311.60.2.1.2', + 'jurisdictionLocalityName' => '1.3.6.1.4.1.311.60.2.1.1', + 'id-at-businessCategory' => '2.5.4.15', + + //'id-domainComponent' => '0.9.2342.19200300.100.1.25', + //'pkcs-9' => '1.2.840.113549.1.9', + 'pkcs-9-at-emailAddress' => '1.2.840.113549.1.9.1', + //'id-ce' => '2.5.29', + 'id-ce-authorityKeyIdentifier' => '2.5.29.35', + 'id-ce-subjectKeyIdentifier' => '2.5.29.14', + 'id-ce-keyUsage' => '2.5.29.15', + 'id-ce-privateKeyUsagePeriod' => '2.5.29.16', + 'id-ce-certificatePolicies' => '2.5.29.32', + //'anyPolicy' => '2.5.29.32.0', + + 'id-ce-policyMappings' => '2.5.29.33', + + 'id-ce-subjectAltName' => '2.5.29.17', + 'id-ce-issuerAltName' => '2.5.29.18', + 'id-ce-subjectDirectoryAttributes' => '2.5.29.9', + 'id-ce-basicConstraints' => '2.5.29.19', + 'id-ce-nameConstraints' => '2.5.29.30', + 'id-ce-policyConstraints' => '2.5.29.36', + 'id-ce-cRLDistributionPoints' => '2.5.29.31', + 'id-ce-extKeyUsage' => '2.5.29.37', + //'anyExtendedKeyUsage' => '2.5.29.37.0', + 'id-kp-serverAuth' => '1.3.6.1.5.5.7.3.1', + 'id-kp-clientAuth' => '1.3.6.1.5.5.7.3.2', + 'id-kp-codeSigning' => '1.3.6.1.5.5.7.3.3', + 'id-kp-emailProtection' => '1.3.6.1.5.5.7.3.4', + 'id-kp-timeStamping' => '1.3.6.1.5.5.7.3.8', + 'id-kp-OCSPSigning' => '1.3.6.1.5.5.7.3.9', + 'id-ce-inhibitAnyPolicy' => '2.5.29.54', + 'id-ce-freshestCRL' => '2.5.29.46', + 'id-pe-authorityInfoAccess' => '1.3.6.1.5.5.7.1.1', + 'id-pe-subjectInfoAccess' => '1.3.6.1.5.5.7.1.11', + 'id-ce-cRLNumber' => '2.5.29.20', + 'id-ce-issuingDistributionPoint' => '2.5.29.28', + 'id-ce-deltaCRLIndicator' => '2.5.29.27', + 'id-ce-cRLReasons' => '2.5.29.21', + 'id-ce-certificateIssuer' => '2.5.29.29', + 'id-ce-holdInstructionCode' => '2.5.29.23', + //'holdInstruction' => '1.2.840.10040.2', + 'id-holdinstruction-none' => '1.2.840.10040.2.1', + 'id-holdinstruction-callissuer' => '1.2.840.10040.2.2', + 'id-holdinstruction-reject' => '1.2.840.10040.2.3', + 'id-ce-invalidityDate' => '2.5.29.24', + + 'rsaEncryption' => '1.2.840.113549.1.1.1', + 'md2WithRSAEncryption' => '1.2.840.113549.1.1.2', + 'md5WithRSAEncryption' => '1.2.840.113549.1.1.4', + 'sha1WithRSAEncryption' => '1.2.840.113549.1.1.5', + 'sha224WithRSAEncryption' => '1.2.840.113549.1.1.14', + 'sha256WithRSAEncryption' => '1.2.840.113549.1.1.11', + 'sha384WithRSAEncryption' => '1.2.840.113549.1.1.12', + 'sha512WithRSAEncryption' => '1.2.840.113549.1.1.13', + + 'id-ecPublicKey' => '1.2.840.10045.2.1', + 'ecdsa-with-SHA1' => '1.2.840.10045.4.1', + // from https://tools.ietf.org/html/rfc5758#section-3.2 + 'ecdsa-with-SHA224' => '1.2.840.10045.4.3.1', + 'ecdsa-with-SHA256' => '1.2.840.10045.4.3.2', + 'ecdsa-with-SHA384' => '1.2.840.10045.4.3.3', + 'ecdsa-with-SHA512' => '1.2.840.10045.4.3.4', + + 'id-dsa' => '1.2.840.10040.4.1', + 'id-dsa-with-sha1' => '1.2.840.10040.4.3', + // from https://tools.ietf.org/html/rfc5758#section-3.1 + 'id-dsa-with-sha224' => '2.16.840.1.101.3.4.3.1', + 'id-dsa-with-sha256' => '2.16.840.1.101.3.4.3.2', + + // from https://tools.ietf.org/html/rfc8410: + 'id-Ed25519' => '1.3.101.112', + 'id-Ed448' => '1.3.101.113', + + 'id-RSASSA-PSS' => '1.2.840.113549.1.1.10', + + //'id-sha224' => '2.16.840.1.101.3.4.2.4', + //'id-sha256' => '2.16.840.1.101.3.4.2.1', + //'id-sha384' => '2.16.840.1.101.3.4.2.2', + //'id-sha512' => '2.16.840.1.101.3.4.2.3', + //'id-GostR3411-94-with-GostR3410-94' => '1.2.643.2.2.4', + //'id-GostR3411-94-with-GostR3410-2001' => '1.2.643.2.2.3', + //'id-GostR3410-2001' => '1.2.643.2.2.20', + //'id-GostR3410-94' => '1.2.643.2.2.19', + // Netscape Object Identifiers from "Netscape Certificate Extensions" + 'netscape' => '2.16.840.1.113730', + 'netscape-cert-extension' => '2.16.840.1.113730.1', + 'netscape-cert-type' => '2.16.840.1.113730.1.1', + 'netscape-comment' => '2.16.840.1.113730.1.13', + 'netscape-ca-policy-url' => '2.16.840.1.113730.1.8', + // the following are X.509 extensions not supported by phpseclib + 'id-pe-logotype' => '1.3.6.1.5.5.7.1.12', + 'entrustVersInfo' => '1.2.840.113533.7.65.0', + 'verisignPrivate' => '2.16.840.1.113733.1.6.9', + // for Certificate Signing Requests + // see http://tools.ietf.org/html/rfc2985 + 'pkcs-9-at-unstructuredName' => '1.2.840.113549.1.9.2', // PKCS #9 unstructured name + 'pkcs-9-at-challengePassword' => '1.2.840.113549.1.9.7', // Challenge password for certificate revocations + 'pkcs-9-at-extensionRequest' => '1.2.840.113549.1.9.14' // Certificate extension request + ]); + } + } + + /** + * Load X.509 certificate + * + * Returns an associative array describing the X.509 cert or a false if the cert failed to load + * + * @param array|string $cert + * @param int $mode + * @return mixed + */ + public function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT) + { + if (is_array($cert) && isset($cert['tbsCertificate'])) { + unset($this->currentCert); + unset($this->currentKeyIdentifier); + $this->dn = $cert['tbsCertificate']['subject']; + if (!isset($this->dn)) { + return false; + } + $this->currentCert = $cert; + + $currentKeyIdentifier = $this->getExtension('id-ce-subjectKeyIdentifier'); + $this->currentKeyIdentifier = is_string($currentKeyIdentifier) ? $currentKeyIdentifier : null; + + unset($this->signatureSubject); + + return $cert; + } + + if ($mode != self::FORMAT_DER) { + $newcert = ASN1::extractBER($cert); + if ($mode == self::FORMAT_PEM && $cert == $newcert) { + return false; + } + $cert = $newcert; + } + + if ($cert === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($cert); + + if ($decoded) { + $x509 = ASN1::asn1map($decoded[0], Maps\Certificate::MAP); + } + if (!isset($x509) || $x509 === false) { + $this->currentCert = false; + return false; + } + + $this->signatureSubject = substr($cert, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + if ($this->isSubArrayValid($x509, 'tbsCertificate/extensions')) { + $this->mapInExtensions($x509, 'tbsCertificate/extensions'); + } + $this->mapInDNs($x509, 'tbsCertificate/issuer/rdnSequence'); + $this->mapInDNs($x509, 'tbsCertificate/subject/rdnSequence'); + + $key = $x509['tbsCertificate']['subjectPublicKeyInfo']; + $key = ASN1::encodeDER($key, Maps\SubjectPublicKeyInfo::MAP); + $x509['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'] = + "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + + $this->currentCert = $x509; + $this->dn = $x509['tbsCertificate']['subject']; + + $currentKeyIdentifier = $this->getExtension('id-ce-subjectKeyIdentifier'); + $this->currentKeyIdentifier = is_string($currentKeyIdentifier) ? $currentKeyIdentifier : null; + + return $x509; + } + + /** + * Save X.509 certificate + * + * @param array $cert + * @param int $format optional + * @return string + */ + public function saveX509(array $cert, $format = self::FORMAT_PEM) + { + if (!is_array($cert) || !isset($cert['tbsCertificate'])) { + return false; + } + + switch (true) { + // "case !$a: case !$b: break; default: whatever();" is the same thing as "if ($a && $b) whatever()" + case !($algorithm = $this->subArray($cert, 'tbsCertificate/subjectPublicKeyInfo/algorithm/algorithm')): + case is_object($cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): + break; + default: + $cert['tbsCertificate']['subjectPublicKeyInfo'] = new Element( + base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])) + ); + } + + if ($algorithm == 'rsaEncryption') { + $cert['signatureAlgorithm']['parameters'] = null; + $cert['tbsCertificate']['signature']['parameters'] = null; + } + + $filters = []; + $type_utf8_string = ['type' => ASN1::TYPE_UTF8_STRING]; + $filters['tbsCertificate']['signature']['parameters'] = $type_utf8_string; + $filters['tbsCertificate']['signature']['issuer']['rdnSequence']['value'] = $type_utf8_string; + $filters['tbsCertificate']['issuer']['rdnSequence']['value'] = $type_utf8_string; + $filters['tbsCertificate']['subject']['rdnSequence']['value'] = $type_utf8_string; + $filters['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = $type_utf8_string; + $filters['signatureAlgorithm']['parameters'] = $type_utf8_string; + $filters['authorityCertIssuer']['directoryName']['rdnSequence']['value'] = $type_utf8_string; + //$filters['policyQualifiers']['qualifier'] = $type_utf8_string; + $filters['distributionPoint']['fullName']['directoryName']['rdnSequence']['value'] = $type_utf8_string; + $filters['directoryName']['rdnSequence']['value'] = $type_utf8_string; + + foreach (self::$extensions as $extension) { + $filters['tbsCertificate']['extensions'][] = $extension; + } + + /* in the case of policyQualifiers/qualifier, the type has to be \phpseclib3\File\ASN1::TYPE_IA5_STRING. + \phpseclib3\File\ASN1::TYPE_PRINTABLE_STRING will cause OpenSSL's X.509 parser to spit out random + characters. + */ + $filters['policyQualifiers']['qualifier'] + = ['type' => ASN1::TYPE_IA5_STRING]; + + ASN1::setFilters($filters); + + $this->mapOutExtensions($cert, 'tbsCertificate/extensions'); + $this->mapOutDNs($cert, 'tbsCertificate/issuer/rdnSequence'); + $this->mapOutDNs($cert, 'tbsCertificate/subject/rdnSequence'); + + $cert = ASN1::encodeDER($cert, Maps\Certificate::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $cert; + // case self::FORMAT_PEM: + default: + return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(Strings::base64_encode($cert), 64) . '-----END CERTIFICATE-----'; + } + } + + /** + * Map extension values from octet string to extension-specific internal + * format. + * + * @param array $root (by reference) + * @param string $path + */ + private function mapInExtensions(array &$root, $path) + { + $extensions = &$this->subArrayUnchecked($root, $path); + + if ($extensions) { + for ($i = 0; $i < count($extensions); $i++) { + $id = $extensions[$i]['extnId']; + $value = &$extensions[$i]['extnValue']; + /* [extnValue] contains the DER encoding of an ASN.1 value + corresponding to the extension type identified by extnID */ + $map = $this->getMapping($id); + if (!is_bool($map)) { + $decoder = $id == 'id-ce-nameConstraints' ? + [static::class, 'decodeNameConstraintIP'] : + [static::class, 'decodeIP']; + $decoded = ASN1::decodeBER($value); + if (!$decoded) { + continue; + } + $mapped = ASN1::asn1map($decoded[0], $map, ['iPAddress' => $decoder]); + $value = $mapped === false ? $decoded[0] : $mapped; + + if ($id == 'id-ce-certificatePolicies') { + for ($j = 0; $j < count($value); $j++) { + if (!isset($value[$j]['policyQualifiers'])) { + continue; + } + for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) { + $subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId']; + $map = $this->getMapping($subid); + $subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier']; + if ($map !== false) { + $decoded = ASN1::decodeBER($subvalue); + if (!$decoded) { + continue; + } + $mapped = ASN1::asn1map($decoded[0], $map); + $subvalue = $mapped === false ? $decoded[0] : $mapped; + } + } + } + } + } + } + } + } + + /** + * Map extension values from extension-specific internal format to + * octet string. + * + * @param array $root (by reference) + * @param string $path + */ + private function mapOutExtensions(array &$root, $path) + { + $extensions = &$this->subArray($root, $path, !empty($this->extensionValues)); + + foreach ($this->extensionValues as $id => $data) { + extract($data); + $newext = [ + 'extnId' => $id, + 'extnValue' => $value, + 'critical' => $critical + ]; + if ($replace) { + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + $extensions[$key] = $newext; + continue 2; + } + } + } + $extensions[] = $newext; + } + + if (is_array($extensions)) { + $size = count($extensions); + for ($i = 0; $i < $size; $i++) { + if ($extensions[$i] instanceof Element) { + continue; + } + + $id = $extensions[$i]['extnId']; + $value = &$extensions[$i]['extnValue']; + + switch ($id) { + case 'id-ce-certificatePolicies': + for ($j = 0; $j < count($value); $j++) { + if (!isset($value[$j]['policyQualifiers'])) { + continue; + } + for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) { + $subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId']; + $map = $this->getMapping($subid); + $subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier']; + if ($map !== false) { + // by default \phpseclib3\File\ASN1 will try to render qualifier as a \phpseclib3\File\ASN1::TYPE_IA5_STRING since it's + // actual type is \phpseclib3\File\ASN1::TYPE_ANY + $subvalue = new Element(ASN1::encodeDER($subvalue, $map)); + } + } + } + break; + case 'id-ce-authorityKeyIdentifier': // use 00 as the serial number instead of an empty string + if (isset($value['authorityCertSerialNumber'])) { + if ($value['authorityCertSerialNumber']->toBytes() == '') { + $temp = chr((ASN1::CLASS_CONTEXT_SPECIFIC << 6) | 2) . "\1\0"; + $value['authorityCertSerialNumber'] = new Element($temp); + } + } + } + + /* [extnValue] contains the DER encoding of an ASN.1 value + corresponding to the extension type identified by extnID */ + $map = $this->getMapping($id); + if (is_bool($map)) { + if (!$map) { + //user_error($id . ' is not a currently supported extension'); + unset($extensions[$i]); + } + } else { + $value = ASN1::encodeDER($value, $map, ['iPAddress' => [static::class, 'encodeIP']]); + } + } + } + } + + /** + * Map attribute values from ANY type to attribute-specific internal + * format. + * + * @param array $root (by reference) + * @param string $path + */ + private function mapInAttributes(&$root, $path) + { + $attributes = &$this->subArray($root, $path); + + if (is_array($attributes)) { + for ($i = 0; $i < count($attributes); $i++) { + $id = $attributes[$i]['type']; + /* $value contains the DER encoding of an ASN.1 value + corresponding to the attribute type identified by type */ + $map = $this->getMapping($id); + if (is_array($attributes[$i]['value'])) { + $values = &$attributes[$i]['value']; + for ($j = 0; $j < count($values); $j++) { + $value = ASN1::encodeDER($values[$j], Maps\AttributeValue::MAP); + $decoded = ASN1::decodeBER($value); + if (!is_bool($map)) { + if (!$decoded) { + continue; + } + $mapped = ASN1::asn1map($decoded[0], $map); + if ($mapped !== false) { + $values[$j] = $mapped; + } + if ($id == 'pkcs-9-at-extensionRequest' && $this->isSubArrayValid($values, $j)) { + $this->mapInExtensions($values, $j); + } + } elseif ($map) { + $values[$j] = $value; + } + } + } + } + } + } + + /** + * Map attribute values from attribute-specific internal format to + * ANY type. + * + * @param array $root (by reference) + * @param string $path + */ + private function mapOutAttributes(&$root, $path) + { + $attributes = &$this->subArray($root, $path); + + if (is_array($attributes)) { + $size = count($attributes); + for ($i = 0; $i < $size; $i++) { + /* [value] contains the DER encoding of an ASN.1 value + corresponding to the attribute type identified by type */ + $id = $attributes[$i]['type']; + $map = $this->getMapping($id); + if ($map === false) { + //user_error($id . ' is not a currently supported attribute', E_USER_NOTICE); + unset($attributes[$i]); + } elseif (is_array($attributes[$i]['value'])) { + $values = &$attributes[$i]['value']; + for ($j = 0; $j < count($values); $j++) { + switch ($id) { + case 'pkcs-9-at-extensionRequest': + $this->mapOutExtensions($values, $j); + break; + } + + if (!is_bool($map)) { + $temp = ASN1::encodeDER($values[$j], $map); + $decoded = ASN1::decodeBER($temp); + if (!$decoded) { + continue; + } + $values[$j] = ASN1::asn1map($decoded[0], Maps\AttributeValue::MAP); + } + } + } + } + } + } + + /** + * Map DN values from ANY type to DN-specific internal + * format. + * + * @param array $root (by reference) + * @param string $path + */ + private function mapInDNs(array &$root, $path) + { + $dns = &$this->subArray($root, $path); + + if (is_array($dns)) { + for ($i = 0; $i < count($dns); $i++) { + for ($j = 0; $j < count($dns[$i]); $j++) { + $type = $dns[$i][$j]['type']; + $value = &$dns[$i][$j]['value']; + if (is_object($value) && $value instanceof Element) { + $map = $this->getMapping($type); + if (!is_bool($map)) { + $decoded = ASN1::decodeBER($value); + if (!$decoded) { + continue; + } + $value = ASN1::asn1map($decoded[0], $map); + } + } + } + } + } + } + + /** + * Map DN values from DN-specific internal format to + * ANY type. + * + * @param array $root (by reference) + * @param string $path + */ + private function mapOutDNs(array &$root, $path) + { + $dns = &$this->subArray($root, $path); + + if (is_array($dns)) { + $size = count($dns); + for ($i = 0; $i < $size; $i++) { + for ($j = 0; $j < count($dns[$i]); $j++) { + $type = $dns[$i][$j]['type']; + $value = &$dns[$i][$j]['value']; + if (is_object($value) && $value instanceof Element) { + continue; + } + + $map = $this->getMapping($type); + if (!is_bool($map)) { + $value = new Element(ASN1::encodeDER($value, $map)); + } + } + } + } + } + + /** + * Associate an extension ID to an extension mapping + * + * @param string $extnId + * @return mixed + */ + private function getMapping($extnId) + { + if (!is_string($extnId)) { // eg. if it's a \phpseclib3\File\ASN1\Element object + return true; + } + + if (isset(self::$extensions[$extnId])) { + return self::$extensions[$extnId]; + } + + switch ($extnId) { + case 'id-ce-keyUsage': + return Maps\KeyUsage::MAP; + case 'id-ce-basicConstraints': + return Maps\BasicConstraints::MAP; + case 'id-ce-subjectKeyIdentifier': + return Maps\KeyIdentifier::MAP; + case 'id-ce-cRLDistributionPoints': + return Maps\CRLDistributionPoints::MAP; + case 'id-ce-authorityKeyIdentifier': + return Maps\AuthorityKeyIdentifier::MAP; + case 'id-ce-certificatePolicies': + return Maps\CertificatePolicies::MAP; + case 'id-ce-extKeyUsage': + return Maps\ExtKeyUsageSyntax::MAP; + case 'id-pe-authorityInfoAccess': + return Maps\AuthorityInfoAccessSyntax::MAP; + case 'id-ce-subjectAltName': + return Maps\SubjectAltName::MAP; + case 'id-ce-subjectDirectoryAttributes': + return Maps\SubjectDirectoryAttributes::MAP; + case 'id-ce-privateKeyUsagePeriod': + return Maps\PrivateKeyUsagePeriod::MAP; + case 'id-ce-issuerAltName': + return Maps\IssuerAltName::MAP; + case 'id-ce-policyMappings': + return Maps\PolicyMappings::MAP; + case 'id-ce-nameConstraints': + return Maps\NameConstraints::MAP; + + case 'netscape-cert-type': + return Maps\netscape_cert_type::MAP; + case 'netscape-comment': + return Maps\netscape_comment::MAP; + case 'netscape-ca-policy-url': + return Maps\netscape_ca_policy_url::MAP; + + // since id-qt-cps isn't a constructed type it will have already been decoded as a string by the time it gets + // back around to asn1map() and we don't want it decoded again. + //case 'id-qt-cps': + // return Maps\CPSuri::MAP; + case 'id-qt-unotice': + return Maps\UserNotice::MAP; + + // the following OIDs are unsupported but we don't want them to give notices when calling saveX509(). + case 'id-pe-logotype': // http://www.ietf.org/rfc/rfc3709.txt + case 'entrustVersInfo': + // http://support.microsoft.com/kb/287547 + case '1.3.6.1.4.1.311.20.2': // szOID_ENROLL_CERTTYPE_EXTENSION + case '1.3.6.1.4.1.311.21.1': // szOID_CERTSRV_CA_VERSION + // "SET Secure Electronic Transaction Specification" + // http://www.maithean.com/docs/set_bk3.pdf + case '2.23.42.7.0': // id-set-hashedRootKey + // "Certificate Transparency" + // https://tools.ietf.org/html/rfc6962 + case '1.3.6.1.4.1.11129.2.4.2': + // "Qualified Certificate statements" + // https://tools.ietf.org/html/rfc3739#section-3.2.6 + case '1.3.6.1.5.5.7.1.3': + return true; + + // CSR attributes + case 'pkcs-9-at-unstructuredName': + return Maps\PKCS9String::MAP; + case 'pkcs-9-at-challengePassword': + return Maps\DirectoryString::MAP; + case 'pkcs-9-at-extensionRequest': + return Maps\Extensions::MAP; + + // CRL extensions. + case 'id-ce-cRLNumber': + return Maps\CRLNumber::MAP; + case 'id-ce-deltaCRLIndicator': + return Maps\CRLNumber::MAP; + case 'id-ce-issuingDistributionPoint': + return Maps\IssuingDistributionPoint::MAP; + case 'id-ce-freshestCRL': + return Maps\CRLDistributionPoints::MAP; + case 'id-ce-cRLReasons': + return Maps\CRLReason::MAP; + case 'id-ce-invalidityDate': + return Maps\InvalidityDate::MAP; + case 'id-ce-certificateIssuer': + return Maps\CertificateIssuer::MAP; + case 'id-ce-holdInstructionCode': + return Maps\HoldInstructionCode::MAP; + case 'id-at-postalAddress': + return Maps\PostalAddress::MAP; + } + + return false; + } + + /** + * Load an X.509 certificate as a certificate authority + * + * @param string $cert + * @return bool + */ + public function loadCA($cert) + { + $olddn = $this->dn; + $oldcert = $this->currentCert; + $oldsigsubj = $this->signatureSubject; + $oldkeyid = $this->currentKeyIdentifier; + + $cert = $this->loadX509($cert); + if (!$cert) { + $this->dn = $olddn; + $this->currentCert = $oldcert; + $this->signatureSubject = $oldsigsubj; + $this->currentKeyIdentifier = $oldkeyid; + + return false; + } + + /* From RFC5280 "PKIX Certificate and CRL Profile": + + If the keyUsage extension is present, then the subject public key + MUST NOT be used to verify signatures on certificates or CRLs unless + the corresponding keyCertSign or cRLSign bit is set. */ + //$keyUsage = $this->getExtension('id-ce-keyUsage'); + //if ($keyUsage && !in_array('keyCertSign', $keyUsage)) { + // return false; + //} + + /* From RFC5280 "PKIX Certificate and CRL Profile": + + The cA boolean indicates whether the certified public key may be used + to verify certificate signatures. If the cA boolean is not asserted, + then the keyCertSign bit in the key usage extension MUST NOT be + asserted. If the basic constraints extension is not present in a + version 3 certificate, or the extension is present but the cA boolean + is not asserted, then the certified public key MUST NOT be used to + verify certificate signatures. */ + //$basicConstraints = $this->getExtension('id-ce-basicConstraints'); + //if (!$basicConstraints || !$basicConstraints['cA']) { + // return false; + //} + + $this->CAs[] = $cert; + + $this->dn = $olddn; + $this->currentCert = $oldcert; + $this->signatureSubject = $oldsigsubj; + + return true; + } + + /** + * Validate an X.509 certificate against a URL + * + * From RFC2818 "HTTP over TLS": + * + * Matching is performed using the matching rules specified by + * [RFC2459]. If more than one identity of a given type is present in + * the certificate (e.g., more than one dNSName name, a match in any one + * of the set is considered acceptable.) Names may contain the wildcard + * character * which is considered to match any single domain name + * component or component fragment. E.g., *.a.com matches foo.a.com but + * not bar.foo.a.com. f*.com matches foo.com but not bar.com. + * + * @param string $url + * @return bool + */ + public function validateURL($url) + { + if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { + return false; + } + + $components = parse_url($url); + if (!isset($components['host'])) { + return false; + } + + if ($names = $this->getExtension('id-ce-subjectAltName')) { + foreach ($names as $name) { + foreach ($name as $key => $value) { + $value = preg_quote($value); + $value = str_replace('\*', '[^.]*', $value); + switch ($key) { + case 'dNSName': + /* From RFC2818 "HTTP over TLS": + + If a subjectAltName extension of type dNSName is present, that MUST + be used as the identity. Otherwise, the (most specific) Common Name + field in the Subject field of the certificate MUST be used. Although + the use of the Common Name is existing practice, it is deprecated and + Certification Authorities are encouraged to use the dNSName instead. */ + if (preg_match('#^' . $value . '$#', $components['host'])) { + return true; + } + break; + case 'iPAddress': + /* From RFC2818 "HTTP over TLS": + + In some cases, the URI is specified as an IP address rather than a + hostname. In this case, the iPAddress subjectAltName must be present + in the certificate and must exactly match the IP in the URI. */ + if (preg_match('#(?:\d{1-3}\.){4}#', $components['host'] . '.') && preg_match('#^' . $value . '$#', $components['host'])) { + return true; + } + } + } + } + return false; + } + + if ($value = $this->getDNProp('id-at-commonName')) { + $value = str_replace(['.', '*'], ['\.', '[^.]*'], $value[0]); + return preg_match('#^' . $value . '$#', $components['host']) === 1; + } + + return false; + } + + /** + * Validate a date + * + * If $date isn't defined it is assumed to be the current date. + * + * @param \DateTimeInterface|string $date optional + * @return bool + */ + public function validateDate($date = null) + { + if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { + return false; + } + + if (!isset($date)) { + $date = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + } + + $notBefore = $this->currentCert['tbsCertificate']['validity']['notBefore']; + $notBefore = isset($notBefore['generalTime']) ? $notBefore['generalTime'] : $notBefore['utcTime']; + + $notAfter = $this->currentCert['tbsCertificate']['validity']['notAfter']; + $notAfter = isset($notAfter['generalTime']) ? $notAfter['generalTime'] : $notAfter['utcTime']; + + if (is_string($date)) { + $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); + } + + $notBefore = new \DateTimeImmutable($notBefore, new \DateTimeZone(@date_default_timezone_get())); + $notAfter = new \DateTimeImmutable($notAfter, new \DateTimeZone(@date_default_timezone_get())); + + return $date >= $notBefore && $date <= $notAfter; + } + + /** + * Fetches a URL + * + * @param string $url + * @return bool|string + */ + private static function fetchURL($url) + { + if (self::$disable_url_fetch) { + return false; + } + + $parts = parse_url($url); + $data = ''; + switch ($parts['scheme']) { + case 'http': + $fsock = @fsockopen($parts['host'], isset($parts['port']) ? $parts['port'] : 80); + if (!$fsock) { + return false; + } + $path = $parts['path']; + if (isset($parts['query'])) { + $path .= '?' . $parts['query']; + } + fputs($fsock, "GET $path HTTP/1.0\r\n"); + fputs($fsock, "Host: $parts[host]\r\n\r\n"); + $line = fgets($fsock, 1024); + if (strlen($line) < 3) { + return false; + } + preg_match('#HTTP/1.\d (\d{3})#', $line, $temp); + if ($temp[1] != '200') { + return false; + } + + // skip the rest of the headers in the http response + while (!feof($fsock) && fgets($fsock, 1024) != "\r\n") { + } + + while (!feof($fsock)) { + $temp = fread($fsock, 1024); + if ($temp === false) { + return false; + } + $data .= $temp; + } + + break; + //case 'ftp': + //case 'ldap': + //default: + } + + return $data; + } + + /** + * Validates an intermediate cert as identified via authority info access extension + * + * See https://tools.ietf.org/html/rfc4325 for more info + * + * @param bool $caonly + * @param int $count + * @return bool + */ + private function testForIntermediate($caonly, $count) + { + $opts = $this->getExtension('id-pe-authorityInfoAccess'); + if (!is_array($opts)) { + return false; + } + foreach ($opts as $opt) { + if ($opt['accessMethod'] == 'id-ad-caIssuers') { + // accessLocation is a GeneralName. GeneralName fields support stuff like email addresses, IP addresses, LDAP, + // etc, but we're only supporting URI's. URI's and LDAP are the only thing https://tools.ietf.org/html/rfc4325 + // discusses + if (isset($opt['accessLocation']['uniformResourceIdentifier'])) { + $url = $opt['accessLocation']['uniformResourceIdentifier']; + break; + } + } + } + + if (!isset($url)) { + return false; + } + + $cert = static::fetchURL($url); + if (!is_string($cert)) { + return false; + } + + $parent = new static(); + $parent->CAs = $this->CAs; + /* + "Conforming applications that support HTTP or FTP for accessing + certificates MUST be able to accept .cer files and SHOULD be able + to accept .p7c files." -- https://tools.ietf.org/html/rfc4325 + + A .p7c file is 'a "certs-only" CMS message as specified in RFC 2797" + + These are currently unsupported + */ + if (!is_array($parent->loadX509($cert))) { + return false; + } + + if (!$parent->validateSignatureCountable($caonly, ++$count)) { + return false; + } + + $this->CAs[] = $parent->currentCert; + //$this->loadCA($cert); + + return true; + } + + /** + * Validate a signature + * + * Works on X.509 certs, CSR's and CRL's. + * Returns true if the signature is verified, false if it is not correct or null on error + * + * By default returns false for self-signed certs. Call validateSignature(false) to make this support + * self-signed. + * + * The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}. + * + * @param bool $caonly optional + * @return mixed + */ + public function validateSignature($caonly = true) + { + return $this->validateSignatureCountable($caonly, 0); + } + + /** + * Validate a signature + * + * Performs said validation whilst keeping track of how many times validation method is called + * + * @param bool $caonly + * @param int $count + * @return mixed + */ + private function validateSignatureCountable($caonly, $count) + { + if (!is_array($this->currentCert) || !isset($this->signatureSubject)) { + return null; + } + + if ($count == self::$recur_limit) { + return false; + } + + /* TODO: + "emailAddress attribute values are not case-sensitive (e.g., "subscriber@example.com" is the same as "SUBSCRIBER@EXAMPLE.COM")." + -- http://tools.ietf.org/html/rfc5280#section-4.1.2.6 + + implement pathLenConstraint in the id-ce-basicConstraints extension */ + + switch (true) { + case isset($this->currentCert['tbsCertificate']): + // self-signed cert + switch (true) { + case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertificate']['issuer'] === $this->currentCert['tbsCertificate']['subject']: + case defined('FILE_X509_IGNORE_TYPE') && $this->getIssuerDN(self::DN_STRING) === $this->getDN(self::DN_STRING): + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier'); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier'); + switch (true) { + case !is_array($authorityKey): + case !$subjectKeyID: + case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + $signingCert = $this->currentCert; // working cert + } + } + + if (!empty($this->CAs)) { + for ($i = 0; $i < count($this->CAs); $i++) { + // even if the cert is a self-signed one we still want to see if it's a CA; + // if not, we'll conditionally return an error + $ca = $this->CAs[$i]; + switch (true) { + case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertificate']['issuer'] === $ca['tbsCertificate']['subject']: + case defined('FILE_X509_IGNORE_TYPE') && $this->getDN(self::DN_STRING, $this->currentCert['tbsCertificate']['issuer']) === $this->getDN(self::DN_STRING, $ca['tbsCertificate']['subject']): + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier'); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca); + switch (true) { + case !is_array($authorityKey): + case !$subjectKeyID: + case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && !$authorityKey['authorityCertSerialNumber']->equals($ca['tbsCertificate']['serialNumber'])) { + break 2; // serial mismatch - check other ca + } + $signingCert = $ca; // working cert + break 3; + } + } + } + if (count($this->CAs) == $i && $caonly) { + return $this->testForIntermediate($caonly, $count) && $this->validateSignature($caonly); + } + } elseif (!isset($signingCert) || $caonly) { + return $this->testForIntermediate($caonly, $count) && $this->validateSignature($caonly); + } + return $this->validateSignatureHelper( + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'], + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + case isset($this->currentCert['certificationRequestInfo']): + return $this->validateSignatureHelper( + $this->currentCert['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm'], + $this->currentCert['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + case isset($this->currentCert['publicKeyAndChallenge']): + return $this->validateSignatureHelper( + $this->currentCert['publicKeyAndChallenge']['spki']['algorithm']['algorithm'], + $this->currentCert['publicKeyAndChallenge']['spki']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + case isset($this->currentCert['tbsCertList']): + if (!empty($this->CAs)) { + for ($i = 0; $i < count($this->CAs); $i++) { + $ca = $this->CAs[$i]; + switch (true) { + case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertList']['issuer'] === $ca['tbsCertificate']['subject']: + case defined('FILE_X509_IGNORE_TYPE') && $this->getDN(self::DN_STRING, $this->currentCert['tbsCertList']['issuer']) === $this->getDN(self::DN_STRING, $ca['tbsCertificate']['subject']): + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier'); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca); + switch (true) { + case !is_array($authorityKey): + case !$subjectKeyID: + case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && !$authorityKey['authorityCertSerialNumber']->equals($ca['tbsCertificate']['serialNumber'])) { + break 2; // serial mismatch - check other ca + } + $signingCert = $ca; // working cert + break 3; + } + } + } + } + if (!isset($signingCert)) { + return false; + } + return $this->validateSignatureHelper( + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'], + $signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], + $this->currentCert['signatureAlgorithm']['algorithm'], + substr($this->currentCert['signature'], 1), + $this->signatureSubject + ); + default: + return false; + } + } + + /** + * Validates a signature + * + * Returns true if the signature is verified and false if it is not correct. + * If the algorithms are unsupposed an exception is thrown. + * + * @param string $publicKeyAlgorithm + * @param string $publicKey + * @param string $signatureAlgorithm + * @param string $signature + * @param string $signatureSubject + * @throws UnsupportedAlgorithmException if the algorithm is unsupported + * @return bool + */ + private function validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) + { + switch ($publicKeyAlgorithm) { + case 'id-RSASSA-PSS': + $key = RSA::loadFormat('PSS', $publicKey); + break; + case 'rsaEncryption': + $key = RSA::loadFormat('PKCS8', $publicKey); + switch ($signatureAlgorithm) { + case 'id-RSASSA-PSS': + break; + case 'md2WithRSAEncryption': + case 'md5WithRSAEncryption': + case 'sha1WithRSAEncryption': + case 'sha224WithRSAEncryption': + case 'sha256WithRSAEncryption': + case 'sha384WithRSAEncryption': + case 'sha512WithRSAEncryption': + $key = $key + ->withHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm)) + ->withPadding(RSA::SIGNATURE_PKCS1); + break; + default: + throw new UnsupportedAlgorithmException('Signature algorithm unsupported'); + } + break; + case 'id-Ed25519': + case 'id-Ed448': + $key = EC::loadFormat('PKCS8', $publicKey); + break; + case 'id-ecPublicKey': + $key = EC::loadFormat('PKCS8', $publicKey); + switch ($signatureAlgorithm) { + case 'ecdsa-with-SHA1': + case 'ecdsa-with-SHA224': + case 'ecdsa-with-SHA256': + case 'ecdsa-with-SHA384': + case 'ecdsa-with-SHA512': + $key = $key + ->withHash(preg_replace('#^ecdsa-with-#', '', strtolower($signatureAlgorithm))); + break; + default: + throw new UnsupportedAlgorithmException('Signature algorithm unsupported'); + } + break; + case 'id-dsa': + $key = DSA::loadFormat('PKCS8', $publicKey); + switch ($signatureAlgorithm) { + case 'id-dsa-with-sha1': + case 'id-dsa-with-sha224': + case 'id-dsa-with-sha256': + $key = $key + ->withHash(preg_replace('#^id-dsa-with-#', '', strtolower($signatureAlgorithm))); + break; + default: + throw new UnsupportedAlgorithmException('Signature algorithm unsupported'); + } + break; + default: + throw new UnsupportedAlgorithmException('Public key algorithm unsupported'); + } + + return $key->verify($signatureSubject, $signature); + } + + /** + * Sets the recursion limit + * + * When validating a signature it may be necessary to download intermediate certs from URI's. + * An intermediate cert that linked to itself would result in an infinite loop so to prevent + * that we set a recursion limit. A negative number means that there is no recursion limit. + * + * @param int $count + */ + public static function setRecurLimit($count) + { + self::$recur_limit = $count; + } + + /** + * Prevents URIs from being automatically retrieved + * + */ + public static function disableURLFetch() + { + self::$disable_url_fetch = true; + } + + /** + * Allows URIs to be automatically retrieved + * + */ + public static function enableURLFetch() + { + self::$disable_url_fetch = false; + } + + /** + * Decodes an IP address + * + * Takes in a base64 encoded "blob" and returns a human readable IP address + * + * @param string $ip + * @return string + */ + public static function decodeIP($ip) + { + return inet_ntop($ip); + } + + /** + * Decodes an IP address in a name constraints extension + * + * Takes in a base64 encoded "blob" and returns a human readable IP address / mask + * + * @param string $ip + * @return array + */ + public static function decodeNameConstraintIP($ip) + { + $size = strlen($ip) >> 1; + $mask = substr($ip, $size); + $ip = substr($ip, 0, $size); + return [inet_ntop($ip), inet_ntop($mask)]; + } + + /** + * Encodes an IP address + * + * Takes a human readable IP address into a base64-encoded "blob" + * + * @param string|array $ip + * @return string + */ + public static function encodeIP($ip) + { + return is_string($ip) ? + inet_pton($ip) : + inet_pton($ip[0]) . inet_pton($ip[1]); + } + + /** + * "Normalizes" a Distinguished Name property + * + * @param string $propName + * @return mixed + */ + private function translateDNProp($propName) + { + switch (strtolower($propName)) { + case 'jurisdictionofincorporationcountryname': + case 'jurisdictioncountryname': + case 'jurisdictionc': + return 'jurisdictionOfIncorporationCountryName'; + case 'jurisdictionofincorporationstateorprovincename': + case 'jurisdictionstateorprovincename': + case 'jurisdictionst': + return 'jurisdictionOfIncorporationStateOrProvinceName'; + case 'jurisdictionlocalityname': + case 'jurisdictionl': + return 'jurisdictionLocalityName'; + case 'id-at-businesscategory': + case 'businesscategory': + return 'id-at-businessCategory'; + case 'id-at-countryname': + case 'countryname': + case 'c': + return 'id-at-countryName'; + case 'id-at-organizationname': + case 'organizationname': + case 'o': + return 'id-at-organizationName'; + case 'id-at-dnqualifier': + case 'dnqualifier': + return 'id-at-dnQualifier'; + case 'id-at-commonname': + case 'commonname': + case 'cn': + return 'id-at-commonName'; + case 'id-at-stateorprovincename': + case 'stateorprovincename': + case 'state': + case 'province': + case 'provincename': + case 'st': + return 'id-at-stateOrProvinceName'; + case 'id-at-localityname': + case 'localityname': + case 'l': + return 'id-at-localityName'; + case 'id-emailaddress': + case 'emailaddress': + return 'pkcs-9-at-emailAddress'; + case 'id-at-serialnumber': + case 'serialnumber': + return 'id-at-serialNumber'; + case 'id-at-postalcode': + case 'postalcode': + return 'id-at-postalCode'; + case 'id-at-streetaddress': + case 'streetaddress': + return 'id-at-streetAddress'; + case 'id-at-name': + case 'name': + return 'id-at-name'; + case 'id-at-givenname': + case 'givenname': + return 'id-at-givenName'; + case 'id-at-surname': + case 'surname': + case 'sn': + return 'id-at-surname'; + case 'id-at-initials': + case 'initials': + return 'id-at-initials'; + case 'id-at-generationqualifier': + case 'generationqualifier': + return 'id-at-generationQualifier'; + case 'id-at-organizationalunitname': + case 'organizationalunitname': + case 'ou': + return 'id-at-organizationalUnitName'; + case 'id-at-pseudonym': + case 'pseudonym': + return 'id-at-pseudonym'; + case 'id-at-title': + case 'title': + return 'id-at-title'; + case 'id-at-description': + case 'description': + return 'id-at-description'; + case 'id-at-role': + case 'role': + return 'id-at-role'; + case 'id-at-uniqueidentifier': + case 'uniqueidentifier': + case 'x500uniqueidentifier': + return 'id-at-uniqueIdentifier'; + case 'postaladdress': + case 'id-at-postaladdress': + return 'id-at-postalAddress'; + default: + return false; + } + } + + /** + * Set a Distinguished Name property + * + * @param string $propName + * @param mixed $propValue + * @param string $type optional + * @return bool + */ + public function setDNProp($propName, $propValue, $type = 'utf8String') + { + if (empty($this->dn)) { + $this->dn = ['rdnSequence' => []]; + } + + if (($propName = $this->translateDNProp($propName)) === false) { + return false; + } + + foreach ((array) $propValue as $v) { + if (!is_array($v) && isset($type)) { + $v = [$type => $v]; + } + $this->dn['rdnSequence'][] = [ + [ + 'type' => $propName, + 'value' => $v + ] + ]; + } + + return true; + } + + /** + * Remove Distinguished Name properties + * + * @param string $propName + */ + public function removeDNProp($propName) + { + if (empty($this->dn)) { + return; + } + + if (($propName = $this->translateDNProp($propName)) === false) { + return; + } + + $dn = &$this->dn['rdnSequence']; + $size = count($dn); + for ($i = 0; $i < $size; $i++) { + if ($dn[$i][0]['type'] == $propName) { + unset($dn[$i]); + } + } + + $dn = array_values($dn); + // fix for https://bugs.php.net/75433 affecting PHP 7.2 + if (!isset($dn[0])) { + $dn = array_splice($dn, 0, 0); + } + } + + /** + * Get Distinguished Name properties + * + * @param string $propName + * @param array $dn optional + * @param bool $withType optional + * @return mixed + */ + public function getDNProp($propName, array $dn = null, $withType = false) + { + if (!isset($dn)) { + $dn = $this->dn; + } + + if (empty($dn)) { + return false; + } + + if (($propName = $this->translateDNProp($propName)) === false) { + return false; + } + + $filters = []; + $filters['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $this->mapOutDNs($dn, 'rdnSequence'); + $dn = $dn['rdnSequence']; + $result = []; + for ($i = 0; $i < count($dn); $i++) { + if ($dn[$i][0]['type'] == $propName) { + $v = $dn[$i][0]['value']; + if (!$withType) { + if (is_array($v)) { + foreach ($v as $type => $s) { + $type = array_search($type, ASN1::ANY_MAP); + if ($type !== false && array_key_exists($type, ASN1::STRING_TYPE_SIZE)) { + $s = ASN1::convert($s, $type); + if ($s !== false) { + $v = $s; + break; + } + } + } + if (is_array($v)) { + $v = array_pop($v); // Always strip data type. + } + } elseif (is_object($v) && $v instanceof Element) { + $map = $this->getMapping($propName); + if (!is_bool($map)) { + $decoded = ASN1::decodeBER($v); + if (!$decoded) { + return false; + } + $v = ASN1::asn1map($decoded[0], $map); + } + } + } + $result[] = $v; + } + } + + return $result; + } + + /** + * Set a Distinguished Name + * + * @param mixed $dn + * @param bool $merge optional + * @param string $type optional + * @return bool + */ + public function setDN($dn, $merge = false, $type = 'utf8String') + { + if (!$merge) { + $this->dn = null; + } + + if (is_array($dn)) { + if (isset($dn['rdnSequence'])) { + $this->dn = $dn; // No merge here. + return true; + } + + // handles stuff generated by openssl_x509_parse() + foreach ($dn as $prop => $value) { + if (!$this->setDNProp($prop, $value, $type)) { + return false; + } + } + return true; + } + + // handles everything else + $results = preg_split('#((?:^|, *|/)(?:C=|O=|OU=|CN=|L=|ST=|SN=|postalCode=|streetAddress=|emailAddress=|serialNumber=|organizationalUnitName=|title=|description=|role=|x500UniqueIdentifier=|postalAddress=))#', $dn, -1, PREG_SPLIT_DELIM_CAPTURE); + for ($i = 1; $i < count($results); $i += 2) { + $prop = trim($results[$i], ', =/'); + $value = $results[$i + 1]; + if (!$this->setDNProp($prop, $value, $type)) { + return false; + } + } + + return true; + } + + /** + * Get the Distinguished Name for a certificates subject + * + * @param mixed $format optional + * @param array $dn optional + * @return array|bool|string + */ + public function getDN($format = self::DN_ARRAY, array $dn = null) + { + if (!isset($dn)) { + $dn = isset($this->currentCert['tbsCertList']) ? $this->currentCert['tbsCertList']['issuer'] : $this->dn; + } + + switch ((int) $format) { + case self::DN_ARRAY: + return $dn; + case self::DN_ASN1: + $filters = []; + $filters['rdnSequence']['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $this->mapOutDNs($dn, 'rdnSequence'); + return ASN1::encodeDER($dn, Maps\Name::MAP); + case self::DN_CANON: + // No SEQUENCE around RDNs and all string values normalized as + // trimmed lowercase UTF-8 with all spacing as one blank. + // constructed RDNs will not be canonicalized + $filters = []; + $filters['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $result = ''; + $this->mapOutDNs($dn, 'rdnSequence'); + foreach ($dn['rdnSequence'] as $rdn) { + foreach ($rdn as $i => $attr) { + $attr = &$rdn[$i]; + if (is_array($attr['value'])) { + foreach ($attr['value'] as $type => $v) { + $type = array_search($type, ASN1::ANY_MAP, true); + if ($type !== false && array_key_exists($type, ASN1::STRING_TYPE_SIZE)) { + $v = ASN1::convert($v, $type); + if ($v !== false) { + $v = preg_replace('/\s+/', ' ', $v); + $attr['value'] = strtolower(trim($v)); + break; + } + } + } + } + } + $result .= ASN1::encodeDER($rdn, Maps\RelativeDistinguishedName::MAP); + } + return $result; + case self::DN_HASH: + $dn = $this->getDN(self::DN_CANON, $dn); + $hash = new Hash('sha1'); + $hash = $hash->hash($dn); + extract(unpack('Vhash', $hash)); + return strtolower(Strings::bin2hex(pack('N', $hash))); + } + + // Default is to return a string. + $start = true; + $output = ''; + + $result = []; + $filters = []; + $filters['rdnSequence']['value'] = ['type' => ASN1::TYPE_UTF8_STRING]; + ASN1::setFilters($filters); + $this->mapOutDNs($dn, 'rdnSequence'); + + foreach ($dn['rdnSequence'] as $field) { + $prop = $field[0]['type']; + $value = $field[0]['value']; + + $delim = ', '; + switch ($prop) { + case 'id-at-countryName': + $desc = 'C'; + break; + case 'id-at-stateOrProvinceName': + $desc = 'ST'; + break; + case 'id-at-organizationName': + $desc = 'O'; + break; + case 'id-at-organizationalUnitName': + $desc = 'OU'; + break; + case 'id-at-commonName': + $desc = 'CN'; + break; + case 'id-at-localityName': + $desc = 'L'; + break; + case 'id-at-surname': + $desc = 'SN'; + break; + case 'id-at-uniqueIdentifier': + $delim = '/'; + $desc = 'x500UniqueIdentifier'; + break; + case 'id-at-postalAddress': + $delim = '/'; + $desc = 'postalAddress'; + break; + default: + $delim = '/'; + $desc = preg_replace('#.+-([^-]+)$#', '$1', $prop); + } + + if (!$start) { + $output .= $delim; + } + if (is_array($value)) { + foreach ($value as $type => $v) { + $type = array_search($type, ASN1::ANY_MAP, true); + if ($type !== false && array_key_exists($type, ASN1::STRING_TYPE_SIZE)) { + $v = ASN1::convert($v, $type); + if ($v !== false) { + $value = $v; + break; + } + } + } + if (is_array($value)) { + $value = array_pop($value); // Always strip data type. + } + } elseif (is_object($value) && $value instanceof Element) { + $callback = function ($x) { + return '\x' . bin2hex($x[0]); + }; + $value = strtoupper(preg_replace_callback('#[^\x20-\x7E]#', $callback, $value->element)); + } + $output .= $desc . '=' . $value; + $result[$desc] = isset($result[$desc]) ? + array_merge((array) $result[$desc], [$value]) : + $value; + $start = false; + } + + return $format == self::DN_OPENSSL ? $result : $output; + } + + /** + * Get the Distinguished Name for a certificate/crl issuer + * + * @param int $format optional + * @return mixed + */ + public function getIssuerDN($format = self::DN_ARRAY) + { + switch (true) { + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDN($format, $this->currentCert['tbsCertificate']['issuer']); + case isset($this->currentCert['tbsCertList']): + return $this->getDN($format, $this->currentCert['tbsCertList']['issuer']); + } + + return false; + } + + /** + * Get the Distinguished Name for a certificate/csr subject + * Alias of getDN() + * + * @param int $format optional + * @return mixed + */ + public function getSubjectDN($format = self::DN_ARRAY) + { + switch (true) { + case !empty($this->dn): + return $this->getDN($format); + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDN($format, $this->currentCert['tbsCertificate']['subject']); + case isset($this->currentCert['certificationRequestInfo']): + return $this->getDN($format, $this->currentCert['certificationRequestInfo']['subject']); + } + + return false; + } + + /** + * Get an individual Distinguished Name property for a certificate/crl issuer + * + * @param string $propName + * @param bool $withType optional + * @return mixed + */ + public function getIssuerDNProp($propName, $withType = false) + { + switch (true) { + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDNProp($propName, $this->currentCert['tbsCertificate']['issuer'], $withType); + case isset($this->currentCert['tbsCertList']): + return $this->getDNProp($propName, $this->currentCert['tbsCertList']['issuer'], $withType); + } + + return false; + } + + /** + * Get an individual Distinguished Name property for a certificate/csr subject + * + * @param string $propName + * @param bool $withType optional + * @return mixed + */ + public function getSubjectDNProp($propName, $withType = false) + { + switch (true) { + case !empty($this->dn): + return $this->getDNProp($propName, null, $withType); + case !isset($this->currentCert) || !is_array($this->currentCert): + break; + case isset($this->currentCert['tbsCertificate']): + return $this->getDNProp($propName, $this->currentCert['tbsCertificate']['subject'], $withType); + case isset($this->currentCert['certificationRequestInfo']): + return $this->getDNProp($propName, $this->currentCert['certificationRequestInfo']['subject'], $withType); + } + + return false; + } + + /** + * Get the certificate chain for the current cert + * + * @return mixed + */ + public function getChain() + { + $chain = [$this->currentCert]; + + if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { + return false; + } + while (true) { + $currentCert = $chain[count($chain) - 1]; + for ($i = 0; $i < count($this->CAs); $i++) { + $ca = $this->CAs[$i]; + if ($currentCert['tbsCertificate']['issuer'] === $ca['tbsCertificate']['subject']) { + $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier', $currentCert); + $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca); + switch (true) { + case !is_array($authorityKey): + case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID: + if ($currentCert === $ca) { + break 3; + } + $chain[] = $ca; + break 2; + } + } + } + if ($i == count($this->CAs)) { + break; + } + } + foreach ($chain as $key => $value) { + $chain[$key] = new X509(); + $chain[$key]->loadX509($value); + } + return $chain; + } + + /** + * Returns the current cert + * + * @return array|bool + */ + public function &getCurrentCert() + { + return $this->currentCert; + } + + /** + * Set public key + * + * Key needs to be a \phpseclib3\Crypt\RSA object + * + * @param PublicKey $key + * @return void + */ + public function setPublicKey(PublicKey $key) + { + $this->publicKey = $key; + } + + /** + * Set private key + * + * Key needs to be a \phpseclib3\Crypt\RSA object + * + * @param PrivateKey $key + */ + public function setPrivateKey(PrivateKey $key) + { + $this->privateKey = $key; + } + + /** + * Set challenge + * + * Used for SPKAC CSR's + * + * @param string $challenge + */ + public function setChallenge($challenge) + { + $this->challenge = $challenge; + } + + /** + * Gets the public key + * + * Returns a \phpseclib3\Crypt\RSA object or a false. + * + * @return mixed + */ + public function getPublicKey() + { + if (isset($this->publicKey)) { + return $this->publicKey; + } + + if (isset($this->currentCert) && is_array($this->currentCert)) { + $paths = [ + 'tbsCertificate/subjectPublicKeyInfo', + 'certificationRequestInfo/subjectPKInfo', + 'publicKeyAndChallenge/spki' + ]; + foreach ($paths as $path) { + $keyinfo = $this->subArray($this->currentCert, $path); + if (!empty($keyinfo)) { + break; + } + } + } + if (empty($keyinfo)) { + return false; + } + + $key = $keyinfo['subjectPublicKey']; + + switch ($keyinfo['algorithm']['algorithm']) { + case 'id-RSASSA-PSS': + return RSA::loadFormat('PSS', $key); + case 'rsaEncryption': + return RSA::loadFormat('PKCS8', $key)->withPadding(RSA::SIGNATURE_PKCS1); + case 'id-ecPublicKey': + case 'id-Ed25519': + case 'id-Ed448': + return EC::loadFormat('PKCS8', $key); + case 'id-dsa': + return DSA::loadFormat('PKCS8', $key); + } + + return false; + } + + /** + * Load a Certificate Signing Request + * + * @param string $csr + * @param int $mode + * @return mixed + */ + public function loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT) + { + if (is_array($csr) && isset($csr['certificationRequestInfo'])) { + unset($this->currentCert); + unset($this->currentKeyIdentifier); + unset($this->signatureSubject); + $this->dn = $csr['certificationRequestInfo']['subject']; + if (!isset($this->dn)) { + return false; + } + + $this->currentCert = $csr; + return $csr; + } + + // see http://tools.ietf.org/html/rfc2986 + + if ($mode != self::FORMAT_DER) { + $newcsr = ASN1::extractBER($csr); + if ($mode == self::FORMAT_PEM && $csr == $newcsr) { + return false; + } + $csr = $newcsr; + } + $orig = $csr; + + if ($csr === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($csr); + + if (!$decoded) { + $this->currentCert = false; + return false; + } + + $csr = ASN1::asn1map($decoded[0], Maps\CertificationRequest::MAP); + if (!isset($csr) || $csr === false) { + $this->currentCert = false; + return false; + } + + $this->mapInAttributes($csr, 'certificationRequestInfo/attributes'); + $this->mapInDNs($csr, 'certificationRequestInfo/subject/rdnSequence'); + + $this->dn = $csr['certificationRequestInfo']['subject']; + + $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + $key = $csr['certificationRequestInfo']['subjectPKInfo']; + $key = ASN1::encodeDER($key, Maps\SubjectPublicKeyInfo::MAP); + $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'] = + "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + + $this->currentKeyIdentifier = null; + $this->currentCert = $csr; + + $this->publicKey = null; + $this->publicKey = $this->getPublicKey(); + + return $csr; + } + + /** + * Save CSR request + * + * @param array $csr + * @param int $format optional + * @return string + */ + public function saveCSR(array $csr, $format = self::FORMAT_PEM) + { + if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) { + return false; + } + + switch (true) { + case !($algorithm = $this->subArray($csr, 'certificationRequestInfo/subjectPKInfo/algorithm/algorithm')): + case is_object($csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): + break; + default: + $csr['certificationRequestInfo']['subjectPKInfo'] = new Element( + base64_decode(preg_replace('#-.+-|[\r\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])) + ); + } + + $filters = []; + $filters['certificationRequestInfo']['subject']['rdnSequence']['value'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + + ASN1::setFilters($filters); + + $this->mapOutDNs($csr, 'certificationRequestInfo/subject/rdnSequence'); + $this->mapOutAttributes($csr, 'certificationRequestInfo/attributes'); + $csr = ASN1::encodeDER($csr, Maps\CertificationRequest::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $csr; + // case self::FORMAT_PEM: + default: + return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(Strings::base64_encode($csr), 64) . '-----END CERTIFICATE REQUEST-----'; + } + } + + /** + * Load a SPKAC CSR + * + * SPKAC's are produced by the HTML5 keygen element: + * + * https://developer.mozilla.org/en-US/docs/HTML/Element/keygen + * + * @param string $spkac + * @return mixed + */ + public function loadSPKAC($spkac) + { + if (is_array($spkac) && isset($spkac['publicKeyAndChallenge'])) { + unset($this->currentCert); + unset($this->currentKeyIdentifier); + unset($this->signatureSubject); + $this->currentCert = $spkac; + return $spkac; + } + + // see http://www.w3.org/html/wg/drafts/html/master/forms.html#signedpublickeyandchallenge + + // OpenSSL produces SPKAC's that are preceded by the string SPKAC= + $temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac); + $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Strings::base64_decode($temp) : false; + if ($temp != false) { + $spkac = $temp; + } + $orig = $spkac; + + if ($spkac === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($spkac); + + if (!$decoded) { + $this->currentCert = false; + return false; + } + + $spkac = ASN1::asn1map($decoded[0], Maps\SignedPublicKeyAndChallenge::MAP); + + if (!isset($spkac) || !is_array($spkac)) { + $this->currentCert = false; + return false; + } + + $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + $key = $spkac['publicKeyAndChallenge']['spki']; + $key = ASN1::encodeDER($key, Maps\SubjectPublicKeyInfo::MAP); + $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'] = + "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(base64_encode($key), 64) . + "-----END PUBLIC KEY-----"; + + $this->currentKeyIdentifier = null; + $this->currentCert = $spkac; + + $this->publicKey = null; + $this->publicKey = $this->getPublicKey(); + + return $spkac; + } + + /** + * Save a SPKAC CSR request + * + * @param array $spkac + * @param int $format optional + * @return string + */ + public function saveSPKAC(array $spkac, $format = self::FORMAT_PEM) + { + if (!is_array($spkac) || !isset($spkac['publicKeyAndChallenge'])) { + return false; + } + + $algorithm = $this->subArray($spkac, 'publicKeyAndChallenge/spki/algorithm/algorithm'); + switch (true) { + case !$algorithm: + case is_object($spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']): + break; + default: + $spkac['publicKeyAndChallenge']['spki'] = new Element( + base64_decode(preg_replace('#-.+-|[\r\n]#', '', $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'])) + ); + } + + $spkac = ASN1::encodeDER($spkac, Maps\SignedPublicKeyAndChallenge::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $spkac; + // case self::FORMAT_PEM: + default: + // OpenSSL's implementation of SPKAC requires the SPKAC be preceded by SPKAC= and since there are pretty much + // no other SPKAC decoders phpseclib will use that same format + return 'SPKAC=' . Strings::base64_encode($spkac); + } + } + + /** + * Load a Certificate Revocation List + * + * @param string $crl + * @param int $mode + * @return mixed + */ + public function loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT) + { + if (is_array($crl) && isset($crl['tbsCertList'])) { + $this->currentCert = $crl; + unset($this->signatureSubject); + return $crl; + } + + if ($mode != self::FORMAT_DER) { + $newcrl = ASN1::extractBER($crl); + if ($mode == self::FORMAT_PEM && $crl == $newcrl) { + return false; + } + $crl = $newcrl; + } + $orig = $crl; + + if ($crl === false) { + $this->currentCert = false; + return false; + } + + $decoded = ASN1::decodeBER($crl); + + if (!$decoded) { + $this->currentCert = false; + return false; + } + + $crl = ASN1::asn1map($decoded[0], Maps\CertificateList::MAP); + if (!isset($crl) || $crl === false) { + $this->currentCert = false; + return false; + } + + $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + + $this->mapInDNs($crl, 'tbsCertList/issuer/rdnSequence'); + if ($this->isSubArrayValid($crl, 'tbsCertList/crlExtensions')) { + $this->mapInExtensions($crl, 'tbsCertList/crlExtensions'); + } + if ($this->isSubArrayValid($crl, 'tbsCertList/revokedCertificates')) { + $rclist_ref = &$this->subArrayUnchecked($crl, 'tbsCertList/revokedCertificates'); + if ($rclist_ref) { + $rclist = $crl['tbsCertList']['revokedCertificates']; + foreach ($rclist as $i => $extension) { + if ($this->isSubArrayValid($rclist, "$i/crlEntryExtensions")) { + $this->mapInExtensions($rclist_ref, "$i/crlEntryExtensions"); + } + } + } + } + + $this->currentKeyIdentifier = null; + $this->currentCert = $crl; + + return $crl; + } + + /** + * Save Certificate Revocation List. + * + * @param array $crl + * @param int $format optional + * @return string + */ + public function saveCRL(array $crl, $format = self::FORMAT_PEM) + { + if (!is_array($crl) || !isset($crl['tbsCertList'])) { + return false; + } + + $filters = []; + $filters['tbsCertList']['issuer']['rdnSequence']['value'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + $filters['tbsCertList']['signature']['parameters'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + $filters['signatureAlgorithm']['parameters'] + = ['type' => ASN1::TYPE_UTF8_STRING]; + + if (empty($crl['tbsCertList']['signature']['parameters'])) { + $filters['tbsCertList']['signature']['parameters'] + = ['type' => ASN1::TYPE_NULL]; + } + + if (empty($crl['signatureAlgorithm']['parameters'])) { + $filters['signatureAlgorithm']['parameters'] + = ['type' => ASN1::TYPE_NULL]; + } + + ASN1::setFilters($filters); + + $this->mapOutDNs($crl, 'tbsCertList/issuer/rdnSequence'); + $this->mapOutExtensions($crl, 'tbsCertList/crlExtensions'); + $rclist = &$this->subArray($crl, 'tbsCertList/revokedCertificates'); + if (is_array($rclist)) { + foreach ($rclist as $i => $extension) { + $this->mapOutExtensions($rclist, "$i/crlEntryExtensions"); + } + } + + $crl = ASN1::encodeDER($crl, Maps\CertificateList::MAP); + + switch ($format) { + case self::FORMAT_DER: + return $crl; + // case self::FORMAT_PEM: + default: + return "-----BEGIN X509 CRL-----\r\n" . chunk_split(Strings::base64_encode($crl), 64) . '-----END X509 CRL-----'; + } + } + + /** + * Helper function to build a time field according to RFC 3280 section + * - 4.1.2.5 Validity + * - 5.1.2.4 This Update + * - 5.1.2.5 Next Update + * - 5.1.2.6 Revoked Certificates + * by choosing utcTime iff year of date given is before 2050 and generalTime else. + * + * @param string $date in format date('D, d M Y H:i:s O') + * @return array|Element + */ + private function timeField($date) + { + if ($date instanceof Element) { + return $date; + } + $dateObj = new \DateTimeImmutable($date, new \DateTimeZone('GMT')); + $year = $dateObj->format('Y'); // the same way ASN1.php parses this + if ($year < 2050) { + return ['utcTime' => $date]; + } else { + return ['generalTime' => $date]; + } + } + + /** + * Sign an X.509 certificate + * + * $issuer's private key needs to be loaded. + * $subject can be either an existing X.509 cert (if you want to resign it), + * a CSR or something with the DN and public key explicitly set. + * + * @return mixed + */ + public function sign(X509 $issuer, X509 $subject) + { + if (!is_object($issuer->privateKey) || empty($issuer->dn)) { + return false; + } + + if (isset($subject->publicKey) && !($subjectPublicKey = $subject->formatSubjectPublicKey())) { + return false; + } + + $currentCert = isset($this->currentCert) ? $this->currentCert : null; + $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null; + $signatureAlgorithm = self::identifySignatureAlgorithm($issuer->privateKey); + + if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) { + $this->currentCert = $subject->currentCert; + $this->currentCert['tbsCertificate']['signature'] = $signatureAlgorithm; + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + + if (!empty($this->startDate)) { + $this->currentCert['tbsCertificate']['validity']['notBefore'] = $this->timeField($this->startDate); + } + if (!empty($this->endDate)) { + $this->currentCert['tbsCertificate']['validity']['notAfter'] = $this->timeField($this->endDate); + } + if (!empty($this->serialNumber)) { + $this->currentCert['tbsCertificate']['serialNumber'] = $this->serialNumber; + } + if (!empty($subject->dn)) { + $this->currentCert['tbsCertificate']['subject'] = $subject->dn; + } + if (!empty($subject->publicKey)) { + $this->currentCert['tbsCertificate']['subjectPublicKeyInfo'] = $subjectPublicKey; + } + $this->removeExtension('id-ce-authorityKeyIdentifier'); + if (isset($subject->domains)) { + $this->removeExtension('id-ce-subjectAltName'); + } + } elseif (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertList'])) { + return false; + } else { + if (!isset($subject->publicKey)) { + return false; + } + + $startDate = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + $startDate = !empty($this->startDate) ? $this->startDate : $startDate->format('D, d M Y H:i:s O'); + + $endDate = new \DateTimeImmutable('+1 year', new \DateTimeZone(@date_default_timezone_get())); + $endDate = !empty($this->endDate) ? $this->endDate : $endDate->format('D, d M Y H:i:s O'); + + /* "The serial number MUST be a positive integer" + "Conforming CAs MUST NOT use serialNumber values longer than 20 octets." + -- https://tools.ietf.org/html/rfc5280#section-4.1.2.2 + + for the integer to be positive the leading bit needs to be 0 hence the + application of a bitmap + */ + $serialNumber = !empty($this->serialNumber) ? + $this->serialNumber : + new BigInteger(Random::string(20) & ("\x7F" . str_repeat("\xFF", 19)), 256); + + $this->currentCert = [ + 'tbsCertificate' => + [ + 'version' => 'v3', + 'serialNumber' => $serialNumber, // $this->setSerialNumber() + 'signature' => $signatureAlgorithm, + 'issuer' => false, // this is going to be overwritten later + 'validity' => [ + 'notBefore' => $this->timeField($startDate), // $this->setStartDate() + 'notAfter' => $this->timeField($endDate) // $this->setEndDate() + ], + 'subject' => $subject->dn, + 'subjectPublicKeyInfo' => $subjectPublicKey + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false // this is going to be overwritten later + ]; + + // Copy extensions from CSR. + $csrexts = $subject->getAttribute('pkcs-9-at-extensionRequest', 0); + + if (!empty($csrexts)) { + $this->currentCert['tbsCertificate']['extensions'] = $csrexts; + } + } + + $this->currentCert['tbsCertificate']['issuer'] = $issuer->dn; + + if (isset($issuer->currentKeyIdentifier)) { + $this->setExtension('id-ce-authorityKeyIdentifier', [ + //'authorityCertIssuer' => array( + // array( + // 'directoryName' => $issuer->dn + // ) + //), + 'keyIdentifier' => $issuer->currentKeyIdentifier + ]); + //$extensions = &$this->currentCert['tbsCertificate']['extensions']; + //if (isset($issuer->serialNumber)) { + // $extensions[count($extensions) - 1]['authorityCertSerialNumber'] = $issuer->serialNumber; + //} + //unset($extensions); + } + + if (isset($subject->currentKeyIdentifier)) { + $this->setExtension('id-ce-subjectKeyIdentifier', $subject->currentKeyIdentifier); + } + + $altName = []; + + if (isset($subject->domains) && count($subject->domains)) { + $altName = array_map(['\phpseclib3\File\X509', 'dnsName'], $subject->domains); + } + + if (isset($subject->ipAddresses) && count($subject->ipAddresses)) { + // should an IP address appear as the CN if no domain name is specified? idk + //$ips = count($subject->domains) ? $subject->ipAddresses : array_slice($subject->ipAddresses, 1); + $ipAddresses = []; + foreach ($subject->ipAddresses as $ipAddress) { + $encoded = $subject->ipAddress($ipAddress); + if ($encoded !== false) { + $ipAddresses[] = $encoded; + } + } + if (count($ipAddresses)) { + $altName = array_merge($altName, $ipAddresses); + } + } + + if (!empty($altName)) { + $this->setExtension('id-ce-subjectAltName', $altName); + } + + if ($this->caFlag) { + $keyUsage = $this->getExtension('id-ce-keyUsage'); + if (!$keyUsage) { + $keyUsage = []; + } + + $this->setExtension( + 'id-ce-keyUsage', + array_values(array_unique(array_merge($keyUsage, ['cRLSign', 'keyCertSign']))) + ); + + $basicConstraints = $this->getExtension('id-ce-basicConstraints'); + if (!$basicConstraints) { + $basicConstraints = []; + } + + $this->setExtension( + 'id-ce-basicConstraints', + array_merge(['cA' => true], $basicConstraints), + true + ); + + if (!isset($subject->currentKeyIdentifier)) { + $this->setExtension('id-ce-subjectKeyIdentifier', $this->computeKeyIdentifier($this->currentCert), false, false); + } + } + + // resync $this->signatureSubject + // save $tbsCertificate in case there are any \phpseclib3\File\ASN1\Element objects in it + $tbsCertificate = $this->currentCert['tbsCertificate']; + $this->loadX509($this->saveX509($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $issuer->privateKey->sign($this->signatureSubject); + $result['tbsCertificate'] = $tbsCertificate; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Sign a CSR + * + * @return mixed + */ + public function signCSR() + { + if (!is_object($this->privateKey) || empty($this->dn)) { + return false; + } + + $origPublicKey = $this->publicKey; + $this->publicKey = $this->privateKey->getPublicKey(); + $publicKey = $this->formatSubjectPublicKey(); + $this->publicKey = $origPublicKey; + + $currentCert = isset($this->currentCert) ? $this->currentCert : null; + $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null; + $signatureAlgorithm = self::identifySignatureAlgorithm($this->privateKey); + + if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['certificationRequestInfo'])) { + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + if (!empty($this->dn)) { + $this->currentCert['certificationRequestInfo']['subject'] = $this->dn; + } + $this->currentCert['certificationRequestInfo']['subjectPKInfo'] = $publicKey; + } else { + $this->currentCert = [ + 'certificationRequestInfo' => + [ + 'version' => 'v1', + 'subject' => $this->dn, + 'subjectPKInfo' => $publicKey + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false // this is going to be overwritten later + ]; + } + + // resync $this->signatureSubject + // save $certificationRequestInfo in case there are any \phpseclib3\File\ASN1\Element objects in it + $certificationRequestInfo = $this->currentCert['certificationRequestInfo']; + $this->loadCSR($this->saveCSR($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $this->privateKey->sign($this->signatureSubject); + $result['certificationRequestInfo'] = $certificationRequestInfo; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Sign a SPKAC + * + * @return mixed + */ + public function signSPKAC() + { + if (!is_object($this->privateKey)) { + return false; + } + + $origPublicKey = $this->publicKey; + $this->publicKey = $this->privateKey->getPublicKey(); + $publicKey = $this->formatSubjectPublicKey(); + $this->publicKey = $origPublicKey; + + $currentCert = isset($this->currentCert) ? $this->currentCert : null; + $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null; + $signatureAlgorithm = self::identifySignatureAlgorithm($this->privateKey); + + // re-signing a SPKAC seems silly but since everything else supports re-signing why not? + if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['publicKeyAndChallenge'])) { + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + $this->currentCert['publicKeyAndChallenge']['spki'] = $publicKey; + if (!empty($this->challenge)) { + // the bitwise AND ensures that the output is a valid IA5String + $this->currentCert['publicKeyAndChallenge']['challenge'] = $this->challenge & str_repeat("\x7F", strlen($this->challenge)); + } + } else { + $this->currentCert = [ + 'publicKeyAndChallenge' => + [ + 'spki' => $publicKey, + // quoting , + // "A challenge string that is submitted along with the public key. Defaults to an empty string if not specified." + // both Firefox and OpenSSL ("openssl spkac -key private.key") behave this way + // we could alternatively do this instead if we ignored the specs: + // Random::string(8) & str_repeat("\x7F", 8) + 'challenge' => !empty($this->challenge) ? $this->challenge : '' + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false // this is going to be overwritten later + ]; + } + + // resync $this->signatureSubject + // save $publicKeyAndChallenge in case there are any \phpseclib3\File\ASN1\Element objects in it + $publicKeyAndChallenge = $this->currentCert['publicKeyAndChallenge']; + $this->loadSPKAC($this->saveSPKAC($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $this->privateKey->sign($this->signatureSubject); + $result['publicKeyAndChallenge'] = $publicKeyAndChallenge; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Sign a CRL + * + * $issuer's private key needs to be loaded. + * + * @return mixed + */ + public function signCRL(X509 $issuer, X509 $crl) + { + if (!is_object($issuer->privateKey) || empty($issuer->dn)) { + return false; + } + + $currentCert = isset($this->currentCert) ? $this->currentCert : null; + $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null; + $signatureAlgorithm = self::identifySignatureAlgorithm($issuer->privateKey); + + $thisUpdate = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + $thisUpdate = !empty($this->startDate) ? $this->startDate : $thisUpdate->format('D, d M Y H:i:s O'); + + if (isset($crl->currentCert) && is_array($crl->currentCert) && isset($crl->currentCert['tbsCertList'])) { + $this->currentCert = $crl->currentCert; + $this->currentCert['tbsCertList']['signature'] = $signatureAlgorithm; + $this->currentCert['signatureAlgorithm'] = $signatureAlgorithm; + } else { + $this->currentCert = [ + 'tbsCertList' => + [ + 'version' => 'v2', + 'signature' => $signatureAlgorithm, + 'issuer' => false, // this is going to be overwritten later + 'thisUpdate' => $this->timeField($thisUpdate) // $this->setStartDate() + ], + 'signatureAlgorithm' => $signatureAlgorithm, + 'signature' => false // this is going to be overwritten later + ]; + } + + $tbsCertList = &$this->currentCert['tbsCertList']; + $tbsCertList['issuer'] = $issuer->dn; + $tbsCertList['thisUpdate'] = $this->timeField($thisUpdate); + + if (!empty($this->endDate)) { + $tbsCertList['nextUpdate'] = $this->timeField($this->endDate); // $this->setEndDate() + } else { + unset($tbsCertList['nextUpdate']); + } + + if (!empty($this->serialNumber)) { + $crlNumber = $this->serialNumber; + } else { + $crlNumber = $this->getExtension('id-ce-cRLNumber'); + // "The CRL number is a non-critical CRL extension that conveys a + // monotonically increasing sequence number for a given CRL scope and + // CRL issuer. This extension allows users to easily determine when a + // particular CRL supersedes another CRL." + // -- https://tools.ietf.org/html/rfc5280#section-5.2.3 + $crlNumber = $crlNumber !== false ? $crlNumber->add(new BigInteger(1)) : null; + } + + $this->removeExtension('id-ce-authorityKeyIdentifier'); + $this->removeExtension('id-ce-issuerAltName'); + + // Be sure version >= v2 if some extension found. + $version = isset($tbsCertList['version']) ? $tbsCertList['version'] : 0; + if (!$version) { + if (!empty($tbsCertList['crlExtensions'])) { + $version = 1; // v2. + } elseif (!empty($tbsCertList['revokedCertificates'])) { + foreach ($tbsCertList['revokedCertificates'] as $cert) { + if (!empty($cert['crlEntryExtensions'])) { + $version = 1; // v2. + } + } + } + + if ($version) { + $tbsCertList['version'] = $version; + } + } + + // Store additional extensions. + if (!empty($tbsCertList['version'])) { // At least v2. + if (!empty($crlNumber)) { + $this->setExtension('id-ce-cRLNumber', $crlNumber); + } + + if (isset($issuer->currentKeyIdentifier)) { + $this->setExtension('id-ce-authorityKeyIdentifier', [ + //'authorityCertIssuer' => array( + // ] + // 'directoryName' => $issuer->dn + // ] + //), + 'keyIdentifier' => $issuer->currentKeyIdentifier + ]); + //$extensions = &$tbsCertList['crlExtensions']; + //if (isset($issuer->serialNumber)) { + // $extensions[count($extensions) - 1]['authorityCertSerialNumber'] = $issuer->serialNumber; + //} + //unset($extensions); + } + + $issuerAltName = $this->getExtension('id-ce-subjectAltName', $issuer->currentCert); + + if ($issuerAltName !== false) { + $this->setExtension('id-ce-issuerAltName', $issuerAltName); + } + } + + if (empty($tbsCertList['revokedCertificates'])) { + unset($tbsCertList['revokedCertificates']); + } + + unset($tbsCertList); + + // resync $this->signatureSubject + // save $tbsCertList in case there are any \phpseclib3\File\ASN1\Element objects in it + $tbsCertList = $this->currentCert['tbsCertList']; + $this->loadCRL($this->saveCRL($this->currentCert)); + + $result = $this->currentCert; + $this->currentCert['signature'] = $result['signature'] = "\0" . $issuer->privateKey->sign($this->signatureSubject); + $result['tbsCertList'] = $tbsCertList; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + + /** + * Identify signature algorithm from key settings + * + * @param PrivateKey $key + * @throws UnsupportedAlgorithmException if the algorithm is unsupported + * @return array + */ + private static function identifySignatureAlgorithm(PrivateKey $key) + { + if ($key instanceof RSA) { + if ($key->getPadding() & RSA::SIGNATURE_PSS) { + $r = PSS::load($key->withPassword()->toString('PSS')); + return [ + 'algorithm' => 'id-RSASSA-PSS', + 'parameters' => PSS::savePSSParams($r) + ]; + } + switch ($key->getHash()) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha224': + case 'sha256': + case 'sha384': + case 'sha512': + return ['algorithm' => $key->getHash() . 'WithRSAEncryption']; + } + throw new UnsupportedAlgorithmException('The only supported hash algorithms for RSA are: md2, md5, sha1, sha224, sha256, sha384, sha512'); + } + + if ($key instanceof DSA) { + switch ($key->getHash()) { + case 'sha1': + case 'sha224': + case 'sha256': + return ['algorithm' => 'id-dsa-with-' . $key->getHash()]; + } + throw new UnsupportedAlgorithmException('The only supported hash algorithms for DSA are: sha1, sha224, sha256'); + } + + if ($key instanceof EC) { + switch ($key->getCurve()) { + case 'Ed25519': + case 'Ed448': + return ['algorithm' => 'id-' . $key->getCurve()]; + } + switch ($key->getHash()) { + case 'sha1': + case 'sha224': + case 'sha256': + case 'sha384': + case 'sha512': + return ['algorithm' => 'ecdsa-with-' . strtoupper($key->getHash())]; + } + throw new UnsupportedAlgorithmException('The only supported hash algorithms for EC are: sha1, sha224, sha256, sha384, sha512'); + } + + throw new UnsupportedAlgorithmException('The only supported public key classes are: RSA, DSA, EC'); + } + + /** + * Set certificate start date + * + * @param \DateTimeInterface|string $date + */ + public function setStartDate($date) + { + if (!is_object($date) || !($date instanceof \DateTimeInterface)) { + $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); + } + + $this->startDate = $date->format('D, d M Y H:i:s O'); + } + + /** + * Set certificate end date + * + * @param \DateTimeInterface|string $date + */ + public function setEndDate($date) + { + /* + To indicate that a certificate has no well-defined expiration date, + the notAfter SHOULD be assigned the GeneralizedTime value of + 99991231235959Z. + + -- http://tools.ietf.org/html/rfc5280#section-4.1.2.5 + */ + if (is_string($date) && strtolower($date) === 'lifetime') { + $temp = '99991231235959Z'; + $temp = chr(ASN1::TYPE_GENERALIZED_TIME) . ASN1::encodeLength(strlen($temp)) . $temp; + $this->endDate = new Element($temp); + } else { + if (!is_object($date) || !($date instanceof \DateTimeInterface)) { + $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); + } + + $this->endDate = $date->format('D, d M Y H:i:s O'); + } + } + + /** + * Set Serial Number + * + * @param string $serial + * @param int $base optional + */ + public function setSerialNumber($serial, $base = -256) + { + $this->serialNumber = new BigInteger($serial, $base); + } + + /** + * Turns the certificate into a certificate authority + * + */ + public function makeCA() + { + $this->caFlag = true; + } + + /** + * Check for validity of subarray + * + * This is intended for use in conjunction with _subArrayUnchecked(), + * implementing the checks included in _subArray() but without copying + * a potentially large array by passing its reference by-value to is_array(). + * + * @param array $root + * @param string $path + * @return boolean + */ + private function isSubArrayValid(array $root, $path) + { + if (!is_array($root)) { + return false; + } + + foreach (explode('/', $path) as $i) { + if (!is_array($root)) { + return false; + } + + if (!isset($root[$i])) { + return true; + } + + $root = $root[$i]; + } + + return true; + } + + /** + * Get a reference to a subarray + * + * This variant of _subArray() does no is_array() checking, + * so $root should be checked with _isSubArrayValid() first. + * + * This is here for performance reasons: + * Passing a reference (i.e. $root) by-value (i.e. to is_array()) + * creates a copy. If $root is an especially large array, this is expensive. + * + * @param array $root + * @param string $path absolute path with / as component separator + * @param bool $create optional + * @return array|false + */ + private function &subArrayUnchecked(array &$root, $path, $create = false) + { + $false = false; + + foreach (explode('/', $path) as $i) { + if (!isset($root[$i])) { + if (!$create) { + return $false; + } + + $root[$i] = []; + } + + $root = &$root[$i]; + } + + return $root; + } + + /** + * Get a reference to a subarray + * + * @param array $root + * @param string $path absolute path with / as component separator + * @param bool $create optional + * @return array|false + */ + private function &subArray(array &$root = null, $path, $create = false) + { + $false = false; + + if (!is_array($root)) { + return $false; + } + + foreach (explode('/', $path) as $i) { + if (!is_array($root)) { + return $false; + } + + if (!isset($root[$i])) { + if (!$create) { + return $false; + } + + $root[$i] = []; + } + + $root = &$root[$i]; + } + + return $root; + } + + /** + * Get a reference to an extension subarray + * + * @param array $root + * @param string $path optional absolute path with / as component separator + * @param bool $create optional + * @return array|false + */ + private function &extensions(array &$root = null, $path = null, $create = false) + { + if (!isset($root)) { + $root = $this->currentCert; + } + + switch (true) { + case !empty($path): + case !is_array($root): + break; + case isset($root['tbsCertificate']): + $path = 'tbsCertificate/extensions'; + break; + case isset($root['tbsCertList']): + $path = 'tbsCertList/crlExtensions'; + break; + case isset($root['certificationRequestInfo']): + $pth = 'certificationRequestInfo/attributes'; + $attributes = &$this->subArray($root, $pth, $create); + + if (is_array($attributes)) { + foreach ($attributes as $key => $value) { + if ($value['type'] == 'pkcs-9-at-extensionRequest') { + $path = "$pth/$key/value/0"; + break 2; + } + } + if ($create) { + $key = count($attributes); + $attributes[] = ['type' => 'pkcs-9-at-extensionRequest', 'value' => []]; + $path = "$pth/$key/value/0"; + } + } + break; + } + + $extensions = &$this->subArray($root, $path, $create); + + if (!is_array($extensions)) { + $false = false; + return $false; + } + + return $extensions; + } + + /** + * Remove an Extension + * + * @param string $id + * @param string $path optional + * @return bool + */ + private function removeExtensionHelper($id, $path = null) + { + $extensions = &$this->extensions($this->currentCert, $path); + + if (!is_array($extensions)) { + return false; + } + + $result = false; + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + unset($extensions[$key]); + $result = true; + } + } + + $extensions = array_values($extensions); + // fix for https://bugs.php.net/75433 affecting PHP 7.2 + if (!isset($extensions[0])) { + $extensions = array_splice($extensions, 0, 0); + } + return $result; + } + + /** + * Get an Extension + * + * Returns the extension if it exists and false if not + * + * @param string $id + * @param array $cert optional + * @param string $path optional + * @return mixed + */ + private function getExtensionHelper($id, array $cert = null, $path = null) + { + $extensions = $this->extensions($cert, $path); + + if (!is_array($extensions)) { + return false; + } + + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + return $value['extnValue']; + } + } + + return false; + } + + /** + * Returns a list of all extensions in use + * + * @param array $cert optional + * @param string $path optional + * @return array + */ + private function getExtensionsHelper(array $cert = null, $path = null) + { + $exts = $this->extensions($cert, $path); + $extensions = []; + + if (is_array($exts)) { + foreach ($exts as $extension) { + $extensions[] = $extension['extnId']; + } + } + + return $extensions; + } + + /** + * Set an Extension + * + * @param string $id + * @param mixed $value + * @param bool $critical optional + * @param bool $replace optional + * @param string $path optional + * @return bool + */ + private function setExtensionHelper($id, $value, $critical = false, $replace = true, $path = null) + { + $extensions = &$this->extensions($this->currentCert, $path, true); + + if (!is_array($extensions)) { + return false; + } + + $newext = ['extnId' => $id, 'critical' => $critical, 'extnValue' => $value]; + + foreach ($extensions as $key => $value) { + if ($value['extnId'] == $id) { + if (!$replace) { + return false; + } + + $extensions[$key] = $newext; + return true; + } + } + + $extensions[] = $newext; + return true; + } + + /** + * Remove a certificate, CSR or CRL Extension + * + * @param string $id + * @return bool + */ + public function removeExtension($id) + { + return $this->removeExtensionHelper($id); + } + + /** + * Get a certificate, CSR or CRL Extension + * + * Returns the extension if it exists and false if not + * + * @param string $id + * @param array $cert optional + * @param string $path + * @return mixed + */ + public function getExtension($id, array $cert = null, $path = null) + { + return $this->getExtensionHelper($id, $cert, $path); + } + + /** + * Returns a list of all extensions in use in certificate, CSR or CRL + * + * @param array $cert optional + * @param string $path optional + * @return array + */ + public function getExtensions(array $cert = null, $path = null) + { + return $this->getExtensionsHelper($cert, $path); + } + + /** + * Set a certificate, CSR or CRL Extension + * + * @param string $id + * @param mixed $value + * @param bool $critical optional + * @param bool $replace optional + * @return bool + */ + public function setExtension($id, $value, $critical = false, $replace = true) + { + return $this->setExtensionHelper($id, $value, $critical, $replace); + } + + /** + * Remove a CSR attribute. + * + * @param string $id + * @param int $disposition optional + * @return bool + */ + public function removeAttribute($id, $disposition = self::ATTR_ALL) + { + $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes'); + + if (!is_array($attributes)) { + return false; + } + + $result = false; + foreach ($attributes as $key => $attribute) { + if ($attribute['type'] == $id) { + $n = count($attribute['value']); + switch (true) { + case $disposition == self::ATTR_APPEND: + case $disposition == self::ATTR_REPLACE: + return false; + case $disposition >= $n: + $disposition -= $n; + break; + case $disposition == self::ATTR_ALL: + case $n == 1: + unset($attributes[$key]); + $result = true; + break; + default: + unset($attributes[$key]['value'][$disposition]); + $attributes[$key]['value'] = array_values($attributes[$key]['value']); + $result = true; + break; + } + if ($result && $disposition != self::ATTR_ALL) { + break; + } + } + } + + $attributes = array_values($attributes); + return $result; + } + + /** + * Get a CSR attribute + * + * Returns the attribute if it exists and false if not + * + * @param string $id + * @param int $disposition optional + * @param array $csr optional + * @return mixed + */ + public function getAttribute($id, $disposition = self::ATTR_ALL, array $csr = null) + { + if (empty($csr)) { + $csr = $this->currentCert; + } + + $attributes = $this->subArray($csr, 'certificationRequestInfo/attributes'); + + if (!is_array($attributes)) { + return false; + } + + foreach ($attributes as $key => $attribute) { + if ($attribute['type'] == $id) { + $n = count($attribute['value']); + switch (true) { + case $disposition == self::ATTR_APPEND: + case $disposition == self::ATTR_REPLACE: + return false; + case $disposition == self::ATTR_ALL: + return $attribute['value']; + case $disposition >= $n: + $disposition -= $n; + break; + default: + return $attribute['value'][$disposition]; + } + } + } + + return false; + } + + /** + * Returns a list of all CSR attributes in use + * + * @param array $csr optional + * @return array + */ + public function getAttributes(array $csr = null) + { + if (empty($csr)) { + $csr = $this->currentCert; + } + + $attributes = $this->subArray($csr, 'certificationRequestInfo/attributes'); + $attrs = []; + + if (is_array($attributes)) { + foreach ($attributes as $attribute) { + $attrs[] = $attribute['type']; + } + } + + return $attrs; + } + + /** + * Set a CSR attribute + * + * @param string $id + * @param mixed $value + * @param int $disposition optional + * @return bool + */ + public function setAttribute($id, $value, $disposition = self::ATTR_ALL) + { + $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes', true); + + if (!is_array($attributes)) { + return false; + } + + switch ($disposition) { + case self::ATTR_REPLACE: + $disposition = self::ATTR_APPEND; + // fall-through + case self::ATTR_ALL: + $this->removeAttribute($id); + break; + } + + foreach ($attributes as $key => $attribute) { + if ($attribute['type'] == $id) { + $n = count($attribute['value']); + switch (true) { + case $disposition == self::ATTR_APPEND: + $last = $key; + break; + case $disposition >= $n: + $disposition -= $n; + break; + default: + $attributes[$key]['value'][$disposition] = $value; + return true; + } + } + } + + switch (true) { + case $disposition >= 0: + return false; + case isset($last): + $attributes[$last]['value'][] = $value; + break; + default: + $attributes[] = ['type' => $id, 'value' => $disposition == self::ATTR_ALL ? $value : [$value]]; + break; + } + + return true; + } + + /** + * Sets the subject key identifier + * + * This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions. + * + * @param string $value + */ + public function setKeyIdentifier($value) + { + if (empty($value)) { + unset($this->currentKeyIdentifier); + } else { + $this->currentKeyIdentifier = $value; + } + } + + /** + * Compute a public key identifier. + * + * Although key identifiers may be set to any unique value, this function + * computes key identifiers from public key according to the two + * recommended methods (4.2.1.2 RFC 3280). + * Highly polymorphic: try to accept all possible forms of key: + * - Key object + * - \phpseclib3\File\X509 object with public or private key defined + * - Certificate or CSR array + * - \phpseclib3\File\ASN1\Element object + * - PEM or DER string + * + * @param mixed $key optional + * @param int $method optional + * @return string binary key identifier + */ + public function computeKeyIdentifier($key = null, $method = 1) + { + if (is_null($key)) { + $key = $this; + } + + switch (true) { + case is_string($key): + break; + case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): + return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method); + case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): + return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method); + case !is_object($key): + return false; + case $key instanceof Element: + // Assume the element is a bitstring-packed key. + $decoded = ASN1::decodeBER($key->element); + if (!$decoded) { + return false; + } + $raw = ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_BIT_STRING]); + if (empty($raw)) { + return false; + } + // If the key is private, compute identifier from its corresponding public key. + $key = PublicKeyLoader::load($raw); + if ($key instanceof PrivateKey) { // If private. + return $this->computeKeyIdentifier($key, $method); + } + $key = $raw; // Is a public key. + break; + case $key instanceof X509: + if (isset($key->publicKey)) { + return $this->computeKeyIdentifier($key->publicKey, $method); + } + if (isset($key->privateKey)) { + return $this->computeKeyIdentifier($key->privateKey, $method); + } + if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) { + return $this->computeKeyIdentifier($key->currentCert, $method); + } + return false; + default: // Should be a key object (i.e.: \phpseclib3\Crypt\RSA). + $key = $key->getPublicKey(); + break; + } + + // If in PEM format, convert to binary. + $key = ASN1::extractBER($key); + + // Now we have the key string: compute its sha-1 sum. + $hash = new Hash('sha1'); + $hash = $hash->hash($key); + + if ($method == 2) { + $hash = substr($hash, -8); + $hash[0] = chr((ord($hash[0]) & 0x0F) | 0x40); + } + + return $hash; + } + + /** + * Format a public key as appropriate + * + * @return array|false + */ + private function formatSubjectPublicKey() + { + $format = $this->publicKey instanceof RSA && ($this->publicKey->getPadding() & RSA::SIGNATURE_PSS) ? + 'PSS' : + 'PKCS8'; + + $publicKey = base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->toString($format))); + + $decoded = ASN1::decodeBER($publicKey); + if (!$decoded) { + return false; + } + $mapped = ASN1::asn1map($decoded[0], Maps\SubjectPublicKeyInfo::MAP); + if (!is_array($mapped)) { + return false; + } + + $mapped['subjectPublicKey'] = $this->publicKey->toString($format); + + return $mapped; + } + + /** + * Set the domain name's which the cert is to be valid for + * + * @param mixed ...$domains + * @return void + */ + public function setDomain(...$domains) + { + $this->domains = $domains; + $this->removeDNProp('id-at-commonName'); + $this->setDNProp('id-at-commonName', $this->domains[0]); + } + + /** + * Set the IP Addresses's which the cert is to be valid for + * + * @param mixed[] ...$ipAddresses + */ + public function setIPAddress(...$ipAddresses) + { + $this->ipAddresses = $ipAddresses; + /* + if (!isset($this->domains)) { + $this->removeDNProp('id-at-commonName'); + $this->setDNProp('id-at-commonName', $this->ipAddresses[0]); + } + */ + } + + /** + * Helper function to build domain array + * + * @param string $domain + * @return array + */ + private static function dnsName($domain) + { + return ['dNSName' => $domain]; + } + + /** + * Helper function to build IP Address array + * + * (IPv6 is not currently supported) + * + * @param string $address + * @return array + */ + private function iPAddress($address) + { + return ['iPAddress' => $address]; + } + + /** + * Get the index of a revoked certificate. + * + * @param array $rclist + * @param string $serial + * @param bool $create optional + * @return int|false + */ + private function revokedCertificate(array &$rclist, $serial, $create = false) + { + $serial = new BigInteger($serial); + + foreach ($rclist as $i => $rc) { + if (!($serial->compare($rc['userCertificate']))) { + return $i; + } + } + + if (!$create) { + return false; + } + + $i = count($rclist); + $revocationDate = new \DateTimeImmutable('now', new \DateTimeZone(@date_default_timezone_get())); + $rclist[] = ['userCertificate' => $serial, + 'revocationDate' => $this->timeField($revocationDate->format('D, d M Y H:i:s O'))]; + return $i; + } + + /** + * Revoke a certificate. + * + * @param string $serial + * @param string $date optional + * @return bool + */ + public function revoke($serial, $date = null) + { + if (isset($this->currentCert['tbsCertList'])) { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) { + if ($this->revokedCertificate($rclist, $serial) === false) { // If not yet revoked + if (($i = $this->revokedCertificate($rclist, $serial, true)) !== false) { + if (!empty($date)) { + $rclist[$i]['revocationDate'] = $this->timeField($date); + } + + return true; + } + } + } + } + + return false; + } + + /** + * Unrevoke a certificate. + * + * @param string $serial + * @return bool + */ + public function unrevoke($serial) + { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + unset($rclist[$i]); + $rclist = array_values($rclist); + return true; + } + } + + return false; + } + + /** + * Get a revoked certificate. + * + * @param string $serial + * @return mixed + */ + public function getRevoked($serial) + { + if (is_array($rclist = $this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $rclist[$i]; + } + } + + return false; + } + + /** + * List revoked certificates + * + * @param array $crl optional + * @return array|bool + */ + public function listRevoked(array $crl = null) + { + if (!isset($crl)) { + $crl = $this->currentCert; + } + + if (!isset($crl['tbsCertList'])) { + return false; + } + + $result = []; + + if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) { + foreach ($rclist as $rc) { + $result[] = $rc['userCertificate']->toString(); + } + } + + return $result; + } + + /** + * Remove a Revoked Certificate Extension + * + * @param string $serial + * @param string $id + * @return bool + */ + public function removeRevokedCertificateExtension($serial, $id) + { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $this->removeExtensionHelper($id, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + + return false; + } + + /** + * Get a Revoked Certificate Extension + * + * Returns the extension if it exists and false if not + * + * @param string $serial + * @param string $id + * @param array $crl optional + * @return mixed + */ + public function getRevokedCertificateExtension($serial, $id, array $crl = null) + { + if (!isset($crl)) { + $crl = $this->currentCert; + } + + if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $this->getExtension($id, $crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + + return false; + } + + /** + * Returns a list of all extensions in use for a given revoked certificate + * + * @param string $serial + * @param array $crl optional + * @return array|bool + */ + public function getRevokedCertificateExtensions($serial, array $crl = null) + { + if (!isset($crl)) { + $crl = $this->currentCert; + } + + if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) { + if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { + return $this->getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + + return false; + } + + /** + * Set a Revoked Certificate Extension + * + * @param string $serial + * @param string $id + * @param mixed $value + * @param bool $critical optional + * @param bool $replace optional + * @return bool + */ + public function setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true) + { + if (isset($this->currentCert['tbsCertList'])) { + if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) { + if (($i = $this->revokedCertificate($rclist, $serial, true)) !== false) { + return $this->setExtensionHelper($id, $value, $critical, $replace, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + } + } + } + + return false; + } + + /** + * Register the mapping for a custom/unsupported extension. + * + * @param string $id + * @param array $mapping + */ + public static function registerExtension($id, array $mapping) + { + if (isset(self::$extensions[$id]) && self::$extensions[$id] !== $mapping) { + throw new \RuntimeException( + 'Extension ' . $id . ' has already been defined with a different mapping.' + ); + } + + self::$extensions[$id] = $mapping; + } + + /** + * Register the mapping for a custom/unsupported extension. + * + * @param string $id + * + * @return array|null + */ + public static function getRegisteredExtension($id) + { + return isset(self::$extensions[$id]) ? self::$extensions[$id] : null; + } + + /** + * Register the mapping for a custom/unsupported extension. + * + * @param string $id + * @param mixed $value + * @param bool $critical + * @param bool $replace + */ + public function setExtensionValue($id, $value, $critical = false, $replace = false) + { + $this->extensionValues[$id] = compact('critical', 'replace', 'value'); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php new file mode 100644 index 0000000..2a9cc0b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php @@ -0,0 +1,892 @@ + + * add($b); + * + * echo $c->toString(); // outputs 5 + * ?> + * + * + * @author Jim Wigginton + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math; + +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Math\BigInteger\Engines\Engine; + +/** + * Pure-PHP arbitrary precision integer arithmetic library. Supports base-2, base-10, base-16, and base-256 + * numbers. + * + * @author Jim Wigginton + */ +class BigInteger implements \JsonSerializable +{ + /** + * Main Engine + * + * @var class-string + */ + private static $mainEngine; + + /** + * Selected Engines + * + * @var list + */ + private static $engines; + + /** + * The actual BigInteger object + * + * @var object + */ + private $value; + + /** + * Mode independent value used for serialization. + * + * @see self::__sleep() + * @see self::__wakeup() + * @var string + */ + private $hex; + + /** + * Precision (used only for serialization) + * + * @see self::__sleep() + * @see self::__wakeup() + * @var int + */ + private $precision; + + /** + * Sets engine type. + * + * Throws an exception if the type is invalid + * + * @param string $main + * @param list $modexps optional + * @return void + */ + public static function setEngine($main, array $modexps = ['DefaultEngine']) + { + self::$engines = []; + + $fqmain = 'phpseclib3\\Math\\BigInteger\\Engines\\' . $main; + if (!class_exists($fqmain) || !method_exists($fqmain, 'isValidEngine')) { + throw new \InvalidArgumentException("$main is not a valid engine"); + } + if (!$fqmain::isValidEngine()) { + throw new BadConfigurationException("$main is not setup correctly on this system"); + } + /** @var class-string $fqmain */ + self::$mainEngine = $fqmain; + + $found = false; + foreach ($modexps as $modexp) { + try { + $fqmain::setModExpEngine($modexp); + $found = true; + break; + } catch (\Exception $e) { + } + } + + if (!$found) { + throw new BadConfigurationException("No valid modular exponentiation engine found for $main"); + } + + self::$engines = [$main, $modexp]; + } + + /** + * Returns the engine type + * + * @return string[] + */ + public static function getEngine() + { + self::initialize_static_variables(); + + return self::$engines; + } + + /** + * Initialize static variables + */ + private static function initialize_static_variables() + { + if (!isset(self::$mainEngine)) { + $engines = [ + ['GMP', ['DefaultEngine']], + ['PHP64', ['OpenSSL']], + ['BCMath', ['OpenSSL']], + ['PHP32', ['OpenSSL']], + ['PHP64', ['DefaultEngine']], + ['PHP32', ['DefaultEngine']] + ]; + + foreach ($engines as $engine) { + try { + self::setEngine($engine[0], $engine[1]); + return; + } catch (\Exception $e) { + } + } + + throw new \UnexpectedValueException('No valid BigInteger found. This is only possible when JIT is enabled on Windows and neither the GMP or BCMath extensions are available so either disable JIT or install GMP / BCMath'); + } + } + + /** + * Converts base-2, base-10, base-16, and binary strings (base-256) to BigIntegers. + * + * If the second parameter - $base - is negative, then it will be assumed that the number's are encoded using + * two's compliment. The sole exception to this is -10, which is treated the same as 10 is. + * + * @param string|int|Engine $x Base-10 number or base-$base number if $base set. + * @param int $base + */ + public function __construct($x = 0, $base = 10) + { + self::initialize_static_variables(); + + if ($x instanceof self::$mainEngine) { + $this->value = clone $x; + } elseif ($x instanceof Engine) { + $this->value = new static("$x"); + $this->value->setPrecision($x->getPrecision()); + } else { + $this->value = new self::$mainEngine($x, $base); + } + } + + /** + * Converts a BigInteger to a base-10 number. + * + * @return string + */ + public function toString() + { + return $this->value->toString(); + } + + /** + * __toString() magic method + */ + public function __toString() + { + return (string)$this->value; + } + + /** + * __debugInfo() magic method + * + * Will be called, automatically, when print_r() or var_dump() are called + */ + public function __debugInfo() + { + return $this->value->__debugInfo(); + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + * + * @param bool $twos_compliment + * @return string + */ + public function toBytes($twos_compliment = false) + { + return $this->value->toBytes($twos_compliment); + } + + /** + * Converts a BigInteger to a hex string (eg. base-16). + * + * @param bool $twos_compliment + * @return string + */ + public function toHex($twos_compliment = false) + { + return $this->value->toHex($twos_compliment); + } + + /** + * Converts a BigInteger to a bit string (eg. base-2). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + * + * @param bool $twos_compliment + * @return string + */ + public function toBits($twos_compliment = false) + { + return $this->value->toBits($twos_compliment); + } + + /** + * Adds two BigIntegers. + * + * @param BigInteger $y + * @return BigInteger + */ + public function add(BigInteger $y) + { + return new static($this->value->add($y->value)); + } + + /** + * Subtracts two BigIntegers. + * + * @param BigInteger $y + * @return BigInteger + */ + public function subtract(BigInteger $y) + { + return new static($this->value->subtract($y->value)); + } + + /** + * Multiplies two BigIntegers + * + * @param BigInteger $x + * @return BigInteger + */ + public function multiply(BigInteger $x) + { + return new static($this->value->multiply($x->value)); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * Here's an example: + * + * divide($b); + * + * echo $quotient->toString(); // outputs 0 + * echo "\r\n"; + * echo $remainder->toString(); // outputs 10 + * ?> + * + * + * @param BigInteger $y + * @return BigInteger[] + */ + public function divide(BigInteger $y) + { + list($q, $r) = $this->value->divide($y->value); + return [ + new static($q), + new static($r) + ]; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * @param BigInteger $n + * @return BigInteger + */ + public function modInverse(BigInteger $n) + { + return new static($this->value->modInverse($n->value)); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * @param BigInteger $n + * @return BigInteger[] + */ + public function extendedGCD(BigInteger $n) + { + extract($this->value->extendedGCD($n->value)); + /** + * @var BigInteger $gcd + * @var BigInteger $x + * @var BigInteger $y + */ + return [ + 'gcd' => new static($gcd), + 'x' => new static($x), + 'y' => new static($y) + ]; + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + * + * @param BigInteger $n + * @return BigInteger + */ + public function gcd(BigInteger $n) + { + return new static($this->value->gcd($n->value)); + } + + /** + * Absolute value. + * + * @return BigInteger + */ + public function abs() + { + return new static($this->value->abs()); + } + + /** + * Set Precision + * + * Some bitwise operations give different results depending on the precision being used. Examples include left + * shift, not, and rotates. + * + * @param int $bits + */ + public function setPrecision($bits) + { + $this->value->setPrecision($bits); + } + + /** + * Get Precision + * + * Returns the precision if it exists, false if it doesn't + * + * @return int|bool + */ + public function getPrecision() + { + return $this->value->getPrecision(); + } + + /** + * Serialize + * + * Will be called, automatically, when serialize() is called on a BigInteger object. + * + * __sleep() / __wakeup() have been around since PHP 4.0 + * + * \Serializable was introduced in PHP 5.1 and deprecated in PHP 8.1: + * https://wiki.php.net/rfc/phase_out_serializable + * + * __serialize() / __unserialize() were introduced in PHP 7.4: + * https://wiki.php.net/rfc/custom_object_serialization + * + * @return array + */ + public function __sleep() + { + $this->hex = $this->toHex(true); + $vars = ['hex']; + if ($this->getPrecision() > 0) { + $vars[] = 'precision'; + } + return $vars; + } + + /** + * Serialize + * + * Will be called, automatically, when unserialize() is called on a BigInteger object. + */ + public function __wakeup() + { + $temp = new static($this->hex, -16); + $this->value = $temp->value; + if ($this->precision > 0) { + // recalculate $this->bitmask + $this->setPrecision($this->precision); + } + } + + /** + * JSON Serialize + * + * Will be called, automatically, when json_encode() is called on a BigInteger object. + * + * @return array{hex: string, precision?: int] + */ + #[\ReturnTypeWillChange] + public function jsonSerialize() + { + $result = ['hex' => $this->toHex(true)]; + if ($this->precision > 0) { + $result['precision'] = $this->getPrecision(); + } + return $result; + } + + /** + * Performs modular exponentiation. + * + * @param BigInteger $e + * @param BigInteger $n + * @return BigInteger + */ + public function powMod(BigInteger $e, BigInteger $n) + { + return new static($this->value->powMod($e->value, $n->value)); + } + + /** + * Performs modular exponentiation. + * + * @param BigInteger $e + * @param BigInteger $n + * @return BigInteger + */ + public function modPow(BigInteger $e, BigInteger $n) + { + return new static($this->value->modPow($e->value, $n->value)); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this + * is demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @param BigInteger $y + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(BigInteger $y) + { + return $this->value->compare($y->value); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + * + * @param BigInteger $x + * @return bool + */ + public function equals(BigInteger $x) + { + return $this->value->equals($x->value); + } + + /** + * Logical Not + * + * @return BigInteger + */ + public function bitwise_not() + { + return new static($this->value->bitwise_not()); + } + + /** + * Logical And + * + * @param BigInteger $x + * @return BigInteger + */ + public function bitwise_and(BigInteger $x) + { + return new static($this->value->bitwise_and($x->value)); + } + + /** + * Logical Or + * + * @param BigInteger $x + * @return BigInteger + */ + public function bitwise_or(BigInteger $x) + { + return new static($this->value->bitwise_or($x->value)); + } + + /** + * Logical Exclusive Or + * + * @param BigInteger $x + * @return BigInteger + */ + public function bitwise_xor(BigInteger $x) + { + return new static($this->value->bitwise_xor($x->value)); + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + * + * @param int $shift + * @return BigInteger + */ + public function bitwise_rightShift($shift) + { + return new static($this->value->bitwise_rightShift($shift)); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + * + * @param int $shift + * @return BigInteger + */ + public function bitwise_leftShift($shift) + { + return new static($this->value->bitwise_leftShift($shift)); + } + + /** + * Logical Left Rotate + * + * Instead of the top x bits being dropped they're appended to the shifted bit string. + * + * @param int $shift + * @return BigInteger + */ + public function bitwise_leftRotate($shift) + { + return new static($this->value->bitwise_leftRotate($shift)); + } + + /** + * Logical Right Rotate + * + * Instead of the bottom x bits being dropped they're prepended to the shifted bit string. + * + * @param int $shift + * @return BigInteger + */ + public function bitwise_rightRotate($shift) + { + return new static($this->value->bitwise_rightRotate($shift)); + } + + /** + * Returns the smallest and largest n-bit number + * + * @param int $bits + * @return BigInteger[] + */ + public static function minMaxBits($bits) + { + self::initialize_static_variables(); + + $class = self::$mainEngine; + extract($class::minMaxBits($bits)); + /** @var BigInteger $min + * @var BigInteger $max + */ + return [ + 'min' => new static($min), + 'max' => new static($max) + ]; + } + + /** + * Return the size of a BigInteger in bits + * + * @return int + */ + public function getLength() + { + return $this->value->getLength(); + } + + /** + * Return the size of a BigInteger in bytes + * + * @return int + */ + public function getLengthInBytes() + { + return $this->value->getLengthInBytes(); + } + + /** + * Generates a random number of a certain size + * + * Bit length is equal to $size + * + * @param int $size + * @return BigInteger + */ + public static function random($size) + { + self::initialize_static_variables(); + + $class = self::$mainEngine; + return new static($class::random($size)); + } + + /** + * Generates a random prime number of a certain size + * + * Bit length is equal to $size + * + * @param int $size + * @return BigInteger + */ + public static function randomPrime($size) + { + self::initialize_static_variables(); + + $class = self::$mainEngine; + return new static($class::randomPrime($size)); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @param BigInteger $min + * @param BigInteger $max + * @return false|BigInteger + */ + public static function randomRangePrime(BigInteger $min, BigInteger $max) + { + $class = self::$mainEngine; + return new static($class::randomRangePrime($min->value, $max->value)); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + * + * @param BigInteger $min + * @param BigInteger $max + * @return BigInteger + */ + public static function randomRange(BigInteger $min, BigInteger $max) + { + $class = self::$mainEngine; + return new static($class::randomRange($min->value, $max->value)); + } + + /** + * Checks a numer to see if it's prime + * + * Assuming the $t parameter is not set, this function has an error rate of 2**-80. The main motivation for the + * $t parameter is distributability. BigInteger::randomPrime() can be distributed across multiple pageloads + * on a website instead of just one. + * + * @param int|bool $t + * @return bool + */ + public function isPrime($t = false) + { + return $this->value->isPrime($t); + } + + /** + * Calculates the nth root of a biginteger. + * + * Returns the nth root of a positive biginteger, where n defaults to 2 + * + * @param int $n optional + * @return BigInteger + */ + public function root($n = 2) + { + return new static($this->value->root($n)); + } + + /** + * Performs exponentiation. + * + * @param BigInteger $n + * @return BigInteger + */ + public function pow(BigInteger $n) + { + return new static($this->value->pow($n->value)); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + * + * @param BigInteger ...$nums + * @return BigInteger + */ + public static function min(BigInteger ...$nums) + { + $class = self::$mainEngine; + $nums = array_map(function ($num) { + return $num->value; + }, $nums); + return new static($class::min(...$nums)); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + * + * @param BigInteger ...$nums + * @return BigInteger + */ + public static function max(BigInteger ...$nums) + { + $class = self::$mainEngine; + $nums = array_map(function ($num) { + return $num->value; + }, $nums); + return new static($class::max(...$nums)); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + * + * @param BigInteger $min + * @param BigInteger $max + * @return bool + */ + public function between(BigInteger $min, BigInteger $max) + { + return $this->value->between($min->value, $max->value); + } + + /** + * Clone + */ + public function __clone() + { + $this->value = clone $this->value; + } + + /** + * Is Odd? + * + * @return bool + */ + public function isOdd() + { + return $this->value->isOdd(); + } + + /** + * Tests if a bit is set + * + * @param int $x + * @return bool + */ + public function testBit($x) + { + return $this->value->testBit($x); + } + + /** + * Is Negative? + * + * @return bool + */ + public function isNegative() + { + return $this->value->isNegative(); + } + + /** + * Negate + * + * Given $k, returns -$k + * + * @return BigInteger + */ + public function negate() + { + return new static($this->value->negate()); + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + * + * @param BigInteger $r + * @return int + */ + public static function scan1divide(BigInteger $r) + { + $class = self::$mainEngine; + return $class::scan1divide($r->value); + } + + /** + * Create Recurring Modulo Function + * + * Sometimes it may be desirable to do repeated modulos with the same number outside of + * modular exponentiation + * + * @return callable + */ + public function createRecurringModuloFunction() + { + $func = $this->value->createRecurringModuloFunction(); + return function (BigInteger $x) use ($func) { + return new static($func($x->value)); + }; + } + + /** + * Bitwise Split + * + * Splits BigInteger's into chunks of $split bits + * + * @param int $split + * @return BigInteger[] + */ + public function bitwise_split($split) + { + return array_map(function ($val) { + return new static($val); + }, $this->value->bitwise_split($split)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath.php new file mode 100644 index 0000000..e3a4990 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath.php @@ -0,0 +1,697 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; + +/** + * BCMath Engine. + * + * @author Jim Wigginton + */ +class BCMath extends Engine +{ + /** + * Can Bitwise operations be done fast? + * + * @see parent::bitwise_leftRotate() + * @see parent::bitwise_rightRotate() + */ + const FAST_BITWISE = false; + + /** + * Engine Directory + * + * @see parent::setModExpEngine + */ + const ENGINE_DIR = 'BCMath'; + + /** + * Test for engine validity + * + * @return bool + * @see parent::__construct() + */ + public static function isValidEngine() + { + return extension_loaded('bcmath'); + } + + /** + * Default constructor + * + * @param mixed $x integer Base-10 number or base-$base number if $base set. + * @param int $base + * @see parent::__construct() + */ + public function __construct($x = 0, $base = 10) + { + if (!isset(static::$isValidEngine[static::class])) { + static::$isValidEngine[static::class] = self::isValidEngine(); + } + if (!static::$isValidEngine[static::class]) { + throw new BadConfigurationException('BCMath is not setup correctly on this system'); + } + + $this->value = '0'; + + parent::__construct($x, $base); + } + + /** + * Initialize a BCMath BigInteger Engine instance + * + * @param int $base + * @see parent::__construct() + */ + protected function initialize($base) + { + switch (abs($base)) { + case 256: + // round $len to the nearest 4 + $len = (strlen($this->value) + 3) & ~3; + + $x = str_pad($this->value, $len, chr(0), STR_PAD_LEFT); + + $this->value = '0'; + for ($i = 0; $i < $len; $i += 4) { + $this->value = bcmul($this->value, '4294967296', 0); // 4294967296 == 2**32 + $this->value = bcadd( + $this->value, + 0x1000000 * ord($x[$i]) + ((ord($x[$i + 1]) << 16) | (ord( + $x[$i + 2] + ) << 8) | ord($x[$i + 3])), + 0 + ); + } + + if ($this->is_negative) { + $this->value = '-' . $this->value; + } + break; + case 16: + $x = (strlen($this->value) & 1) ? '0' . $this->value : $this->value; + $temp = new self(Strings::hex2bin($x), 256); + $this->value = $this->is_negative ? '-' . $temp->value : $temp->value; + $this->is_negative = false; + break; + case 10: + // explicitly casting $x to a string is necessary, here, since doing $x[0] on -1 yields different + // results then doing it on '-1' does (modInverse does $x[0]) + $this->value = $this->value === '-' ? '0' : (string)$this->value; + } + } + + /** + * Converts a BigInteger to a base-10 number. + * + * @return string + */ + public function toString() + { + if ($this->value === '0') { + return '0'; + } + + return ltrim($this->value, '0'); + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + * + * @param bool $twos_compliment + * @return string + */ + public function toBytes($twos_compliment = false) + { + if ($twos_compliment) { + return $this->toBytesHelper(); + } + + $value = ''; + $current = $this->value; + + if ($current[0] == '-') { + $current = substr($current, 1); + } + + while (bccomp($current, '0', 0) > 0) { + $temp = bcmod($current, '16777216'); + $value = chr($temp >> 16) . chr($temp >> 8) . chr($temp) . $value; + $current = bcdiv($current, '16777216', 0); + } + + return $this->precision > 0 ? + substr(str_pad($value, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) : + ltrim($value, chr(0)); + } + + /** + * Adds two BigIntegers. + * + * @param BCMath $y + * @return BCMath + */ + public function add(BCMath $y) + { + $temp = new self(); + $temp->value = bcadd($this->value, $y->value); + + return $this->normalize($temp); + } + + /** + * Subtracts two BigIntegers. + * + * @param BCMath $y + * @return BCMath + */ + public function subtract(BCMath $y) + { + $temp = new self(); + $temp->value = bcsub($this->value, $y->value); + + return $this->normalize($temp); + } + + /** + * Multiplies two BigIntegers. + * + * @param BCMath $x + * @return BCMath + */ + public function multiply(BCMath $x) + { + $temp = new self(); + $temp->value = bcmul($this->value, $x->value); + + return $this->normalize($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @param BCMath $y + * @return array{static, static} + */ + public function divide(BCMath $y) + { + $quotient = new self(); + $remainder = new self(); + + $quotient->value = bcdiv($this->value, $y->value, 0); + $remainder->value = bcmod($this->value, $y->value); + + if ($remainder->value[0] == '-') { + $remainder->value = bcadd($remainder->value, $y->value[0] == '-' ? substr($y->value, 1) : $y->value, 0); + } + + return [$this->normalize($quotient), $this->normalize($remainder)]; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * @param BCMath $n + * @return false|BCMath + */ + public function modInverse(BCMath $n) + { + return $this->modInverseHelper($n); + } + + /** + * Calculates the greatest common divisor and Bezout's identity. + * + * Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that + * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which + * combination is returned is dependent upon which mode is in use. See + * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information. + * + * @param BCMath $n + * @return array{gcd: static, x: static, y: static} + */ + public function extendedGCD(BCMath $n) + { + // it might be faster to use the binary xGCD algorithim here, as well, but (1) that algorithim works + // best when the base is a power of 2 and (2) i don't think it'd make much difference, anyway. as is, + // the basic extended euclidean algorithim is what we're using. + + $u = $this->value; + $v = $n->value; + + $a = '1'; + $b = '0'; + $c = '0'; + $d = '1'; + + while (bccomp($v, '0', 0) != 0) { + $q = bcdiv($u, $v, 0); + + $temp = $u; + $u = $v; + $v = bcsub($temp, bcmul($v, $q, 0), 0); + + $temp = $a; + $a = $c; + $c = bcsub($temp, bcmul($a, $q, 0), 0); + + $temp = $b; + $b = $d; + $d = bcsub($temp, bcmul($b, $q, 0), 0); + } + + return [ + 'gcd' => $this->normalize(new static($u)), + 'x' => $this->normalize(new static($a)), + 'y' => $this->normalize(new static($b)) + ]; + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + * + * @param BCMath $n + * @return BCMath + */ + public function gcd(BCMath $n) + { + extract($this->extendedGCD($n)); + /** @var BCMath $gcd */ + return $gcd; + } + + /** + * Absolute value. + * + * @return BCMath + */ + public function abs() + { + $temp = new static(); + $temp->value = strlen($this->value) && $this->value[0] == '-' ? + substr($this->value, 1) : + $this->value; + + return $temp; + } + + /** + * Logical And + * + * @param BCMath $x + * @return BCMath + */ + public function bitwise_and(BCMath $x) + { + return $this->bitwiseAndHelper($x); + } + + /** + * Logical Or + * + * @param BCMath $x + * @return BCMath + */ + public function bitwise_or(BCMath $x) + { + return $this->bitwiseOrHelper($x); + } + + /** + * Logical Exclusive Or + * + * @param BCMath $x + * @return BCMath + */ + public function bitwise_xor(BCMath $x) + { + return $this->bitwiseXorHelper($x); + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + * + * @param int $shift + * @return BCMath + */ + public function bitwise_rightShift($shift) + { + $temp = new static(); + $temp->value = bcdiv($this->value, bcpow('2', $shift, 0), 0); + + return $this->normalize($temp); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + * + * @param int $shift + * @return BCMath + */ + public function bitwise_leftShift($shift) + { + $temp = new static(); + $temp->value = bcmul($this->value, bcpow('2', $shift, 0), 0); + + return $this->normalize($temp); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this + * is demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @param BCMath $y + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(BCMath $y) + { + return bccomp($this->value, $y->value, 0); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + * + * @param BCMath $x + * @return bool + */ + public function equals(BCMath $x) + { + return $this->value == $x->value; + } + + /** + * Performs modular exponentiation. + * + * @param BCMath $e + * @param BCMath $n + * @return BCMath + */ + public function modPow(BCMath $e, BCMath $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + * + * @param BCMath $e + * @param BCMath $n + * @return BCMath + */ + public function powMod(BCMath $e, BCMath $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * @param BCMath $e + * @param BCMath $n + * @return BCMath + */ + protected function powModInner(BCMath $e, BCMath $n) + { + try { + $class = static::$modexpEngine[static::class]; + return $class::powModHelper($this, $e, $n, static::class); + } catch (\Exception $err) { + return BCMath\DefaultEngine::powModHelper($this, $e, $n, static::class); + } + } + + /** + * Normalize + * + * Removes leading zeros and truncates (if necessary) to maintain the appropriate precision + * + * @param BCMath $result + * @return BCMath + */ + protected function normalize(BCMath $result) + { + $result->precision = $this->precision; + $result->bitmask = $this->bitmask; + + if ($result->bitmask !== false) { + $result->value = bcmod($result->value, $result->bitmask->value); + } + + return $result; + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @param BCMath $min + * @param BCMath $max + * @return false|BCMath + */ + public static function randomRangePrime(BCMath $min, BCMath $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + * + * @param BCMath $min + * @param BCMath $max + * @return BCMath + */ + public static function randomRange(BCMath $min, BCMath $max) + { + return self::randomRangeHelper($min, $max); + } + + /** + * Make the current number odd + * + * If the current number is odd it'll be unchanged. If it's even, one will be added to it. + * + * @see self::randomPrime() + */ + protected function make_odd() + { + if (!$this->isOdd()) { + $this->value = bcadd($this->value, '1'); + } + } + + /** + * Test the number against small primes. + * + * @see self::isPrime() + */ + protected function testSmallPrimes() + { + if ($this->value === '1') { + return false; + } + if ($this->value === '2') { + return true; + } + if ($this->value[strlen($this->value) - 1] % 2 == 0) { + return false; + } + + $value = $this->value; + + foreach (self::PRIMES as $prime) { + $r = bcmod($this->value, $prime); + if ($r == '0') { + return $this->value == $prime; + } + } + + return true; + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + * + * @param BCMath $r + * @return int + * @see self::isPrime() + */ + public static function scan1divide(BCMath $r) + { + $r_value = &$r->value; + $s = 0; + // if $n was 1, $r would be 0 and this would be an infinite loop, hence our $this->equals(static::$one[static::class]) check earlier + while ($r_value[strlen($r_value) - 1] % 2 == 0) { + $r_value = bcdiv($r_value, '2', 0); + ++$s; + } + + return $s; + } + + /** + * Performs exponentiation. + * + * @param BCMath $n + * @return BCMath + */ + public function pow(BCMath $n) + { + $temp = new self(); + $temp->value = bcpow($this->value, $n->value); + + return $this->normalize($temp); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + * + * @param BCMath ...$nums + * @return BCMath + */ + public static function min(BCMath ...$nums) + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + * + * @param BCMath ...$nums + * @return BCMath + */ + public static function max(BCMath ...$nums) + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + * + * @param BCMath $min + * @param BCMath $max + * @return bool + */ + public function between(BCMath $min, BCMath $max) + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } + + /** + * Set Bitmask + * + * @param int $bits + * @return Engine + * @see self::setPrecision() + */ + protected static function setBitmask($bits) + { + $temp = parent::setBitmask($bits); + return $temp->add(static::$one[static::class]); + } + + /** + * Is Odd? + * + * @return bool + */ + public function isOdd() + { + return $this->value[strlen($this->value) - 1] % 2 == 1; + } + + /** + * Tests if a bit is set + * + * @return bool + */ + public function testBit($x) + { + return bccomp( + bcmod($this->value, bcpow('2', $x + 1, 0)), + bcpow('2', $x, 0), + 0 + ) >= 0; + } + + /** + * Is Negative? + * + * @return bool + */ + public function isNegative() + { + return strlen($this->value) && $this->value[0] == '-'; + } + + /** + * Negate + * + * Given $k, returns -$k + * + * @return BCMath + */ + public function negate() + { + $temp = clone $this; + + if (!strlen($temp->value)) { + return $temp; + } + + $temp->value = $temp->value[0] == '-' ? + substr($this->value, 1) : + '-' . $this->value; + + return $temp; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Base.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Base.php new file mode 100644 index 0000000..fe21e04 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Base.php @@ -0,0 +1,110 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\BCMath; + +/** + * Sliding Window Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Base extends BCMath +{ + /** + * Cache constants + * + * $cache[self::VARIABLE] tells us whether or not the cached data is still valid. + * + */ + const VARIABLE = 0; + /** + * $cache[self::DATA] contains the cached data. + * + */ + const DATA = 1; + + /** + * Test for engine validity + * + * @return bool + */ + public static function isValidEngine() + { + return static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + * + * @param BCMath $x + * @param BCMath $e + * @param BCMath $n + * @param string $class + * @return BCMath + */ + protected static function powModHelper(BCMath $x, BCMath $e, BCMath $n, $class) + { + if (empty($e->value)) { + $temp = new $class(); + $temp->value = '1'; + return $x->normalize($temp); + } + + return $x->normalize(static::slidingWindow($x, $e, $n, $class)); + } + + /** + * Modular reduction preparation + * + * @param string $x + * @param string $n + * @param string $class + * @see self::slidingWindow() + * @return string + */ + protected static function prepareReduce($x, $n, $class) + { + return static::reduce($x, $n); + } + + /** + * Modular multiply + * + * @param string $x + * @param string $y + * @param string $n + * @param string $class + * @see self::slidingWindow() + * @return string + */ + protected static function multiplyReduce($x, $y, $n, $class) + { + return static::reduce(bcmul($x, $y), $n); + } + + /** + * Modular square + * + * @param string $x + * @param string $n + * @param string $class + * @see self::slidingWindow() + * @return string + */ + protected static function squareReduce($x, $n, $class) + { + return static::reduce(bcmul($x, $x), $n); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/BuiltIn.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/BuiltIn.php new file mode 100644 index 0000000..b7ca8a2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/BuiltIn.php @@ -0,0 +1,40 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\BCMath; + +/** + * Built-In BCMath Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class BuiltIn extends BCMath +{ + /** + * Performs modular exponentiation. + * + * @param BCMath $x + * @param BCMath $e + * @param BCMath $n + * @return BCMath + */ + protected static function powModHelper(BCMath $x, BCMath $e, BCMath $n) + { + $temp = new BCMath(); + $temp->value = bcpowmod($x->value, $e->value, $n->value); + + return $x->normalize($temp); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/DefaultEngine.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/DefaultEngine.php new file mode 100644 index 0000000..b2d9fa9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/DefaultEngine.php @@ -0,0 +1,25 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\BCMath\Reductions\Barrett; + +/** + * PHP Default Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class DefaultEngine extends Barrett +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/OpenSSL.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/OpenSSL.php new file mode 100644 index 0000000..aed9494 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/OpenSSL.php @@ -0,0 +1,25 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\BCMath; + +use phpseclib3\Math\BigInteger\Engines\OpenSSL as Progenitor; + +/** + * OpenSSL Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class OpenSSL extends Progenitor +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php new file mode 100644 index 0000000..ec1d5ca --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php @@ -0,0 +1,187 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\BCMath\Reductions; + +use phpseclib3\Math\BigInteger\Engines\BCMath\Base; + +/** + * PHP Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Barrett extends Base +{ + /** + * Cache constants + * + * $cache[self::VARIABLE] tells us whether or not the cached data is still valid. + * + */ + const VARIABLE = 0; + /** + * $cache[self::DATA] contains the cached data. + * + */ + const DATA = 1; + + /** + * Barrett Modular Reduction + * + * See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=14 HAC 14.3.3} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=165 MPM 6.2.5} for more information. Modified slightly, + * so as not to require negative numbers (initially, this script didn't support negative numbers). + * + * Employs "folding", as described at + * {@link http://www.cosic.esat.kuleuven.be/publications/thesis-149.pdf#page=66 thesis-149.pdf#page=66}. To quote from + * it, "the idea [behind folding] is to find a value x' such that x (mod m) = x' (mod m), with x' being smaller than x." + * + * Unfortunately, the "Barrett Reduction with Folding" algorithm described in thesis-149.pdf is not, as written, all that + * usable on account of (1) its not using reasonable radix points as discussed in + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=162 MPM 6.2.2} and (2) the fact that, even with reasonable + * radix points, it only works when there are an even number of digits in the denominator. The reason for (2) is that + * (x >> 1) + (x >> 1) != x / 2 + x / 2. If x is even, they're the same, but if x is odd, they're not. See the in-line + * comments for details. + * + * @param string $n + * @param string $m + * @return string + */ + protected static function reduce($n, $m) + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [] + ]; + + $m_length = strlen($m); + + if (strlen($n) >= 2 * $m_length) { + return bcmod($n, $m); + } + + // if (m.length >> 1) + 2 <= m.length then m is too small and n can't be reduced + if ($m_length < 5) { + return self::regularBarrett($n, $m); + } + // n = 2 * m.length + + if (($key = array_search($m, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $m; + + $lhs = '1' . str_repeat('0', $m_length + ($m_length >> 1)); + $u = bcdiv($lhs, $m, 0); + $m1 = bcsub($lhs, bcmul($u, $m)); + + $cache[self::DATA][] = [ + 'u' => $u, // m.length >> 1 (technically (m.length >> 1) + 1) + 'm1' => $m1 // m.length + ]; + } else { + extract($cache[self::DATA][$key]); + } + + $cutoff = $m_length + ($m_length >> 1); + + $lsd = substr($n, -$cutoff); + $msd = substr($n, 0, -$cutoff); + + $temp = bcmul($msd, $m1); // m.length + (m.length >> 1) + $n = bcadd($lsd, $temp); // m.length + (m.length >> 1) + 1 (so basically we're adding two same length numbers) + //if ($m_length & 1) { + // return self::regularBarrett($n, $m); + //} + + // (m.length + (m.length >> 1) + 1) - (m.length - 1) == (m.length >> 1) + 2 + $temp = substr($n, 0, -$m_length + 1); + // if even: ((m.length >> 1) + 2) + (m.length >> 1) == m.length + 2 + // if odd: ((m.length >> 1) + 2) + (m.length >> 1) == (m.length - 1) + 2 == m.length + 1 + $temp = bcmul($temp, $u); + // if even: (m.length + 2) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + 1 + // if odd: (m.length + 1) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + $temp = substr($temp, 0, -($m_length >> 1) - 1); + // if even: (m.length - (m.length >> 1) + 1) + m.length = 2 * m.length - (m.length >> 1) + 1 + // if odd: (m.length - (m.length >> 1)) + m.length = 2 * m.length - (m.length >> 1) + $temp = bcmul($temp, $m); + + // at this point, if m had an odd number of digits, we'd be subtracting a 2 * m.length - (m.length >> 1) digit + // number from a m.length + (m.length >> 1) + 1 digit number. ie. there'd be an extra digit and the while loop + // following this comment would loop a lot (hence our calling _regularBarrett() in that situation). + + $result = bcsub($n, $temp); + + //if (bccomp($result, '0') < 0) { + if ($result[0] == '-') { + $temp = '1' . str_repeat('0', $m_length + 1); + $result = bcadd($result, $temp); + } + + while (bccomp($result, $m) >= 0) { + $result = bcsub($result, $m); + } + + return $result; + } + + /** + * (Regular) Barrett Modular Reduction + * + * For numbers with more than four digits BigInteger::_barrett() is faster. The difference between that and this + * is that this function does not fold the denominator into a smaller form. + * + * @param string $x + * @param string $n + * @return string + */ + private static function regularBarrett($x, $n) + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [] + ]; + + $n_length = strlen($n); + + if (strlen($x) > 2 * $n_length) { + return bcmod($x, $n); + } + + if (($key = array_search($n, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $n; + $lhs = '1' . str_repeat('0', 2 * $n_length); + $cache[self::DATA][] = bcdiv($lhs, $n, 0); + } + + $temp = substr($x, 0, -$n_length + 1); + $temp = bcmul($temp, $cache[self::DATA][$key]); + $temp = substr($temp, 0, -$n_length - 1); + + $r1 = substr($x, -$n_length - 1); + $r2 = substr(bcmul($temp, $n), -$n_length - 1); + $result = bcsub($r1, $r2); + + //if (bccomp($result, '0') < 0) { + if ($result[0] == '-') { + $q = '1' . str_repeat('0', $n_length + 1); + $result = bcadd($result, $q); + } + + while (bccomp($result, $n) >= 0) { + $result = bcsub($result, $n); + } + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php new file mode 100644 index 0000000..e033ba5 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php @@ -0,0 +1,108 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\BCMath\Reductions; + +use phpseclib3\Math\BigInteger\Engines\BCMath; +use phpseclib3\Math\BigInteger\Engines\BCMath\Base; + +/** + * PHP Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class EvalBarrett extends Base +{ + /** + * Custom Reduction Function + * + * @see self::generateCustomReduction + */ + private static $custom_reduction; + + /** + * Barrett Modular Reduction + * + * This calls a dynamically generated loop unrolled function that's specific to a given modulo. + * Array lookups are avoided as are if statements testing for how many bits the host OS supports, etc. + * + * @param string $n + * @param string $m + * @return string + */ + protected static function reduce($n, $m) + { + $inline = self::$custom_reduction; + return $inline($n); + } + + /** + * Generate Custom Reduction + * + * @param BCMath $m + * @param string $class + * @return callable|void + */ + protected static function generateCustomReduction(BCMath $m, $class) + { + $m_length = strlen($m); + + if ($m_length < 5) { + $code = 'return bcmod($x, $n);'; + eval('$func = function ($n) { ' . $code . '};'); + self::$custom_reduction = $func; + return; + } + + $lhs = '1' . str_repeat('0', $m_length + ($m_length >> 1)); + $u = bcdiv($lhs, $m, 0); + $m1 = bcsub($lhs, bcmul($u, $m)); + + $cutoff = $m_length + ($m_length >> 1); + + $m = "'$m'"; + $u = "'$u'"; + $m1 = "'$m1'"; + + $code = ' + $lsd = substr($n, -' . $cutoff . '); + $msd = substr($n, 0, -' . $cutoff . '); + + $temp = bcmul($msd, ' . $m1 . '); + $n = bcadd($lsd, $temp); + + $temp = substr($n, 0, ' . (-$m_length + 1) . '); + $temp = bcmul($temp, ' . $u . '); + $temp = substr($temp, 0, ' . (-($m_length >> 1) - 1) . '); + $temp = bcmul($temp, ' . $m . '); + + $result = bcsub($n, $temp); + + if ($result[0] == \'-\') { + $temp = \'1' . str_repeat('0', $m_length + 1) . '\'; + $result = bcadd($result, $temp); + } + + while (bccomp($result, ' . $m . ') >= 0) { + $result = bcsub($result, ' . $m . '); + } + + return $result;'; + + eval('$func = function ($n) { ' . $code . '};'); + + self::$custom_reduction = $func; + + return $func; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php new file mode 100644 index 0000000..474abe1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php @@ -0,0 +1,1299 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Random; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Math\BigInteger; + +/** + * Base Engine. + * + * @author Jim Wigginton + */ +abstract class Engine implements \JsonSerializable +{ + /* final protected */ const PRIMES = [ + 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, + 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, + 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, + 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, + 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, + 953, 967, 971, 977, 983, 991, 997, + ]; + + /** + * BigInteger(0) + * + * @var array, static> + */ + protected static $zero = []; + + /** + * BigInteger(1) + * + * @var array, static> + */ + protected static $one = []; + + /** + * BigInteger(2) + * + * @var array, static> + */ + protected static $two = []; + + /** + * Modular Exponentiation Engine + * + * @var array, class-string> + */ + protected static $modexpEngine; + + /** + * Engine Validity Flag + * + * @var array, bool> + */ + protected static $isValidEngine; + + /** + * Holds the BigInteger's value + * + * @var \GMP|string|array|int + */ + protected $value; + + /** + * Holds the BigInteger's sign + * + * @var bool + */ + protected $is_negative; + + /** + * Precision + * + * @see static::setPrecision() + * @var int + */ + protected $precision = -1; + + /** + * Precision Bitmask + * + * @see static::setPrecision() + * @var static|false + */ + protected $bitmask = false; + + /** + * Recurring Modulo Function + * + * @var callable + */ + protected $reduce; + + /** + * Mode independent value used for serialization. + * + * @see self::__sleep() + * @see self::__wakeup() + * @var string + */ + protected $hex; + + /** + * Default constructor + * + * @param int|numeric-string $x integer Base-10 number or base-$base number if $base set. + * @param int $base + */ + public function __construct($x = 0, $base = 10) + { + if (!array_key_exists(static::class, static::$zero)) { + static::$zero[static::class] = null; // Placeholder to prevent infinite loop. + static::$zero[static::class] = new static(0); + static::$one[static::class] = new static(1); + static::$two[static::class] = new static(2); + } + + // '0' counts as empty() but when the base is 256 '0' is equal to ord('0') or 48 + // '0' is the only value like this per http://php.net/empty + if (empty($x) && (abs($base) != 256 || $x !== '0')) { + return; + } + + switch ($base) { + case -256: + case 256: + if ($base == -256 && (ord($x[0]) & 0x80)) { + $this->value = ~$x; + $this->is_negative = true; + } else { + $this->value = $x; + $this->is_negative = false; + } + + $this->initialize($base); + + if ($this->is_negative) { + $temp = $this->add(new static('-1')); + $this->value = $temp->value; + } + break; + case -16: + case 16: + if ($base > 0 && $x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = preg_replace('#^(?:0x)?([A-Fa-f0-9]*).*#s', '$1', $x); + + $is_negative = false; + if ($base < 0 && hexdec($x[0]) >= 8) { + $this->is_negative = $is_negative = true; + $x = Strings::bin2hex(~Strings::hex2bin($x)); + } + + $this->value = $x; + $this->initialize($base); + + if ($is_negative) { + $temp = $this->add(new static('-1')); + $this->value = $temp->value; + } + break; + case -10: + case 10: + // (?value = preg_replace('#(?value) || $this->value == '-') { + $this->value = '0'; + } + $this->initialize($base); + break; + case -2: + case 2: + if ($base > 0 && $x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = preg_replace('#^([01]*).*#s', '$1', $x); + + $temp = new static(Strings::bits2bin($x), 128 * $base); // ie. either -16 or +16 + $this->value = $temp->value; + if ($temp->is_negative) { + $this->is_negative = true; + } + + break; + default: + // base not supported, so we'll let $this == 0 + } + } + + /** + * Sets engine type. + * + * Throws an exception if the type is invalid + * + * @param class-string $engine + */ + public static function setModExpEngine($engine) + { + $fqengine = '\\phpseclib3\\Math\\BigInteger\\Engines\\' . static::ENGINE_DIR . '\\' . $engine; + if (!class_exists($fqengine) || !method_exists($fqengine, 'isValidEngine')) { + throw new \InvalidArgumentException("$engine is not a valid engine"); + } + if (!$fqengine::isValidEngine()) { + throw new BadConfigurationException("$engine is not setup correctly on this system"); + } + static::$modexpEngine[static::class] = $fqengine; + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + * @return string + */ + protected function toBytesHelper() + { + $comparison = $this->compare(new static()); + if ($comparison == 0) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $temp = $comparison < 0 ? $this->add(new static(1)) : $this; + $bytes = $temp->toBytes(); + + if (!strlen($bytes)) { // eg. if the number we're trying to convert is -1 + $bytes = chr(0); + } + + if (ord($bytes[0]) & 0x80) { + $bytes = chr(0) . $bytes; + } + + return $comparison < 0 ? ~$bytes : $bytes; + } + + /** + * Converts a BigInteger to a hex string (eg. base-16). + * + * @param bool $twos_compliment + * @return string + */ + public function toHex($twos_compliment = false) + { + return Strings::bin2hex($this->toBytes($twos_compliment)); + } + + /** + * Converts a BigInteger to a bit string (eg. base-2). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + * + * @param bool $twos_compliment + * @return string + */ + public function toBits($twos_compliment = false) + { + $hex = $this->toBytes($twos_compliment); + $bits = Strings::bin2bits($hex); + + $result = $this->precision > 0 ? substr($bits, -$this->precision) : ltrim($bits, '0'); + + if ($twos_compliment && $this->compare(new static()) > 0 && $this->precision <= 0) { + return '0' . $result; + } + + return $result; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * {@internal See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=21 HAC 14.64} for more information.} + * + * @param Engine $n + * @return static|false + */ + protected function modInverseHelper(Engine $n) + { + // $x mod -$n == $x mod $n. + $n = $n->abs(); + + if ($this->compare(static::$zero[static::class]) < 0) { + $temp = $this->abs(); + $temp = $temp->modInverse($n); + return $this->normalize($n->subtract($temp)); + } + + extract($this->extendedGCD($n)); + /** + * @var Engine $gcd + * @var Engine $x + */ + + if (!$gcd->equals(static::$one[static::class])) { + return false; + } + + $x = $x->compare(static::$zero[static::class]) < 0 ? $x->add($n) : $x; + + return $this->compare(static::$zero[static::class]) < 0 ? $this->normalize($n->subtract($x)) : $this->normalize($x); + } + + /** + * Serialize + * + * Will be called, automatically, when serialize() is called on a BigInteger object. + * + * @return array + */ + public function __sleep() + { + $this->hex = $this->toHex(true); + $vars = ['hex']; + if ($this->precision > 0) { + $vars[] = 'precision'; + } + return $vars; + } + + /** + * Serialize + * + * Will be called, automatically, when unserialize() is called on a BigInteger object. + * + * @return void + */ + public function __wakeup() + { + $temp = new static($this->hex, -16); + $this->value = $temp->value; + $this->is_negative = $temp->is_negative; + if ($this->precision > 0) { + // recalculate $this->bitmask + $this->setPrecision($this->precision); + } + } + + /** + * JSON Serialize + * + * Will be called, automatically, when json_encode() is called on a BigInteger object. + * + * @return array{hex: string, precision?: int] + */ + #[\ReturnTypeWillChange] + public function jsonSerialize() + { + $result = ['hex' => $this->toHex(true)]; + if ($this->precision > 0) { + $result['precision'] = $this->precision; + } + return $result; + } + + /** + * Converts a BigInteger to a base-10 number. + * + * @return string + */ + public function __toString() + { + return $this->toString(); + } + + /** + * __debugInfo() magic method + * + * Will be called, automatically, when print_r() or var_dump() are called + * + * @return array + */ + public function __debugInfo() + { + $result = [ + 'value' => '0x' . $this->toHex(true), + 'engine' => basename(static::class) + ]; + return $this->precision > 0 ? $result + ['precision' => $this->precision] : $result; + } + + /** + * Set Precision + * + * Some bitwise operations give different results depending on the precision being used. Examples include left + * shift, not, and rotates. + * + * @param int $bits + */ + public function setPrecision($bits) + { + if ($bits < 1) { + $this->precision = -1; + $this->bitmask = false; + + return; + } + $this->precision = $bits; + $this->bitmask = static::setBitmask($bits); + + $temp = $this->normalize($this); + $this->value = $temp->value; + } + + /** + * Get Precision + * + * Returns the precision if it exists, -1 if it doesn't + * + * @return int + */ + public function getPrecision() + { + return $this->precision; + } + + /** + * Set Bitmask + * @return static + * @param int $bits + * @see self::setPrecision() + */ + protected static function setBitmask($bits) + { + return new static(chr((1 << ($bits & 0x7)) - 1) . str_repeat(chr(0xFF), $bits >> 3), 256); + } + + /** + * Logical Not + * + * @return Engine|string + */ + public function bitwise_not() + { + // calculuate "not" without regard to $this->precision + // (will always result in a smaller number. ie. ~1 isn't 1111 1110 - it's 0) + $temp = $this->toBytes(); + if ($temp == '') { + return $this->normalize(static::$zero[static::class]); + } + $pre_msb = decbin(ord($temp[0])); + $temp = ~$temp; + $msb = decbin(ord($temp[0])); + if (strlen($msb) == 8) { + $msb = substr($msb, strpos($msb, '0')); + } + $temp[0] = chr(bindec($msb)); + + // see if we need to add extra leading 1's + $current_bits = strlen($pre_msb) + 8 * strlen($temp) - 8; + $new_bits = $this->precision - $current_bits; + if ($new_bits <= 0) { + return $this->normalize(new static($temp, 256)); + } + + // generate as many leading 1's as we need to. + $leading_ones = chr((1 << ($new_bits & 0x7)) - 1) . str_repeat(chr(0xFF), $new_bits >> 3); + + self::base256_lshift($leading_ones, $current_bits); + + $temp = str_pad($temp, strlen($leading_ones), chr(0), STR_PAD_LEFT); + + return $this->normalize(new static($leading_ones | $temp, 256)); + } + + /** + * Logical Left Shift + * + * Shifts binary strings $shift bits, essentially multiplying by 2**$shift. + * + * @param string $x + * @param int $shift + * @return void + */ + protected static function base256_lshift(&$x, $shift) + { + if ($shift == 0) { + return; + } + + $num_bytes = $shift >> 3; // eg. floor($shift/8) + $shift &= 7; // eg. $shift % 8 + + $carry = 0; + for ($i = strlen($x) - 1; $i >= 0; --$i) { + $temp = ord($x[$i]) << $shift | $carry; + $x[$i] = chr($temp); + $carry = $temp >> 8; + } + $carry = ($carry != 0) ? chr($carry) : ''; + $x = $carry . $x . str_repeat(chr(0), $num_bytes); + } + + /** + * Logical Left Rotate + * + * Instead of the top x bits being dropped they're appended to the shifted bit string. + * + * @param int $shift + * @return Engine + */ + public function bitwise_leftRotate($shift) + { + $bits = $this->toBytes(); + + if ($this->precision > 0) { + $precision = $this->precision; + if (static::FAST_BITWISE) { + $mask = $this->bitmask->toBytes(); + } else { + $mask = $this->bitmask->subtract(new static(1)); + $mask = $mask->toBytes(); + } + } else { + $temp = ord($bits[0]); + for ($i = 0; $temp >> $i; ++$i) { + } + $precision = 8 * strlen($bits) - 8 + $i; + $mask = chr((1 << ($precision & 0x7)) - 1) . str_repeat(chr(0xFF), $precision >> 3); + } + + if ($shift < 0) { + $shift += $precision; + } + $shift %= $precision; + + if (!$shift) { + return clone $this; + } + + $left = $this->bitwise_leftShift($shift); + $left = $left->bitwise_and(new static($mask, 256)); + $right = $this->bitwise_rightShift($precision - $shift); + $result = static::FAST_BITWISE ? $left->bitwise_or($right) : $left->add($right); + return $this->normalize($result); + } + + /** + * Logical Right Rotate + * + * Instead of the bottom x bits being dropped they're prepended to the shifted bit string. + * + * @param int $shift + * @return Engine + */ + public function bitwise_rightRotate($shift) + { + return $this->bitwise_leftRotate(-$shift); + } + + /** + * Returns the smallest and largest n-bit number + * + * @param int $bits + * @return array{min: static, max: static} + */ + public static function minMaxBits($bits) + { + $bytes = $bits >> 3; + $min = str_repeat(chr(0), $bytes); + $max = str_repeat(chr(0xFF), $bytes); + $msb = $bits & 7; + if ($msb) { + $min = chr(1 << ($msb - 1)) . $min; + $max = chr((1 << $msb) - 1) . $max; + } else { + $min[0] = chr(0x80); + } + return [ + 'min' => new static($min, 256), + 'max' => new static($max, 256) + ]; + } + + /** + * Return the size of a BigInteger in bits + * + * @return int + */ + public function getLength() + { + return strlen($this->toBits()); + } + + /** + * Return the size of a BigInteger in bytes + * + * @return int + */ + public function getLengthInBytes() + { + return (int) ceil($this->getLength() / 8); + } + + /** + * Performs some pre-processing for powMod + * + * @param Engine $e + * @param Engine $n + * @return static|false + */ + protected function powModOuter(Engine $e, Engine $n) + { + $n = $this->bitmask !== false && $this->bitmask->compare($n) < 0 ? $this->bitmask : $n->abs(); + + if ($e->compare(new static()) < 0) { + $e = $e->abs(); + + $temp = $this->modInverse($n); + if ($temp === false) { + return false; + } + + return $this->normalize($temp->powModInner($e, $n)); + } + + if ($this->compare($n) > 0) { + list(, $temp) = $this->divide($n); + return $temp->powModInner($e, $n); + } + + return $this->powModInner($e, $n); + } + + /** + * Sliding Window k-ary Modular Exponentiation + * + * Based on {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=27 HAC 14.85} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=210 MPM 7.7}. In a departure from those algorithims, + * however, this function performs a modular reduction after every multiplication and squaring operation. + * As such, this function has the same preconditions that the reductions being used do. + * + * @template T of Engine + * @param Engine $x + * @param Engine $e + * @param Engine $n + * @param class-string $class + * @return T + */ + protected static function slidingWindow(Engine $x, Engine $e, Engine $n, $class) + { + static $window_ranges = [7, 25, 81, 241, 673, 1793]; // from BigInteger.java's oddModPow function + //static $window_ranges = [0, 7, 36, 140, 450, 1303, 3529]; // from MPM 7.3.1 + + $e_bits = $e->toBits(); + $e_length = strlen($e_bits); + + // calculate the appropriate window size. + // $window_size == 3 if $window_ranges is between 25 and 81, for example. + for ($i = 0, $window_size = 1; $i < count($window_ranges) && $e_length > $window_ranges[$i]; ++$window_size, ++$i) { + } + + $n_value = $n->value; + + if (method_exists(static::class, 'generateCustomReduction')) { + static::generateCustomReduction($n, $class); + } + + // precompute $this^0 through $this^$window_size + $powers = []; + $powers[1] = static::prepareReduce($x->value, $n_value, $class); + $powers[2] = static::squareReduce($powers[1], $n_value, $class); + + // we do every other number since substr($e_bits, $i, $j+1) (see below) is supposed to end + // in a 1. ie. it's supposed to be odd. + $temp = 1 << ($window_size - 1); + for ($i = 1; $i < $temp; ++$i) { + $i2 = $i << 1; + $powers[$i2 + 1] = static::multiplyReduce($powers[$i2 - 1], $powers[2], $n_value, $class); + } + + $result = new $class(1); + $result = static::prepareReduce($result->value, $n_value, $class); + + for ($i = 0; $i < $e_length;) { + if (!$e_bits[$i]) { + $result = static::squareReduce($result, $n_value, $class); + ++$i; + } else { + for ($j = $window_size - 1; $j > 0; --$j) { + if (!empty($e_bits[$i + $j])) { + break; + } + } + + // eg. the length of substr($e_bits, $i, $j + 1) + for ($k = 0; $k <= $j; ++$k) { + $result = static::squareReduce($result, $n_value, $class); + } + + $result = static::multiplyReduce($result, $powers[bindec(substr($e_bits, $i, $j + 1))], $n_value, $class); + + $i += $j + 1; + } + } + + $temp = new $class(); + $temp->value = static::reduce($result, $n_value, $class); + + return $temp; + } + + /** + * Generates a random number of a certain size + * + * Bit length is equal to $size + * + * @param int $size + * @return Engine + */ + public static function random($size) + { + extract(static::minMaxBits($size)); + /** + * @var BigInteger $min + * @var BigInteger $max + */ + return static::randomRange($min, $max); + } + + /** + * Generates a random prime number of a certain size + * + * Bit length is equal to $size + * + * @param int $size + * @return Engine + */ + public static function randomPrime($size) + { + extract(static::minMaxBits($size)); + /** + * @var static $min + * @var static $max + */ + return static::randomRangePrime($min, $max); + } + + /** + * Performs some pre-processing for randomRangePrime + * + * @param Engine $min + * @param Engine $max + * @return static|false + */ + protected static function randomRangePrimeOuter(Engine $min, Engine $max) + { + $compare = $max->compare($min); + + if (!$compare) { + return $min->isPrime() ? $min : false; + } elseif ($compare < 0) { + // if $min is bigger then $max, swap $min and $max + $temp = $max; + $max = $min; + $min = $temp; + } + + $length = $max->getLength(); + if ($length > 8196) { + throw new \RuntimeException("Generation of random prime numbers larger than 8196 has been disabled ($length)"); + } + + $x = static::randomRange($min, $max); + + return static::randomRangePrimeInner($x, $min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + * + * @param Engine $min + * @param Engine $max + * @return Engine + */ + protected static function randomRangeHelper(Engine $min, Engine $max) + { + $compare = $max->compare($min); + + if (!$compare) { + return $min; + } elseif ($compare < 0) { + // if $min is bigger then $max, swap $min and $max + $temp = $max; + $max = $min; + $min = $temp; + } + + if (!isset(static::$one[static::class])) { + static::$one[static::class] = new static(1); + } + + $max = $max->subtract($min->subtract(static::$one[static::class])); + + $size = strlen(ltrim($max->toBytes(), chr(0))); + + /* + doing $random % $max doesn't work because some numbers will be more likely to occur than others. + eg. if $max is 140 and $random's max is 255 then that'd mean both $random = 5 and $random = 145 + would produce 5 whereas the only value of random that could produce 139 would be 139. ie. + not all numbers would be equally likely. some would be more likely than others. + + creating a whole new random number until you find one that is within the range doesn't work + because, for sufficiently small ranges, the likelihood that you'd get a number within that range + would be pretty small. eg. with $random's max being 255 and if your $max being 1 the probability + would be pretty high that $random would be greater than $max. + + phpseclib works around this using the technique described here: + + http://crypto.stackexchange.com/questions/5708/creating-a-small-number-from-a-cryptographically-secure-random-string + */ + $random_max = new static(chr(1) . str_repeat("\0", $size), 256); + $random = new static(Random::string($size), 256); + + list($max_multiple) = $random_max->divide($max); + $max_multiple = $max_multiple->multiply($max); + + while ($random->compare($max_multiple) >= 0) { + $random = $random->subtract($max_multiple); + $random_max = $random_max->subtract($max_multiple); + $random = $random->bitwise_leftShift(8); + $random = $random->add(new static(Random::string(1), 256)); + $random_max = $random_max->bitwise_leftShift(8); + list($max_multiple) = $random_max->divide($max); + $max_multiple = $max_multiple->multiply($max); + } + list(, $random) = $random->divide($max); + + return $random->add($min); + } + + /** + * Performs some post-processing for randomRangePrime + * + * @param Engine $x + * @param Engine $min + * @param Engine $max + * @return static|false + */ + protected static function randomRangePrimeInner(Engine $x, Engine $min, Engine $max) + { + if (!isset(static::$two[static::class])) { + static::$two[static::class] = new static('2'); + } + + $x->make_odd(); + if ($x->compare($max) > 0) { + // if $x > $max then $max is even and if $min == $max then no prime number exists between the specified range + if ($min->equals($max)) { + return false; + } + $x = clone $min; + $x->make_odd(); + } + + $initial_x = clone $x; + + while (true) { + if ($x->isPrime()) { + return $x; + } + + $x = $x->add(static::$two[static::class]); + + if ($x->compare($max) > 0) { + $x = clone $min; + if ($x->equals(static::$two[static::class])) { + return $x; + } + $x->make_odd(); + } + + if ($x->equals($initial_x)) { + return false; + } + } + } + + /** + * Sets the $t parameter for primality testing + * + * @return int + */ + protected function setupIsPrime() + { + $length = $this->getLengthInBytes(); + + // see HAC 4.49 "Note (controlling the error probability)" + // @codingStandardsIgnoreStart + if ($length >= 163) { $t = 2; } // floor(1300 / 8) + else if ($length >= 106) { $t = 3; } // floor( 850 / 8) + else if ($length >= 81 ) { $t = 4; } // floor( 650 / 8) + else if ($length >= 68 ) { $t = 5; } // floor( 550 / 8) + else if ($length >= 56 ) { $t = 6; } // floor( 450 / 8) + else if ($length >= 50 ) { $t = 7; } // floor( 400 / 8) + else if ($length >= 43 ) { $t = 8; } // floor( 350 / 8) + else if ($length >= 37 ) { $t = 9; } // floor( 300 / 8) + else if ($length >= 31 ) { $t = 12; } // floor( 250 / 8) + else if ($length >= 25 ) { $t = 15; } // floor( 200 / 8) + else if ($length >= 18 ) { $t = 18; } // floor( 150 / 8) + else { $t = 27; } + // @codingStandardsIgnoreEnd + + return $t; + } + + /** + * Tests Primality + * + * Uses the {@link http://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test Miller-Rabin primality test}. + * See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=8 HAC 4.24} for more info. + * + * @param int $t + * @return bool + */ + protected function testPrimality($t) + { + if (!$this->testSmallPrimes()) { + return false; + } + + $n = clone $this; + $n_1 = $n->subtract(static::$one[static::class]); + $n_2 = $n->subtract(static::$two[static::class]); + + $r = clone $n_1; + $s = static::scan1divide($r); + + for ($i = 0; $i < $t; ++$i) { + $a = static::randomRange(static::$two[static::class], $n_2); + $y = $a->modPow($r, $n); + + if (!$y->equals(static::$one[static::class]) && !$y->equals($n_1)) { + for ($j = 1; $j < $s && !$y->equals($n_1); ++$j) { + $y = $y->modPow(static::$two[static::class], $n); + if ($y->equals(static::$one[static::class])) { + return false; + } + } + + if (!$y->equals($n_1)) { + return false; + } + } + } + + return true; + } + + /** + * Checks a numer to see if it's prime + * + * Assuming the $t parameter is not set, this function has an error rate of 2**-80. The main motivation for the + * $t parameter is distributability. BigInteger::randomPrime() can be distributed across multiple pageloads + * on a website instead of just one. + * + * @param int|bool $t + * @return bool + */ + public function isPrime($t = false) + { + // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is + // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is + // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest + // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on + $length = $this->getLength(); + if ($length > 8196) { + throw new \RuntimeException("Primality testing is not supported for numbers larger than 8196 bits ($length)"); + } + + if (!$t) { + $t = $this->setupIsPrime(); + } + return $this->testPrimality($t); + } + + /** + * Performs a few preliminary checks on root + * + * @param int $n + * @return Engine + */ + protected function rootHelper($n) + { + if ($n < 1) { + return clone static::$zero[static::class]; + } // we want positive exponents + if ($this->compare(static::$one[static::class]) < 0) { + return clone static::$zero[static::class]; + } // we want positive numbers + if ($this->compare(static::$two[static::class]) < 0) { + return clone static::$one[static::class]; + } // n-th root of 1 or 2 is 1 + + return $this->rootInner($n); + } + + /** + * Calculates the nth root of a biginteger. + * + * Returns the nth root of a positive biginteger, where n defaults to 2 + * + * {@internal This function is based off of {@link http://mathforum.org/library/drmath/view/52605.html this page} and {@link http://stackoverflow.com/questions/11242920/calculating-nth-root-with-bcmath-in-php this stackoverflow question}.} + * + * @param int $n + * @return Engine + */ + protected function rootInner($n) + { + $n = new static($n); + + // g is our guess number + $g = static::$two[static::class]; + // while (g^n < num) g=g*2 + while ($g->pow($n)->compare($this) < 0) { + $g = $g->multiply(static::$two[static::class]); + } + // if (g^n==num) num is a power of 2, we're lucky, end of job + // == 0 bccomp(bcpow($g, $n), $n->value)==0 + if ($g->pow($n)->equals($this) > 0) { + $root = $g; + return $this->normalize($root); + } + + // if we're here num wasn't a power of 2 :( + $og = $g; // og means original guess and here is our upper bound + $g = $g->divide(static::$two[static::class])[0]; // g is set to be our lower bound + $step = $og->subtract($g)->divide(static::$two[static::class])[0]; // step is the half of upper bound - lower bound + $g = $g->add($step); // we start at lower bound + step , basically in the middle of our interval + + // while step>1 + + while ($step->compare(static::$one[static::class]) == 1) { + $guess = $g->pow($n); + $step = $step->divide(static::$two[static::class])[0]; + $comp = $guess->compare($this); // compare our guess with real number + switch ($comp) { + case -1: // if guess is lower we add the new step + $g = $g->add($step); + break; + case 1: // if guess is higher we sub the new step + $g = $g->subtract($step); + break; + case 0: // if guess is exactly the num we're done, we return the value + $root = $g; + break 2; + } + } + + if ($comp == 1) { + $g = $g->subtract($step); + } + + // whatever happened, g is the closest guess we can make so return it + $root = $g; + + return $this->normalize($root); + } + + /** + * Calculates the nth root of a biginteger. + * + * @param int $n + * @return Engine + */ + public function root($n = 2) + { + return $this->rootHelper($n); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + * + * @param array $nums + * @return Engine + */ + protected static function minHelper(array $nums) + { + if (count($nums) == 1) { + return $nums[0]; + } + $min = $nums[0]; + for ($i = 1; $i < count($nums); $i++) { + $min = $min->compare($nums[$i]) > 0 ? $nums[$i] : $min; + } + return $min; + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + * + * @param array $nums + * @return Engine + */ + protected static function maxHelper(array $nums) + { + if (count($nums) == 1) { + return $nums[0]; + } + $max = $nums[0]; + for ($i = 1; $i < count($nums); $i++) { + $max = $max->compare($nums[$i]) < 0 ? $nums[$i] : $max; + } + return $max; + } + + /** + * Create Recurring Modulo Function + * + * Sometimes it may be desirable to do repeated modulos with the same number outside of + * modular exponentiation + * + * @return callable + */ + public function createRecurringModuloFunction() + { + $class = static::class; + + $fqengine = !method_exists(static::$modexpEngine[static::class], 'reduce') ? + '\\phpseclib3\\Math\\BigInteger\\Engines\\' . static::ENGINE_DIR . '\\DefaultEngine' : + static::$modexpEngine[static::class]; + if (method_exists($fqengine, 'generateCustomReduction')) { + $func = $fqengine::generateCustomReduction($this, static::class); + return eval('return function(' . static::class . ' $x) use ($func, $class) { + $r = new $class(); + $r->value = $func($x->value); + return $r; + };'); + } + $n = $this->value; + return eval('return function(' . static::class . ' $x) use ($n, $fqengine, $class) { + $r = new $class(); + $r->value = $fqengine::reduce($x->value, $n, $class); + return $r; + };'); + } + + /** + * Calculates the greatest common divisor and Bezout's identity. + * + * @param Engine $n + * @return array{gcd: Engine, x: Engine, y: Engine} + */ + protected function extendedGCDHelper(Engine $n) + { + $u = clone $this; + $v = clone $n; + + $one = new static(1); + $zero = new static(); + + $a = clone $one; + $b = clone $zero; + $c = clone $zero; + $d = clone $one; + + while (!$v->equals($zero)) { + list($q) = $u->divide($v); + + $temp = $u; + $u = $v; + $v = $temp->subtract($v->multiply($q)); + + $temp = $a; + $a = $c; + $c = $temp->subtract($a->multiply($q)); + + $temp = $b; + $b = $d; + $d = $temp->subtract($b->multiply($q)); + } + + return [ + 'gcd' => $u, + 'x' => $a, + 'y' => $b + ]; + } + + /** + * Bitwise Split + * + * Splits BigInteger's into chunks of $split bits + * + * @param int $split + * @return Engine[] + */ + public function bitwise_split($split) + { + if ($split < 1) { + throw new \RuntimeException('Offset must be greater than 1'); + } + + $mask = static::$one[static::class]->bitwise_leftShift($split)->subtract(static::$one[static::class]); + + $num = clone $this; + + $vals = []; + while (!$num->equals(static::$zero[static::class])) { + $vals[] = $num->bitwise_and($mask); + $num = $num->bitwise_rightShift($split); + } + + return array_reverse($vals); + } + + /** + * Logical And + * + * @param Engine $x + * @return Engine + */ + protected function bitwiseAndHelper(Engine $x) + { + $left = $this->toBytes(true); + $right = $x->toBytes(true); + + $length = max(strlen($left), strlen($right)); + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + + return $this->normalize(new static($left & $right, -256)); + } + + /** + * Logical Or + * + * @param Engine $x + * @return Engine + */ + protected function bitwiseOrHelper(Engine $x) + { + $left = $this->toBytes(true); + $right = $x->toBytes(true); + + $length = max(strlen($left), strlen($right)); + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + + return $this->normalize(new static($left | $right, -256)); + } + + /** + * Logical Exclusive Or + * + * @param Engine $x + * @return Engine + */ + protected function bitwiseXorHelper(Engine $x) + { + $left = $this->toBytes(true); + $right = $x->toBytes(true); + + $length = max(strlen($left), strlen($right)); + + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + return $this->normalize(new static($left ^ $right, -256)); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/GMP.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/GMP.php new file mode 100644 index 0000000..f616362 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/GMP.php @@ -0,0 +1,694 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Exception\BadConfigurationException; + +/** + * GMP Engine. + * + * @author Jim Wigginton + */ +class GMP extends Engine +{ + /** + * Can Bitwise operations be done fast? + * + * @see parent::bitwise_leftRotate() + * @see parent::bitwise_rightRotate() + */ + const FAST_BITWISE = true; + + /** + * Engine Directory + * + * @see parent::setModExpEngine + */ + const ENGINE_DIR = 'GMP'; + + /** + * Test for engine validity + * + * @return bool + * @see parent::__construct() + */ + public static function isValidEngine() + { + return extension_loaded('gmp'); + } + + /** + * Default constructor + * + * @param mixed $x integer Base-10 number or base-$base number if $base set. + * @param int $base + * @see parent::__construct() + */ + public function __construct($x = 0, $base = 10) + { + if (!isset(static::$isValidEngine[static::class])) { + static::$isValidEngine[static::class] = self::isValidEngine(); + } + if (!static::$isValidEngine[static::class]) { + throw new BadConfigurationException('GMP is not setup correctly on this system'); + } + + if ($x instanceof \GMP) { + $this->value = $x; + return; + } + + $this->value = gmp_init(0); + + parent::__construct($x, $base); + } + + /** + * Initialize a GMP BigInteger Engine instance + * + * @param int $base + * @see parent::__construct() + */ + protected function initialize($base) + { + switch (abs($base)) { + case 256: + $this->value = gmp_import($this->value); + if ($this->is_negative) { + $this->value = -$this->value; + } + break; + case 16: + $temp = $this->is_negative ? '-0x' . $this->value : '0x' . $this->value; + $this->value = gmp_init($temp); + break; + case 10: + $this->value = gmp_init(isset($this->value) ? $this->value : '0'); + } + } + + /** + * Converts a BigInteger to a base-10 number. + * + * @return string + */ + public function toString() + { + return (string)$this->value; + } + + /** + * Converts a BigInteger to a bit string (eg. base-2). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + * + * @param bool $twos_compliment + * @return string + */ + public function toBits($twos_compliment = false) + { + $hex = $this->toHex($twos_compliment); + + $bits = gmp_strval(gmp_init($hex, 16), 2); + + if ($this->precision > 0) { + $bits = substr($bits, -$this->precision); + } + + if ($twos_compliment && $this->compare(new static()) > 0 && $this->precision <= 0) { + return '0' . $bits; + } + + return $bits; + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + * + * @param bool $twos_compliment + * @return string + */ + public function toBytes($twos_compliment = false) + { + if ($twos_compliment) { + return $this->toBytesHelper(); + } + + if (gmp_cmp($this->value, gmp_init(0)) == 0) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $temp = gmp_export($this->value); + + return $this->precision > 0 ? + substr(str_pad($temp, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) : + ltrim($temp, chr(0)); + } + + /** + * Adds two BigIntegers. + * + * @param GMP $y + * @return GMP + */ + public function add(GMP $y) + { + $temp = new self(); + $temp->value = $this->value + $y->value; + + return $this->normalize($temp); + } + + /** + * Subtracts two BigIntegers. + * + * @param GMP $y + * @return GMP + */ + public function subtract(GMP $y) + { + $temp = new self(); + $temp->value = $this->value - $y->value; + + return $this->normalize($temp); + } + + /** + * Multiplies two BigIntegers. + * + * @param GMP $x + * @return GMP + */ + public function multiply(GMP $x) + { + $temp = new self(); + $temp->value = $this->value * $x->value; + + return $this->normalize($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @param GMP $y + * @return array{GMP, GMP} + */ + public function divide(GMP $y) + { + $quotient = new self(); + $remainder = new self(); + + list($quotient->value, $remainder->value) = gmp_div_qr($this->value, $y->value); + + if (gmp_sign($remainder->value) < 0) { + $remainder->value = $remainder->value + gmp_abs($y->value); + } + + return [$this->normalize($quotient), $this->normalize($remainder)]; + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this + * is demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @param GMP $y + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(GMP $y) + { + $r = gmp_cmp($this->value, $y->value); + if ($r < -1) { + $r = -1; + } + if ($r > 1) { + $r = 1; + } + return $r; + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + * + * @param GMP $x + * @return bool + */ + public function equals(GMP $x) + { + return $this->value == $x->value; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * @param GMP $n + * @return false|GMP + */ + public function modInverse(GMP $n) + { + $temp = new self(); + $temp->value = gmp_invert($this->value, $n->value); + + return $temp->value === false ? false : $this->normalize($temp); + } + + /** + * Calculates the greatest common divisor and Bezout's identity. + * + * Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that + * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which + * combination is returned is dependent upon which mode is in use. See + * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information. + * + * @param GMP $n + * @return GMP[] + */ + public function extendedGCD(GMP $n) + { + extract(gmp_gcdext($this->value, $n->value)); + + return [ + 'gcd' => $this->normalize(new self($g)), + 'x' => $this->normalize(new self($s)), + 'y' => $this->normalize(new self($t)) + ]; + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + * + * @param GMP $n + * @return GMP + */ + public function gcd(GMP $n) + { + $r = gmp_gcd($this->value, $n->value); + return $this->normalize(new self($r)); + } + + /** + * Absolute value. + * + * @return GMP + */ + public function abs() + { + $temp = new self(); + $temp->value = gmp_abs($this->value); + + return $temp; + } + + /** + * Logical And + * + * @param GMP $x + * @return GMP + */ + public function bitwise_and(GMP $x) + { + $temp = new self(); + $temp->value = $this->value & $x->value; + + return $this->normalize($temp); + } + + /** + * Logical Or + * + * @param GMP $x + * @return GMP + */ + public function bitwise_or(GMP $x) + { + $temp = new self(); + $temp->value = $this->value | $x->value; + + return $this->normalize($temp); + } + + /** + * Logical Exclusive Or + * + * @param GMP $x + * @return GMP + */ + public function bitwise_xor(GMP $x) + { + $temp = new self(); + $temp->value = $this->value ^ $x->value; + + return $this->normalize($temp); + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + * + * @param int $shift + * @return GMP + */ + public function bitwise_rightShift($shift) + { + // 0xFFFFFFFF >> 2 == -1 (on 32-bit systems) + // gmp_init('0xFFFFFFFF') >> 2 == gmp_init('0x3FFFFFFF') + + $temp = new self(); + $temp->value = $this->value >> $shift; + + return $this->normalize($temp); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + * + * @param int $shift + * @return GMP + */ + public function bitwise_leftShift($shift) + { + $temp = new self(); + $temp->value = $this->value << $shift; + + return $this->normalize($temp); + } + + /** + * Performs modular exponentiation. + * + * @param GMP $e + * @param GMP $n + * @return GMP + */ + public function modPow(GMP $e, GMP $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + * + * @param GMP $e + * @param GMP $n + * @return GMP + */ + public function powMod(GMP $e, GMP $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * @param GMP $e + * @param GMP $n + * @return GMP + */ + protected function powModInner(GMP $e, GMP $n) + { + $class = static::$modexpEngine[static::class]; + return $class::powModHelper($this, $e, $n); + } + + /** + * Normalize + * + * Removes leading zeros and truncates (if necessary) to maintain the appropriate precision + * + * @param GMP $result + * @return GMP + */ + protected function normalize(GMP $result) + { + $result->precision = $this->precision; + $result->bitmask = $this->bitmask; + + if ($result->bitmask !== false) { + $flip = $result->value < 0; + if ($flip) { + $result->value = -$result->value; + } + $result->value = $result->value & $result->bitmask->value; + if ($flip) { + $result->value = -$result->value; + } + } + + return $result; + } + + /** + * Performs some post-processing for randomRangePrime + * + * @param Engine $x + * @param Engine $min + * @param Engine $max + * @return GMP + */ + protected static function randomRangePrimeInner(Engine $x, Engine $min, Engine $max) + { + $p = gmp_nextprime($x->value); + + if ($p <= $max->value) { + return new self($p); + } + + if ($min->value != $x->value) { + $x = new self($x->value - 1); + } + + return self::randomRangePrime($min, $x); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @param GMP $min + * @param GMP $max + * @return false|GMP + */ + public static function randomRangePrime(GMP $min, GMP $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + * + * @param GMP $min + * @param GMP $max + * @return GMP + */ + public static function randomRange(GMP $min, GMP $max) + { + return self::randomRangeHelper($min, $max); + } + + /** + * Make the current number odd + * + * If the current number is odd it'll be unchanged. If it's even, one will be added to it. + * + * @see self::randomPrime() + */ + protected function make_odd() + { + gmp_setbit($this->value, 0); + } + + /** + * Tests Primality + * + * @param int $t + * @return bool + */ + protected function testPrimality($t) + { + return gmp_prob_prime($this->value, $t) != 0; + } + + /** + * Calculates the nth root of a biginteger. + * + * Returns the nth root of a positive biginteger, where n defaults to 2 + * + * @param int $n + * @return GMP + */ + protected function rootInner($n) + { + $root = new self(); + $root->value = gmp_root($this->value, $n); + return $this->normalize($root); + } + + /** + * Performs exponentiation. + * + * @param GMP $n + * @return GMP + */ + public function pow(GMP $n) + { + $temp = new self(); + $temp->value = $this->value ** $n->value; + + return $this->normalize($temp); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + * + * @param GMP ...$nums + * @return GMP + */ + public static function min(GMP ...$nums) + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + * + * @param GMP ...$nums + * @return GMP + */ + public static function max(GMP ...$nums) + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + * + * @param GMP $min + * @param GMP $max + * @return bool + */ + public function between(GMP $min, GMP $max) + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } + + /** + * Create Recurring Modulo Function + * + * Sometimes it may be desirable to do repeated modulos with the same number outside of + * modular exponentiation + * + * @return callable + */ + public function createRecurringModuloFunction() + { + $temp = $this->value; + return function (GMP $x) use ($temp) { + return new GMP($x->value % $temp); + }; + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + * + * @param GMP $r + * @return int + */ + public static function scan1divide(GMP $r) + { + $s = gmp_scan1($r->value, 0); + $r->value >>= $s; + return $s; + } + + /** + * Is Odd? + * + * @return bool + */ + public function isOdd() + { + return gmp_testbit($this->value, 0); + } + + /** + * Tests if a bit is set + * + * @return bool + */ + public function testBit($x) + { + return gmp_testbit($this->value, $x); + } + + /** + * Is Negative? + * + * @return bool + */ + public function isNegative() + { + return gmp_sign($this->value) == -1; + } + + /** + * Negate + * + * Given $k, returns -$k + * + * @return GMP + */ + public function negate() + { + $temp = clone $this; + $temp->value = -$this->value; + + return $temp; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/GMP/DefaultEngine.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/GMP/DefaultEngine.php new file mode 100644 index 0000000..bc219fb --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/GMP/DefaultEngine.php @@ -0,0 +1,40 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\GMP; + +use phpseclib3\Math\BigInteger\Engines\GMP; + +/** + * GMP Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class DefaultEngine extends GMP +{ + /** + * Performs modular exponentiation. + * + * @param GMP $x + * @param GMP $e + * @param GMP $n + * @return GMP + */ + protected static function powModHelper(GMP $x, GMP $e, GMP $n) + { + $temp = new GMP(); + $temp->value = gmp_powm($x->value, $e->value, $n->value); + + return $x->normalize($temp); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/OpenSSL.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/OpenSSL.php new file mode 100644 index 0000000..e33a9f1 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/OpenSSL.php @@ -0,0 +1,68 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Crypt\RSA\Formats\Keys\PKCS8; +use phpseclib3\Math\BigInteger; + +/** + * OpenSSL Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class OpenSSL +{ + /** + * Test for engine validity + * + * @return bool + */ + public static function isValidEngine() + { + return extension_loaded('openssl') && static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + * + * @param Engine $x + * @param Engine $e + * @param Engine $n + * @return Engine + */ + public static function powModHelper(Engine $x, Engine $e, Engine $n) + { + if ($n->getLengthInBytes() < 31 || $n->getLengthInBytes() > 16384) { + throw new \OutOfRangeException('Only modulo between 31 and 16384 bits are accepted'); + } + + $key = PKCS8::savePublicKey( + new BigInteger($n), + new BigInteger($e) + ); + + $plaintext = str_pad($x->toBytes(), $n->getLengthInBytes(), "\0", STR_PAD_LEFT); + + // this is easily prone to failure. if the modulo is a multiple of 2 or 3 or whatever it + // won't work and you'll get a "failure: error:0906D06C:PEM routines:PEM_read_bio:no start line" + // error. i suppose, for even numbers, we could do what PHP\Montgomery.php does, but then what + // about odd numbers divisible by 3, by 5, etc? + if (!openssl_public_encrypt($plaintext, $result, $key, OPENSSL_NO_PADDING)) { + throw new \UnexpectedValueException(openssl_error_string()); + } + + $class = get_class($x); + return new $class($result, 256); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP.php new file mode 100644 index 0000000..2d89595 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP.php @@ -0,0 +1,1357 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\BadConfigurationException; + +/** + * Pure-PHP Engine. + * + * @author Jim Wigginton + */ +abstract class PHP extends Engine +{ + /**#@+ + * Array constants + * + * Rather than create a thousands and thousands of new BigInteger objects in repeated function calls to add() and + * multiply() or whatever, we'll just work directly on arrays, taking them in as parameters and returning them. + * + */ + /** + * $result[self::VALUE] contains the value. + */ + const VALUE = 0; + /** + * $result[self::SIGN] contains the sign. + */ + const SIGN = 1; + /**#@-*/ + + /** + * Karatsuba Cutoff + * + * At what point do we switch between Karatsuba multiplication and schoolbook long multiplication? + * + */ + const KARATSUBA_CUTOFF = 25; + + /** + * Can Bitwise operations be done fast? + * + * @see parent::bitwise_leftRotate() + * @see parent::bitwise_rightRotate() + */ + const FAST_BITWISE = true; + + /** + * Engine Directory + * + * @see parent::setModExpEngine + */ + const ENGINE_DIR = 'PHP'; + + /** + * Default constructor + * + * @param mixed $x integer Base-10 number or base-$base number if $base set. + * @param int $base + * @return PHP + * @see parent::__construct() + */ + public function __construct($x = 0, $base = 10) + { + if (!isset(static::$isValidEngine[static::class])) { + static::$isValidEngine[static::class] = static::isValidEngine(); + } + if (!static::$isValidEngine[static::class]) { + throw new BadConfigurationException(static::class . ' is not setup correctly on this system'); + } + + $this->value = []; + parent::__construct($x, $base); + } + + /** + * Initialize a PHP BigInteger Engine instance + * + * @param int $base + * @see parent::__construct() + */ + protected function initialize($base) + { + switch (abs($base)) { + case 16: + $x = (strlen($this->value) & 1) ? '0' . $this->value : $this->value; + $temp = new static(Strings::hex2bin($x), 256); + $this->value = $temp->value; + break; + case 10: + $temp = new static(); + + $multiplier = new static(); + $multiplier->value = [static::MAX10]; + + $x = $this->value; + + if ($x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = str_pad( + $x, + strlen($x) + ((static::MAX10LEN - 1) * strlen($x)) % static::MAX10LEN, + 0, + STR_PAD_LEFT + ); + while (strlen($x)) { + $temp = $temp->multiply($multiplier); + $temp = $temp->add(new static($this->int2bytes(substr($x, 0, static::MAX10LEN)), 256)); + $x = substr($x, static::MAX10LEN); + } + + $this->value = $temp->value; + } + } + + /** + * Pads strings so that unpack may be used on them + * + * @param string $str + * @return string + */ + protected function pad($str) + { + $length = strlen($str); + + $pad = 4 - (strlen($str) % 4); + + return str_pad($str, $length + $pad, "\0", STR_PAD_LEFT); + } + + /** + * Converts a BigInteger to a base-10 number. + * + * @return string + */ + public function toString() + { + if (!count($this->value)) { + return '0'; + } + + $temp = clone $this; + $temp->bitmask = false; + $temp->is_negative = false; + + $divisor = new static(); + $divisor->value = [static::MAX10]; + $result = ''; + while (count($temp->value)) { + list($temp, $mod) = $temp->divide($divisor); + $result = str_pad( + isset($mod->value[0]) ? $mod->value[0] : '', + static::MAX10LEN, + '0', + STR_PAD_LEFT + ) . $result; + } + $result = ltrim($result, '0'); + if (empty($result)) { + $result = '0'; + } + + if ($this->is_negative) { + $result = '-' . $result; + } + + return $result; + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + * + * @param bool $twos_compliment + * @return string + */ + public function toBytes($twos_compliment = false) + { + if ($twos_compliment) { + return $this->toBytesHelper(); + } + + if (!count($this->value)) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $result = $this->bitwise_small_split(8); + $result = implode('', array_map('chr', $result)); + + return $this->precision > 0 ? + str_pad( + substr($result, -(($this->precision + 7) >> 3)), + ($this->precision + 7) >> 3, + chr(0), + STR_PAD_LEFT + ) : + $result; + } + + /** + * Performs addition. + * + * @param array $x_value + * @param bool $x_negative + * @param array $y_value + * @param bool $y_negative + * @return array + */ + protected static function addHelper(array $x_value, $x_negative, array $y_value, $y_negative) + { + $x_size = count($x_value); + $y_size = count($y_value); + + if ($x_size == 0) { + return [ + self::VALUE => $y_value, + self::SIGN => $y_negative + ]; + } elseif ($y_size == 0) { + return [ + self::VALUE => $x_value, + self::SIGN => $x_negative + ]; + } + + // subtract, if appropriate + if ($x_negative != $y_negative) { + if ($x_value == $y_value) { + return [ + self::VALUE => [], + self::SIGN => false + ]; + } + + $temp = self::subtractHelper($x_value, false, $y_value, false); + $temp[self::SIGN] = self::compareHelper($x_value, false, $y_value, false) > 0 ? + $x_negative : $y_negative; + + return $temp; + } + + if ($x_size < $y_size) { + $size = $x_size; + $value = $y_value; + } else { + $size = $y_size; + $value = $x_value; + } + + $value[count($value)] = 0; // just in case the carry adds an extra digit + + $carry = 0; + for ($i = 0, $j = 1; $j < $size; $i += 2, $j += 2) { + //$sum = $x_value[$j] * static::BASE_FULL + $x_value[$i] + $y_value[$j] * static::BASE_FULL + $y_value[$i] + $carry; + $sum = ($x_value[$j] + $y_value[$j]) * static::BASE_FULL + $x_value[$i] + $y_value[$i] + $carry; + $carry = $sum >= static::MAX_DIGIT2; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1 + $sum = $carry ? $sum - static::MAX_DIGIT2 : $sum; + + $temp = static::BASE === 26 ? intval($sum / 0x4000000) : ($sum >> 31); + + $value[$i] = (int)($sum - static::BASE_FULL * $temp); // eg. a faster alternative to fmod($sum, 0x4000000) + $value[$j] = $temp; + } + + if ($j == $size) { // ie. if $y_size is odd + $sum = $x_value[$i] + $y_value[$i] + $carry; + $carry = $sum >= static::BASE_FULL; + $value[$i] = $carry ? $sum - static::BASE_FULL : $sum; + ++$i; // ie. let $i = $j since we've just done $value[$i] + } + + if ($carry) { + for (; $value[$i] == static::MAX_DIGIT; ++$i) { + $value[$i] = 0; + } + ++$value[$i]; + } + + return [ + self::VALUE => self::trim($value), + self::SIGN => $x_negative + ]; + } + + /** + * Performs subtraction. + * + * @param array $x_value + * @param bool $x_negative + * @param array $y_value + * @param bool $y_negative + * @return array + */ + public static function subtractHelper(array $x_value, $x_negative, array $y_value, $y_negative) + { + $x_size = count($x_value); + $y_size = count($y_value); + + if ($x_size == 0) { + return [ + self::VALUE => $y_value, + self::SIGN => !$y_negative + ]; + } elseif ($y_size == 0) { + return [ + self::VALUE => $x_value, + self::SIGN => $x_negative + ]; + } + + // add, if appropriate (ie. -$x - +$y or +$x - -$y) + if ($x_negative != $y_negative) { + $temp = self::addHelper($x_value, false, $y_value, false); + $temp[self::SIGN] = $x_negative; + + return $temp; + } + + $diff = self::compareHelper($x_value, $x_negative, $y_value, $y_negative); + + if (!$diff) { + return [ + self::VALUE => [], + self::SIGN => false + ]; + } + + // switch $x and $y around, if appropriate. + if ((!$x_negative && $diff < 0) || ($x_negative && $diff > 0)) { + $temp = $x_value; + $x_value = $y_value; + $y_value = $temp; + + $x_negative = !$x_negative; + + $x_size = count($x_value); + $y_size = count($y_value); + } + + // at this point, $x_value should be at least as big as - if not bigger than - $y_value + + $carry = 0; + for ($i = 0, $j = 1; $j < $y_size; $i += 2, $j += 2) { + $sum = ($x_value[$j] - $y_value[$j]) * static::BASE_FULL + $x_value[$i] - $y_value[$i] - $carry; + + $carry = $sum < 0; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1 + $sum = $carry ? $sum + static::MAX_DIGIT2 : $sum; + + $temp = static::BASE === 26 ? intval($sum / 0x4000000) : ($sum >> 31); + + $x_value[$i] = (int)($sum - static::BASE_FULL * $temp); + $x_value[$j] = $temp; + } + + if ($j == $y_size) { // ie. if $y_size is odd + $sum = $x_value[$i] - $y_value[$i] - $carry; + $carry = $sum < 0; + $x_value[$i] = $carry ? $sum + static::BASE_FULL : $sum; + ++$i; + } + + if ($carry) { + for (; !$x_value[$i]; ++$i) { + $x_value[$i] = static::MAX_DIGIT; + } + --$x_value[$i]; + } + + return [ + self::VALUE => self::trim($x_value), + self::SIGN => $x_negative + ]; + } + + /** + * Performs multiplication. + * + * @param array $x_value + * @param bool $x_negative + * @param array $y_value + * @param bool $y_negative + * @return array + */ + protected static function multiplyHelper(array $x_value, $x_negative, array $y_value, $y_negative) + { + //if ( $x_value == $y_value ) { + // return [ + // self::VALUE => self::square($x_value), + // self::SIGN => $x_sign != $y_value + // ]; + //} + + $x_length = count($x_value); + $y_length = count($y_value); + + if (!$x_length || !$y_length) { // a 0 is being multiplied + return [ + self::VALUE => [], + self::SIGN => false + ]; + } + + return [ + self::VALUE => min($x_length, $y_length) < 2 * self::KARATSUBA_CUTOFF ? + self::trim(self::regularMultiply($x_value, $y_value)) : + self::trim(self::karatsuba($x_value, $y_value)), + self::SIGN => $x_negative != $y_negative + ]; + } + + /** + * Performs Karatsuba multiplication on two BigIntegers + * + * See {@link http://en.wikipedia.org/wiki/Karatsuba_algorithm Karatsuba algorithm} and + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=120 MPM 5.2.3}. + * + * @param array $x_value + * @param array $y_value + * @return array + */ + private static function karatsuba(array $x_value, array $y_value) + { + $m = min(count($x_value) >> 1, count($y_value) >> 1); + + if ($m < self::KARATSUBA_CUTOFF) { + return self::regularMultiply($x_value, $y_value); + } + + $x1 = array_slice($x_value, $m); + $x0 = array_slice($x_value, 0, $m); + $y1 = array_slice($y_value, $m); + $y0 = array_slice($y_value, 0, $m); + + $z2 = self::karatsuba($x1, $y1); + $z0 = self::karatsuba($x0, $y0); + + $z1 = self::addHelper($x1, false, $x0, false); + $temp = self::addHelper($y1, false, $y0, false); + $z1 = self::karatsuba($z1[self::VALUE], $temp[self::VALUE]); + $temp = self::addHelper($z2, false, $z0, false); + $z1 = self::subtractHelper($z1, false, $temp[self::VALUE], false); + + $z2 = array_merge(array_fill(0, 2 * $m, 0), $z2); + $z1[self::VALUE] = array_merge(array_fill(0, $m, 0), $z1[self::VALUE]); + + $xy = self::addHelper($z2, false, $z1[self::VALUE], $z1[self::SIGN]); + $xy = self::addHelper($xy[self::VALUE], $xy[self::SIGN], $z0, false); + + return $xy[self::VALUE]; + } + + /** + * Performs long multiplication on two BigIntegers + * + * Modeled after 'multiply' in MutableBigInteger.java. + * + * @param array $x_value + * @param array $y_value + * @return array + */ + protected static function regularMultiply(array $x_value, array $y_value) + { + $x_length = count($x_value); + $y_length = count($y_value); + + if (!$x_length || !$y_length) { // a 0 is being multiplied + return []; + } + + $product_value = self::array_repeat(0, $x_length + $y_length); + + // the following for loop could be removed if the for loop following it + // (the one with nested for loops) initially set $i to 0, but + // doing so would also make the result in one set of unnecessary adds, + // since on the outermost loops first pass, $product->value[$k] is going + // to always be 0 + + $carry = 0; + for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0 + $temp = $x_value[$j] * $y_value[0] + $carry; // $product_value[$k] == 0 + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$j] = (int)($temp - static::BASE_FULL * $carry); + } + + $product_value[$j] = $carry; + + // the above for loop is what the previous comment was talking about. the + // following for loop is the "one with nested for loops" + for ($i = 1; $i < $y_length; ++$i) { + $carry = 0; + + for ($j = 0, $k = $i; $j < $x_length; ++$j, ++$k) { + $temp = $product_value[$k] + $x_value[$j] * $y_value[$i] + $carry; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$k] = (int)($temp - static::BASE_FULL * $carry); + } + + $product_value[$k] = $carry; + } + + return $product_value; + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @return array{static, static} + * @internal This function is based off of + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=9 HAC 14.20}. + */ + protected function divideHelper(PHP $y) + { + if (count($y->value) == 1) { + list($q, $r) = $this->divide_digit($this->value, $y->value[0]); + $quotient = new static(); + $remainder = new static(); + $quotient->value = $q; + $remainder->value = [$r]; + $quotient->is_negative = $this->is_negative != $y->is_negative; + return [$this->normalize($quotient), $this->normalize($remainder)]; + } + + $x = clone $this; + $y = clone $y; + + $x_sign = $x->is_negative; + $y_sign = $y->is_negative; + + $x->is_negative = $y->is_negative = false; + + $diff = $x->compare($y); + + if (!$diff) { + $temp = new static(); + $temp->value = [1]; + $temp->is_negative = $x_sign != $y_sign; + return [$this->normalize($temp), $this->normalize(static::$zero[static::class])]; + } + + if ($diff < 0) { + // if $x is negative, "add" $y. + if ($x_sign) { + $x = $y->subtract($x); + } + return [$this->normalize(static::$zero[static::class]), $this->normalize($x)]; + } + + // normalize $x and $y as described in HAC 14.23 / 14.24 + $msb = $y->value[count($y->value) - 1]; + for ($shift = 0; !($msb & static::MSB); ++$shift) { + $msb <<= 1; + } + $x->lshift($shift); + $y->lshift($shift); + $y_value = &$y->value; + + $x_max = count($x->value) - 1; + $y_max = count($y->value) - 1; + + $quotient = new static(); + $quotient_value = &$quotient->value; + $quotient_value = self::array_repeat(0, $x_max - $y_max + 1); + + static $temp, $lhs, $rhs; + if (!isset($temp)) { + $temp = new static(); + $lhs = new static(); + $rhs = new static(); + } + if (static::class != get_class($temp)) { + $temp = new static(); + $lhs = new static(); + $rhs = new static(); + } + $temp_value = &$temp->value; + $rhs_value = &$rhs->value; + + // $temp = $y << ($x_max - $y_max-1) in base 2**26 + $temp_value = array_merge(self::array_repeat(0, $x_max - $y_max), $y_value); + + while ($x->compare($temp) >= 0) { + // calculate the "common residue" + ++$quotient_value[$x_max - $y_max]; + $x = $x->subtract($temp); + $x_max = count($x->value) - 1; + } + + for ($i = $x_max; $i >= $y_max + 1; --$i) { + $x_value = &$x->value; + $x_window = [ + isset($x_value[$i]) ? $x_value[$i] : 0, + isset($x_value[$i - 1]) ? $x_value[$i - 1] : 0, + isset($x_value[$i - 2]) ? $x_value[$i - 2] : 0 + ]; + $y_window = [ + $y_value[$y_max], + ($y_max > 0) ? $y_value[$y_max - 1] : 0 + ]; + + $q_index = $i - $y_max - 1; + if ($x_window[0] == $y_window[0]) { + $quotient_value[$q_index] = static::MAX_DIGIT; + } else { + $quotient_value[$q_index] = self::safe_divide( + $x_window[0] * static::BASE_FULL + $x_window[1], + $y_window[0] + ); + } + + $temp_value = [$y_window[1], $y_window[0]]; + + $lhs->value = [$quotient_value[$q_index]]; + $lhs = $lhs->multiply($temp); + + $rhs_value = [$x_window[2], $x_window[1], $x_window[0]]; + + while ($lhs->compare($rhs) > 0) { + --$quotient_value[$q_index]; + + $lhs->value = [$quotient_value[$q_index]]; + $lhs = $lhs->multiply($temp); + } + + $adjust = self::array_repeat(0, $q_index); + $temp_value = [$quotient_value[$q_index]]; + $temp = $temp->multiply($y); + $temp_value = &$temp->value; + if (count($temp_value)) { + $temp_value = array_merge($adjust, $temp_value); + } + + $x = $x->subtract($temp); + + if ($x->compare(static::$zero[static::class]) < 0) { + $temp_value = array_merge($adjust, $y_value); + $x = $x->add($temp); + + --$quotient_value[$q_index]; + } + + $x_max = count($x_value) - 1; + } + + // unnormalize the remainder + $x->rshift($shift); + + $quotient->is_negative = $x_sign != $y_sign; + + // calculate the "common residue", if appropriate + if ($x_sign) { + $y->rshift($shift); + $x = $y->subtract($x); + } + + return [$this->normalize($quotient), $this->normalize($x)]; + } + + /** + * Divides a BigInteger by a regular integer + * + * abc / x = a00 / x + b0 / x + c / x + * + * @param array $dividend + * @param int $divisor + * @return array + */ + private static function divide_digit(array $dividend, $divisor) + { + $carry = 0; + $result = []; + + for ($i = count($dividend) - 1; $i >= 0; --$i) { + $temp = static::BASE_FULL * $carry + $dividend[$i]; + $result[$i] = self::safe_divide($temp, $divisor); + $carry = (int)($temp - $divisor * $result[$i]); + } + + return [$result, $carry]; + } + + /** + * Single digit division + * + * Even if int64 is being used the division operator will return a float64 value + * if the dividend is not evenly divisible by the divisor. Since a float64 doesn't + * have the precision of int64 this is a problem so, when int64 is being used, + * we'll guarantee that the dividend is divisible by first subtracting the remainder. + * + * @param int $x + * @param int $y + * @return int + */ + private static function safe_divide($x, $y) + { + if (static::BASE === 26) { + return (int)($x / $y); + } + + // static::BASE === 31 + /** @var int */ + return ($x - ($x % $y)) / $y; + } + + /** + * Convert an array / boolean to a PHP BigInteger object + * + * @param array $arr + * @return static + */ + protected function convertToObj(array $arr) + { + $result = new static(); + $result->value = $arr[self::VALUE]; + $result->is_negative = $arr[self::SIGN]; + + return $this->normalize($result); + } + + /** + * Normalize + * + * Removes leading zeros and truncates (if necessary) to maintain the appropriate precision + * + * @param PHP $result + * @return static + */ + protected function normalize(PHP $result) + { + $result->precision = $this->precision; + $result->bitmask = $this->bitmask; + + $value = &$result->value; + + if (!count($value)) { + $result->is_negative = false; + return $result; + } + + $value = static::trim($value); + + if (!empty($result->bitmask->value)) { + $length = min(count($value), count($result->bitmask->value)); + $value = array_slice($value, 0, $length); + + for ($i = 0; $i < $length; ++$i) { + $value[$i] = $value[$i] & $result->bitmask->value[$i]; + } + + $value = static::trim($value); + } + + return $result; + } + + /** + * Compares two numbers. + * + * @param array $x_value + * @param bool $x_negative + * @param array $y_value + * @param bool $y_negative + * @return int + * @see static::compare() + */ + protected static function compareHelper(array $x_value, $x_negative, array $y_value, $y_negative) + { + if ($x_negative != $y_negative) { + return (!$x_negative && $y_negative) ? 1 : -1; + } + + $result = $x_negative ? -1 : 1; + + if (count($x_value) != count($y_value)) { + return (count($x_value) > count($y_value)) ? $result : -$result; + } + $size = max(count($x_value), count($y_value)); + + $x_value = array_pad($x_value, $size, 0); + $y_value = array_pad($y_value, $size, 0); + + for ($i = count($x_value) - 1; $i >= 0; --$i) { + if ($x_value[$i] != $y_value[$i]) { + return ($x_value[$i] > $y_value[$i]) ? $result : -$result; + } + } + + return 0; + } + + /** + * Absolute value. + * + * @return PHP + */ + public function abs() + { + $temp = new static(); + $temp->value = $this->value; + + return $temp; + } + + /** + * Trim + * + * Removes leading zeros + * + * @param list $value + * @return list + */ + protected static function trim(array $value) + { + for ($i = count($value) - 1; $i >= 0; --$i) { + if ($value[$i]) { + break; + } + unset($value[$i]); + } + + return $value; + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + * + * @param int $shift + * @return PHP + */ + public function bitwise_rightShift($shift) + { + $temp = new static(); + + // could just replace lshift with this, but then all lshift() calls would need to be rewritten + // and I don't want to do that... + $temp->value = $this->value; + $temp->rshift($shift); + + return $this->normalize($temp); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + * + * @param int $shift + * @return PHP + */ + public function bitwise_leftShift($shift) + { + $temp = new static(); + // could just replace _rshift with this, but then all _lshift() calls would need to be rewritten + // and I don't want to do that... + $temp->value = $this->value; + $temp->lshift($shift); + + return $this->normalize($temp); + } + + /** + * Converts 32-bit integers to bytes. + * + * @param int $x + * @return string + */ + private static function int2bytes($x) + { + return ltrim(pack('N', $x), chr(0)); + } + + /** + * Array Repeat + * + * @param int $input + * @param int $multiplier + * @return array + */ + protected static function array_repeat($input, $multiplier) + { + return $multiplier ? array_fill(0, $multiplier, $input) : []; + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits. + * + * @param int $shift + */ + protected function lshift($shift) + { + if ($shift == 0) { + return; + } + + $num_digits = (int)($shift / static::BASE); + $shift %= static::BASE; + $shift = 1 << $shift; + + $carry = 0; + + for ($i = 0; $i < count($this->value); ++$i) { + $temp = $this->value[$i] * $shift + $carry; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $this->value[$i] = (int)($temp - $carry * static::BASE_FULL); + } + + if ($carry) { + $this->value[count($this->value)] = $carry; + } + + while ($num_digits--) { + array_unshift($this->value, 0); + } + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits. + * + * @param int $shift + */ + protected function rshift($shift) + { + if ($shift == 0) { + return; + } + + $num_digits = (int)($shift / static::BASE); + $shift %= static::BASE; + $carry_shift = static::BASE - $shift; + $carry_mask = (1 << $shift) - 1; + + if ($num_digits) { + $this->value = array_slice($this->value, $num_digits); + } + + $carry = 0; + + for ($i = count($this->value) - 1; $i >= 0; --$i) { + $temp = $this->value[$i] >> $shift | $carry; + $carry = ($this->value[$i] & $carry_mask) << $carry_shift; + $this->value[$i] = $temp; + } + + $this->value = static::trim($this->value); + } + + /** + * Performs modular exponentiation. + * + * @param PHP $e + * @param PHP $n + * @return PHP + */ + protected function powModInner(PHP $e, PHP $n) + { + try { + $class = static::$modexpEngine[static::class]; + return $class::powModHelper($this, $e, $n, static::class); + } catch (\Exception $err) { + return PHP\DefaultEngine::powModHelper($this, $e, $n, static::class); + } + } + + /** + * Performs squaring + * + * @param list $x + * @return list + */ + protected static function square(array $x) + { + return count($x) < 2 * self::KARATSUBA_CUTOFF ? + self::trim(self::baseSquare($x)) : + self::trim(self::karatsubaSquare($x)); + } + + /** + * Performs traditional squaring on two BigIntegers + * + * Squaring can be done faster than multiplying a number by itself can be. See + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=7 HAC 14.2.4} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=141 MPM 5.3} for more information. + * + * @param array $value + * @return array + */ + protected static function baseSquare(array $value) + { + if (empty($value)) { + return []; + } + $square_value = self::array_repeat(0, 2 * count($value)); + + for ($i = 0, $max_index = count($value) - 1; $i <= $max_index; ++$i) { + $i2 = $i << 1; + + $temp = $square_value[$i2] + $value[$i] * $value[$i]; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $square_value[$i2] = (int)($temp - static::BASE_FULL * $carry); + + // note how we start from $i+1 instead of 0 as we do in multiplication. + for ($j = $i + 1, $k = $i2 + 1; $j <= $max_index; ++$j, ++$k) { + $temp = $square_value[$k] + 2 * $value[$j] * $value[$i] + $carry; + $carry = static::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $square_value[$k] = (int)($temp - static::BASE_FULL * $carry); + } + + // the following line can yield values larger 2**15. at this point, PHP should switch + // over to floats. + $square_value[$i + $max_index + 1] = $carry; + } + + return $square_value; + } + + /** + * Performs Karatsuba "squaring" on two BigIntegers + * + * See {@link http://en.wikipedia.org/wiki/Karatsuba_algorithm Karatsuba algorithm} and + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=151 MPM 5.3.4}. + * + * @param array $value + * @return array + */ + protected static function karatsubaSquare(array $value) + { + $m = count($value) >> 1; + + if ($m < self::KARATSUBA_CUTOFF) { + return self::baseSquare($value); + } + + $x1 = array_slice($value, $m); + $x0 = array_slice($value, 0, $m); + + $z2 = self::karatsubaSquare($x1); + $z0 = self::karatsubaSquare($x0); + + $z1 = self::addHelper($x1, false, $x0, false); + $z1 = self::karatsubaSquare($z1[self::VALUE]); + $temp = self::addHelper($z2, false, $z0, false); + $z1 = self::subtractHelper($z1, false, $temp[self::VALUE], false); + + $z2 = array_merge(array_fill(0, 2 * $m, 0), $z2); + $z1[self::VALUE] = array_merge(array_fill(0, $m, 0), $z1[self::VALUE]); + + $xx = self::addHelper($z2, false, $z1[self::VALUE], $z1[self::SIGN]); + $xx = self::addHelper($xx[self::VALUE], $xx[self::SIGN], $z0, false); + + return $xx[self::VALUE]; + } + + /** + * Make the current number odd + * + * If the current number is odd it'll be unchanged. If it's even, one will be added to it. + * + * @see self::randomPrime() + */ + protected function make_odd() + { + $this->value[0] |= 1; + } + + /** + * Test the number against small primes. + * + * @see self::isPrime() + */ + protected function testSmallPrimes() + { + if ($this->value == [1]) { + return false; + } + if ($this->value == [2]) { + return true; + } + if (~$this->value[0] & 1) { + return false; + } + + $value = $this->value; + foreach (static::PRIMES as $prime) { + list(, $r) = self::divide_digit($value, $prime); + if (!$r) { + return count($value) == 1 && $value[0] == $prime; + } + } + + return true; + } + + /** + * Scan for 1 and right shift by that amount + * + * ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + * + * @param PHP $r + * @return int + * @see self::isPrime() + */ + public static function scan1divide(PHP $r) + { + $r_value = &$r->value; + for ($i = 0, $r_length = count($r_value); $i < $r_length; ++$i) { + $temp = ~$r_value[$i] & static::MAX_DIGIT; + for ($j = 1; ($temp >> $j) & 1; ++$j) { + } + if ($j <= static::BASE) { + break; + } + } + $s = static::BASE * $i + $j; + $r->rshift($s); + return $s; + } + + /** + * Performs exponentiation. + * + * @param PHP $n + * @return PHP + */ + protected function powHelper(PHP $n) + { + if ($n->compare(static::$zero[static::class]) == 0) { + return new static(1); + } // n^0 = 1 + + $temp = clone $this; + while (!$n->equals(static::$one[static::class])) { + $temp = $temp->multiply($this); + $n = $n->subtract(static::$one[static::class]); + } + + return $temp; + } + + /** + * Is Odd? + * + * @return bool + */ + public function isOdd() + { + return (bool)($this->value[0] & 1); + } + + /** + * Tests if a bit is set + * + * @return bool + */ + public function testBit($x) + { + $digit = (int) floor($x / static::BASE); + $bit = $x % static::BASE; + + if (!isset($this->value[$digit])) { + return false; + } + + return (bool)($this->value[$digit] & (1 << $bit)); + } + + /** + * Is Negative? + * + * @return bool + */ + public function isNegative() + { + return $this->is_negative; + } + + /** + * Negate + * + * Given $k, returns -$k + * + * @return static + */ + public function negate() + { + $temp = clone $this; + $temp->is_negative = !$temp->is_negative; + + return $temp; + } + + /** + * Bitwise Split + * + * Splits BigInteger's into chunks of $split bits + * + * @param int $split + * @return list + */ + public function bitwise_split($split) + { + if ($split < 1) { + throw new \RuntimeException('Offset must be greater than 1'); + } + + $width = (int)($split / static::BASE); + if (!$width) { + $arr = $this->bitwise_small_split($split); + return array_map(function ($digit) { + $temp = new static(); + $temp->value = $digit != 0 ? [$digit] : []; + return $temp; + }, $arr); + } + + $vals = []; + $val = $this->value; + + $i = $overflow = 0; + $len = count($val); + while ($i < $len) { + $digit = []; + if (!$overflow) { + $digit = array_slice($val, $i, $width); + $i += $width; + $overflow = $split % static::BASE; + if ($overflow) { + $mask = (1 << $overflow) - 1; + $temp = isset($val[$i]) ? $val[$i] : 0; + $digit[] = $temp & $mask; + } + } else { + $remaining = static::BASE - $overflow; + $tempsplit = $split - $remaining; + $tempwidth = (int)($tempsplit / static::BASE + 1); + $digit = array_slice($val, $i, $tempwidth); + $i += $tempwidth; + $tempoverflow = $tempsplit % static::BASE; + if ($tempoverflow) { + $tempmask = (1 << $tempoverflow) - 1; + $temp = isset($val[$i]) ? $val[$i] : 0; + $digit[] = $temp & $tempmask; + } + $newbits = 0; + for ($j = count($digit) - 1; $j >= 0; $j--) { + $temp = $digit[$j] & $mask; + $digit[$j] = ($digit[$j] >> $overflow) | ($newbits << $remaining); + $newbits = $temp; + } + $overflow = $tempoverflow; + $mask = $tempmask; + } + $temp = new static(); + $temp->value = static::trim($digit); + $vals[] = $temp; + } + + return array_reverse($vals); + } + + /** + * Bitwise Split where $split < static::BASE + * + * @param int $split + * @return list + */ + private function bitwise_small_split($split) + { + $vals = []; + $val = $this->value; + + $mask = (1 << $split) - 1; + + $i = $overflow = 0; + $len = count($val); + $val[] = 0; + $remaining = static::BASE; + while ($i != $len) { + $digit = $val[$i] & $mask; + $val[$i] >>= $split; + if (!$overflow) { + $remaining -= $split; + $overflow = $split <= $remaining ? 0 : $split - $remaining; + + if (!$remaining) { + $i++; + $remaining = static::BASE; + $overflow = 0; + } + } elseif (++$i != $len) { + $tempmask = (1 << $overflow) - 1; + $digit |= ($val[$i] & $tempmask) << $remaining; + $val[$i] >>= $overflow; + $remaining = static::BASE - $overflow; + $overflow = $split <= $remaining ? 0 : $split - $remaining; + } + + $vals[] = $digit; + } + + while ($vals[count($vals) - 1] == 0) { + unset($vals[count($vals) - 1]); + } + + return array_reverse($vals); + } + + /** + * @return bool + */ + protected static function testJITOnWindows() + { + // see https://github.com/php/php-src/issues/11917 + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' && function_exists('opcache_get_status') && PHP_VERSION_ID < 80213 && !defined('PHPSECLIB_ALLOW_JIT')) { + $status = opcache_get_status(); + if ($status && isset($status['jit']) && $status['jit']['enabled'] && $status['jit']['on']) { + return true; + } + } + return false; + } + + /** + * Return the size of a BigInteger in bits + * + * @return int + */ + public function getLength() + { + $max = count($this->value) - 1; + return $max != -1 ? + $max * static::BASE + intval(ceil(log($this->value[$max] + 1, 2))) : + 0; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Base.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Base.php new file mode 100644 index 0000000..40f64bd --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Base.php @@ -0,0 +1,143 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\PHP; + +/** + * PHP Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Base extends PHP +{ + /** + * Cache constants + * + * $cache[self::VARIABLE] tells us whether or not the cached data is still valid. + * + */ + const VARIABLE = 0; + /** + * $cache[self::DATA] contains the cached data. + * + */ + const DATA = 1; + + /** + * Test for engine validity + * + * @return bool + */ + public static function isValidEngine() + { + return static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + * + * The most naive approach to modular exponentiation has very unreasonable requirements, and + * and although the approach involving repeated squaring does vastly better, it, too, is impractical + * for our purposes. The reason being that division - by far the most complicated and time-consuming + * of the basic operations (eg. +,-,*,/) - occurs multiple times within it. + * + * Modular reductions resolve this issue. Although an individual modular reduction takes more time + * then an individual division, when performed in succession (with the same modulo), they're a lot faster. + * + * The two most commonly used modular reductions are Barrett and Montgomery reduction. Montgomery reduction, + * although faster, only works when the gcd of the modulo and of the base being used is 1. In RSA, when the + * base is a power of two, the modulo - a product of two primes - is always going to have a gcd of 1 (because + * the product of two odd numbers is odd), but what about when RSA isn't used? + * + * In contrast, Barrett reduction has no such constraint. As such, some bigint implementations perform a + * Barrett reduction after every operation in the modpow function. Others perform Barrett reductions when the + * modulo is even and Montgomery reductions when the modulo is odd. BigInteger.java's modPow method, however, + * uses a trick involving the Chinese Remainder Theorem to factor the even modulo into two numbers - one odd and + * the other, a power of two - and recombine them, later. This is the method that this modPow function uses. + * {@link http://islab.oregonstate.edu/papers/j34monex.pdf Montgomery Reduction with Even Modulus} elaborates. + * + * @param PHP $x + * @param PHP $e + * @param PHP $n + * @param string $class + * @return PHP + */ + protected static function powModHelper(PHP $x, PHP $e, PHP $n, $class) + { + if (empty($e->value)) { + $temp = new $class(); + $temp->value = [1]; + return $x->normalize($temp); + } + + if ($e->value == [1]) { + list(, $temp) = $x->divide($n); + return $x->normalize($temp); + } + + if ($e->value == [2]) { + $temp = new $class(); + $temp->value = $class::square($x->value); + list(, $temp) = $temp->divide($n); + return $x->normalize($temp); + } + + return $x->normalize(static::slidingWindow($x, $e, $n, $class)); + } + + /** + * Modular reduction preparation + * + * @param array $x + * @param array $n + * @param string $class + * @see self::slidingWindow() + * @return array + */ + protected static function prepareReduce(array $x, array $n, $class) + { + return static::reduce($x, $n, $class); + } + + /** + * Modular multiply + * + * @param array $x + * @param array $y + * @param array $n + * @param string $class + * @see self::slidingWindow() + * @return array + */ + protected static function multiplyReduce(array $x, array $y, array $n, $class) + { + $temp = $class::multiplyHelper($x, false, $y, false); + return static::reduce($temp[self::VALUE], $n, $class); + } + + /** + * Modular square + * + * @param array $x + * @param array $n + * @param string $class + * @see self::slidingWindow() + * @return array + */ + protected static function squareReduce(array $x, array $n, $class) + { + return static::reduce($class::square($x), $n, $class); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/DefaultEngine.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/DefaultEngine.php new file mode 100644 index 0000000..6d33532 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/DefaultEngine.php @@ -0,0 +1,25 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\PHP\Reductions\EvalBarrett; + +/** + * PHP Default Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class DefaultEngine extends EvalBarrett +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php new file mode 100644 index 0000000..09f825f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php @@ -0,0 +1,89 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\Engine; +use phpseclib3\Math\BigInteger\Engines\PHP; +use phpseclib3\Math\BigInteger\Engines\PHP\Reductions\PowerOfTwo; + +/** + * PHP Montgomery Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Montgomery extends Base +{ + /** + * Test for engine validity + * + * @return bool + */ + public static function isValidEngine() + { + return static::class != __CLASS__; + } + + /** + * Performs modular exponentiation. + * + * @template T of Engine + * @param Engine $x + * @param Engine $e + * @param Engine $n + * @param class-string $class + * @return T + */ + protected static function slidingWindow(Engine $x, Engine $e, Engine $n, $class) + { + // is the modulo odd? + if ($n->value[0] & 1) { + return parent::slidingWindow($x, $e, $n, $class); + } + // if it's not, it's even + + // find the lowest set bit (eg. the max pow of 2 that divides $n) + for ($i = 0; $i < count($n->value); ++$i) { + if ($n->value[$i]) { + $temp = decbin($n->value[$i]); + $j = strlen($temp) - strrpos($temp, '1') - 1; + $j += $class::BASE * $i; + break; + } + } + // at this point, 2^$j * $n/(2^$j) == $n + + $mod1 = clone $n; + $mod1->rshift($j); + $mod2 = new $class(); + $mod2->value = [1]; + $mod2->lshift($j); + + $part1 = $mod1->value != [1] ? parent::slidingWindow($x, $e, $mod1, $class) : new $class(); + $part2 = PowerOfTwo::slidingWindow($x, $e, $mod2, $class); + + $y1 = $mod2->modInverse($mod1); + $y2 = $mod1->modInverse($mod2); + + $result = $part1->multiply($mod2); + $result = $result->multiply($y1); + + $temp = $part2->multiply($mod1); + $temp = $temp->multiply($y2); + + $result = $result->add($temp); + list(, $result) = $result->divide($n); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/OpenSSL.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/OpenSSL.php new file mode 100644 index 0000000..eddd25e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/OpenSSL.php @@ -0,0 +1,25 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP; + +use phpseclib3\Math\BigInteger\Engines\OpenSSL as Progenitor; + +/** + * OpenSSL Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class OpenSSL extends Progenitor +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Barrett.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Barrett.php new file mode 100644 index 0000000..8493741 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Barrett.php @@ -0,0 +1,281 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP; +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Barrett extends Base +{ + /** + * Barrett Modular Reduction + * + * See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=14 HAC 14.3.3} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=165 MPM 6.2.5} for more information. Modified slightly, + * so as not to require negative numbers (initially, this script didn't support negative numbers). + * + * Employs "folding", as described at + * {@link http://www.cosic.esat.kuleuven.be/publications/thesis-149.pdf#page=66 thesis-149.pdf#page=66}. To quote from + * it, "the idea [behind folding] is to find a value x' such that x (mod m) = x' (mod m), with x' being smaller than x." + * + * Unfortunately, the "Barrett Reduction with Folding" algorithm described in thesis-149.pdf is not, as written, all that + * usable on account of (1) its not using reasonable radix points as discussed in + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=162 MPM 6.2.2} and (2) the fact that, even with reasonable + * radix points, it only works when there are an even number of digits in the denominator. The reason for (2) is that + * (x >> 1) + (x >> 1) != x / 2 + x / 2. If x is even, they're the same, but if x is odd, they're not. See the in-line + * comments for details. + * + * @param array $n + * @param array $m + * @param class-string $class + * @return array + */ + protected static function reduce(array $n, array $m, $class) + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [] + ]; + + $m_length = count($m); + + // if (self::compareHelper($n, $static::square($m)) >= 0) { + if (count($n) >= 2 * $m_length) { + $lhs = new $class(); + $rhs = new $class(); + $lhs->value = $n; + $rhs->value = $m; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + // if (m.length >> 1) + 2 <= m.length then m is too small and n can't be reduced + if ($m_length < 5) { + return self::regularBarrett($n, $m, $class); + } + // n = 2 * m.length + + if (($key = array_search($m, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $m; + + $lhs = new $class(); + $lhs_value = &$lhs->value; + $lhs_value = self::array_repeat(0, $m_length + ($m_length >> 1)); + $lhs_value[] = 1; + $rhs = new $class(); + $rhs->value = $m; + + list($u, $m1) = $lhs->divide($rhs); + $u = $u->value; + $m1 = $m1->value; + + $cache[self::DATA][] = [ + 'u' => $u, // m.length >> 1 (technically (m.length >> 1) + 1) + 'm1' => $m1 // m.length + ]; + } else { + extract($cache[self::DATA][$key]); + } + + $cutoff = $m_length + ($m_length >> 1); + $lsd = array_slice($n, 0, $cutoff); // m.length + (m.length >> 1) + $msd = array_slice($n, $cutoff); // m.length >> 1 + + $lsd = self::trim($lsd); + $temp = $class::multiplyHelper($msd, false, $m1, false); // m.length + (m.length >> 1) + $n = $class::addHelper($lsd, false, $temp[self::VALUE], false); // m.length + (m.length >> 1) + 1 (so basically we're adding two same length numbers) + //if ($m_length & 1) { + // return self::regularBarrett($n[self::VALUE], $m, $class); + //} + + // (m.length + (m.length >> 1) + 1) - (m.length - 1) == (m.length >> 1) + 2 + $temp = array_slice($n[self::VALUE], $m_length - 1); + // if even: ((m.length >> 1) + 2) + (m.length >> 1) == m.length + 2 + // if odd: ((m.length >> 1) + 2) + (m.length >> 1) == (m.length - 1) + 2 == m.length + 1 + $temp = $class::multiplyHelper($temp, false, $u, false); + // if even: (m.length + 2) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + 1 + // if odd: (m.length + 1) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + $temp = array_slice($temp[self::VALUE], ($m_length >> 1) + 1); + // if even: (m.length - (m.length >> 1) + 1) + m.length = 2 * m.length - (m.length >> 1) + 1 + // if odd: (m.length - (m.length >> 1)) + m.length = 2 * m.length - (m.length >> 1) + $temp = $class::multiplyHelper($temp, false, $m, false); + + // at this point, if m had an odd number of digits, we'd be subtracting a 2 * m.length - (m.length >> 1) digit + // number from a m.length + (m.length >> 1) + 1 digit number. ie. there'd be an extra digit and the while loop + // following this comment would loop a lot (hence our calling _regularBarrett() in that situation). + + $result = $class::subtractHelper($n[self::VALUE], false, $temp[self::VALUE], false); + + while (self::compareHelper($result[self::VALUE], $result[self::SIGN], $m, false) >= 0) { + $result = $class::subtractHelper($result[self::VALUE], $result[self::SIGN], $m, false); + } + + return $result[self::VALUE]; + } + + /** + * (Regular) Barrett Modular Reduction + * + * For numbers with more than four digits BigInteger::_barrett() is faster. The difference between that and this + * is that this function does not fold the denominator into a smaller form. + * + * @param array $x + * @param array $n + * @param string $class + * @return array + */ + private static function regularBarrett(array $x, array $n, $class) + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [] + ]; + + $n_length = count($n); + + if (count($x) > 2 * $n_length) { + $lhs = new $class(); + $rhs = new $class(); + $lhs->value = $x; + $rhs->value = $n; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + if (($key = array_search($n, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $n; + $lhs = new $class(); + $lhs_value = &$lhs->value; + $lhs_value = self::array_repeat(0, 2 * $n_length); + $lhs_value[] = 1; + $rhs = new $class(); + $rhs->value = $n; + list($temp, ) = $lhs->divide($rhs); // m.length + $cache[self::DATA][] = $temp->value; + } + + // 2 * m.length - (m.length - 1) = m.length + 1 + $temp = array_slice($x, $n_length - 1); + // (m.length + 1) + m.length = 2 * m.length + 1 + $temp = $class::multiplyHelper($temp, false, $cache[self::DATA][$key], false); + // (2 * m.length + 1) - (m.length - 1) = m.length + 2 + $temp = array_slice($temp[self::VALUE], $n_length + 1); + + // m.length + 1 + $result = array_slice($x, 0, $n_length + 1); + // m.length + 1 + $temp = self::multiplyLower($temp, false, $n, false, $n_length + 1, $class); + // $temp == array_slice($class::regularMultiply($temp, false, $n, false)->value, 0, $n_length + 1) + + if (self::compareHelper($result, false, $temp[self::VALUE], $temp[self::SIGN]) < 0) { + $corrector_value = self::array_repeat(0, $n_length + 1); + $corrector_value[count($corrector_value)] = 1; + $result = $class::addHelper($result, false, $corrector_value, false); + $result = $result[self::VALUE]; + } + + // at this point, we're subtracting a number with m.length + 1 digits from another number with m.length + 1 digits + $result = $class::subtractHelper($result, false, $temp[self::VALUE], $temp[self::SIGN]); + while (self::compareHelper($result[self::VALUE], $result[self::SIGN], $n, false) > 0) { + $result = $class::subtractHelper($result[self::VALUE], $result[self::SIGN], $n, false); + } + + return $result[self::VALUE]; + } + + /** + * Performs long multiplication up to $stop digits + * + * If you're going to be doing array_slice($product->value, 0, $stop), some cycles can be saved. + * + * @see self::regularBarrett() + * @param array $x_value + * @param bool $x_negative + * @param array $y_value + * @param bool $y_negative + * @param int $stop + * @param string $class + * @return array + */ + private static function multiplyLower(array $x_value, $x_negative, array $y_value, $y_negative, $stop, $class) + { + $x_length = count($x_value); + $y_length = count($y_value); + + if (!$x_length || !$y_length) { // a 0 is being multiplied + return [ + self::VALUE => [], + self::SIGN => false + ]; + } + + if ($x_length < $y_length) { + $temp = $x_value; + $x_value = $y_value; + $y_value = $temp; + + $x_length = count($x_value); + $y_length = count($y_value); + } + + $product_value = self::array_repeat(0, $x_length + $y_length); + + // the following for loop could be removed if the for loop following it + // (the one with nested for loops) initially set $i to 0, but + // doing so would also make the result in one set of unnecessary adds, + // since on the outermost loops first pass, $product->value[$k] is going + // to always be 0 + + $carry = 0; + + for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0, $k = $i + $temp = $x_value[$j] * $y_value[0] + $carry; // $product_value[$k] == 0 + $carry = $class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$j] = (int) ($temp - $class::BASE_FULL * $carry); + } + + if ($j < $stop) { + $product_value[$j] = $carry; + } + + // the above for loop is what the previous comment was talking about. the + // following for loop is the "one with nested for loops" + + for ($i = 1; $i < $y_length; ++$i) { + $carry = 0; + + for ($j = 0, $k = $i; $j < $x_length && $k < $stop; ++$j, ++$k) { + $temp = $product_value[$k] + $x_value[$j] * $y_value[$i] + $carry; + $carry = $class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31); + $product_value[$k] = (int) ($temp - $class::BASE_FULL * $carry); + } + + if ($k < $stop) { + $product_value[$k] = $carry; + } + } + + return [ + self::VALUE => self::trim($product_value), + self::SIGN => $x_negative != $y_negative + ]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Classic.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Classic.php new file mode 100644 index 0000000..54f3b86 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Classic.php @@ -0,0 +1,42 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Classic Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Classic extends Base +{ + /** + * Regular Division + * + * @param array $x + * @param array $n + * @param string $class + * @return array + */ + protected static function reduce(array $x, array $n, $class) + { + $lhs = new $class(); + $lhs->value = $x; + $rhs = new $class(); + $rhs->value = $n; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php new file mode 100644 index 0000000..2cf69f2 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php @@ -0,0 +1,484 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP; +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Dynamic Barrett Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class EvalBarrett extends Base +{ + /** + * Custom Reduction Function + * + * @see self::generateCustomReduction + */ + private static $custom_reduction; + + /** + * Barrett Modular Reduction + * + * This calls a dynamically generated loop unrolled function that's specific to a given modulo. + * Array lookups are avoided as are if statements testing for how many bits the host OS supports, etc. + * + * @param array $n + * @param array $m + * @param string $class + * @return array + */ + protected static function reduce(array $n, array $m, $class) + { + $inline = self::$custom_reduction; + return $inline($n); + } + + /** + * Generate Custom Reduction + * + * @param PHP $m + * @param string $class + * @return callable + */ + protected static function generateCustomReduction(PHP $m, $class) + { + $m_length = count($m->value); + + if ($m_length < 5) { + $code = ' + $lhs = new ' . $class . '(); + $lhs->value = $x; + $rhs = new ' . $class . '(); + $rhs->value = [' . + implode(',', array_map(self::class . '::float2string', $m->value)) . ']; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + '; + eval('$func = function ($x) { ' . $code . '};'); + self::$custom_reduction = $func; + //self::$custom_reduction = \Closure::bind($func, $m, $class); + return $func; + } + + $lhs = new $class(); + $lhs_value = &$lhs->value; + + $lhs_value = self::array_repeat(0, $m_length + ($m_length >> 1)); + $lhs_value[] = 1; + $rhs = new $class(); + + list($u, $m1) = $lhs->divide($m); + + if ($class::BASE != 26) { + $u = $u->value; + } else { + $lhs_value = self::array_repeat(0, 2 * $m_length); + $lhs_value[] = 1; + $rhs = new $class(); + + list($u) = $lhs->divide($m); + $u = $u->value; + } + + $m = $m->value; + $m1 = $m1->value; + + $cutoff = count($m) + (count($m) >> 1); + + $code = ' + if (count($n) >= ' . (2 * count($m)) . ') { + $lhs = new ' . $class . '(); + $rhs = new ' . $class . '(); + $lhs->value = $n; + $rhs->value = [' . + implode(',', array_map(self::class . '::float2string', $m)) . ']; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + $lsd = array_slice($n, 0, ' . $cutoff . '); + $msd = array_slice($n, ' . $cutoff . ');'; + + $code .= self::generateInlineTrim('msd'); + $code .= self::generateInlineMultiply('msd', $m1, 'temp', $class); + $code .= self::generateInlineAdd('lsd', 'temp', 'n', $class); + + $code .= '$temp = array_slice($n, ' . (count($m) - 1) . ');'; + $code .= self::generateInlineMultiply('temp', $u, 'temp2', $class); + $code .= self::generateInlineTrim('temp2'); + + $code .= $class::BASE == 26 ? + '$temp = array_slice($temp2, ' . (count($m) + 1) . ');' : + '$temp = array_slice($temp2, ' . ((count($m) >> 1) + 1) . ');'; + $code .= self::generateInlineMultiply('temp', $m, 'temp2', $class); + $code .= self::generateInlineTrim('temp2'); + + /* + if ($class::BASE == 26) { + $code.= '$n = array_slice($n, 0, ' . (count($m) + 1) . '); + $temp2 = array_slice($temp2, 0, ' . (count($m) + 1) . ');'; + } + */ + + $code .= self::generateInlineSubtract2('n', 'temp2', 'temp', $class); + + $subcode = self::generateInlineSubtract1('temp', $m, 'temp2', $class); + $subcode .= '$temp = $temp2;'; + + $code .= self::generateInlineCompare($m, 'temp', $subcode); + + $code .= 'return $temp;'; + + eval('$func = function ($n) { ' . $code . '};'); + + self::$custom_reduction = $func; + + return $func; + + //self::$custom_reduction = \Closure::bind($func, $m, $class); + } + + /** + * Inline Trim + * + * Removes leading zeros + * + * @param string $name + * @return string + */ + private static function generateInlineTrim($name) + { + return ' + for ($i = count($' . $name . ') - 1; $i >= 0; --$i) { + if ($' . $name . '[$i]) { + break; + } + unset($' . $name . '[$i]); + }'; + } + + /** + * Inline Multiply (unknown, known) + * + * @param string $input + * @param array $arr + * @param string $output + * @param string $class + * @return string + */ + private static function generateInlineMultiply($input, array $arr, $output, $class) + { + if (!count($arr)) { + return 'return [];'; + } + + $regular = ' + $length = count($' . $input . '); + if (!$length) { + $' . $output . ' = []; + }else{ + $' . $output . ' = array_fill(0, $length + ' . count($arr) . ', 0); + $carry = 0;'; + + for ($i = 0; $i < count($arr); $i++) { + $regular .= ' + $subtemp = $' . $input . '[0] * ' . $arr[$i]; + $regular .= $i ? ' + $carry;' : ';'; + + $regular .= '$carry = '; + $regular .= $class::BASE === 26 ? + 'intval($subtemp / 0x4000000);' : + '$subtemp >> 31;'; + $regular .= + '$' . $output . '[' . $i . '] = '; + if ($class::BASE === 26) { + $regular .= '(int) ('; + } + $regular .= '$subtemp - ' . $class::BASE_FULL . ' * $carry'; + $regular .= $class::BASE === 26 ? ');' : ';'; + } + + $regular .= '$' . $output . '[' . count($arr) . '] = $carry;'; + + $regular .= ' + for ($i = 1; $i < $length; ++$i) {'; + + for ($j = 0; $j < count($arr); $j++) { + $regular .= $j ? '$k++;' : '$k = $i;'; + $regular .= ' + $subtemp = $' . $output . '[$k] + $' . $input . '[$i] * ' . $arr[$j]; + $regular .= $j ? ' + $carry;' : ';'; + + $regular .= '$carry = '; + $regular .= $class::BASE === 26 ? + 'intval($subtemp / 0x4000000);' : + '$subtemp >> 31;'; + $regular .= + '$' . $output . '[$k] = '; + if ($class::BASE === 26) { + $regular .= '(int) ('; + } + $regular .= '$subtemp - ' . $class::BASE_FULL . ' * $carry'; + $regular .= $class::BASE === 26 ? ');' : ';'; + } + + $regular .= '$' . $output . '[++$k] = $carry; $carry = 0;'; + + $regular .= '}}'; + + //if (count($arr) < 2 * self::KARATSUBA_CUTOFF) { + //} + + return $regular; + } + + /** + * Inline Addition + * + * @param string $x + * @param string $y + * @param string $result + * @param string $class + * @return string + */ + private static function generateInlineAdd($x, $y, $result, $class) + { + $code = ' + $length = max(count($' . $x . '), count($' . $y . ')); + $' . $result . ' = array_pad($' . $x . ', $length + 1, 0); + $_' . $y . ' = array_pad($' . $y . ', $length, 0); + $carry = 0; + for ($i = 0, $j = 1; $j < $length; $i+=2, $j+=2) { + $sum = ($' . $result . '[$j] + $_' . $y . '[$j]) * ' . $class::BASE_FULL . ' + + $' . $result . '[$i] + $_' . $y . '[$i] + + $carry; + $carry = $sum >= ' . self::float2string($class::MAX_DIGIT2) . '; + $sum = $carry ? $sum - ' . self::float2string($class::MAX_DIGIT2) . ' : $sum;'; + + $code .= $class::BASE === 26 ? + '$upper = intval($sum / 0x4000000); $' . $result . '[$i] = (int) ($sum - ' . $class::BASE_FULL . ' * $upper);' : + '$upper = $sum >> 31; $' . $result . '[$i] = $sum - ' . $class::BASE_FULL . ' * $upper;'; + $code .= ' + $' . $result . '[$j] = $upper; + } + if ($j == $length) { + $sum = $' . $result . '[$i] + $_' . $y . '[$i] + $carry; + $carry = $sum >= ' . self::float2string($class::BASE_FULL) . '; + $' . $result . '[$i] = $carry ? $sum - ' . self::float2string($class::BASE_FULL) . ' : $sum; + ++$i; + } + if ($carry) { + for (; $' . $result . '[$i] == ' . $class::MAX_DIGIT . '; ++$i) { + $' . $result . '[$i] = 0; + } + ++$' . $result . '[$i]; + }'; + $code .= self::generateInlineTrim($result); + + return $code; + } + + /** + * Inline Subtraction 2 + * + * For when $known is more digits than $unknown. This is the harder use case to optimize for. + * + * @param string $known + * @param string $unknown + * @param string $result + * @param string $class + * @return string + */ + private static function generateInlineSubtract2($known, $unknown, $result, $class) + { + $code = ' + $' . $result . ' = $' . $known . '; + $carry = 0; + $size = count($' . $unknown . '); + for ($i = 0, $j = 1; $j < $size; $i+= 2, $j+= 2) { + $sum = ($' . $known . '[$j] - $' . $unknown . '[$j]) * ' . $class::BASE_FULL . ' + $' . $known . '[$i] + - $' . $unknown . '[$i] + - $carry; + $carry = $sum < 0; + if ($carry) { + $sum+= ' . self::float2string($class::MAX_DIGIT2) . '; + } + $subtemp = '; + $code .= $class::BASE === 26 ? + 'intval($sum / 0x4000000);' : + '$sum >> 31;'; + $code .= '$' . $result . '[$i] = '; + if ($class::BASE === 26) { + $code .= '(int) ('; + } + $code .= '$sum - ' . $class::BASE_FULL . ' * $subtemp'; + if ($class::BASE === 26) { + $code .= ')'; + } + $code .= '; + $' . $result . '[$j] = $subtemp; + } + if ($j == $size) { + $sum = $' . $known . '[$i] - $' . $unknown . '[$i] - $carry; + $carry = $sum < 0; + $' . $result . '[$i] = $carry ? $sum + ' . $class::BASE_FULL . ' : $sum; + ++$i; + } + + if ($carry) { + for (; !$' . $result . '[$i]; ++$i) { + $' . $result . '[$i] = ' . $class::MAX_DIGIT . '; + } + --$' . $result . '[$i]; + }'; + + $code .= self::generateInlineTrim($result); + + return $code; + } + + /** + * Inline Subtraction 1 + * + * For when $unknown is more digits than $known. This is the easier use case to optimize for. + * + * @param string $unknown + * @param array $known + * @param string $result + * @param string $class + * @return string + */ + private static function generateInlineSubtract1($unknown, array $known, $result, $class) + { + $code = '$' . $result . ' = $' . $unknown . ';'; + for ($i = 0, $j = 1; $j < count($known); $i += 2, $j += 2) { + $code .= '$sum = $' . $unknown . '[' . $j . '] * ' . $class::BASE_FULL . ' + $' . $unknown . '[' . $i . '] - '; + $code .= self::float2string($known[$j] * $class::BASE_FULL + $known[$i]); + if ($i != 0) { + $code .= ' - $carry'; + } + + $code .= '; + if ($carry = $sum < 0) { + $sum+= ' . self::float2string($class::MAX_DIGIT2) . '; + } + $subtemp = '; + $code .= $class::BASE === 26 ? + 'intval($sum / 0x4000000);' : + '$sum >> 31;'; + $code .= ' + $' . $result . '[' . $i . '] = '; + if ($class::BASE === 26) { + $code .= ' (int) ('; + } + $code .= '$sum - ' . $class::BASE_FULL . ' * $subtemp'; + if ($class::BASE === 26) { + $code .= ')'; + } + $code .= '; + $' . $result . '[' . $j . '] = $subtemp;'; + } + + $code .= '$i = ' . $i . ';'; + + if ($j == count($known)) { + $code .= ' + $sum = $' . $unknown . '[' . $i . '] - ' . $known[$i] . ' - $carry; + $carry = $sum < 0; + $' . $result . '[' . $i . '] = $carry ? $sum + ' . $class::BASE_FULL . ' : $sum; + ++$i;'; + } + + $code .= ' + if ($carry) { + for (; !$' . $result . '[$i]; ++$i) { + $' . $result . '[$i] = ' . $class::MAX_DIGIT . '; + } + --$' . $result . '[$i]; + }'; + $code .= self::generateInlineTrim($result); + + return $code; + } + + /** + * Inline Comparison + * + * If $unknown >= $known then loop + * + * @param array $known + * @param string $unknown + * @param string $subcode + * @return string + */ + private static function generateInlineCompare(array $known, $unknown, $subcode) + { + $uniqid = uniqid(); + $code = 'loop_' . $uniqid . ': + $clength = count($' . $unknown . '); + switch (true) { + case $clength < ' . count($known) . ': + goto end_' . $uniqid . '; + case $clength > ' . count($known) . ':'; + for ($i = count($known) - 1; $i >= 0; $i--) { + $code .= ' + case $' . $unknown . '[' . $i . '] > ' . $known[$i] . ': + goto subcode_' . $uniqid . '; + case $' . $unknown . '[' . $i . '] < ' . $known[$i] . ': + goto end_' . $uniqid . ';'; + } + $code .= ' + default: + // do subcode + } + + subcode_' . $uniqid . ':' . $subcode . ' + goto loop_' . $uniqid . '; + + end_' . $uniqid . ':'; + + return $code; + } + + /** + * Convert a float to a string + * + * If you do echo floatval(pow(2, 52)) you'll get 4.6116860184274E+18. It /can/ be displayed without a loss of + * precision but displayed in this way there will be precision loss, hence the need for this method. + * + * @param int|float $num + * @return string + */ + private static function float2string($num) + { + if (!is_float($num)) { + return (string) $num; + } + + if ($num < 0) { + return '-' . self::float2string(abs($num)); + } + + $temp = ''; + while ($num) { + $temp = fmod($num, 10) . $temp; + $num = floor($num / 10); + } + + return $temp; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Montgomery.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Montgomery.php new file mode 100644 index 0000000..a34035e --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Montgomery.php @@ -0,0 +1,126 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP\Montgomery as Progenitor; + +/** + * PHP Montgomery Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class Montgomery extends Progenitor +{ + /** + * Prepare a number for use in Montgomery Modular Reductions + * + * @param array $x + * @param array $n + * @param string $class + * @return array + */ + protected static function prepareReduce(array $x, array $n, $class) + { + $lhs = new $class(); + $lhs->value = array_merge(self::array_repeat(0, count($n)), $x); + $rhs = new $class(); + $rhs->value = $n; + + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + /** + * Montgomery Multiply + * + * Interleaves the montgomery reduction and long multiplication algorithms together as described in + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36} + * + * @param array $x + * @param array $n + * @param string $class + * @return array + */ + protected static function reduce(array $x, array $n, $class) + { + static $cache = [ + self::VARIABLE => [], + self::DATA => [] + ]; + + if (($key = array_search($n, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $x; + $cache[self::DATA][] = self::modInverse67108864($n, $class); + } + + $k = count($n); + + $result = [self::VALUE => $x]; + + for ($i = 0; $i < $k; ++$i) { + $temp = $result[self::VALUE][$i] * $cache[self::DATA][$key]; + $temp = $temp - $class::BASE_FULL * ($class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31)); + $temp = $class::regularMultiply([$temp], $n); + $temp = array_merge(self::array_repeat(0, $i), $temp); + $result = $class::addHelper($result[self::VALUE], false, $temp, false); + } + + $result[self::VALUE] = array_slice($result[self::VALUE], $k); + + if (self::compareHelper($result, false, $n, false) >= 0) { + $result = $class::subtractHelper($result[self::VALUE], false, $n, false); + } + + return $result[self::VALUE]; + } + + /** + * Modular Inverse of a number mod 2**26 (eg. 67108864) + * + * Based off of the bnpInvDigit function implemented and justified in the following URL: + * + * {@link http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js} + * + * The following URL provides more info: + * + * {@link http://groups.google.com/group/sci.crypt/msg/7a137205c1be7d85} + * + * As for why we do all the bitmasking... strange things can happen when converting from floats to ints. For + * instance, on some computers, var_dump((int) -4294967297) yields int(-1) and on others, it yields + * int(-2147483648). To avoid problems stemming from this, we use bitmasks to guarantee that ints aren't + * auto-converted to floats. The outermost bitmask is present because without it, there's no guarantee that + * the "residue" returned would be the so-called "common residue". We use fmod, in the last step, because the + * maximum possible $x is 26 bits and the maximum $result is 16 bits. Thus, we have to be able to handle up to + * 40 bits, which only 64-bit floating points will support. + * + * Thanks to Pedro Gimeno Fortea for input! + * + * @param array $x + * @param string $class + * @return int + */ + protected static function modInverse67108864(array $x, $class) // 2**26 == 67,108,864 + { + $x = -$x[0]; + $result = $x & 0x3; // x**-1 mod 2**2 + $result = ($result * (2 - $x * $result)) & 0xF; // x**-1 mod 2**4 + $result = ($result * (2 - ($x & 0xFF) * $result)) & 0xFF; // x**-1 mod 2**8 + $result = ($result * ((2 - ($x & 0xFFFF) * $result) & 0xFFFF)) & 0xFFFF; // x**-1 mod 2**16 + $result = $class::BASE == 26 ? + fmod($result * (2 - fmod($x * $result, $class::BASE_FULL)), $class::BASE_FULL) : // x**-1 mod 2**26 + ($result * (2 - ($x * $result) % $class::BASE_FULL)) % $class::BASE_FULL; + return $result & $class::MAX_DIGIT; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/MontgomeryMult.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/MontgomeryMult.php new file mode 100644 index 0000000..4fed3c3 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/MontgomeryMult.php @@ -0,0 +1,76 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP; + +/** + * PHP Montgomery Modular Exponentiation Engine with interleaved multiplication + * + * @author Jim Wigginton + */ +abstract class MontgomeryMult extends Montgomery +{ + /** + * Montgomery Multiply + * + * Interleaves the montgomery reduction and long multiplication algorithms together as described in + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36} + * + * @see self::_prepMontgomery() + * @see self::_montgomery() + * @param array $x + * @param array $y + * @param array $m + * @param class-string $class + * @return array + */ + public static function multiplyReduce(array $x, array $y, array $m, $class) + { + // the following code, although not callable, can be run independently of the above code + // although the above code performed better in my benchmarks the following could might + // perform better under different circumstances. in lieu of deleting it it's just been + // made uncallable + + static $cache = [ + self::VARIABLE => [], + self::DATA => [] + ]; + + if (($key = array_search($m, $cache[self::VARIABLE])) === false) { + $key = count($cache[self::VARIABLE]); + $cache[self::VARIABLE][] = $m; + $cache[self::DATA][] = self::modInverse67108864($m, $class); + } + + $n = max(count($x), count($y), count($m)); + $x = array_pad($x, $n, 0); + $y = array_pad($y, $n, 0); + $m = array_pad($m, $n, 0); + $a = [self::VALUE => self::array_repeat(0, $n + 1)]; + for ($i = 0; $i < $n; ++$i) { + $temp = $a[self::VALUE][0] + $x[$i] * $y[0]; + $temp = $temp - $class::BASE_FULL * ($class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31)); + $temp = $temp * $cache[self::DATA][$key]; + $temp = $temp - $class::BASE_FULL * ($class::BASE === 26 ? intval($temp / 0x4000000) : ($temp >> 31)); + $temp = $class::addHelper($class::regularMultiply([$x[$i]], $y), false, $class::regularMultiply([$temp], $m), false); + $a = $class::addHelper($a[self::VALUE], false, $temp[self::VALUE], false); + $a[self::VALUE] = array_slice($a[self::VALUE], 1); + } + if (self::compareHelper($a[self::VALUE], false, $m, false) >= 0) { + $a = $class::subtractHelper($a[self::VALUE], false, $m, false); + } + return $a[self::VALUE]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/PowerOfTwo.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/PowerOfTwo.php new file mode 100644 index 0000000..9da133a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/PowerOfTwo.php @@ -0,0 +1,59 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines\PHP\Reductions; + +use phpseclib3\Math\BigInteger\Engines\PHP\Base; + +/** + * PHP Power Of Two Modular Exponentiation Engine + * + * @author Jim Wigginton + */ +abstract class PowerOfTwo extends Base +{ + /** + * Prepare a number for use in Montgomery Modular Reductions + * + * @param array $x + * @param array $n + * @param string $class + * @return array + */ + protected static function prepareReduce(array $x, array $n, $class) + { + return self::reduce($x, $n, $class); + } + + /** + * Power Of Two Reduction + * + * @param array $x + * @param array $n + * @param string $class + * @return array + */ + protected static function reduce(array $x, array $n, $class) + { + $lhs = new $class(); + $lhs->value = $x; + $rhs = new $class(); + $rhs->value = $n; + + $temp = new $class(); + $temp->value = [1]; + + $result = $lhs->bitwise_and($rhs->subtract($temp)); + return $result->value; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP32.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP32.php new file mode 100644 index 0000000..3a775e7 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP32.php @@ -0,0 +1,371 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines; + +/** + * Pure-PHP 32-bit Engine. + * + * Uses 64-bit floats if int size is 4 bits + * + * @author Jim Wigginton + */ +class PHP32 extends PHP +{ + // Constants used by PHP.php + const BASE = 26; + const BASE_FULL = 0x4000000; + const MAX_DIGIT = 0x3FFFFFF; + const MSB = 0x2000000; + + /** + * MAX10 in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + const MAX10 = 10000000; + + /** + * MAX10LEN in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + const MAX10LEN = 7; + const MAX_DIGIT2 = 4503599627370496; + + /** + * Initialize a PHP32 BigInteger Engine instance + * + * @param int $base + * @see parent::initialize() + */ + protected function initialize($base) + { + if ($base != 256 && $base != -256) { + return parent::initialize($base); + } + + $val = $this->value; + $this->value = []; + $vals = &$this->value; + $i = strlen($val); + if (!$i) { + return; + } + + while (true) { + $i -= 4; + if ($i < 0) { + if ($i == -4) { + break; + } + $val = substr($val, 0, 4 + $i); + $val = str_pad($val, 4, "\0", STR_PAD_LEFT); + if ($val == "\0\0\0\0") { + break; + } + $i = 0; + } + list(, $digit) = unpack('N', substr($val, $i, 4)); + if ($digit < 0) { + $digit += 0xFFFFFFFF + 1; + } + $step = count($vals) & 3; + if ($step) { + $digit = (int) floor($digit / pow(2, 2 * $step)); + } + if ($step != 3) { + $digit = (int) fmod($digit, static::BASE_FULL); + $i++; + } + $vals[] = $digit; + } + while (end($vals) === 0) { + array_pop($vals); + } + reset($vals); + } + + /** + * Test for engine validity + * + * @see parent::__construct() + * @return bool + */ + public static function isValidEngine() + { + return PHP_INT_SIZE >= 4 && !self::testJITOnWindows(); + } + + /** + * Adds two BigIntegers. + * + * @param PHP32 $y + * @return PHP32 + */ + public function add(PHP32 $y) + { + $temp = self::addHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Subtracts two BigIntegers. + * + * @param PHP32 $y + * @return PHP32 + */ + public function subtract(PHP32 $y) + { + $temp = self::subtractHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Multiplies two BigIntegers. + * + * @param PHP32 $y + * @return PHP32 + */ + public function multiply(PHP32 $y) + { + $temp = self::multiplyHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @param PHP32 $y + * @return array{PHP32, PHP32} + */ + public function divide(PHP32 $y) + { + return $this->divideHelper($y); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @param PHP32 $n + * @return false|PHP32 + */ + public function modInverse(PHP32 $n) + { + return $this->modInverseHelper($n); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @param PHP32 $n + * @return PHP32[] + */ + public function extendedGCD(PHP32 $n) + { + return $this->extendedGCDHelper($n); + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + * + * @param PHP32 $n + * @return PHP32 + */ + public function gcd(PHP32 $n) + { + return $this->extendedGCD($n)['gcd']; + } + + /** + * Logical And + * + * @param PHP32 $x + * @return PHP32 + */ + public function bitwise_and(PHP32 $x) + { + return $this->bitwiseAndHelper($x); + } + + /** + * Logical Or + * + * @param PHP32 $x + * @return PHP32 + */ + public function bitwise_or(PHP32 $x) + { + return $this->bitwiseOrHelper($x); + } + + /** + * Logical Exclusive Or + * + * @param PHP32 $x + * @return PHP32 + */ + public function bitwise_xor(PHP32 $x) + { + return $this->bitwiseXorHelper($x); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this is + * demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @param PHP32 $y + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(PHP32 $y) + { + return $this->compareHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + * + * @param PHP32 $x + * @return bool + */ + public function equals(PHP32 $x) + { + return $this->value === $x->value && $this->is_negative == $x->is_negative; + } + + /** + * Performs modular exponentiation. + * + * @param PHP32 $e + * @param PHP32 $n + * @return PHP32 + */ + public function modPow(PHP32 $e, PHP32 $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + * + * @param PHP32 $e + * @param PHP32 $n + * @return PHP32 + */ + public function powMod(PHP32 $e, PHP32 $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @param PHP32 $min + * @param PHP32 $max + * @return false|PHP32 + */ + public static function randomRangePrime(PHP32 $min, PHP32 $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + * + * @param PHP32 $min + * @param PHP32 $max + * @return PHP32 + */ + public static function randomRange(PHP32 $min, PHP32 $max) + { + return self::randomRangeHelper($min, $max); + } + + /** + * Performs exponentiation. + * + * @param PHP32 $n + * @return PHP32 + */ + public function pow(PHP32 $n) + { + return $this->powHelper($n); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + * + * @param PHP32 ...$nums + * @return PHP32 + */ + public static function min(PHP32 ...$nums) + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + * + * @param PHP32 ...$nums + * @return PHP32 + */ + public static function max(PHP32 ...$nums) + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + * + * @param PHP32 $min + * @param PHP32 $max + * @return bool + */ + public function between(PHP32 $min, PHP32 $max) + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP64.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP64.php new file mode 100644 index 0000000..70a2e17 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP64.php @@ -0,0 +1,372 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math\BigInteger\Engines; + +/** + * Pure-PHP 64-bit Engine. + * + * Uses 64-bit integers if int size is 8 bits + * + * @author Jim Wigginton + */ +class PHP64 extends PHP +{ + // Constants used by PHP.php + const BASE = 31; + const BASE_FULL = 0x80000000; + const MAX_DIGIT = 0x7FFFFFFF; + const MSB = 0x40000000; + + /** + * MAX10 in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + const MAX10 = 1000000000; + + /** + * MAX10LEN in greatest MAX10LEN satisfying + * MAX10 = 10**MAX10LEN <= 2**BASE. + */ + const MAX10LEN = 9; + const MAX_DIGIT2 = 4611686018427387904; + + /** + * Initialize a PHP64 BigInteger Engine instance + * + * @param int $base + * @see parent::initialize() + */ + protected function initialize($base) + { + if ($base != 256 && $base != -256) { + return parent::initialize($base); + } + + $val = $this->value; + $this->value = []; + $vals = &$this->value; + $i = strlen($val); + if (!$i) { + return; + } + + while (true) { + $i -= 4; + if ($i < 0) { + if ($i == -4) { + break; + } + $val = substr($val, 0, 4 + $i); + $val = str_pad($val, 4, "\0", STR_PAD_LEFT); + if ($val == "\0\0\0\0") { + break; + } + $i = 0; + } + list(, $digit) = unpack('N', substr($val, $i, 4)); + $step = count($vals) & 7; + if (!$step) { + $digit &= static::MAX_DIGIT; + $i++; + } else { + $shift = 8 - $step; + $digit >>= $shift; + $shift = 32 - $shift; + $digit &= (1 << $shift) - 1; + $temp = $i > 0 ? ord($val[$i - 1]) : 0; + $digit |= ($temp << $shift) & 0x7F000000; + } + $vals[] = $digit; + } + while (end($vals) === 0) { + array_pop($vals); + } + reset($vals); + } + + /** + * Test for engine validity + * + * @see parent::__construct() + * @return bool + */ + public static function isValidEngine() + { + return PHP_INT_SIZE >= 8 && !self::testJITOnWindows(); + } + + /** + * Adds two BigIntegers. + * + * @param PHP64 $y + * @return PHP64 + */ + public function add(PHP64 $y) + { + $temp = self::addHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Subtracts two BigIntegers. + * + * @param PHP64 $y + * @return PHP64 + */ + public function subtract(PHP64 $y) + { + $temp = self::subtractHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Multiplies two BigIntegers. + * + * @param PHP64 $y + * @return PHP64 + */ + public function multiply(PHP64 $y) + { + $temp = self::multiplyHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + + return $this->convertToObj($temp); + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * @param PHP64 $y + * @return array{PHP64, PHP64} + */ + public function divide(PHP64 $y) + { + return $this->divideHelper($y); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @param PHP64 $n + * @return false|PHP64 + */ + public function modInverse(PHP64 $n) + { + return $this->modInverseHelper($n); + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * @param PHP64 $n + * @return PHP64[] + */ + public function extendedGCD(PHP64 $n) + { + return $this->extendedGCDHelper($n); + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + * + * @param PHP64 $n + * @return PHP64 + */ + public function gcd(PHP64 $n) + { + return $this->extendedGCD($n)['gcd']; + } + + /** + * Logical And + * + * @param PHP64 $x + * @return PHP64 + */ + public function bitwise_and(PHP64 $x) + { + return $this->bitwiseAndHelper($x); + } + + /** + * Logical Or + * + * @param PHP64 $x + * @return PHP64 + */ + public function bitwise_or(PHP64 $x) + { + return $this->bitwiseOrHelper($x); + } + + /** + * Logical Exclusive Or + * + * @param PHP64 $x + * @return PHP64 + */ + public function bitwise_xor(PHP64 $x) + { + return $this->bitwiseXorHelper($x); + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this is + * demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * {@internal Could return $this->subtract($x), but that's not as fast as what we do do.} + * + * @param PHP64 $y + * @return int in case < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal. + * @see self::equals() + */ + public function compare(PHP64 $y) + { + return parent::compareHelper($this->value, $this->is_negative, $y->value, $y->is_negative); + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use BigInteger::compare() + * + * @param PHP64 $x + * @return bool + */ + public function equals(PHP64 $x) + { + return $this->value === $x->value && $this->is_negative == $x->is_negative; + } + + /** + * Performs modular exponentiation. + * + * @param PHP64 $e + * @param PHP64 $n + * @return PHP64 + */ + public function modPow(PHP64 $e, PHP64 $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Performs modular exponentiation. + * + * Alias for modPow(). + * + * @param PHP64 $e + * @param PHP64 $n + * @return PHP64|false + */ + public function powMod(PHP64 $e, PHP64 $n) + { + return $this->powModOuter($e, $n); + } + + /** + * Generate a random prime number between a range + * + * If there's not a prime within the given range, false will be returned. + * + * @param PHP64 $min + * @param PHP64 $max + * @return false|PHP64 + */ + public static function randomRangePrime(PHP64 $min, PHP64 $max) + { + return self::randomRangePrimeOuter($min, $max); + } + + /** + * Generate a random number between a range + * + * Returns a random number between $min and $max where $min and $max + * can be defined using one of the two methods: + * + * BigInteger::randomRange($min, $max) + * BigInteger::randomRange($max, $min) + * + * @param PHP64 $min + * @param PHP64 $max + * @return PHP64 + */ + public static function randomRange(PHP64 $min, PHP64 $max) + { + return self::randomRangeHelper($min, $max); + } + + /** + * Performs exponentiation. + * + * @param PHP64 $n + * @return PHP64 + */ + public function pow(PHP64 $n) + { + return $this->powHelper($n); + } + + /** + * Return the minimum BigInteger between an arbitrary number of BigIntegers. + * + * @param PHP64 ...$nums + * @return PHP64 + */ + public static function min(PHP64 ...$nums) + { + return self::minHelper($nums); + } + + /** + * Return the maximum BigInteger between an arbitrary number of BigIntegers. + * + * @param PHP64 ...$nums + * @return PHP64 + */ + public static function max(PHP64 ...$nums) + { + return self::maxHelper($nums); + } + + /** + * Tests BigInteger to see if it is between two integers, inclusive + * + * @param PHP64 $min + * @param PHP64 $max + * @return bool + */ + public function between(PHP64 $min, PHP64 $max) + { + return $this->compare($min) >= 0 && $this->compare($max) <= 0; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BinaryField.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BinaryField.php new file mode 100644 index 0000000..5da8c93 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BinaryField.php @@ -0,0 +1,203 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BinaryField\Integer; +use phpseclib3\Math\Common\FiniteField; + +/** + * Binary Finite Fields + * + * @author Jim Wigginton + */ +class BinaryField extends FiniteField +{ + /** + * Instance Counter + * + * @var int + */ + private static $instanceCounter = 0; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** @var BigInteger */ + private $randomMax; + + /** + * Default constructor + */ + public function __construct(...$indices) + { + $m = array_shift($indices); + if ($m > 571) { + /* sect571r1 and sect571k1 are the largest binary curves that https://www.secg.org/sec2-v2.pdf defines + altho theoretically there may be legit reasons to use binary finite fields with larger degrees + imposing a limit on the maximum size is both reasonable and precedented. in particular, + http://tools.ietf.org/html/rfc4253#section-6.1 (The Secure Shell (SSH) Transport Layer Protocol) says + "implementations SHOULD check that the packet length is reasonable in order for the implementation to + avoid denial of service and/or buffer overflow attacks" */ + throw new \OutOfBoundsException('Degrees larger than 571 are not supported'); + } + $val = str_repeat('0', $m) . '1'; + foreach ($indices as $index) { + $val[$index] = '1'; + } + $modulo = static::base2ToBase256(strrev($val)); + + $mStart = 2 * $m - 2; + $t = ceil($m / 8); + $finalMask = chr((1 << ($m % 8)) - 1); + if ($finalMask == "\0") { + $finalMask = "\xFF"; + } + $bitLen = $mStart + 1; + $pad = ceil($bitLen / 8); + $h = $bitLen & 7; + $h = $h ? 8 - $h : 0; + + $r = rtrim(substr($val, 0, -1), '0'); + $u = [static::base2ToBase256(strrev($r))]; + for ($i = 1; $i < 8; $i++) { + $u[] = static::base2ToBase256(strrev(str_repeat('0', $i) . $r)); + } + + // implements algorithm 2.40 (in section 2.3.5) in "Guide to Elliptic Curve Cryptography" + // with W = 8 + $reduce = function ($c) use ($u, $mStart, $m, $t, $finalMask, $pad, $h) { + $c = str_pad($c, $pad, "\0", STR_PAD_LEFT); + for ($i = $mStart; $i >= $m;) { + $g = $h >> 3; + $mask = $h & 7; + $mask = $mask ? 1 << (7 - $mask) : 0x80; + for (; $mask > 0; $mask >>= 1, $i--, $h++) { + if (ord($c[$g]) & $mask) { + $temp = $i - $m; + $j = $temp >> 3; + $k = $temp & 7; + $t1 = $j ? substr($c, 0, -$j) : $c; + $length = strlen($t1); + if ($length) { + $t2 = str_pad($u[$k], $length, "\0", STR_PAD_LEFT); + $temp = $t1 ^ $t2; + $c = $j ? substr_replace($c, $temp, 0, $length) : $temp; + } + } + } + } + $c = substr($c, -$t); + if (strlen($c) == $t) { + $c[0] = $c[0] & $finalMask; + } + return ltrim($c, "\0"); + }; + + $this->instanceID = self::$instanceCounter++; + Integer::setModulo($this->instanceID, $modulo); + Integer::setRecurringModuloFunction($this->instanceID, $reduce); + + $this->randomMax = new BigInteger($modulo, 2); + } + + /** + * Returns an instance of a dynamically generated PrimeFieldInteger class + * + * @param string $num + * @return Integer + */ + public function newInteger($num) + { + return new Integer($this->instanceID, $num instanceof BigInteger ? $num->toBytes() : $num); + } + + /** + * Returns an integer on the finite field between one and the prime modulo + * + * @return Integer + */ + public function randomInteger() + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + return new Integer($this->instanceID, BigInteger::randomRange($one, $this->randomMax)->toBytes()); + } + + /** + * Returns the length of the modulo in bytes + * + * @return int + */ + public function getLengthInBytes() + { + return strlen(Integer::getModulo($this->instanceID)); + } + + /** + * Returns the length of the modulo in bits + * + * @return int + */ + public function getLength() + { + return strlen(Integer::getModulo($this->instanceID)) << 3; + } + + /** + * Converts a base-2 string to a base-256 string + * + * @param string $x + * @param int|null $size + * @return string + */ + public static function base2ToBase256($x, $size = null) + { + $str = Strings::bits2bin($x); + + $pad = strlen($x) >> 3; + if (strlen($x) & 3) { + $pad++; + } + $str = str_pad($str, $pad, "\0", STR_PAD_LEFT); + if (isset($size)) { + $str = str_pad($str, $size, "\0", STR_PAD_LEFT); + } + + return $str; + } + + /** + * Converts a base-256 string to a base-2 string + * + * @param string $x + * @return string + */ + public static function base256ToBase2($x) + { + if (function_exists('gmp_import')) { + return gmp_strval(gmp_import($x), 2); + } + + return Strings::bin2bits($x); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BinaryField/Integer.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BinaryField/Integer.php new file mode 100644 index 0000000..8e88058 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/BinaryField/Integer.php @@ -0,0 +1,516 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math\BinaryField; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\BinaryField; +use phpseclib3\Math\Common\FiniteField\Integer as Base; + +/** + * Binary Finite Fields + * + * @author Jim Wigginton + */ +class Integer extends Base +{ + /** + * Holds the BinaryField's value + * + * @var string + */ + protected $value; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** + * Holds the PrimeField's modulo + * + * @var array + */ + protected static $modulo; + + /** + * Holds a pre-generated function to perform modulo reductions + * + * @var callable[] + */ + protected static $reduce; + + /** + * Default constructor + */ + public function __construct($instanceID, $num = '') + { + $this->instanceID = $instanceID; + if (!strlen($num)) { + $this->value = ''; + } else { + $reduce = static::$reduce[$instanceID]; + $this->value = $reduce($num); + } + } + + /** + * Set the modulo for a given instance + * @param int $instanceID + * @param string $modulo + */ + public static function setModulo($instanceID, $modulo) + { + static::$modulo[$instanceID] = $modulo; + } + + /** + * Set the modulo for a given instance + */ + public static function setRecurringModuloFunction($instanceID, callable $function) + { + static::$reduce[$instanceID] = $function; + } + + /** + * Tests a parameter to see if it's of the right instance + * + * Throws an exception if the incorrect class is being utilized + */ + private static function checkInstance(self $x, self $y) + { + if ($x->instanceID != $y->instanceID) { + throw new \UnexpectedValueException('The instances of the two BinaryField\Integer objects do not match'); + } + } + + /** + * Tests the equality of two numbers. + * + * @return bool + */ + public function equals(self $x) + { + static::checkInstance($this, $x); + + return $this->value == $x->value; + } + + /** + * Compares two numbers. + * + * @return int + */ + public function compare(self $x) + { + static::checkInstance($this, $x); + + $a = $this->value; + $b = $x->value; + + $length = max(strlen($a), strlen($b)); + + $a = str_pad($a, $length, "\0", STR_PAD_LEFT); + $b = str_pad($b, $length, "\0", STR_PAD_LEFT); + + return strcmp($a, $b); + } + + /** + * Returns the degree of the polynomial + * + * @param string $x + * @return int + */ + private static function deg($x) + { + $x = ltrim($x, "\0"); + $xbit = decbin(ord($x[0])); + $xlen = $xbit == '0' ? 0 : strlen($xbit); + $len = strlen($x); + if (!$len) { + return -1; + } + return 8 * strlen($x) - 9 + $xlen; + } + + /** + * Perform polynomial division + * + * @return string[] + * @link https://en.wikipedia.org/wiki/Polynomial_greatest_common_divisor#Euclidean_division + */ + private static function polynomialDivide($x, $y) + { + // in wikipedia's description of the algorithm, lc() is the leading coefficient. over a binary field that's + // always going to be 1. + + $q = chr(0); + $d = static::deg($y); + $r = $x; + while (($degr = static::deg($r)) >= $d) { + $s = '1' . str_repeat('0', $degr - $d); + $s = BinaryField::base2ToBase256($s); + $length = max(strlen($s), strlen($q)); + $q = !isset($q) ? $s : + str_pad($q, $length, "\0", STR_PAD_LEFT) ^ + str_pad($s, $length, "\0", STR_PAD_LEFT); + $s = static::polynomialMultiply($s, $y); + $length = max(strlen($r), strlen($s)); + $r = str_pad($r, $length, "\0", STR_PAD_LEFT) ^ + str_pad($s, $length, "\0", STR_PAD_LEFT); + } + + return [ltrim($q, "\0"), ltrim($r, "\0")]; + } + + /** + * Perform polynomial multiplation in the traditional way + * + * @return string + * @link https://en.wikipedia.org/wiki/Finite_field_arithmetic#Multiplication + */ + private static function regularPolynomialMultiply($x, $y) + { + $precomputed = [ltrim($x, "\0")]; + $x = strrev(BinaryField::base256ToBase2($x)); + $y = strrev(BinaryField::base256ToBase2($y)); + if (strlen($x) == strlen($y)) { + $length = strlen($x); + } else { + $length = max(strlen($x), strlen($y)); + $x = str_pad($x, $length, '0'); + $y = str_pad($y, $length, '0'); + } + $result = str_repeat('0', 2 * $length - 1); + $result = BinaryField::base2ToBase256($result); + $size = strlen($result); + $x = strrev($x); + + // precompute left shift 1 through 7 + for ($i = 1; $i < 8; $i++) { + $precomputed[$i] = BinaryField::base2ToBase256($x . str_repeat('0', $i)); + } + for ($i = 0; $i < strlen($y); $i++) { + if ($y[$i] == '1') { + $temp = $precomputed[$i & 7] . str_repeat("\0", $i >> 3); + $result ^= str_pad($temp, $size, "\0", STR_PAD_LEFT); + } + } + + return $result; + } + + /** + * Perform polynomial multiplation + * + * Uses karatsuba multiplication to reduce x-bit multiplications to a series of 32-bit multiplications + * + * @return string + * @link https://en.wikipedia.org/wiki/Karatsuba_algorithm + */ + private static function polynomialMultiply($x, $y) + { + if (strlen($x) == strlen($y)) { + $length = strlen($x); + } else { + $length = max(strlen($x), strlen($y)); + $x = str_pad($x, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y, $length, "\0", STR_PAD_LEFT); + } + + switch (true) { + case PHP_INT_SIZE == 8 && $length <= 4: + return $length != 4 ? + self::subMultiply(str_pad($x, 4, "\0", STR_PAD_LEFT), str_pad($y, 4, "\0", STR_PAD_LEFT)) : + self::subMultiply($x, $y); + case PHP_INT_SIZE == 4 || $length > 32: + return self::regularPolynomialMultiply($x, $y); + } + + $m = $length >> 1; + + $x1 = substr($x, 0, -$m); + $x0 = substr($x, -$m); + $y1 = substr($y, 0, -$m); + $y0 = substr($y, -$m); + + $z2 = self::polynomialMultiply($x1, $y1); + $z0 = self::polynomialMultiply($x0, $y0); + $z1 = self::polynomialMultiply( + self::subAdd2($x1, $x0), + self::subAdd2($y1, $y0) + ); + + $z1 = self::subAdd3($z1, $z2, $z0); + + $xy = self::subAdd3( + $z2 . str_repeat("\0", 2 * $m), + $z1 . str_repeat("\0", $m), + $z0 + ); + + return ltrim($xy, "\0"); + } + + /** + * Perform polynomial multiplication on 2x 32-bit numbers, returning + * a 64-bit number + * + * @param string $x + * @param string $y + * @return string + * @link https://www.bearssl.org/constanttime.html#ghash-for-gcm + */ + private static function subMultiply($x, $y) + { + $x = unpack('N', $x)[1]; + $y = unpack('N', $y)[1]; + + $x0 = $x & 0x11111111; + $x1 = $x & 0x22222222; + $x2 = $x & 0x44444444; + $x3 = $x & 0x88888888; + + $y0 = $y & 0x11111111; + $y1 = $y & 0x22222222; + $y2 = $y & 0x44444444; + $y3 = $y & 0x88888888; + + $z0 = ($x0 * $y0) ^ ($x1 * $y3) ^ ($x2 * $y2) ^ ($x3 * $y1); + $z1 = ($x0 * $y1) ^ ($x1 * $y0) ^ ($x2 * $y3) ^ ($x3 * $y2); + $z2 = ($x0 * $y2) ^ ($x1 * $y1) ^ ($x2 * $y0) ^ ($x3 * $y3); + $z3 = ($x0 * $y3) ^ ($x1 * $y2) ^ ($x2 * $y1) ^ ($x3 * $y0); + + $z0 &= 0x1111111111111111; + $z1 &= 0x2222222222222222; + $z2 &= 0x4444444444444444; + $z3 &= -8608480567731124088; // 0x8888888888888888 gets interpreted as a float + + $z = $z0 | $z1 | $z2 | $z3; + + return pack('J', $z); + } + + /** + * Adds two numbers + * + * @param string $x + * @param string $y + * @return string + */ + private static function subAdd2($x, $y) + { + $length = max(strlen($x), strlen($y)); + $x = str_pad($x, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y, $length, "\0", STR_PAD_LEFT); + return $x ^ $y; + } + + /** + * Adds three numbers + * + * @param string $x + * @param string $y + * @return string + */ + private static function subAdd3($x, $y, $z) + { + $length = max(strlen($x), strlen($y), strlen($z)); + $x = str_pad($x, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y, $length, "\0", STR_PAD_LEFT); + $z = str_pad($z, $length, "\0", STR_PAD_LEFT); + return $x ^ $y ^ $z; + } + + /** + * Adds two BinaryFieldIntegers. + * + * @return static + */ + public function add(self $y) + { + static::checkInstance($this, $y); + + $length = strlen(static::$modulo[$this->instanceID]); + + $x = str_pad($this->value, $length, "\0", STR_PAD_LEFT); + $y = str_pad($y->value, $length, "\0", STR_PAD_LEFT); + + return new static($this->instanceID, $x ^ $y); + } + + /** + * Subtracts two BinaryFieldIntegers. + * + * @return static + */ + public function subtract(self $x) + { + return $this->add($x); + } + + /** + * Multiplies two BinaryFieldIntegers. + * + * @return static + */ + public function multiply(self $y) + { + static::checkInstance($this, $y); + + return new static($this->instanceID, static::polynomialMultiply($this->value, $y->value)); + } + + /** + * Returns the modular inverse of a BinaryFieldInteger + * + * @return static + */ + public function modInverse() + { + $remainder0 = static::$modulo[$this->instanceID]; + $remainder1 = $this->value; + + if ($remainder1 == '') { + return new static($this->instanceID); + } + + $aux0 = "\0"; + $aux1 = "\1"; + while ($remainder1 != "\1") { + list($q, $r) = static::polynomialDivide($remainder0, $remainder1); + $remainder0 = $remainder1; + $remainder1 = $r; + // the auxiliary in row n is given by the sum of the auxiliary in + // row n-2 and the product of the quotient and the auxiliary in row + // n-1 + $temp = static::polynomialMultiply($aux1, $q); + $aux = str_pad($aux0, strlen($temp), "\0", STR_PAD_LEFT) ^ + str_pad($temp, strlen($aux0), "\0", STR_PAD_LEFT); + $aux0 = $aux1; + $aux1 = $aux; + } + + $temp = new static($this->instanceID); + $temp->value = ltrim($aux1, "\0"); + return $temp; + } + + /** + * Divides two PrimeFieldIntegers. + * + * @return static + */ + public function divide(self $x) + { + static::checkInstance($this, $x); + + $x = $x->modInverse(); + return $this->multiply($x); + } + + /** + * Negate + * + * A negative number can be written as 0-12. With modulos, 0 is the same thing as the modulo + * so 0-12 is the same thing as modulo-12 + * + * @return object + */ + public function negate() + { + $x = str_pad($this->value, strlen(static::$modulo[$this->instanceID]), "\0", STR_PAD_LEFT); + + return new static($this->instanceID, $x ^ static::$modulo[$this->instanceID]); + } + + /** + * Returns the modulo + * + * @return string + */ + public static function getModulo($instanceID) + { + return static::$modulo[$instanceID]; + } + + /** + * Converts an Integer to a byte string (eg. base-256). + * + * @return string + */ + public function toBytes() + { + return str_pad($this->value, strlen(static::$modulo[$this->instanceID]), "\0", STR_PAD_LEFT); + } + + /** + * Converts an Integer to a hex string (eg. base-16). + * + * @return string + */ + public function toHex() + { + return Strings::bin2hex($this->toBytes()); + } + + /** + * Converts an Integer to a bit string (eg. base-2). + * + * @return string + */ + public function toBits() + { + //return str_pad(BinaryField::base256ToBase2($this->value), strlen(static::$modulo[$this->instanceID]), '0', STR_PAD_LEFT); + return BinaryField::base256ToBase2($this->value); + } + + /** + * Converts an Integer to a BigInteger + * + * @return string + */ + public function toBigInteger() + { + return new BigInteger($this->value, 256); + } + + /** + * __toString() magic method + * + */ + public function __toString() + { + return (string) $this->toBigInteger(); + } + + /** + * __debugInfo() magic method + * + */ + public function __debugInfo() + { + return ['value' => $this->toHex()]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/Common/FiniteField.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/Common/FiniteField.php new file mode 100644 index 0000000..2ea5f48 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/Common/FiniteField.php @@ -0,0 +1,22 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math\Common; + +/** + * Finite Fields + * + * @author Jim Wigginton + */ +abstract class FiniteField +{ +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/Common/FiniteField/Integer.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/Common/FiniteField/Integer.php new file mode 100644 index 0000000..3c959e9 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/Common/FiniteField/Integer.php @@ -0,0 +1,44 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math\Common\FiniteField; + +/** + * Finite Field Integer + * + * @author Jim Wigginton + */ +abstract class Integer implements \JsonSerializable +{ + /** + * JSON Serialize + * + * Will be called, automatically, when json_encode() is called on a BigInteger object. + * + * PHP Serialize isn't supported because unserializing would require the factory be + * serialized as well and that just sounds like too much + * + * @return array{hex: string} + */ + #[\ReturnTypeWillChange] + public function jsonSerialize() + { + return ['hex' => $this->toHex(true)]; + } + + /** + * Converts an Integer to a hex string (eg. base-16). + * + * @return string + */ + abstract public function toHex(); +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/PrimeField.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/PrimeField.php new file mode 100644 index 0000000..1a0667f --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/PrimeField.php @@ -0,0 +1,118 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://pear.php.net/package/Math_BigInteger + */ + +namespace phpseclib3\Math; + +use phpseclib3\Math\Common\FiniteField; +use phpseclib3\Math\PrimeField\Integer; + +/** + * Prime Finite Fields + * + * @author Jim Wigginton + */ +class PrimeField extends FiniteField +{ + /** + * Instance Counter + * + * @var int + */ + private static $instanceCounter = 0; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** + * Default constructor + */ + public function __construct(BigInteger $modulo) + { + if (!$modulo->isPrime()) { + throw new \UnexpectedValueException('PrimeField requires a prime number be passed to the constructor'); + } + + $this->instanceID = self::$instanceCounter++; + Integer::setModulo($this->instanceID, $modulo); + Integer::setRecurringModuloFunction($this->instanceID, $modulo->createRecurringModuloFunction()); + } + + /** + * Use a custom defined modular reduction function + * + * @return void + */ + public function setReduction(\Closure $func) + { + $this->reduce = $func->bindTo($this, $this); + } + + /** + * Returns an instance of a dynamically generated PrimeFieldInteger class + * + * @return Integer + */ + public function newInteger(BigInteger $num) + { + return new Integer($this->instanceID, $num); + } + + /** + * Returns an integer on the finite field between one and the prime modulo + * + * @return Integer + */ + public function randomInteger() + { + static $one; + if (!isset($one)) { + $one = new BigInteger(1); + } + + return new Integer($this->instanceID, BigInteger::randomRange($one, Integer::getModulo($this->instanceID))); + } + + /** + * Returns the length of the modulo in bytes + * + * @return int + */ + public function getLengthInBytes() + { + return Integer::getModulo($this->instanceID)->getLengthInBytes(); + } + + /** + * Returns the length of the modulo in bits + * + * @return int + */ + public function getLength() + { + return Integer::getModulo($this->instanceID)->getLength(); + } + + /** + * Destructor + */ + public function __destruct() + { + Integer::cleanupCache($this->instanceID); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/PrimeField/Integer.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/PrimeField/Integer.php new file mode 100644 index 0000000..1bd7aaf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Math/PrimeField/Integer.php @@ -0,0 +1,419 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +namespace phpseclib3\Math\PrimeField; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Math\BigInteger; +use phpseclib3\Math\Common\FiniteField\Integer as Base; + +/** + * Prime Finite Fields + * + * @author Jim Wigginton + */ +class Integer extends Base +{ + /** + * Holds the PrimeField's value + * + * @var BigInteger + */ + protected $value; + + /** + * Keeps track of current instance + * + * @var int + */ + protected $instanceID; + + /** + * Holds the PrimeField's modulo + * + * @var array + */ + protected static $modulo; + + /** + * Holds a pre-generated function to perform modulo reductions + * + * @var array + */ + protected static $reduce; + + /** + * Zero + * + * @var BigInteger + */ + protected static $zero; + + /** + * Default constructor + * + * @param int $instanceID + */ + public function __construct($instanceID, BigInteger $num = null) + { + $this->instanceID = $instanceID; + if (!isset($num)) { + $this->value = clone static::$zero[static::class]; + } else { + $reduce = static::$reduce[$instanceID]; + $this->value = $reduce($num); + } + } + + /** + * Set the modulo for a given instance + * + * @param int $instanceID + * @return void + */ + public static function setModulo($instanceID, BigInteger $modulo) + { + static::$modulo[$instanceID] = $modulo; + } + + /** + * Set the modulo for a given instance + * + * @param int $instanceID + * @return void + */ + public static function setRecurringModuloFunction($instanceID, callable $function) + { + static::$reduce[$instanceID] = $function; + if (!isset(static::$zero[static::class])) { + static::$zero[static::class] = new BigInteger(); + } + } + + /** + * Delete the modulo for a given instance + */ + public static function cleanupCache($instanceID) + { + unset(static::$modulo[$instanceID]); + unset(static::$reduce[$instanceID]); + } + + /** + * Returns the modulo + * + * @param int $instanceID + * @return BigInteger + */ + public static function getModulo($instanceID) + { + return static::$modulo[$instanceID]; + } + + /** + * Tests a parameter to see if it's of the right instance + * + * Throws an exception if the incorrect class is being utilized + * + * @return void + */ + public static function checkInstance(self $x, self $y) + { + if ($x->instanceID != $y->instanceID) { + throw new \UnexpectedValueException('The instances of the two PrimeField\Integer objects do not match'); + } + } + + /** + * Tests the equality of two numbers. + * + * @return bool + */ + public function equals(self $x) + { + static::checkInstance($this, $x); + + return $this->value->equals($x->value); + } + + /** + * Compares two numbers. + * + * @return int + */ + public function compare(self $x) + { + static::checkInstance($this, $x); + + return $this->value->compare($x->value); + } + + /** + * Adds two PrimeFieldIntegers. + * + * @return static + */ + public function add(self $x) + { + static::checkInstance($this, $x); + + $temp = new static($this->instanceID); + $temp->value = $this->value->add($x->value); + if ($temp->value->compare(static::$modulo[$this->instanceID]) >= 0) { + $temp->value = $temp->value->subtract(static::$modulo[$this->instanceID]); + } + + return $temp; + } + + /** + * Subtracts two PrimeFieldIntegers. + * + * @return static + */ + public function subtract(self $x) + { + static::checkInstance($this, $x); + + $temp = new static($this->instanceID); + $temp->value = $this->value->subtract($x->value); + if ($temp->value->isNegative()) { + $temp->value = $temp->value->add(static::$modulo[$this->instanceID]); + } + + return $temp; + } + + /** + * Multiplies two PrimeFieldIntegers. + * + * @return static + */ + public function multiply(self $x) + { + static::checkInstance($this, $x); + + return new static($this->instanceID, $this->value->multiply($x->value)); + } + + /** + * Divides two PrimeFieldIntegers. + * + * @return static + */ + public function divide(self $x) + { + static::checkInstance($this, $x); + + $denominator = $x->value->modInverse(static::$modulo[$this->instanceID]); + return new static($this->instanceID, $this->value->multiply($denominator)); + } + + /** + * Performs power operation on a PrimeFieldInteger. + * + * @return static + */ + public function pow(BigInteger $x) + { + $temp = new static($this->instanceID); + $temp->value = $this->value->powMod($x, static::$modulo[$this->instanceID]); + + return $temp; + } + + /** + * Calculates the square root + * + * @link https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm + * @return static|false + */ + public function squareRoot() + { + static $one, $two; + if (!isset($one)) { + $one = new BigInteger(1); + $two = new BigInteger(2); + } + $reduce = static::$reduce[$this->instanceID]; + $p_1 = static::$modulo[$this->instanceID]->subtract($one); + $q = clone $p_1; + $s = BigInteger::scan1divide($q); + list($pow) = $p_1->divide($two); + for ($z = $one; !$z->equals(static::$modulo[$this->instanceID]); $z = $z->add($one)) { + $temp = $z->powMod($pow, static::$modulo[$this->instanceID]); + if ($temp->equals($p_1)) { + break; + } + } + + $m = new BigInteger($s); + $c = $z->powMod($q, static::$modulo[$this->instanceID]); + $t = $this->value->powMod($q, static::$modulo[$this->instanceID]); + list($temp) = $q->add($one)->divide($two); + $r = $this->value->powMod($temp, static::$modulo[$this->instanceID]); + + while (!$t->equals($one)) { + for ($i = clone $one; $i->compare($m) < 0; $i = $i->add($one)) { + if ($t->powMod($two->pow($i), static::$modulo[$this->instanceID])->equals($one)) { + break; + } + } + + if ($i->compare($m) == 0) { + return false; + } + $b = $c->powMod($two->pow($m->subtract($i)->subtract($one)), static::$modulo[$this->instanceID]); + $m = $i; + $c = $reduce($b->multiply($b)); + $t = $reduce($t->multiply($c)); + $r = $reduce($r->multiply($b)); + } + + return new static($this->instanceID, $r); + } + + /** + * Is Odd? + * + * @return bool + */ + public function isOdd() + { + return $this->value->isOdd(); + } + + /** + * Negate + * + * A negative number can be written as 0-12. With modulos, 0 is the same thing as the modulo + * so 0-12 is the same thing as modulo-12 + * + * @return static + */ + public function negate() + { + return new static($this->instanceID, static::$modulo[$this->instanceID]->subtract($this->value)); + } + + /** + * Converts an Integer to a byte string (eg. base-256). + * + * @return string + */ + public function toBytes() + { + if (isset(static::$modulo[$this->instanceID])) { + $length = static::$modulo[$this->instanceID]->getLengthInBytes(); + return str_pad($this->value->toBytes(), $length, "\0", STR_PAD_LEFT); + } + return $this->value->toBytes(); + } + + /** + * Converts an Integer to a hex string (eg. base-16). + * + * @return string + */ + public function toHex() + { + return Strings::bin2hex($this->toBytes()); + } + + /** + * Converts an Integer to a bit string (eg. base-2). + * + * @return string + */ + public function toBits() + { + // return $this->value->toBits(); + static $length; + if (!isset($length)) { + $length = static::$modulo[$this->instanceID]->getLength(); + } + + return str_pad($this->value->toBits(), $length, '0', STR_PAD_LEFT); + } + + /** + * Returns the w-ary non-adjacent form (wNAF) + * + * @param int $w optional + * @return array + */ + public function getNAF($w = 1) + { + $w++; + + $mask = new BigInteger((1 << $w) - 1); + $sub = new BigInteger(1 << $w); + //$sub = new BigInteger(1 << ($w - 1)); + $d = $this->toBigInteger(); + $d_i = []; + + $i = 0; + while ($d->compare(static::$zero[static::class]) > 0) { + if ($d->isOdd()) { + // start mods + + $bigInteger = $d->testBit($w - 1) ? + $d->bitwise_and($mask)->subtract($sub) : + //$sub->subtract($d->bitwise_and($mask)) : + $d->bitwise_and($mask); + // end mods + $d = $d->subtract($bigInteger); + $d_i[$i] = (int) $bigInteger->toString(); + } else { + $d_i[$i] = 0; + } + $shift = !$d->equals(static::$zero[static::class]) && $d->bitwise_and($mask)->equals(static::$zero[static::class]) ? $w : 1; // $w or $w + 1? + $d = $d->bitwise_rightShift($shift); + while (--$shift > 0) { + $d_i[++$i] = 0; + } + $i++; + } + + return $d_i; + } + + /** + * Converts an Integer to a BigInteger + * + * @return BigInteger + */ + public function toBigInteger() + { + return clone $this->value; + } + + /** + * __toString() magic method + * + * @return string + */ + public function __toString() + { + return (string) $this->value; + } + + /** + * __debugInfo() magic method + * + * @return array + */ + public function __debugInfo() + { + return ['value' => $this->toHex()]; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP.php new file mode 100644 index 0000000..caf2a0a --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP.php @@ -0,0 +1,3556 @@ + + * login('username', 'password')) { + * exit('Login Failed'); + * } + * + * echo $sftp->pwd() . "\r\n"; + * $sftp->put('filename.ext', 'hello, world!'); + * print_r($sftp->nlist()); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Net; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\FileNotFoundException; + +/** + * Pure-PHP implementations of SFTP. + * + * @author Jim Wigginton + */ +class SFTP extends SSH2 +{ + /** + * SFTP channel constant + * + * \phpseclib3\Net\SSH2::exec() uses 0 and \phpseclib3\Net\SSH2::read() / \phpseclib3\Net\SSH2::write() use 1. + * + * @see \phpseclib3\Net\SSH2::send_channel_packet() + * @see \phpseclib3\Net\SSH2::get_channel_packet() + */ + const CHANNEL = 0x100; + + /** + * Reads data from a local file. + * + * @see \phpseclib3\Net\SFTP::put() + */ + const SOURCE_LOCAL_FILE = 1; + /** + * Reads data from a string. + * + * @see \phpseclib3\Net\SFTP::put() + */ + // this value isn't really used anymore but i'm keeping it reserved for historical reasons + const SOURCE_STRING = 2; + /** + * Reads data from callback: + * function callback($length) returns string to proceed, null for EOF + * + * @see \phpseclib3\Net\SFTP::put() + */ + const SOURCE_CALLBACK = 16; + /** + * Resumes an upload + * + * @see \phpseclib3\Net\SFTP::put() + */ + const RESUME = 4; + /** + * Append a local file to an already existing remote file + * + * @see \phpseclib3\Net\SFTP::put() + */ + const RESUME_START = 8; + + /** + * Packet Types + * + * @see self::__construct() + * @var array + * @access private + */ + private static $packet_types = []; + + /** + * Status Codes + * + * @see self::__construct() + * @var array + * @access private + */ + private static $status_codes = []; + + /** @var array */ + private static $attributes; + + /** @var array */ + private static $open_flags; + + /** @var array */ + private static $open_flags5; + + /** @var array */ + private static $file_types; + + /** + * The Request ID + * + * The request ID exists in the off chance that a packet is sent out-of-order. Of course, this library doesn't support + * concurrent actions, so it's somewhat academic, here. + * + * @var boolean + * @see self::_send_sftp_packet() + */ + private $use_request_id = false; + + /** + * The Packet Type + * + * The request ID exists in the off chance that a packet is sent out-of-order. Of course, this library doesn't support + * concurrent actions, so it's somewhat academic, here. + * + * @var int + * @see self::_get_sftp_packet() + */ + private $packet_type = -1; + + /** + * Packet Buffer + * + * @var string + * @see self::_get_sftp_packet() + */ + private $packet_buffer = ''; + + /** + * Extensions supported by the server + * + * @var array + * @see self::_initChannel() + */ + private $extensions = []; + + /** + * Server SFTP version + * + * @var int + * @see self::_initChannel() + */ + private $version; + + /** + * Default Server SFTP version + * + * @var int + * @see self::_initChannel() + */ + private $defaultVersion; + + /** + * Preferred SFTP version + * + * @var int + * @see self::_initChannel() + */ + private $preferredVersion = 3; + + /** + * Current working directory + * + * @var string|bool + * @see self::realpath() + * @see self::chdir() + */ + private $pwd = false; + + /** + * Packet Type Log + * + * @see self::getLog() + * @var array + */ + private $packet_type_log = []; + + /** + * Packet Log + * + * @see self::getLog() + * @var array + */ + private $packet_log = []; + + /** + * Real-time log file pointer + * + * @see self::_append_log() + * @var resource|closed-resource + */ + private $realtime_log_file; + + /** + * Real-time log file size + * + * @see self::_append_log() + * @var int + */ + private $realtime_log_size; + + /** + * Real-time log file wrap boolean + * + * @see self::_append_log() + * @var bool + */ + private $realtime_log_wrap; + + /** + * Current log size + * + * Should never exceed self::LOG_MAX_SIZE + * + * @var int + */ + private $log_size; + + /** + * Error information + * + * @see self::getSFTPErrors() + * @see self::getLastSFTPError() + * @var array + */ + private $sftp_errors = []; + + /** + * Stat Cache + * + * Rather than always having to open a directory and close it immediately there after to see if a file is a directory + * we'll cache the results. + * + * @see self::_update_stat_cache() + * @see self::_remove_from_stat_cache() + * @see self::_query_stat_cache() + * @var array + */ + private $stat_cache = []; + + /** + * Max SFTP Packet Size + * + * @see self::__construct() + * @see self::get() + * @var int + */ + private $max_sftp_packet; + + /** + * Stat Cache Flag + * + * @see self::disableStatCache() + * @see self::enableStatCache() + * @var bool + */ + private $use_stat_cache = true; + + /** + * Sort Options + * + * @see self::_comparator() + * @see self::setListOrder() + * @var array + */ + protected $sortOptions = []; + + /** + * Canonicalization Flag + * + * Determines whether or not paths should be canonicalized before being + * passed on to the remote server. + * + * @see self::enablePathCanonicalization() + * @see self::disablePathCanonicalization() + * @see self::realpath() + * @var bool + */ + private $canonicalize_paths = true; + + /** + * Request Buffers + * + * @see self::_get_sftp_packet() + * @var array + */ + private $requestBuffer = []; + + /** + * Preserve timestamps on file downloads / uploads + * + * @see self::get() + * @see self::put() + * @var bool + */ + private $preserveTime = false; + + /** + * Arbitrary Length Packets Flag + * + * Determines whether or not packets of any length should be allowed, + * in cases where the server chooses the packet length (such as + * directory listings). By default, packets are only allowed to be + * 256 * 1024 bytes (SFTP_MAX_MSG_LENGTH from OpenSSH's sftp-common.h) + * + * @see self::enableArbitraryLengthPackets() + * @see self::_get_sftp_packet() + * @var bool + */ + private $allow_arbitrary_length_packets = false; + + /** + * Was the last packet due to the channels being closed or not? + * + * @see self::get() + * @see self::get_sftp_packet() + * @var bool + */ + private $channel_close = false; + + /** + * Has the SFTP channel been partially negotiated? + * + * @var bool + */ + private $partial_init = false; + + /** + * Default Constructor. + * + * Connects to an SFTP server + * + * $host can either be a string, representing the host, or a stream resource. + * + * @param mixed $host + * @param int $port + * @param int $timeout + */ + public function __construct($host, $port = 22, $timeout = 10) + { + parent::__construct($host, $port, $timeout); + + $this->max_sftp_packet = 1 << 15; + + if (empty(self::$packet_types)) { + self::$packet_types = [ + 1 => 'NET_SFTP_INIT', + 2 => 'NET_SFTP_VERSION', + 3 => 'NET_SFTP_OPEN', + 4 => 'NET_SFTP_CLOSE', + 5 => 'NET_SFTP_READ', + 6 => 'NET_SFTP_WRITE', + 7 => 'NET_SFTP_LSTAT', + 9 => 'NET_SFTP_SETSTAT', + 10 => 'NET_SFTP_FSETSTAT', + 11 => 'NET_SFTP_OPENDIR', + 12 => 'NET_SFTP_READDIR', + 13 => 'NET_SFTP_REMOVE', + 14 => 'NET_SFTP_MKDIR', + 15 => 'NET_SFTP_RMDIR', + 16 => 'NET_SFTP_REALPATH', + 17 => 'NET_SFTP_STAT', + 18 => 'NET_SFTP_RENAME', + 19 => 'NET_SFTP_READLINK', + 20 => 'NET_SFTP_SYMLINK', + 21 => 'NET_SFTP_LINK', + + 101 => 'NET_SFTP_STATUS', + 102 => 'NET_SFTP_HANDLE', + 103 => 'NET_SFTP_DATA', + 104 => 'NET_SFTP_NAME', + 105 => 'NET_SFTP_ATTRS', + + 200 => 'NET_SFTP_EXTENDED' + ]; + self::$status_codes = [ + 0 => 'NET_SFTP_STATUS_OK', + 1 => 'NET_SFTP_STATUS_EOF', + 2 => 'NET_SFTP_STATUS_NO_SUCH_FILE', + 3 => 'NET_SFTP_STATUS_PERMISSION_DENIED', + 4 => 'NET_SFTP_STATUS_FAILURE', + 5 => 'NET_SFTP_STATUS_BAD_MESSAGE', + 6 => 'NET_SFTP_STATUS_NO_CONNECTION', + 7 => 'NET_SFTP_STATUS_CONNECTION_LOST', + 8 => 'NET_SFTP_STATUS_OP_UNSUPPORTED', + 9 => 'NET_SFTP_STATUS_INVALID_HANDLE', + 10 => 'NET_SFTP_STATUS_NO_SUCH_PATH', + 11 => 'NET_SFTP_STATUS_FILE_ALREADY_EXISTS', + 12 => 'NET_SFTP_STATUS_WRITE_PROTECT', + 13 => 'NET_SFTP_STATUS_NO_MEDIA', + 14 => 'NET_SFTP_STATUS_NO_SPACE_ON_FILESYSTEM', + 15 => 'NET_SFTP_STATUS_QUOTA_EXCEEDED', + 16 => 'NET_SFTP_STATUS_UNKNOWN_PRINCIPAL', + 17 => 'NET_SFTP_STATUS_LOCK_CONFLICT', + 18 => 'NET_SFTP_STATUS_DIR_NOT_EMPTY', + 19 => 'NET_SFTP_STATUS_NOT_A_DIRECTORY', + 20 => 'NET_SFTP_STATUS_INVALID_FILENAME', + 21 => 'NET_SFTP_STATUS_LINK_LOOP', + 22 => 'NET_SFTP_STATUS_CANNOT_DELETE', + 23 => 'NET_SFTP_STATUS_INVALID_PARAMETER', + 24 => 'NET_SFTP_STATUS_FILE_IS_A_DIRECTORY', + 25 => 'NET_SFTP_STATUS_BYTE_RANGE_LOCK_CONFLICT', + 26 => 'NET_SFTP_STATUS_BYTE_RANGE_LOCK_REFUSED', + 27 => 'NET_SFTP_STATUS_DELETE_PENDING', + 28 => 'NET_SFTP_STATUS_FILE_CORRUPT', + 29 => 'NET_SFTP_STATUS_OWNER_INVALID', + 30 => 'NET_SFTP_STATUS_GROUP_INVALID', + 31 => 'NET_SFTP_STATUS_NO_MATCHING_BYTE_RANGE_LOCK' + ]; + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-7.1 + // the order, in this case, matters quite a lot - see \phpseclib3\Net\SFTP::_parseAttributes() to understand why + self::$attributes = [ + 0x00000001 => 'NET_SFTP_ATTR_SIZE', + 0x00000002 => 'NET_SFTP_ATTR_UIDGID', // defined in SFTPv3, removed in SFTPv4+ + 0x00000080 => 'NET_SFTP_ATTR_OWNERGROUP', // defined in SFTPv4+ + 0x00000004 => 'NET_SFTP_ATTR_PERMISSIONS', + 0x00000008 => 'NET_SFTP_ATTR_ACCESSTIME', + 0x00000010 => 'NET_SFTP_ATTR_CREATETIME', // SFTPv4+ + 0x00000020 => 'NET_SFTP_ATTR_MODIFYTIME', + 0x00000040 => 'NET_SFTP_ATTR_ACL', + 0x00000100 => 'NET_SFTP_ATTR_SUBSECOND_TIMES', + 0x00000200 => 'NET_SFTP_ATTR_BITS', // SFTPv5+ + 0x00000400 => 'NET_SFTP_ATTR_ALLOCATION_SIZE', // SFTPv6+ + 0x00000800 => 'NET_SFTP_ATTR_TEXT_HINT', + 0x00001000 => 'NET_SFTP_ATTR_MIME_TYPE', + 0x00002000 => 'NET_SFTP_ATTR_LINK_COUNT', + 0x00004000 => 'NET_SFTP_ATTR_UNTRANSLATED_NAME', + 0x00008000 => 'NET_SFTP_ATTR_CTIME', + // 0x80000000 will yield a floating point on 32-bit systems and converting floating points to integers + // yields inconsistent behavior depending on how php is compiled. so we left shift -1 (which, in + // two's compliment, consists of all 1 bits) by 31. on 64-bit systems this'll yield 0xFFFFFFFF80000000. + // that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored. + (PHP_INT_SIZE == 4 ? (-1 << 31) : 0x80000000) => 'NET_SFTP_ATTR_EXTENDED' + ]; + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-6.3 + // the flag definitions change somewhat in SFTPv5+. if SFTPv5+ support is added to this library, maybe name + // the array for that $this->open5_flags and similarly alter the constant names. + self::$open_flags = [ + 0x00000001 => 'NET_SFTP_OPEN_READ', + 0x00000002 => 'NET_SFTP_OPEN_WRITE', + 0x00000004 => 'NET_SFTP_OPEN_APPEND', + 0x00000008 => 'NET_SFTP_OPEN_CREATE', + 0x00000010 => 'NET_SFTP_OPEN_TRUNCATE', + 0x00000020 => 'NET_SFTP_OPEN_EXCL', + 0x00000040 => 'NET_SFTP_OPEN_TEXT' // defined in SFTPv4 + ]; + // SFTPv5+ changed the flags up: + // https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-8.1.1.3 + self::$open_flags5 = [ + // when SSH_FXF_ACCESS_DISPOSITION is a 3 bit field that controls how the file is opened + 0x00000000 => 'NET_SFTP_OPEN_CREATE_NEW', + 0x00000001 => 'NET_SFTP_OPEN_CREATE_TRUNCATE', + 0x00000002 => 'NET_SFTP_OPEN_OPEN_EXISTING', + 0x00000003 => 'NET_SFTP_OPEN_OPEN_OR_CREATE', + 0x00000004 => 'NET_SFTP_OPEN_TRUNCATE_EXISTING', + // the rest of the flags are not supported + 0x00000008 => 'NET_SFTP_OPEN_APPEND_DATA', // "the offset field of SS_FXP_WRITE requests is ignored" + 0x00000010 => 'NET_SFTP_OPEN_APPEND_DATA_ATOMIC', + 0x00000020 => 'NET_SFTP_OPEN_TEXT_MODE', + 0x00000040 => 'NET_SFTP_OPEN_BLOCK_READ', + 0x00000080 => 'NET_SFTP_OPEN_BLOCK_WRITE', + 0x00000100 => 'NET_SFTP_OPEN_BLOCK_DELETE', + 0x00000200 => 'NET_SFTP_OPEN_BLOCK_ADVISORY', + 0x00000400 => 'NET_SFTP_OPEN_NOFOLLOW', + 0x00000800 => 'NET_SFTP_OPEN_DELETE_ON_CLOSE', + 0x00001000 => 'NET_SFTP_OPEN_ACCESS_AUDIT_ALARM_INFO', + 0x00002000 => 'NET_SFTP_OPEN_ACCESS_BACKUP', + 0x00004000 => 'NET_SFTP_OPEN_BACKUP_STREAM', + 0x00008000 => 'NET_SFTP_OPEN_OVERRIDE_OWNER', + ]; + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-5.2 + // see \phpseclib3\Net\SFTP::_parseLongname() for an explanation + self::$file_types = [ + 1 => 'NET_SFTP_TYPE_REGULAR', + 2 => 'NET_SFTP_TYPE_DIRECTORY', + 3 => 'NET_SFTP_TYPE_SYMLINK', + 4 => 'NET_SFTP_TYPE_SPECIAL', + 5 => 'NET_SFTP_TYPE_UNKNOWN', + // the following types were first defined for use in SFTPv5+ + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-05#section-5.2 + 6 => 'NET_SFTP_TYPE_SOCKET', + 7 => 'NET_SFTP_TYPE_CHAR_DEVICE', + 8 => 'NET_SFTP_TYPE_BLOCK_DEVICE', + 9 => 'NET_SFTP_TYPE_FIFO' + ]; + self::define_array( + self::$packet_types, + self::$status_codes, + self::$attributes, + self::$open_flags, + self::$open_flags5, + self::$file_types + ); + } + + if (!defined('NET_SFTP_QUEUE_SIZE')) { + define('NET_SFTP_QUEUE_SIZE', 32); + } + if (!defined('NET_SFTP_UPLOAD_QUEUE_SIZE')) { + define('NET_SFTP_UPLOAD_QUEUE_SIZE', 1024); + } + } + + /** + * Check a few things before SFTP functions are called + * + * @return bool + */ + private function precheck() + { + if (!($this->bitmap & SSH2::MASK_LOGIN)) { + return false; + } + + if ($this->pwd === false) { + return $this->init_sftp_connection(); + } + + return true; + } + + /** + * Partially initialize an SFTP connection + * + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return bool + */ + private function partial_init_sftp_connection() + { + $response = $this->open_channel(self::CHANNEL, true); + if ($response === true && $this->isTimeout()) { + return false; + } + + $packet = Strings::packSSH2( + 'CNsbs', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL], + 'subsystem', + true, + 'sftp' + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL] = NET_SSH2_MSG_CHANNEL_REQUEST; + + $response = $this->get_channel_packet(self::CHANNEL, true); + if ($response === false) { + // from PuTTY's psftp.exe + $command = "test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server\n" . + "test -x /usr/local/lib/sftp-server && exec /usr/local/lib/sftp-server\n" . + "exec sftp-server"; + // we don't do $this->exec($command, false) because exec() operates on a different channel and plus the SSH_MSG_CHANNEL_OPEN that exec() does + // is redundant + $packet = Strings::packSSH2( + 'CNsCs', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL], + 'exec', + 1, + $command + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL] = NET_SSH2_MSG_CHANNEL_REQUEST; + + $response = $this->get_channel_packet(self::CHANNEL, true); + if ($response === false) { + return false; + } + } elseif ($response === true && $this->isTimeout()) { + return false; + } + + $this->channel_status[self::CHANNEL] = NET_SSH2_MSG_CHANNEL_DATA; + $this->send_sftp_packet(NET_SFTP_INIT, "\0\0\0\3"); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_VERSION) { + throw new \UnexpectedValueException('Expected NET_SFTP_VERSION. ' + . 'Got packet type: ' . $this->packet_type); + } + + $this->use_request_id = true; + + list($this->defaultVersion) = Strings::unpackSSH2('N', $response); + while (!empty($response)) { + list($key, $value) = Strings::unpackSSH2('ss', $response); + $this->extensions[$key] = $value; + } + + $this->partial_init = true; + + return true; + } + + /** + * (Re)initializes the SFTP channel + * + * @return bool + */ + private function init_sftp_connection() + { + if (!$this->partial_init && !$this->partial_init_sftp_connection()) { + return false; + } + + /* + A Note on SFTPv4/5/6 support: + states the following: + + "If the client wishes to interoperate with servers that support noncontiguous version + numbers it SHOULD send '3'" + + Given that the server only sends its version number after the client has already done so, the above + seems to be suggesting that v3 should be the default version. This makes sense given that v3 is the + most popular. + + states the following; + + "If the server did not send the "versions" extension, or the version-from-list was not included, the + server MAY send a status response describing the failure, but MUST then close the channel without + processing any further requests." + + So what do you do if you have a client whose initial SSH_FXP_INIT packet says it implements v3 and + a server whose initial SSH_FXP_VERSION reply says it implements v4 and only v4? If it only implements + v4, the "versions" extension is likely not going to have been sent so version re-negotiation as discussed + in draft-ietf-secsh-filexfer-13 would be quite impossible. As such, what \phpseclib3\Net\SFTP would do is close the + channel and reopen it with a new and updated SSH_FXP_INIT packet. + */ + $this->version = $this->defaultVersion; + if (isset($this->extensions['versions']) && (!$this->preferredVersion || $this->preferredVersion != $this->version)) { + $versions = explode(',', $this->extensions['versions']); + $supported = [6, 5, 4]; + if ($this->preferredVersion) { + $supported = array_diff($supported, [$this->preferredVersion]); + array_unshift($supported, $this->preferredVersion); + } + foreach ($supported as $ver) { + if (in_array($ver, $versions)) { + if ($ver === $this->version) { + break; + } + $this->version = (int) $ver; + $packet = Strings::packSSH2('ss', 'version-select', "$ver"); + $this->send_sftp_packet(NET_SFTP_EXTENDED, $packet); + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS_OK. ' + . ' Got ' . $status); + } + break; + } + } + } + + /* + SFTPv4+ defines a 'newline' extension. SFTPv3 seems to have unofficial support for it via 'newline@vandyke.com', + however, I'm not sure what 'newline@vandyke.com' is supposed to do (the fact that it's unofficial means that it's + not in the official SFTPv3 specs) and 'newline@vandyke.com' / 'newline' are likely not drop-in substitutes for + one another due to the fact that 'newline' comes with a SSH_FXF_TEXT bitmask whereas it seems unlikely that + 'newline@vandyke.com' would. + */ + /* + if (isset($this->extensions['newline@vandyke.com'])) { + $this->extensions['newline'] = $this->extensions['newline@vandyke.com']; + unset($this->extensions['newline@vandyke.com']); + } + */ + if ($this->version < 2 || $this->version > 6) { + return false; + } + + $this->pwd = true; + try { + $this->pwd = $this->realpath('.'); + } catch (\UnexpectedValueException $e) { + if (!$this->canonicalize_paths) { + throw $e; + } + $this->canonicalize_paths = false; + $this->reset_sftp(); + return $this->init_sftp_connection(); + } + + $this->update_stat_cache($this->pwd, []); + + return true; + } + + /** + * Disable the stat cache + * + */ + public function disableStatCache() + { + $this->use_stat_cache = false; + } + + /** + * Enable the stat cache + * + */ + public function enableStatCache() + { + $this->use_stat_cache = true; + } + + /** + * Clear the stat cache + * + */ + public function clearStatCache() + { + $this->stat_cache = []; + } + + /** + * Enable path canonicalization + * + */ + public function enablePathCanonicalization() + { + $this->canonicalize_paths = true; + } + + /** + * Disable path canonicalization + * + * If this is enabled then $sftp->pwd() will not return the canonicalized absolute path + * + */ + public function disablePathCanonicalization() + { + $this->canonicalize_paths = false; + } + + /** + * Enable arbitrary length packets + * + */ + public function enableArbitraryLengthPackets() + { + $this->allow_arbitrary_length_packets = true; + } + + /** + * Disable arbitrary length packets + * + */ + public function disableArbitraryLengthPackets() + { + $this->allow_arbitrary_length_packets = false; + } + + /** + * Returns the current directory name + * + * @return string|bool + */ + public function pwd() + { + if (!$this->precheck()) { + return false; + } + + return $this->pwd; + } + + /** + * Logs errors + * + * @param string $response + * @param int $status + */ + private function logError($response, $status = -1) + { + if ($status == -1) { + list($status) = Strings::unpackSSH2('N', $response); + } + + $error = self::$status_codes[$status]; + + if ($this->version > 2) { + list($message) = Strings::unpackSSH2('s', $response); + $this->sftp_errors[] = "$error: $message"; + } else { + $this->sftp_errors[] = $error; + } + } + + /** + * Canonicalize the Server-Side Path Name + * + * SFTP doesn't provide a mechanism by which the current working directory can be changed, so we'll emulate it. Returns + * the absolute (canonicalized) path. + * + * If canonicalize_paths has been disabled using disablePathCanonicalization(), $path is returned as-is. + * + * @see self::chdir() + * @see self::disablePathCanonicalization() + * @param string $path + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return mixed + */ + public function realpath($path) + { + if ($this->precheck() === false) { + return false; + } + + if (!$this->canonicalize_paths) { + if ($this->pwd === true) { + return '.'; + } + if (!strlen($path) || $path[0] != '/') { + $path = $this->pwd . '/' . $path; + } + $parts = explode('/', $path); + $afterPWD = $beforePWD = []; + foreach ($parts as $part) { + switch ($part) { + //case '': // some SFTP servers /require/ double /'s. see https://github.com/phpseclib/phpseclib/pull/1137 + case '.': + break; + case '..': + if (!empty($afterPWD)) { + array_pop($afterPWD); + } else { + $beforePWD[] = '..'; + } + break; + default: + $afterPWD[] = $part; + } + } + $beforePWD = count($beforePWD) ? implode('/', $beforePWD) : '.'; + return $beforePWD . '/' . implode('/', $afterPWD); + } + + if ($this->pwd === true) { + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.9 + $this->send_sftp_packet(NET_SFTP_REALPATH, Strings::packSSH2('s', $path)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_NAME: + // although SSH_FXP_NAME is implemented differently in SFTPv3 than it is in SFTPv4+, the following + // should work on all SFTP versions since the only part of the SSH_FXP_NAME packet the following looks + // at is the first part and that part is defined the same in SFTP versions 3 through 6. + list(, $filename) = Strings::unpackSSH2('Ns', $response); + return $filename; + case NET_SFTP_STATUS: + $this->logError($response); + return false; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_NAME or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + } + + if (!strlen($path) || $path[0] != '/') { + $path = $this->pwd . '/' . $path; + } + + $path = explode('/', $path); + $new = []; + foreach ($path as $dir) { + if (!strlen($dir)) { + continue; + } + switch ($dir) { + case '..': + array_pop($new); + // fall-through + case '.': + break; + default: + $new[] = $dir; + } + } + + return '/' . implode('/', $new); + } + + /** + * Changes the current directory + * + * @param string $dir + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return bool + */ + public function chdir($dir) + { + if (!$this->precheck()) { + return false; + } + + // assume current dir if $dir is empty + if ($dir === '') { + $dir = './'; + // suffix a slash if needed + } elseif ($dir[strlen($dir) - 1] != '/') { + $dir .= '/'; + } + + $dir = $this->realpath($dir); + + // confirm that $dir is, in fact, a valid directory + if ($this->use_stat_cache && is_array($this->query_stat_cache($dir))) { + $this->pwd = $dir; + return true; + } + + // we could do a stat on the alleged $dir to see if it's a directory but that doesn't tell us + // the currently logged in user has the appropriate permissions or not. maybe you could see if + // the file's uid / gid match the currently logged in user's uid / gid but how there's no easy + // way to get those with SFTP + + $this->send_sftp_packet(NET_SFTP_OPENDIR, Strings::packSSH2('s', $dir)); + + // see \phpseclib3\Net\SFTP::nlist() for a more thorough explanation of the following + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_HANDLE: + $handle = substr($response, 4); + break; + case NET_SFTP_STATUS: + $this->logError($response); + return false; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_HANDLE or NET_SFTP_STATUS' . + 'Got packet type: ' . $this->packet_type); + } + + if (!$this->close_handle($handle)) { + return false; + } + + $this->update_stat_cache($dir, []); + + $this->pwd = $dir; + return true; + } + + /** + * Returns a list of files in the given directory + * + * @param string $dir + * @param bool $recursive + * @return array|false + */ + public function nlist($dir = '.', $recursive = false) + { + return $this->nlist_helper($dir, $recursive, ''); + } + + /** + * Helper method for nlist + * + * @param string $dir + * @param bool $recursive + * @param string $relativeDir + * @return array|false + */ + private function nlist_helper($dir, $recursive, $relativeDir) + { + $files = $this->readlist($dir, false); + + // If we get an int back, then that is an "unexpected" status. + // We do not have a file list, so return false. + if (is_int($files)) { + return false; + } + + if (!$recursive || $files === false) { + return $files; + } + + $result = []; + foreach ($files as $value) { + if ($value == '.' || $value == '..') { + $result[] = $relativeDir . $value; + continue; + } + if (is_array($this->query_stat_cache($this->realpath($dir . '/' . $value)))) { + $temp = $this->nlist_helper($dir . '/' . $value, true, $relativeDir . $value . '/'); + $temp = is_array($temp) ? $temp : []; + $result = array_merge($result, $temp); + } else { + $result[] = $relativeDir . $value; + } + } + + return $result; + } + + /** + * Returns a detailed list of files in the given directory + * + * @param string $dir + * @param bool $recursive + * @return array|false + */ + public function rawlist($dir = '.', $recursive = false) + { + $files = $this->readlist($dir, true); + + // If we get an int back, then that is an "unexpected" status. + // We do not have a file list, so return false. + if (is_int($files)) { + return false; + } + + if (!$recursive || $files === false) { + return $files; + } + + static $depth = 0; + + foreach ($files as $key => $value) { + if ($depth != 0 && $key == '..') { + unset($files[$key]); + continue; + } + $is_directory = false; + if ($key != '.' && $key != '..') { + if ($this->use_stat_cache) { + $is_directory = is_array($this->query_stat_cache($this->realpath($dir . '/' . $key))); + } else { + $stat = $this->lstat($dir . '/' . $key); + $is_directory = $stat && $stat['type'] === NET_SFTP_TYPE_DIRECTORY; + } + } + + if ($is_directory) { + $depth++; + $files[$key] = $this->rawlist($dir . '/' . $key, true); + $depth--; + } else { + $files[$key] = (object) $value; + } + } + + return $files; + } + + /** + * Reads a list, be it detailed or not, of files in the given directory + * + * @param string $dir + * @param bool $raw + * @return array|false + * @throws \UnexpectedValueException on receipt of unexpected packets + */ + private function readlist($dir, $raw = true) + { + if (!$this->precheck()) { + return false; + } + + $dir = $this->realpath($dir . '/'); + if ($dir === false) { + return false; + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.1.2 + $this->send_sftp_packet(NET_SFTP_OPENDIR, Strings::packSSH2('s', $dir)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_HANDLE: + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.2 + // since 'handle' is the last field in the SSH_FXP_HANDLE packet, we'll just remove the first four bytes that + // represent the length of the string and leave it at that + $handle = substr($response, 4); + break; + case NET_SFTP_STATUS: + // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + list($status) = Strings::unpackSSH2('N', $response); + $this->logError($response, $status); + return $status; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_HANDLE or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + $this->update_stat_cache($dir, []); + + $contents = []; + while (true) { + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.2.2 + // why multiple SSH_FXP_READDIR packets would be sent when the response to a single one can span arbitrarily many + // SSH_MSG_CHANNEL_DATA messages is not known to me. + $this->send_sftp_packet(NET_SFTP_READDIR, Strings::packSSH2('s', $handle)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_NAME: + list($count) = Strings::unpackSSH2('N', $response); + for ($i = 0; $i < $count; $i++) { + list($shortname) = Strings::unpackSSH2('s', $response); + // SFTPv4 "removed the long filename from the names structure-- it can now be + // built from information available in the attrs structure." + if ($this->version < 4) { + list($longname) = Strings::unpackSSH2('s', $response); + } + $attributes = $this->parseAttributes($response); + if (!isset($attributes['type']) && $this->version < 4) { + $fileType = $this->parseLongname($longname); + if ($fileType) { + $attributes['type'] = $fileType; + } + } + $contents[$shortname] = $attributes + ['filename' => $shortname]; + + if (isset($attributes['type']) && $attributes['type'] == NET_SFTP_TYPE_DIRECTORY && ($shortname != '.' && $shortname != '..')) { + $this->update_stat_cache($dir . '/' . $shortname, []); + } else { + if ($shortname == '..') { + $temp = $this->realpath($dir . '/..') . '/.'; + } else { + $temp = $dir . '/' . $shortname; + } + $this->update_stat_cache($temp, (object) ['lstat' => $attributes]); + } + // SFTPv6 has an optional boolean end-of-list field, but we'll ignore that, since the + // final SSH_FXP_STATUS packet should tell us that, already. + } + break; + case NET_SFTP_STATUS: + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_EOF) { + $this->logError($response, $status); + return $status; + } + break 2; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_NAME or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + } + + if (!$this->close_handle($handle)) { + return false; + } + + if (count($this->sortOptions)) { + uasort($contents, [&$this, 'comparator']); + } + + return $raw ? $contents : array_map('strval', array_keys($contents)); + } + + /** + * Compares two rawlist entries using parameters set by setListOrder() + * + * Intended for use with uasort() + * + * @param array $a + * @param array $b + * @return int + */ + private function comparator(array $a, array $b) + { + switch (true) { + case $a['filename'] === '.' || $b['filename'] === '.': + if ($a['filename'] === $b['filename']) { + return 0; + } + return $a['filename'] === '.' ? -1 : 1; + case $a['filename'] === '..' || $b['filename'] === '..': + if ($a['filename'] === $b['filename']) { + return 0; + } + return $a['filename'] === '..' ? -1 : 1; + case isset($a['type']) && $a['type'] === NET_SFTP_TYPE_DIRECTORY: + if (!isset($b['type'])) { + return 1; + } + if ($b['type'] !== $a['type']) { + return -1; + } + break; + case isset($b['type']) && $b['type'] === NET_SFTP_TYPE_DIRECTORY: + return 1; + } + foreach ($this->sortOptions as $sort => $order) { + if (!isset($a[$sort]) || !isset($b[$sort])) { + if (isset($a[$sort])) { + return -1; + } + if (isset($b[$sort])) { + return 1; + } + return 0; + } + switch ($sort) { + case 'filename': + $result = strcasecmp($a['filename'], $b['filename']); + if ($result) { + return $order === SORT_DESC ? -$result : $result; + } + break; + case 'mode': + $a[$sort] &= 07777; + $b[$sort] &= 07777; + // fall-through + default: + if ($a[$sort] === $b[$sort]) { + break; + } + return $order === SORT_ASC ? $a[$sort] - $b[$sort] : $b[$sort] - $a[$sort]; + } + } + } + + /** + * Defines how nlist() and rawlist() will be sorted - if at all. + * + * If sorting is enabled directories and files will be sorted independently with + * directories appearing before files in the resultant array that is returned. + * + * Any parameter returned by stat is a valid sort parameter for this function. + * Filename comparisons are case insensitive. + * + * Examples: + * + * $sftp->setListOrder('filename', SORT_ASC); + * $sftp->setListOrder('size', SORT_DESC, 'filename', SORT_ASC); + * $sftp->setListOrder(true); + * Separates directories from files but doesn't do any sorting beyond that + * $sftp->setListOrder(); + * Don't do any sort of sorting + * + * @param string ...$args + */ + public function setListOrder(...$args) + { + $this->sortOptions = []; + if (empty($args)) { + return; + } + $len = count($args) & 0x7FFFFFFE; + for ($i = 0; $i < $len; $i += 2) { + $this->sortOptions[$args[$i]] = $args[$i + 1]; + } + if (!count($this->sortOptions)) { + $this->sortOptions = ['bogus' => true]; + } + } + + /** + * Save files / directories to cache + * + * @param string $path + * @param mixed $value + */ + private function update_stat_cache($path, $value) + { + if ($this->use_stat_cache === false) { + return; + } + + // preg_replace('#^/|/(?=/)|/$#', '', $dir) == str_replace('//', '/', trim($path, '/')) + $dirs = explode('/', preg_replace('#^/|/(?=/)|/$#', '', $path)); + + $temp = &$this->stat_cache; + $max = count($dirs) - 1; + foreach ($dirs as $i => $dir) { + // if $temp is an object that means one of two things. + // 1. a file was deleted and changed to a directory behind phpseclib's back + // 2. it's a symlink. when lstat is done it's unclear what it's a symlink to + if (is_object($temp)) { + $temp = []; + } + if (!isset($temp[$dir])) { + $temp[$dir] = []; + } + if ($i === $max) { + if (is_object($temp[$dir]) && is_object($value)) { + if (!isset($value->stat) && isset($temp[$dir]->stat)) { + $value->stat = $temp[$dir]->stat; + } + if (!isset($value->lstat) && isset($temp[$dir]->lstat)) { + $value->lstat = $temp[$dir]->lstat; + } + } + $temp[$dir] = $value; + break; + } + $temp = &$temp[$dir]; + } + } + + /** + * Remove files / directories from cache + * + * @param string $path + * @return bool + */ + private function remove_from_stat_cache($path) + { + $dirs = explode('/', preg_replace('#^/|/(?=/)|/$#', '', $path)); + + $temp = &$this->stat_cache; + $max = count($dirs) - 1; + foreach ($dirs as $i => $dir) { + if (!is_array($temp)) { + return false; + } + if ($i === $max) { + unset($temp[$dir]); + return true; + } + if (!isset($temp[$dir])) { + return false; + } + $temp = &$temp[$dir]; + } + } + + /** + * Checks cache for path + * + * Mainly used by file_exists + * + * @param string $path + * @return mixed + */ + private function query_stat_cache($path) + { + $dirs = explode('/', preg_replace('#^/|/(?=/)|/$#', '', $path)); + + $temp = &$this->stat_cache; + foreach ($dirs as $dir) { + if (!is_array($temp)) { + return null; + } + if (!isset($temp[$dir])) { + return null; + } + $temp = &$temp[$dir]; + } + return $temp; + } + + /** + * Returns general information about a file. + * + * Returns an array on success and false otherwise. + * + * @param string $filename + * @return array|false + */ + public function stat($filename) + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + if ($this->use_stat_cache) { + $result = $this->query_stat_cache($filename); + if (is_array($result) && isset($result['.']) && isset($result['.']->stat)) { + return $result['.']->stat; + } + if (is_object($result) && isset($result->stat)) { + return $result->stat; + } + } + + $stat = $this->stat_helper($filename, NET_SFTP_STAT); + if ($stat === false) { + $this->remove_from_stat_cache($filename); + return false; + } + if (isset($stat['type'])) { + if ($stat['type'] == NET_SFTP_TYPE_DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['stat' => $stat]); + return $stat; + } + + $pwd = $this->pwd; + $stat['type'] = $this->chdir($filename) ? + NET_SFTP_TYPE_DIRECTORY : + NET_SFTP_TYPE_REGULAR; + $this->pwd = $pwd; + + if ($stat['type'] == NET_SFTP_TYPE_DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['stat' => $stat]); + + return $stat; + } + + /** + * Returns general information about a file or symbolic link. + * + * Returns an array on success and false otherwise. + * + * @param string $filename + * @return array|false + */ + public function lstat($filename) + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + if ($this->use_stat_cache) { + $result = $this->query_stat_cache($filename); + if (is_array($result) && isset($result['.']) && isset($result['.']->lstat)) { + return $result['.']->lstat; + } + if (is_object($result) && isset($result->lstat)) { + return $result->lstat; + } + } + + $lstat = $this->stat_helper($filename, NET_SFTP_LSTAT); + if ($lstat === false) { + $this->remove_from_stat_cache($filename); + return false; + } + if (isset($lstat['type'])) { + if ($lstat['type'] == NET_SFTP_TYPE_DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['lstat' => $lstat]); + return $lstat; + } + + $stat = $this->stat_helper($filename, NET_SFTP_STAT); + + if ($lstat != $stat) { + $lstat = array_merge($lstat, ['type' => NET_SFTP_TYPE_SYMLINK]); + $this->update_stat_cache($filename, (object) ['lstat' => $lstat]); + return $stat; + } + + $pwd = $this->pwd; + $lstat['type'] = $this->chdir($filename) ? + NET_SFTP_TYPE_DIRECTORY : + NET_SFTP_TYPE_REGULAR; + $this->pwd = $pwd; + + if ($lstat['type'] == NET_SFTP_TYPE_DIRECTORY) { + $filename .= '/.'; + } + $this->update_stat_cache($filename, (object) ['lstat' => $lstat]); + + return $lstat; + } + + /** + * Returns general information about a file or symbolic link + * + * Determines information without calling \phpseclib3\Net\SFTP::realpath(). + * The second parameter can be either NET_SFTP_STAT or NET_SFTP_LSTAT. + * + * @param string $filename + * @param int $type + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return array|false + */ + private function stat_helper($filename, $type) + { + // SFTPv4+ adds an additional 32-bit integer field - flags - to the following: + $packet = Strings::packSSH2('s', $filename); + $this->send_sftp_packet($type, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_ATTRS: + return $this->parseAttributes($response); + case NET_SFTP_STATUS: + $this->logError($response); + return false; + } + + throw new \UnexpectedValueException('Expected NET_SFTP_ATTRS or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + /** + * Truncates a file to a given length + * + * @param string $filename + * @param int $new_size + * @return bool + */ + public function truncate($filename, $new_size) + { + $attr = Strings::packSSH2('NQ', NET_SFTP_ATTR_SIZE, $new_size); + + return $this->setstat($filename, $attr, false); + } + + /** + * Sets access and modification time of file. + * + * If the file does not exist, it will be created. + * + * @param string $filename + * @param int $time + * @param int $atime + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return bool + */ + public function touch($filename, $time = null, $atime = null) + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + if (!isset($time)) { + $time = time(); + } + if (!isset($atime)) { + $atime = $time; + } + + $attr = $this->version < 4 ? + pack('N3', NET_SFTP_ATTR_ACCESSTIME, $atime, $time) : + Strings::packSSH2('NQ2', NET_SFTP_ATTR_ACCESSTIME | NET_SFTP_ATTR_MODIFYTIME, $atime, $time); + + $packet = Strings::packSSH2('s', $filename); + $packet .= $this->version >= 5 ? + pack('N2', 0, NET_SFTP_OPEN_OPEN_EXISTING) : + pack('N', NET_SFTP_OPEN_WRITE | NET_SFTP_OPEN_CREATE | NET_SFTP_OPEN_EXCL); + $packet .= $attr; + + $this->send_sftp_packet(NET_SFTP_OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_HANDLE: + return $this->close_handle(substr($response, 4)); + case NET_SFTP_STATUS: + $this->logError($response); + break; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_HANDLE or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + return $this->setstat($filename, $attr, false); + } + + /** + * Changes file or directory owner + * + * $uid should be an int for SFTPv3 and a string for SFTPv4+. Ideally the string + * would be of the form "user@dns_domain" but it does not need to be. + * `$sftp->getSupportedVersions()['version']` will return the specific version + * that's being used. + * + * Returns true on success or false on error. + * + * @param string $filename + * @param int|string $uid + * @param bool $recursive + * @return bool + */ + public function chown($filename, $uid, $recursive = false) + { + /* + quoting , + + "To avoid a representation that is tied to a particular underlying + implementation at the client or server, the use of UTF-8 strings has + been chosen. The string should be of the form "user@dns_domain". + This will allow for a client and server that do not use the same + local representation the ability to translate to a common syntax that + can be interpreted by both. In the case where there is no + translation available to the client or server, the attribute value + must be constructed without the "@"." + + phpseclib _could_ auto append the dns_domain to $uid BUT what if it shouldn't + have one? phpseclib would have no way of knowing so rather than guess phpseclib + will just use whatever value the user provided + */ + + $attr = $this->version < 4 ? + // quoting , + // "if the owner or group is specified as -1, then that ID is not changed" + pack('N3', NET_SFTP_ATTR_UIDGID, $uid, -1) : + // quoting , + // "If either the owner or group field is zero length, the field should be + // considered absent, and no change should be made to that specific field + // during a modification operation" + Strings::packSSH2('Nss', NET_SFTP_ATTR_OWNERGROUP, $uid, ''); + + return $this->setstat($filename, $attr, $recursive); + } + + /** + * Changes file or directory group + * + * $gid should be an int for SFTPv3 and a string for SFTPv4+. Ideally the string + * would be of the form "user@dns_domain" but it does not need to be. + * `$sftp->getSupportedVersions()['version']` will return the specific version + * that's being used. + * + * Returns true on success or false on error. + * + * @param string $filename + * @param int|string $gid + * @param bool $recursive + * @return bool + */ + public function chgrp($filename, $gid, $recursive = false) + { + $attr = $this->version < 4 ? + pack('N3', NET_SFTP_ATTR_UIDGID, -1, $gid) : + Strings::packSSH2('Nss', NET_SFTP_ATTR_OWNERGROUP, '', $gid); + + return $this->setstat($filename, $attr, $recursive); + } + + /** + * Set permissions on a file. + * + * Returns the new file permissions on success or false on error. + * If $recursive is true than this just returns true or false. + * + * @param int $mode + * @param string $filename + * @param bool $recursive + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return mixed + */ + public function chmod($mode, $filename, $recursive = false) + { + if (is_string($mode) && is_int($filename)) { + $temp = $mode; + $mode = $filename; + $filename = $temp; + } + + $attr = pack('N2', NET_SFTP_ATTR_PERMISSIONS, $mode & 07777); + if (!$this->setstat($filename, $attr, $recursive)) { + return false; + } + if ($recursive) { + return true; + } + + $filename = $this->realpath($filename); + // rather than return what the permissions *should* be, we'll return what they actually are. this will also + // tell us if the file actually exists. + // incidentally, SFTPv4+ adds an additional 32-bit integer field - flags - to the following: + $packet = pack('Na*', strlen($filename), $filename); + $this->send_sftp_packet(NET_SFTP_STAT, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_ATTRS: + $attrs = $this->parseAttributes($response); + return $attrs['mode']; + case NET_SFTP_STATUS: + $this->logError($response); + return false; + } + + throw new \UnexpectedValueException('Expected NET_SFTP_ATTRS or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + /** + * Sets information about a file + * + * @param string $filename + * @param string $attr + * @param bool $recursive + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return bool + */ + private function setstat($filename, $attr, $recursive) + { + if (!$this->precheck()) { + return false; + } + + $filename = $this->realpath($filename); + if ($filename === false) { + return false; + } + + $this->remove_from_stat_cache($filename); + + if ($recursive) { + $i = 0; + $result = $this->setstat_recursive($filename, $attr, $i); + $this->read_put_responses($i); + return $result; + } + + $packet = Strings::packSSH2('s', $filename); + $packet .= $this->version >= 4 ? + pack('a*Ca*', substr($attr, 0, 4), NET_SFTP_TYPE_UNKNOWN, substr($attr, 4)) : + $attr; + $this->send_sftp_packet(NET_SFTP_SETSTAT, $packet); + + /* + "Because some systems must use separate system calls to set various attributes, it is possible that a failure + response will be returned, but yet some of the attributes may be have been successfully modified. If possible, + servers SHOULD avoid this situation; however, clients MUST be aware that this is possible." + + -- http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.6 + */ + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + return false; + } + + return true; + } + + /** + * Recursively sets information on directories on the SFTP server + * + * Minimizes directory lookups and SSH_FXP_STATUS requests for speed. + * + * @param string $path + * @param string $attr + * @param int $i + * @return bool + */ + private function setstat_recursive($path, $attr, &$i) + { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + $entries = $this->readlist($path, true); + + if ($entries === false || is_int($entries)) { + return $this->setstat($path, $attr, false); + } + + // normally $entries would have at least . and .. but it might not if the directories + // permissions didn't allow reading + if (empty($entries)) { + return false; + } + + unset($entries['.'], $entries['..']); + foreach ($entries as $filename => $props) { + if (!isset($props['type'])) { + return false; + } + + $temp = $path . '/' . $filename; + if ($props['type'] == NET_SFTP_TYPE_DIRECTORY) { + if (!$this->setstat_recursive($temp, $attr, $i)) { + return false; + } + } else { + $packet = Strings::packSSH2('s', $temp); + $packet .= $this->version >= 4 ? + pack('Ca*', NET_SFTP_TYPE_UNKNOWN, $attr) : + $attr; + $this->send_sftp_packet(NET_SFTP_SETSTAT, $packet); + + $i++; + + if ($i >= NET_SFTP_QUEUE_SIZE) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + } + } + + $packet = Strings::packSSH2('s', $path); + $packet .= $this->version >= 4 ? + pack('Ca*', NET_SFTP_TYPE_UNKNOWN, $attr) : + $attr; + $this->send_sftp_packet(NET_SFTP_SETSTAT, $packet); + + $i++; + + if ($i >= NET_SFTP_QUEUE_SIZE) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + + return true; + } + + /** + * Return the target of a symbolic link + * + * @param string $link + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return mixed + */ + public function readlink($link) + { + if (!$this->precheck()) { + return false; + } + + $link = $this->realpath($link); + + $this->send_sftp_packet(NET_SFTP_READLINK, Strings::packSSH2('s', $link)); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_NAME: + break; + case NET_SFTP_STATUS: + $this->logError($response); + return false; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_NAME or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + list($count) = Strings::unpackSSH2('N', $response); + // the file isn't a symlink + if (!$count) { + return false; + } + + list($filename) = Strings::unpackSSH2('s', $response); + + return $filename; + } + + /** + * Create a symlink + * + * symlink() creates a symbolic link to the existing target with the specified name link. + * + * @param string $target + * @param string $link + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return bool + */ + public function symlink($target, $link) + { + if (!$this->precheck()) { + return false; + } + + //$target = $this->realpath($target); + $link = $this->realpath($link); + + /* quoting https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-09#section-12.1 : + + Changed the SYMLINK packet to be LINK and give it the ability to + create hard links. Also change it's packet number because many + implementation implemented SYMLINK with the arguments reversed. + Hopefully the new argument names make it clear which way is which. + */ + if ($this->version == 6) { + $type = NET_SFTP_LINK; + $packet = Strings::packSSH2('ssC', $link, $target, 1); + } else { + $type = NET_SFTP_SYMLINK; + /* quoting http://bxr.su/OpenBSD/usr.bin/ssh/PROTOCOL#347 : + + 3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK + + When OpenSSH's sftp-server was implemented, the order of the arguments + to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately, + the reversal was not noticed until the server was widely deployed. Since + fixing this to follow the specification would cause incompatibility, the + current order was retained. For correct operation, clients should send + SSH_FXP_SYMLINK as follows: + + uint32 id + string targetpath + string linkpath */ + $packet = substr($this->server_identifier, 0, 15) == 'SSH-2.0-OpenSSH' ? + Strings::packSSH2('ss', $target, $link) : + Strings::packSSH2('ss', $link, $target); + } + $this->send_sftp_packet($type, $packet); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + return false; + } + + return true; + } + + /** + * Creates a directory. + * + * @param string $dir + * @param int $mode + * @param bool $recursive + * @return bool + */ + public function mkdir($dir, $mode = -1, $recursive = false) + { + if (!$this->precheck()) { + return false; + } + + $dir = $this->realpath($dir); + + if ($recursive) { + $dirs = explode('/', preg_replace('#/(?=/)|/$#', '', $dir)); + if (empty($dirs[0])) { + array_shift($dirs); + $dirs[0] = '/' . $dirs[0]; + } + for ($i = 0; $i < count($dirs); $i++) { + $temp = array_slice($dirs, 0, $i + 1); + $temp = implode('/', $temp); + $result = $this->mkdir_helper($temp, $mode); + } + return $result; + } + + return $this->mkdir_helper($dir, $mode); + } + + /** + * Helper function for directory creation + * + * @param string $dir + * @param int $mode + * @return bool + */ + private function mkdir_helper($dir, $mode) + { + // send SSH_FXP_MKDIR without any attributes (that's what the \0\0\0\0 is doing) + $this->send_sftp_packet(NET_SFTP_MKDIR, Strings::packSSH2('s', $dir) . "\0\0\0\0"); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + return false; + } + + if ($mode !== -1) { + $this->chmod($mode, $dir); + } + + return true; + } + + /** + * Removes a directory. + * + * @param string $dir + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return bool + */ + public function rmdir($dir) + { + if (!$this->precheck()) { + return false; + } + + $dir = $this->realpath($dir); + if ($dir === false) { + return false; + } + + $this->send_sftp_packet(NET_SFTP_RMDIR, Strings::packSSH2('s', $dir)); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED? + $this->logError($response, $status); + return false; + } + + $this->remove_from_stat_cache($dir); + // the following will do a soft delete, which would be useful if you deleted a file + // and then tried to do a stat on the deleted file. the above, in contrast, does + // a hard delete + //$this->update_stat_cache($dir, false); + + return true; + } + + /** + * Uploads a file to the SFTP server. + * + * By default, \phpseclib3\Net\SFTP::put() does not read from the local filesystem. $data is dumped directly into $remote_file. + * So, for example, if you set $data to 'filename.ext' and then do \phpseclib3\Net\SFTP::get(), you will get a file, twelve bytes + * long, containing 'filename.ext' as its contents. + * + * Setting $mode to self::SOURCE_LOCAL_FILE will change the above behavior. With self::SOURCE_LOCAL_FILE, $remote_file will + * contain as many bytes as filename.ext does on your local filesystem. If your filename.ext is 1MB then that is how + * large $remote_file will be, as well. + * + * Setting $mode to self::SOURCE_CALLBACK will use $data as callback function, which gets only one parameter -- number + * of bytes to return, and returns a string if there is some data or null if there is no more data + * + * If $data is a resource then it'll be used as a resource instead. + * + * Currently, only binary mode is supported. As such, if the line endings need to be adjusted, you will need to take + * care of that, yourself. + * + * $mode can take an additional two parameters - self::RESUME and self::RESUME_START. These are bitwise AND'd with + * $mode. So if you want to resume upload of a 300mb file on the local file system you'd set $mode to the following: + * + * self::SOURCE_LOCAL_FILE | self::RESUME + * + * If you wanted to simply append the full contents of a local file to the full contents of a remote file you'd replace + * self::RESUME with self::RESUME_START. + * + * If $mode & (self::RESUME | self::RESUME_START) then self::RESUME_START will be assumed. + * + * $start and $local_start give you more fine grained control over this process and take precident over self::RESUME + * when they're non-negative. ie. $start could let you write at the end of a file (like self::RESUME) or in the middle + * of one. $local_start could let you start your reading from the end of a file (like self::RESUME_START) or in the + * middle of one. + * + * Setting $local_start to > 0 or $mode | self::RESUME_START doesn't do anything unless $mode | self::SOURCE_LOCAL_FILE. + * + * {@internal ASCII mode for SFTPv4/5/6 can be supported by adding a new function - \phpseclib3\Net\SFTP::setMode().} + * + * @param string $remote_file + * @param string|resource $data + * @param int $mode + * @param int $start + * @param int $local_start + * @param callable|null $progressCallback + * @throws \UnexpectedValueException on receipt of unexpected packets + * @throws \BadFunctionCallException if you're uploading via a callback and the callback function is invalid + * @throws FileNotFoundException if you're uploading via a file and the file doesn't exist + * @return bool + */ + public function put($remote_file, $data, $mode = self::SOURCE_STRING, $start = -1, $local_start = -1, $progressCallback = null) + { + if (!$this->precheck()) { + return false; + } + + $remote_file = $this->realpath($remote_file); + if ($remote_file === false) { + return false; + } + + $this->remove_from_stat_cache($remote_file); + + if ($this->version >= 5) { + $flags = NET_SFTP_OPEN_OPEN_OR_CREATE; + } else { + $flags = NET_SFTP_OPEN_WRITE | NET_SFTP_OPEN_CREATE; + // according to the SFTP specs, NET_SFTP_OPEN_APPEND should "force all writes to append data at the end of the file." + // in practice, it doesn't seem to do that. + //$flags|= ($mode & self::RESUME) ? NET_SFTP_OPEN_APPEND : NET_SFTP_OPEN_TRUNCATE; + } + + if ($start >= 0) { + $offset = $start; + } elseif ($mode & (self::RESUME | self::RESUME_START)) { + // if NET_SFTP_OPEN_APPEND worked as it should _size() wouldn't need to be called + $stat = $this->stat($remote_file); + $offset = $stat !== false && $stat['size'] ? $stat['size'] : 0; + } else { + $offset = 0; + if ($this->version >= 5) { + $flags = NET_SFTP_OPEN_CREATE_TRUNCATE; + } else { + $flags |= NET_SFTP_OPEN_TRUNCATE; + } + } + + $this->remove_from_stat_cache($remote_file); + + $packet = Strings::packSSH2('s', $remote_file); + $packet .= $this->version >= 5 ? + pack('N3', 0, $flags, 0) : + pack('N2', $flags, 0); + $this->send_sftp_packet(NET_SFTP_OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_HANDLE: + $handle = substr($response, 4); + break; + case NET_SFTP_STATUS: + $this->logError($response); + return false; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_HANDLE or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.2.3 + $dataCallback = false; + switch (true) { + case $mode & self::SOURCE_CALLBACK: + if (!is_callable($data)) { + throw new \BadFunctionCallException("\$data should be is_callable() if you specify SOURCE_CALLBACK flag"); + } + $dataCallback = $data; + // do nothing + break; + case is_resource($data): + $mode = $mode & ~self::SOURCE_LOCAL_FILE; + $info = stream_get_meta_data($data); + if (isset($info['wrapper_type']) && $info['wrapper_type'] == 'PHP' && $info['stream_type'] == 'Input') { + $fp = fopen('php://memory', 'w+'); + stream_copy_to_stream($data, $fp); + rewind($fp); + } else { + $fp = $data; + } + break; + case $mode & self::SOURCE_LOCAL_FILE: + if (!is_file($data)) { + throw new FileNotFoundException("$data is not a valid file"); + } + $fp = @fopen($data, 'rb'); + if (!$fp) { + return false; + } + } + + if (isset($fp)) { + $stat = fstat($fp); + $size = !empty($stat) ? $stat['size'] : 0; + + if ($local_start >= 0) { + fseek($fp, $local_start); + $size -= $local_start; + } elseif ($mode & self::RESUME) { + fseek($fp, $offset); + $size -= $offset; + } + } elseif ($dataCallback) { + $size = 0; + } else { + $size = strlen($data); + } + + $sent = 0; + $size = $size < 0 ? ($size & 0x7FFFFFFF) + 0x80000000 : $size; + + $sftp_packet_size = $this->max_sftp_packet; + // make the SFTP packet be exactly the SFTP packet size by including the bytes in the NET_SFTP_WRITE packets "header" + $sftp_packet_size -= strlen($handle) + 25; + $i = $j = 0; + while ($dataCallback || ($size === 0 || $sent < $size)) { + if ($dataCallback) { + $temp = $dataCallback($sftp_packet_size); + if (is_null($temp)) { + break; + } + } else { + $temp = isset($fp) ? fread($fp, $sftp_packet_size) : substr($data, $sent, $sftp_packet_size); + if ($temp === false || $temp === '') { + break; + } + } + + $subtemp = $offset + $sent; + $packet = pack('Na*N3a*', strlen($handle), $handle, $subtemp / 4294967296, $subtemp, strlen($temp), $temp); + try { + $this->send_sftp_packet(NET_SFTP_WRITE, $packet, $j); + } catch (\Exception $e) { + if ($mode & self::SOURCE_LOCAL_FILE) { + fclose($fp); + } + throw $e; + } + $sent += strlen($temp); + if (is_callable($progressCallback)) { + $progressCallback($sent); + } + + $i++; + $j++; + if ($i == NET_SFTP_UPLOAD_QUEUE_SIZE) { + if (!$this->read_put_responses($i)) { + $i = 0; + break; + } + $i = 0; + } + } + + $result = $this->close_handle($handle); + + if (!$this->read_put_responses($i)) { + if ($mode & self::SOURCE_LOCAL_FILE) { + fclose($fp); + } + $this->close_handle($handle); + return false; + } + + if ($mode & SFTP::SOURCE_LOCAL_FILE) { + if (isset($fp) && is_resource($fp)) { + fclose($fp); + } + + if ($this->preserveTime) { + $stat = stat($data); + $attr = $this->version < 4 ? + pack('N3', NET_SFTP_ATTR_ACCESSTIME, $stat['atime'], $stat['mtime']) : + Strings::packSSH2('NQ2', NET_SFTP_ATTR_ACCESSTIME | NET_SFTP_ATTR_MODIFYTIME, $stat['atime'], $stat['mtime']); + if (!$this->setstat($remote_file, $attr, false)) { + throw new \RuntimeException('Error setting file time'); + } + } + } + + return $result; + } + + /** + * Reads multiple successive SSH_FXP_WRITE responses + * + * Sending an SSH_FXP_WRITE packet and immediately reading its response isn't as efficient as blindly sending out $i + * SSH_FXP_WRITEs, in succession, and then reading $i responses. + * + * @param int $i + * @return bool + * @throws \UnexpectedValueException on receipt of unexpected packets + */ + private function read_put_responses($i) + { + while ($i--) { + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + break; + } + } + + return $i < 0; + } + + /** + * Close handle + * + * @param string $handle + * @return bool + * @throws \UnexpectedValueException on receipt of unexpected packets + */ + private function close_handle($handle) + { + $this->send_sftp_packet(NET_SFTP_CLOSE, pack('Na*', strlen($handle), $handle)); + + // "The client MUST release all resources associated with the handle regardless of the status." + // -- http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.1.3 + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + return false; + } + + return true; + } + + /** + * Downloads a file from the SFTP server. + * + * Returns a string containing the contents of $remote_file if $local_file is left undefined or a boolean false if + * the operation was unsuccessful. If $local_file is defined, returns true or false depending on the success of the + * operation. + * + * $offset and $length can be used to download files in chunks. + * + * @param string $remote_file + * @param string|bool|resource|callable $local_file + * @param int $offset + * @param int $length + * @param callable|null $progressCallback + * @throws \UnexpectedValueException on receipt of unexpected packets + * @return string|bool + */ + public function get($remote_file, $local_file = false, $offset = 0, $length = -1, $progressCallback = null) + { + if (!$this->precheck()) { + return false; + } + + $remote_file = $this->realpath($remote_file); + if ($remote_file === false) { + return false; + } + + $packet = Strings::packSSH2('s', $remote_file); + $packet .= $this->version >= 5 ? + pack('N3', 0, NET_SFTP_OPEN_OPEN_EXISTING, 0) : + pack('N2', NET_SFTP_OPEN_READ, 0); + $this->send_sftp_packet(NET_SFTP_OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_HANDLE: + $handle = substr($response, 4); + break; + case NET_SFTP_STATUS: // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + $this->logError($response); + return false; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_HANDLE or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + if (is_resource($local_file)) { + $fp = $local_file; + $stat = fstat($fp); + $res_offset = $stat['size']; + } else { + $res_offset = 0; + if ($local_file !== false && !is_callable($local_file)) { + $fp = fopen($local_file, 'wb'); + if (!$fp) { + return false; + } + } else { + $content = ''; + } + } + + $fclose_check = $local_file !== false && !is_callable($local_file) && !is_resource($local_file); + + $start = $offset; + $read = 0; + while (true) { + $i = 0; + + while ($i < NET_SFTP_QUEUE_SIZE && ($length < 0 || $read < $length)) { + $tempoffset = $start + $read; + + $packet_size = $length > 0 ? min($this->max_sftp_packet, $length - $read) : $this->max_sftp_packet; + + $packet = Strings::packSSH2('sN3', $handle, $tempoffset / 4294967296, $tempoffset, $packet_size); + try { + $this->send_sftp_packet(NET_SFTP_READ, $packet, $i); + } catch (\Exception $e) { + if ($fclose_check) { + fclose($fp); + } + throw $e; + } + $packet = null; + $read += $packet_size; + $i++; + } + + if (!$i) { + break; + } + + $packets_sent = $i - 1; + + $clear_responses = false; + while ($i > 0) { + $i--; + + if ($clear_responses) { + $this->get_sftp_packet($packets_sent - $i); + continue; + } else { + $response = $this->get_sftp_packet($packets_sent - $i); + } + + switch ($this->packet_type) { + case NET_SFTP_DATA: + $temp = substr($response, 4); + $offset += strlen($temp); + if ($local_file === false) { + $content .= $temp; + } elseif (is_callable($local_file)) { + $local_file($temp); + } else { + fputs($fp, $temp); + } + if (is_callable($progressCallback)) { + call_user_func($progressCallback, $offset); + } + $temp = null; + break; + case NET_SFTP_STATUS: + // could, in theory, return false if !strlen($content) but we'll hold off for the time being + $this->logError($response); + $clear_responses = true; // don't break out of the loop yet, so we can read the remaining responses + break; + default: + if ($fclose_check) { + fclose($fp); + } + if ($this->channel_close) { + $this->partial_init = false; + $this->init_sftp_connection(); + return false; + } else { + throw new \UnexpectedValueException('Expected NET_SFTP_DATA or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + } + $response = null; + } + + if ($clear_responses) { + break; + } + } + + if ($fclose_check) { + fclose($fp); + + if ($this->preserveTime) { + $stat = $this->stat($remote_file); + touch($local_file, $stat['mtime'], $stat['atime']); + } + } + + if (!$this->close_handle($handle)) { + return false; + } + + // if $content isn't set that means a file was written to + return isset($content) ? $content : true; + } + + /** + * Deletes a file on the SFTP server. + * + * @param string $path + * @param bool $recursive + * @return bool + * @throws \UnexpectedValueException on receipt of unexpected packets + */ + public function delete($path, $recursive = true) + { + if (!$this->precheck()) { + return false; + } + + if (is_object($path)) { + // It's an object. Cast it as string before we check anything else. + $path = (string) $path; + } + + if (!is_string($path) || $path == '') { + return false; + } + + $path = $this->realpath($path); + if ($path === false) { + return false; + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.3 + $this->send_sftp_packet(NET_SFTP_REMOVE, pack('Na*', strlen($path), $path)); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + // if $status isn't SSH_FX_OK it's probably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + if (!$recursive) { + return false; + } + + $i = 0; + $result = $this->delete_recursive($path, $i); + $this->read_put_responses($i); + return $result; + } + + $this->remove_from_stat_cache($path); + + return true; + } + + /** + * Recursively deletes directories on the SFTP server + * + * Minimizes directory lookups and SSH_FXP_STATUS requests for speed. + * + * @param string $path + * @param int $i + * @return bool + */ + private function delete_recursive($path, &$i) + { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + $entries = $this->readlist($path, true); + + // The folder does not exist at all, so we cannot delete it. + if ($entries === NET_SFTP_STATUS_NO_SUCH_FILE) { + return false; + } + + // Normally $entries would have at least . and .. but it might not if the directories + // permissions didn't allow reading. If this happens then default to an empty list of files. + if ($entries === false || is_int($entries)) { + $entries = []; + } + + unset($entries['.'], $entries['..']); + foreach ($entries as $filename => $props) { + if (!isset($props['type'])) { + return false; + } + + $temp = $path . '/' . $filename; + if ($props['type'] == NET_SFTP_TYPE_DIRECTORY) { + if (!$this->delete_recursive($temp, $i)) { + return false; + } + } else { + $this->send_sftp_packet(NET_SFTP_REMOVE, Strings::packSSH2('s', $temp)); + $this->remove_from_stat_cache($temp); + + $i++; + + if ($i >= NET_SFTP_QUEUE_SIZE) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + } + } + + $this->send_sftp_packet(NET_SFTP_RMDIR, Strings::packSSH2('s', $path)); + $this->remove_from_stat_cache($path); + + $i++; + + if ($i >= NET_SFTP_QUEUE_SIZE) { + if (!$this->read_put_responses($i)) { + return false; + } + $i = 0; + } + + return true; + } + + /** + * Checks whether a file or directory exists + * + * @param string $path + * @return bool + */ + public function file_exists($path) + { + if ($this->use_stat_cache) { + if (!$this->precheck()) { + return false; + } + + $path = $this->realpath($path); + + $result = $this->query_stat_cache($path); + + if (isset($result)) { + // return true if $result is an array or if it's an stdClass object + return $result !== false; + } + } + + return $this->stat($path) !== false; + } + + /** + * Tells whether the filename is a directory + * + * @param string $path + * @return bool + */ + public function is_dir($path) + { + $result = $this->get_stat_cache_prop($path, 'type'); + if ($result === false) { + return false; + } + return $result === NET_SFTP_TYPE_DIRECTORY; + } + + /** + * Tells whether the filename is a regular file + * + * @param string $path + * @return bool + */ + public function is_file($path) + { + $result = $this->get_stat_cache_prop($path, 'type'); + if ($result === false) { + return false; + } + return $result === NET_SFTP_TYPE_REGULAR; + } + + /** + * Tells whether the filename is a symbolic link + * + * @param string $path + * @return bool + */ + public function is_link($path) + { + $result = $this->get_lstat_cache_prop($path, 'type'); + if ($result === false) { + return false; + } + return $result === NET_SFTP_TYPE_SYMLINK; + } + + /** + * Tells whether a file exists and is readable + * + * @param string $path + * @return bool + */ + public function is_readable($path) + { + if (!$this->precheck()) { + return false; + } + + $packet = Strings::packSSH2('sNN', $this->realpath($path), NET_SFTP_OPEN_READ, 0); + $this->send_sftp_packet(NET_SFTP_OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_HANDLE: + return true; + case NET_SFTP_STATUS: // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + return false; + default: + throw new \UnexpectedValueException('Expected NET_SFTP_HANDLE or NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + } + + /** + * Tells whether the filename is writable + * + * @param string $path + * @return bool + */ + public function is_writable($path) + { + if (!$this->precheck()) { + return false; + } + + $packet = Strings::packSSH2('sNN', $this->realpath($path), NET_SFTP_OPEN_WRITE, 0); + $this->send_sftp_packet(NET_SFTP_OPEN, $packet); + + $response = $this->get_sftp_packet(); + switch ($this->packet_type) { + case NET_SFTP_HANDLE: + return true; + case NET_SFTP_STATUS: // presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + return false; + default: + throw new \UnexpectedValueException('Expected SSH_FXP_HANDLE or SSH_FXP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + } + + /** + * Tells whether the filename is writeable + * + * Alias of is_writable + * + * @param string $path + * @return bool + */ + public function is_writeable($path) + { + return $this->is_writable($path); + } + + /** + * Gets last access time of file + * + * @param string $path + * @return mixed + */ + public function fileatime($path) + { + return $this->get_stat_cache_prop($path, 'atime'); + } + + /** + * Gets file modification time + * + * @param string $path + * @return mixed + */ + public function filemtime($path) + { + return $this->get_stat_cache_prop($path, 'mtime'); + } + + /** + * Gets file permissions + * + * @param string $path + * @return mixed + */ + public function fileperms($path) + { + return $this->get_stat_cache_prop($path, 'mode'); + } + + /** + * Gets file owner + * + * @param string $path + * @return mixed + */ + public function fileowner($path) + { + return $this->get_stat_cache_prop($path, 'uid'); + } + + /** + * Gets file group + * + * @param string $path + * @return mixed + */ + public function filegroup($path) + { + return $this->get_stat_cache_prop($path, 'gid'); + } + + /** + * Recursively go through rawlist() output to get the total filesize + * + * @return int + */ + private static function recursiveFilesize(array $files) + { + $size = 0; + foreach ($files as $name => $file) { + if ($name == '.' || $name == '..') { + continue; + } + $size += is_array($file) ? + self::recursiveFilesize($file) : + $file->size; + } + return $size; + } + + /** + * Gets file size + * + * @param string $path + * @param bool $recursive + * @return mixed + */ + public function filesize($path, $recursive = false) + { + return !$recursive || $this->filetype($path) != 'dir' ? + $this->get_stat_cache_prop($path, 'size') : + self::recursiveFilesize($this->rawlist($path, true)); + } + + /** + * Gets file type + * + * @param string $path + * @return string|false + */ + public function filetype($path) + { + $type = $this->get_stat_cache_prop($path, 'type'); + if ($type === false) { + return false; + } + + switch ($type) { + case NET_SFTP_TYPE_BLOCK_DEVICE: + return 'block'; + case NET_SFTP_TYPE_CHAR_DEVICE: + return 'char'; + case NET_SFTP_TYPE_DIRECTORY: + return 'dir'; + case NET_SFTP_TYPE_FIFO: + return 'fifo'; + case NET_SFTP_TYPE_REGULAR: + return 'file'; + case NET_SFTP_TYPE_SYMLINK: + return 'link'; + default: + return false; + } + } + + /** + * Return a stat properity + * + * Uses cache if appropriate. + * + * @param string $path + * @param string $prop + * @return mixed + */ + private function get_stat_cache_prop($path, $prop) + { + return $this->get_xstat_cache_prop($path, $prop, 'stat'); + } + + /** + * Return an lstat properity + * + * Uses cache if appropriate. + * + * @param string $path + * @param string $prop + * @return mixed + */ + private function get_lstat_cache_prop($path, $prop) + { + return $this->get_xstat_cache_prop($path, $prop, 'lstat'); + } + + /** + * Return a stat or lstat properity + * + * Uses cache if appropriate. + * + * @param string $path + * @param string $prop + * @param string $type + * @return mixed + */ + private function get_xstat_cache_prop($path, $prop, $type) + { + if (!$this->precheck()) { + return false; + } + + if ($this->use_stat_cache) { + $path = $this->realpath($path); + + $result = $this->query_stat_cache($path); + + if (is_object($result) && isset($result->$type)) { + return $result->{$type}[$prop]; + } + } + + $result = $this->$type($path); + + if ($result === false || !isset($result[$prop])) { + return false; + } + + return $result[$prop]; + } + + /** + * Renames a file or a directory on the SFTP server. + * + * If the file already exists this will return false + * + * @param string $oldname + * @param string $newname + * @return bool + * @throws \UnexpectedValueException on receipt of unexpected packets + */ + public function rename($oldname, $newname) + { + if (!$this->precheck()) { + return false; + } + + $oldname = $this->realpath($oldname); + $newname = $this->realpath($newname); + if ($oldname === false || $newname === false) { + return false; + } + + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-8.3 + $packet = Strings::packSSH2('ss', $oldname, $newname); + if ($this->version >= 5) { + /* quoting https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-05#section-6.5 , + + 'flags' is 0 or a combination of: + + SSH_FXP_RENAME_OVERWRITE 0x00000001 + SSH_FXP_RENAME_ATOMIC 0x00000002 + SSH_FXP_RENAME_NATIVE 0x00000004 + + (none of these are currently supported) */ + $packet .= "\0\0\0\0"; + } + $this->send_sftp_packet(NET_SFTP_RENAME, $packet); + + $response = $this->get_sftp_packet(); + if ($this->packet_type != NET_SFTP_STATUS) { + throw new \UnexpectedValueException('Expected NET_SFTP_STATUS. ' + . 'Got packet type: ' . $this->packet_type); + } + + // if $status isn't SSH_FX_OK it's probably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED + list($status) = Strings::unpackSSH2('N', $response); + if ($status != NET_SFTP_STATUS_OK) { + $this->logError($response, $status); + return false; + } + + // don't move the stat cache entry over since this operation could very well change the + // atime and mtime attributes + //$this->update_stat_cache($newname, $this->query_stat_cache($oldname)); + $this->remove_from_stat_cache($oldname); + $this->remove_from_stat_cache($newname); + + return true; + } + + /** + * Parse Time + * + * See '7.7. Times' of draft-ietf-secsh-filexfer-13 for more info. + * + * @param string $key + * @param int $flags + * @param string $response + * @return array + */ + private function parseTime($key, $flags, &$response) + { + $attr = []; + list($attr[$key]) = Strings::unpackSSH2('Q', $response); + if ($flags & NET_SFTP_ATTR_SUBSECOND_TIMES) { + list($attr[$key . '-nseconds']) = Strings::unpackSSH2('N', $response); + } + return $attr; + } + + /** + * Parse Attributes + * + * See '7. File Attributes' of draft-ietf-secsh-filexfer-13 for more info. + * + * @param string $response + * @return array + */ + protected function parseAttributes(&$response) + { + if ($this->version >= 4) { + list($flags, $attr['type']) = Strings::unpackSSH2('NC', $response); + } else { + list($flags) = Strings::unpackSSH2('N', $response); + } + + foreach (self::$attributes as $key => $value) { + switch ($flags & $key) { + case NET_SFTP_ATTR_UIDGID: + if ($this->version > 3) { + continue 2; + } + break; + case NET_SFTP_ATTR_CREATETIME: + case NET_SFTP_ATTR_MODIFYTIME: + case NET_SFTP_ATTR_ACL: + case NET_SFTP_ATTR_OWNERGROUP: + case NET_SFTP_ATTR_SUBSECOND_TIMES: + if ($this->version < 4) { + continue 2; + } + break; + case NET_SFTP_ATTR_BITS: + if ($this->version < 5) { + continue 2; + } + break; + case NET_SFTP_ATTR_ALLOCATION_SIZE: + case NET_SFTP_ATTR_TEXT_HINT: + case NET_SFTP_ATTR_MIME_TYPE: + case NET_SFTP_ATTR_LINK_COUNT: + case NET_SFTP_ATTR_UNTRANSLATED_NAME: + case NET_SFTP_ATTR_CTIME: + if ($this->version < 6) { + continue 2; + } + } + switch ($flags & $key) { + case NET_SFTP_ATTR_SIZE: // 0x00000001 + // The size attribute is defined as an unsigned 64-bit integer. + // The following will use floats on 32-bit platforms, if necessary. + // As can be seen in the BigInteger class, floats are generally + // IEEE 754 binary64 "double precision" on such platforms and + // as such can represent integers of at least 2^50 without loss + // of precision. Interpreted in filesize, 2^50 bytes = 1024 TiB. + list($attr['size']) = Strings::unpackSSH2('Q', $response); + break; + case NET_SFTP_ATTR_UIDGID: // 0x00000002 (SFTPv3 only) + list($attr['uid'], $attr['gid']) = Strings::unpackSSH2('NN', $response); + break; + case NET_SFTP_ATTR_PERMISSIONS: // 0x00000004 + list($attr['mode']) = Strings::unpackSSH2('N', $response); + $fileType = $this->parseMode($attr['mode']); + if ($this->version < 4 && $fileType !== false) { + $attr += ['type' => $fileType]; + } + break; + case NET_SFTP_ATTR_ACCESSTIME: // 0x00000008 + if ($this->version >= 4) { + $attr += $this->parseTime('atime', $flags, $response); + break; + } + list($attr['atime'], $attr['mtime']) = Strings::unpackSSH2('NN', $response); + break; + case NET_SFTP_ATTR_CREATETIME: // 0x00000010 (SFTPv4+) + $attr += $this->parseTime('createtime', $flags, $response); + break; + case NET_SFTP_ATTR_MODIFYTIME: // 0x00000020 + $attr += $this->parseTime('mtime', $flags, $response); + break; + case NET_SFTP_ATTR_ACL: // 0x00000040 + // access control list + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-04#section-5.7 + // currently unsupported + list($count) = Strings::unpackSSH2('N', $response); + for ($i = 0; $i < $count; $i++) { + list($type, $flag, $mask, $who) = Strings::unpackSSH2('N3s', $result); + } + break; + case NET_SFTP_ATTR_OWNERGROUP: // 0x00000080 + list($attr['owner'], $attr['$group']) = Strings::unpackSSH2('ss', $response); + break; + case NET_SFTP_ATTR_SUBSECOND_TIMES: // 0x00000100 + break; + case NET_SFTP_ATTR_BITS: // 0x00000200 (SFTPv5+) + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-05#section-5.8 + // currently unsupported + // tells if you file is: + // readonly, system, hidden, case inensitive, archive, encrypted, compressed, sparse + // append only, immutable, sync + list($attrib_bits, $attrib_bits_valid) = Strings::unpackSSH2('N2', $response); + // if we were actually gonna implement the above it ought to be + // $attr['attrib-bits'] and $attr['attrib-bits-valid'] + // eg. - instead of _ + break; + case NET_SFTP_ATTR_ALLOCATION_SIZE: // 0x00000400 (SFTPv6+) + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.4 + // represents the number of bytes that the file consumes on the disk. will + // usually be larger than the 'size' field + list($attr['allocation-size']) = Strings::unpackSSH2('Q', $response); + break; + case NET_SFTP_ATTR_TEXT_HINT: // 0x00000800 + // https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.10 + // currently unsupported + // tells if file is "known text", "guessed text", "known binary", "guessed binary" + list($text_hint) = Strings::unpackSSH2('C', $response); + // the above should be $attr['text-hint'] + break; + case NET_SFTP_ATTR_MIME_TYPE: // 0x00001000 + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.11 + list($attr['mime-type']) = Strings::unpackSSH2('s', $response); + break; + case NET_SFTP_ATTR_LINK_COUNT: // 0x00002000 + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.12 + list($attr['link-count']) = Strings::unpackSSH2('N', $response); + break; + case NET_SFTP_ATTR_UNTRANSLATED_NAME:// 0x00004000 + // see https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.13 + list($attr['untranslated-name']) = Strings::unpackSSH2('s', $response); + break; + case NET_SFTP_ATTR_CTIME: // 0x00008000 + // 'ctime' contains the last time the file attributes were changed. The + // exact meaning of this field depends on the server. + $attr += $this->parseTime('ctime', $flags, $response); + break; + case NET_SFTP_ATTR_EXTENDED: // 0x80000000 + list($count) = Strings::unpackSSH2('N', $response); + for ($i = 0; $i < $count; $i++) { + list($key, $value) = Strings::unpackSSH2('ss', $response); + $attr[$key] = $value; + } + } + } + return $attr; + } + + /** + * Attempt to identify the file type + * + * Quoting the SFTP RFC, "Implementations MUST NOT send bits that are not defined" but they seem to anyway + * + * @param int $mode + * @return int + */ + private function parseMode($mode) + { + // values come from http://lxr.free-electrons.com/source/include/uapi/linux/stat.h#L12 + // see, also, http://linux.die.net/man/2/stat + switch ($mode & 0170000) {// ie. 1111 0000 0000 0000 + case 0000000: // no file type specified - figure out the file type using alternative means + return false; + case 0040000: + return NET_SFTP_TYPE_DIRECTORY; + case 0100000: + return NET_SFTP_TYPE_REGULAR; + case 0120000: + return NET_SFTP_TYPE_SYMLINK; + // new types introduced in SFTPv5+ + // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-05#section-5.2 + case 0010000: // named pipe (fifo) + return NET_SFTP_TYPE_FIFO; + case 0020000: // character special + return NET_SFTP_TYPE_CHAR_DEVICE; + case 0060000: // block special + return NET_SFTP_TYPE_BLOCK_DEVICE; + case 0140000: // socket + return NET_SFTP_TYPE_SOCKET; + case 0160000: // whiteout + // "SPECIAL should be used for files that are of + // a known type which cannot be expressed in the protocol" + return NET_SFTP_TYPE_SPECIAL; + default: + return NET_SFTP_TYPE_UNKNOWN; + } + } + + /** + * Parse Longname + * + * SFTPv3 doesn't provide any easy way of identifying a file type. You could try to open + * a file as a directory and see if an error is returned or you could try to parse the + * SFTPv3-specific longname field of the SSH_FXP_NAME packet. That's what this function does. + * The result is returned using the + * {@link http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-5.2 SFTPv4 type constants}. + * + * If the longname is in an unrecognized format bool(false) is returned. + * + * @param string $longname + * @return mixed + */ + private function parseLongname($longname) + { + // http://en.wikipedia.org/wiki/Unix_file_types + // http://en.wikipedia.org/wiki/Filesystem_permissions#Notation_of_traditional_Unix_permissions + if (preg_match('#^[^/]([r-][w-][xstST-]){3}#', $longname)) { + switch ($longname[0]) { + case '-': + return NET_SFTP_TYPE_REGULAR; + case 'd': + return NET_SFTP_TYPE_DIRECTORY; + case 'l': + return NET_SFTP_TYPE_SYMLINK; + default: + return NET_SFTP_TYPE_SPECIAL; + } + } + + return false; + } + + /** + * Sends SFTP Packets + * + * See '6. General Packet Format' of draft-ietf-secsh-filexfer-13 for more info. + * + * @param int $type + * @param string $data + * @param int $request_id + * @see self::_get_sftp_packet() + * @see self::send_channel_packet() + * @return void + */ + private function send_sftp_packet($type, $data, $request_id = 1) + { + // in SSH2.php the timeout is cumulative per function call. eg. exec() will + // timeout after 10s. but for SFTP.php it's cumulative per packet + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + + $packet = $this->use_request_id ? + pack('NCNa*', strlen($data) + 5, $type, $request_id, $data) : + pack('NCa*', strlen($data) + 1, $type, $data); + + $start = microtime(true); + $this->send_channel_packet(self::CHANNEL, $packet); + $stop = microtime(true); + + if (defined('NET_SFTP_LOGGING')) { + $packet_type = '-> ' . self::$packet_types[$type] . + ' (' . round($stop - $start, 4) . 's)'; + $this->append_log($packet_type, $data); + } + } + + /** + * Resets the SFTP channel for re-use + */ + private function reset_sftp() + { + $this->use_request_id = false; + $this->pwd = false; + $this->requestBuffer = []; + $this->partial_init = false; + } + + /** + * Resets a connection for re-use + */ + protected function reset_connection() + { + parent::reset_connection(); + $this->reset_sftp(); + } + + /** + * Receives SFTP Packets + * + * See '6. General Packet Format' of draft-ietf-secsh-filexfer-13 for more info. + * + * Incidentally, the number of SSH_MSG_CHANNEL_DATA messages has no bearing on the number of SFTP packets present. + * There can be one SSH_MSG_CHANNEL_DATA messages containing two SFTP packets or there can be two SSH_MSG_CHANNEL_DATA + * messages containing one SFTP packet. + * + * @see self::_send_sftp_packet() + * @return string + */ + private function get_sftp_packet($request_id = null) + { + $this->channel_close = false; + + if (isset($request_id) && isset($this->requestBuffer[$request_id])) { + $this->packet_type = $this->requestBuffer[$request_id]['packet_type']; + $temp = $this->requestBuffer[$request_id]['packet']; + unset($this->requestBuffer[$request_id]); + return $temp; + } + + // in SSH2.php the timeout is cumulative per function call. eg. exec() will + // timeout after 10s. but for SFTP.php it's cumulative per packet + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + + $start = microtime(true); + + // SFTP packet length + while (strlen($this->packet_buffer) < 4) { + $temp = $this->get_channel_packet(self::CHANNEL, true); + if ($temp === true) { + if ($this->channel_status[self::CHANNEL] === NET_SSH2_MSG_CHANNEL_CLOSE) { + $this->channel_close = true; + } + $this->packet_type = false; + $this->packet_buffer = ''; + return false; + } + $this->packet_buffer .= $temp; + } + if (strlen($this->packet_buffer) < 4) { + throw new \RuntimeException('Packet is too small'); + } + extract(unpack('Nlength', Strings::shift($this->packet_buffer, 4))); + /** @var integer $length */ + + $tempLength = $length; + $tempLength -= strlen($this->packet_buffer); + + // 256 * 1024 is what SFTP_MAX_MSG_LENGTH is set to in OpenSSH's sftp-common.h + if (!$this->allow_arbitrary_length_packets && !$this->use_request_id && $tempLength > 256 * 1024) { + throw new \RuntimeException('Invalid Size'); + } + + // SFTP packet type and data payload + while ($tempLength > 0) { + $temp = $this->get_channel_packet(self::CHANNEL, true); + if ($temp === true) { + if ($this->channel_status[self::CHANNEL] === NET_SSH2_MSG_CHANNEL_CLOSE) { + $this->channel_close = true; + } + $this->packet_type = false; + $this->packet_buffer = ''; + return false; + } + $this->packet_buffer .= $temp; + $tempLength -= strlen($temp); + } + + $stop = microtime(true); + + $this->packet_type = ord(Strings::shift($this->packet_buffer)); + + if ($this->use_request_id) { + extract(unpack('Npacket_id', Strings::shift($this->packet_buffer, 4))); // remove the request id + $length -= 5; // account for the request id and the packet type + } else { + $length -= 1; // account for the packet type + } + + $packet = Strings::shift($this->packet_buffer, $length); + + if (defined('NET_SFTP_LOGGING')) { + $packet_type = '<- ' . self::$packet_types[$this->packet_type] . + ' (' . round($stop - $start, 4) . 's)'; + $this->append_log($packet_type, $packet); + } + + if (isset($request_id) && $this->use_request_id && $packet_id != $request_id) { + $this->requestBuffer[$packet_id] = [ + 'packet_type' => $this->packet_type, + 'packet' => $packet + ]; + return $this->get_sftp_packet($request_id); + } + + return $packet; + } + + /** + * Logs data packets + * + * Makes sure that only the last 1MB worth of packets will be logged + * + * @param string $message_number + * @param string $message + */ + private function append_log($message_number, $message) + { + $this->append_log_helper( + NET_SFTP_LOGGING, + $message_number, + $message, + $this->packet_type_log, + $this->packet_log, + $this->log_size, + $this->realtime_log_file, + $this->realtime_log_wrap, + $this->realtime_log_size + ); + } + + /** + * Returns a log of the packets that have been sent and received. + * + * Returns a string if NET_SFTP_LOGGING == self::LOG_COMPLEX, an array if NET_SFTP_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SFTP_LOGGING') + * + * @return array|string|false + */ + public function getSFTPLog() + { + if (!defined('NET_SFTP_LOGGING')) { + return false; + } + + switch (NET_SFTP_LOGGING) { + case self::LOG_COMPLEX: + return $this->format_log($this->packet_log, $this->packet_type_log); + break; + //case self::LOG_SIMPLE: + default: + return $this->packet_type_log; + } + } + + /** + * Returns all errors on the SFTP layer + * + * @return array + */ + public function getSFTPErrors() + { + return $this->sftp_errors; + } + + /** + * Returns the last error on the SFTP layer + * + * @return string + */ + public function getLastSFTPError() + { + return count($this->sftp_errors) ? $this->sftp_errors[count($this->sftp_errors) - 1] : ''; + } + + /** + * Get supported SFTP versions + * + * @return array + */ + public function getSupportedVersions() + { + if (!($this->bitmap & SSH2::MASK_LOGIN)) { + return false; + } + + if (!$this->partial_init) { + $this->partial_init_sftp_connection(); + } + + $temp = ['version' => $this->defaultVersion]; + if (isset($this->extensions['versions'])) { + $temp['extensions'] = $this->extensions['versions']; + } + return $temp; + } + + /** + * Get supported SFTP versions + * + * @return int|false + */ + public function getNegotiatedVersion() + { + if (!$this->precheck()) { + return false; + } + + return $this->version; + } + + /** + * Set preferred version + * + * If you're preferred version isn't supported then the highest supported + * version of SFTP will be utilized. Set to null or false or int(0) to + * unset the preferred version + * + * @param int $version + */ + public function setPreferredVersion($version) + { + $this->preferredVersion = $version; + } + + /** + * Disconnect + * + * @param int $reason + * @return false + */ + protected function disconnect_helper($reason) + { + $this->pwd = false; + return parent::disconnect_helper($reason); + } + + /** + * Enable Date Preservation + * + */ + public function enableDatePreservation() + { + $this->preserveTime = true; + } + + /** + * Disable Date Preservation + * + */ + public function disableDatePreservation() + { + $this->preserveTime = false; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP/Stream.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP/Stream.php new file mode 100644 index 0000000..24047b4 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP/Stream.php @@ -0,0 +1,756 @@ + + * @copyright 2013 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Net\SFTP; + +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Net\SFTP; +use phpseclib3\Net\SSH2; + +/** + * SFTP Stream Wrapper + * + * @author Jim Wigginton + */ +class Stream +{ + /** + * SFTP instances + * + * Rather than re-create the connection we re-use instances if possible + * + * @var array + */ + public static $instances; + + /** + * SFTP instance + * + * @var object + */ + private $sftp; + + /** + * Path + * + * @var string + */ + private $path; + + /** + * Mode + * + * @var string + */ + private $mode; + + /** + * Position + * + * @var int + */ + private $pos; + + /** + * Size + * + * @var int + */ + private $size; + + /** + * Directory entries + * + * @var array + */ + private $entries; + + /** + * EOF flag + * + * @var bool + */ + private $eof; + + /** + * Context resource + * + * Technically this needs to be publicly accessible so PHP can set it directly + * + * @var resource + */ + public $context; + + /** + * Notification callback function + * + * @var callable + */ + private $notification; + + /** + * Registers this class as a URL wrapper. + * + * @param string $protocol The wrapper name to be registered. + * @return bool True on success, false otherwise. + */ + public static function register($protocol = 'sftp') + { + if (in_array($protocol, stream_get_wrappers(), true)) { + return false; + } + return stream_wrapper_register($protocol, get_called_class()); + } + + /** + * The Constructor + * + */ + public function __construct() + { + if (defined('NET_SFTP_STREAM_LOGGING')) { + echo "__construct()\r\n"; + } + } + + /** + * Path Parser + * + * Extract a path from a URI and actually connect to an SSH server if appropriate + * + * If "notification" is set as a context parameter the message code for successful login is + * NET_SSH2_MSG_USERAUTH_SUCCESS. For a failed login it's NET_SSH2_MSG_USERAUTH_FAILURE. + * + * @param string $path + * @return string + */ + protected function parse_path($path) + { + $orig = $path; + extract(parse_url($path) + ['port' => 22]); + if (isset($query)) { + $path .= '?' . $query; + } elseif (preg_match('/(\?|\?#)$/', $orig)) { + $path .= '?'; + } + if (isset($fragment)) { + $path .= '#' . $fragment; + } elseif ($orig[strlen($orig) - 1] == '#') { + $path .= '#'; + } + + if (!isset($host)) { + return false; + } + + if (isset($this->context)) { + $context = stream_context_get_params($this->context); + if (isset($context['notification'])) { + $this->notification = $context['notification']; + } + } + + if (preg_match('/^{[a-z0-9]+}$/i', $host)) { + $host = SSH2::getConnectionByResourceId($host); + if ($host === false) { + return false; + } + $this->sftp = $host; + } else { + if (isset($this->context)) { + $context = stream_context_get_options($this->context); + } + if (isset($context[$scheme]['session'])) { + $sftp = $context[$scheme]['session']; + } + if (isset($context[$scheme]['sftp'])) { + $sftp = $context[$scheme]['sftp']; + } + if (isset($sftp) && $sftp instanceof SFTP) { + $this->sftp = $sftp; + return $path; + } + if (isset($context[$scheme]['username'])) { + $user = $context[$scheme]['username']; + } + if (isset($context[$scheme]['password'])) { + $pass = $context[$scheme]['password']; + } + if (isset($context[$scheme]['privkey']) && $context[$scheme]['privkey'] instanceof PrivateKey) { + $pass = $context[$scheme]['privkey']; + } + + if (!isset($user) || !isset($pass)) { + return false; + } + + // casting $pass to a string is necessary in the event that it's a \phpseclib3\Crypt\RSA object + if (isset(self::$instances[$host][$port][$user][(string) $pass])) { + $this->sftp = self::$instances[$host][$port][$user][(string) $pass]; + } else { + $this->sftp = new SFTP($host, $port); + $this->sftp->disableStatCache(); + if (isset($this->notification) && is_callable($this->notification)) { + /* if !is_callable($this->notification) we could do this: + + user_error('fopen(): failed to call user notifier', E_USER_WARNING); + + the ftp wrapper gives errors like that when the notifier isn't callable. + i've opted not to do that, however, since the ftp wrapper gives the line + on which the fopen occurred as the line number - not the line that the + user_error is on. + */ + call_user_func($this->notification, STREAM_NOTIFY_CONNECT, STREAM_NOTIFY_SEVERITY_INFO, '', 0, 0, 0); + call_user_func($this->notification, STREAM_NOTIFY_AUTH_REQUIRED, STREAM_NOTIFY_SEVERITY_INFO, '', 0, 0, 0); + if (!$this->sftp->login($user, $pass)) { + call_user_func($this->notification, STREAM_NOTIFY_AUTH_RESULT, STREAM_NOTIFY_SEVERITY_ERR, 'Login Failure', NET_SSH2_MSG_USERAUTH_FAILURE, 0, 0); + return false; + } + call_user_func($this->notification, STREAM_NOTIFY_AUTH_RESULT, STREAM_NOTIFY_SEVERITY_INFO, 'Login Success', NET_SSH2_MSG_USERAUTH_SUCCESS, 0, 0); + } else { + if (!$this->sftp->login($user, $pass)) { + return false; + } + } + self::$instances[$host][$port][$user][(string) $pass] = $this->sftp; + } + } + + return $path; + } + + /** + * Opens file or URL + * + * @param string $path + * @param string $mode + * @param int $options + * @param string $opened_path + * @return bool + */ + private function _stream_open($path, $mode, $options, &$opened_path) + { + $path = $this->parse_path($path); + + if ($path === false) { + return false; + } + $this->path = $path; + + $this->size = $this->sftp->filesize($path); + $this->mode = preg_replace('#[bt]$#', '', $mode); + $this->eof = false; + + if ($this->size === false) { + if ($this->mode[0] == 'r') { + return false; + } else { + $this->sftp->touch($path); + $this->size = 0; + } + } else { + switch ($this->mode[0]) { + case 'x': + return false; + case 'w': + $this->sftp->truncate($path, 0); + $this->size = 0; + } + } + + $this->pos = $this->mode[0] != 'a' ? 0 : $this->size; + + return true; + } + + /** + * Read from stream + * + * @param int $count + * @return mixed + */ + private function _stream_read($count) + { + switch ($this->mode) { + case 'w': + case 'a': + case 'x': + case 'c': + return false; + } + + // commented out because some files - eg. /dev/urandom - will say their size is 0 when in fact it's kinda infinite + //if ($this->pos >= $this->size) { + // $this->eof = true; + // return false; + //} + + $result = $this->sftp->get($this->path, false, $this->pos, $count); + if (isset($this->notification) && is_callable($this->notification)) { + if ($result === false) { + call_user_func($this->notification, STREAM_NOTIFY_FAILURE, STREAM_NOTIFY_SEVERITY_ERR, $this->sftp->getLastSFTPError(), NET_SFTP_OPEN, 0, 0); + return 0; + } + // seems that PHP calls stream_read in 8k chunks + call_user_func($this->notification, STREAM_NOTIFY_PROGRESS, STREAM_NOTIFY_SEVERITY_INFO, '', 0, strlen($result), $this->size); + } + + if (empty($result)) { // ie. false or empty string + $this->eof = true; + return false; + } + $this->pos += strlen($result); + + return $result; + } + + /** + * Write to stream + * + * @param string $data + * @return int|false + */ + private function _stream_write($data) + { + switch ($this->mode) { + case 'r': + return false; + } + + $result = $this->sftp->put($this->path, $data, SFTP::SOURCE_STRING, $this->pos); + if (isset($this->notification) && is_callable($this->notification)) { + if (!$result) { + call_user_func($this->notification, STREAM_NOTIFY_FAILURE, STREAM_NOTIFY_SEVERITY_ERR, $this->sftp->getLastSFTPError(), NET_SFTP_OPEN, 0, 0); + return 0; + } + // seems that PHP splits up strings into 8k blocks before calling stream_write + call_user_func($this->notification, STREAM_NOTIFY_PROGRESS, STREAM_NOTIFY_SEVERITY_INFO, '', 0, strlen($data), strlen($data)); + } + + if ($result === false) { + return false; + } + $this->pos += strlen($data); + if ($this->pos > $this->size) { + $this->size = $this->pos; + } + $this->eof = false; + return strlen($data); + } + + /** + * Retrieve the current position of a stream + * + * @return int + */ + private function _stream_tell() + { + return $this->pos; + } + + /** + * Tests for end-of-file on a file pointer + * + * In my testing there are four classes functions that normally effect the pointer: + * fseek, fputs / fwrite, fgets / fread and ftruncate. + * + * Only fgets / fread, however, results in feof() returning true. do fputs($fp, 'aaa') on a blank file and feof() + * will return false. do fread($fp, 1) and feof() will then return true. do fseek($fp, 10) on ablank file and feof() + * will return false. do fread($fp, 1) and feof() will then return true. + * + * @return bool + */ + private function _stream_eof() + { + return $this->eof; + } + + /** + * Seeks to specific location in a stream + * + * @param int $offset + * @param int $whence + * @return bool + */ + private function _stream_seek($offset, $whence) + { + switch ($whence) { + case SEEK_SET: + if ($offset < 0) { + return false; + } + break; + case SEEK_CUR: + $offset += $this->pos; + break; + case SEEK_END: + $offset += $this->size; + } + + $this->pos = $offset; + $this->eof = false; + return true; + } + + /** + * Change stream options + * + * @param string $path + * @param int $option + * @param mixed $var + * @return bool + */ + private function _stream_metadata($path, $option, $var) + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + // stream_metadata was introduced in PHP 5.4.0 but as of 5.4.11 the constants haven't been defined + // see http://www.php.net/streamwrapper.stream-metadata and https://bugs.php.net/64246 + // and https://github.com/php/php-src/blob/master/main/php_streams.h#L592 + switch ($option) { + case 1: // PHP_STREAM_META_TOUCH + $time = isset($var[0]) ? $var[0] : null; + $atime = isset($var[1]) ? $var[1] : null; + return $this->sftp->touch($path, $time, $atime); + case 2: // PHP_STREAM_OWNER_NAME + case 3: // PHP_STREAM_GROUP_NAME + return false; + case 4: // PHP_STREAM_META_OWNER + return $this->sftp->chown($path, $var); + case 5: // PHP_STREAM_META_GROUP + return $this->sftp->chgrp($path, $var); + case 6: // PHP_STREAM_META_ACCESS + return $this->sftp->chmod($path, $var) !== false; + } + } + + /** + * Retrieve the underlaying resource + * + * @param int $cast_as + * @return resource + */ + private function _stream_cast($cast_as) + { + return $this->sftp->fsock; + } + + /** + * Advisory file locking + * + * @param int $operation + * @return bool + */ + private function _stream_lock($operation) + { + return false; + } + + /** + * Renames a file or directory + * + * Attempts to rename oldname to newname, moving it between directories if necessary. + * If newname exists, it will be overwritten. This is a departure from what \phpseclib3\Net\SFTP + * does. + * + * @param string $path_from + * @param string $path_to + * @return bool + */ + private function _rename($path_from, $path_to) + { + $path1 = parse_url($path_from); + $path2 = parse_url($path_to); + unset($path1['path'], $path2['path']); + if ($path1 != $path2) { + return false; + } + + $path_from = $this->parse_path($path_from); + $path_to = parse_url($path_to); + if ($path_from === false) { + return false; + } + + $path_to = $path_to['path']; // the $component part of parse_url() was added in PHP 5.1.2 + // "It is an error if there already exists a file with the name specified by newpath." + // -- http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-6.5 + if (!$this->sftp->rename($path_from, $path_to)) { + if ($this->sftp->stat($path_to)) { + return $this->sftp->delete($path_to, true) && $this->sftp->rename($path_from, $path_to); + } + return false; + } + + return true; + } + + /** + * Open directory handle + * + * The only $options is "whether or not to enforce safe_mode (0x04)". Since safe mode was deprecated in 5.3 and + * removed in 5.4 I'm just going to ignore it. + * + * Also, nlist() is the best that this function is realistically going to be able to do. When an SFTP client + * sends a SSH_FXP_READDIR packet you don't generally get info on just one file but on multiple files. Quoting + * the SFTP specs: + * + * The SSH_FXP_NAME response has the following format: + * + * uint32 id + * uint32 count + * repeats count times: + * string filename + * string longname + * ATTRS attrs + * + * @param string $path + * @param int $options + * @return bool + */ + private function _dir_opendir($path, $options) + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + $this->pos = 0; + $this->entries = $this->sftp->nlist($path); + return $this->entries !== false; + } + + /** + * Read entry from directory handle + * + * @return mixed + */ + private function _dir_readdir() + { + if (isset($this->entries[$this->pos])) { + return $this->entries[$this->pos++]; + } + return false; + } + + /** + * Rewind directory handle + * + * @return bool + */ + private function _dir_rewinddir() + { + $this->pos = 0; + return true; + } + + /** + * Close directory handle + * + * @return bool + */ + private function _dir_closedir() + { + return true; + } + + /** + * Create a directory + * + * Only valid $options is STREAM_MKDIR_RECURSIVE + * + * @param string $path + * @param int $mode + * @param int $options + * @return bool + */ + private function _mkdir($path, $mode, $options) + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + return $this->sftp->mkdir($path, $mode, $options & STREAM_MKDIR_RECURSIVE); + } + + /** + * Removes a directory + * + * Only valid $options is STREAM_MKDIR_RECURSIVE per , however, + * does not have a $recursive parameter as mkdir() does so I don't know how + * STREAM_MKDIR_RECURSIVE is supposed to be set. Also, when I try it out with rmdir() I get 8 as + * $options. What does 8 correspond to? + * + * @param string $path + * @param int $options + * @return bool + */ + private function _rmdir($path, $options) + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + return $this->sftp->rmdir($path); + } + + /** + * Flushes the output + * + * See . Always returns true because \phpseclib3\Net\SFTP doesn't cache stuff before writing + * + * @return bool + */ + private function _stream_flush() + { + return true; + } + + /** + * Retrieve information about a file resource + * + * @return mixed + */ + private function _stream_stat() + { + $results = $this->sftp->stat($this->path); + if ($results === false) { + return false; + } + return $results; + } + + /** + * Delete a file + * + * @param string $path + * @return bool + */ + private function _unlink($path) + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + return $this->sftp->delete($path, false); + } + + /** + * Retrieve information about a file + * + * Ignores the STREAM_URL_STAT_QUIET flag because the entirety of \phpseclib3\Net\SFTP\Stream is quiet by default + * might be worthwhile to reconstruct bits 12-16 (ie. the file type) if mode doesn't have them but we'll + * cross that bridge when and if it's reached + * + * @param string $path + * @param int $flags + * @return mixed + */ + private function _url_stat($path, $flags) + { + $path = $this->parse_path($path); + if ($path === false) { + return false; + } + + $results = $flags & STREAM_URL_STAT_LINK ? $this->sftp->lstat($path) : $this->sftp->stat($path); + if ($results === false) { + return false; + } + + return $results; + } + + /** + * Truncate stream + * + * @param int $new_size + * @return bool + */ + private function _stream_truncate($new_size) + { + if (!$this->sftp->truncate($this->path, $new_size)) { + return false; + } + + $this->eof = false; + $this->size = $new_size; + + return true; + } + + /** + * Change stream options + * + * STREAM_OPTION_WRITE_BUFFER isn't supported for the same reason stream_flush isn't. + * The other two aren't supported because of limitations in \phpseclib3\Net\SFTP. + * + * @param int $option + * @param int $arg1 + * @param int $arg2 + * @return bool + */ + private function _stream_set_option($option, $arg1, $arg2) + { + return false; + } + + /** + * Close an resource + * + */ + private function _stream_close() + { + } + + /** + * __call Magic Method + * + * When you're utilizing an SFTP stream you're not calling the methods in this class directly - PHP is calling them for you. + * Which kinda begs the question... what methods is PHP calling and what parameters is it passing to them? This function + * lets you figure that out. + * + * If NET_SFTP_STREAM_LOGGING is defined all calls will be output on the screen and then (regardless of whether or not + * NET_SFTP_STREAM_LOGGING is enabled) the parameters will be passed through to the appropriate method. + * + * @param string $name + * @param array $arguments + * @return mixed + */ + public function __call($name, array $arguments) + { + if (defined('NET_SFTP_STREAM_LOGGING')) { + echo $name . '('; + $last = count($arguments) - 1; + foreach ($arguments as $i => $argument) { + var_export($argument); + if ($i != $last) { + echo ','; + } + } + echo ")\r\n"; + } + $name = '_' . $name; + if (!method_exists($this, $name)) { + return false; + } + return $this->$name(...$arguments); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php new file mode 100644 index 0000000..ede8743 --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php @@ -0,0 +1,5419 @@ + + * login('username', 'password')) { + * exit('Login Failed'); + * } + * + * echo $ssh->exec('pwd'); + * echo $ssh->exec('ls -la'); + * ?> + * + * + * + * login('username', $key)) { + * exit('Login Failed'); + * } + * + * echo $ssh->read('username@username:~$'); + * $ssh->write("ls -la\n"); + * echo $ssh->read('username@username:~$'); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2007 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\Net; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Blowfish; +use phpseclib3\Crypt\ChaCha20; +use phpseclib3\Crypt\Common\AsymmetricKey; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\Common\SymmetricKey; +use phpseclib3\Crypt\DH; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\Hash; +use phpseclib3\Crypt\Random; +use phpseclib3\Crypt\RC4; +use phpseclib3\Crypt\Rijndael; +use phpseclib3\Crypt\RSA; +use phpseclib3\Crypt\TripleDES; // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification. +use phpseclib3\Crypt\Twofish; +use phpseclib3\Exception\ConnectionClosedException; +use phpseclib3\Exception\InsufficientSetupException; +use phpseclib3\Exception\InvalidPacketLengthException; +use phpseclib3\Exception\NoSupportedAlgorithmsException; +use phpseclib3\Exception\TimeoutException; +use phpseclib3\Exception\UnableToConnectException; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\Exception\UnsupportedCurveException; +use phpseclib3\Math\BigInteger; +use phpseclib3\System\SSH\Agent; + +/** + * Pure-PHP implementation of SSHv2. + * + * @author Jim Wigginton + */ +class SSH2 +{ + /**#@+ + * Compression Types + * + */ + /** + * No compression + */ + const NET_SSH2_COMPRESSION_NONE = 1; + /** + * zlib compression + */ + const NET_SSH2_COMPRESSION_ZLIB = 2; + /** + * zlib@openssh.com + */ + const NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH = 3; + /**#@-*/ + + // Execution Bitmap Masks + const MASK_CONSTRUCTOR = 0x00000001; + const MASK_CONNECTED = 0x00000002; + const MASK_LOGIN_REQ = 0x00000004; + const MASK_LOGIN = 0x00000008; + const MASK_SHELL = 0x00000010; + + /* + * Channel constants + * + * RFC4254 refers not to client and server channels but rather to sender and recipient channels. we don't refer + * to them in that way because RFC4254 toggles the meaning. the client sends a SSH_MSG_CHANNEL_OPEN message with + * a sender channel and the server sends a SSH_MSG_CHANNEL_OPEN_CONFIRMATION in response, with a sender and a + * recipient channel. at first glance, you might conclude that SSH_MSG_CHANNEL_OPEN_CONFIRMATION's sender channel + * would be the same thing as SSH_MSG_CHANNEL_OPEN's sender channel, but it's not, per this snippet: + * The 'recipient channel' is the channel number given in the original + * open request, and 'sender channel' is the channel number allocated by + * the other side. + * + * @see \phpseclib3\Net\SSH2::send_channel_packet() + * @see \phpseclib3\Net\SSH2::get_channel_packet() + */ + const CHANNEL_EXEC = 1; // PuTTy uses 0x100 + const CHANNEL_SHELL = 2; + const CHANNEL_SUBSYSTEM = 3; + const CHANNEL_AGENT_FORWARD = 4; + const CHANNEL_KEEP_ALIVE = 5; + + /** + * Returns the message numbers + * + * @see \phpseclib3\Net\SSH2::getLog() + */ + const LOG_SIMPLE = 1; + /** + * Returns the message content + * + * @see \phpseclib3\Net\SSH2::getLog() + */ + const LOG_COMPLEX = 2; + /** + * Outputs the content real-time + */ + const LOG_REALTIME = 3; + /** + * Dumps the content real-time to a file + */ + const LOG_REALTIME_FILE = 4; + /** + * Outputs the message numbers real-time + */ + const LOG_SIMPLE_REALTIME = 5; + /** + * Make sure that the log never gets larger than this + * + * @see \phpseclib3\Net\SSH2::getLog() + */ + const LOG_MAX_SIZE = 1048576; // 1024 * 1024 + + /** + * Returns when a string matching $expect exactly is found + * + * @see \phpseclib3\Net\SSH2::read() + */ + const READ_SIMPLE = 1; + /** + * Returns when a string matching the regular expression $expect is found + * + * @see \phpseclib3\Net\SSH2::read() + */ + const READ_REGEX = 2; + /** + * Returns whenever a data packet is received. + * + * Some data packets may only contain a single character so it may be necessary + * to call read() multiple times when using this option + * + * @see \phpseclib3\Net\SSH2::read() + */ + const READ_NEXT = 3; + + /** + * The SSH identifier + * + * @var string + */ + private $identifier; + + /** + * The Socket Object + * + * @var resource|closed-resource|null + */ + public $fsock; + + /** + * Execution Bitmap + * + * The bits that are set represent functions that have been called already. This is used to determine + * if a requisite function has been successfully executed. If not, an error should be thrown. + * + * @var int + */ + protected $bitmap = 0; + + /** + * Error information + * + * @see self::getErrors() + * @see self::getLastError() + * @var array + */ + private $errors = []; + + /** + * Server Identifier + * + * @see self::getServerIdentification() + * @var string|false + */ + protected $server_identifier = false; + + /** + * Key Exchange Algorithms + * + * @see self::getKexAlgorithims() + * @var array|false + */ + private $kex_algorithms = false; + + /** + * Key Exchange Algorithm + * + * @see self::getMethodsNegotiated() + * @var string|false + */ + private $kex_algorithm = false; + + /** + * Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods + * + * @see self::_key_exchange() + * @var int + */ + private $kex_dh_group_size_min = 1536; + + /** + * Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods + * + * @see self::_key_exchange() + * @var int + */ + private $kex_dh_group_size_preferred = 2048; + + /** + * Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods + * + * @see self::_key_exchange() + * @var int + */ + private $kex_dh_group_size_max = 4096; + + /** + * Server Host Key Algorithms + * + * @see self::getServerHostKeyAlgorithms() + * @var array|false + */ + private $server_host_key_algorithms = false; + + /** + * Supported Private Key Algorithms + * + * In theory this should be the same as the Server Host Key Algorithms but, in practice, + * some servers (eg. Azure) will support rsa-sha2-512 as a server host key algorithm but + * not a private key algorithm + * + * @see self::privatekey_login() + * @var array|false + */ + private $supported_private_key_algorithms = false; + + /** + * Encryption Algorithms: Client to Server + * + * @see self::getEncryptionAlgorithmsClient2Server() + * @var array|false + */ + private $encryption_algorithms_client_to_server = false; + + /** + * Encryption Algorithms: Server to Client + * + * @see self::getEncryptionAlgorithmsServer2Client() + * @var array|false + */ + private $encryption_algorithms_server_to_client = false; + + /** + * MAC Algorithms: Client to Server + * + * @see self::getMACAlgorithmsClient2Server() + * @var array|false + */ + private $mac_algorithms_client_to_server = false; + + /** + * MAC Algorithms: Server to Client + * + * @see self::getMACAlgorithmsServer2Client() + * @var array|false + */ + private $mac_algorithms_server_to_client = false; + + /** + * Compression Algorithms: Client to Server + * + * @see self::getCompressionAlgorithmsClient2Server() + * @var array|false + */ + private $compression_algorithms_client_to_server = false; + + /** + * Compression Algorithms: Server to Client + * + * @see self::getCompressionAlgorithmsServer2Client() + * @var array|false + */ + private $compression_algorithms_server_to_client = false; + + /** + * Languages: Server to Client + * + * @see self::getLanguagesServer2Client() + * @var array|false + */ + private $languages_server_to_client = false; + + /** + * Languages: Client to Server + * + * @see self::getLanguagesClient2Server() + * @var array|false + */ + private $languages_client_to_server = false; + + /** + * Preferred Algorithms + * + * @see self::setPreferredAlgorithms() + * @var array + */ + private $preferred = []; + + /** + * Block Size for Server to Client Encryption + * + * "Note that the length of the concatenation of 'packet_length', + * 'padding_length', 'payload', and 'random padding' MUST be a multiple + * of the cipher block size or 8, whichever is larger. This constraint + * MUST be enforced, even when using stream ciphers." + * + * -- http://tools.ietf.org/html/rfc4253#section-6 + * + * @see self::__construct() + * @see self::_send_binary_packet() + * @var int + */ + private $encrypt_block_size = 8; + + /** + * Block Size for Client to Server Encryption + * + * @see self::__construct() + * @see self::_get_binary_packet() + * @var int + */ + private $decrypt_block_size = 8; + + /** + * Server to Client Encryption Object + * + * @see self::_get_binary_packet() + * @var SymmetricKey|false + */ + private $decrypt = false; + + /** + * Decryption Algorithm Name + * + * @var string|null + */ + private $decryptName; + + /** + * Decryption Invocation Counter + * + * Used by GCM + * + * @var string|null + */ + private $decryptInvocationCounter; + + /** + * Fixed Part of Nonce + * + * Used by GCM + * + * @var string|null + */ + private $decryptFixedPart; + + /** + * Server to Client Length Encryption Object + * + * @see self::_get_binary_packet() + * @var object + */ + private $lengthDecrypt = false; + + /** + * Client to Server Encryption Object + * + * @see self::_send_binary_packet() + * @var SymmetricKey|false + */ + private $encrypt = false; + + /** + * Encryption Algorithm Name + * + * @var string|null + */ + private $encryptName; + + /** + * Encryption Invocation Counter + * + * Used by GCM + * + * @var string|null + */ + private $encryptInvocationCounter; + + /** + * Fixed Part of Nonce + * + * Used by GCM + * + * @var string|null + */ + private $encryptFixedPart; + + /** + * Client to Server Length Encryption Object + * + * @see self::_send_binary_packet() + * @var object + */ + private $lengthEncrypt = false; + + /** + * Client to Server HMAC Object + * + * @see self::_send_binary_packet() + * @var object + */ + private $hmac_create = false; + + /** + * Client to Server HMAC Name + * + * @var string|false + */ + private $hmac_create_name; + + /** + * Client to Server ETM + * + * @var int|false + */ + private $hmac_create_etm; + + /** + * Server to Client HMAC Object + * + * @see self::_get_binary_packet() + * @var object + */ + private $hmac_check = false; + + /** + * Server to Client HMAC Name + * + * @var string|false + */ + private $hmac_check_name; + + /** + * Server to Client ETM + * + * @var int|false + */ + private $hmac_check_etm; + + /** + * Size of server to client HMAC + * + * We need to know how big the HMAC will be for the server to client direction so that we know how many bytes to read. + * For the client to server side, the HMAC object will make the HMAC as long as it needs to be. All we need to do is + * append it. + * + * @see self::_get_binary_packet() + * @var int + */ + private $hmac_size = false; + + /** + * Server Public Host Key + * + * @see self::getServerPublicHostKey() + * @var string + */ + private $server_public_host_key; + + /** + * Session identifier + * + * "The exchange hash H from the first key exchange is additionally + * used as the session identifier, which is a unique identifier for + * this connection." + * + * -- http://tools.ietf.org/html/rfc4253#section-7.2 + * + * @see self::_key_exchange() + * @var string + */ + private $session_id = false; + + /** + * Exchange hash + * + * The current exchange hash + * + * @see self::_key_exchange() + * @var string + */ + private $exchange_hash = false; + + /** + * Message Numbers + * + * @see self::__construct() + * @var array + * @access private + */ + private static $message_numbers = []; + + /** + * Disconnection Message 'reason codes' defined in RFC4253 + * + * @see self::__construct() + * @var array + * @access private + */ + private static $disconnect_reasons = []; + + /** + * SSH_MSG_CHANNEL_OPEN_FAILURE 'reason codes', defined in RFC4254 + * + * @see self::__construct() + * @var array + * @access private + */ + private static $channel_open_failure_reasons = []; + + /** + * Terminal Modes + * + * @link http://tools.ietf.org/html/rfc4254#section-8 + * @see self::__construct() + * @var array + * @access private + */ + private static $terminal_modes = []; + + /** + * SSH_MSG_CHANNEL_EXTENDED_DATA's data_type_codes + * + * @link http://tools.ietf.org/html/rfc4254#section-5.2 + * @see self::__construct() + * @var array + * @access private + */ + private static $channel_extended_data_type_codes = []; + + /** + * Send Sequence Number + * + * See 'Section 6.4. Data Integrity' of rfc4253 for more info. + * + * @see self::_send_binary_packet() + * @var int + */ + private $send_seq_no = 0; + + /** + * Get Sequence Number + * + * See 'Section 6.4. Data Integrity' of rfc4253 for more info. + * + * @see self::_get_binary_packet() + * @var int + */ + private $get_seq_no = 0; + + /** + * Server Channels + * + * Maps client channels to server channels + * + * @see self::get_channel_packet() + * @see self::exec() + * @var array + */ + protected $server_channels = []; + + /** + * Channel Read Buffers + * + * If a client requests a packet from one channel but receives two packets from another those packets should + * be placed in a buffer + * + * @see self::get_channel_packet() + * @see self::exec() + * @var array + */ + private $channel_buffers = []; + + /** + * Channel Write Buffers + * + * If a client sends a packet and receives a timeout error mid-transmission, buffer the data written so it + * can be de-duplicated upon resuming write + * + * @see self::send_channel_packet() + * @var array + */ + private $channel_buffers_write = []; + + /** + * Channel Status + * + * Contains the type of the last sent message + * + * @see self::get_channel_packet() + * @var array + */ + protected $channel_status = []; + + /** + * The identifier of the interactive channel which was opened most recently + * + * @see self::getInteractiveChannelId() + * @var int + */ + private $channel_id_last_interactive = 0; + + /** + * Packet Size + * + * Maximum packet size indexed by channel + * + * @see self::send_channel_packet() + * @var array + */ + private $packet_size_client_to_server = []; + + /** + * Message Number Log + * + * @see self::getLog() + * @var array + */ + private $message_number_log = []; + + /** + * Message Log + * + * @see self::getLog() + * @var array + */ + private $message_log = []; + + /** + * The Window Size + * + * Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 2GB) + * + * @var int + * @see self::send_channel_packet() + * @see self::exec() + */ + protected $window_size = 0x7FFFFFFF; + + /** + * What we resize the window to + * + * When PuTTY resizes the window it doesn't add an additional 0x7FFFFFFF bytes - it adds 0x40000000 bytes. + * Some SFTP clients (GoAnywhere) don't support adding 0x7FFFFFFF to the window size after the fact so + * we'll just do what PuTTY does + * + * @var int + * @see self::_send_channel_packet() + * @see self::exec() + */ + private $window_resize = 0x40000000; + + /** + * Window size, server to client + * + * Window size indexed by channel + * + * @see self::send_channel_packet() + * @var array + */ + protected $window_size_server_to_client = []; + + /** + * Window size, client to server + * + * Window size indexed by channel + * + * @see self::get_channel_packet() + * @var array + */ + private $window_size_client_to_server = []; + + /** + * Server signature + * + * Verified against $this->session_id + * + * @see self::getServerPublicHostKey() + * @var string + */ + private $signature = ''; + + /** + * Server signature format + * + * ssh-rsa or ssh-dss. + * + * @see self::getServerPublicHostKey() + * @var string + */ + private $signature_format = ''; + + /** + * Interactive Buffer + * + * @see self::read() + * @var string + */ + private $interactiveBuffer = ''; + + /** + * Current log size + * + * Should never exceed self::LOG_MAX_SIZE + * + * @see self::_send_binary_packet() + * @see self::_get_binary_packet() + * @var int + */ + private $log_size; + + /** + * Timeout + * + * @see self::setTimeout() + */ + protected $timeout; + + /** + * Current Timeout + * + * @see self::get_channel_packet() + */ + protected $curTimeout; + + /** + * Keep Alive Interval + * + * @see self::setKeepAlive() + */ + private $keepAlive; + + /** + * Real-time log file pointer + * + * @see self::_append_log() + * @var resource|closed-resource + */ + private $realtime_log_file; + + /** + * Real-time log file size + * + * @see self::_append_log() + * @var int + */ + private $realtime_log_size; + + /** + * Has the signature been validated? + * + * @see self::getServerPublicHostKey() + * @var bool + */ + private $signature_validated = false; + + /** + * Real-time log file wrap boolean + * + * @see self::_append_log() + * @var bool + */ + private $realtime_log_wrap; + + /** + * Flag to suppress stderr from output + * + * @see self::enableQuietMode() + */ + private $quiet_mode = false; + + /** + * Time of last read/write network activity + * + * @var float + */ + private $last_packet = null; + + /** + * Exit status returned from ssh if any + * + * @var int + */ + private $exit_status; + + /** + * Flag to request a PTY when using exec() + * + * @var bool + * @see self::enablePTY() + */ + private $request_pty = false; + + /** + * Contents of stdError + * + * @var string + */ + private $stdErrorLog; + + /** + * The Last Interactive Response + * + * @see self::_keyboard_interactive_process() + * @var string + */ + private $last_interactive_response = ''; + + /** + * Keyboard Interactive Request / Responses + * + * @see self::_keyboard_interactive_process() + * @var array + */ + private $keyboard_requests_responses = []; + + /** + * Banner Message + * + * Quoting from the RFC, "in some jurisdictions, sending a warning message before + * authentication may be relevant for getting legal protection." + * + * @see self::_filter() + * @see self::getBannerMessage() + * @var string + */ + private $banner_message = ''; + + /** + * Did read() timeout or return normally? + * + * @see self::isTimeout() + * @var bool + */ + protected $is_timeout = false; + + /** + * Log Boundary + * + * @see self::_format_log() + * @var string + */ + private $log_boundary = ':'; + + /** + * Log Long Width + * + * @see self::_format_log() + * @var int + */ + private $log_long_width = 65; + + /** + * Log Short Width + * + * @see self::_format_log() + * @var int + */ + private $log_short_width = 16; + + /** + * Hostname + * + * @see self::__construct() + * @see self::_connect() + * @var string + */ + private $host; + + /** + * Port Number + * + * @see self::__construct() + * @see self::_connect() + * @var int + */ + private $port; + + /** + * Number of columns for terminal window size + * + * @see self::getWindowColumns() + * @see self::setWindowColumns() + * @see self::setWindowSize() + * @var int + */ + private $windowColumns = 80; + + /** + * Number of columns for terminal window size + * + * @see self::getWindowRows() + * @see self::setWindowRows() + * @see self::setWindowSize() + * @var int + */ + private $windowRows = 24; + + /** + * Crypto Engine + * + * @see self::setCryptoEngine() + * @see self::_key_exchange() + * @var int + */ + private static $crypto_engine = false; + + /** + * A System_SSH_Agent for use in the SSH2 Agent Forwarding scenario + * + * @var Agent + */ + private $agent; + + /** + * Connection storage to replicates ssh2 extension functionality: + * {@link http://php.net/manual/en/wrappers.ssh2.php#refsect1-wrappers.ssh2-examples} + * + * @var array> + */ + private static $connections; + + /** + * Send the identification string first? + * + * @var bool + */ + private $send_id_string_first = true; + + /** + * Send the key exchange initiation packet first? + * + * @var bool + */ + private $send_kex_first = true; + + /** + * Some versions of OpenSSH incorrectly calculate the key size + * + * @var bool + */ + private $bad_key_size_fix = false; + + /** + * Should we try to re-connect to re-establish keys? + * + * @var bool + */ + private $login_credentials_finalized = false; + + /** + * Binary Packet Buffer + * + * @var object|null + */ + private $binary_packet_buffer = null; + + /** + * Preferred Signature Format + * + * @var string|false + */ + protected $preferred_signature_format = false; + + /** + * Authentication Credentials + * + * @var array + */ + protected $auth = []; + + /** + * Terminal + * + * @var string + */ + private $term = 'vt100'; + + /** + * The authentication methods that may productively continue authentication. + * + * @see https://tools.ietf.org/html/rfc4252#section-5.1 + * @var array|null + */ + private $auth_methods_to_continue = null; + + /** + * Compression method + * + * @var int + */ + private $compress = self::NET_SSH2_COMPRESSION_NONE; + + /** + * Decompression method + * + * @var int + */ + private $decompress = self::NET_SSH2_COMPRESSION_NONE; + + /** + * Compression context + * + * @var resource|false|null + */ + private $compress_context; + + /** + * Decompression context + * + * @var resource|object + */ + private $decompress_context; + + /** + * Regenerate Compression Context + * + * @var bool + */ + private $regenerate_compression_context = false; + + /** + * Regenerate Decompression Context + * + * @var bool + */ + private $regenerate_decompression_context = false; + + /** + * Smart multi-factor authentication flag + * + * @var bool + */ + private $smartMFA = true; + + /** + * How many channels are currently opened + * + * @var int + */ + private $channelCount = 0; + + /** + * Does the server support multiple channels? If not then error out + * when multiple channels are attempted to be opened + * + * @var bool + */ + private $errorOnMultipleChannels; + + /** + * Terrapin Countermeasure + * + * "During initial KEX, terminate the connection if any unexpected or out-of-sequence packet is received" + * -- https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 + * + * @var int + */ + private $extra_packets; + + /** + * Default Constructor. + * + * $host can either be a string, representing the host, or a stream resource. + * If $host is a stream resource then $port doesn't do anything, altho $timeout + * still will be used + * + * @param mixed $host + * @param int $port + * @param int $timeout + * @see self::login() + */ + public function __construct($host, $port = 22, $timeout = 10) + { + if (empty(self::$message_numbers)) { + self::$message_numbers = [ + 1 => 'NET_SSH2_MSG_DISCONNECT', + 2 => 'NET_SSH2_MSG_IGNORE', + 3 => 'NET_SSH2_MSG_UNIMPLEMENTED', + 4 => 'NET_SSH2_MSG_DEBUG', + 5 => 'NET_SSH2_MSG_SERVICE_REQUEST', + 6 => 'NET_SSH2_MSG_SERVICE_ACCEPT', + 7 => 'NET_SSH2_MSG_EXT_INFO', // RFC 8308 + 20 => 'NET_SSH2_MSG_KEXINIT', + 21 => 'NET_SSH2_MSG_NEWKEYS', + 30 => 'NET_SSH2_MSG_KEXDH_INIT', + 31 => 'NET_SSH2_MSG_KEXDH_REPLY', + 50 => 'NET_SSH2_MSG_USERAUTH_REQUEST', + 51 => 'NET_SSH2_MSG_USERAUTH_FAILURE', + 52 => 'NET_SSH2_MSG_USERAUTH_SUCCESS', + 53 => 'NET_SSH2_MSG_USERAUTH_BANNER', + + 80 => 'NET_SSH2_MSG_GLOBAL_REQUEST', + 81 => 'NET_SSH2_MSG_REQUEST_SUCCESS', + 82 => 'NET_SSH2_MSG_REQUEST_FAILURE', + 90 => 'NET_SSH2_MSG_CHANNEL_OPEN', + 91 => 'NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION', + 92 => 'NET_SSH2_MSG_CHANNEL_OPEN_FAILURE', + 93 => 'NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST', + 94 => 'NET_SSH2_MSG_CHANNEL_DATA', + 95 => 'NET_SSH2_MSG_CHANNEL_EXTENDED_DATA', + 96 => 'NET_SSH2_MSG_CHANNEL_EOF', + 97 => 'NET_SSH2_MSG_CHANNEL_CLOSE', + 98 => 'NET_SSH2_MSG_CHANNEL_REQUEST', + 99 => 'NET_SSH2_MSG_CHANNEL_SUCCESS', + 100 => 'NET_SSH2_MSG_CHANNEL_FAILURE' + ]; + self::$disconnect_reasons = [ + 1 => 'NET_SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT', + 2 => 'NET_SSH2_DISCONNECT_PROTOCOL_ERROR', + 3 => 'NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED', + 4 => 'NET_SSH2_DISCONNECT_RESERVED', + 5 => 'NET_SSH2_DISCONNECT_MAC_ERROR', + 6 => 'NET_SSH2_DISCONNECT_COMPRESSION_ERROR', + 7 => 'NET_SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE', + 8 => 'NET_SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED', + 9 => 'NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE', + 10 => 'NET_SSH2_DISCONNECT_CONNECTION_LOST', + 11 => 'NET_SSH2_DISCONNECT_BY_APPLICATION', + 12 => 'NET_SSH2_DISCONNECT_TOO_MANY_CONNECTIONS', + 13 => 'NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER', + 14 => 'NET_SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE', + 15 => 'NET_SSH2_DISCONNECT_ILLEGAL_USER_NAME' + ]; + self::$channel_open_failure_reasons = [ + 1 => 'NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED' + ]; + self::$terminal_modes = [ + 0 => 'NET_SSH2_TTY_OP_END' + ]; + self::$channel_extended_data_type_codes = [ + 1 => 'NET_SSH2_EXTENDED_DATA_STDERR' + ]; + + self::define_array( + self::$message_numbers, + self::$disconnect_reasons, + self::$channel_open_failure_reasons, + self::$terminal_modes, + self::$channel_extended_data_type_codes, + [60 => 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ'], + [60 => 'NET_SSH2_MSG_USERAUTH_PK_OK'], + [60 => 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST', + 61 => 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE'], + // RFC 4419 - diffie-hellman-group-exchange-sha{1,256} + [30 => 'NET_SSH2_MSG_KEXDH_GEX_REQUEST_OLD', + 31 => 'NET_SSH2_MSG_KEXDH_GEX_GROUP', + 32 => 'NET_SSH2_MSG_KEXDH_GEX_INIT', + 33 => 'NET_SSH2_MSG_KEXDH_GEX_REPLY', + 34 => 'NET_SSH2_MSG_KEXDH_GEX_REQUEST'], + // RFC 5656 - Elliptic Curves (for curve25519-sha256@libssh.org) + [30 => 'NET_SSH2_MSG_KEX_ECDH_INIT', + 31 => 'NET_SSH2_MSG_KEX_ECDH_REPLY'] + ); + } + + /** + * Typehint is required due to a bug in Psalm: https://github.com/vimeo/psalm/issues/7508 + * @var \WeakReference|SSH2 + */ + self::$connections[$this->getResourceId()] = class_exists('WeakReference') + ? \WeakReference::create($this) + : $this; + + $this->timeout = $timeout; + + if (is_resource($host)) { + $this->fsock = $host; + return; + } + + if (Strings::is_stringable($host)) { + $this->host = $host; + $this->port = $port; + } + } + + /** + * Set Crypto Engine Mode + * + * Possible $engine values: + * OpenSSL, mcrypt, Eval, PHP + * + * @param int $engine + */ + public static function setCryptoEngine($engine) + { + self::$crypto_engine = $engine; + } + + /** + * Send Identification String First + * + * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, + * both sides MUST send an identification string". It does not say which side sends it first. In + * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + */ + public function sendIdentificationStringFirst() + { + $this->send_id_string_first = true; + } + + /** + * Send Identification String Last + * + * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, + * both sides MUST send an identification string". It does not say which side sends it first. In + * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + */ + public function sendIdentificationStringLast() + { + $this->send_id_string_first = false; + } + + /** + * Send SSH_MSG_KEXINIT First + * + * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending + * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory + * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + */ + public function sendKEXINITFirst() + { + $this->send_kex_first = true; + } + + /** + * Send SSH_MSG_KEXINIT Last + * + * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending + * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory + * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + */ + public function sendKEXINITLast() + { + $this->send_kex_first = false; + } + + /** + * stream_select wrapper + * + * Quoting https://stackoverflow.com/a/14262151/569976, + * "The general approach to `EINTR` is to simply handle the error and retry the operation again" + * + * This wrapper does that loop + */ + private static function stream_select(&$read, &$write, &$except, $seconds, $microseconds = null) + { + $remaining = $seconds + $microseconds / 1000000; + $start = microtime(true); + while (true) { + $result = @stream_select($read, $write, $except, $seconds, $microseconds); + if ($result !== false) { + return $result; + } + $elapsed = microtime(true) - $start; + $seconds = (int) ($remaining - floor($elapsed)); + $microseconds = (int) (1000000 * ($remaining - $seconds)); + if ($elapsed >= $remaining) { + return false; + } + } + } + + /** + * Connect to an SSHv2 server + * + * @throws \UnexpectedValueException on receipt of unexpected packets + * @throws \RuntimeException on other errors + */ + private function connect() + { + if ($this->bitmap & self::MASK_CONSTRUCTOR) { + return; + } + + $this->bitmap |= self::MASK_CONSTRUCTOR; + + $this->curTimeout = $this->timeout; + + $this->last_packet = microtime(true); + + if (!is_resource($this->fsock)) { + $start = microtime(true); + // with stream_select a timeout of 0 means that no timeout takes place; + // with fsockopen a timeout of 0 means that you instantly timeout + // to resolve this incompatibility a timeout of 100,000 will be used for fsockopen if timeout is 0 + $this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $this->curTimeout == 0 ? 100000 : $this->curTimeout); + if (!$this->fsock) { + $host = $this->host . ':' . $this->port; + throw new UnableToConnectException(rtrim("Cannot connect to $host. Error $errno. $errstr")); + } + $elapsed = microtime(true) - $start; + + if ($this->curTimeout) { + $this->curTimeout -= $elapsed; + if ($this->curTimeout < 0) { + throw new \RuntimeException('Connection timed out whilst attempting to open socket connection'); + } + } + } + + $this->identifier = $this->generate_identifier(); + + if ($this->send_id_string_first) { + fputs($this->fsock, $this->identifier . "\r\n"); + } + + /* According to the SSH2 specs, + + "The server MAY send other lines of data before sending the version + string. Each line SHOULD be terminated by a Carriage Return and Line + Feed. Such lines MUST NOT begin with "SSH-", and SHOULD be encoded + in ISO-10646 UTF-8 [RFC3629] (language is not specified). Clients + MUST be able to process such lines." */ + $data = ''; + while (!feof($this->fsock) && !preg_match('#(.*)^(SSH-(\d\.\d+).*)#ms', $data, $matches)) { + $line = ''; + while (true) { + if ($this->curTimeout) { + if ($this->curTimeout < 0) { + throw new \RuntimeException('Connection timed out whilst receiving server identification string'); + } + $read = [$this->fsock]; + $write = $except = null; + $start = microtime(true); + $sec = (int) floor($this->curTimeout); + $usec = (int) (1000000 * ($this->curTimeout - $sec)); + if (static::stream_select($read, $write, $except, $sec, $usec) === false) { + throw new \RuntimeException('Connection timed out whilst receiving server identification string'); + } + $elapsed = microtime(true) - $start; + $this->curTimeout -= $elapsed; + } + + $temp = stream_get_line($this->fsock, 255, "\n"); + if ($temp === false) { + throw new \RuntimeException('Error reading from socket'); + } + if (strlen($temp) == 255) { + continue; + } + + $line .= "$temp\n"; + + // quoting RFC4253, "Implementers who wish to maintain + // compatibility with older, undocumented versions of this protocol may + // want to process the identification string without expecting the + // presence of the carriage return character for reasons described in + // Section 5 of this document." + + //if (substr($line, -2) == "\r\n") { + // break; + //} + + break; + } + + $data .= $line; + } + + if (feof($this->fsock)) { + $this->bitmap = 0; + throw new ConnectionClosedException('Connection closed by server'); + } + + $extra = $matches[1]; + + if (defined('NET_SSH2_LOGGING')) { + $this->append_log('<-', $matches[0]); + $this->append_log('->', $this->identifier . "\r\n"); + } + + $this->server_identifier = trim($temp, "\r\n"); + if (strlen($extra)) { + $this->errors[] = $data; + } + + if (version_compare($matches[3], '1.99', '<')) { + $this->bitmap = 0; + throw new UnableToConnectException("Cannot connect to SSH $matches[3] servers"); + } + + // Ubuntu's OpenSSH from 5.8 to 6.9 didn't work with multiple channels. see + // https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1334916 for more info. + // https://lists.ubuntu.com/archives/oneiric-changes/2011-July/005772.html discusses + // when consolekit was incorporated. + // https://marc.info/?l=openssh-unix-dev&m=163409903417589&w=2 discusses some of the + // issues with how Ubuntu incorporated consolekit + $pattern = '#^SSH-2\.0-OpenSSH_([\d.]+)[^ ]* Ubuntu-.*$#'; + $match = preg_match($pattern, $this->server_identifier, $matches); + $match = $match && version_compare('5.8', $matches[1], '<='); + $match = $match && version_compare('6.9', $matches[1], '>='); + $this->errorOnMultipleChannels = $match; + + if (!$this->send_id_string_first) { + fputs($this->fsock, $this->identifier . "\r\n"); + } + + if (!$this->send_kex_first) { + $response = $this->get_binary_packet_or_close(NET_SSH2_MSG_KEXINIT); + $this->key_exchange($response); + } + + if ($this->send_kex_first) { + $this->key_exchange(); + } + + $this->bitmap |= self::MASK_CONNECTED; + + return true; + } + + /** + * Generates the SSH identifier + * + * You should overwrite this method in your own class if you want to use another identifier + * + * @return string + */ + private function generate_identifier() + { + $identifier = 'SSH-2.0-phpseclib_3.0'; + + $ext = []; + if (extension_loaded('sodium')) { + $ext[] = 'libsodium'; + } + + if (extension_loaded('openssl')) { + $ext[] = 'openssl'; + } elseif (extension_loaded('mcrypt')) { + $ext[] = 'mcrypt'; + } + + if (extension_loaded('gmp')) { + $ext[] = 'gmp'; + } elseif (extension_loaded('bcmath')) { + $ext[] = 'bcmath'; + } + + if (!empty($ext)) { + $identifier .= ' (' . implode(', ', $ext) . ')'; + } + + return $identifier; + } + + /** + * Key Exchange + * + * @return bool + * @param string|bool $kexinit_payload_server optional + * @throws \UnexpectedValueException on receipt of unexpected packets + * @throws \RuntimeException on other errors + * @throws NoSupportedAlgorithmsException when none of the algorithms phpseclib has loaded are compatible + */ + private function key_exchange($kexinit_payload_server = false) + { + $preferred = $this->preferred; + $send_kex = true; + + $kex_algorithms = isset($preferred['kex']) ? + $preferred['kex'] : + SSH2::getSupportedKEXAlgorithms(); + $server_host_key_algorithms = isset($preferred['hostkey']) ? + $preferred['hostkey'] : + SSH2::getSupportedHostKeyAlgorithms(); + $s2c_encryption_algorithms = isset($preferred['server_to_client']['crypt']) ? + $preferred['server_to_client']['crypt'] : + SSH2::getSupportedEncryptionAlgorithms(); + $c2s_encryption_algorithms = isset($preferred['client_to_server']['crypt']) ? + $preferred['client_to_server']['crypt'] : + SSH2::getSupportedEncryptionAlgorithms(); + $s2c_mac_algorithms = isset($preferred['server_to_client']['mac']) ? + $preferred['server_to_client']['mac'] : + SSH2::getSupportedMACAlgorithms(); + $c2s_mac_algorithms = isset($preferred['client_to_server']['mac']) ? + $preferred['client_to_server']['mac'] : + SSH2::getSupportedMACAlgorithms(); + $s2c_compression_algorithms = isset($preferred['server_to_client']['comp']) ? + $preferred['server_to_client']['comp'] : + SSH2::getSupportedCompressionAlgorithms(); + $c2s_compression_algorithms = isset($preferred['client_to_server']['comp']) ? + $preferred['client_to_server']['comp'] : + SSH2::getSupportedCompressionAlgorithms(); + + $kex_algorithms = array_merge($kex_algorithms, ['ext-info-c', 'kex-strict-c-v00@openssh.com']); + + // some SSH servers have buggy implementations of some of the above algorithms + switch (true) { + case $this->server_identifier == 'SSH-2.0-SSHD': + case substr($this->server_identifier, 0, 13) == 'SSH-2.0-DLINK': + if (!isset($preferred['server_to_client']['mac'])) { + $s2c_mac_algorithms = array_values(array_diff( + $s2c_mac_algorithms, + ['hmac-sha1-96', 'hmac-md5-96'] + )); + } + if (!isset($preferred['client_to_server']['mac'])) { + $c2s_mac_algorithms = array_values(array_diff( + $c2s_mac_algorithms, + ['hmac-sha1-96', 'hmac-md5-96'] + )); + } + break; + case substr($this->server_identifier, 0, 24) == 'SSH-2.0-TurboFTP_SERVER_': + if (!isset($preferred['server_to_client']['crypt'])) { + $s2c_encryption_algorithms = array_values(array_diff( + $s2c_encryption_algorithms, + ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] + )); + } + if (!isset($preferred['client_to_server']['crypt'])) { + $c2s_encryption_algorithms = array_values(array_diff( + $c2s_encryption_algorithms, + ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] + )); + } + } + + $client_cookie = Random::string(16); + + $kexinit_payload_client = pack('Ca*', NET_SSH2_MSG_KEXINIT, $client_cookie); + $kexinit_payload_client .= Strings::packSSH2( + 'L10bN', + $kex_algorithms, + $server_host_key_algorithms, + $c2s_encryption_algorithms, + $s2c_encryption_algorithms, + $c2s_mac_algorithms, + $s2c_mac_algorithms, + $c2s_compression_algorithms, + $s2c_compression_algorithms, + [], // language, client to server + [], // language, server to client + false, // first_kex_packet_follows + 0 // reserved for future extension + ); + + if ($kexinit_payload_server === false) { + $this->send_binary_packet($kexinit_payload_client); + + $this->extra_packets = 0; + $kexinit_payload_server = $this->get_binary_packet_or_close(NET_SSH2_MSG_KEXINIT); + $send_kex = false; + } + + $response = $kexinit_payload_server; + Strings::shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT) + $server_cookie = Strings::shift($response, 16); + + list( + $this->kex_algorithms, + $this->server_host_key_algorithms, + $this->encryption_algorithms_client_to_server, + $this->encryption_algorithms_server_to_client, + $this->mac_algorithms_client_to_server, + $this->mac_algorithms_server_to_client, + $this->compression_algorithms_client_to_server, + $this->compression_algorithms_server_to_client, + $this->languages_client_to_server, + $this->languages_server_to_client, + $first_kex_packet_follows + ) = Strings::unpackSSH2('L10C', $response); + if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { + if ($this->session_id === false && $this->extra_packets) { + throw new \UnexpectedValueException('Possible Terrapin Attack detected'); + } + } + + $this->supported_private_key_algorithms = $this->server_host_key_algorithms; + + if ($send_kex) { + $this->send_binary_packet($kexinit_payload_client); + } + + // we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange + + // we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the + // diffie-hellman key exchange as fast as possible + $decrypt = self::array_intersect_first($s2c_encryption_algorithms, $this->encryption_algorithms_server_to_client); + if (!$decrypt || ($decryptKeyLength = $this->encryption_algorithm_to_key_size($decrypt)) === null) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server to client encryption algorithms found'); + } + + $encrypt = self::array_intersect_first($c2s_encryption_algorithms, $this->encryption_algorithms_client_to_server); + if (!$encrypt || ($encryptKeyLength = $this->encryption_algorithm_to_key_size($encrypt)) === null) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible client to server encryption algorithms found'); + } + + // through diffie-hellman key exchange a symmetric key is obtained + $this->kex_algorithm = self::array_intersect_first($kex_algorithms, $this->kex_algorithms); + if ($this->kex_algorithm === false) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible key exchange algorithms found'); + } + + $server_host_key_algorithm = self::array_intersect_first($server_host_key_algorithms, $this->server_host_key_algorithms); + if ($server_host_key_algorithm === false) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server host key algorithms found'); + } + + $mac_algorithm_out = self::array_intersect_first($c2s_mac_algorithms, $this->mac_algorithms_client_to_server); + if ($mac_algorithm_out === false) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible client to server message authentication algorithms found'); + } + + $mac_algorithm_in = self::array_intersect_first($s2c_mac_algorithms, $this->mac_algorithms_server_to_client); + if ($mac_algorithm_in === false) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server to client message authentication algorithms found'); + } + + $compression_map = [ + 'none' => self::NET_SSH2_COMPRESSION_NONE, + 'zlib' => self::NET_SSH2_COMPRESSION_ZLIB, + 'zlib@openssh.com' => self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH + ]; + + $compression_algorithm_in = self::array_intersect_first($s2c_compression_algorithms, $this->compression_algorithms_server_to_client); + if ($compression_algorithm_in === false) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible server to client compression algorithms found'); + } + $this->decompress = $compression_map[$compression_algorithm_in]; + + $compression_algorithm_out = self::array_intersect_first($c2s_compression_algorithms, $this->compression_algorithms_client_to_server); + if ($compression_algorithm_out === false) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new NoSupportedAlgorithmsException('No compatible client to server compression algorithms found'); + } + $this->compress = $compression_map[$compression_algorithm_out]; + + switch ($this->kex_algorithm) { + case 'diffie-hellman-group15-sha512': + case 'diffie-hellman-group16-sha512': + case 'diffie-hellman-group17-sha512': + case 'diffie-hellman-group18-sha512': + case 'ecdh-sha2-nistp521': + $kexHash = new Hash('sha512'); + break; + case 'ecdh-sha2-nistp384': + $kexHash = new Hash('sha384'); + break; + case 'diffie-hellman-group-exchange-sha256': + case 'diffie-hellman-group14-sha256': + case 'ecdh-sha2-nistp256': + case 'curve25519-sha256@libssh.org': + case 'curve25519-sha256': + $kexHash = new Hash('sha256'); + break; + default: + $kexHash = new Hash('sha1'); + } + + // Only relevant in diffie-hellman-group-exchange-sha{1,256}, otherwise empty. + + $exchange_hash_rfc4419 = ''; + + if (strpos($this->kex_algorithm, 'curve25519-sha256') === 0 || strpos($this->kex_algorithm, 'ecdh-sha2-nistp') === 0) { + $curve = strpos($this->kex_algorithm, 'curve25519-sha256') === 0 ? + 'Curve25519' : + substr($this->kex_algorithm, 10); + $ourPrivate = EC::createKey($curve); + $ourPublicBytes = $ourPrivate->getPublicKey()->getEncodedCoordinates(); + $clientKexInitMessage = 'NET_SSH2_MSG_KEX_ECDH_INIT'; + $serverKexReplyMessage = 'NET_SSH2_MSG_KEX_ECDH_REPLY'; + } else { + if (strpos($this->kex_algorithm, 'diffie-hellman-group-exchange') === 0) { + $dh_group_sizes_packed = pack( + 'NNN', + $this->kex_dh_group_size_min, + $this->kex_dh_group_size_preferred, + $this->kex_dh_group_size_max + ); + $packet = pack( + 'Ca*', + NET_SSH2_MSG_KEXDH_GEX_REQUEST, + $dh_group_sizes_packed + ); + $this->send_binary_packet($packet); + $this->updateLogHistory('UNKNOWN (34)', 'NET_SSH2_MSG_KEXDH_GEX_REQUEST'); + + $response = $this->get_binary_packet_or_close(NET_SSH2_MSG_KEXDH_GEX_GROUP); + list($type, $primeBytes, $gBytes) = Strings::unpackSSH2('Css', $response); + $this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP'); + $prime = new BigInteger($primeBytes, -256); + $g = new BigInteger($gBytes, -256); + + $exchange_hash_rfc4419 = $dh_group_sizes_packed . Strings::packSSH2( + 'ss', + $primeBytes, + $gBytes + ); + + $params = DH::createParameters($prime, $g); + $clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_GEX_INIT'; + $serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_GEX_REPLY'; + } else { + $params = DH::createParameters($this->kex_algorithm); + $clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_INIT'; + $serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_REPLY'; + } + + $keyLength = min($kexHash->getLengthInBytes(), max($encryptKeyLength, $decryptKeyLength)); + + $ourPrivate = DH::createKey($params, 16 * $keyLength); // 2 * 8 * $keyLength + $ourPublic = $ourPrivate->getPublicKey()->toBigInteger(); + $ourPublicBytes = $ourPublic->toBytes(true); + } + + $data = pack('CNa*', constant($clientKexInitMessage), strlen($ourPublicBytes), $ourPublicBytes); + + $this->send_binary_packet($data); + + switch ($clientKexInitMessage) { + case 'NET_SSH2_MSG_KEX_ECDH_INIT': + $this->updateLogHistory('NET_SSH2_MSG_KEXDH_INIT', 'NET_SSH2_MSG_KEX_ECDH_INIT'); + break; + case 'NET_SSH2_MSG_KEXDH_GEX_INIT': + $this->updateLogHistory('UNKNOWN (32)', 'NET_SSH2_MSG_KEXDH_GEX_INIT'); + } + + $response = $this->get_binary_packet_or_close(constant($serverKexReplyMessage)); + + list( + $type, + $server_public_host_key, + $theirPublicBytes, + $this->signature + ) = Strings::unpackSSH2('Csss', $response); + + switch ($serverKexReplyMessage) { + case 'NET_SSH2_MSG_KEX_ECDH_REPLY': + $this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEX_ECDH_REPLY'); + break; + case 'NET_SSH2_MSG_KEXDH_GEX_REPLY': + $this->updateLogHistory('UNKNOWN (33)', 'NET_SSH2_MSG_KEXDH_GEX_REPLY'); + } + + $this->server_public_host_key = $server_public_host_key; + list($public_key_format) = Strings::unpackSSH2('s', $server_public_host_key); + if (strlen($this->signature) < 4) { + throw new \LengthException('The signature needs at least four bytes'); + } + $temp = unpack('Nlength', substr($this->signature, 0, 4)); + $this->signature_format = substr($this->signature, 4, $temp['length']); + + $keyBytes = DH::computeSecret($ourPrivate, $theirPublicBytes); + if (($keyBytes & "\xFF\x80") === "\x00\x00") { + $keyBytes = substr($keyBytes, 1); + } elseif (($keyBytes[0] & "\x80") === "\x80") { + $keyBytes = "\0$keyBytes"; + } + + $this->exchange_hash = Strings::packSSH2( + 's5', + $this->identifier, + $this->server_identifier, + $kexinit_payload_client, + $kexinit_payload_server, + $this->server_public_host_key + ); + $this->exchange_hash .= $exchange_hash_rfc4419; + $this->exchange_hash .= Strings::packSSH2( + 's3', + $ourPublicBytes, + $theirPublicBytes, + $keyBytes + ); + + $this->exchange_hash = $kexHash->hash($this->exchange_hash); + + if ($this->session_id === false) { + $this->session_id = $this->exchange_hash; + } + + switch ($server_host_key_algorithm) { + case 'rsa-sha2-256': + case 'rsa-sha2-512': + //case 'ssh-rsa': + $expected_key_format = 'ssh-rsa'; + break; + default: + $expected_key_format = $server_host_key_algorithm; + } + if ($public_key_format != $expected_key_format || $this->signature_format != $server_host_key_algorithm) { + switch (true) { + case $this->signature_format == $server_host_key_algorithm: + case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512': + case $this->signature_format != 'ssh-rsa': + $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE); + throw new \RuntimeException('Server Host Key Algorithm Mismatch (' . $this->signature_format . ' vs ' . $server_host_key_algorithm . ')'); + } + } + + $packet = pack('C', NET_SSH2_MSG_NEWKEYS); + $this->send_binary_packet($packet); + $response = $this->get_binary_packet_or_close(NET_SSH2_MSG_NEWKEYS); + + if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { + $this->get_seq_no = $this->send_seq_no = 0; + } + + $keyBytes = pack('Na*', strlen($keyBytes), $keyBytes); + + $this->encrypt = self::encryption_algorithm_to_crypt_instance($encrypt); + if ($this->encrypt) { + if (self::$crypto_engine) { + $this->encrypt->setPreferredEngine(self::$crypto_engine); + } + if ($this->encrypt->getBlockLengthInBytes()) { + $this->encrypt_block_size = $this->encrypt->getBlockLengthInBytes(); + } + $this->encrypt->disablePadding(); + + if ($this->encrypt->usesIV()) { + $iv = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id); + while ($this->encrypt_block_size > strlen($iv)) { + $iv .= $kexHash->hash($keyBytes . $this->exchange_hash . $iv); + } + $this->encrypt->setIV(substr($iv, 0, $this->encrypt_block_size)); + } + + switch ($encrypt) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id); + $this->encryptFixedPart = substr($nonce, 0, 4); + $this->encryptInvocationCounter = substr($nonce, 4, 8); + // fall-through + case 'chacha20-poly1305@openssh.com': + break; + default: + $this->encrypt->enableContinuousBuffer(); + } + + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'C' . $this->session_id); + while ($encryptKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + switch ($encrypt) { + case 'chacha20-poly1305@openssh.com': + $encryptKeyLength = 32; + $this->lengthEncrypt = self::encryption_algorithm_to_crypt_instance($encrypt); + $this->lengthEncrypt->setKey(substr($key, 32, 32)); + } + $this->encrypt->setKey(substr($key, 0, $encryptKeyLength)); + $this->encryptName = $encrypt; + } + + $this->decrypt = self::encryption_algorithm_to_crypt_instance($decrypt); + if ($this->decrypt) { + if (self::$crypto_engine) { + $this->decrypt->setPreferredEngine(self::$crypto_engine); + } + if ($this->decrypt->getBlockLengthInBytes()) { + $this->decrypt_block_size = $this->decrypt->getBlockLengthInBytes(); + } + $this->decrypt->disablePadding(); + + if ($this->decrypt->usesIV()) { + $iv = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id); + while ($this->decrypt_block_size > strlen($iv)) { + $iv .= $kexHash->hash($keyBytes . $this->exchange_hash . $iv); + } + $this->decrypt->setIV(substr($iv, 0, $this->decrypt_block_size)); + } + + switch ($decrypt) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + // see https://tools.ietf.org/html/rfc5647#section-7.1 + $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id); + $this->decryptFixedPart = substr($nonce, 0, 4); + $this->decryptInvocationCounter = substr($nonce, 4, 8); + // fall-through + case 'chacha20-poly1305@openssh.com': + break; + default: + $this->decrypt->enableContinuousBuffer(); + } + + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'D' . $this->session_id); + while ($decryptKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + switch ($decrypt) { + case 'chacha20-poly1305@openssh.com': + $decryptKeyLength = 32; + $this->lengthDecrypt = self::encryption_algorithm_to_crypt_instance($decrypt); + $this->lengthDecrypt->setKey(substr($key, 32, 32)); + } + $this->decrypt->setKey(substr($key, 0, $decryptKeyLength)); + $this->decryptName = $decrypt; + } + + /* The "arcfour128" algorithm is the RC4 cipher, as described in + [SCHNEIER], using a 128-bit key. The first 1536 bytes of keystream + generated by the cipher MUST be discarded, and the first byte of the + first encrypted packet MUST be encrypted using the 1537th byte of + keystream. + + -- http://tools.ietf.org/html/rfc4345#section-4 */ + if ($encrypt == 'arcfour128' || $encrypt == 'arcfour256') { + $this->encrypt->encrypt(str_repeat("\0", 1536)); + } + if ($decrypt == 'arcfour128' || $decrypt == 'arcfour256') { + $this->decrypt->decrypt(str_repeat("\0", 1536)); + } + + if (!$this->encrypt->usesNonce()) { + list($this->hmac_create, $createKeyLength) = self::mac_algorithm_to_hash_instance($mac_algorithm_out); + } else { + $this->hmac_create = new \stdClass(); + $this->hmac_create_name = $mac_algorithm_out; + //$mac_algorithm_out = 'none'; + $createKeyLength = 0; + } + + if ($this->hmac_create instanceof Hash) { + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'E' . $this->session_id); + while ($createKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + $this->hmac_create->setKey(substr($key, 0, $createKeyLength)); + $this->hmac_create_name = $mac_algorithm_out; + $this->hmac_create_etm = preg_match('#-etm@openssh\.com$#', $mac_algorithm_out); + } + + if (!$this->decrypt->usesNonce()) { + list($this->hmac_check, $checkKeyLength) = self::mac_algorithm_to_hash_instance($mac_algorithm_in); + $this->hmac_size = $this->hmac_check->getLengthInBytes(); + } else { + $this->hmac_check = new \stdClass(); + $this->hmac_check_name = $mac_algorithm_in; + //$mac_algorithm_in = 'none'; + $checkKeyLength = 0; + $this->hmac_size = 0; + } + + if ($this->hmac_check instanceof Hash) { + $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'F' . $this->session_id); + while ($checkKeyLength > strlen($key)) { + $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key); + } + $this->hmac_check->setKey(substr($key, 0, $checkKeyLength)); + $this->hmac_check_name = $mac_algorithm_in; + $this->hmac_check_etm = preg_match('#-etm@openssh\.com$#', $mac_algorithm_in); + } + + $this->regenerate_compression_context = $this->regenerate_decompression_context = true; + + return true; + } + + /** + * Maps an encryption algorithm name to the number of key bytes. + * + * @param string $algorithm Name of the encryption algorithm + * @return int|null Number of bytes as an integer or null for unknown + */ + private function encryption_algorithm_to_key_size($algorithm) + { + if ($this->bad_key_size_fix && self::bad_algorithm_candidate($algorithm)) { + return 16; + } + + switch ($algorithm) { + case 'none': + return 0; + case 'aes128-gcm@openssh.com': + case 'aes128-cbc': + case 'aes128-ctr': + case 'arcfour': + case 'arcfour128': + case 'blowfish-cbc': + case 'blowfish-ctr': + case 'twofish128-cbc': + case 'twofish128-ctr': + return 16; + case '3des-cbc': + case '3des-ctr': + case 'aes192-cbc': + case 'aes192-ctr': + case 'twofish192-cbc': + case 'twofish192-ctr': + return 24; + case 'aes256-gcm@openssh.com': + case 'aes256-cbc': + case 'aes256-ctr': + case 'arcfour256': + case 'twofish-cbc': + case 'twofish256-cbc': + case 'twofish256-ctr': + return 32; + case 'chacha20-poly1305@openssh.com': + return 64; + } + return null; + } + + /** + * Maps an encryption algorithm name to an instance of a subclass of + * \phpseclib3\Crypt\Common\SymmetricKey. + * + * @param string $algorithm Name of the encryption algorithm + * @return SymmetricKey|null + */ + private static function encryption_algorithm_to_crypt_instance($algorithm) + { + switch ($algorithm) { + case '3des-cbc': + return new TripleDES('cbc'); + case '3des-ctr': + return new TripleDES('ctr'); + case 'aes256-cbc': + case 'aes192-cbc': + case 'aes128-cbc': + return new Rijndael('cbc'); + case 'aes256-ctr': + case 'aes192-ctr': + case 'aes128-ctr': + return new Rijndael('ctr'); + case 'blowfish-cbc': + return new Blowfish('cbc'); + case 'blowfish-ctr': + return new Blowfish('ctr'); + case 'twofish128-cbc': + case 'twofish192-cbc': + case 'twofish256-cbc': + case 'twofish-cbc': + return new Twofish('cbc'); + case 'twofish128-ctr': + case 'twofish192-ctr': + case 'twofish256-ctr': + return new Twofish('ctr'); + case 'arcfour': + case 'arcfour128': + case 'arcfour256': + return new RC4(); + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + return new Rijndael('gcm'); + case 'chacha20-poly1305@openssh.com': + return new ChaCha20(); + } + return null; + } + + /** + * Maps an encryption algorithm name to an instance of a subclass of + * \phpseclib3\Crypt\Hash. + * + * @param string $algorithm Name of the encryption algorithm + * @return array{Hash, int}|null + */ + private static function mac_algorithm_to_hash_instance($algorithm) + { + switch ($algorithm) { + case 'umac-64@openssh.com': + case 'umac-64-etm@openssh.com': + return [new Hash('umac-64'), 16]; + case 'umac-128@openssh.com': + case 'umac-128-etm@openssh.com': + return [new Hash('umac-128'), 16]; + case 'hmac-sha2-512': + case 'hmac-sha2-512-etm@openssh.com': + return [new Hash('sha512'), 64]; + case 'hmac-sha2-256': + case 'hmac-sha2-256-etm@openssh.com': + return [new Hash('sha256'), 32]; + case 'hmac-sha1': + case 'hmac-sha1-etm@openssh.com': + return [new Hash('sha1'), 20]; + case 'hmac-sha1-96': + return [new Hash('sha1-96'), 20]; + case 'hmac-md5': + return [new Hash('md5'), 16]; + case 'hmac-md5-96': + return [new Hash('md5-96'), 16]; + } + } + + /** + * Tests whether or not proposed algorithm has a potential for issues + * + * @link https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html + * @link https://bugzilla.mindrot.org/show_bug.cgi?id=1291 + * @param string $algorithm Name of the encryption algorithm + * @return bool + */ + private static function bad_algorithm_candidate($algorithm) + { + switch ($algorithm) { + case 'arcfour256': + case 'aes192-ctr': + case 'aes256-ctr': + return true; + } + + return false; + } + + /** + * Login + * + * The $password parameter can be a plaintext password, a \phpseclib3\Crypt\RSA|EC|DSA object, a \phpseclib3\System\SSH\Agent object or an array + * + * @param string $username + * @param string|PrivateKey|array[]|Agent|null ...$args + * @return bool + * @see self::_login() + */ + public function login($username, ...$args) + { + if (!$this->login_credentials_finalized) { + $this->auth[] = func_get_args(); + } + + // try logging with 'none' as an authentication method first since that's what + // PuTTY does + if (substr($this->server_identifier, 0, 15) != 'SSH-2.0-CoreFTP' && $this->auth_methods_to_continue === null) { + if ($this->sublogin($username)) { + return true; + } + if (!count($args)) { + return false; + } + } + return $this->sublogin($username, ...$args); + } + + /** + * Login Helper + * + * @param string $username + * @param string|PrivateKey|array[]|Agent|null ...$args + * @return bool + * @see self::_login_helper() + */ + protected function sublogin($username, ...$args) + { + if (!($this->bitmap & self::MASK_CONSTRUCTOR)) { + $this->connect(); + } + + if (empty($args)) { + return $this->login_helper($username); + } + + foreach ($args as $arg) { + switch (true) { + case $arg instanceof PublicKey: + throw new \UnexpectedValueException('A PublicKey object was passed to the login method instead of a PrivateKey object'); + case $arg instanceof PrivateKey: + case $arg instanceof Agent: + case is_array($arg): + case Strings::is_stringable($arg): + break; + default: + throw new \UnexpectedValueException('$password needs to either be an instance of \phpseclib3\Crypt\Common\PrivateKey, \System\SSH\Agent, an array or a string'); + } + } + + while (count($args)) { + if (!$this->auth_methods_to_continue || !$this->smartMFA) { + $newargs = $args; + $args = []; + } else { + $newargs = []; + foreach ($this->auth_methods_to_continue as $method) { + switch ($method) { + case 'publickey': + foreach ($args as $key => $arg) { + if ($arg instanceof PrivateKey || $arg instanceof Agent) { + $newargs[] = $arg; + unset($args[$key]); + break; + } + } + break; + case 'keyboard-interactive': + $hasArray = $hasString = false; + foreach ($args as $arg) { + if ($hasArray || is_array($arg)) { + $hasArray = true; + break; + } + if ($hasString || Strings::is_stringable($arg)) { + $hasString = true; + break; + } + } + if ($hasArray && $hasString) { + foreach ($args as $key => $arg) { + if (is_array($arg)) { + $newargs[] = $arg; + break 2; + } + } + } + // fall-through + case 'password': + foreach ($args as $key => $arg) { + $newargs[] = $arg; + unset($args[$key]); + break; + } + } + } + } + + if (!count($newargs)) { + return false; + } + + foreach ($newargs as $arg) { + if ($this->login_helper($username, $arg)) { + $this->login_credentials_finalized = true; + return true; + } + } + } + return false; + } + + /** + * Login Helper + * + * {@internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis} + * by sending dummy SSH_MSG_IGNORE messages.} + * + * @param string $username + * @param string|AsymmetricKey|array[]|Agent|null ...$args + * @return bool + * @throws \UnexpectedValueException on receipt of unexpected packets + * @throws \RuntimeException on other errors + */ + private function login_helper($username, $password = null) + { + if (!($this->bitmap & self::MASK_CONNECTED)) { + return false; + } + + if (!($this->bitmap & self::MASK_LOGIN_REQ)) { + $packet = Strings::packSSH2('Cs', NET_SSH2_MSG_SERVICE_REQUEST, 'ssh-userauth'); + $this->send_binary_packet($packet); + + try { + $response = $this->get_binary_packet_or_close(NET_SSH2_MSG_SERVICE_ACCEPT); + } catch (InvalidPacketLengthException $e) { + // the first opportunity to encounter the "bad key size" error + if (!$this->bad_key_size_fix && $this->decryptName != null && self::bad_algorithm_candidate($this->decryptName)) { + // bad_key_size_fix is only ever re-assigned to true here + // retry the connection with that new setting but we'll + // only try it once. + $this->bad_key_size_fix = true; + return $this->reconnect(); + } + throw $e; + } + + list($type) = Strings::unpackSSH2('C', $response); + list($service) = Strings::unpackSSH2('s', $response); + + if ($service != 'ssh-userauth') { + $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR); + throw new \UnexpectedValueException('Expected SSH_MSG_SERVICE_ACCEPT'); + } + $this->bitmap |= self::MASK_LOGIN_REQ; + } + + if (strlen($this->last_interactive_response)) { + return !Strings::is_stringable($password) && !is_array($password) ? false : $this->keyboard_interactive_process($password); + } + + if ($password instanceof PrivateKey) { + return $this->privatekey_login($username, $password); + } + + if ($password instanceof Agent) { + return $this->ssh_agent_login($username, $password); + } + + if (is_array($password)) { + if ($this->keyboard_interactive_login($username, $password)) { + $this->bitmap |= self::MASK_LOGIN; + return true; + } + return false; + } + + if (!isset($password)) { + $packet = Strings::packSSH2( + 'Cs3', + NET_SSH2_MSG_USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'none' + ); + + $this->send_binary_packet($packet); + + $response = $this->get_binary_packet_or_close(); + + list($type) = Strings::unpackSSH2('C', $response); + switch ($type) { + case NET_SSH2_MSG_USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + case NET_SSH2_MSG_USERAUTH_FAILURE: + list($auth_methods) = Strings::unpackSSH2('L', $response); + $this->auth_methods_to_continue = $auth_methods; + // fall-through + default: + return false; + } + } + + $packet = Strings::packSSH2( + 'Cs3bs', + NET_SSH2_MSG_USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'password', + false, + $password + ); + + // remove the username and password from the logged packet + if (!defined('NET_SSH2_LOGGING')) { + $logged = null; + } else { + $logged = Strings::packSSH2( + 'Cs3bs', + NET_SSH2_MSG_USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'password', + false, + 'password' + ); + } + + $this->send_binary_packet($packet, $logged); + + $response = $this->get_binary_packet_or_close(); + list($type) = Strings::unpackSSH2('C', $response); + switch ($type) { + case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed + $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ'); + + list($message) = Strings::unpackSSH2('s', $response); + $this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . $message; + + return $this->disconnect_helper(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER); + case NET_SSH2_MSG_USERAUTH_FAILURE: + // can we use keyboard-interactive authentication? if not then either the login is bad or the server employees + // multi-factor authentication + list($auth_methods, $partial_success) = Strings::unpackSSH2('Lb', $response); + $this->auth_methods_to_continue = $auth_methods; + if (!$partial_success && in_array('keyboard-interactive', $auth_methods)) { + if ($this->keyboard_interactive_login($username, $password)) { + $this->bitmap |= self::MASK_LOGIN; + return true; + } + return false; + } + return false; + case NET_SSH2_MSG_USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + } + + return false; + } + + /** + * Login via keyboard-interactive authentication + * + * See {@link http://tools.ietf.org/html/rfc4256 RFC4256} for details. This is not a full-featured keyboard-interactive authenticator. + * + * @param string $username + * @param string|array $password + * @return bool + */ + private function keyboard_interactive_login($username, $password) + { + $packet = Strings::packSSH2( + 'Cs5', + NET_SSH2_MSG_USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'keyboard-interactive', + '', // language tag + '' // submethods + ); + $this->send_binary_packet($packet); + + return $this->keyboard_interactive_process($password); + } + + /** + * Handle the keyboard-interactive requests / responses. + * + * @param string|array ...$responses + * @return bool + * @throws \RuntimeException on connection error + */ + private function keyboard_interactive_process(...$responses) + { + if (strlen($this->last_interactive_response)) { + $response = $this->last_interactive_response; + } else { + $orig = $response = $this->get_binary_packet_or_close(); + } + + list($type) = Strings::unpackSSH2('C', $response); + switch ($type) { + case NET_SSH2_MSG_USERAUTH_INFO_REQUEST: + list( + , // name; may be empty + , // instruction; may be empty + , // language tag; may be empty + $num_prompts + ) = Strings::unpackSSH2('s3N', $response); + + for ($i = 0; $i < count($responses); $i++) { + if (is_array($responses[$i])) { + foreach ($responses[$i] as $key => $value) { + $this->keyboard_requests_responses[$key] = $value; + } + unset($responses[$i]); + } + } + $responses = array_values($responses); + + if (isset($this->keyboard_requests_responses)) { + for ($i = 0; $i < $num_prompts; $i++) { + list( + $prompt, // prompt - ie. "Password: "; must not be empty + // echo + ) = Strings::unpackSSH2('sC', $response); + foreach ($this->keyboard_requests_responses as $key => $value) { + if (substr($prompt, 0, strlen($key)) == $key) { + $responses[] = $value; + break; + } + } + } + } + + // see http://tools.ietf.org/html/rfc4256#section-3.2 + if (strlen($this->last_interactive_response)) { + $this->last_interactive_response = ''; + } else { + $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST'); + } + + if (!count($responses) && $num_prompts) { + $this->last_interactive_response = $orig; + return false; + } + + /* + After obtaining the requested information from the user, the client + MUST respond with an SSH_MSG_USERAUTH_INFO_RESPONSE message. + */ + // see http://tools.ietf.org/html/rfc4256#section-3.4 + $packet = $logged = pack('CN', NET_SSH2_MSG_USERAUTH_INFO_RESPONSE, count($responses)); + for ($i = 0; $i < count($responses); $i++) { + $packet .= Strings::packSSH2('s', $responses[$i]); + $logged .= Strings::packSSH2('s', 'dummy-answer'); + } + + $this->send_binary_packet($packet, $logged); + + $this->updateLogHistory('UNKNOWN (61)', 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE'); + + /* + After receiving the response, the server MUST send either an + SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another + SSH_MSG_USERAUTH_INFO_REQUEST message. + */ + // maybe phpseclib should force close the connection after x request / responses? unless something like that is done + // there could be an infinite loop of request / responses. + return $this->keyboard_interactive_process(); + case NET_SSH2_MSG_USERAUTH_SUCCESS: + return true; + case NET_SSH2_MSG_USERAUTH_FAILURE: + list($auth_methods) = Strings::unpackSSH2('L', $response); + $this->auth_methods_to_continue = $auth_methods; + return false; + } + + return false; + } + + /** + * Login with an ssh-agent provided key + * + * @param string $username + * @param Agent $agent + * @return bool + */ + private function ssh_agent_login($username, Agent $agent) + { + $this->agent = $agent; + $keys = $agent->requestIdentities(); + $orig_algorithms = $this->supported_private_key_algorithms; + foreach ($keys as $key) { + if ($this->privatekey_login($username, $key)) { + return true; + } + $this->supported_private_key_algorithms = $orig_algorithms; + } + + return false; + } + + /** + * Login with an RSA private key + * + * {@internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis} + * by sending dummy SSH_MSG_IGNORE messages.} + * + * @param string $username + * @param PrivateKey $privatekey + * @return bool + * @throws \RuntimeException on connection error + */ + private function privatekey_login($username, PrivateKey $privatekey) + { + $publickey = $privatekey->getPublicKey(); + + if ($publickey instanceof RSA) { + $privatekey = $privatekey->withPadding(RSA::SIGNATURE_PKCS1); + $algos = ['rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa']; + if (isset($this->preferred['hostkey'])) { + $algos = array_intersect($algos, $this->preferred['hostkey']); + } + $algo = self::array_intersect_first($algos, $this->supported_private_key_algorithms); + switch ($algo) { + case 'rsa-sha2-512': + $hash = 'sha512'; + $signatureType = 'rsa-sha2-512'; + break; + case 'rsa-sha2-256': + $hash = 'sha256'; + $signatureType = 'rsa-sha2-256'; + break; + //case 'ssh-rsa': + default: + $hash = 'sha1'; + $signatureType = 'ssh-rsa'; + } + } elseif ($publickey instanceof EC) { + $privatekey = $privatekey->withSignatureFormat('SSH2'); + $curveName = $privatekey->getCurve(); + switch ($curveName) { + case 'Ed25519': + $hash = 'sha512'; + $signatureType = 'ssh-ed25519'; + break; + case 'secp256r1': // nistp256 + $hash = 'sha256'; + $signatureType = 'ecdsa-sha2-nistp256'; + break; + case 'secp384r1': // nistp384 + $hash = 'sha384'; + $signatureType = 'ecdsa-sha2-nistp384'; + break; + case 'secp521r1': // nistp521 + $hash = 'sha512'; + $signatureType = 'ecdsa-sha2-nistp521'; + break; + default: + if (is_array($curveName)) { + throw new UnsupportedCurveException('Specified Curves are not supported by SSH2'); + } + throw new UnsupportedCurveException('Named Curve of ' . $curveName . ' is not supported by phpseclib3\'s SSH2 implementation'); + } + } elseif ($publickey instanceof DSA) { + $privatekey = $privatekey->withSignatureFormat('SSH2'); + $hash = 'sha1'; + $signatureType = 'ssh-dss'; + } else { + throw new UnsupportedAlgorithmException('Please use either an RSA key, an EC one or a DSA key'); + } + + $publickeyStr = $publickey->toString('OpenSSH', ['binary' => true]); + + $part1 = Strings::packSSH2( + 'Csss', + NET_SSH2_MSG_USERAUTH_REQUEST, + $username, + 'ssh-connection', + 'publickey' + ); + $part2 = Strings::packSSH2('ss', $signatureType, $publickeyStr); + + $packet = $part1 . chr(0) . $part2; + $this->send_binary_packet($packet); + + $response = $this->get_binary_packet_or_close( + NET_SSH2_MSG_USERAUTH_SUCCESS, + NET_SSH2_MSG_USERAUTH_FAILURE, + NET_SSH2_MSG_USERAUTH_PK_OK + ); + + list($type) = Strings::unpackSSH2('C', $response); + switch ($type) { + case NET_SSH2_MSG_USERAUTH_FAILURE: + list($auth_methods) = Strings::unpackSSH2('L', $response); + if (in_array('publickey', $auth_methods) && substr($signatureType, 0, 9) == 'rsa-sha2-') { + $this->supported_private_key_algorithms = array_diff($this->supported_private_key_algorithms, ['rsa-sha2-256', 'rsa-sha2-512']); + return $this->privatekey_login($username, $privatekey); + } + $this->auth_methods_to_continue = $auth_methods; + $this->errors[] = 'SSH_MSG_USERAUTH_FAILURE'; + return false; + case NET_SSH2_MSG_USERAUTH_PK_OK: + // we'll just take it on faith that the public key blob and the public key algorithm name are as + // they should be + $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PK_OK'); + break; + case NET_SSH2_MSG_USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + } + + $packet = $part1 . chr(1) . $part2; + $privatekey = $privatekey->withHash($hash); + $signature = $privatekey->sign(Strings::packSSH2('s', $this->session_id) . $packet); + if ($publickey instanceof RSA) { + $signature = Strings::packSSH2('ss', $signatureType, $signature); + } + $packet .= Strings::packSSH2('s', $signature); + + $this->send_binary_packet($packet); + + $response = $this->get_binary_packet_or_close( + NET_SSH2_MSG_USERAUTH_SUCCESS, + NET_SSH2_MSG_USERAUTH_FAILURE + ); + + list($type) = Strings::unpackSSH2('C', $response); + switch ($type) { + case NET_SSH2_MSG_USERAUTH_FAILURE: + // either the login is bad or the server employs multi-factor authentication + list($auth_methods) = Strings::unpackSSH2('L', $response); + $this->auth_methods_to_continue = $auth_methods; + return false; + case NET_SSH2_MSG_USERAUTH_SUCCESS: + $this->bitmap |= self::MASK_LOGIN; + return true; + } + } + + /** + * Return the currently configured timeout + * + * @return int + */ + public function getTimeout() + { + return $this->timeout; + } + + /** + * Set Timeout + * + * $ssh->exec('ping 127.0.0.1'); on a Linux host will never return and will run indefinitely. setTimeout() makes it so it'll timeout. + * Setting $timeout to false or 0 will revert to the default socket timeout. + * + * @param mixed $timeout + */ + public function setTimeout($timeout) + { + $this->timeout = $this->curTimeout = $timeout; + } + + /** + * Set Keep Alive + * + * Sends an SSH2_MSG_IGNORE message every x seconds, if x is a positive non-zero number. + * + * @param int $interval + */ + public function setKeepAlive($interval) + { + $this->keepAlive = $interval; + } + + /** + * Get the output from stdError + * + */ + public function getStdError() + { + return $this->stdErrorLog; + } + + /** + * Execute Command + * + * If $callback is set to false then \phpseclib3\Net\SSH2::get_channel_packet(self::CHANNEL_EXEC) will need to be called manually. + * In all likelihood, this is not a feature you want to be taking advantage of. + * + * @param string $command + * @return string|bool + * @psalm-return ($callback is callable ? bool : string|bool) + * @throws \RuntimeException on connection error + */ + public function exec($command, callable $callback = null) + { + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + $this->stdErrorLog = ''; + + if (!$this->isAuthenticated()) { + return false; + } + + //if ($this->isPTYOpen()) { + // throw new \RuntimeException('If you want to run multiple exec()\'s you will need to disable (and re-enable if appropriate) a PTY for each one.'); + //} + + $this->open_channel(self::CHANNEL_EXEC); + + if ($this->request_pty === true) { + $terminal_modes = pack('C', NET_SSH2_TTY_OP_END); + $packet = Strings::packSSH2( + 'CNsCsN4s', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_EXEC], + 'pty-req', + 1, + $this->term, + $this->windowColumns, + $this->windowRows, + 0, + 0, + $terminal_modes + ); + + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST; + if (!$this->get_channel_packet(self::CHANNEL_EXEC)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + throw new \RuntimeException('Unable to request pseudo-terminal'); + } + } + + // sending a pty-req SSH_MSG_CHANNEL_REQUEST message is unnecessary and, in fact, in most cases, slows things + // down. the one place where it might be desirable is if you're doing something like \phpseclib3\Net\SSH2::exec('ping localhost &'). + // with a pty-req SSH_MSG_CHANNEL_REQUEST, exec() will return immediately and the ping process will then + // then immediately terminate. without such a request exec() will loop indefinitely. the ping process won't end but + // neither will your script. + + // although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by + // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the + // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA. RFC4254#section-5.2 corroborates. + $packet = Strings::packSSH2( + 'CNsCs', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_EXEC], + 'exec', + 1, + $command + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST; + + if (!$this->get_channel_packet(self::CHANNEL_EXEC)) { + return false; + } + + $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_DATA; + + if ($this->request_pty === true) { + $this->channel_id_last_interactive = self::CHANNEL_EXEC; + return true; + } + + $output = ''; + while (true) { + $temp = $this->get_channel_packet(self::CHANNEL_EXEC); + switch (true) { + case $temp === true: + return is_callable($callback) ? true : $output; + case $temp === false: + return false; + default: + if (is_callable($callback)) { + if ($callback($temp) === true) { + $this->close_channel(self::CHANNEL_EXEC); + return true; + } + } else { + $output .= $temp; + } + } + } + } + + /** + * How many channels are currently open? + * + * @return int + */ + public function getOpenChannelCount() + { + return $this->channelCount; + } + + /** + * Opens a channel + * + * @param string $channel + * @param bool $skip_extended + * @return bool + */ + protected function open_channel($channel, $skip_extended = false) + { + if (isset($this->channel_status[$channel]) && $this->channel_status[$channel] != NET_SSH2_MSG_CHANNEL_CLOSE) { + throw new \RuntimeException('Please close the channel (' . $channel . ') before trying to open it again'); + } + + $this->channelCount++; + + if ($this->channelCount > 1 && $this->errorOnMultipleChannels) { + throw new \RuntimeException("Ubuntu's OpenSSH from 5.8 to 6.9 doesn't work with multiple channels"); + } + + // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to + // be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but, + // honestly, if you're transferring more than 2GB, you probably shouldn't be using phpseclib, anyway. + // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info + $this->window_size_server_to_client[$channel] = $this->window_size; + // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy + // uses 0x4000, that's what will be used here, as well. + $packet_size = 0x4000; + + $packet = Strings::packSSH2( + 'CsN3', + NET_SSH2_MSG_CHANNEL_OPEN, + 'session', + $channel, + $this->window_size_server_to_client[$channel], + $packet_size + ); + + $this->send_binary_packet($packet); + + $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_OPEN; + + return $this->get_channel_packet($channel, $skip_extended); + } + + /** + * Creates an interactive shell + * + * Returns bool(true) if the shell was opened. + * Returns bool(false) if the shell was already open. + * + * @see self::isShellOpen() + * @see self::read() + * @see self::write() + * @return bool + * @throws InsufficientSetupException if not authenticated + * @throws \UnexpectedValueException on receipt of unexpected packets + * @throws \RuntimeException on other errors + */ + public function openShell() + { + if (!$this->isAuthenticated()) { + throw new InsufficientSetupException('Operation disallowed prior to login()'); + } + + $this->open_channel(self::CHANNEL_SHELL); + + $terminal_modes = pack('C', NET_SSH2_TTY_OP_END); + $packet = Strings::packSSH2( + 'CNsbsN4s', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_SHELL], + 'pty-req', + true, // want reply + $this->term, + $this->windowColumns, + $this->windowRows, + 0, + 0, + $terminal_modes + ); + + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_REQUEST; + + if (!$this->get_channel_packet(self::CHANNEL_SHELL)) { + throw new \RuntimeException('Unable to request pty'); + } + + $packet = Strings::packSSH2( + 'CNsb', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_SHELL], + 'shell', + true // want reply + ); + $this->send_binary_packet($packet); + + $response = $this->get_channel_packet(self::CHANNEL_SHELL); + if ($response === false) { + throw new \RuntimeException('Unable to request shell'); + } + + $this->channel_status[self::CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_DATA; + + $this->channel_id_last_interactive = self::CHANNEL_SHELL; + + $this->bitmap |= self::MASK_SHELL; + + return true; + } + + /** + * Return the channel to be used with read(), write(), and reset(), if none were specified + * @deprecated for lack of transparency in intended channel target, to be potentially replaced + * with method which guarantees open-ness of all yielded channels and throws + * error for multiple open channels + * @see self::read() + * @see self::write() + * @return int + */ + private function get_interactive_channel() + { + switch (true) { + case $this->is_channel_status_data(self::CHANNEL_SUBSYSTEM): + return self::CHANNEL_SUBSYSTEM; + case $this->is_channel_status_data(self::CHANNEL_EXEC): + return self::CHANNEL_EXEC; + default: + return self::CHANNEL_SHELL; + } + } + + /** + * Indicates the DATA status on the given channel + * + * @param int $channel The channel number to evaluate + * @return bool + */ + private function is_channel_status_data($channel) + { + return isset($this->channel_status[$channel]) && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA; + } + + /** + * Return an available open channel + * + * @return int + */ + private function get_open_channel() + { + $channel = self::CHANNEL_EXEC; + do { + if (isset($this->channel_status[$channel]) && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_OPEN) { + return $channel; + } + } while ($channel++ < self::CHANNEL_SUBSYSTEM); + + return false; + } + + /** + * Request agent forwarding of remote server + * + * @return bool + */ + public function requestAgentForwarding() + { + $request_channel = $this->get_open_channel(); + if ($request_channel === false) { + return false; + } + + $packet = Strings::packSSH2( + 'CNsC', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[$request_channel], + 'auth-agent-req@openssh.com', + 1 + ); + + $this->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_REQUEST; + + $this->send_binary_packet($packet); + + if (!$this->get_channel_packet($request_channel)) { + return false; + } + + $this->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_OPEN; + + return true; + } + + /** + * Returns the output of an interactive shell + * + * Returns when there's a match for $expect, which can take the form of a string literal or, + * if $mode == self::READ_REGEX, a regular expression. + * + * If not specifying a channel, an open interactive channel will be selected, or, if there are + * no open channels, an interactive shell will be created. If there are multiple open + * interactive channels, a legacy behavior will apply in which channel selection prioritizes + * an active subsystem, the exec pty, and, lastly, the shell. If using multiple interactive + * channels, callers are discouraged from relying on this legacy behavior and should specify + * the intended channel. + * + * @see self::write() + * @param string $expect + * @param int $mode One of the self::READ_* constants + * @param int|null $channel Channel id returned by self::getInteractiveChannelId() + * @return string|bool|null + * @throws \RuntimeException on connection error + * @throws InsufficientSetupException on unexpected channel status, possibly due to closure + */ + public function read($expect = '', $mode = self::READ_SIMPLE, $channel = null) + { + if (!$this->isAuthenticated()) { + throw new InsufficientSetupException('Operation disallowed prior to login()'); + } + + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + + if ($channel === null) { + $channel = $this->get_interactive_channel(); + } + + if (!$this->is_channel_status_data($channel) && empty($this->channel_buffers[$channel])) { + if ($channel != self::CHANNEL_SHELL) { + throw new InsufficientSetupException('Data is not available on channel'); + } elseif (!$this->openShell()) { + throw new \RuntimeException('Unable to initiate an interactive shell session'); + } + } + + if ($mode == self::READ_NEXT) { + return $this->get_channel_packet($channel); + } + + $match = $expect; + while (true) { + if ($mode == self::READ_REGEX) { + preg_match($expect, substr($this->interactiveBuffer, -1024), $matches); + $match = isset($matches[0]) ? $matches[0] : ''; + } + $pos = strlen($match) ? strpos($this->interactiveBuffer, $match) : false; + if ($pos !== false) { + return Strings::shift($this->interactiveBuffer, $pos + strlen($match)); + } + $response = $this->get_channel_packet($channel); + if ($response === true) { + return Strings::shift($this->interactiveBuffer, strlen($this->interactiveBuffer)); + } + + $this->interactiveBuffer .= $response; + } + } + + /** + * Inputs a command into an interactive shell. + * + * If not specifying a channel, an open interactive channel will be selected, or, if there are + * no open channels, an interactive shell will be created. If there are multiple open + * interactive channels, a legacy behavior will apply in which channel selection prioritizes + * an active subsystem, the exec pty, and, lastly, the shell. If using multiple interactive + * channels, callers are discouraged from relying on this legacy behavior and should specify + * the intended channel. + * + * @see SSH2::read() + * @param string $cmd + * @param int|null $channel Channel id returned by self::getInteractiveChannelId() + * @return void + * @throws \RuntimeException on connection error + * @throws InsufficientSetupException on unexpected channel status, possibly due to closure + * @throws TimeoutException if the write could not be completed within the requested self::setTimeout() + */ + public function write($cmd, $channel = null) + { + if (!$this->isAuthenticated()) { + throw new InsufficientSetupException('Operation disallowed prior to login()'); + } + + if ($channel === null) { + $channel = $this->get_interactive_channel(); + } + + if (!$this->is_channel_status_data($channel)) { + if ($channel != self::CHANNEL_SHELL) { + throw new InsufficientSetupException('Data is not available on channel'); + } elseif (!$this->openShell()) { + throw new \RuntimeException('Unable to initiate an interactive shell session'); + } + } + + $this->curTimeout = $this->timeout; + $this->is_timeout = false; + $this->send_channel_packet($channel, $cmd); + } + + /** + * Start a subsystem. + * + * Right now only one subsystem at a time is supported. To support multiple subsystem's stopSubsystem() could accept + * a string that contained the name of the subsystem, but at that point, only one subsystem of each type could be opened. + * To support multiple subsystem's of the same name maybe it'd be best if startSubsystem() generated a new channel id and + * returns that and then that that was passed into stopSubsystem() but that'll be saved for a future date and implemented + * if there's sufficient demand for such a feature. + * + * @see self::stopSubsystem() + * @param string $subsystem + * @return bool + */ + public function startSubsystem($subsystem) + { + $this->open_channel(self::CHANNEL_SUBSYSTEM); + + $packet = Strings::packSSH2( + 'CNsCs', + NET_SSH2_MSG_CHANNEL_REQUEST, + $this->server_channels[self::CHANNEL_SUBSYSTEM], + 'subsystem', + 1, + $subsystem + ); + $this->send_binary_packet($packet); + + $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_REQUEST; + + if (!$this->get_channel_packet(self::CHANNEL_SUBSYSTEM)) { + return false; + } + + $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_DATA; + + $this->channel_id_last_interactive = self::CHANNEL_SUBSYSTEM; + + return true; + } + + /** + * Stops a subsystem. + * + * @see self::startSubsystem() + * @return bool + */ + public function stopSubsystem() + { + if ($this->isInteractiveChannelOpen(self::CHANNEL_SUBSYSTEM)) { + $this->close_channel(self::CHANNEL_SUBSYSTEM); + } + return true; + } + + /** + * Closes a channel + * + * If read() timed out you might want to just close the channel and have it auto-restart on the next read() call + * + * If not specifying a channel, an open interactive channel will be selected. If there are + * multiple open interactive channels, a legacy behavior will apply in which channel selection + * prioritizes an active subsystem, the exec pty, and, lastly, the shell. If using multiple + * interactive channels, callers are discouraged from relying on this legacy behavior and + * should specify the intended channel. + * + * @param int|null $channel Channel id returned by self::getInteractiveChannelId() + * @return void + */ + public function reset($channel = null) + { + if ($channel === null) { + $channel = $this->get_interactive_channel(); + } + if ($this->isInteractiveChannelOpen($channel)) { + $this->close_channel($channel); + } + } + + /** + * Is timeout? + * + * Did exec() or read() return because they timed out or because they encountered the end? + * + */ + public function isTimeout() + { + return $this->is_timeout; + } + + /** + * Disconnect + * + */ + public function disconnect() + { + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + if (isset($this->realtime_log_file) && is_resource($this->realtime_log_file)) { + fclose($this->realtime_log_file); + } + unset(self::$connections[$this->getResourceId()]); + } + + /** + * Destructor. + * + * Will be called, automatically, if you're supporting just PHP5. If you're supporting PHP4, you'll need to call + * disconnect(). + * + */ + public function __destruct() + { + $this->disconnect(); + } + + /** + * Is the connection still active? + * + * $level has 3x possible values: + * 0 (default): phpseclib takes a passive approach to see if the connection is still active by calling feof() + * on the socket + * 1: phpseclib takes an active approach to see if the connection is still active by sending an SSH_MSG_IGNORE + * packet that doesn't require a response + * 2: phpseclib takes an active approach to see if the connection is still active by sending an SSH_MSG_CHANNEL_OPEN + * packet and imediately trying to close that channel. some routers, in particular, however, will only let you + * open one channel, so this approach could yield false positives + * + * @param int $level + * @return bool + */ + public function isConnected($level = 0) + { + if (!is_int($level) || $level < 0 || $level > 2) { + throw new \InvalidArgumentException('$level must be 0, 1 or 2'); + } + + if ($level == 0) { + return ($this->bitmap & self::MASK_CONNECTED) && is_resource($this->fsock) && !feof($this->fsock); + } + try { + if ($level == 1) { + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0)); + } else { + $this->open_channel(self::CHANNEL_KEEP_ALIVE); + $this->close_channel(self::CHANNEL_KEEP_ALIVE); + } + return true; + } catch (\Exception $e) { + return false; + } + } + + /** + * Have you successfully been logged in? + * + * @return bool + */ + public function isAuthenticated() + { + return (bool) ($this->bitmap & self::MASK_LOGIN); + } + + /** + * Is the interactive shell active? + * + * @return bool + */ + public function isShellOpen() + { + return $this->isInteractiveChannelOpen(self::CHANNEL_SHELL); + } + + /** + * Is the exec pty active? + * + * @return bool + */ + public function isPTYOpen() + { + return $this->isInteractiveChannelOpen(self::CHANNEL_EXEC); + } + + /** + * Is the given interactive channel active? + * + * @param int $channel Channel id returned by self::getInteractiveChannelId() + * @return bool + */ + public function isInteractiveChannelOpen($channel) + { + return $this->isAuthenticated() && $this->is_channel_status_data($channel); + } + + /** + * Returns a channel identifier, presently of the last interactive channel opened, regardless of current status. + * Returns 0 if no interactive channel has been opened. + * + * @see self::isInteractiveChannelOpen() + * @return int + */ + public function getInteractiveChannelId() + { + return $this->channel_id_last_interactive; + } + + /** + * Pings a server connection, or tries to reconnect if the connection has gone down + * + * Inspired by http://php.net/manual/en/mysqli.ping.php + * + * @return bool + */ + public function ping() + { + if (!$this->isAuthenticated()) { + if (!empty($this->auth)) { + return $this->reconnect(); + } + return false; + } + + try { + $this->open_channel(self::CHANNEL_KEEP_ALIVE); + } catch (\RuntimeException $e) { + return $this->reconnect(); + } + + $this->close_channel(self::CHANNEL_KEEP_ALIVE); + return true; + } + + /** + * In situ reconnect method + * + * @return boolean + */ + private function reconnect() + { + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + $this->connect(); + foreach ($this->auth as $auth) { + $result = $this->login(...$auth); + } + return $result; + } + + /** + * Resets a connection for re-use + */ + protected function reset_connection() + { + if (is_resource($this->fsock) && get_resource_type($this->fsock) === 'stream') { + fclose($this->fsock); + } + $this->fsock = null; + $this->bitmap = 0; + $this->binary_packet_buffer = null; + $this->decrypt = $this->encrypt = false; + $this->decrypt_block_size = $this->encrypt_block_size = 8; + $this->hmac_check = $this->hmac_create = false; + $this->hmac_size = false; + $this->session_id = false; + $this->last_packet = null; + $this->get_seq_no = $this->send_seq_no = 0; + $this->channel_status = []; + $this->channel_id_last_interactive = 0; + $this->channel_buffers = []; + $this->channel_buffers_write = []; + } + + /** + * @return int[] second and microsecond stream timeout options based on user-requested timeout and keep-alive, or the default socket timeout by default, which mirrors PHP socket streams. + */ + private function get_stream_timeout() + { + $sec = ini_get('default_socket_timeout'); + $usec = 0; + if ($this->curTimeout > 0) { + $sec = (int) floor($this->curTimeout); + $usec = (int) (1000000 * ($this->curTimeout - $sec)); + } + if ($this->keepAlive > 0) { + $elapsed = microtime(true) - $this->last_packet; + $timeout = max($this->keepAlive - $elapsed, 0); + if (!$this->curTimeout || $timeout < $this->curTimeout) { + $sec = (int) floor($timeout); + $usec = (int) (1000000 * ($timeout - $sec)); + } + } + return [$sec, $usec]; + } + + /** + * Retrieves the next packet with added timeout and type handling + * + * @param string $message_types Message types to enforce in response, closing if not met + * @return string + * @throws ConnectionClosedException If an error has occurred preventing read of the next packet + */ + private function get_binary_packet_or_close(...$message_types) + { + try { + $packet = $this->get_binary_packet(); + if (count($message_types) > 0 && !in_array(ord($packet[0]), $message_types)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR); + throw new ConnectionClosedException('Bad message type. Expected: #' + . implode(', #', $message_types) . '. Got: #' . ord($packet[0])); + } + return $packet; + } catch (TimeoutException $e) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + throw new ConnectionClosedException('Connection closed due to timeout'); + } + } + + /** + * Gets Binary Packets + * + * See '6. Binary Packet Protocol' of rfc4253 for more info. + * + * @see self::_send_binary_packet() + * @return string + * @throws TimeoutException If user requested timeout was reached while waiting for next packet + * @throws ConnectionClosedException If an error has occurred preventing read of the next packet + */ + private function get_binary_packet() + { + if (!is_resource($this->fsock)) { + throw new \InvalidArgumentException('fsock is not a resource.'); + } + if ($this->binary_packet_buffer == null) { + // buffer the packet to permit continued reads across timeouts + $this->binary_packet_buffer = (object) [ + 'read_time' => 0, // the time to read the packet from the socket + 'raw' => '', // the raw payload read from the socket + 'plain' => '', // the packet in plain text, excluding packet_length header + 'packet_length' => null, // the packet_length value pulled from the payload + 'size' => $this->decrypt_block_size, // the total size of this packet to be read from the socket + // initialize to read single block until packet_length is available + ]; + } + $packet = $this->binary_packet_buffer; + while (strlen($packet->raw) < $packet->size) { + if (feof($this->fsock)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed by server'); + } + if ($this->curTimeout < 0) { + $this->is_timeout = true; + throw new TimeoutException('Timed out waiting for server'); + } + $this->send_keep_alive(); + + list($sec, $usec) = $this->get_stream_timeout(); + stream_set_timeout($this->fsock, $sec, $usec); + $start = microtime(true); + $raw = stream_get_contents($this->fsock, $packet->size - strlen($packet->raw)); + $elapsed = microtime(true) - $start; + $packet->read_time += $elapsed; + if ($this->curTimeout > 0) { + $this->curTimeout -= $elapsed; + } + if ($raw === false) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed by server'); + } elseif (!strlen($raw)) { + continue; + } + $packet->raw .= $raw; + if (!$packet->packet_length) { + $this->get_binary_packet_size($packet); + } + } + + if (strlen($packet->raw) != $packet->size) { + throw new \RuntimeException('Size of packet was not expected length'); + } + // destroy buffer as packet represents the entire payload and should be processed in full + $this->binary_packet_buffer = null; + // copy the raw payload, so as not to destroy original + $raw = $packet->raw; + if ($this->hmac_check instanceof Hash) { + $hmac = Strings::pop($raw, $this->hmac_size); + } + $packet_length_header_size = 4; + if ($this->decrypt) { + switch ($this->decryptName) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + $this->decrypt->setNonce( + $this->decryptFixedPart . + $this->decryptInvocationCounter + ); + Strings::increment_str($this->decryptInvocationCounter); + $this->decrypt->setAAD(Strings::shift($raw, $packet_length_header_size)); + $this->decrypt->setTag(Strings::pop($raw, $this->decrypt_block_size)); + $packet->plain = $this->decrypt->decrypt($raw); + break; + case 'chacha20-poly1305@openssh.com': + // This should be impossible, but we are checking anyway to narrow the type for Psalm. + if (!($this->decrypt instanceof ChaCha20)) { + throw new \LogicException('$this->decrypt is not a ' . ChaCha20::class); + } + $this->decrypt->setNonce(pack('N2', 0, $this->get_seq_no)); + $this->decrypt->setCounter(0); + // this is the same approach that's implemented in Salsa20::createPoly1305Key() + // but we don't want to use the same AEAD construction that RFC8439 describes + // for ChaCha20-Poly1305 so we won't rely on it (see Salsa20::poly1305()) + $this->decrypt->setPoly1305Key( + $this->decrypt->encrypt(str_repeat("\0", 32)) + ); + $this->decrypt->setAAD(Strings::shift($raw, $packet_length_header_size)); + $this->decrypt->setCounter(1); + $this->decrypt->setTag(Strings::pop($raw, 16)); + $packet->plain = $this->decrypt->decrypt($raw); + break; + default: + if (!$this->hmac_check instanceof Hash || !$this->hmac_check_etm) { + // first block was already decrypted for contained packet_length header + Strings::shift($raw, $this->decrypt_block_size); + if (strlen($raw) > 0) { + $packet->plain .= $this->decrypt->decrypt($raw); + } + } else { + Strings::shift($raw, $packet_length_header_size); + $packet->plain = $this->decrypt->decrypt($raw); + } + break; + } + } else { + Strings::shift($raw, $packet_length_header_size); + $packet->plain = $raw; + } + if ($this->hmac_check instanceof Hash) { + $reconstructed = !$this->hmac_check_etm ? + pack('Na*', $packet->packet_length, $packet->plain) : + substr($packet->raw, 0, -$this->hmac_size); + if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') { + $this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no)); + if ($hmac != $this->hmac_check->hash($reconstructed)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR); + throw new ConnectionClosedException('Invalid UMAC'); + } + } else { + if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR); + throw new ConnectionClosedException('Invalid HMAC'); + } + } + } + $padding_length = 0; + $payload = $packet->plain; + extract(unpack('Cpadding_length', Strings::shift($payload, 1))); + if ($padding_length > 0) { + Strings::pop($payload, $padding_length); + } + if (empty($payload)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR); + throw new ConnectionClosedException('Plaintext is too short'); + } + + switch ($this->decompress) { + case self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH: + if (!$this->isAuthenticated()) { + break; + } + // fall-through + case self::NET_SSH2_COMPRESSION_ZLIB: + if ($this->regenerate_decompression_context) { + $this->regenerate_decompression_context = false; + + $cmf = ord($payload[0]); + $cm = $cmf & 0x0F; + if ($cm != 8) { // deflate + user_error("Only CM = 8 ('deflate') is supported ($cm)"); + } + $cinfo = ($cmf & 0xF0) >> 4; + if ($cinfo > 7) { + user_error("CINFO above 7 is not allowed ($cinfo)"); + } + $windowSize = 1 << ($cinfo + 8); + + $flg = ord($payload[1]); + //$fcheck = $flg && 0x0F; + if ((($cmf << 8) | $flg) % 31) { + user_error('fcheck failed'); + } + $fdict = boolval($flg & 0x20); + $flevel = ($flg & 0xC0) >> 6; + + $this->decompress_context = inflate_init(ZLIB_ENCODING_RAW, ['window' => $cinfo + 8]); + $payload = substr($payload, 2); + } + if ($this->decompress_context) { + $payload = inflate_add($this->decompress_context, $payload, ZLIB_PARTIAL_FLUSH); + } + } + + $this->get_seq_no++; + + if (defined('NET_SSH2_LOGGING')) { + $current = microtime(true); + $message_number = isset(self::$message_numbers[ord($payload[0])]) ? self::$message_numbers[ord($payload[0])] : 'UNKNOWN (' . ord($payload[0]) . ')'; + $message_number = '<- ' . $message_number . + ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($packet->read_time, 4) . 's)'; + $this->append_log($message_number, $payload); + } + $this->last_packet = microtime(true); + + return $this->filter($payload); + } + + /** + * @param object $packet The packet object being constructed, passed by reference + * The size, packet_length, and plain properties of this object may be modified in processing + * @throws InvalidPacketLengthException if the packet length header is invalid + */ + private function get_binary_packet_size(&$packet) + { + $packet_length_header_size = 4; + if (strlen($packet->raw) < $packet_length_header_size) { + return; + } + $packet_length = 0; + $added_validation_length = 0; // indicates when the packet length header is included when validating packet length against block size + if ($this->decrypt) { + switch ($this->decryptName) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + extract(unpack('Npacket_length', substr($packet->raw, 0, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length + $this->decrypt_block_size; // expect tag + break; + case 'chacha20-poly1305@openssh.com': + $this->lengthDecrypt->setNonce(pack('N2', 0, $this->get_seq_no)); + $packet_length_header = $this->lengthDecrypt->decrypt(substr($packet->raw, 0, $packet_length_header_size)); + extract(unpack('Npacket_length', $packet_length_header)); + $packet->size = $packet_length_header_size + $packet_length + 16; // expect tag + break; + default: + if (!$this->hmac_check instanceof Hash || !$this->hmac_check_etm) { + if (strlen($packet->raw) < $this->decrypt_block_size) { + return; + } + $packet->plain = $this->decrypt->decrypt(substr($packet->raw, 0, $this->decrypt_block_size)); + extract(unpack('Npacket_length', Strings::shift($packet->plain, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length; + $added_validation_length = $packet_length_header_size; + } else { + extract(unpack('Npacket_length', substr($packet->raw, 0, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length; + } + break; + } + } else { + extract(unpack('Npacket_length', substr($packet->raw, 0, $packet_length_header_size))); + $packet->size = $packet_length_header_size + $packet_length; + $added_validation_length = $packet_length_header_size; + } + // quoting , + // "implementations SHOULD check that the packet length is reasonable" + // PuTTY uses 0x9000 as the actual max packet size and so to shall we + if ( + $packet_length <= 0 || $packet_length > 0x9000 + || ($packet_length + $added_validation_length) % $this->decrypt_block_size != 0 + ) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR); + throw new InvalidPacketLengthException('Invalid packet length'); + } + if ($this->hmac_check instanceof Hash) { + $packet->size += $this->hmac_size; + } + $packet->packet_length = $packet_length; + } + + /** + * Filter Binary Packets + * + * Because some binary packets need to be ignored... + * + * @see self::_get_binary_packet() + * @param string $payload + * @return string + */ + private function filter($payload) + { + switch (ord($payload[0])) { + case NET_SSH2_MSG_DISCONNECT: + Strings::shift($payload, 1); + list($reason_code, $message) = Strings::unpackSSH2('Ns', $payload); + $this->errors[] = 'SSH_MSG_DISCONNECT: ' . self::$disconnect_reasons[$reason_code] . "\r\n$message"; + $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed by server'); + case NET_SSH2_MSG_IGNORE: + $this->extra_packets++; + $payload = $this->get_binary_packet(); + break; + case NET_SSH2_MSG_DEBUG: + $this->extra_packets++; + Strings::shift($payload, 2); // second byte is "always_display" + list($message) = Strings::unpackSSH2('s', $payload); + $this->errors[] = "SSH_MSG_DEBUG: $message"; + $payload = $this->get_binary_packet(); + break; + case NET_SSH2_MSG_UNIMPLEMENTED: + break; // return payload + case NET_SSH2_MSG_KEXINIT: + // this is here for key re-exchanges after the initial key exchange + if ($this->session_id !== false) { + if (!$this->key_exchange($payload)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + throw new ConnectionClosedException('Key exchange failed'); + } + $payload = $this->get_binary_packet(); + } + break; + case NET_SSH2_MSG_EXT_INFO: + Strings::shift($payload, 1); + list($nr_extensions) = Strings::unpackSSH2('N', $payload); + for ($i = 0; $i < $nr_extensions; $i++) { + list($extension_name, $extension_value) = Strings::unpackSSH2('ss', $payload); + if ($extension_name == 'server-sig-algs') { + $this->supported_private_key_algorithms = explode(',', $extension_value); + } + } + $payload = $this->get_binary_packet(); + } + + // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in + if (($this->bitmap & self::MASK_CONNECTED) && !$this->isAuthenticated() && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) { + Strings::shift($payload, 1); + list($this->banner_message) = Strings::unpackSSH2('s', $payload); + $payload = $this->get_binary_packet(); + } + + // only called when we've already logged in + if (($this->bitmap & self::MASK_CONNECTED) && $this->isAuthenticated()) { + switch (ord($payload[0])) { + case NET_SSH2_MSG_CHANNEL_REQUEST: + if (strlen($payload) == 31) { + extract(unpack('cpacket_type/Nchannel/Nlength', $payload)); + if (substr($payload, 9, $length) == 'keepalive@openssh.com' && isset($this->server_channels[$channel])) { + if (ord(substr($payload, 9 + $length))) { // want reply + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_SUCCESS, $this->server_channels[$channel])); + } + $payload = $this->get_binary_packet(); + } + } + break; + case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4 + Strings::shift($payload, 1); + list($request_name) = Strings::unpackSSH2('s', $payload); + $this->errors[] = "SSH_MSG_GLOBAL_REQUEST: $request_name"; + $this->send_binary_packet(pack('C', NET_SSH2_MSG_REQUEST_FAILURE)); + $payload = $this->get_binary_packet(); + break; + case NET_SSH2_MSG_CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1 + Strings::shift($payload, 1); + list($data, $server_channel) = Strings::unpackSSH2('sN', $payload); + switch ($data) { + case 'auth-agent': + case 'auth-agent@openssh.com': + if (isset($this->agent)) { + $new_channel = self::CHANNEL_AGENT_FORWARD; + + list( + $remote_window_size, + $remote_maximum_packet_size + ) = Strings::unpackSSH2('NN', $payload); + + $this->packet_size_client_to_server[$new_channel] = $remote_window_size; + $this->window_size_server_to_client[$new_channel] = $remote_maximum_packet_size; + $this->window_size_client_to_server[$new_channel] = $this->window_size; + + $packet_size = 0x4000; + + $packet = pack( + 'CN4', + NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, + $server_channel, + $new_channel, + $packet_size, + $packet_size + ); + + $this->server_channels[$new_channel] = $server_channel; + $this->channel_status[$new_channel] = NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION; + $this->send_binary_packet($packet); + } + break; + default: + $packet = Strings::packSSH2( + 'CN2ss', + NET_SSH2_MSG_CHANNEL_OPEN_FAILURE, + $server_channel, + NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED, + '', // description + '' // language tag + ); + $this->send_binary_packet($packet); + } + + $payload = $this->get_binary_packet(); + break; + } + } + + return $payload; + } + + /** + * Enable Quiet Mode + * + * Suppress stderr from output + * + */ + public function enableQuietMode() + { + $this->quiet_mode = true; + } + + /** + * Disable Quiet Mode + * + * Show stderr in output + * + */ + public function disableQuietMode() + { + $this->quiet_mode = false; + } + + /** + * Returns whether Quiet Mode is enabled or not + * + * @see self::enableQuietMode() + * @see self::disableQuietMode() + * @return bool + */ + public function isQuietModeEnabled() + { + return $this->quiet_mode; + } + + /** + * Enable request-pty when using exec() + * + */ + public function enablePTY() + { + $this->request_pty = true; + } + + /** + * Disable request-pty when using exec() + * + */ + public function disablePTY() + { + if ($this->isPTYOpen()) { + $this->close_channel(self::CHANNEL_EXEC); + } + $this->request_pty = false; + } + + /** + * Returns whether request-pty is enabled or not + * + * @see self::enablePTY() + * @see self::disablePTY() + * @return bool + */ + public function isPTYEnabled() + { + return $this->request_pty; + } + + /** + * Gets channel data + * + * Returns the data as a string. bool(true) is returned if: + * + * - the server closes the channel + * - if the connection times out + * - if a window adjust packet is received on the given negated client channel + * - if the channel status is CHANNEL_OPEN and the response was CHANNEL_OPEN_CONFIRMATION + * - if the channel status is CHANNEL_REQUEST and the response was CHANNEL_SUCCESS + * - if the channel status is CHANNEL_CLOSE and the response was CHANNEL_CLOSE + * + * bool(false) is returned if: + * + * - if the channel status is CHANNEL_REQUEST and the response was CHANNEL_FAILURE + * + * @param int $client_channel Specifies the channel to return data for, and data received + * on other channels is buffered. The respective negative value of a channel is + * also supported for the case that the caller is awaiting adjustment of the data + * window, and where data received on that respective channel is also buffered. + * @param bool $skip_extended + * @return mixed + * @throws \RuntimeException on connection error + */ + protected function get_channel_packet($client_channel, $skip_extended = false) + { + if (!empty($this->channel_buffers[$client_channel])) { + switch ($this->channel_status[$client_channel]) { + case NET_SSH2_MSG_CHANNEL_REQUEST: + foreach ($this->channel_buffers[$client_channel] as $i => $packet) { + switch (ord($packet[0])) { + case NET_SSH2_MSG_CHANNEL_SUCCESS: + case NET_SSH2_MSG_CHANNEL_FAILURE: + unset($this->channel_buffers[$client_channel][$i]); + return substr($packet, 1); + } + } + break; + default: + return substr(array_shift($this->channel_buffers[$client_channel]), 1); + } + } + + while (true) { + try { + $response = $this->get_binary_packet(); + } catch (TimeoutException $e) { + return true; + } + list($type) = Strings::unpackSSH2('C', $response); + if (strlen($response) >= 4) { + list($channel) = Strings::unpackSSH2('N', $response); + } + + // will not be setup yet on incoming channel open request + if (isset($channel) && isset($this->channel_status[$channel]) && isset($this->window_size_server_to_client[$channel])) { + $this->window_size_server_to_client[$channel] -= strlen($response); + + // resize the window, if appropriate + if ($this->window_size_server_to_client[$channel] < 0) { + // PuTTY does something more analogous to the following: + //if ($this->window_size_server_to_client[$channel] < 0x3FFFFFFF) { + $packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$channel], $this->window_resize); + $this->send_binary_packet($packet); + $this->window_size_server_to_client[$channel] += $this->window_resize; + } + + switch ($type) { + case NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST: + list($window_size) = Strings::unpackSSH2('N', $response); + $this->window_size_client_to_server[$channel] += $window_size; + if ($channel == -$client_channel) { + return true; + } + + continue 2; + case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA: + /* + if ($client_channel == self::CHANNEL_EXEC) { + $this->send_channel_packet($client_channel, chr(0)); + } + */ + // currently, there's only one possible value for $data_type_code: NET_SSH2_EXTENDED_DATA_STDERR + list($data_type_code, $data) = Strings::unpackSSH2('Ns', $response); + $this->stdErrorLog .= $data; + if ($skip_extended || $this->quiet_mode) { + continue 2; + } + if ($client_channel == $channel && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA) { + return $data; + } + $this->channel_buffers[$channel][] = chr($type) . $data; + + continue 2; + case NET_SSH2_MSG_CHANNEL_REQUEST: + if ($this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_CLOSE) { + continue 2; + } + list($value) = Strings::unpackSSH2('s', $response); + switch ($value) { + case 'exit-signal': + list( + , // FALSE + $signal_name, + , // core dumped + $error_message + ) = Strings::unpackSSH2('bsbs', $response); + + $this->errors[] = "SSH_MSG_CHANNEL_REQUEST (exit-signal): $signal_name"; + if (strlen($error_message)) { + $this->errors[count($this->errors) - 1] .= "\r\n$error_message"; + } + + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_EOF, $this->server_channels[$client_channel])); + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel])); + + $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_EOF; + + continue 3; + case 'exit-status': + list(, $this->exit_status) = Strings::unpackSSH2('CN', $response); + + // "The client MAY ignore these messages." + // -- http://tools.ietf.org/html/rfc4254#section-6.10 + + continue 3; + default: + // "Some systems may not implement signals, in which case they SHOULD ignore this message." + // -- http://tools.ietf.org/html/rfc4254#section-6.9 + continue 3; + } + } + + switch ($this->channel_status[$channel]) { + case NET_SSH2_MSG_CHANNEL_OPEN: + switch ($type) { + case NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION: + list( + $this->server_channels[$channel], + $window_size, + $this->packet_size_client_to_server[$channel] + ) = Strings::unpackSSH2('NNN', $response); + + if ($window_size < 0) { + $window_size &= 0x7FFFFFFF; + $window_size += 0x80000000; + } + $this->window_size_client_to_server[$channel] = $window_size; + $result = $client_channel == $channel ? true : $this->get_channel_packet($client_channel, $skip_extended); + $this->on_channel_open(); + return $result; + case NET_SSH2_MSG_CHANNEL_OPEN_FAILURE: + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + throw new \RuntimeException('Unable to open channel'); + default: + if ($client_channel == $channel) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + throw new \RuntimeException('Unexpected response to open request'); + } + return $this->get_channel_packet($client_channel, $skip_extended); + } + break; + case NET_SSH2_MSG_CHANNEL_REQUEST: + switch ($type) { + case NET_SSH2_MSG_CHANNEL_SUCCESS: + return true; + case NET_SSH2_MSG_CHANNEL_FAILURE: + return false; + case NET_SSH2_MSG_CHANNEL_DATA: + list($data) = Strings::unpackSSH2('s', $response); + $this->channel_buffers[$channel][] = chr($type) . $data; + return $this->get_channel_packet($client_channel, $skip_extended); + default: + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + throw new \RuntimeException('Unable to fulfill channel request'); + } + case NET_SSH2_MSG_CHANNEL_CLOSE: + if ($client_channel == $channel && $type == NET_SSH2_MSG_CHANNEL_CLOSE) { + return true; + } + return $this->get_channel_packet($client_channel, $skip_extended); + } + } + + // ie. $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA + + switch ($type) { + case NET_SSH2_MSG_CHANNEL_DATA: + /* + if ($channel == self::CHANNEL_EXEC) { + // SCP requires null packets, such as this, be sent. further, in the case of the ssh.com SSH server + // this actually seems to make things twice as fast. more to the point, the message right after + // SSH_MSG_CHANNEL_DATA (usually SSH_MSG_IGNORE) won't block for as long as it would have otherwise. + // in OpenSSH it slows things down but only by a couple thousandths of a second. + $this->send_channel_packet($channel, chr(0)); + } + */ + list($data) = Strings::unpackSSH2('s', $response); + + if ($channel == self::CHANNEL_AGENT_FORWARD) { + $agent_response = $this->agent->forwardData($data); + if (!is_bool($agent_response)) { + $this->send_channel_packet($channel, $agent_response); + } + break; + } + + if ($client_channel == $channel) { + return $data; + } + $this->channel_buffers[$channel][] = chr($type) . $data; + break; + case NET_SSH2_MSG_CHANNEL_CLOSE: + $this->curTimeout = 5; + + $this->close_channel_bitmap($channel); + + if ($this->channel_status[$channel] != NET_SSH2_MSG_CHANNEL_EOF) { + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel])); + } + + $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_CLOSE; + $this->channelCount--; + + if ($client_channel == $channel) { + return true; + } + // fall-through + case NET_SSH2_MSG_CHANNEL_EOF: + break; + default: + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + throw new \RuntimeException("Error reading channel data ($type)"); + } + } + } + + /** + * Sends Binary Packets + * + * See '6. Binary Packet Protocol' of rfc4253 for more info. + * + * @param string $data + * @param string $logged + * @see self::_get_binary_packet() + * @return void + */ + protected function send_binary_packet($data, $logged = null) + { + if (!is_resource($this->fsock) || feof($this->fsock)) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST); + throw new ConnectionClosedException('Connection closed prematurely'); + } + + if (!isset($logged)) { + $logged = $data; + } + + switch ($this->compress) { + case self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH: + if (!$this->isAuthenticated()) { + break; + } + // fall-through + case self::NET_SSH2_COMPRESSION_ZLIB: + if (!$this->regenerate_compression_context) { + $header = ''; + } else { + $this->regenerate_compression_context = false; + $this->compress_context = deflate_init(ZLIB_ENCODING_RAW, ['window' => 15]); + $header = "\x78\x9C"; + } + if ($this->compress_context) { + $data = $header . deflate_add($this->compress_context, $data, ZLIB_PARTIAL_FLUSH); + } + } + + // 4 (packet length) + 1 (padding length) + 4 (minimal padding amount) == 9 + $packet_length = strlen($data) + 9; + if ($this->encrypt && $this->encrypt->usesNonce()) { + $packet_length -= 4; + } + // round up to the nearest $this->encrypt_block_size + $packet_length += (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size; + // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length + $padding_length = $packet_length - strlen($data) - 5; + switch (true) { + case $this->encrypt && $this->encrypt->usesNonce(): + case $this->hmac_create instanceof Hash && $this->hmac_create_etm: + $padding_length += 4; + $packet_length += 4; + } + + $padding = Random::string($padding_length); + + // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself + $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding); + + $hmac = ''; + if ($this->hmac_create instanceof Hash && !$this->hmac_create_etm) { + if (($this->hmac_create->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') { + $this->hmac_create->setNonce("\0\0\0\0" . pack('N', $this->send_seq_no)); + $hmac = $this->hmac_create->hash($packet); + } else { + $hmac = $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)); + } + } + + if ($this->encrypt) { + switch ($this->encryptName) { + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + $this->encrypt->setNonce( + $this->encryptFixedPart . + $this->encryptInvocationCounter + ); + Strings::increment_str($this->encryptInvocationCounter); + $this->encrypt->setAAD($temp = ($packet & "\xFF\xFF\xFF\xFF")); + $packet = $temp . $this->encrypt->encrypt(substr($packet, 4)); + break; + case 'chacha20-poly1305@openssh.com': + // This should be impossible, but we are checking anyway to narrow the type for Psalm. + if (!($this->encrypt instanceof ChaCha20)) { + throw new \LogicException('$this->encrypt is not a ' . ChaCha20::class); + } + + $nonce = pack('N2', 0, $this->send_seq_no); + + $this->encrypt->setNonce($nonce); + $this->lengthEncrypt->setNonce($nonce); + + $length = $this->lengthEncrypt->encrypt($packet & "\xFF\xFF\xFF\xFF"); + + $this->encrypt->setCounter(0); + // this is the same approach that's implemented in Salsa20::createPoly1305Key() + // but we don't want to use the same AEAD construction that RFC8439 describes + // for ChaCha20-Poly1305 so we won't rely on it (see Salsa20::poly1305()) + $this->encrypt->setPoly1305Key( + $this->encrypt->encrypt(str_repeat("\0", 32)) + ); + $this->encrypt->setAAD($length); + $this->encrypt->setCounter(1); + $packet = $length . $this->encrypt->encrypt(substr($packet, 4)); + break; + default: + $packet = $this->hmac_create instanceof Hash && $this->hmac_create_etm ? + ($packet & "\xFF\xFF\xFF\xFF") . $this->encrypt->encrypt(substr($packet, 4)) : + $this->encrypt->encrypt($packet); + } + } + + if ($this->hmac_create instanceof Hash && $this->hmac_create_etm) { + if (($this->hmac_create->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') { + $this->hmac_create->setNonce("\0\0\0\0" . pack('N', $this->send_seq_no)); + $hmac = $this->hmac_create->hash($packet); + } else { + $hmac = $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)); + } + } + + $this->send_seq_no++; + + $packet .= $this->encrypt && $this->encrypt->usesNonce() ? $this->encrypt->getTag() : $hmac; + + $start = microtime(true); + $sent = @fputs($this->fsock, $packet); + $stop = microtime(true); + + if (defined('NET_SSH2_LOGGING')) { + $current = microtime(true); + $message_number = isset(self::$message_numbers[ord($logged[0])]) ? self::$message_numbers[ord($logged[0])] : 'UNKNOWN (' . ord($logged[0]) . ')'; + $message_number = '-> ' . $message_number . + ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($stop - $start, 4) . 's)'; + $this->append_log($message_number, $logged); + } + $this->last_packet = microtime(true); + + if (strlen($packet) != $sent) { + $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION); + $message = $sent === false ? + 'Unable to write ' . strlen($packet) . ' bytes' : + "Only $sent of " . strlen($packet) . " bytes were sent"; + throw new \RuntimeException($message); + } + } + + /** + * Sends a keep-alive message, if keep-alive is enabled and interval is met + */ + private function send_keep_alive() + { + if ($this->bitmap & self::MASK_CONNECTED) { + $elapsed = microtime(true) - $this->last_packet; + if ($this->keepAlive > 0 && $elapsed >= $this->keepAlive) { + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0)); + } + } + } + + /** + * Logs data packets + * + * Makes sure that only the last 1MB worth of packets will be logged + * + * @param string $message_number + * @param string $message + */ + private function append_log($message_number, $message) + { + $this->append_log_helper( + NET_SSH2_LOGGING, + $message_number, + $message, + $this->message_number_log, + $this->message_log, + $this->log_size, + $this->realtime_log_file, + $this->realtime_log_wrap, + $this->realtime_log_size + ); + } + + /** + * Logs data packet helper + * + * @param int $constant + * @param string $message_number + * @param string $message + * @param array &$message_number_log + * @param array &$message_log + * @param int &$log_size + * @param resource &$realtime_log_file + * @param bool &$realtime_log_wrap + * @param int &$realtime_log_size + */ + protected function append_log_helper($constant, $message_number, $message, array &$message_number_log, array &$message_log, &$log_size, &$realtime_log_file, &$realtime_log_wrap, &$realtime_log_size) + { + // remove the byte identifying the message type from all but the first two messages (ie. the identification strings) + if (strlen($message_number) > 2) { + Strings::shift($message); + } + + switch ($constant) { + // useful for benchmarks + case self::LOG_SIMPLE: + $message_number_log[] = $message_number; + break; + case self::LOG_SIMPLE_REALTIME: + echo $message_number; + echo PHP_SAPI == 'cli' ? "\r\n" : '
'; + @flush(); + @ob_flush(); + break; + // the most useful log for SSH2 + case self::LOG_COMPLEX: + $message_number_log[] = $message_number; + $log_size += strlen($message); + $message_log[] = $message; + while ($log_size > self::LOG_MAX_SIZE) { + $log_size -= strlen(array_shift($message_log)); + array_shift($message_number_log); + } + break; + // dump the output out realtime; packets may be interspersed with non packets, + // passwords won't be filtered out and select other packets may not be correctly + // identified + case self::LOG_REALTIME: + switch (PHP_SAPI) { + case 'cli': + $start = $stop = "\r\n"; + break; + default: + $start = '
';
+                        $stop = '
'; + } + echo $start . $this->format_log([$message], [$message_number]) . $stop; + @flush(); + @ob_flush(); + break; + // basically the same thing as self::LOG_REALTIME with the caveat that NET_SSH2_LOG_REALTIME_FILENAME + // needs to be defined and that the resultant log file will be capped out at self::LOG_MAX_SIZE. + // the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily + // at the beginning of the file + case self::LOG_REALTIME_FILE: + if (!isset($realtime_log_file)) { + // PHP doesn't seem to like using constants in fopen() + $filename = NET_SSH2_LOG_REALTIME_FILENAME; + $fp = fopen($filename, 'w'); + $realtime_log_file = $fp; + } + if (!is_resource($realtime_log_file)) { + break; + } + $entry = $this->format_log([$message], [$message_number]); + if ($realtime_log_wrap) { + $temp = "<<< START >>>\r\n"; + $entry .= $temp; + fseek($realtime_log_file, ftell($realtime_log_file) - strlen($temp)); + } + $realtime_log_size += strlen($entry); + if ($realtime_log_size > self::LOG_MAX_SIZE) { + fseek($realtime_log_file, 0); + $realtime_log_size = strlen($entry); + $realtime_log_wrap = true; + } + fputs($realtime_log_file, $entry); + } + } + + /** + * Sends channel data + * + * Spans multiple SSH_MSG_CHANNEL_DATAs if appropriate + * + * @param int $client_channel + * @param string $data + * @return void + */ + protected function send_channel_packet($client_channel, $data) + { + if ( + isset($this->channel_buffers_write[$client_channel]) + && strpos($data, $this->channel_buffers_write[$client_channel]) === 0 + ) { + // if buffer holds identical initial data content, resume send from the unmatched data portion + $data = substr($data, strlen($this->channel_buffers_write[$client_channel])); + } else { + $this->channel_buffers_write[$client_channel] = ''; + } + while (strlen($data)) { + if (!$this->window_size_client_to_server[$client_channel]) { + // using an invalid channel will let the buffers be built up for the valid channels + $this->get_channel_packet(-$client_channel); + if ($this->isTimeout()) { + throw new TimeoutException('Timed out waiting for server'); + } elseif (!$this->window_size_client_to_server[$client_channel]) { + throw new \RuntimeException('Data window was not adjusted'); + } + } + + /* The maximum amount of data allowed is determined by the maximum + packet size for the channel, and the current window size, whichever + is smaller. + -- http://tools.ietf.org/html/rfc4254#section-5.2 */ + $max_size = min( + $this->packet_size_client_to_server[$client_channel], + $this->window_size_client_to_server[$client_channel] + ); + + $temp = Strings::shift($data, $max_size); + $packet = Strings::packSSH2( + 'CNs', + NET_SSH2_MSG_CHANNEL_DATA, + $this->server_channels[$client_channel], + $temp + ); + $this->window_size_client_to_server[$client_channel] -= strlen($temp); + $this->send_binary_packet($packet); + $this->channel_buffers_write[$client_channel] .= $temp; + } + unset($this->channel_buffers_write[$client_channel]); + } + + /** + * Closes and flushes a channel + * + * \phpseclib3\Net\SSH2 doesn't properly close most channels. For exec() channels are normally closed by the server + * and for SFTP channels are presumably closed when the client disconnects. This functions is intended + * for SCP more than anything. + * + * @param int $client_channel + * @param bool $want_reply + * @return void + */ + private function close_channel($client_channel, $want_reply = false) + { + // see http://tools.ietf.org/html/rfc4254#section-5.3 + + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_EOF, $this->server_channels[$client_channel])); + + if (!$want_reply) { + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$client_channel])); + } + + $this->channel_status[$client_channel] = NET_SSH2_MSG_CHANNEL_CLOSE; + $this->channelCount--; + + $this->curTimeout = 5; + + while (!is_bool($this->get_channel_packet($client_channel))) { + } + + if ($want_reply) { + $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$client_channel])); + } + + $this->close_channel_bitmap($client_channel); + } + + /** + * Maintains execution state bitmap in response to channel closure + * + * @param int $client_channel The channel number to maintain closure status of + * @return void + */ + private function close_channel_bitmap($client_channel) + { + switch ($client_channel) { + case self::CHANNEL_SHELL: + // Shell status has been maintained in the bitmap for backwards + // compatibility sake, but can be removed going forward + if ($this->bitmap & self::MASK_SHELL) { + $this->bitmap &= ~self::MASK_SHELL; + } + break; + } + } + + /** + * Disconnect + * + * @param int $reason + * @return false + */ + protected function disconnect_helper($reason) + { + if ($this->bitmap & self::MASK_CONNECTED) { + $data = Strings::packSSH2('CNss', NET_SSH2_MSG_DISCONNECT, $reason, '', ''); + try { + $this->send_binary_packet($data); + } catch (\Exception $e) { + } + } + + $this->reset_connection(); + + return false; + } + + /** + * Define Array + * + * Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of + * named constants from it, using the value as the name of the constant and the index as the value of the constant. + * If any of the constants that would be defined already exists, none of the constants will be defined. + * + * @param mixed[] ...$args + * @access protected + */ + protected static function define_array(...$args) + { + foreach ($args as $arg) { + foreach ($arg as $key => $value) { + if (!defined($value)) { + define($value, $key); + } else { + break 2; + } + } + } + } + + /** + * Returns a log of the packets that have been sent and received. + * + * Returns a string if NET_SSH2_LOGGING == self::LOG_COMPLEX, an array if NET_SSH2_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING') + * + * @return array|false|string + */ + public function getLog() + { + if (!defined('NET_SSH2_LOGGING')) { + return false; + } + + switch (NET_SSH2_LOGGING) { + case self::LOG_SIMPLE: + return $this->message_number_log; + case self::LOG_COMPLEX: + $log = $this->format_log($this->message_log, $this->message_number_log); + return PHP_SAPI == 'cli' ? $log : '
' . $log . '
'; + default: + return false; + } + } + + /** + * Formats a log for printing + * + * @param array $message_log + * @param array $message_number_log + * @return string + */ + protected function format_log(array $message_log, array $message_number_log) + { + $output = ''; + for ($i = 0; $i < count($message_log); $i++) { + $output .= $message_number_log[$i] . "\r\n"; + $current_log = $message_log[$i]; + $j = 0; + do { + if (strlen($current_log)) { + $output .= str_pad(dechex($j), 7, '0', STR_PAD_LEFT) . '0 '; + } + $fragment = Strings::shift($current_log, $this->log_short_width); + $hex = substr(preg_replace_callback('#.#s', function ($matches) { + return $this->log_boundary . str_pad(dechex(ord($matches[0])), 2, '0', STR_PAD_LEFT); + }, $fragment), strlen($this->log_boundary)); + // replace non ASCII printable characters with dots + // http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters + // also replace < with a . since < messes up the output on web browsers + $raw = preg_replace('#[^\x20-\x7E]|<#', '.', $fragment); + $output .= str_pad($hex, $this->log_long_width - $this->log_short_width, ' ') . $raw . "\r\n"; + $j++; + } while (strlen($current_log)); + $output .= "\r\n"; + } + + return $output; + } + + /** + * Helper function for agent->on_channel_open() + * + * Used when channels are created to inform agent + * of said channel opening. Must be called after + * channel open confirmation received + * + */ + private function on_channel_open() + { + if (isset($this->agent)) { + $this->agent->registerChannelOpen($this); + } + } + + /** + * Returns the first value of the intersection of two arrays or false if + * the intersection is empty. The order is defined by the first parameter. + * + * @param array $array1 + * @param array $array2 + * @return mixed False if intersection is empty, else intersected value. + */ + private static function array_intersect_first(array $array1, array $array2) + { + foreach ($array1 as $value) { + if (in_array($value, $array2)) { + return $value; + } + } + return false; + } + + /** + * Returns all errors / debug messages on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getSFTPErrors() + * + * @return string[] + */ + public function getErrors() + { + return $this->errors; + } + + /** + * Returns the last error received on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getLastSFTPError() + * + * @return string + */ + public function getLastError() + { + $count = count($this->errors); + + if ($count > 0) { + return $this->errors[$count - 1]; + } + } + + /** + * Return the server identification. + * + * @return string|false + */ + public function getServerIdentification() + { + $this->connect(); + + return $this->server_identifier; + } + + /** + * Returns a list of algorithms the server supports + * + * @return array + */ + public function getServerAlgorithms() + { + $this->connect(); + + return [ + 'kex' => $this->kex_algorithms, + 'hostkey' => $this->server_host_key_algorithms, + 'client_to_server' => [ + 'crypt' => $this->encryption_algorithms_client_to_server, + 'mac' => $this->mac_algorithms_client_to_server, + 'comp' => $this->compression_algorithms_client_to_server, + 'lang' => $this->languages_client_to_server + ], + 'server_to_client' => [ + 'crypt' => $this->encryption_algorithms_server_to_client, + 'mac' => $this->mac_algorithms_server_to_client, + 'comp' => $this->compression_algorithms_server_to_client, + 'lang' => $this->languages_server_to_client + ] + ]; + } + + /** + * Returns a list of KEX algorithms that phpseclib supports + * + * @return array + */ + public static function getSupportedKEXAlgorithms() + { + $kex_algorithms = [ + // Elliptic Curve Diffie-Hellman Key Agreement (ECDH) using + // Curve25519. See doc/curve25519-sha256@libssh.org.txt in the + // libssh repository for more information. + 'curve25519-sha256', + 'curve25519-sha256@libssh.org', + + 'ecdh-sha2-nistp256', // RFC 5656 + 'ecdh-sha2-nistp384', // RFC 5656 + 'ecdh-sha2-nistp521', // RFC 5656 + + 'diffie-hellman-group-exchange-sha256',// RFC 4419 + 'diffie-hellman-group-exchange-sha1', // RFC 4419 + + // Diffie-Hellman Key Agreement (DH) using integer modulo prime + // groups. + 'diffie-hellman-group14-sha256', + 'diffie-hellman-group14-sha1', // REQUIRED + 'diffie-hellman-group15-sha512', + 'diffie-hellman-group16-sha512', + 'diffie-hellman-group17-sha512', + 'diffie-hellman-group18-sha512', + + 'diffie-hellman-group1-sha1', // REQUIRED + ]; + + return $kex_algorithms; + } + + /** + * Returns a list of host key algorithms that phpseclib supports + * + * @return array + */ + public static function getSupportedHostKeyAlgorithms() + { + return [ + 'ssh-ed25519', // https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-02 + 'ecdsa-sha2-nistp256', // RFC 5656 + 'ecdsa-sha2-nistp384', // RFC 5656 + 'ecdsa-sha2-nistp521', // RFC 5656 + 'rsa-sha2-256', // RFC 8332 + 'rsa-sha2-512', // RFC 8332 + 'ssh-rsa', // RECOMMENDED sign Raw RSA Key + 'ssh-dss' // REQUIRED sign Raw DSS Key + ]; + } + + /** + * Returns a list of symmetric key algorithms that phpseclib supports + * + * @return array + */ + public static function getSupportedEncryptionAlgorithms() + { + $algos = [ + // from : + 'aes128-gcm@openssh.com', + 'aes256-gcm@openssh.com', + + // from : + 'arcfour256', + 'arcfour128', + + //'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key + + // CTR modes from : + 'aes128-ctr', // RECOMMENDED AES (Rijndael) in SDCTR mode, with 128-bit key + 'aes192-ctr', // RECOMMENDED AES with 192-bit key + 'aes256-ctr', // RECOMMENDED AES with 256-bit key + + // from : + // one of the big benefits of chacha20-poly1305 is speed. the problem is... + // libsodium doesn't generate the poly1305 keys in the way ssh does and openssl's PHP bindings don't even + // seem to support poly1305 currently. so even if libsodium or openssl are being used for the chacha20 + // part, pure-PHP has to be used for the poly1305 part and that's gonna cause a big slow down. + // speed-wise it winds up being faster to use AES (when openssl or mcrypt are available) and some HMAC + // (which is always gonna be super fast to compute thanks to the hash extension, which + // "is bundled and compiled into PHP by default") + 'chacha20-poly1305@openssh.com', + + 'twofish128-ctr', // OPTIONAL Twofish in SDCTR mode, with 128-bit key + 'twofish192-ctr', // OPTIONAL Twofish with 192-bit key + 'twofish256-ctr', // OPTIONAL Twofish with 256-bit key + + 'aes128-cbc', // RECOMMENDED AES with a 128-bit key + 'aes192-cbc', // OPTIONAL AES with a 192-bit key + 'aes256-cbc', // OPTIONAL AES in CBC mode, with a 256-bit key + + 'twofish128-cbc', // OPTIONAL Twofish with a 128-bit key + 'twofish192-cbc', // OPTIONAL Twofish with a 192-bit key + 'twofish256-cbc', + 'twofish-cbc', // OPTIONAL alias for "twofish256-cbc" + // (this is being retained for historical reasons) + + 'blowfish-ctr', // OPTIONAL Blowfish in SDCTR mode + + 'blowfish-cbc', // OPTIONAL Blowfish in CBC mode + + '3des-ctr', // RECOMMENDED Three-key 3DES in SDCTR mode + + '3des-cbc', // REQUIRED three-key 3DES in CBC mode + + //'none' // OPTIONAL no encryption; NOT RECOMMENDED + ]; + + if (self::$crypto_engine) { + $engines = [self::$crypto_engine]; + } else { + $engines = [ + 'libsodium', + 'OpenSSL (GCM)', + 'OpenSSL', + 'mcrypt', + 'Eval', + 'PHP' + ]; + } + + $ciphers = []; + + foreach ($engines as $engine) { + foreach ($algos as $algo) { + $obj = self::encryption_algorithm_to_crypt_instance($algo); + if ($obj instanceof Rijndael) { + $obj->setKeyLength(preg_replace('#[^\d]#', '', $algo)); + } + switch ($algo) { + // Eval engines do not exist for ChaCha20 or RC4 because they would not benefit from one. + // to benefit from an Eval engine they'd need to loop a variable amount of times, they'd + // need to do table lookups (eg. sbox subsitutions). ChaCha20 doesn't do either because + // it's a so-called ARX cipher, meaning that the only operations it does are add (A), rotate (R) + // and XOR (X). RC4 does do table lookups but being a stream cipher it works differently than + // block ciphers. with RC4 you XOR the plaintext against a keystream and the keystream changes + // as you encrypt stuff. the only table lookups are made against this keystream and thus table + // lookups are kinda unavoidable. with AES and DES, however, the table lookups that are done + // are done against substitution boxes (sboxes), which are invariant. + + // OpenSSL can't be used as an engine, either, because OpenSSL doesn't support continuous buffers + // as SSH2 uses and altho you can emulate a continuous buffer with block ciphers you can't do so + // with stream ciphers. As for ChaCha20... for the ChaCha20 part OpenSSL could prob be used but + // the big slow down isn't with ChaCha20 - it's with Poly1305. SSH constructs the key for that + // differently than how OpenSSL does it (OpenSSL does it as the RFC describes, SSH doesn't). + + // libsodium can't be used because it doesn't support RC4 and it doesn't construct the Poly1305 + // keys in the same way that SSH does + + // mcrypt could prob be used for RC4 but mcrypt hasn't been included in PHP core for yearss + case 'chacha20-poly1305@openssh.com': + case 'arcfour128': + case 'arcfour256': + if ($engine != 'PHP') { + continue 2; + } + break; + case 'aes128-gcm@openssh.com': + case 'aes256-gcm@openssh.com': + if ($engine == 'OpenSSL') { + continue 2; + } + $obj->setNonce('dummydummydu'); + } + if ($obj->isValidEngine($engine)) { + $algos = array_diff($algos, [$algo]); + $ciphers[] = $algo; + } + } + } + + return $ciphers; + } + + /** + * Returns a list of MAC algorithms that phpseclib supports + * + * @return array + */ + public static function getSupportedMACAlgorithms() + { + return [ + 'hmac-sha2-256-etm@openssh.com', + 'hmac-sha2-512-etm@openssh.com', + 'umac-64-etm@openssh.com', + 'umac-128-etm@openssh.com', + 'hmac-sha1-etm@openssh.com', + + // from : + 'hmac-sha2-256',// RECOMMENDED HMAC-SHA256 (digest length = key length = 32) + 'hmac-sha2-512',// OPTIONAL HMAC-SHA512 (digest length = key length = 64) + + // from : + 'umac-64@openssh.com', + 'umac-128@openssh.com', + + 'hmac-sha1-96', // RECOMMENDED first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20) + 'hmac-sha1', // REQUIRED HMAC-SHA1 (digest length = key length = 20) + 'hmac-md5-96', // OPTIONAL first 96 bits of HMAC-MD5 (digest length = 12, key length = 16) + 'hmac-md5', // OPTIONAL HMAC-MD5 (digest length = key length = 16) + //'none' // OPTIONAL no MAC; NOT RECOMMENDED + ]; + } + + /** + * Returns a list of compression algorithms that phpseclib supports + * + * @return array + */ + public static function getSupportedCompressionAlgorithms() + { + $algos = ['none']; // REQUIRED no compression + if (function_exists('deflate_init')) { + $algos[] = 'zlib@openssh.com'; // https://datatracker.ietf.org/doc/html/draft-miller-secsh-compression-delayed + $algos[] = 'zlib'; + } + return $algos; + } + + /** + * Return list of negotiated algorithms + * + * Uses the same format as https://www.php.net/ssh2-methods-negotiated + * + * @return array + */ + public function getAlgorithmsNegotiated() + { + $this->connect(); + + $compression_map = [ + self::NET_SSH2_COMPRESSION_NONE => 'none', + self::NET_SSH2_COMPRESSION_ZLIB => 'zlib', + self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH => 'zlib@openssh.com' + ]; + + return [ + 'kex' => $this->kex_algorithm, + 'hostkey' => $this->signature_format, + 'client_to_server' => [ + 'crypt' => $this->encryptName, + 'mac' => $this->hmac_create_name, + 'comp' => $compression_map[$this->compress], + ], + 'server_to_client' => [ + 'crypt' => $this->decryptName, + 'mac' => $this->hmac_check_name, + 'comp' => $compression_map[$this->decompress], + ] + ]; + } + + /** + * Force multiple channels (even if phpseclib has decided to disable them) + */ + public function forceMultipleChannels() + { + $this->errorOnMultipleChannels = false; + } + + /** + * Allows you to set the terminal + * + * @param string $term + */ + public function setTerminal($term) + { + $this->term = $term; + } + + /** + * Accepts an associative array with up to four parameters as described at + * + * + * @param array $methods + */ + public function setPreferredAlgorithms(array $methods) + { + $preferred = $methods; + + if (isset($preferred['kex'])) { + $preferred['kex'] = array_intersect( + $preferred['kex'], + static::getSupportedKEXAlgorithms() + ); + } + + if (isset($preferred['hostkey'])) { + $preferred['hostkey'] = array_intersect( + $preferred['hostkey'], + static::getSupportedHostKeyAlgorithms() + ); + } + + $keys = ['client_to_server', 'server_to_client']; + foreach ($keys as $key) { + if (isset($preferred[$key])) { + $a = &$preferred[$key]; + if (isset($a['crypt'])) { + $a['crypt'] = array_intersect( + $a['crypt'], + static::getSupportedEncryptionAlgorithms() + ); + } + if (isset($a['comp'])) { + $a['comp'] = array_intersect( + $a['comp'], + static::getSupportedCompressionAlgorithms() + ); + } + if (isset($a['mac'])) { + $a['mac'] = array_intersect( + $a['mac'], + static::getSupportedMACAlgorithms() + ); + } + } + } + + $keys = [ + 'kex', + 'hostkey', + 'client_to_server/crypt', + 'client_to_server/comp', + 'client_to_server/mac', + 'server_to_client/crypt', + 'server_to_client/comp', + 'server_to_client/mac', + ]; + foreach ($keys as $key) { + $p = $preferred; + $m = $methods; + + $subkeys = explode('/', $key); + foreach ($subkeys as $subkey) { + if (!isset($p[$subkey])) { + continue 2; + } + $p = $p[$subkey]; + $m = $m[$subkey]; + } + + if (count($p) != count($m)) { + $diff = array_diff($m, $p); + $msg = count($diff) == 1 ? + ' is not a supported algorithm' : + ' are not supported algorithms'; + throw new UnsupportedAlgorithmException(implode(', ', $diff) . $msg); + } + } + + $this->preferred = $preferred; + } + + /** + * Returns the banner message. + * + * Quoting from the RFC, "in some jurisdictions, sending a warning message before + * authentication may be relevant for getting legal protection." + * + * @return string + */ + public function getBannerMessage() + { + return $this->banner_message; + } + + /** + * Returns the server public host key. + * + * Caching this the first time you connect to a server and checking the result on subsequent connections + * is recommended. Returns false if the server signature is not signed correctly with the public host key. + * + * @return string|false + * @throws \RuntimeException on badly formatted keys + * @throws NoSupportedAlgorithmsException when the key isn't in a supported format + */ + public function getServerPublicHostKey() + { + if (!($this->bitmap & self::MASK_CONSTRUCTOR)) { + $this->connect(); + } + + $signature = $this->signature; + $server_public_host_key = base64_encode($this->server_public_host_key); + + if ($this->signature_validated) { + return $this->bitmap ? + $this->signature_format . ' ' . $server_public_host_key : + false; + } + + $this->signature_validated = true; + + switch ($this->signature_format) { + case 'ssh-ed25519': + case 'ecdsa-sha2-nistp256': + case 'ecdsa-sha2-nistp384': + case 'ecdsa-sha2-nistp521': + $key = EC::loadFormat('OpenSSH', $server_public_host_key) + ->withSignatureFormat('SSH2'); + switch ($this->signature_format) { + case 'ssh-ed25519': + $hash = 'sha512'; + break; + case 'ecdsa-sha2-nistp256': + $hash = 'sha256'; + break; + case 'ecdsa-sha2-nistp384': + $hash = 'sha384'; + break; + case 'ecdsa-sha2-nistp521': + $hash = 'sha512'; + } + $key = $key->withHash($hash); + break; + case 'ssh-dss': + $key = DSA::loadFormat('OpenSSH', $server_public_host_key) + ->withSignatureFormat('SSH2') + ->withHash('sha1'); + break; + case 'ssh-rsa': + case 'rsa-sha2-256': + case 'rsa-sha2-512': + // could be ssh-rsa, rsa-sha2-256, rsa-sha2-512 + // we don't check here because we already checked in key_exchange + // some signatures have the type embedded within the message and some don't + list(, $signature) = Strings::unpackSSH2('ss', $signature); + + $key = RSA::loadFormat('OpenSSH', $server_public_host_key) + ->withPadding(RSA::SIGNATURE_PKCS1); + switch ($this->signature_format) { + case 'rsa-sha2-512': + $hash = 'sha512'; + break; + case 'rsa-sha2-256': + $hash = 'sha256'; + break; + //case 'ssh-rsa': + default: + $hash = 'sha1'; + } + $key = $key->withHash($hash); + break; + default: + $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE); + throw new NoSupportedAlgorithmsException('Unsupported signature format'); + } + + if (!$key->verify($this->exchange_hash, $signature)) { + return $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE); + }; + + return $this->signature_format . ' ' . $server_public_host_key; + } + + /** + * Returns the exit status of an SSH command or false. + * + * @return false|int + */ + public function getExitStatus() + { + if (is_null($this->exit_status)) { + return false; + } + return $this->exit_status; + } + + /** + * Returns the number of columns for the terminal window size. + * + * @return int + */ + public function getWindowColumns() + { + return $this->windowColumns; + } + + /** + * Returns the number of rows for the terminal window size. + * + * @return int + */ + public function getWindowRows() + { + return $this->windowRows; + } + + /** + * Sets the number of columns for the terminal window size. + * + * @param int $value + */ + public function setWindowColumns($value) + { + $this->windowColumns = $value; + } + + /** + * Sets the number of rows for the terminal window size. + * + * @param int $value + */ + public function setWindowRows($value) + { + $this->windowRows = $value; + } + + /** + * Sets the number of columns and rows for the terminal window size. + * + * @param int $columns + * @param int $rows + */ + public function setWindowSize($columns = 80, $rows = 24) + { + $this->windowColumns = $columns; + $this->windowRows = $rows; + } + + /** + * To String Magic Method + * + * @return string + */ + #[\ReturnTypeWillChange] + public function __toString() + { + return $this->getResourceId(); + } + + /** + * Get Resource ID + * + * We use {} because that symbols should not be in URL according to + * {@link http://tools.ietf.org/html/rfc3986#section-2 RFC}. + * It will safe us from any conflicts, because otherwise regexp will + * match all alphanumeric domains. + * + * @return string + */ + public function getResourceId() + { + return '{' . spl_object_hash($this) . '}'; + } + + /** + * Return existing connection + * + * @param string $id + * + * @return bool|SSH2 will return false if no such connection + */ + public static function getConnectionByResourceId($id) + { + if (isset(self::$connections[$id])) { + return self::$connections[$id] instanceof \WeakReference ? self::$connections[$id]->get() : self::$connections[$id]; + } + return false; + } + + /** + * Return all excising connections + * + * @return array + */ + public static function getConnections() + { + if (!class_exists('WeakReference')) { + /** @var array */ + return self::$connections; + } + $temp = []; + foreach (self::$connections as $key => $ref) { + $temp[$key] = $ref->get(); + } + return $temp; + } + + /* + * Update packet types in log history + * + * @param string $old + * @param string $new + */ + private function updateLogHistory($old, $new) + { + if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) { + $this->message_number_log[count($this->message_number_log) - 1] = str_replace( + $old, + $new, + $this->message_number_log[count($this->message_number_log) - 1] + ); + } + } + + /** + * Return the list of authentication methods that may productively continue authentication. + * + * @see https://tools.ietf.org/html/rfc4252#section-5.1 + * @return array|null + */ + public function getAuthMethodsToContinue() + { + return $this->auth_methods_to_continue; + } + + /** + * Enables "smart" multi-factor authentication (MFA) + */ + public function enableSmartMFA() + { + $this->smartMFA = true; + } + + /** + * Disables "smart" multi-factor authentication (MFA) + */ + public function disableSmartMFA() + { + $this->smartMFA = false; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent.php new file mode 100644 index 0000000..376d77b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent.php @@ -0,0 +1,306 @@ + + * login('username', $agent)) { + * exit('Login Failed'); + * } + * + * echo $ssh->exec('pwd'); + * echo $ssh->exec('ls -la'); + * ?> + * + * + * @author Jim Wigginton + * @copyright 2014 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\System\SSH; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\PublicKeyLoader; +use phpseclib3\Crypt\RSA; +use phpseclib3\Exception\BadConfigurationException; +use phpseclib3\Net\SSH2; +use phpseclib3\System\SSH\Agent\Identity; + +/** + * Pure-PHP ssh-agent client identity factory + * + * requestIdentities() method pumps out \phpseclib3\System\SSH\Agent\Identity objects + * + * @author Jim Wigginton + */ +class Agent +{ + use Common\Traits\ReadBytes; + + // Message numbers + + // to request SSH1 keys you have to use SSH_AGENTC_REQUEST_RSA_IDENTITIES (1) + const SSH_AGENTC_REQUEST_IDENTITIES = 11; + // this is the SSH2 response; the SSH1 response is SSH_AGENT_RSA_IDENTITIES_ANSWER (2). + const SSH_AGENT_IDENTITIES_ANSWER = 12; + // the SSH1 request is SSH_AGENTC_RSA_CHALLENGE (3) + const SSH_AGENTC_SIGN_REQUEST = 13; + // the SSH1 response is SSH_AGENT_RSA_RESPONSE (4) + const SSH_AGENT_SIGN_RESPONSE = 14; + + // Agent forwarding status + + // no forwarding requested and not active + const FORWARD_NONE = 0; + // request agent forwarding when opportune + const FORWARD_REQUEST = 1; + // forwarding has been request and is active + const FORWARD_ACTIVE = 2; + + /** + * Unused + */ + const SSH_AGENT_FAILURE = 5; + + /** + * Socket Resource + * + * @var resource + */ + private $fsock; + + /** + * Agent forwarding status + * + * @var int + */ + private $forward_status = self::FORWARD_NONE; + + /** + * Buffer for accumulating forwarded authentication + * agent data arriving on SSH data channel destined + * for agent unix socket + * + * @var string + */ + private $socket_buffer = ''; + + /** + * Tracking the number of bytes we are expecting + * to arrive for the agent socket on the SSH data + * channel + * + * @var int + */ + private $expected_bytes = 0; + + /** + * Default Constructor + * + * @return Agent + * @throws BadConfigurationException if SSH_AUTH_SOCK cannot be found + * @throws \RuntimeException on connection errors + */ + public function __construct($address = null) + { + if (!$address) { + switch (true) { + case isset($_SERVER['SSH_AUTH_SOCK']): + $address = $_SERVER['SSH_AUTH_SOCK']; + break; + case isset($_ENV['SSH_AUTH_SOCK']): + $address = $_ENV['SSH_AUTH_SOCK']; + break; + default: + throw new BadConfigurationException('SSH_AUTH_SOCK not found'); + } + } + + if (in_array('unix', stream_get_transports())) { + $this->fsock = fsockopen('unix://' . $address, 0, $errno, $errstr); + if (!$this->fsock) { + throw new \RuntimeException("Unable to connect to ssh-agent (Error $errno: $errstr)"); + } + } else { + if (substr($address, 0, 9) != '\\\\.\\pipe\\' || strpos(substr($address, 9), '\\') !== false) { + throw new \RuntimeException('Address is not formatted as a named pipe should be'); + } + + $this->fsock = fopen($address, 'r+b'); + if (!$this->fsock) { + throw new \RuntimeException('Unable to open address'); + } + } + } + + /** + * Request Identities + * + * See "2.5.2 Requesting a list of protocol 2 keys" + * Returns an array containing zero or more \phpseclib3\System\SSH\Agent\Identity objects + * + * @return array + * @throws \RuntimeException on receipt of unexpected packets + */ + public function requestIdentities() + { + if (!$this->fsock) { + return []; + } + + $packet = pack('NC', 1, self::SSH_AGENTC_REQUEST_IDENTITIES); + if (strlen($packet) != fputs($this->fsock, $packet)) { + throw new \RuntimeException('Connection closed while requesting identities'); + } + + $length = current(unpack('N', $this->readBytes(4))); + $packet = $this->readBytes($length); + + list($type, $keyCount) = Strings::unpackSSH2('CN', $packet); + if ($type != self::SSH_AGENT_IDENTITIES_ANSWER) { + throw new \RuntimeException('Unable to request identities'); + } + + $identities = []; + for ($i = 0; $i < $keyCount; $i++) { + list($key_blob, $comment) = Strings::unpackSSH2('ss', $packet); + $temp = $key_blob; + list($key_type) = Strings::unpackSSH2('s', $temp); + switch ($key_type) { + case 'ssh-rsa': + case 'ssh-dss': + case 'ssh-ed25519': + case 'ecdsa-sha2-nistp256': + case 'ecdsa-sha2-nistp384': + case 'ecdsa-sha2-nistp521': + $key = PublicKeyLoader::load($key_type . ' ' . base64_encode($key_blob)); + } + // resources are passed by reference by default + if (isset($key)) { + $identity = (new Identity($this->fsock)) + ->withPublicKey($key) + ->withPublicKeyBlob($key_blob) + ->withComment($comment); + $identities[] = $identity; + unset($key); + } + } + + return $identities; + } + + /** + * Returns the SSH Agent identity matching a given public key or null if no identity is found + * + * @return ?Identity + */ + public function findIdentityByPublicKey(PublicKey $key) + { + $identities = $this->requestIdentities(); + $key = (string) $key; + foreach ($identities as $identity) { + if (((string) $identity->getPublicKey()) == $key) { + return $identity; + } + } + + return null; + } + + /** + * Signal that agent forwarding should + * be requested when a channel is opened + * + * @return void + */ + public function startSSHForwarding() + { + if ($this->forward_status == self::FORWARD_NONE) { + $this->forward_status = self::FORWARD_REQUEST; + } + } + + /** + * Request agent forwarding of remote server + * + * @param SSH2 $ssh + * @return bool + */ + private function request_forwarding(SSH2 $ssh) + { + if (!$ssh->requestAgentForwarding()) { + return false; + } + + $this->forward_status = self::FORWARD_ACTIVE; + + return true; + } + + /** + * On successful channel open + * + * This method is called upon successful channel + * open to give the SSH Agent an opportunity + * to take further action. i.e. request agent forwarding + * + * @param SSH2 $ssh + */ + public function registerChannelOpen(SSH2 $ssh) + { + if ($this->forward_status == self::FORWARD_REQUEST) { + $this->request_forwarding($ssh); + } + } + + /** + * Forward data to SSH Agent and return data reply + * + * @param string $data + * @return string Data from SSH Agent + * @throws \RuntimeException on connection errors + */ + public function forwardData($data) + { + if ($this->expected_bytes > 0) { + $this->socket_buffer .= $data; + $this->expected_bytes -= strlen($data); + } else { + $agent_data_bytes = current(unpack('N', $data)); + $current_data_bytes = strlen($data); + $this->socket_buffer = $data; + if ($current_data_bytes != $agent_data_bytes + 4) { + $this->expected_bytes = ($agent_data_bytes + 4) - $current_data_bytes; + return false; + } + } + + if (strlen($this->socket_buffer) != fwrite($this->fsock, $this->socket_buffer)) { + throw new \RuntimeException('Connection closed attempting to forward data to SSH agent'); + } + + $this->socket_buffer = ''; + $this->expected_bytes = 0; + + $agent_reply_bytes = current(unpack('N', $this->readBytes(4))); + + $agent_reply_data = $this->readBytes($agent_reply_bytes); + $agent_reply_data = current(unpack('a*', $agent_reply_data)); + + return pack('Na*', $agent_reply_bytes, $agent_reply_data); + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent/Identity.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent/Identity.php new file mode 100644 index 0000000..06a4baf --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent/Identity.php @@ -0,0 +1,346 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\System\SSH\Agent; + +use phpseclib3\Common\Functions\Strings; +use phpseclib3\Crypt\Common\PrivateKey; +use phpseclib3\Crypt\Common\PublicKey; +use phpseclib3\Crypt\DSA; +use phpseclib3\Crypt\EC; +use phpseclib3\Crypt\RSA; +use phpseclib3\Exception\UnsupportedAlgorithmException; +use phpseclib3\System\SSH\Agent; +use phpseclib3\System\SSH\Common\Traits\ReadBytes; + +/** + * Pure-PHP ssh-agent client identity object + * + * Instantiation should only be performed by \phpseclib3\System\SSH\Agent class. + * This could be thought of as implementing an interface that phpseclib3\Crypt\RSA + * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something. + * The methods in this interface would be getPublicKey and sign since those are the + * methods phpseclib looks for to perform public key authentication. + * + * @author Jim Wigginton + * @internal + */ +class Identity implements PrivateKey +{ + use ReadBytes; + + // Signature Flags + // See https://tools.ietf.org/html/draft-miller-ssh-agent-00#section-5.3 + const SSH_AGENT_RSA2_256 = 2; + const SSH_AGENT_RSA2_512 = 4; + + /** + * Key Object + * + * @var PublicKey + * @see self::getPublicKey() + */ + private $key; + + /** + * Key Blob + * + * @var string + * @see self::sign() + */ + private $key_blob; + + /** + * Socket Resource + * + * @var resource + * @see self::sign() + */ + private $fsock; + + /** + * Signature flags + * + * @var int + * @see self::sign() + * @see self::setHash() + */ + private $flags = 0; + + /** + * Comment + * + * @var null|string + */ + private $comment; + + /** + * Curve Aliases + * + * @var array + */ + private static $curveAliases = [ + 'secp256r1' => 'nistp256', + 'secp384r1' => 'nistp384', + 'secp521r1' => 'nistp521', + 'Ed25519' => 'Ed25519' + ]; + + /** + * Default Constructor. + * + * @param resource $fsock + */ + public function __construct($fsock) + { + $this->fsock = $fsock; + } + + /** + * Set Public Key + * + * Called by \phpseclib3\System\SSH\Agent::requestIdentities() + * + * @param PublicKey $key + */ + public function withPublicKey(PublicKey $key) + { + if ($key instanceof EC) { + if (is_array($key->getCurve()) || !isset(self::$curveAliases[$key->getCurve()])) { + throw new UnsupportedAlgorithmException('The only supported curves are nistp256, nistp384, nistp512 and Ed25519'); + } + } + + $new = clone $this; + $new->key = $key; + return $new; + } + + /** + * Set Public Key + * + * Called by \phpseclib3\System\SSH\Agent::requestIdentities(). The key blob could be extracted from $this->key + * but this saves a small amount of computation. + * + * @param string $key_blob + */ + public function withPublicKeyBlob($key_blob) + { + $new = clone $this; + $new->key_blob = $key_blob; + return $new; + } + + /** + * Get Public Key + * + * Wrapper for $this->key->getPublicKey() + * + * @return mixed + */ + public function getPublicKey() + { + return $this->key; + } + + /** + * Sets the hash + * + * @param string $hash + */ + public function withHash($hash) + { + $new = clone $this; + + $hash = strtolower($hash); + + if ($this->key instanceof RSA) { + $new->flags = 0; + switch ($hash) { + case 'sha1': + break; + case 'sha256': + $new->flags = self::SSH_AGENT_RSA2_256; + break; + case 'sha512': + $new->flags = self::SSH_AGENT_RSA2_512; + break; + default: + throw new UnsupportedAlgorithmException('The only supported hashes for RSA are sha1, sha256 and sha512'); + } + } + if ($this->key instanceof EC) { + switch ($this->key->getCurve()) { + case 'secp256r1': + $expectedHash = 'sha256'; + break; + case 'secp384r1': + $expectedHash = 'sha384'; + break; + //case 'secp521r1': + //case 'Ed25519': + default: + $expectedHash = 'sha512'; + } + if ($hash != $expectedHash) { + throw new UnsupportedAlgorithmException('The only supported hash for ' . self::$curveAliases[$this->key->getCurve()] . ' is ' . $expectedHash); + } + } + if ($this->key instanceof DSA) { + if ($hash != 'sha1') { + throw new UnsupportedAlgorithmException('The only supported hash for DSA is sha1'); + } + } + return $new; + } + + /** + * Sets the padding + * + * Only PKCS1 padding is supported + * + * @param string $padding + */ + public function withPadding($padding) + { + if (!$this->key instanceof RSA) { + throw new UnsupportedAlgorithmException('Only RSA keys support padding'); + } + if ($padding != RSA::SIGNATURE_PKCS1 && $padding != RSA::SIGNATURE_RELAXED_PKCS1) { + throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); + } + return $this; + } + + /** + * Determines the signature padding mode + * + * Valid values are: ASN1, SSH2, Raw + * + * @param string $format + */ + public function withSignatureFormat($format) + { + if ($this->key instanceof RSA) { + throw new UnsupportedAlgorithmException('Only DSA and EC keys support signature format setting'); + } + if ($format != 'SSH2') { + throw new UnsupportedAlgorithmException('Only SSH2-formatted signatures are currently supported'); + } + + return $this; + } + + /** + * Returns the curve + * + * Returns a string if it's a named curve, an array if not + * + * @return string|array + */ + public function getCurve() + { + if (!$this->key instanceof EC) { + throw new UnsupportedAlgorithmException('Only EC keys have curves'); + } + + return $this->key->getCurve(); + } + + /** + * Create a signature + * + * See "2.6.2 Protocol 2 private key signature request" + * + * @param string $message + * @return string + * @throws \RuntimeException on connection errors + * @throws UnsupportedAlgorithmException if the algorithm is unsupported + */ + public function sign($message) + { + // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE + $packet = Strings::packSSH2( + 'CssN', + Agent::SSH_AGENTC_SIGN_REQUEST, + $this->key_blob, + $message, + $this->flags + ); + $packet = Strings::packSSH2('s', $packet); + if (strlen($packet) != fputs($this->fsock, $packet)) { + throw new \RuntimeException('Connection closed during signing'); + } + + $length = current(unpack('N', $this->readBytes(4))); + $packet = $this->readBytes($length); + + list($type, $signature_blob) = Strings::unpackSSH2('Cs', $packet); + if ($type != Agent::SSH_AGENT_SIGN_RESPONSE) { + throw new \RuntimeException('Unable to retrieve signature'); + } + + if (!$this->key instanceof RSA) { + return $signature_blob; + } + + list($type, $signature_blob) = Strings::unpackSSH2('ss', $signature_blob); + + return $signature_blob; + } + + /** + * Returns the private key + * + * @param string $type + * @param array $options optional + * @return string + */ + public function toString($type, array $options = []) + { + throw new \RuntimeException('ssh-agent does not provide a mechanism to get the private key'); + } + + /** + * Sets the password + * + * @param string|bool $password + * @return never + */ + public function withPassword($password = false) + { + throw new \RuntimeException('ssh-agent does not provide a mechanism to get the private key'); + } + + /** + * Sets the comment + */ + public function withComment($comment = null) + { + $new = clone $this; + $new->comment = $comment; + return $new; + } + + /** + * Returns the comment + * + * @return null|string + */ + public function getComment() + { + return $this->comment; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Common/Traits/ReadBytes.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Common/Traits/ReadBytes.php new file mode 100644 index 0000000..6fd032b --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Common/Traits/ReadBytes.php @@ -0,0 +1,37 @@ + + * @copyright 2015 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + */ + +namespace phpseclib3\System\SSH\Common\Traits; + +/** + * ReadBytes trait + * + * @author Jim Wigginton + */ +trait ReadBytes +{ + /** + * Read data + * + * @param int $length + * @throws \RuntimeException on connection errors + */ + public function readBytes($length) + { + $temp = fread($this->fsock, $length); + if (strlen($temp) != $length) { + throw new \RuntimeException("Expected $length bytes; got " . strlen($temp)); + } + return $temp; + } +} diff --git a/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/bootstrap.php b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/bootstrap.php new file mode 100644 index 0000000..517106c --- /dev/null +++ b/qa-tool/htdocs/vendor/phpseclib/phpseclib/phpseclib/bootstrap.php @@ -0,0 +1,22 @@ +=7.2.0" + }, + "autoload": { + "psr-4": { + "Psr\\EventDispatcher\\": "src/" + } + }, + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + } +} diff --git a/qa-tool/htdocs/vendor/psr/event-dispatcher/src/EventDispatcherInterface.php b/qa-tool/htdocs/vendor/psr/event-dispatcher/src/EventDispatcherInterface.php new file mode 100644 index 0000000..4306fa9 --- /dev/null +++ b/qa-tool/htdocs/vendor/psr/event-dispatcher/src/EventDispatcherInterface.php @@ -0,0 +1,21 @@ += 5.4. (Jaime Pérez) + +25, May 2017, 3.0.0 +Improvements: +- Remove use of mcrypt (skymeyer) + +08, Sep 2016, 2.0.1 +Bug Fixes: +- Strip whitespace characters when parsing X509Certificate. fixes #84 + (klemen.bratec) +- Certificate 'subject' values can be arrays. fixes #80 (Andreas Stangl) +- HHVM signing node with ID attribute w/out namespace regenerates ID value. + fixes #88 (Milos Tomic) + +Improvements: +- Fix typos and add some PHPDoc Blocks. (gfaust-qb) +- Update lightSAML link. (Milos Tomic) +- Update copyright dates. + +31, Jul 2015, 2.0.0 +Features: +- Namespace support. Classes now in the RobRichards\XMLSecLibs\ namespace. + +Improvements: +- Dropped support for PHP 5.2 + +31, Jul 2015, 1.4.1 +Bug Fixes: +- Allow for large digest values that may have line breaks. fixes #62 + +Features: +- Support for locating specific signature when multiple exist in + document. (griga3k) + +Improvements: +- Add optional argument to XMLSecurityDSig to define the prefix to be used, + also allowing for null to use no prefix, for the dsig namespace. fixes #13 +- Code cleanup +- Depreciated XMLSecurityDSig::generate_GUID for XMLSecurityDSig::generateGUID + +23, Jun 2015, 1.4.0 +Features: +- Support for PSR-0 standard. +- Support for X509SubjectName. (Milos Tomic) +- Add HMAC-SHA1 support. + +Improvements: +- Add how to install to README. (Bernardo Vieira da Silva) +- Code cleanup. (Jaime Pérez) +- Normalilze tests. (Hidde Wieringa) +- Add basic usage to README. (Hidde Wieringa) + +21, May 2015, 1.3.2 +Bug Fixes: +- Fix Undefined variable notice. (dpieper85) +- Fix typo when setting MimeType attribute. (Eugene OZ) +- Fix validateReference() with enveloping signatures + +Features: +- canonicalizeData performance optimization. (Jaime Pérez) +- Add composer support (Maks3w) + +19, Jun 2013, 1.3.1 +Features: +- return encrypted node from XMLSecEnc::encryptNode() when replace is set to + false. (Olav) +- Add support for RSA SHA384 and RSA_SHA512 and SHA384 digest. (Jaime PŽrez) +- Add options parameter to the add cert methods. +- Add optional issuerSerial creation with cert + +Bug Fixes: +- Fix persisted Id when namespaced. (Koen Thomeer) + +Improvements: +- Add LICENSE file +- Convert CHANGELOG.txt to UTF-8 + +26, Sep 2011, 1.3.0 +Features: +- Add param to append sig to node when signing. Fixes a problem when using + inclusive canonicalization to append a signature within a namespaced subtree. + ex. $objDSig->sign($objKey, $appendToNode); +- Add ability to encrypt by reference +- Add support for refences within an encrypted key +- Add thumbprint generation capability (XMLSecurityKey->getX509Thumbprint() and + XMLSecurityKey::getRawThumbprint($cert)) +- Return signature element node from XMLSecurityDSig::insertSignature() and + XMLSecurityDSig::appendSignature() methods +- Support for with simple URI Id reference. +- Add XMLSecurityKey::getSymmetricKeySize() method (Olav) +- Add XMLSecEnc::getCipherValue() method (Olav) +- Improve XMLSecurityKey:generateSessionKey() logic (Olav) + +Bug Fixes: +- Change split() to explode() as split is now depreciated +- ds:References using empty or simple URI Id reference should never include + comments in canonicalized data. +- Make sure that the elements in EncryptedData are emitted in the correct + sequence. + +11 Jan 2010, 1.2.2 +Features: +- Add support XPath support when creating signature. Provides support for + working with EBXML documents. +- Add reference option to force creation of URI attribute. For use + when adding a DOM Document where by default no URI attribute is added. +- Add support for RSA-SHA256 + +Bug Fixes: +- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node + content (patch by Francois Wang) + + +08 Jul 2008, 1.2.1 +Features: +- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos). +- Add fallback to built-in sha1 if both hash and mhash are not available and + throw error for other for other missing hashes. (patch by Olav Morken). +- Add getX509Certificate method to retrieve the x509 cert used for Key. + (patch by Olav Morken). +- Add getValidatedNodes method to retrieve the elements signed by the + signature. (patch by Olav Morken). +- Add insertSignature method for precision signature insertion. Merge + functionality from appendSignature in the process. (Olav Morken, Rob). +- Finally add some tests + +Bug Fixes: +- Fix canonicalization for Document node when using PHP < 5.2. +- Add padding for RSA_SHA1. (patch by Olav Morken). + + +27 Nov 2007, 1.2.0 +Features: +- New addReference/List option (overwrite). Boolean flag indicating if URI + value should be overwritten if already existing within document. + Default is TRUE to maintain BC. + +18 Nov 2007, 1.1.2 +Bug Fixes: +- Remove closing PHP tag to fix extra whitespace characters from being output + +11 Nov 2007, 1.1.1 +Features: +- Add getRefNodeID() and getRefIDs() methods missed in previous release. + Provide functionality to find URIs of existing reference nodes. + Required by simpleSAMLphp project + +Bug Fixes: +- Remove erroneous whitespace causing issues under certain circumastances. + +18 Oct 2007, 1.1.0 +Features: +- Enable creation of enveloping signature. This allows the creation of + managed information cards. +- Add addObject method for enveloping signatures. +- Add staticGet509XCerts method. Chained certificates within a PEM file can + now be added within the X509Data node. +- Add xpath support within transformations +- Add InclusiveNamespaces prefix list support within exclusive transformations. + +Bug Fixes: +- Initialize random number generator for mcrypt_create_iv. (Joan Cornadó). +- Fix an interoperability issue with .NET when encrypting data in CBC mode. + (Joan Cornadó). diff --git a/qa-tool/htdocs/vendor/robrichards/xmlseclibs/LICENSE b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/LICENSE new file mode 100644 index 0000000..4fe5e5f --- /dev/null +++ b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/LICENSE @@ -0,0 +1,31 @@ +Copyright (c) 2007-2019, Robert Richards . +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + * Neither the name of Robert Richards nor the names of his + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/qa-tool/htdocs/vendor/robrichards/xmlseclibs/README.md b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/README.md new file mode 100644 index 0000000..a576080 --- /dev/null +++ b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/README.md @@ -0,0 +1,85 @@ +#xmlseclibs + +xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. + +The author of xmlseclibs is Rob Richards. + +# Branches +Master is currently the only actively maintained branch. +* master/3.1: Added AES-GCM support requiring 7.1+ +* 3.0: Removes mcrypt usage requiring 5.4+ (5.6.24+ recommended for security reasons) +* 2.0: Contains namespace support requiring 5.3+ +* 1.4: Contains auto-loader support while also maintaining backwards compatiblity with the older 1.3 version using the xmlseclibs.php file. Supports PHP 5.2+ + +# Requirements + +xmlseclibs requires PHP version 5.4 or greater. **5.6.24+ recommended for security reasons** + + +## How to Install + +Install with [`composer.phar`](http://getcomposer.org). + +```sh +php composer.phar require "robrichards/xmlseclibs" +``` + + +## Use cases + +xmlseclibs is being used in many different software. + +* [SimpleSAMLPHP](https://github.com/simplesamlphp/simplesamlphp) +* [LightSAML](https://github.com/lightsaml/lightsaml) +* [OneLogin](https://github.com/onelogin/php-saml) + +## Basic usage + +The example below shows basic usage of xmlseclibs, with a SHA-256 signature. + +```php +use RobRichards\XMLSecLibs\XMLSecurityDSig; +use RobRichards\XMLSecLibs\XMLSecurityKey; + +// Load the XML to be signed +$doc = new DOMDocument(); +$doc->load('./path/to/file/tobesigned.xml'); + +// Create a new Security object +$objDSig = new XMLSecurityDSig(); +// Use the c14n exclusive canonicalization +$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); +// Sign using SHA-256 +$objDSig->addReference( + $doc, + XMLSecurityDSig::SHA256, + array('http://www.w3.org/2000/09/xmldsig#enveloped-signature') +); + +// Create a new (private) Security key +$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private')); +/* +If key has a passphrase, set it using +$objKey->passphrase = ''; +*/ +// Load the private key +$objKey->loadKey('./path/to/privatekey.pem', TRUE); + +// Sign the XML file +$objDSig->sign($objKey); + +// Add the associated public key to the signature +$objDSig->add509Cert(file_get_contents('./path/to/file/mycert.pem')); + +// Append the signature to the XML +$objDSig->appendSignature($doc->documentElement); +// Save the signed XML +$doc->save('./path/to/signed.xml'); +``` + +## How to Contribute + +* [Open Issues](https://github.com/robrichards/xmlseclibs/issues) +* [Open Pull Requests](https://github.com/robrichards/xmlseclibs/pulls) + +Mailing List: https://groups.google.com/forum/#!forum/xmlseclibs diff --git a/qa-tool/htdocs/vendor/robrichards/xmlseclibs/composer.json b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/composer.json new file mode 100644 index 0000000..22ce7a3 --- /dev/null +++ b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/composer.json @@ -0,0 +1,21 @@ +{ + "name": "robrichards/xmlseclibs", + "description": "A PHP library for XML Security", + "license": "BSD-3-Clause", + "keywords": [ + "xml", + "xmldsig", + "signature", + "security" + ], + "homepage": "https://github.com/robrichards/xmlseclibs", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "require": { + "php": ">= 5.4", + "ext-openssl": "*" + } +} diff --git a/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/Utils/XPath.php b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/Utils/XPath.php new file mode 100644 index 0000000..8cdc48e --- /dev/null +++ b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/Utils/XPath.php @@ -0,0 +1,44 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecEnc +{ + const template = " + + + +"; + + const Element = 'http://www.w3.org/2001/04/xmlenc#Element'; + const Content = 'http://www.w3.org/2001/04/xmlenc#Content'; + const URI = 3; + const XMLENCNS = 'http://www.w3.org/2001/04/xmlenc#'; + + /** @var null|DOMDocument */ + private $encdoc = null; + + /** @var null|DOMNode */ + private $rawNode = null; + + /** @var null|string */ + public $type = null; + + /** @var null|DOMElement */ + public $encKey = null; + + /** @var array */ + private $references = array(); + + public function __construct() + { + $this->_resetTemplate(); + } + + private function _resetTemplate() + { + $this->encdoc = new DOMDocument(); + $this->encdoc->loadXML(self::template); + } + + /** + * @param string $name + * @param DOMNode $node + * @param string $type + * @throws Exception + */ + public function addReference($name, $node, $type) + { + if (! $node instanceOf DOMNode) { + throw new Exception('$node is not of type DOMNode'); + } + $curencdoc = $this->encdoc; + $this->_resetTemplate(); + $encdoc = $this->encdoc; + $this->encdoc = $curencdoc; + $refuri = XMLSecurityDSig::generateGUID(); + $element = $encdoc->documentElement; + $element->setAttribute("Id", $refuri); + $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri); + } + + /** + * @param DOMNode $node + */ + public function setNode($node) + { + $this->rawNode = $node; + } + + /** + * Encrypt the selected node with the given key. + * + * @param XMLSecurityKey $objKey The encryption key and algorithm. + * @param bool $replace Whether the encrypted node should be replaced in the original tree. Default is true. + * @throws Exception + * + * @return DOMElement The -element. + */ + public function encryptNode($objKey, $replace = true) + { + $data = ''; + if (empty($this->rawNode)) { + throw new Exception('Node to encrypt has not been set'); + } + if (! $objKey instanceof XMLSecurityKey) { + throw new Exception('Invalid Key'); + } + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($this->encdoc); + $objList = $xPath->query('/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue'); + $cipherValue = $objList->item(0); + if ($cipherValue == null) { + throw new Exception('Error locating CipherValue element within template'); + } + switch ($this->type) { + case (self::Element): + $data = $doc->saveXML($this->rawNode); + $this->encdoc->documentElement->setAttribute('Type', self::Element); + break; + case (self::Content): + $children = $this->rawNode->childNodes; + foreach ($children AS $child) { + $data .= $doc->saveXML($child); + } + $this->encdoc->documentElement->setAttribute('Type', self::Content); + break; + default: + throw new Exception('Type is currently not supported'); + } + + $encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $objKey->getAlgorithm()); + $cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild); + + $strEncrypt = base64_encode($objKey->encryptData($data)); + $value = $this->encdoc->createTextNode($strEncrypt); + $cipherValue->appendChild($value); + + if ($replace) { + switch ($this->type) { + case (self::Element): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $this->encdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + while ($this->rawNode->firstChild) { + $this->rawNode->removeChild($this->rawNode->firstChild); + } + $this->rawNode->appendChild($importEnc); + return $importEnc; + } + } else { + return $this->encdoc->documentElement; + } + } + + /** + * @param XMLSecurityKey $objKey + * @throws Exception + */ + public function encryptReferences($objKey) + { + $curRawNode = $this->rawNode; + $curType = $this->type; + foreach ($this->references AS $name => $reference) { + $this->encdoc = $reference["encnode"]; + $this->rawNode = $reference["node"]; + $this->type = $reference["type"]; + try { + $encNode = $this->encryptNode($objKey); + $this->references[$name]["encnode"] = $encNode; + } catch (Exception $e) { + $this->rawNode = $curRawNode; + $this->type = $curType; + throw $e; + } + } + $this->rawNode = $curRawNode; + $this->type = $curType; + } + + /** + * Retrieve the CipherValue text from this encrypted node. + * + * @throws Exception + * @return string|null The Ciphervalue text, or null if no CipherValue is found. + */ + public function getCipherValue() + { + if (empty($this->rawNode)) { + throw new Exception('Node to decrypt has not been set'); + } + + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($doc); + $xPath->registerNamespace('xmlencr', self::XMLENCNS); + /* Only handles embedded content right now and not a reference */ + $query = "./xmlencr:CipherData/xmlencr:CipherValue"; + $nodeset = $xPath->query($query, $this->rawNode); + $node = $nodeset->item(0); + + if (!$node) { + return null; + } + + return base64_decode($node->nodeValue); + } + + /** + * Decrypt this encrypted node. + * + * The behaviour of this function depends on the value of $replace. + * If $replace is false, we will return the decrypted data as a string. + * If $replace is true, we will insert the decrypted element(s) into the + * document, and return the decrypted element(s). + * + * @param XMLSecurityKey $objKey The decryption key that should be used when decrypting the node. + * @param boolean $replace Whether we should replace the encrypted node in the XML document with the decrypted data. The default is true. + * + * @return string|DOMElement The decrypted data. + */ + public function decryptNode($objKey, $replace=true) + { + if (! $objKey instanceof XMLSecurityKey) { + throw new Exception('Invalid Key'); + } + + $encryptedData = $this->getCipherValue(); + if ($encryptedData) { + $decrypted = $objKey->decryptData($encryptedData); + if ($replace) { + switch ($this->type) { + case (self::Element): + $newdoc = new DOMDocument(); + $newdoc->loadXML($decrypted); + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $newdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + $doc = $this->rawNode; + } else { + $doc = $this->rawNode->ownerDocument; + } + $newFrag = $doc->createDocumentFragment(); + $newFrag->appendXML($decrypted); + $parent = $this->rawNode->parentNode; + $parent->replaceChild($newFrag, $this->rawNode); + return $parent; + default: + return $decrypted; + } + } else { + return $decrypted; + } + } else { + throw new Exception("Cannot locate encrypted data"); + } + } + + /** + * Encrypt the XMLSecurityKey + * + * @param XMLSecurityKey $srcKey + * @param XMLSecurityKey $rawKey + * @param bool $append + * @throws Exception + */ + public function encryptKey($srcKey, $rawKey, $append=true) + { + if ((! $srcKey instanceof XMLSecurityKey) || (! $rawKey instanceof XMLSecurityKey)) { + throw new Exception('Invalid Key'); + } + $strEncKey = base64_encode($srcKey->encryptData($rawKey->key)); + $root = $this->encdoc->documentElement; + $encKey = $this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptedKey'); + if ($append) { + $keyInfo = $root->insertBefore($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'), $root->firstChild); + $keyInfo->appendChild($encKey); + } else { + $this->encKey = $encKey; + } + $encMethod = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $srcKey->getAlgorith()); + if (! empty($srcKey->name)) { + $keyInfo = $encKey->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo')); + $keyInfo->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyName', $srcKey->name)); + } + $cipherData = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherData')); + $cipherData->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherValue', $strEncKey)); + if (is_array($this->references) && count($this->references) > 0) { + $refList = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:ReferenceList')); + foreach ($this->references AS $name => $reference) { + $refuri = $reference["refuri"]; + $dataRef = $refList->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:DataReference')); + $dataRef->setAttribute("URI", '#' . $refuri); + } + } + return; + } + + /** + * @param XMLSecurityKey $encKey + * @return DOMElement|string + * @throws Exception + */ + public function decryptKey($encKey) + { + if (! $encKey->isEncrypted) { + throw new Exception("Key is not Encrypted"); + } + if (empty($encKey->key)) { + throw new Exception("Key is missing data to perform the decryption"); + } + return $this->decryptNode($encKey, false); + } + + /** + * @param DOMDocument $element + * @return DOMNode|null + */ + public function locateEncryptedData($element) + { + if ($element instanceof DOMDocument) { + $doc = $element; + } else { + $doc = $element->ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $query = "//*[local-name()='EncryptedData' and namespace-uri()='".self::XMLENCNS."']"; + $nodeset = $xpath->query($query); + return $nodeset->item(0); + } + return null; + } + + /** + * Returns the key from the DOM + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $query = ".//xmlsecenc:EncryptionMethod"; + $nodeset = $xpath->query($query, $node); + if ($encmeth = $nodeset->item(0)) { + $attrAlgorithm = $encmeth->getAttribute("Algorithm"); + try { + $objKey = new XMLSecurityKey($attrAlgorithm, array('type' => 'private')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * @param null|XMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|XMLSecurityKey + * @throws Exception + */ + public static function staticLocateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node) || (! $node instanceof DOMNode)) { + return null; + } + $doc = $node->ownerDocument; + if (!$doc) { + return null; + } + + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $xpath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS); + $query = "./xmlsecdsig:KeyInfo"; + $nodeset = $xpath->query($query, $node); + $encmeth = $nodeset->item(0); + if (!$encmeth) { + /* No KeyInfo in EncryptedData / EncryptedKey. */ + return $objBaseKey; + } + + foreach ($encmeth->childNodes AS $child) { + switch ($child->localName) { + case 'KeyName': + if (! empty($objBaseKey)) { + $objBaseKey->name = $child->nodeValue; + } + break; + case 'KeyValue': + foreach ($child->childNodes AS $keyval) { + switch ($keyval->localName) { + case 'DSAKeyValue': + throw new Exception("DSAKeyValue currently not supported"); + case 'RSAKeyValue': + $modulus = null; + $exponent = null; + if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) { + $modulus = base64_decode($modulusNode->nodeValue); + } + if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) { + $exponent = base64_decode($exponentNode->nodeValue); + } + if (empty($modulus) || empty($exponent)) { + throw new Exception("Missing Modulus or Exponent"); + } + $publicKey = XMLSecurityKey::convertRSA($modulus, $exponent); + $objBaseKey->loadKey($publicKey); + break; + } + } + break; + case 'RetrievalMethod': + $type = $child->getAttribute('Type'); + if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') { + /* Unsupported key type. */ + break; + } + $uri = $child->getAttribute('URI'); + if ($uri[0] !== '#') { + /* URI not a reference - unsupported. */ + break; + } + $id = substr($uri, 1); + + $query = '//xmlsecenc:EncryptedKey[@Id="'.XPath::filterAttrValue($id, XPath::DOUBLE_QUOTE).'"]'; + $keyElement = $xpath->query($query)->item(0); + if (!$keyElement) { + throw new Exception("Unable to locate EncryptedKey with @Id='$id'."); + } + + return XMLSecurityKey::fromEncryptedKeyElement($keyElement); + case 'EncryptedKey': + return XMLSecurityKey::fromEncryptedKeyElement($child); + case 'X509Data': + if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) { + if ($x509certNodes->length > 0) { + $x509cert = $x509certNodes->item(0)->textContent; + $x509cert = str_replace(array("\r", "\n", " "), "", $x509cert); + $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; + $objBaseKey->loadKey($x509cert, false, true); + } + } + break; + } + } + return $objBaseKey; + } + + /** + * @param null|XMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + return self::staticLocateKeyInfo($objBaseKey, $node); + } +} diff --git a/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php new file mode 100644 index 0000000..9986123 --- /dev/null +++ b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php @@ -0,0 +1,1162 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecurityDSig +{ + const XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'; + const SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'; + const SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'; + const SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'; + const SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'; + const RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'; + + const C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + const C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'; + const EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + const EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'; + + const template = ' + + + +'; + + const BASE_TEMPLATE = ' + + + +'; + + /** @var DOMElement|null */ + public $sigNode = null; + + /** @var array */ + public $idKeys = array(); + + /** @var array */ + public $idNS = array(); + + /** @var string|null */ + private $signedInfo = null; + + /** @var DomXPath|null */ + private $xPathCtx = null; + + /** @var string|null */ + private $canonicalMethod = null; + + /** @var string */ + private $prefix = ''; + + /** @var string */ + private $searchpfx = 'secdsig'; + + /** + * This variable contains an associative array of validated nodes. + * @var array|null + */ + private $validatedNodes = null; + + /** + * @param string $prefix + */ + public function __construct($prefix='ds') + { + $template = self::BASE_TEMPLATE; + if (! empty($prefix)) { + $this->prefix = $prefix.':'; + $search = array("ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = ".//secdsig:Signature"; + $nodeset = $xpath->query($query, $objDoc); + $this->sigNode = $nodeset->item($pos); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + return $this->sigNode; + } + return null; + } + + /** + * @param string $name + * @param null|string $value + * @return DOMElement + */ + public function createNewSignNode($name, $value=null) + { + $doc = $this->sigNode->ownerDocument; + if (! is_null($value)) { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name, $value); + } else { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name); + } + return $node; + } + + /** + * @param string $method + * @throws Exception + */ + public function setCanonicalMethod($method) + { + switch ($method) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $this->canonicalMethod = $method; + break; + default: + throw new Exception('Invalid Canonical Method'); + } + if ($xpath = $this->getXPathObj()) { + $query = './'.$this->searchpfx.':SignedInfo'; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sinfo = $nodeset->item(0)) { + $query = './'.$this->searchpfx.'CanonicalizationMethod'; + $nodeset = $xpath->query($query, $sinfo); + if (! ($canonNode = $nodeset->item(0))) { + $canonNode = $this->createNewSignNode('CanonicalizationMethod'); + $sinfo->insertBefore($canonNode, $sinfo->firstChild); + } + $canonNode->setAttribute('Algorithm', $this->canonicalMethod); + } + } + } + + /** + * @param DOMNode $node + * @param string $canonicalmethod + * @param null|array $arXPath + * @param null|array $prefixList + * @return string + */ + private function canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefixList=null) + { + $exclusive = false; + $withComments = false; + switch ($canonicalmethod) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + $exclusive = false; + $withComments = false; + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + $withComments = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + $exclusive = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $exclusive = true; + $withComments = true; + break; + } + + if (is_null($arXPath) && ($node instanceof DOMNode) && ($node->ownerDocument !== null) && $node->isSameNode($node->ownerDocument->documentElement)) { + /* Check for any PI or comments as they would have been excluded */ + $element = $node; + while ($refnode = $element->previousSibling) { + if ($refnode->nodeType == XML_PI_NODE || (($refnode->nodeType == XML_COMMENT_NODE) && $withComments)) { + break; + } + $element = $refnode; + } + if ($refnode == null) { + $node = $node->ownerDocument; + } + } + + return $node->C14N($exclusive, $withComments, $arXPath, $prefixList); + } + + /** + * @return null|string + */ + public function canonicalizeSignedInfo() + { + + $doc = $this->sigNode->ownerDocument; + $canonicalmethod = null; + if ($doc) { + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + if ($signInfoNode = $nodeset->item(0)) { + $query = "./secdsig:CanonicalizationMethod"; + $nodeset = $xpath->query($query, $signInfoNode); + $prefixList = null; + if ($canonNode = $nodeset->item(0)) { + $canonicalmethod = $canonNode->getAttribute('Algorithm'); + foreach ($canonNode->childNodes as $node) + { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array_filter(explode(' ', $pfx)); + if (count($arpfx) > 0) { + $prefixList = array_merge($prefixList ? $prefixList : array(), $arpfx); + } + } + } + } + } + $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod, null, $prefixList); + return $this->signedInfo; + } + } + return null; + } + + /** + * @param string $digestAlgorithm + * @param string $data + * @param bool $encode + * @return string + * @throws Exception + */ + public function calculateDigest($digestAlgorithm, $data, $encode = true) + { + switch ($digestAlgorithm) { + case self::SHA1: + $alg = 'sha1'; + break; + case self::SHA256: + $alg = 'sha256'; + break; + case self::SHA384: + $alg = 'sha384'; + break; + case self::SHA512: + $alg = 'sha512'; + break; + case self::RIPEMD160: + $alg = 'ripemd160'; + break; + default: + throw new Exception("Cannot validate digest: Unsupported Algorithm <$digestAlgorithm>"); + } + + $digest = hash($alg, $data, true); + if ($encode) { + $digest = base64_encode($digest); + } + return $digest; + + } + + /** + * @param $refNode + * @param string $data + * @return bool + */ + public function validateDigest($refNode, $data) + { + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = 'string(./secdsig:DigestMethod/@Algorithm)'; + $digestAlgorithm = $xpath->evaluate($query, $refNode); + $digValue = $this->calculateDigest($digestAlgorithm, $data, false); + $query = 'string(./secdsig:DigestValue)'; + $digestValue = $xpath->evaluate($query, $refNode); + return ($digValue === base64_decode($digestValue)); + } + + /** + * @param $refNode + * @param DOMNode $objData + * @param bool $includeCommentNodes + * @return string + */ + public function processTransforms($refNode, $objData, $includeCommentNodes = true) + { + $data = $objData; + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = './secdsig:Transforms/secdsig:Transform'; + $nodelist = $xpath->query($query, $refNode); + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + $arXPath = null; + $prefixList = null; + foreach ($nodelist AS $transform) { + $algorithm = $transform->getAttribute("Algorithm"); + switch ($algorithm) { + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + } else { + $canonicalMethod = $algorithm; + } + + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array(); + $pfxlist = explode(" ", $pfx); + foreach ($pfxlist AS $pfx) { + $val = trim($pfx); + if (! empty($val)) { + $arpfx[] = $val; + } + } + if (count($arpfx) > 0) { + $prefixList = $arpfx; + } + } + break; + } + $node = $node->nextSibling; + } + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + } else { + $canonicalMethod = $algorithm; + } + + break; + case 'http://www.w3.org/TR/1999/REC-xpath-19991116': + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'XPath') { + $arXPath = array(); + $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']'; + $arXPath['namespaces'] = array(); + $nslist = $xpath->query('./namespace::*', $node); + foreach ($nslist AS $nsnode) { + if ($nsnode->localName != "xml") { + $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue; + } + } + break; + } + $node = $node->nextSibling; + } + break; + } + } + if ($data instanceof DOMNode) { + $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList); + } + return $data; + } + + /** + * @param DOMNode $refNode + * @return bool + */ + public function processRefNode($refNode) + { + $dataObject = null; + + /* + * Depending on the URI, we may not want to include comments in the result + * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel + */ + $includeCommentNodes = true; + + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + + /* This reference identifies a node with the given id by using + * a URI on the form "#identifier". This should not include comments. + */ + $includeCommentNodes = false; + + $xPath = new DOMXPath($refNode->ownerDocument); + if ($this->idNS && is_array($this->idNS)) { + foreach ($this->idNS as $nspf => $ns) { + $xPath->registerNamespace($nspf, $ns); + } + } + $iDlist = '@Id="'.XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"'; + if (is_array($this->idKeys)) { + foreach ($this->idKeys as $idKey) { + $iDlist .= " or @".XPath::filterAttrName($idKey).'="'. + XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"'; + } + } + $query = '//*['.$iDlist.']'; + $dataObject = $xPath->query($query)->item(0); + } else { + $dataObject = $refNode->ownerDocument; + } + } + } else { + /* This reference identifies the root node with an empty URI. This should + * not include comments. + */ + $includeCommentNodes = false; + + $dataObject = $refNode->ownerDocument; + } + $data = $this->processTransforms($refNode, $dataObject, $includeCommentNodes); + if (!$this->validateDigest($refNode, $data)) { + return false; + } + + if ($dataObject instanceof DOMNode) { + /* Add this node to the list of validated nodes. */ + if (! empty($identifier)) { + $this->validatedNodes[$identifier] = $dataObject; + } else { + $this->validatedNodes[] = $dataObject; + } + } + + return true; + } + + /** + * @param DOMNode $refNode + * @return null + */ + public function getRefNodeID($refNode) + { + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + return $identifier; + } + } + } + return null; + } + + /** + * @return array + * @throws Exception + */ + public function getRefIDs() + { + $refids = array(); + + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + foreach ($nodeset AS $refNode) { + $refids[] = $this->getRefNodeID($refNode); + } + return $refids; + } + + /** + * @return bool + * @throws Exception + */ + public function validateReference() + { + $docElem = $this->sigNode->ownerDocument->documentElement; + if (! $docElem->isSameNode($this->sigNode)) { + if ($this->sigNode->parentNode != null) { + $this->sigNode->parentNode->removeChild($this->sigNode); + } + } + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + + /* Initialize/reset the list of validated nodes. */ + $this->validatedNodes = array(); + + foreach ($nodeset AS $refNode) { + if (! $this->processRefNode($refNode)) { + /* Clear the list of validated nodes. */ + $this->validatedNodes = null; + throw new Exception("Reference validation failed"); + } + } + return true; + } + + /** + * @param DOMNode $sinfoNode + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null) + { + $prefix = null; + $prefix_ns = null; + $id_name = 'Id'; + $overwrite_id = true; + $force_uri = false; + + if (is_array($options)) { + $prefix = empty($options['prefix']) ? null : $options['prefix']; + $prefix_ns = empty($options['prefix_ns']) ? null : $options['prefix_ns']; + $id_name = empty($options['id_name']) ? 'Id' : $options['id_name']; + $overwrite_id = !isset($options['overwrite']) ? true : (bool) $options['overwrite']; + $force_uri = !isset($options['force_uri']) ? false : (bool) $options['force_uri']; + } + + $attname = $id_name; + if (! empty($prefix)) { + $attname = $prefix.':'.$attname; + } + + $refNode = $this->createNewSignNode('Reference'); + $sinfoNode->appendChild($refNode); + + if (! $node instanceof DOMDocument) { + $uri = null; + if (! $overwrite_id) { + $uri = $prefix_ns ? $node->getAttributeNS($prefix_ns, $id_name) : $node->getAttribute($id_name); + } + if (empty($uri)) { + $uri = self::generateGUID(); + $node->setAttributeNS($prefix_ns, $attname, $uri); + } + $refNode->setAttribute("URI", '#'.$uri); + } elseif ($force_uri) { + $refNode->setAttribute("URI", ''); + } + + $transNodes = $this->createNewSignNode('Transforms'); + $refNode->appendChild($transNodes); + + if (is_array($arTransforms)) { + foreach ($arTransforms AS $transform) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + if (is_array($transform) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116'])) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']))) { + $transNode->setAttribute('Algorithm', 'http://www.w3.org/TR/1999/REC-xpath-19991116'); + $XPathNode = $this->createNewSignNode('XPath', $transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']); + $transNode->appendChild($XPathNode); + if (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'])) { + foreach ($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'] AS $prefix => $namespace) { + $XPathNode->setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:$prefix", $namespace); + } + } + } else { + $transNode->setAttribute('Algorithm', $transform); + } + } + } elseif (! empty($this->canonicalMethod)) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + $transNode->setAttribute('Algorithm', $this->canonicalMethod); + } + + $canonicalData = $this->processTransforms($refNode, $node); + $digValue = $this->calculateDigest($algorithm, $canonicalData); + + $digestMethod = $this->createNewSignNode('DigestMethod'); + $refNode->appendChild($digestMethod); + $digestMethod->setAttribute('Algorithm', $algorithm); + + $digestValue = $this->createNewSignNode('DigestValue', $digValue); + $refNode->appendChild($digestValue); + } + + /** + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReference($node, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + + /** + * @param array $arNodes + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReferenceList($arNodes, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + foreach ($arNodes AS $node) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + } + + /** + * @param DOMElement|string $data + * @param null|string $mimetype + * @param null|string $encoding + * @return DOMElement + */ + public function addObject($data, $mimetype=null, $encoding=null) + { + $objNode = $this->createNewSignNode('Object'); + $this->sigNode->appendChild($objNode); + if (! empty($mimetype)) { + $objNode->setAttribute('MimeType', $mimetype); + } + if (! empty($encoding)) { + $objNode->setAttribute('Encoding', $encoding); + } + + if ($data instanceof DOMElement) { + $newData = $this->sigNode->ownerDocument->importNode($data, true); + } else { + $newData = $this->sigNode->ownerDocument->createTextNode($data); + } + $objNode->appendChild($newData); + + return $objNode; + } + + /** + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->sigNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignedInfo/secdsig:SignatureMethod/@Algorithm)"; + $algorithm = $xpath->evaluate($query, $node); + if ($algorithm) { + try { + $objKey = new XMLSecurityKey($algorithm, array('type' => 'public')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * Returns: + * Bool when verifying HMAC_SHA1; + * Int otherwise, with following meanings: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the int return value, because in + * PHP, -1 will be cast to True when in boolean context. Always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param XMLSecurityKey $objKey + * @return bool|int + * @throws Exception + */ + public function verify($objKey) + { + $doc = $this->sigNode->ownerDocument; + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignatureValue)"; + $sigValue = $xpath->evaluate($query, $this->sigNode); + if (empty($sigValue)) { + throw new Exception("Unable to locate SignatureValue"); + } + return $objKey->verifySignature($this->signedInfo, base64_decode($sigValue)); + } + + /** + * @param XMLSecurityKey $objKey + * @param string $data + * @return mixed|string + */ + public function signData($objKey, $data) + { + return $objKey->signData($data); + } + + /** + * @param XMLSecurityKey $objKey + * @param null|DOMNode $appendToNode + */ + public function sign($objKey, $appendToNode = null) + { + // If we have a parent node append it now so C14N properly works + if ($appendToNode != null) { + $this->resetXPathObj(); + $this->appendSignature($appendToNode); + $this->sigNode = $appendToNode->lastChild; + } + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $query = "./secdsig:SignatureMethod"; + $nodeset = $xpath->query($query, $sInfo); + $sMethod = $nodeset->item(0); + $sMethod->setAttribute('Algorithm', $objKey->type); + $data = $this->canonicalizeData($sInfo, $this->canonicalMethod); + $sigValue = base64_encode($this->signData($objKey, $data)); + $sigValueNode = $this->createNewSignNode('SignatureValue', $sigValue); + if ($infoSibling = $sInfo->nextSibling) { + $infoSibling->parentNode->insertBefore($sigValueNode, $infoSibling); + } else { + $this->sigNode->appendChild($sigValueNode); + } + } + } + } + + public function appendCert() + { + + } + + /** + * @param XMLSecurityKey $objKey + * @param null|DOMNode $parent + */ + public function appendKey($objKey, $parent=null) + { + $objKey->serializeKey($parent); + } + + + /** + * This function inserts the signature element. + * + * The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode + * is specified, the signature element will be inserted as the last element before $beforeNode. + * + * @param DOMNode $node The node the signature element should be inserted into. + * @param DOMNode $beforeNode The node the signature element should be located before. + * + * @return DOMNode The signature element node + */ + public function insertSignature($node, $beforeNode = null) + { + + $document = $node->ownerDocument; + $signatureElement = $document->importNode($this->sigNode, true); + + if ($beforeNode == null) { + return $node->insertBefore($signatureElement); + } else { + return $node->insertBefore($signatureElement, $beforeNode); + } + } + + /** + * @param DOMNode $parentNode + * @param bool $insertBefore + * @return DOMNode + */ + public function appendSignature($parentNode, $insertBefore = false) + { + $beforeNode = $insertBefore ? $parentNode->firstChild : null; + return $this->insertSignature($parentNode, $beforeNode); + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @return string + */ + public static function get509XCert($cert, $isPEMFormat=true) + { + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + if (! empty($certs)) { + return $certs[0]; + } + return ''; + } + + /** + * @param string $certs + * @param bool $isPEMFormat + * @return array + */ + public static function staticGet509XCerts($certs, $isPEMFormat=true) + { + if ($isPEMFormat) { + $data = ''; + $certlist = array(); + $arCert = explode("\n", $certs); + $inData = false; + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + $inData = false; + $certlist[] = $data; + $data = ''; + continue; + } + $data .= trim($curData); + } + } + return $certlist; + } else { + return array($certs); + } + } + + /** + * @param DOMElement $parentRef + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|DOMXPath $xpath + * @param null|array $options + * @throws Exception + */ + public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=true, $isURL=false, $xpath=null, $options=null) + { + if ($isURL) { + $cert = file_get_contents($cert); + } + if (! $parentRef instanceof DOMElement) { + throw new Exception('Invalid parent Node parameter'); + } + $baseDoc = $parentRef->ownerDocument; + + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + $dsig_pfx = ''; + if (! $keyInfo) { + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } else { + $pfx = $keyInfo->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + } + + // Add all certs if there are more than one + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + + // Attach X509 data node + $x509DataNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Data'); + $keyInfo->appendChild($x509DataNode); + + $issuerSerial = false; + $subjectName = false; + if (is_array($options)) { + if (! empty($options['issuerSerial'])) { + $issuerSerial = true; + } + if (! empty($options['subjectName'])) { + $subjectName = true; + } + } + + // Attach all certificate nodes and any additional data + foreach ($certs as $X509Cert) { + if ($issuerSerial || $subjectName) { + if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n")) { + if ($subjectName && ! empty($certData['subject'])) { + if (is_array($certData['subject'])) { + $parts = array(); + foreach ($certData['subject'] AS $key => $value) { + if (is_array($value)) { + foreach ($value as $valueElement) { + array_unshift($parts, "$key=$valueElement"); + } + } else { + array_unshift($parts, "$key=$value"); + } + } + $subjectNameValue = implode(',', $parts); + } else { + $subjectNameValue = $certData['issuer']; + } + $x509SubjectNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SubjectName', $subjectNameValue); + $x509DataNode->appendChild($x509SubjectNode); + } + if ($issuerSerial && ! empty($certData['issuer']) && ! empty($certData['serialNumber'])) { + if (is_array($certData['issuer'])) { + $parts = array(); + foreach ($certData['issuer'] AS $key => $value) { + array_unshift($parts, "$key=$value"); + } + $issuerName = implode(',', $parts); + } else { + $issuerName = $certData['issuer']; + } + + $x509IssuerNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerSerial'); + $x509DataNode->appendChild($x509IssuerNode); + + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerName', $issuerName); + $x509IssuerNode->appendChild($x509Node); + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SerialNumber', $certData['serialNumber']); + $x509IssuerNode->appendChild($x509Node); + } + } + + } + $x509CertNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Certificate', $X509Cert); + $x509DataNode->appendChild($x509CertNode); + } + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|array $options + */ + public function add509Cert($cert, $isPEMFormat=true, $isURL=false, $options=null) + { + if ($xpath = $this->getXPathObj()) { + self::staticAdd509Cert($this->sigNode, $cert, $isPEMFormat, $isURL, $xpath, $options); + } + } + + /** + * This function appends a node to the KeyInfo. + * + * The KeyInfo element will be created if one does not exist in the document. + * + * @param DOMNode $node The node to append to the KeyInfo. + * + * @return DOMNode The KeyInfo element node + */ + public function appendToKeyInfo($node) + { + $parentRef = $this->sigNode; + $baseDoc = $parentRef->ownerDocument; + + $xpath = $this->getXPathObj(); + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + if (! $keyInfo) { + $dsig_pfx = ''; + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } + + $keyInfo->appendChild($node); + + return $keyInfo; + } + + /** + * This function retrieves an associative array of the validated nodes. + * + * The array will contain the id of the referenced node as the key and the node itself + * as the value. + * + * Returns: + * An associative array of validated nodes or null if no nodes have been validated. + * + * @return array Associative array of validated nodes + */ + public function getValidatedNodes() + { + return $this->validatedNodes; + } +} diff --git a/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php new file mode 100644 index 0000000..7eed04d --- /dev/null +++ b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php @@ -0,0 +1,813 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecurityKey +{ + const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + const AES128_GCM = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + const AES192_GCM = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + const AES256_GCM = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + const RSA_OAEP = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'; + const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'; + const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + const HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + const AUTHTAG_LENGTH = 16; + + /** @var array */ + private $cryptParams = array(); + + /** @var int|string */ + public $type = 0; + + /** @var mixed|null */ + public $key = null; + + /** @var string */ + public $passphrase = ""; + + /** @var string|null */ + public $iv = null; + + /** @var string|null */ + public $name = null; + + /** @var mixed|null */ + public $keyChain = null; + + /** @var bool */ + public $isEncrypted = false; + + /** @var XMLSecEnc|null */ + public $encryptedCtx = null; + + /** @var mixed|null */ + public $guid = null; + + /** + * This variable contains the certificate as a string if this key represents an X509-certificate. + * If this key doesn't represent a certificate, this will be null. + * @var string|null + */ + private $x509Certificate = null; + + /** + * This variable contains the certificate thumbprint if we have loaded an X509-certificate. + * @var string|null + */ + private $X509Thumbprint = null; + + /** + * @param string $type + * @param null|array $params + * @throws Exception + */ + public function __construct($type, $params=null) + { + switch ($type) { + case (self::TRIPLEDES_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'des-ede3-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 8; + break; + case (self::AES128_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + $this->cryptParams['keysize'] = 16; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES128_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + $this->cryptParams['keysize'] = 16; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::RSA_1_5): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_OAEP_MGF1P): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + $this->cryptParams['hash'] = null; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_OAEP): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'; + $this->cryptParams['hash'] = 'http://www.w3.org/2009/xmlenc11#mgf1sha1'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA1): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA256): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA256'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA384): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA384'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA512): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA512'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::HMAC_SHA1): + $this->cryptParams['library'] = $type; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + break; + default: + throw new Exception('Invalid Key Type'); + } + $this->type = $type; + } + + /** + * Retrieve the key size for the symmetric encryption algorithm.. + * + * If the key size is unknown, or this isn't a symmetric encryption algorithm, + * null is returned. + * + * @return int|null The number of bytes in the key. + */ + public function getSymmetricKeySize() + { + if (! isset($this->cryptParams['keysize'])) { + return null; + } + return $this->cryptParams['keysize']; + } + + /** + * Generates a session key using the openssl-extension. + * In case of using DES3-CBC the key is checked for a proper parity bits set. + * @return string + * @throws Exception + */ + public function generateSessionKey() + { + if (!isset($this->cryptParams['keysize'])) { + throw new Exception('Unknown key size for type "' . $this->type . '".'); + } + $keysize = $this->cryptParams['keysize']; + + $key = openssl_random_pseudo_bytes($keysize); + + if ($this->type === self::TRIPLEDES_CBC) { + /* Make sure that the generated key has the proper parity bits set. + * Mcrypt doesn't care about the parity bits, but others may care. + */ + for ($i = 0; $i < strlen($key); $i++) { + $byte = ord($key[$i]) & 0xfe; + $parity = 1; + for ($j = 1; $j < 8; $j++) { + $parity ^= ($byte >> $j) & 1; + } + $byte |= $parity; + $key[$i] = chr($byte); + } + } + + $this->key = $key; + return $key; + } + + /** + * Get the raw thumbprint of a certificate + * + * @param string $cert + * @return null|string + */ + public static function getRawThumbprint($cert) + { + + $arCert = explode("\n", $cert); + $data = ''; + $inData = false; + + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + break; + } + $data .= trim($curData); + } + } + + if (! empty($data)) { + return strtolower(sha1(base64_decode($data))); + } + + return null; + } + + /** + * Loads the given key, or - with isFile set true - the key from the keyfile. + * + * @param string $key + * @param bool $isFile + * @param bool $isCert + * @throws Exception + */ + public function loadKey($key, $isFile=false, $isCert = false) + { + if ($isFile) { + $this->key = file_get_contents($key); + } else { + $this->key = $key; + } + if ($isCert) { + $this->key = openssl_x509_read($this->key); + openssl_x509_export($this->key, $str_cert); + $this->x509Certificate = $str_cert; + $this->key = $str_cert; + } else { + $this->x509Certificate = null; + } + if ($this->cryptParams['library'] == 'openssl') { + switch ($this->cryptParams['type']) { + case 'public': + if ($isCert) { + /* Load the thumbprint if this is an X509 certificate. */ + $this->X509Thumbprint = self::getRawThumbprint($this->key); + } + $this->key = openssl_get_publickey($this->key); + if (! $this->key) { + throw new Exception('Unable to extract public key'); + } + break; + + case 'private': + $this->key = openssl_get_privatekey($this->key, $this->passphrase); + break; + + case'symmetric': + if (strlen($this->key) < $this->cryptParams['keysize']) { + throw new Exception('Key must contain at least '.$this->cryptParams['keysize'].' characters for this cipher, contains '.strlen($this->key)); + } + break; + + default: + throw new Exception('Unknown type'); + } + } + } + + /** + * ISO 10126 Padding + * + * @param string $data + * @param integer $blockSize + * @throws Exception + * @return string + */ + private function padISO10126($data, $blockSize) + { + if ($blockSize > 256) { + throw new Exception('Block size higher than 256 not allowed'); + } + $padChr = $blockSize - (strlen($data) % $blockSize); + $pattern = chr($padChr); + return $data . str_repeat($pattern, $padChr); + } + + /** + * Remove ISO 10126 Padding + * + * @param string $data + * @return string + */ + private function unpadISO10126($data) + { + $padChr = substr($data, -1); + $padLen = ord($padChr); + return substr($data, 0, -$padLen); + } + + /** + * Encrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function encryptSymmetric($data) + { + $this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cryptParams['cipher'])); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + $authTag = openssl_random_pseudo_bytes(self::AUTHTAG_LENGTH); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $data = $this->padISO10126($data, $this->cryptParams['blocksize']); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $encrypted) { + throw new Exception('Failure encrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return $this->iv . $encrypted . $authTag; + } + + /** + * Decrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function decryptSymmetric($data) + { + $iv_length = openssl_cipher_iv_length($this->cryptParams['cipher']); + $this->iv = substr($data, 0, $iv_length); + $data = substr($data, $iv_length); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + // obtain and remove the authentication tag + $offset = 0 - self::AUTHTAG_LENGTH; + $authTag = substr($data, $offset); + $data = substr($data, 0, $offset); + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $decrypted) { + throw new Exception('Failure decrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return null !== $authTag ? $decrypted : $this->unpadISO10126($decrypted); + } + + /** + * Encrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPublic($data) + { + if (! openssl_public_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl public) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPublic($data) + { + if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl public) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Encrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPrivate($data) + { + if (! openssl_private_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl private) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPrivate($data) + { + if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl private) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Signs the given data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function signOpenSSL($data) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + if (! openssl_sign($data, $signature, $this->key, $algo)) { + throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo); + } + return $signature; + } + + /** + * Verifies the given data (string) belonging to the given signature using the openssl-extension + * + * Returns: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return int + */ + private function verifyOpenSSL($data, $signature) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + return openssl_verify($data, $signature, $this->key, $algo); + } + + /** + * Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function encryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->encryptSymmetric($data); + case 'public': + return $this->encryptPublic($data); + case 'private': + return $this->encryptPrivate($data); + } + } + } + + /** + * Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function decryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->decryptSymmetric($data); + case 'public': + return $this->decryptPublic($data); + case 'private': + return $this->decryptPrivate($data); + } + } + } + + /** + * Signs the data (string) using the extension assigned to the type in the constructor. + * + * @param string $data + * @return mixed|string + */ + public function signData($data) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->signOpenSSL($data); + case (self::HMAC_SHA1): + return hash_hmac("sha1", $data, $this->key, true); + } + } + + /** + * Verifies the data (string) against the given signature using the extension assigned to the type in the constructor. + * + * Returns in case of openSSL: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return bool|int + */ + public function verifySignature($data, $signature) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->verifyOpenSSL($data, $signature); + case (self::HMAC_SHA1): + $expectedSignature = hash_hmac("sha1", $data, $this->key, true); + return strcmp($signature, $expectedSignature) == 0; + } + } + + /** + * @deprecated + * @see getAlgorithm() + * @return mixed + */ + public function getAlgorith() + { + return $this->getAlgorithm(); + } + + /** + * @return mixed + */ + public function getAlgorithm() + { + return $this->cryptParams['method']; + } + + /** + * + * @param int $type + * @param string $string + * @return null|string + */ + public static function makeAsnSegment($type, $string) + { + switch ($type) { + case 0x02: + if (ord($string) > 0x7f) + $string = chr(0).$string; + break; + case 0x03: + $string = chr(0).$string; + break; + } + + $length = strlen($string); + + if ($length < 128) { + $output = sprintf("%c%c%s", $type, $length, $string); + } else if ($length < 0x0100) { + $output = sprintf("%c%c%c%s", $type, 0x81, $length, $string); + } else if ($length < 0x010000) { + $output = sprintf("%c%c%c%c%s", $type, 0x82, $length / 0x0100, $length % 0x0100, $string); + } else { + $output = null; + } + return $output; + } + + /** + * + * Hint: Modulus and Exponent must already be base64 decoded + * @param string $modulus + * @param string $exponent + * @return string + */ + public static function convertRSA($modulus, $exponent) + { + /* make an ASN publicKeyInfo */ + $exponentEncoding = self::makeAsnSegment(0x02, $exponent); + $modulusEncoding = self::makeAsnSegment(0x02, $modulus); + $sequenceEncoding = self::makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding); + $bitstringEncoding = self::makeAsnSegment(0x03, $sequenceEncoding); + $rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500"); + $publicKeyInfo = self::makeAsnSegment(0x30, $rsaAlgorithmIdentifier.$bitstringEncoding); + + /* encode the publicKeyInfo in base64 and add PEM brackets */ + $publicKeyInfoBase64 = base64_encode($publicKeyInfo); + $encoding = "-----BEGIN PUBLIC KEY-----\n"; + $offset = 0; + while ($segment = substr($publicKeyInfoBase64, $offset, 64)) { + $encoding = $encoding.$segment."\n"; + $offset += 64; + } + return $encoding."-----END PUBLIC KEY-----\n"; + } + + /** + * @param mixed $parent + */ + public function serializeKey($parent) + { + + } + + /** + * Retrieve the X509 certificate this key represents. + * + * Will return the X509 certificate in PEM-format if this key represents + * an X509 certificate. + * + * @return string The X509 certificate or null if this key doesn't represent an X509-certificate. + */ + public function getX509Certificate() + { + return $this->x509Certificate; + } + + /** + * Get the thumbprint of this X509 certificate. + * + * Returns: + * The thumbprint as a lowercase 40-character hexadecimal number, or null + * if this isn't a X509 certificate. + * + * @return string Lowercase 40-character hexadecimal number of thumbprint + */ + public function getX509Thumbprint() + { + return $this->X509Thumbprint; + } + + + /** + * Create key from an EncryptedKey-element. + * + * @param DOMElement $element The EncryptedKey-element. + * @throws Exception + * + * @return XMLSecurityKey The new key. + */ + public static function fromEncryptedKeyElement(DOMElement $element) + { + + $objenc = new XMLSecEnc(); + $objenc->setNode($element); + if (! $objKey = $objenc->locateKey()) { + throw new Exception("Unable to locate algorithm for this Encrypted Key"); + } + $objKey->isEncrypted = true; + $objKey->encryptedCtx = $objenc; + XMLSecEnc::staticLocateKeyInfo($objKey, $element); + return $objKey; + } + +} diff --git a/qa-tool/htdocs/vendor/robrichards/xmlseclibs/xmlseclibs.php b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/xmlseclibs.php new file mode 100644 index 0000000..1c10acc --- /dev/null +++ b/qa-tool/htdocs/vendor/robrichards/xmlseclibs/xmlseclibs.php @@ -0,0 +1,47 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + * @version 3.1.1 + */ + +$xmlseclibs_srcdir = dirname(__FILE__) . '/src/'; +require $xmlseclibs_srcdir . '/XMLSecurityKey.php'; +require $xmlseclibs_srcdir . '/XMLSecurityDSig.php'; +require $xmlseclibs_srcdir . '/XMLSecEnc.php'; +require $xmlseclibs_srcdir . '/Utils/XPath.php'; diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/AcceptHeader.php b/qa-tool/htdocs/vendor/symfony/http-foundation/AcceptHeader.php new file mode 100644 index 0000000..853c000 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/AcceptHeader.php @@ -0,0 +1,150 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +// Help opcache.preload discover always-needed symbols +class_exists(AcceptHeaderItem::class); + +/** + * Represents an Accept-* header. + * + * An accept header is compound with a list of items, + * sorted by descending quality. + * + * @author Jean-François Simon + */ +class AcceptHeader +{ + /** + * @var AcceptHeaderItem[] + */ + private array $items = []; + + private bool $sorted = true; + + /** + * @param AcceptHeaderItem[] $items + */ + public function __construct(array $items) + { + foreach ($items as $item) { + $this->add($item); + } + } + + /** + * Builds an AcceptHeader instance from a string. + */ + public static function fromString(?string $headerValue): self + { + $parts = HeaderUtils::split($headerValue ?? '', ',;='); + + return new self(array_map(function ($subParts) { + static $index = 0; + $part = array_shift($subParts); + $attributes = HeaderUtils::combine($subParts); + + $item = new AcceptHeaderItem($part[0], $attributes); + $item->setIndex($index++); + + return $item; + }, $parts)); + } + + /** + * Returns header value's string representation. + */ + public function __toString(): string + { + return implode(',', $this->items); + } + + /** + * Tests if header has given value. + */ + public function has(string $value): bool + { + return isset($this->items[$value]); + } + + /** + * Returns given value's item, if exists. + */ + public function get(string $value): ?AcceptHeaderItem + { + return $this->items[$value] ?? $this->items[explode('/', $value)[0].'/*'] ?? $this->items['*/*'] ?? $this->items['*'] ?? null; + } + + /** + * Adds an item. + * + * @return $this + */ + public function add(AcceptHeaderItem $item): static + { + $this->items[$item->getValue()] = $item; + $this->sorted = false; + + return $this; + } + + /** + * Returns all items. + * + * @return AcceptHeaderItem[] + */ + public function all(): array + { + $this->sort(); + + return $this->items; + } + + /** + * Filters items on their value using given regex. + */ + public function filter(string $pattern): self + { + return new self(array_filter($this->items, fn (AcceptHeaderItem $item) => preg_match($pattern, $item->getValue()))); + } + + /** + * Returns first item. + */ + public function first(): ?AcceptHeaderItem + { + $this->sort(); + + return $this->items ? reset($this->items) : null; + } + + /** + * Sorts items by descending quality. + */ + private function sort(): void + { + if (!$this->sorted) { + uasort($this->items, function (AcceptHeaderItem $a, AcceptHeaderItem $b) { + $qA = $a->getQuality(); + $qB = $b->getQuality(); + + if ($qA === $qB) { + return $a->getIndex() > $b->getIndex() ? 1 : -1; + } + + return $qA > $qB ? -1 : 1; + }); + + $this->sorted = true; + } + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/AcceptHeaderItem.php b/qa-tool/htdocs/vendor/symfony/http-foundation/AcceptHeaderItem.php new file mode 100644 index 0000000..35ecd4e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/AcceptHeaderItem.php @@ -0,0 +1,159 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * Represents an Accept-* header item. + * + * @author Jean-François Simon + */ +class AcceptHeaderItem +{ + private string $value; + private float $quality = 1.0; + private int $index = 0; + private array $attributes = []; + + public function __construct(string $value, array $attributes = []) + { + $this->value = $value; + foreach ($attributes as $name => $value) { + $this->setAttribute($name, $value); + } + } + + /** + * Builds an AcceptHeaderInstance instance from a string. + */ + public static function fromString(?string $itemValue): self + { + $parts = HeaderUtils::split($itemValue ?? '', ';='); + + $part = array_shift($parts); + $attributes = HeaderUtils::combine($parts); + + return new self($part[0], $attributes); + } + + /** + * Returns header value's string representation. + */ + public function __toString(): string + { + $string = $this->value.($this->quality < 1 ? ';q='.$this->quality : ''); + if (\count($this->attributes) > 0) { + $string .= '; '.HeaderUtils::toString($this->attributes, ';'); + } + + return $string; + } + + /** + * Set the item value. + * + * @return $this + */ + public function setValue(string $value): static + { + $this->value = $value; + + return $this; + } + + /** + * Returns the item value. + */ + public function getValue(): string + { + return $this->value; + } + + /** + * Set the item quality. + * + * @return $this + */ + public function setQuality(float $quality): static + { + $this->quality = $quality; + + return $this; + } + + /** + * Returns the item quality. + */ + public function getQuality(): float + { + return $this->quality; + } + + /** + * Set the item index. + * + * @return $this + */ + public function setIndex(int $index): static + { + $this->index = $index; + + return $this; + } + + /** + * Returns the item index. + */ + public function getIndex(): int + { + return $this->index; + } + + /** + * Tests if an attribute exists. + */ + public function hasAttribute(string $name): bool + { + return isset($this->attributes[$name]); + } + + /** + * Returns an attribute by its name. + */ + public function getAttribute(string $name, mixed $default = null): mixed + { + return $this->attributes[$name] ?? $default; + } + + /** + * Returns all attributes. + */ + public function getAttributes(): array + { + return $this->attributes; + } + + /** + * Set an attribute. + * + * @return $this + */ + public function setAttribute(string $name, string $value): static + { + if ('q' === $name) { + $this->quality = (float) $value; + } else { + $this->attributes[$name] = $value; + } + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/BinaryFileResponse.php b/qa-tool/htdocs/vendor/symfony/http-foundation/BinaryFileResponse.php new file mode 100644 index 0000000..e49b1c9 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/BinaryFileResponse.php @@ -0,0 +1,385 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\HttpFoundation\File\Exception\FileException; +use Symfony\Component\HttpFoundation\File\File; + +/** + * BinaryFileResponse represents an HTTP response delivering a file. + * + * @author Niklas Fiekas + * @author stealth35 + * @author Igor Wiedler + * @author Jordan Alliot + * @author Sergey Linnik + */ +class BinaryFileResponse extends Response +{ + protected static bool $trustXSendfileTypeHeader = false; + + protected File $file; + protected ?\SplTempFileObject $tempFileObject = null; + protected int $offset = 0; + protected int $maxlen = -1; + protected bool $deleteFileAfterSend = false; + protected int $chunkSize = 16 * 1024; + + /** + * @param \SplFileInfo|string $file The file to stream + * @param int $status The response status code (200 "OK" by default) + * @param array $headers An array of response headers + * @param bool $public Files are public by default + * @param string|null $contentDisposition The type of Content-Disposition to set automatically with the filename + * @param bool $autoEtag Whether the ETag header should be automatically set + * @param bool $autoLastModified Whether the Last-Modified header should be automatically set + */ + public function __construct(\SplFileInfo|string $file, int $status = 200, array $headers = [], bool $public = true, ?string $contentDisposition = null, bool $autoEtag = false, bool $autoLastModified = true) + { + parent::__construct(null, $status, $headers); + + $this->setFile($file, $contentDisposition, $autoEtag, $autoLastModified); + + if ($public) { + $this->setPublic(); + } + } + + /** + * Sets the file to stream. + * + * @return $this + * + * @throws FileException + */ + public function setFile(\SplFileInfo|string $file, ?string $contentDisposition = null, bool $autoEtag = false, bool $autoLastModified = true): static + { + $isTemporaryFile = $file instanceof \SplTempFileObject; + $this->tempFileObject = $isTemporaryFile ? $file : null; + + if (!$file instanceof File) { + if ($file instanceof \SplFileInfo) { + $file = new File($file->getPathname(), !$isTemporaryFile); + } else { + $file = new File((string) $file); + } + } + + if (!$file->isReadable() && !$isTemporaryFile) { + throw new FileException('File must be readable.'); + } + + $this->file = $file; + + if ($autoEtag) { + $this->setAutoEtag(); + } + + if ($autoLastModified && !$isTemporaryFile) { + $this->setAutoLastModified(); + } + + if ($contentDisposition) { + $this->setContentDisposition($contentDisposition); + } + + return $this; + } + + /** + * Gets the file. + */ + public function getFile(): File + { + return $this->file; + } + + /** + * Sets the response stream chunk size. + * + * @return $this + */ + public function setChunkSize(int $chunkSize): static + { + if ($chunkSize < 1 || $chunkSize > \PHP_INT_MAX) { + throw new \LogicException('The chunk size of a BinaryFileResponse cannot be less than 1 or greater than PHP_INT_MAX.'); + } + + $this->chunkSize = $chunkSize; + + return $this; + } + + /** + * Automatically sets the Last-Modified header according the file modification date. + * + * @return $this + */ + public function setAutoLastModified(): static + { + $this->setLastModified(\DateTimeImmutable::createFromFormat('U', $this->file->getMTime())); + + return $this; + } + + /** + * Automatically sets the ETag header according to the checksum of the file. + * + * @return $this + */ + public function setAutoEtag(): static + { + $this->setEtag(base64_encode(hash_file('xxh128', $this->file->getPathname(), true))); + + return $this; + } + + /** + * Sets the Content-Disposition header with the given filename. + * + * @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT + * @param string $filename Optionally use this UTF-8 encoded filename instead of the real name of the file + * @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename + * + * @return $this + */ + public function setContentDisposition(string $disposition, string $filename = '', string $filenameFallback = ''): static + { + if ('' === $filename) { + $filename = $this->file->getFilename(); + } + + if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || str_contains($filename, '%'))) { + $encoding = mb_detect_encoding($filename, null, true) ?: '8bit'; + + for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) { + $char = mb_substr($filename, $i, 1, $encoding); + + if ('%' === $char || \ord($char) < 32 || \ord($char) > 126) { + $filenameFallback .= '_'; + } else { + $filenameFallback .= $char; + } + } + } + + $dispositionHeader = $this->headers->makeDisposition($disposition, $filename, $filenameFallback); + $this->headers->set('Content-Disposition', $dispositionHeader); + + return $this; + } + + public function prepare(Request $request): static + { + if ($this->isInformational() || $this->isEmpty()) { + parent::prepare($request); + + $this->maxlen = 0; + + return $this; + } + + if (!$this->headers->has('Content-Type')) { + $this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream'); + } + + parent::prepare($request); + + $this->offset = 0; + $this->maxlen = -1; + + if (false === $fileSize = $this->file->getSize()) { + return $this; + } + $this->headers->remove('Transfer-Encoding'); + $this->headers->set('Content-Length', $fileSize); + + if (!$this->headers->has('Accept-Ranges')) { + // Only accept ranges on safe HTTP methods + $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none'); + } + + if (self::$trustXSendfileTypeHeader && $request->headers->has('X-Sendfile-Type')) { + // Use X-Sendfile, do not send any content. + $type = $request->headers->get('X-Sendfile-Type'); + $path = $this->file->getRealPath(); + // Fall back to scheme://path for stream wrapped locations. + if (false === $path) { + $path = $this->file->getPathname(); + } + if ('x-accel-redirect' === strtolower($type)) { + // Do X-Accel-Mapping substitutions. + // @link https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/#x-accel-redirect + $parts = HeaderUtils::split($request->headers->get('X-Accel-Mapping', ''), ',='); + foreach ($parts as $part) { + [$pathPrefix, $location] = $part; + if (str_starts_with($path, $pathPrefix)) { + $path = $location.substr($path, \strlen($pathPrefix)); + // Only set X-Accel-Redirect header if a valid URI can be produced + // as nginx does not serve arbitrary file paths. + $this->headers->set($type, $path); + $this->maxlen = 0; + break; + } + } + } else { + $this->headers->set($type, $path); + $this->maxlen = 0; + } + } elseif ($request->headers->has('Range') && $request->isMethod('GET')) { + // Process the range headers. + if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) { + $range = $request->headers->get('Range'); + + if (str_starts_with($range, 'bytes=')) { + [$start, $end] = explode('-', substr($range, 6), 2) + [1 => 0]; + + $end = ('' === $end) ? $fileSize - 1 : (int) $end; + + if ('' === $start) { + $start = $fileSize - $end; + $end = $fileSize - 1; + } else { + $start = (int) $start; + } + + if ($start <= $end) { + $end = min($end, $fileSize - 1); + if ($start < 0 || $start > $end) { + $this->setStatusCode(416); + $this->headers->set('Content-Range', sprintf('bytes */%s', $fileSize)); + } elseif ($end - $start < $fileSize - 1) { + $this->maxlen = $end < $fileSize ? $end - $start + 1 : -1; + $this->offset = $start; + + $this->setStatusCode(206); + $this->headers->set('Content-Range', sprintf('bytes %s-%s/%s', $start, $end, $fileSize)); + $this->headers->set('Content-Length', $end - $start + 1); + } + } + } + } + } + + if ($request->isMethod('HEAD')) { + $this->maxlen = 0; + } + + return $this; + } + + private function hasValidIfRangeHeader(?string $header): bool + { + if ($this->getEtag() === $header) { + return true; + } + + if (null === $lastModified = $this->getLastModified()) { + return false; + } + + return $lastModified->format('D, d M Y H:i:s').' GMT' === $header; + } + + public function sendContent(): static + { + try { + if (!$this->isSuccessful()) { + return $this; + } + + if (0 === $this->maxlen) { + return $this; + } + + $out = fopen('php://output', 'w'); + + if ($this->tempFileObject) { + $file = $this->tempFileObject; + $file->rewind(); + } else { + $file = new \SplFileObject($this->file->getPathname(), 'r'); + } + + ignore_user_abort(true); + + if (0 !== $this->offset) { + $file->fseek($this->offset); + } + + $length = $this->maxlen; + while ($length && !$file->eof()) { + $read = $length > $this->chunkSize || 0 > $length ? $this->chunkSize : $length; + + if (false === $data = $file->fread($read)) { + break; + } + while ('' !== $data) { + $read = fwrite($out, $data); + if (false === $read || connection_aborted()) { + break 2; + } + if (0 < $length) { + $length -= $read; + } + $data = substr($data, $read); + } + } + + fclose($out); + } finally { + if (null === $this->tempFileObject && $this->deleteFileAfterSend && is_file($this->file->getPathname())) { + unlink($this->file->getPathname()); + } + } + + return $this; + } + + /** + * @throws \LogicException when the content is not null + */ + public function setContent(?string $content): static + { + if (null !== $content) { + throw new \LogicException('The content cannot be set on a BinaryFileResponse instance.'); + } + + return $this; + } + + public function getContent(): string|false + { + return false; + } + + /** + * Trust X-Sendfile-Type header. + */ + public static function trustXSendfileTypeHeader(): void + { + self::$trustXSendfileTypeHeader = true; + } + + /** + * If this is set to true, the file will be unlinked after the request is sent + * Note: If the X-Sendfile header is used, the deleteFileAfterSend setting will not be used. + * + * @return $this + */ + public function deleteFileAfterSend(bool $shouldDelete = true): static + { + $this->deleteFileAfterSend = $shouldDelete; + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/CHANGELOG.md b/qa-tool/htdocs/vendor/symfony/http-foundation/CHANGELOG.md new file mode 100644 index 0000000..0034705 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/CHANGELOG.md @@ -0,0 +1,378 @@ +CHANGELOG +========= + +7.1 +--- + + * Add optional `$expirationParameter` argument to `UriSigner::__construct()` + * Add optional `$expiration` argument to `UriSigner::sign()` + * Rename `$parameter` argument of `UriSigner::__construct()` to `$hashParameter` + * Add `UploadedFile::getClientOriginalPath()` + * Add `QueryParameterRequestMatcher` + * Add `HeaderRequestMatcher` + * Add support for `\SplTempFileObject` in `BinaryFileResponse` + * Add `verbose` argument to response test constraints + +7.0 +--- + + * Calling `ParameterBag::filter()` throws an `UnexpectedValueException` on invalid value, unless flag `FILTER_NULL_ON_FAILURE` is set + * Calling `ParameterBag::getInt()` and `ParameterBag::getBool()` throws an `UnexpectedValueException` on invalid value + * Remove classes `RequestMatcher` and `ExpressionRequestMatcher` + * Remove `Request::getContentType()`, use `Request::getContentTypeFormat()` instead + * Throw an `InvalidArgumentException` when calling `Request::create()` with a malformed URI + * Require explicit argument when calling `JsonResponse::setCallback()`, `Response::setExpires/setLastModified/setEtag()`, `MockArraySessionStorage/NativeSessionStorage::setMetadataBag()`, `NativeSessionStorage::setSaveHandler()` + * Add argument `$statusCode` to `Response::sendHeaders()` and `StreamedResponse::sendHeaders()` + +6.4 +--- + + * Make `HeaderBag::getDate()`, `Response::getDate()`, `getExpires()` and `getLastModified()` return a `DateTimeImmutable` + * Support root-level `Generator` in `StreamedJsonResponse` + * Add `UriSigner` from the HttpKernel component + * Add `partitioned` flag to `Cookie` (CHIPS Cookie) + * Add argument `bool $flush = true` to `Response::send()` +* Make `MongoDbSessionHandler` instantiable with the mongodb extension directly + +6.3 +--- + + * Calling `ParameterBag::getDigit()`, `getAlnum()`, `getAlpha()` on an `array` throws a `UnexpectedValueException` instead of a `TypeError` + * Add `ParameterBag::getString()` to convert a parameter into string and throw an exception if the value is invalid + * Add `ParameterBag::getEnum()` + * Create migration for session table when pdo handler is used + * Add support for Relay PHP extension for Redis + * The `Response::sendHeaders()` method now takes an optional HTTP status code as parameter, allowing to send informational responses such as Early Hints responses (103 status code) + * Add `IpUtils::isPrivateIp()` + * Add `Request::getPayload(): InputBag` + * Deprecate conversion of invalid values in `ParameterBag::getInt()` and `ParameterBag::getBoolean()`, + * Deprecate ignoring invalid values when using `ParameterBag::filter()`, unless flag `FILTER_NULL_ON_FAILURE` is set + +6.2 +--- + + * Add `StreamedJsonResponse` class for efficient JSON streaming + * The HTTP cache store uses the `xxh128` algorithm + * Deprecate calling `JsonResponse::setCallback()`, `Response::setExpires/setLastModified/setEtag()`, `MockArraySessionStorage/NativeSessionStorage::setMetadataBag()`, `NativeSessionStorage::setSaveHandler()` without arguments + * Add request matchers under the `Symfony\Component\HttpFoundation\RequestMatcher` namespace + * Deprecate `RequestMatcher` in favor of `ChainRequestMatcher` + * Deprecate `Symfony\Component\HttpFoundation\ExpressionRequestMatcher` in favor of `Symfony\Component\HttpFoundation\RequestMatcher\ExpressionRequestMatcher` + +6.1 +--- + + * Add stale while revalidate and stale if error cache header + * Allow dynamic session "ttl" when using a remote storage + * Deprecate `Request::getContentType()`, use `Request::getContentTypeFormat()` instead + +6.0 +--- + + * Remove the `NamespacedAttributeBag` class + * Removed `Response::create()`, `JsonResponse::create()`, + `RedirectResponse::create()`, `StreamedResponse::create()` and + `BinaryFileResponse::create()` methods (use `__construct()` instead) + * Not passing a `Closure` together with `FILTER_CALLBACK` to `ParameterBag::filter()` throws an `\InvalidArgumentException`; wrap your filter in a closure instead + * Not passing a `Closure` together with `FILTER_CALLBACK` to `InputBag::filter()` throws an `\InvalidArgumentException`; wrap your filter in a closure instead + * Removed the `Request::HEADER_X_FORWARDED_ALL` constant, use either `Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO` or `Request::HEADER_X_FORWARDED_AWS_ELB` or `Request::HEADER_X_FORWARDED_TRAEFIK`constants instead + * Rename `RequestStack::getMasterRequest()` to `getMainRequest()` + * Not passing `FILTER_REQUIRE_ARRAY` or `FILTER_FORCE_ARRAY` flags to `InputBag::filter()` when filtering an array will throw `BadRequestException` + * Removed the `Request::HEADER_X_FORWARDED_ALL` constant + * Retrieving non-scalar values using `InputBag::get()` will throw `BadRequestException` (use `InputBad::all()` instead to retrieve an array) + * Passing non-scalar default value as the second argument `InputBag::get()` will throw `\InvalidArgumentException` + * Passing non-scalar, non-array value as the second argument `InputBag::set()` will throw `\InvalidArgumentException` + * Passing `null` as `$requestIp` to `IpUtils::__checkIp()`, `IpUtils::__checkIp4()` or `IpUtils::__checkIp6()` is not supported anymore. + +5.4 +--- + + * Deprecate passing `null` as `$requestIp` to `IpUtils::__checkIp()`, `IpUtils::__checkIp4()` or `IpUtils::__checkIp6()`, pass an empty string instead. + * Add the `litespeed_finish_request` method to work with Litespeed + * Deprecate `upload_progress.*` and `url_rewriter.tags` session options + * Allow setting session options via DSN + +5.3 +--- + + * Add the `SessionFactory`, `NativeSessionStorageFactory`, `PhpBridgeSessionStorageFactory` and `MockFileSessionStorageFactory` classes + * Calling `Request::getSession()` when there is no available session throws a `SessionNotFoundException` + * Add the `RequestStack::getSession` method + * Deprecate the `NamespacedAttributeBag` class + * Add `ResponseFormatSame` PHPUnit constraint + * Deprecate the `RequestStack::getMasterRequest()` method and add `getMainRequest()` as replacement + +5.2.0 +----- + + * added support for `X-Forwarded-Prefix` header + * added `HeaderUtils::parseQuery()`: it does the same as `parse_str()` but preserves dots in variable names + * added `File::getContent()` + * added ability to use comma separated ip addresses for `RequestMatcher::matchIps()` + * added `Request::toArray()` to parse a JSON request body to an array + * added `RateLimiter\RequestRateLimiterInterface` and `RateLimiter\AbstractRequestRateLimiter` + * deprecated not passing a `Closure` together with `FILTER_CALLBACK` to `ParameterBag::filter()`; wrap your filter in a closure instead. + * Deprecated the `Request::HEADER_X_FORWARDED_ALL` constant, use either `HEADER_X_FORWARDED_FOR | HEADER_X_FORWARDED_HOST | HEADER_X_FORWARDED_PORT | HEADER_X_FORWARDED_PROTO` or `HEADER_X_FORWARDED_AWS_ELB` or `HEADER_X_FORWARDED_TRAEFIK` constants instead. + * Deprecated `BinaryFileResponse::create()`, use `__construct()` instead + +5.1.0 +----- + + * added `Cookie::withValue`, `Cookie::withDomain`, `Cookie::withExpires`, + `Cookie::withPath`, `Cookie::withSecure`, `Cookie::withHttpOnly`, + `Cookie::withRaw`, `Cookie::withSameSite` + * Deprecate `Response::create()`, `JsonResponse::create()`, + `RedirectResponse::create()`, and `StreamedResponse::create()` methods (use + `__construct()` instead) + * added `Request::preferSafeContent()` and `Response::setContentSafe()` to handle "safe" HTTP preference + according to [RFC 8674](https://tools.ietf.org/html/rfc8674) + * made the Mime component an optional dependency + * added `MarshallingSessionHandler`, `IdentityMarshaller` + * made `Session` accept a callback to report when the session is being used + * Add support for all core cache control directives + * Added `Symfony\Component\HttpFoundation\InputBag` + * Deprecated retrieving non-string values using `InputBag::get()`, use `InputBag::all()` if you need access to the collection of values + +5.0.0 +----- + + * made `Cookie` auto-secure and lax by default + * removed classes in the `MimeType` namespace, use the Symfony Mime component instead + * removed method `UploadedFile::getClientSize()` and the related constructor argument + * made `Request::getSession()` throw if the session has not been set before + * removed `Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL` + * passing a null url when instantiating a `RedirectResponse` is not allowed + +4.4.0 +----- + + * passing arguments to `Request::isMethodSafe()` is deprecated. + * `ApacheRequest` is deprecated, use the `Request` class instead. + * passing a third argument to `HeaderBag::get()` is deprecated, use method `all()` instead + * [BC BREAK] `PdoSessionHandler` with MySQL changed the type of the lifetime column, + make sure to run `ALTER TABLE sessions MODIFY sess_lifetime INTEGER UNSIGNED NOT NULL` to + update your database. + * `PdoSessionHandler` now precalculates the expiry timestamp in the lifetime column, + make sure to run `CREATE INDEX expiry ON sessions (sess_lifetime)` to update your database + to speed up garbage collection of expired sessions. + * added `SessionHandlerFactory` to create session handlers with a DSN + * added `IpUtils::anonymize()` to help with GDPR compliance. + +4.3.0 +----- + + * added PHPUnit constraints: `RequestAttributeValueSame`, `ResponseCookieValueSame`, `ResponseHasCookie`, + `ResponseHasHeader`, `ResponseHeaderSame`, `ResponseIsRedirected`, `ResponseIsSuccessful`, and `ResponseStatusCodeSame` + * deprecated `MimeTypeGuesserInterface` and `ExtensionGuesserInterface` in favor of `Symfony\Component\Mime\MimeTypesInterface`. + * deprecated `MimeType` and `MimeTypeExtensionGuesser` in favor of `Symfony\Component\Mime\MimeTypes`. + * deprecated `FileBinaryMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileBinaryMimeTypeGuesser`. + * deprecated `FileinfoMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileinfoMimeTypeGuesser`. + * added `UrlHelper` that allows to get an absolute URL and a relative path for a given path + +4.2.0 +----- + + * the default value of the "$secure" and "$samesite" arguments of Cookie's constructor + will respectively change from "false" to "null" and from "null" to "lax" in Symfony + 5.0, you should define their values explicitly or use "Cookie::create()" instead. + * added `matchPort()` in RequestMatcher + +4.1.3 +----- + + * [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL` + HTTP headers has been dropped for security reasons. + +4.1.0 +----- + + * Query string normalization uses `parse_str()` instead of custom parsing logic. + * Passing the file size to the constructor of the `UploadedFile` class is deprecated. + * The `getClientSize()` method of the `UploadedFile` class is deprecated. Use `getSize()` instead. + * added `RedisSessionHandler` to use Redis as a session storage + * The `get()` method of the `AcceptHeader` class now takes into account the + `*` and `*/*` default values (if they are present in the Accept HTTP header) + when looking for items. + * deprecated `Request::getSession()` when no session has been set. Use `Request::hasSession()` instead. + * added `CannotWriteFileException`, `ExtensionFileException`, `FormSizeFileException`, + `IniSizeFileException`, `NoFileException`, `NoTmpDirFileException`, `PartialFileException` to + handle failed `UploadedFile`. + * added `MigratingSessionHandler` for migrating between two session handlers without losing sessions + * added `HeaderUtils`. + +4.0.0 +----- + + * the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` + methods have been removed + * the `Request::HEADER_CLIENT_IP` constant has been removed, use + `Request::HEADER_X_FORWARDED_FOR` instead + * the `Request::HEADER_CLIENT_HOST` constant has been removed, use + `Request::HEADER_X_FORWARDED_HOST` instead + * the `Request::HEADER_CLIENT_PROTO` constant has been removed, use + `Request::HEADER_X_FORWARDED_PROTO` instead + * the `Request::HEADER_CLIENT_PORT` constant has been removed, use + `Request::HEADER_X_FORWARDED_PORT` instead + * checking for cacheable HTTP methods using the `Request::isMethodSafe()` + method (by not passing `false` as its argument) is not supported anymore and + throws a `\BadMethodCallException` + * the `WriteCheckSessionHandler`, `NativeSessionHandler` and `NativeProxy` classes have been removed + * setting session save handlers that do not implement `\SessionHandlerInterface` in + `NativeSessionStorage::setSaveHandler()` is not supported anymore and throws a + `\TypeError` + +3.4.0 +----- + + * implemented PHP 7.0's `SessionUpdateTimestampHandlerInterface` with a new + `AbstractSessionHandler` base class and a new `StrictSessionHandler` wrapper + * deprecated the `WriteCheckSessionHandler`, `NativeSessionHandler` and `NativeProxy` classes + * deprecated setting session save handlers that do not implement `\SessionHandlerInterface` in `NativeSessionStorage::setSaveHandler()` + * deprecated using `MongoDbSessionHandler` with the legacy mongo extension; use it with the mongodb/mongodb package and ext-mongodb instead + * deprecated `MemcacheSessionHandler`; use `MemcachedSessionHandler` instead + +3.3.0 +----- + + * the `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument, + see https://symfony.com/doc/current/deployment/proxies.html for more info, + * deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods, + * added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown, + disabling `Range` and `Content-Length` handling, switching to chunked encoding instead + * added the `Cookie::fromString()` method that allows to create a cookie from a + raw header string + +3.1.0 +----- + + * Added support for creating `JsonResponse` with a string of JSON data + +3.0.0 +----- + + * The precedence of parameters returned from `Request::get()` changed from "GET, PATH, BODY" to "PATH, GET, BODY" + +2.8.0 +----- + + * Finding deep items in `ParameterBag::get()` is deprecated since version 2.8 and + will be removed in 3.0. + +2.6.0 +----- + + * PdoSessionHandler changes + - implemented different session locking strategies to prevent loss of data by concurrent access to the same session + - [BC BREAK] save session data in a binary column without base64_encode + - [BC BREAK] added lifetime column to the session table which allows to have different lifetimes for each session + - implemented lazy connections that are only opened when a session is used by either passing a dsn string + explicitly or falling back to session.save_path ini setting + - added a createTable method that initializes a correctly defined table depending on the database vendor + +2.5.0 +----- + + * added `JsonResponse::setEncodingOptions()` & `JsonResponse::getEncodingOptions()` for easier manipulation + of the options used while encoding data to JSON format. + +2.4.0 +----- + + * added RequestStack + * added Request::getEncodings() + * added accessors methods to session handlers + +2.3.0 +----- + + * added support for ranges of IPs in trusted proxies + * `UploadedFile::isValid` now returns false if the file was not uploaded via HTTP (in a non-test mode) + * Improved error-handling of `\Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler` + to ensure the supplied PDO handler throws Exceptions on error (as the class expects). Added related test cases + to verify that Exceptions are properly thrown when the PDO queries fail. + +2.2.0 +----- + + * fixed the Request::create() precedence (URI information always take precedence now) + * added Request::getTrustedProxies() + * deprecated Request::isProxyTrusted() + * [BC BREAK] JsonResponse does not turn a top level empty array to an object anymore, use an ArrayObject to enforce objects + * added a IpUtils class to check if an IP belongs to a CIDR + * added Request::getRealMethod() to get the "real" HTTP method (getMethod() returns the "intended" HTTP method) + * disabled _method request parameter support by default (call Request::enableHttpMethodParameterOverride() to + enable it, and Request::getHttpMethodParameterOverride() to check if it is supported) + * Request::splitHttpAcceptHeader() method is deprecated and will be removed in 2.3 + * Deprecated Flashbag::count() and \Countable interface, will be removed in 2.3 + +2.1.0 +----- + + * added Request::getSchemeAndHttpHost() and Request::getUserInfo() + * added a fluent interface to the Response class + * added Request::isProxyTrusted() + * added JsonResponse + * added a getTargetUrl method to RedirectResponse + * added support for streamed responses + * made Response::prepare() method the place to enforce HTTP specification + * [BC BREAK] moved management of the locale from the Session class to the Request class + * added a generic access to the PHP built-in filter mechanism: ParameterBag::filter() + * made FileBinaryMimeTypeGuesser command configurable + * added Request::getUser() and Request::getPassword() + * added support for the PATCH method in Request + * removed the ContentTypeMimeTypeGuesser class as it is deprecated and never used on PHP 5.3 + * added ResponseHeaderBag::makeDisposition() (implements RFC 6266) + * made mimetype to extension conversion configurable + * [BC BREAK] Moved all session related classes and interfaces into own namespace, as + `Symfony\Component\HttpFoundation\Session` and renamed classes accordingly. + Session handlers are located in the subnamespace `Symfony\Component\HttpFoundation\Session\Handler`. + * SessionHandlers must implement `\SessionHandlerInterface` or extend from the + `Symfony\Component\HttpFoundation\Storage\Handler\NativeSessionHandler` base class. + * Added internal storage driver proxy mechanism for forward compatibility with + PHP 5.4 `\SessionHandler` class. + * Added session handlers for custom Memcache, Memcached and Null session save handlers. + * [BC BREAK] Removed `NativeSessionStorage` and replaced with `NativeFileSessionHandler`. + * [BC BREAK] `SessionStorageInterface` methods removed: `write()`, `read()` and + `remove()`. Added `getBag()`, `registerBag()`. The `NativeSessionStorage` class + is a mediator for the session storage internals including the session handlers + which do the real work of participating in the internal PHP session workflow. + * [BC BREAK] Introduced mock implementations of `SessionStorage` to enable unit + and functional testing without starting real PHP sessions. Removed + `ArraySessionStorage`, and replaced with `MockArraySessionStorage` for unit + tests; removed `FilesystemSessionStorage`, and replaced with`MockFileSessionStorage` + for functional tests. These do not interact with global session ini + configuration values, session functions or `$_SESSION` superglobal. This means + they can be configured directly allowing multiple instances to work without + conflicting in the same PHP process. + * [BC BREAK] Removed the `close()` method from the `Session` class, as this is + now redundant. + * Deprecated the following methods from the Session class: `setFlash()`, `setFlashes()` + `getFlash()`, `hasFlash()`, and `removeFlash()`. Use `getFlashBag()` instead + which returns a `FlashBagInterface`. + * `Session->clear()` now only clears session attributes as before it cleared + flash messages and attributes. `Session->getFlashBag()->all()` clears flashes now. + * Session data is now managed by `SessionBagInterface` to better encapsulate + session data. + * Refactored session attribute and flash messages system to their own + `SessionBagInterface` implementations. + * Added `FlashBag`. Flashes expire when retrieved by `get()` or `all()`. This + implementation is ESI compatible. + * Added `AutoExpireFlashBag` (default) to replicate Symfony 2.0.x auto expire + behavior of messages auto expiring after one page page load. Messages must + be retrieved by `get()` or `all()`. + * Added `Symfony\Component\HttpFoundation\Attribute\AttributeBag` to replicate + attributes storage behavior from 2.0.x (default). + * Added `Symfony\Component\HttpFoundation\Attribute\NamespacedAttributeBag` for + namespace session attributes. + * Flash API can stores messages in an array so there may be multiple messages + per flash type. The old `Session` class API remains without BC break as it + will allow single messages as before. + * Added basic session meta-data to the session to record session create time, + last updated time, and the lifetime of the session cookie that was provided + to the client. + * Request::getClientIp() method doesn't take a parameter anymore but bases + itself on the trustProxy parameter. + * Added isMethod() to Request object. + * [BC BREAK] The methods `getPathInfo()`, `getBaseUrl()` and `getBasePath()` of + a `Request` now all return a raw value (vs a urldecoded value before). Any call + to one of these methods must be checked and wrapped in a `rawurldecode()` if + needed. diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/ChainRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/ChainRequestMatcher.php new file mode 100644 index 0000000..29486fc --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/ChainRequestMatcher.php @@ -0,0 +1,38 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * ChainRequestMatcher verifies that all checks match against a Request instance. + * + * @author Fabien Potencier + */ +class ChainRequestMatcher implements RequestMatcherInterface +{ + /** + * @param iterable $matchers + */ + public function __construct(private iterable $matchers) + { + } + + public function matches(Request $request): bool + { + foreach ($this->matchers as $matcher) { + if (!$matcher->matches($request)) { + return false; + } + } + + return true; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Cookie.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Cookie.php new file mode 100644 index 0000000..46be14b --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Cookie.php @@ -0,0 +1,409 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * Represents a cookie. + * + * @author Johannes M. Schmitt + */ +class Cookie +{ + public const SAMESITE_NONE = 'none'; + public const SAMESITE_LAX = 'lax'; + public const SAMESITE_STRICT = 'strict'; + + protected string $name; + protected ?string $value; + protected ?string $domain; + protected int $expire; + protected string $path; + protected ?bool $secure; + protected bool $httpOnly; + + private bool $raw; + private ?string $sameSite = null; + private bool $partitioned = false; + private bool $secureDefault = false; + + private const RESERVED_CHARS_LIST = "=,; \t\r\n\v\f"; + private const RESERVED_CHARS_FROM = ['=', ',', ';', ' ', "\t", "\r", "\n", "\v", "\f"]; + private const RESERVED_CHARS_TO = ['%3D', '%2C', '%3B', '%20', '%09', '%0D', '%0A', '%0B', '%0C']; + + /** + * Creates cookie from raw header string. + */ + public static function fromString(string $cookie, bool $decode = false): static + { + $data = [ + 'expires' => 0, + 'path' => '/', + 'domain' => null, + 'secure' => false, + 'httponly' => false, + 'raw' => !$decode, + 'samesite' => null, + 'partitioned' => false, + ]; + + $parts = HeaderUtils::split($cookie, ';='); + $part = array_shift($parts); + + $name = $decode ? urldecode($part[0]) : $part[0]; + $value = isset($part[1]) ? ($decode ? urldecode($part[1]) : $part[1]) : null; + + $data = HeaderUtils::combine($parts) + $data; + $data['expires'] = self::expiresTimestamp($data['expires']); + + if (isset($data['max-age']) && ($data['max-age'] > 0 || $data['expires'] > time())) { + $data['expires'] = time() + (int) $data['max-age']; + } + + return new static($name, $value, $data['expires'], $data['path'], $data['domain'], $data['secure'], $data['httponly'], $data['raw'], $data['samesite'], $data['partitioned']); + } + + /** + * @see self::__construct + * + * @param self::SAMESITE_*|''|null $sameSite + */ + public static function create(string $name, ?string $value = null, int|string|\DateTimeInterface $expire = 0, ?string $path = '/', ?string $domain = null, ?bool $secure = null, bool $httpOnly = true, bool $raw = false, ?string $sameSite = self::SAMESITE_LAX, bool $partitioned = false): self + { + return new self($name, $value, $expire, $path, $domain, $secure, $httpOnly, $raw, $sameSite, $partitioned); + } + + /** + * @param string $name The name of the cookie + * @param string|null $value The value of the cookie + * @param int|string|\DateTimeInterface $expire The time the cookie expires + * @param string|null $path The path on the server in which the cookie will be available on + * @param string|null $domain The domain that the cookie is available to + * @param bool|null $secure Whether the client should send back the cookie only over HTTPS or null to auto-enable this when the request is already using HTTPS + * @param bool $httpOnly Whether the cookie will be made accessible only through the HTTP protocol + * @param bool $raw Whether the cookie value should be sent with no url encoding + * @param self::SAMESITE_*|''|null $sameSite Whether the cookie will be available for cross-site requests + * + * @throws \InvalidArgumentException + */ + public function __construct(string $name, ?string $value = null, int|string|\DateTimeInterface $expire = 0, ?string $path = '/', ?string $domain = null, ?bool $secure = null, bool $httpOnly = true, bool $raw = false, ?string $sameSite = self::SAMESITE_LAX, bool $partitioned = false) + { + // from PHP source code + if ($raw && false !== strpbrk($name, self::RESERVED_CHARS_LIST)) { + throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $name)); + } + + if (!$name) { + throw new \InvalidArgumentException('The cookie name cannot be empty.'); + } + + $this->name = $name; + $this->value = $value; + $this->domain = $domain; + $this->expire = self::expiresTimestamp($expire); + $this->path = $path ?: '/'; + $this->secure = $secure; + $this->httpOnly = $httpOnly; + $this->raw = $raw; + $this->sameSite = $this->withSameSite($sameSite)->sameSite; + $this->partitioned = $partitioned; + } + + /** + * Creates a cookie copy with a new value. + */ + public function withValue(?string $value): static + { + $cookie = clone $this; + $cookie->value = $value; + + return $cookie; + } + + /** + * Creates a cookie copy with a new domain that the cookie is available to. + */ + public function withDomain(?string $domain): static + { + $cookie = clone $this; + $cookie->domain = $domain; + + return $cookie; + } + + /** + * Creates a cookie copy with a new time the cookie expires. + */ + public function withExpires(int|string|\DateTimeInterface $expire = 0): static + { + $cookie = clone $this; + $cookie->expire = self::expiresTimestamp($expire); + + return $cookie; + } + + /** + * Converts expires formats to a unix timestamp. + */ + private static function expiresTimestamp(int|string|\DateTimeInterface $expire = 0): int + { + // convert expiration time to a Unix timestamp + if ($expire instanceof \DateTimeInterface) { + $expire = $expire->format('U'); + } elseif (!is_numeric($expire)) { + $expire = strtotime($expire); + + if (false === $expire) { + throw new \InvalidArgumentException('The cookie expiration time is not valid.'); + } + } + + return 0 < $expire ? (int) $expire : 0; + } + + /** + * Creates a cookie copy with a new path on the server in which the cookie will be available on. + */ + public function withPath(string $path): static + { + $cookie = clone $this; + $cookie->path = '' === $path ? '/' : $path; + + return $cookie; + } + + /** + * Creates a cookie copy that only be transmitted over a secure HTTPS connection from the client. + */ + public function withSecure(bool $secure = true): static + { + $cookie = clone $this; + $cookie->secure = $secure; + + return $cookie; + } + + /** + * Creates a cookie copy that be accessible only through the HTTP protocol. + */ + public function withHttpOnly(bool $httpOnly = true): static + { + $cookie = clone $this; + $cookie->httpOnly = $httpOnly; + + return $cookie; + } + + /** + * Creates a cookie copy that uses no url encoding. + */ + public function withRaw(bool $raw = true): static + { + if ($raw && false !== strpbrk($this->name, self::RESERVED_CHARS_LIST)) { + throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $this->name)); + } + + $cookie = clone $this; + $cookie->raw = $raw; + + return $cookie; + } + + /** + * Creates a cookie copy with SameSite attribute. + * + * @param self::SAMESITE_*|''|null $sameSite + */ + public function withSameSite(?string $sameSite): static + { + if ('' === $sameSite) { + $sameSite = null; + } elseif (null !== $sameSite) { + $sameSite = strtolower($sameSite); + } + + if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE, null], true)) { + throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.'); + } + + $cookie = clone $this; + $cookie->sameSite = $sameSite; + + return $cookie; + } + + /** + * Creates a cookie copy that is tied to the top-level site in cross-site context. + */ + public function withPartitioned(bool $partitioned = true): static + { + $cookie = clone $this; + $cookie->partitioned = $partitioned; + + return $cookie; + } + + /** + * Returns the cookie as a string. + */ + public function __toString(): string + { + if ($this->isRaw()) { + $str = $this->getName(); + } else { + $str = str_replace(self::RESERVED_CHARS_FROM, self::RESERVED_CHARS_TO, $this->getName()); + } + + $str .= '='; + + if ('' === (string) $this->getValue()) { + $str .= 'deleted; expires='.gmdate('D, d M Y H:i:s T', time() - 31536001).'; Max-Age=0'; + } else { + $str .= $this->isRaw() ? $this->getValue() : rawurlencode($this->getValue()); + + if (0 !== $this->getExpiresTime()) { + $str .= '; expires='.gmdate('D, d M Y H:i:s T', $this->getExpiresTime()).'; Max-Age='.$this->getMaxAge(); + } + } + + if ($this->getPath()) { + $str .= '; path='.$this->getPath(); + } + + if ($this->getDomain()) { + $str .= '; domain='.$this->getDomain(); + } + + if ($this->isSecure()) { + $str .= '; secure'; + } + + if ($this->isHttpOnly()) { + $str .= '; httponly'; + } + + if (null !== $this->getSameSite()) { + $str .= '; samesite='.$this->getSameSite(); + } + + if ($this->isPartitioned()) { + $str .= '; partitioned'; + } + + return $str; + } + + /** + * Gets the name of the cookie. + */ + public function getName(): string + { + return $this->name; + } + + /** + * Gets the value of the cookie. + */ + public function getValue(): ?string + { + return $this->value; + } + + /** + * Gets the domain that the cookie is available to. + */ + public function getDomain(): ?string + { + return $this->domain; + } + + /** + * Gets the time the cookie expires. + */ + public function getExpiresTime(): int + { + return $this->expire; + } + + /** + * Gets the max-age attribute. + */ + public function getMaxAge(): int + { + $maxAge = $this->expire - time(); + + return max(0, $maxAge); + } + + /** + * Gets the path on the server in which the cookie will be available on. + */ + public function getPath(): string + { + return $this->path; + } + + /** + * Checks whether the cookie should only be transmitted over a secure HTTPS connection from the client. + */ + public function isSecure(): bool + { + return $this->secure ?? $this->secureDefault; + } + + /** + * Checks whether the cookie will be made accessible only through the HTTP protocol. + */ + public function isHttpOnly(): bool + { + return $this->httpOnly; + } + + /** + * Whether this cookie is about to be cleared. + */ + public function isCleared(): bool + { + return 0 !== $this->expire && $this->expire < time(); + } + + /** + * Checks if the cookie value should be sent with no url encoding. + */ + public function isRaw(): bool + { + return $this->raw; + } + + /** + * Checks whether the cookie should be tied to the top-level site in cross-site context. + */ + public function isPartitioned(): bool + { + return $this->partitioned; + } + + /** + * @return self::SAMESITE_*|null + */ + public function getSameSite(): ?string + { + return $this->sameSite; + } + + /** + * @param bool $default The default value of the "secure" flag when it is set to null + */ + public function setSecureDefault(bool $default): void + { + $this->secureDefault = $default; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/BadRequestException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/BadRequestException.php new file mode 100644 index 0000000..505e1cf --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/BadRequestException.php @@ -0,0 +1,19 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +/** + * Raised when a user sends a malformed request. + */ +class BadRequestException extends UnexpectedValueException implements RequestExceptionInterface +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/ConflictingHeadersException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/ConflictingHeadersException.php new file mode 100644 index 0000000..77aa0e1 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/ConflictingHeadersException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +/** + * The HTTP request contains headers with conflicting information. + * + * @author Magnus Nordlander + */ +class ConflictingHeadersException extends UnexpectedValueException implements RequestExceptionInterface +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/ExceptionInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/ExceptionInterface.php new file mode 100644 index 0000000..e77c94f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/ExceptionInterface.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +interface ExceptionInterface extends \Throwable +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/JsonException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/JsonException.php new file mode 100644 index 0000000..6d1e0ae --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/JsonException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +/** + * Thrown by Request::toArray() when the content cannot be JSON-decoded. + * + * @author Tobias Nyholm + */ +final class JsonException extends UnexpectedValueException implements RequestExceptionInterface +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/LogicException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/LogicException.php new file mode 100644 index 0000000..2d3021f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/LogicException.php @@ -0,0 +1,19 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +/** + * Base LogicException for Http Foundation component. + */ +class LogicException extends \LogicException implements ExceptionInterface +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/RequestExceptionInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/RequestExceptionInterface.php new file mode 100644 index 0000000..478d0dc --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/RequestExceptionInterface.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +/** + * Interface for Request exceptions. + * + * Exceptions implementing this interface should trigger an HTTP 400 response in the application code. + */ +interface RequestExceptionInterface +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/SessionNotFoundException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/SessionNotFoundException.php new file mode 100644 index 0000000..80a21bf --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/SessionNotFoundException.php @@ -0,0 +1,27 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +/** + * Raised when a session does not exist. This happens in the following cases: + * - the session is not enabled + * - attempt to read a session outside a request context (ie. cli script). + * + * @author Jérémy Derussé + */ +class SessionNotFoundException extends \LogicException implements RequestExceptionInterface +{ + public function __construct(string $message = 'There is currently no session available.', int $code = 0, ?\Throwable $previous = null) + { + parent::__construct($message, $code, $previous); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/SuspiciousOperationException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/SuspiciousOperationException.php new file mode 100644 index 0000000..4818ef2 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/SuspiciousOperationException.php @@ -0,0 +1,20 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +/** + * Raised when a user has performed an operation that should be considered + * suspicious from a security perspective. + */ +class SuspiciousOperationException extends UnexpectedValueException implements RequestExceptionInterface +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/UnexpectedValueException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/UnexpectedValueException.php new file mode 100644 index 0000000..c3e6c9d --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Exception/UnexpectedValueException.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Exception; + +class UnexpectedValueException extends \UnexpectedValueException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/AccessDeniedException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/AccessDeniedException.php new file mode 100644 index 0000000..136d2a9 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/AccessDeniedException.php @@ -0,0 +1,25 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when the access on a file was denied. + * + * @author Bernhard Schussek + */ +class AccessDeniedException extends FileException +{ + public function __construct(string $path) + { + parent::__construct(sprintf('The file %s could not be accessed', $path)); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/CannotWriteFileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/CannotWriteFileException.php new file mode 100644 index 0000000..c49f53a --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/CannotWriteFileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an UPLOAD_ERR_CANT_WRITE error occurred with UploadedFile. + * + * @author Florent Mata + */ +class CannotWriteFileException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/ExtensionFileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/ExtensionFileException.php new file mode 100644 index 0000000..ed83499 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/ExtensionFileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an UPLOAD_ERR_EXTENSION error occurred with UploadedFile. + * + * @author Florent Mata + */ +class ExtensionFileException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FileException.php new file mode 100644 index 0000000..fad5133 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an error occurred in the component File. + * + * @author Bernhard Schussek + */ +class FileException extends \RuntimeException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FileNotFoundException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FileNotFoundException.php new file mode 100644 index 0000000..31bdf68 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FileNotFoundException.php @@ -0,0 +1,25 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when a file was not found. + * + * @author Bernhard Schussek + */ +class FileNotFoundException extends FileException +{ + public function __construct(string $path) + { + parent::__construct(sprintf('The file "%s" does not exist', $path)); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FormSizeFileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FormSizeFileException.php new file mode 100644 index 0000000..8741be0 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/FormSizeFileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an UPLOAD_ERR_FORM_SIZE error occurred with UploadedFile. + * + * @author Florent Mata + */ +class FormSizeFileException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/IniSizeFileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/IniSizeFileException.php new file mode 100644 index 0000000..c8fde61 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/IniSizeFileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an UPLOAD_ERR_INI_SIZE error occurred with UploadedFile. + * + * @author Florent Mata + */ +class IniSizeFileException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/NoFileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/NoFileException.php new file mode 100644 index 0000000..4b48cc7 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/NoFileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an UPLOAD_ERR_NO_FILE error occurred with UploadedFile. + * + * @author Florent Mata + */ +class NoFileException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/NoTmpDirFileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/NoTmpDirFileException.php new file mode 100644 index 0000000..bdead2d --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/NoTmpDirFileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an UPLOAD_ERR_NO_TMP_DIR error occurred with UploadedFile. + * + * @author Florent Mata + */ +class NoTmpDirFileException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/PartialFileException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/PartialFileException.php new file mode 100644 index 0000000..4641efb --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/PartialFileException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an UPLOAD_ERR_PARTIAL error occurred with UploadedFile. + * + * @author Florent Mata + */ +class PartialFileException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/UnexpectedTypeException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/UnexpectedTypeException.php new file mode 100644 index 0000000..905bd59 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/UnexpectedTypeException.php @@ -0,0 +1,20 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +class UnexpectedTypeException extends FileException +{ + public function __construct(mixed $value, string $expectedType) + { + parent::__construct(sprintf('Expected argument of type %s, %s given', $expectedType, get_debug_type($value))); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/UploadException.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/UploadException.php new file mode 100644 index 0000000..7074e76 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Exception/UploadException.php @@ -0,0 +1,21 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File\Exception; + +/** + * Thrown when an error occurred during file upload. + * + * @author Bernhard Schussek + */ +class UploadException extends FileException +{ +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/File.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/File.php new file mode 100644 index 0000000..34ca5a5 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/File.php @@ -0,0 +1,141 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File; + +use Symfony\Component\HttpFoundation\File\Exception\FileException; +use Symfony\Component\HttpFoundation\File\Exception\FileNotFoundException; +use Symfony\Component\Mime\MimeTypes; + +/** + * A file in the file system. + * + * @author Bernhard Schussek + */ +class File extends \SplFileInfo +{ + /** + * Constructs a new file from the given path. + * + * @param string $path The path to the file + * @param bool $checkPath Whether to check the path or not + * + * @throws FileNotFoundException If the given path is not a file + */ + public function __construct(string $path, bool $checkPath = true) + { + if ($checkPath && !is_file($path)) { + throw new FileNotFoundException($path); + } + + parent::__construct($path); + } + + /** + * Returns the extension based on the mime type. + * + * If the mime type is unknown, returns null. + * + * This method uses the mime type as guessed by getMimeType() + * to guess the file extension. + * + * @see MimeTypes + * @see getMimeType() + */ + public function guessExtension(): ?string + { + if (!class_exists(MimeTypes::class)) { + throw new \LogicException('You cannot guess the extension as the Mime component is not installed. Try running "composer require symfony/mime".'); + } + + return MimeTypes::getDefault()->getExtensions($this->getMimeType())[0] ?? null; + } + + /** + * Returns the mime type of the file. + * + * The mime type is guessed using a MimeTypeGuesserInterface instance, + * which uses finfo_file() then the "file" system binary, + * depending on which of those are available. + * + * @see MimeTypes + */ + public function getMimeType(): ?string + { + if (!class_exists(MimeTypes::class)) { + throw new \LogicException('You cannot guess the mime type as the Mime component is not installed. Try running "composer require symfony/mime".'); + } + + return MimeTypes::getDefault()->guessMimeType($this->getPathname()); + } + + /** + * Moves the file to a new location. + * + * @throws FileException if the target file could not be created + */ + public function move(string $directory, ?string $name = null): self + { + $target = $this->getTargetFile($directory, $name); + + set_error_handler(function ($type, $msg) use (&$error) { $error = $msg; }); + try { + $renamed = rename($this->getPathname(), $target); + } finally { + restore_error_handler(); + } + if (!$renamed) { + throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); + } + + @chmod($target, 0666 & ~umask()); + + return $target; + } + + public function getContent(): string + { + $content = file_get_contents($this->getPathname()); + + if (false === $content) { + throw new FileException(sprintf('Could not get the content of the file "%s".', $this->getPathname())); + } + + return $content; + } + + protected function getTargetFile(string $directory, ?string $name = null): self + { + if (!is_dir($directory)) { + if (false === @mkdir($directory, 0777, true) && !is_dir($directory)) { + throw new FileException(sprintf('Unable to create the "%s" directory.', $directory)); + } + } elseif (!is_writable($directory)) { + throw new FileException(sprintf('Unable to write in the "%s" directory.', $directory)); + } + + $target = rtrim($directory, '/\\').\DIRECTORY_SEPARATOR.(null === $name ? $this->getBasename() : $this->getName($name)); + + return new self($target, false); + } + + /** + * Returns locale independent base name of the given path. + */ + protected function getName(string $name): string + { + $originalName = str_replace('\\', '/', $name); + $pos = strrpos($originalName, '/'); + $originalName = false === $pos ? $originalName : substr($originalName, $pos + 1); + + return $originalName; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/Stream.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Stream.php new file mode 100644 index 0000000..2c156b2 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/Stream.php @@ -0,0 +1,25 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File; + +/** + * A PHP stream of unknown size. + * + * @author Nicolas Grekas + */ +class Stream extends File +{ + public function getSize(): int|false + { + return false; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/File/UploadedFile.php b/qa-tool/htdocs/vendor/symfony/http-foundation/File/UploadedFile.php new file mode 100644 index 0000000..74e929f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/File/UploadedFile.php @@ -0,0 +1,286 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\File; + +use Symfony\Component\HttpFoundation\File\Exception\CannotWriteFileException; +use Symfony\Component\HttpFoundation\File\Exception\ExtensionFileException; +use Symfony\Component\HttpFoundation\File\Exception\FileException; +use Symfony\Component\HttpFoundation\File\Exception\FileNotFoundException; +use Symfony\Component\HttpFoundation\File\Exception\FormSizeFileException; +use Symfony\Component\HttpFoundation\File\Exception\IniSizeFileException; +use Symfony\Component\HttpFoundation\File\Exception\NoFileException; +use Symfony\Component\HttpFoundation\File\Exception\NoTmpDirFileException; +use Symfony\Component\HttpFoundation\File\Exception\PartialFileException; +use Symfony\Component\Mime\MimeTypes; + +/** + * A file uploaded through a form. + * + * @author Bernhard Schussek + * @author Florian Eckerstorfer + * @author Fabien Potencier + */ +class UploadedFile extends File +{ + private bool $test; + private string $originalName; + private string $mimeType; + private int $error; + private string $originalPath; + + /** + * Accepts the information of the uploaded file as provided by the PHP global $_FILES. + * + * The file object is only created when the uploaded file is valid (i.e. when the + * isValid() method returns true). Otherwise the only methods that could be called + * on an UploadedFile instance are: + * + * * getClientOriginalName, + * * getClientMimeType, + * * isValid, + * * getError. + * + * Calling any other method on an non-valid instance will cause an unpredictable result. + * + * @param string $path The full temporary path to the file + * @param string $originalName The original file name of the uploaded file + * @param string|null $mimeType The type of the file as provided by PHP; null defaults to application/octet-stream + * @param int|null $error The error constant of the upload (one of PHP's UPLOAD_ERR_XXX constants); null defaults to UPLOAD_ERR_OK + * @param bool $test Whether the test mode is active + * Local files are used in test mode hence the code should not enforce HTTP uploads + * + * @throws FileException If file_uploads is disabled + * @throws FileNotFoundException If the file does not exist + */ + public function __construct(string $path, string $originalName, ?string $mimeType = null, ?int $error = null, bool $test = false) + { + $this->originalName = $this->getName($originalName); + $this->originalPath = strtr($originalName, '\\', '/'); + $this->mimeType = $mimeType ?: 'application/octet-stream'; + $this->error = $error ?: \UPLOAD_ERR_OK; + $this->test = $test; + + parent::__construct($path, \UPLOAD_ERR_OK === $this->error); + } + + /** + * Returns the original file name. + * + * It is extracted from the request from which the file has been uploaded. + * This should not be considered as a safe value to use for a file name on your servers. + */ + public function getClientOriginalName(): string + { + return $this->originalName; + } + + /** + * Returns the original file extension. + * + * It is extracted from the original file name that was uploaded. + * This should not be considered as a safe value to use for a file name on your servers. + */ + public function getClientOriginalExtension(): string + { + return pathinfo($this->originalName, \PATHINFO_EXTENSION); + } + + /** + * Returns the original file full path. + * + * It is extracted from the request from which the file has been uploaded. + * This should not be considered as a safe value to use for a file name/path on your servers. + * + * If this file was uploaded with the "webkitdirectory" upload directive, this will contain + * the path of the file relative to the uploaded root directory. Otherwise this will be identical + * to getClientOriginalName(). + */ + public function getClientOriginalPath(): string + { + return $this->originalPath; + } + + /** + * Returns the file mime type. + * + * The client mime type is extracted from the request from which the file + * was uploaded, so it should not be considered as a safe value. + * + * For a trusted mime type, use getMimeType() instead (which guesses the mime + * type based on the file content). + * + * @see getMimeType() + */ + public function getClientMimeType(): string + { + return $this->mimeType; + } + + /** + * Returns the extension based on the client mime type. + * + * If the mime type is unknown, returns null. + * + * This method uses the mime type as guessed by getClientMimeType() + * to guess the file extension. As such, the extension returned + * by this method cannot be trusted. + * + * For a trusted extension, use guessExtension() instead (which guesses + * the extension based on the guessed mime type for the file). + * + * @see guessExtension() + * @see getClientMimeType() + */ + public function guessClientExtension(): ?string + { + if (!class_exists(MimeTypes::class)) { + throw new \LogicException('You cannot guess the extension as the Mime component is not installed. Try running "composer require symfony/mime".'); + } + + return MimeTypes::getDefault()->getExtensions($this->getClientMimeType())[0] ?? null; + } + + /** + * Returns the upload error. + * + * If the upload was successful, the constant UPLOAD_ERR_OK is returned. + * Otherwise one of the other UPLOAD_ERR_XXX constants is returned. + */ + public function getError(): int + { + return $this->error; + } + + /** + * Returns whether the file has been uploaded with HTTP and no error occurred. + */ + public function isValid(): bool + { + $isOk = \UPLOAD_ERR_OK === $this->error; + + return $this->test ? $isOk : $isOk && is_uploaded_file($this->getPathname()); + } + + /** + * Moves the file to a new location. + * + * @throws FileException if, for any reason, the file could not have been moved + */ + public function move(string $directory, ?string $name = null): File + { + if ($this->isValid()) { + if ($this->test) { + return parent::move($directory, $name); + } + + $target = $this->getTargetFile($directory, $name); + + set_error_handler(function ($type, $msg) use (&$error) { $error = $msg; }); + try { + $moved = move_uploaded_file($this->getPathname(), $target); + } finally { + restore_error_handler(); + } + if (!$moved) { + throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); + } + + @chmod($target, 0666 & ~umask()); + + return $target; + } + + switch ($this->error) { + case \UPLOAD_ERR_INI_SIZE: + throw new IniSizeFileException($this->getErrorMessage()); + case \UPLOAD_ERR_FORM_SIZE: + throw new FormSizeFileException($this->getErrorMessage()); + case \UPLOAD_ERR_PARTIAL: + throw new PartialFileException($this->getErrorMessage()); + case \UPLOAD_ERR_NO_FILE: + throw new NoFileException($this->getErrorMessage()); + case \UPLOAD_ERR_CANT_WRITE: + throw new CannotWriteFileException($this->getErrorMessage()); + case \UPLOAD_ERR_NO_TMP_DIR: + throw new NoTmpDirFileException($this->getErrorMessage()); + case \UPLOAD_ERR_EXTENSION: + throw new ExtensionFileException($this->getErrorMessage()); + } + + throw new FileException($this->getErrorMessage()); + } + + /** + * Returns the maximum size of an uploaded file as configured in php.ini. + * + * @return int|float The maximum size of an uploaded file in bytes (returns float if size > PHP_INT_MAX) + */ + public static function getMaxFilesize(): int|float + { + $sizePostMax = self::parseFilesize(\ini_get('post_max_size')); + $sizeUploadMax = self::parseFilesize(\ini_get('upload_max_filesize')); + + return min($sizePostMax ?: \PHP_INT_MAX, $sizeUploadMax ?: \PHP_INT_MAX); + } + + private static function parseFilesize(string $size): int|float + { + if ('' === $size) { + return 0; + } + + $size = strtolower($size); + + $max = ltrim($size, '+'); + if (str_starts_with($max, '0x')) { + $max = \intval($max, 16); + } elseif (str_starts_with($max, '0')) { + $max = \intval($max, 8); + } else { + $max = (int) $max; + } + + switch (substr($size, -1)) { + case 't': $max *= 1024; + // no break + case 'g': $max *= 1024; + // no break + case 'm': $max *= 1024; + // no break + case 'k': $max *= 1024; + } + + return $max; + } + + /** + * Returns an informative upload error message. + */ + public function getErrorMessage(): string + { + static $errors = [ + \UPLOAD_ERR_INI_SIZE => 'The file "%s" exceeds your upload_max_filesize ini directive (limit is %d KiB).', + \UPLOAD_ERR_FORM_SIZE => 'The file "%s" exceeds the upload limit defined in your form.', + \UPLOAD_ERR_PARTIAL => 'The file "%s" was only partially uploaded.', + \UPLOAD_ERR_NO_FILE => 'No file was uploaded.', + \UPLOAD_ERR_CANT_WRITE => 'The file "%s" could not be written on disk.', + \UPLOAD_ERR_NO_TMP_DIR => 'File could not be uploaded: missing temporary directory.', + \UPLOAD_ERR_EXTENSION => 'File upload was stopped by a PHP extension.', + ]; + + $errorCode = $this->error; + $maxFilesize = \UPLOAD_ERR_INI_SIZE === $errorCode ? self::getMaxFilesize() / 1024 : 0; + $message = $errors[$errorCode] ?? 'The file "%s" was not uploaded due to an unknown error.'; + + return sprintf($message, $this->getClientOriginalName(), $maxFilesize); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/FileBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/FileBag.php new file mode 100644 index 0000000..561e7cd --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/FileBag.php @@ -0,0 +1,127 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\HttpFoundation\File\UploadedFile; + +/** + * FileBag is a container for uploaded files. + * + * @author Fabien Potencier + * @author Bulat Shakirzyanov + */ +class FileBag extends ParameterBag +{ + private const FILE_KEYS = ['error', 'full_path', 'name', 'size', 'tmp_name', 'type']; + + /** + * @param array|UploadedFile[] $parameters An array of HTTP files + */ + public function __construct(array $parameters = []) + { + $this->replace($parameters); + } + + public function replace(array $files = []): void + { + $this->parameters = []; + $this->add($files); + } + + public function set(string $key, mixed $value): void + { + if (!\is_array($value) && !$value instanceof UploadedFile) { + throw new \InvalidArgumentException('An uploaded file must be an array or an instance of UploadedFile.'); + } + + parent::set($key, $this->convertFileInformation($value)); + } + + public function add(array $files = []): void + { + foreach ($files as $key => $file) { + $this->set($key, $file); + } + } + + /** + * Converts uploaded files to UploadedFile instances. + * + * @return UploadedFile[]|UploadedFile|null + */ + protected function convertFileInformation(array|UploadedFile $file): array|UploadedFile|null + { + if ($file instanceof UploadedFile) { + return $file; + } + + $file = $this->fixPhpFilesArray($file); + $keys = array_keys($file + ['full_path' => null]); + sort($keys); + + if (self::FILE_KEYS === $keys) { + if (\UPLOAD_ERR_NO_FILE === $file['error']) { + $file = null; + } else { + $file = new UploadedFile($file['tmp_name'], $file['full_path'] ?? $file['name'], $file['type'], $file['error'], false); + } + } else { + $file = array_map(fn ($v) => $v instanceof UploadedFile || \is_array($v) ? $this->convertFileInformation($v) : $v, $file); + if (array_is_list($file)) { + $file = array_filter($file); + } + } + + return $file; + } + + /** + * Fixes a malformed PHP $_FILES array. + * + * PHP has a bug that the format of the $_FILES array differs, depending on + * whether the uploaded file fields had normal field names or array-like + * field names ("normal" vs. "parent[child]"). + * + * This method fixes the array to look like the "normal" $_FILES array. + * + * It's safe to pass an already converted array, in which case this method + * just returns the original array unmodified. + */ + protected function fixPhpFilesArray(array $data): array + { + $keys = array_keys($data + ['full_path' => null]); + sort($keys); + + if (self::FILE_KEYS !== $keys || !isset($data['name']) || !\is_array($data['name'])) { + return $data; + } + + $files = $data; + foreach (self::FILE_KEYS as $k) { + unset($files[$k]); + } + + foreach ($data['name'] as $key => $name) { + $files[$key] = $this->fixPhpFilesArray([ + 'error' => $data['error'][$key], + 'name' => $name, + 'type' => $data['type'][$key], + 'tmp_name' => $data['tmp_name'][$key], + 'size' => $data['size'][$key], + ] + (isset($data['full_path'][$key]) ? [ + 'full_path' => $data['full_path'][$key], + ] : [])); + } + + return $files; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/HeaderBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/HeaderBag.php new file mode 100644 index 0000000..4bab376 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/HeaderBag.php @@ -0,0 +1,273 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * HeaderBag is a container for HTTP headers. + * + * @author Fabien Potencier + * + * @implements \IteratorAggregate> + */ +class HeaderBag implements \IteratorAggregate, \Countable, \Stringable +{ + protected const UPPER = '_ABCDEFGHIJKLMNOPQRSTUVWXYZ'; + protected const LOWER = '-abcdefghijklmnopqrstuvwxyz'; + + /** + * @var array> + */ + protected array $headers = []; + protected array $cacheControl = []; + + public function __construct(array $headers = []) + { + foreach ($headers as $key => $values) { + $this->set($key, $values); + } + } + + /** + * Returns the headers as a string. + */ + public function __toString(): string + { + if (!$headers = $this->all()) { + return ''; + } + + ksort($headers); + $max = max(array_map('strlen', array_keys($headers))) + 1; + $content = ''; + foreach ($headers as $name => $values) { + $name = ucwords($name, '-'); + foreach ($values as $value) { + $content .= sprintf("%-{$max}s %s\r\n", $name.':', $value); + } + } + + return $content; + } + + /** + * Returns the headers. + * + * @param string|null $key The name of the headers to return or null to get them all + * + * @return ($key is null ? array> : list) + */ + public function all(?string $key = null): array + { + if (null !== $key) { + return $this->headers[strtr($key, self::UPPER, self::LOWER)] ?? []; + } + + return $this->headers; + } + + /** + * Returns the parameter keys. + * + * @return string[] + */ + public function keys(): array + { + return array_keys($this->all()); + } + + /** + * Replaces the current HTTP headers by a new set. + */ + public function replace(array $headers = []): void + { + $this->headers = []; + $this->add($headers); + } + + /** + * Adds new headers the current HTTP headers set. + */ + public function add(array $headers): void + { + foreach ($headers as $key => $values) { + $this->set($key, $values); + } + } + + /** + * Returns the first header by name or the default one. + */ + public function get(string $key, ?string $default = null): ?string + { + $headers = $this->all($key); + + if (!$headers) { + return $default; + } + + if (null === $headers[0]) { + return null; + } + + return (string) $headers[0]; + } + + /** + * Sets a header by name. + * + * @param string|string[]|null $values The value or an array of values + * @param bool $replace Whether to replace the actual value or not (true by default) + */ + public function set(string $key, string|array|null $values, bool $replace = true): void + { + $key = strtr($key, self::UPPER, self::LOWER); + + if (\is_array($values)) { + $values = array_values($values); + + if (true === $replace || !isset($this->headers[$key])) { + $this->headers[$key] = $values; + } else { + $this->headers[$key] = array_merge($this->headers[$key], $values); + } + } else { + if (true === $replace || !isset($this->headers[$key])) { + $this->headers[$key] = [$values]; + } else { + $this->headers[$key][] = $values; + } + } + + if ('cache-control' === $key) { + $this->cacheControl = $this->parseCacheControl(implode(', ', $this->headers[$key])); + } + } + + /** + * Returns true if the HTTP header is defined. + */ + public function has(string $key): bool + { + return \array_key_exists(strtr($key, self::UPPER, self::LOWER), $this->all()); + } + + /** + * Returns true if the given HTTP header contains the given value. + */ + public function contains(string $key, string $value): bool + { + return \in_array($value, $this->all($key), true); + } + + /** + * Removes a header. + */ + public function remove(string $key): void + { + $key = strtr($key, self::UPPER, self::LOWER); + + unset($this->headers[$key]); + + if ('cache-control' === $key) { + $this->cacheControl = []; + } + } + + /** + * Returns the HTTP header value converted to a date. + * + * @throws \RuntimeException When the HTTP header is not parseable + */ + public function getDate(string $key, ?\DateTimeInterface $default = null): ?\DateTimeImmutable + { + if (null === $value = $this->get($key)) { + return null !== $default ? \DateTimeImmutable::createFromInterface($default) : null; + } + + if (false === $date = \DateTimeImmutable::createFromFormat(\DATE_RFC2822, $value)) { + throw new \RuntimeException(sprintf('The "%s" HTTP header is not parseable (%s).', $key, $value)); + } + + return $date; + } + + /** + * Adds a custom Cache-Control directive. + */ + public function addCacheControlDirective(string $key, bool|string $value = true): void + { + $this->cacheControl[$key] = $value; + + $this->set('Cache-Control', $this->getCacheControlHeader()); + } + + /** + * Returns true if the Cache-Control directive is defined. + */ + public function hasCacheControlDirective(string $key): bool + { + return \array_key_exists($key, $this->cacheControl); + } + + /** + * Returns a Cache-Control directive value by name. + */ + public function getCacheControlDirective(string $key): bool|string|null + { + return $this->cacheControl[$key] ?? null; + } + + /** + * Removes a Cache-Control directive. + */ + public function removeCacheControlDirective(string $key): void + { + unset($this->cacheControl[$key]); + + $this->set('Cache-Control', $this->getCacheControlHeader()); + } + + /** + * Returns an iterator for headers. + * + * @return \ArrayIterator> + */ + public function getIterator(): \ArrayIterator + { + return new \ArrayIterator($this->headers); + } + + /** + * Returns the number of headers. + */ + public function count(): int + { + return \count($this->headers); + } + + protected function getCacheControlHeader(): string + { + ksort($this->cacheControl); + + return HeaderUtils::toString($this->cacheControl, ','); + } + + /** + * Parses a Cache-Control HTTP header. + */ + protected function parseCacheControl(string $header): array + { + $parts = HeaderUtils::split($header, ',='); + + return HeaderUtils::combine($parts); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/HeaderUtils.php b/qa-tool/htdocs/vendor/symfony/http-foundation/HeaderUtils.php new file mode 100644 index 0000000..110896e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/HeaderUtils.php @@ -0,0 +1,298 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * HTTP header utility functions. + * + * @author Christian Schmidt + */ +class HeaderUtils +{ + public const DISPOSITION_ATTACHMENT = 'attachment'; + public const DISPOSITION_INLINE = 'inline'; + + /** + * This class should not be instantiated. + */ + private function __construct() + { + } + + /** + * Splits an HTTP header by one or more separators. + * + * Example: + * + * HeaderUtils::split('da, en-gb;q=0.8', ',;') + * // => ['da'], ['en-gb', 'q=0.8']] + * + * @param string $separators List of characters to split on, ordered by + * precedence, e.g. ',', ';=', or ',;=' + * + * @return array Nested array with as many levels as there are characters in + * $separators + */ + public static function split(string $header, string $separators): array + { + if ('' === $separators) { + throw new \InvalidArgumentException('At least one separator must be specified.'); + } + + $quotedSeparators = preg_quote($separators, '/'); + + preg_match_all(' + / + (?!\s) + (?: + # quoted-string + "(?:[^"\\\\]|\\\\.)*(?:"|\\\\|$) + | + # token + [^"'.$quotedSeparators.']+ + )+ + (?['.$quotedSeparators.']) + \s* + /x', trim($header), $matches, \PREG_SET_ORDER); + + return self::groupParts($matches, $separators); + } + + /** + * Combines an array of arrays into one associative array. + * + * Each of the nested arrays should have one or two elements. The first + * value will be used as the keys in the associative array, and the second + * will be used as the values, or true if the nested array only contains one + * element. Array keys are lowercased. + * + * Example: + * + * HeaderUtils::combine([['foo', 'abc'], ['bar']]) + * // => ['foo' => 'abc', 'bar' => true] + */ + public static function combine(array $parts): array + { + $assoc = []; + foreach ($parts as $part) { + $name = strtolower($part[0]); + $value = $part[1] ?? true; + $assoc[$name] = $value; + } + + return $assoc; + } + + /** + * Joins an associative array into a string for use in an HTTP header. + * + * The key and value of each entry are joined with '=', and all entries + * are joined with the specified separator and an additional space (for + * readability). Values are quoted if necessary. + * + * Example: + * + * HeaderUtils::toString(['foo' => 'abc', 'bar' => true, 'baz' => 'a b c'], ',') + * // => 'foo=abc, bar, baz="a b c"' + */ + public static function toString(array $assoc, string $separator): string + { + $parts = []; + foreach ($assoc as $name => $value) { + if (true === $value) { + $parts[] = $name; + } else { + $parts[] = $name.'='.self::quote($value); + } + } + + return implode($separator.' ', $parts); + } + + /** + * Encodes a string as a quoted string, if necessary. + * + * If a string contains characters not allowed by the "token" construct in + * the HTTP specification, it is backslash-escaped and enclosed in quotes + * to match the "quoted-string" construct. + */ + public static function quote(string $s): string + { + if (preg_match('/^[a-z0-9!#$%&\'*.^_`|~-]+$/i', $s)) { + return $s; + } + + return '"'.addcslashes($s, '"\\"').'"'; + } + + /** + * Decodes a quoted string. + * + * If passed an unquoted string that matches the "token" construct (as + * defined in the HTTP specification), it is passed through verbatim. + */ + public static function unquote(string $s): string + { + return preg_replace('/\\\\(.)|"/', '$1', $s); + } + + /** + * Generates an HTTP Content-Disposition field-value. + * + * @param string $disposition One of "inline" or "attachment" + * @param string $filename A unicode string + * @param string $filenameFallback A string containing only ASCII characters that + * is semantically equivalent to $filename. If the filename is already ASCII, + * it can be omitted, or just copied from $filename + * + * @throws \InvalidArgumentException + * + * @see RFC 6266 + */ + public static function makeDisposition(string $disposition, string $filename, string $filenameFallback = ''): string + { + if (!\in_array($disposition, [self::DISPOSITION_ATTACHMENT, self::DISPOSITION_INLINE])) { + throw new \InvalidArgumentException(sprintf('The disposition must be either "%s" or "%s".', self::DISPOSITION_ATTACHMENT, self::DISPOSITION_INLINE)); + } + + if ('' === $filenameFallback) { + $filenameFallback = $filename; + } + + // filenameFallback is not ASCII. + if (!preg_match('/^[\x20-\x7e]*$/', $filenameFallback)) { + throw new \InvalidArgumentException('The filename fallback must only contain ASCII characters.'); + } + + // percent characters aren't safe in fallback. + if (str_contains($filenameFallback, '%')) { + throw new \InvalidArgumentException('The filename fallback cannot contain the "%" character.'); + } + + // path separators aren't allowed in either. + if (str_contains($filename, '/') || str_contains($filename, '\\') || str_contains($filenameFallback, '/') || str_contains($filenameFallback, '\\')) { + throw new \InvalidArgumentException('The filename and the fallback cannot contain the "/" and "\\" characters.'); + } + + $params = ['filename' => $filenameFallback]; + if ($filename !== $filenameFallback) { + $params['filename*'] = "utf-8''".rawurlencode($filename); + } + + return $disposition.'; '.self::toString($params, ';'); + } + + /** + * Like parse_str(), but preserves dots in variable names. + */ + public static function parseQuery(string $query, bool $ignoreBrackets = false, string $separator = '&'): array + { + $q = []; + + foreach (explode($separator, $query) as $v) { + if (false !== $i = strpos($v, "\0")) { + $v = substr($v, 0, $i); + } + + if (false === $i = strpos($v, '=')) { + $k = urldecode($v); + $v = ''; + } else { + $k = urldecode(substr($v, 0, $i)); + $v = substr($v, $i); + } + + if (false !== $i = strpos($k, "\0")) { + $k = substr($k, 0, $i); + } + + $k = ltrim($k, ' '); + + if ($ignoreBrackets) { + $q[$k][] = urldecode(substr($v, 1)); + + continue; + } + + if (false === $i = strpos($k, '[')) { + $q[] = bin2hex($k).$v; + } else { + $q[] = bin2hex(substr($k, 0, $i)).rawurlencode(substr($k, $i)).$v; + } + } + + if ($ignoreBrackets) { + return $q; + } + + parse_str(implode('&', $q), $q); + + $query = []; + + foreach ($q as $k => $v) { + if (false !== $i = strpos($k, '_')) { + $query[substr_replace($k, hex2bin(substr($k, 0, $i)).'[', 0, 1 + $i)] = $v; + } else { + $query[hex2bin($k)] = $v; + } + } + + return $query; + } + + private static function groupParts(array $matches, string $separators, bool $first = true): array + { + $separator = $separators[0]; + $separators = substr($separators, 1) ?: ''; + $i = 0; + + if ('' === $separators && !$first) { + $parts = ['']; + + foreach ($matches as $match) { + if (!$i && isset($match['separator'])) { + $i = 1; + $parts[1] = ''; + } else { + $parts[$i] .= self::unquote($match[0]); + } + } + + return $parts; + } + + $parts = []; + $partMatches = []; + + foreach ($matches as $match) { + if (($match['separator'] ?? null) === $separator) { + ++$i; + } else { + $partMatches[$i][] = $match; + } + } + + foreach ($partMatches as $matches) { + if ('' === $separators && '' !== $unquoted = self::unquote($matches[0][0])) { + $parts[] = $unquoted; + } elseif ($groupedParts = self::groupParts($matches, $separators, false)) { + $parts[] = $groupedParts; + } + } + + return $parts; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/InputBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/InputBag.php new file mode 100644 index 0000000..dc5e127 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/InputBag.php @@ -0,0 +1,136 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\HttpFoundation\Exception\BadRequestException; +use Symfony\Component\HttpFoundation\Exception\UnexpectedValueException; + +/** + * InputBag is a container for user input values such as $_GET, $_POST, $_REQUEST, and $_COOKIE. + * + * @author Saif Eddin Gmati + */ +final class InputBag extends ParameterBag +{ + /** + * Returns a scalar input value by name. + * + * @param string|int|float|bool|null $default The default value if the input key does not exist + */ + public function get(string $key, mixed $default = null): string|int|float|bool|null + { + if (null !== $default && !\is_scalar($default) && !$default instanceof \Stringable) { + throw new \InvalidArgumentException(sprintf('Expected a scalar value as a 2nd argument to "%s()", "%s" given.', __METHOD__, get_debug_type($default))); + } + + $value = parent::get($key, $this); + + if (null !== $value && $this !== $value && !\is_scalar($value) && !$value instanceof \Stringable) { + throw new BadRequestException(sprintf('Input value "%s" contains a non-scalar value.', $key)); + } + + return $this === $value ? $default : $value; + } + + /** + * Replaces the current input values by a new set. + */ + public function replace(array $inputs = []): void + { + $this->parameters = []; + $this->add($inputs); + } + + /** + * Adds input values. + */ + public function add(array $inputs = []): void + { + foreach ($inputs as $input => $value) { + $this->set($input, $value); + } + } + + /** + * Sets an input by name. + * + * @param string|int|float|bool|array|null $value + */ + public function set(string $key, mixed $value): void + { + if (null !== $value && !\is_scalar($value) && !\is_array($value) && !$value instanceof \Stringable) { + throw new \InvalidArgumentException(sprintf('Expected a scalar, or an array as a 2nd argument to "%s()", "%s" given.', __METHOD__, get_debug_type($value))); + } + + $this->parameters[$key] = $value; + } + + /** + * Returns the parameter value converted to an enum. + * + * @template T of \BackedEnum + * + * @param class-string $class + * @param ?T $default + * + * @return ?T + * + * @psalm-return ($default is null ? T|null : T) + */ + public function getEnum(string $key, string $class, ?\BackedEnum $default = null): ?\BackedEnum + { + try { + return parent::getEnum($key, $class, $default); + } catch (UnexpectedValueException $e) { + throw new BadRequestException($e->getMessage(), $e->getCode(), $e); + } + } + + /** + * Returns the parameter value converted to string. + */ + public function getString(string $key, string $default = ''): string + { + // Shortcuts the parent method because the validation on scalar is already done in get(). + return (string) $this->get($key, $default); + } + + public function filter(string $key, mixed $default = null, int $filter = \FILTER_DEFAULT, mixed $options = []): mixed + { + $value = $this->has($key) ? $this->all()[$key] : $default; + + // Always turn $options into an array - this allows filter_var option shortcuts. + if (!\is_array($options) && $options) { + $options = ['flags' => $options]; + } + + if (\is_array($value) && !(($options['flags'] ?? 0) & (\FILTER_REQUIRE_ARRAY | \FILTER_FORCE_ARRAY))) { + throw new BadRequestException(sprintf('Input value "%s" contains an array, but "FILTER_REQUIRE_ARRAY" or "FILTER_FORCE_ARRAY" flags were not set.', $key)); + } + + if ((\FILTER_CALLBACK & $filter) && !(($options['options'] ?? null) instanceof \Closure)) { + throw new \InvalidArgumentException(sprintf('A Closure must be passed to "%s()" when FILTER_CALLBACK is used, "%s" given.', __METHOD__, get_debug_type($options['options'] ?? null))); + } + + $options['flags'] ??= 0; + $nullOnFailure = $options['flags'] & \FILTER_NULL_ON_FAILURE; + $options['flags'] |= \FILTER_NULL_ON_FAILURE; + + $value = filter_var($value, $filter, $options); + + if (null !== $value || $nullOnFailure) { + return $value; + } + + throw new BadRequestException(sprintf('Input value "%s" is invalid and flag "FILTER_NULL_ON_FAILURE" was not set.', $key)); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/IpUtils.php b/qa-tool/htdocs/vendor/symfony/http-foundation/IpUtils.php new file mode 100644 index 0000000..ceab620 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/IpUtils.php @@ -0,0 +1,241 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * Http utility functions. + * + * @author Fabien Potencier + */ +class IpUtils +{ + public const PRIVATE_SUBNETS = [ + '127.0.0.0/8', // RFC1700 (Loopback) + '10.0.0.0/8', // RFC1918 + '192.168.0.0/16', // RFC1918 + '172.16.0.0/12', // RFC1918 + '169.254.0.0/16', // RFC3927 + '0.0.0.0/8', // RFC5735 + '240.0.0.0/4', // RFC1112 + '::1/128', // Loopback + 'fc00::/7', // Unique Local Address + 'fe80::/10', // Link Local Address + '::ffff:0:0/96', // IPv4 translations + '::/128', // Unspecified address + ]; + + private static array $checkedIps = []; + + /** + * This class should not be instantiated. + */ + private function __construct() + { + } + + /** + * Checks if an IPv4 or IPv6 address is contained in the list of given IPs or subnets. + * + * @param string|array $ips List of IPs or subnets (can be a string if only a single one) + */ + public static function checkIp(string $requestIp, string|array $ips): bool + { + if (!\is_array($ips)) { + $ips = [$ips]; + } + + $method = substr_count($requestIp, ':') > 1 ? 'checkIp6' : 'checkIp4'; + + foreach ($ips as $ip) { + if (self::$method($requestIp, $ip)) { + return true; + } + } + + return false; + } + + /** + * Compares two IPv4 addresses. + * In case a subnet is given, it checks if it contains the request IP. + * + * @param string $ip IPv4 address or subnet in CIDR notation + * + * @return bool Whether the request IP matches the IP, or whether the request IP is within the CIDR subnet + */ + public static function checkIp4(string $requestIp, string $ip): bool + { + $cacheKey = $requestIp.'-'.$ip.'-v4'; + if (null !== $cacheValue = self::getCacheResult($cacheKey)) { + return $cacheValue; + } + + if (!filter_var($requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4)) { + return self::setCacheResult($cacheKey, false); + } + + if (str_contains($ip, '/')) { + [$address, $netmask] = explode('/', $ip, 2); + + if ('0' === $netmask) { + return self::setCacheResult($cacheKey, false !== filter_var($address, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4)); + } + + if ($netmask < 0 || $netmask > 32) { + return self::setCacheResult($cacheKey, false); + } + } else { + $address = $ip; + $netmask = 32; + } + + if (false === ip2long($address)) { + return self::setCacheResult($cacheKey, false); + } + + return self::setCacheResult($cacheKey, 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask)); + } + + /** + * Compares two IPv6 addresses. + * In case a subnet is given, it checks if it contains the request IP. + * + * @author David Soria Parra + * + * @see https://github.com/dsp/v6tools + * + * @param string $ip IPv6 address or subnet in CIDR notation + * + * @throws \RuntimeException When IPV6 support is not enabled + */ + public static function checkIp6(string $requestIp, string $ip): bool + { + $cacheKey = $requestIp.'-'.$ip.'-v6'; + if (null !== $cacheValue = self::getCacheResult($cacheKey)) { + return $cacheValue; + } + + if (!((\extension_loaded('sockets') && \defined('AF_INET6')) || @inet_pton('::1'))) { + throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".'); + } + + // Check to see if we were given a IP4 $requestIp or $ip by mistake + if (!filter_var($requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) { + return self::setCacheResult($cacheKey, false); + } + + if (str_contains($ip, '/')) { + [$address, $netmask] = explode('/', $ip, 2); + + if (!filter_var($address, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) { + return self::setCacheResult($cacheKey, false); + } + + if ('0' === $netmask) { + return (bool) unpack('n*', @inet_pton($address)); + } + + if ($netmask < 1 || $netmask > 128) { + return self::setCacheResult($cacheKey, false); + } + } else { + if (!filter_var($ip, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) { + return self::setCacheResult($cacheKey, false); + } + + $address = $ip; + $netmask = 128; + } + + $bytesAddr = unpack('n*', @inet_pton($address)); + $bytesTest = unpack('n*', @inet_pton($requestIp)); + + if (!$bytesAddr || !$bytesTest) { + return self::setCacheResult($cacheKey, false); + } + + for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; ++$i) { + $left = $netmask - 16 * ($i - 1); + $left = ($left <= 16) ? $left : 16; + $mask = ~(0xFFFF >> $left) & 0xFFFF; + if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) { + return self::setCacheResult($cacheKey, false); + } + } + + return self::setCacheResult($cacheKey, true); + } + + /** + * Anonymizes an IP/IPv6. + * + * Removes the last byte for v4 and the last 8 bytes for v6 IPs + */ + public static function anonymize(string $ip): string + { + $wrappedIPv6 = false; + if (str_starts_with($ip, '[') && str_ends_with($ip, ']')) { + $wrappedIPv6 = true; + $ip = substr($ip, 1, -1); + } + + $packedAddress = inet_pton($ip); + if (4 === \strlen($packedAddress)) { + $mask = '255.255.255.0'; + } elseif ($ip === inet_ntop($packedAddress & inet_pton('::ffff:ffff:ffff'))) { + $mask = '::ffff:ffff:ff00'; + } elseif ($ip === inet_ntop($packedAddress & inet_pton('::ffff:ffff'))) { + $mask = '::ffff:ff00'; + } else { + $mask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; + } + $ip = inet_ntop($packedAddress & inet_pton($mask)); + + if ($wrappedIPv6) { + $ip = '['.$ip.']'; + } + + return $ip; + } + + /** + * Checks if an IPv4 or IPv6 address is contained in the list of private IP subnets. + */ + public static function isPrivateIp(string $requestIp): bool + { + return self::checkIp($requestIp, self::PRIVATE_SUBNETS); + } + + private static function getCacheResult(string $cacheKey): ?bool + { + if (isset(self::$checkedIps[$cacheKey])) { + // Move the item last in cache (LRU) + $value = self::$checkedIps[$cacheKey]; + unset(self::$checkedIps[$cacheKey]); + self::$checkedIps[$cacheKey] = $value; + + return self::$checkedIps[$cacheKey]; + } + + return null; + } + + private static function setCacheResult(string $cacheKey, bool $result): bool + { + if (1000 < \count(self::$checkedIps)) { + // stop memory leak if there are many keys + self::$checkedIps = \array_slice(self::$checkedIps, 500, null, true); + } + + return self::$checkedIps[$cacheKey] = $result; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/JsonResponse.php b/qa-tool/htdocs/vendor/symfony/http-foundation/JsonResponse.php new file mode 100644 index 0000000..4571d22 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/JsonResponse.php @@ -0,0 +1,187 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * Response represents an HTTP response in JSON format. + * + * Note that this class does not force the returned JSON content to be an + * object. It is however recommended that you do return an object as it + * protects yourself against XSSI and JSON-JavaScript Hijacking. + * + * @see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/AJAX_Security_Cheat_Sheet.md#always-return-json-with-an-object-on-the-outside + * + * @author Igor Wiedler + */ +class JsonResponse extends Response +{ + protected mixed $data; + protected ?string $callback = null; + + // Encode <, >, ', &, and " characters in the JSON, making it also safe to be embedded into HTML. + // 15 === JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT + public const DEFAULT_ENCODING_OPTIONS = 15; + + protected int $encodingOptions = self::DEFAULT_ENCODING_OPTIONS; + + /** + * @param bool $json If the data is already a JSON string + */ + public function __construct(mixed $data = null, int $status = 200, array $headers = [], bool $json = false) + { + parent::__construct('', $status, $headers); + + if ($json && !\is_string($data) && !is_numeric($data) && !\is_callable([$data, '__toString'])) { + throw new \TypeError(sprintf('"%s": If $json is set to true, argument $data must be a string or object implementing __toString(), "%s" given.', __METHOD__, get_debug_type($data))); + } + + $data ??= new \ArrayObject(); + + $json ? $this->setJson($data) : $this->setData($data); + } + + /** + * Factory method for chainability. + * + * Example: + * + * return JsonResponse::fromJsonString('{"key": "value"}') + * ->setSharedMaxAge(300); + * + * @param string $data The JSON response string + * @param int $status The response status code (200 "OK" by default) + * @param array $headers An array of response headers + */ + public static function fromJsonString(string $data, int $status = 200, array $headers = []): static + { + return new static($data, $status, $headers, true); + } + + /** + * Sets the JSONP callback. + * + * @param string|null $callback The JSONP callback or null to use none + * + * @return $this + * + * @throws \InvalidArgumentException When the callback name is not valid + */ + public function setCallback(?string $callback): static + { + if (null !== $callback) { + // partially taken from https://geekality.net/2011/08/03/valid-javascript-identifier/ + // partially taken from https://github.com/willdurand/JsonpCallbackValidator + // JsonpCallbackValidator is released under the MIT License. See https://github.com/willdurand/JsonpCallbackValidator/blob/v1.1.0/LICENSE for details. + // (c) William Durand + $pattern = '/^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*(?:\[(?:"(?:\\\.|[^"\\\])*"|\'(?:\\\.|[^\'\\\])*\'|\d+)\])*?$/u'; + $reserved = [ + 'break', 'do', 'instanceof', 'typeof', 'case', 'else', 'new', 'var', 'catch', 'finally', 'return', 'void', 'continue', 'for', 'switch', 'while', + 'debugger', 'function', 'this', 'with', 'default', 'if', 'throw', 'delete', 'in', 'try', 'class', 'enum', 'extends', 'super', 'const', 'export', + 'import', 'implements', 'let', 'private', 'public', 'yield', 'interface', 'package', 'protected', 'static', 'null', 'true', 'false', + ]; + $parts = explode('.', $callback); + foreach ($parts as $part) { + if (!preg_match($pattern, $part) || \in_array($part, $reserved, true)) { + throw new \InvalidArgumentException('The callback name is not valid.'); + } + } + } + + $this->callback = $callback; + + return $this->update(); + } + + /** + * Sets a raw string containing a JSON document to be sent. + * + * @return $this + */ + public function setJson(string $json): static + { + $this->data = $json; + + return $this->update(); + } + + /** + * Sets the data to be sent as JSON. + * + * @return $this + * + * @throws \InvalidArgumentException + */ + public function setData(mixed $data = []): static + { + try { + $data = json_encode($data, $this->encodingOptions); + } catch (\Exception $e) { + if ('Exception' === $e::class && str_starts_with($e->getMessage(), 'Failed calling ')) { + throw $e->getPrevious() ?: $e; + } + throw $e; + } + + if (\JSON_THROW_ON_ERROR & $this->encodingOptions) { + return $this->setJson($data); + } + + if (\JSON_ERROR_NONE !== json_last_error()) { + throw new \InvalidArgumentException(json_last_error_msg()); + } + + return $this->setJson($data); + } + + /** + * Returns options used while encoding data to JSON. + */ + public function getEncodingOptions(): int + { + return $this->encodingOptions; + } + + /** + * Sets options used while encoding data to JSON. + * + * @return $this + */ + public function setEncodingOptions(int $encodingOptions): static + { + $this->encodingOptions = $encodingOptions; + + return $this->setData(json_decode($this->data)); + } + + /** + * Updates the content and headers according to the JSON data and callback. + * + * @return $this + */ + protected function update(): static + { + if (null !== $this->callback) { + // Not using application/javascript for compatibility reasons with older browsers. + $this->headers->set('Content-Type', 'text/javascript'); + + return $this->setContent(sprintf('/**/%s(%s);', $this->callback, $this->data)); + } + + // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback) + // in order to not overwrite a custom definition. + if (!$this->headers->has('Content-Type') || 'text/javascript' === $this->headers->get('Content-Type')) { + $this->headers->set('Content-Type', 'application/json'); + } + + return $this->setContent($this->data); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/LICENSE b/qa-tool/htdocs/vendor/symfony/http-foundation/LICENSE new file mode 100644 index 0000000..0138f8f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2004-present Fabien Potencier + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/ParameterBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/ParameterBag.php new file mode 100644 index 0000000..d60d3bd --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/ParameterBag.php @@ -0,0 +1,241 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\HttpFoundation\Exception\BadRequestException; +use Symfony\Component\HttpFoundation\Exception\UnexpectedValueException; + +/** + * ParameterBag is a container for key/value pairs. + * + * @author Fabien Potencier + * + * @implements \IteratorAggregate + */ +class ParameterBag implements \IteratorAggregate, \Countable +{ + protected array $parameters; + + public function __construct(array $parameters = []) + { + $this->parameters = $parameters; + } + + /** + * Returns the parameters. + * + * @param string|null $key The name of the parameter to return or null to get them all + */ + public function all(?string $key = null): array + { + if (null === $key) { + return $this->parameters; + } + + if (!\is_array($value = $this->parameters[$key] ?? [])) { + throw new BadRequestException(sprintf('Unexpected value for parameter "%s": expecting "array", got "%s".', $key, get_debug_type($value))); + } + + return $value; + } + + /** + * Returns the parameter keys. + */ + public function keys(): array + { + return array_keys($this->parameters); + } + + /** + * Replaces the current parameters by a new set. + */ + public function replace(array $parameters = []): void + { + $this->parameters = $parameters; + } + + /** + * Adds parameters. + */ + public function add(array $parameters = []): void + { + $this->parameters = array_replace($this->parameters, $parameters); + } + + public function get(string $key, mixed $default = null): mixed + { + return \array_key_exists($key, $this->parameters) ? $this->parameters[$key] : $default; + } + + public function set(string $key, mixed $value): void + { + $this->parameters[$key] = $value; + } + + /** + * Returns true if the parameter is defined. + */ + public function has(string $key): bool + { + return \array_key_exists($key, $this->parameters); + } + + /** + * Removes a parameter. + */ + public function remove(string $key): void + { + unset($this->parameters[$key]); + } + + /** + * Returns the alphabetic characters of the parameter value. + */ + public function getAlpha(string $key, string $default = ''): string + { + return preg_replace('/[^[:alpha:]]/', '', $this->getString($key, $default)); + } + + /** + * Returns the alphabetic characters and digits of the parameter value. + */ + public function getAlnum(string $key, string $default = ''): string + { + return preg_replace('/[^[:alnum:]]/', '', $this->getString($key, $default)); + } + + /** + * Returns the digits of the parameter value. + */ + public function getDigits(string $key, string $default = ''): string + { + return preg_replace('/[^[:digit:]]/', '', $this->getString($key, $default)); + } + + /** + * Returns the parameter as string. + */ + public function getString(string $key, string $default = ''): string + { + $value = $this->get($key, $default); + if (!\is_scalar($value) && !$value instanceof \Stringable) { + throw new UnexpectedValueException(sprintf('Parameter value "%s" cannot be converted to "string".', $key)); + } + + return (string) $value; + } + + /** + * Returns the parameter value converted to integer. + */ + public function getInt(string $key, int $default = 0): int + { + return $this->filter($key, $default, \FILTER_VALIDATE_INT, ['flags' => \FILTER_REQUIRE_SCALAR]); + } + + /** + * Returns the parameter value converted to boolean. + */ + public function getBoolean(string $key, bool $default = false): bool + { + return $this->filter($key, $default, \FILTER_VALIDATE_BOOL, ['flags' => \FILTER_REQUIRE_SCALAR]); + } + + /** + * Returns the parameter value converted to an enum. + * + * @template T of \BackedEnum + * + * @param class-string $class + * @param ?T $default + * + * @return ?T + * + * @psalm-return ($default is null ? T|null : T) + */ + public function getEnum(string $key, string $class, ?\BackedEnum $default = null): ?\BackedEnum + { + $value = $this->get($key); + + if (null === $value) { + return $default; + } + + try { + return $class::from($value); + } catch (\ValueError|\TypeError $e) { + throw new UnexpectedValueException(sprintf('Parameter "%s" cannot be converted to enum: %s.', $key, $e->getMessage()), $e->getCode(), $e); + } + } + + /** + * Filter key. + * + * @param int $filter FILTER_* constant + * @param int|array{flags?: int, options?: array} $options Flags from FILTER_* constants + * + * @see https://php.net/filter-var + */ + public function filter(string $key, mixed $default = null, int $filter = \FILTER_DEFAULT, mixed $options = []): mixed + { + $value = $this->get($key, $default); + + // Always turn $options into an array - this allows filter_var option shortcuts. + if (!\is_array($options) && $options) { + $options = ['flags' => $options]; + } + + // Add a convenience check for arrays. + if (\is_array($value) && !isset($options['flags'])) { + $options['flags'] = \FILTER_REQUIRE_ARRAY; + } + + if (\is_object($value) && !$value instanceof \Stringable) { + throw new UnexpectedValueException(sprintf('Parameter value "%s" cannot be filtered.', $key)); + } + + if ((\FILTER_CALLBACK & $filter) && !(($options['options'] ?? null) instanceof \Closure)) { + throw new \InvalidArgumentException(sprintf('A Closure must be passed to "%s()" when FILTER_CALLBACK is used, "%s" given.', __METHOD__, get_debug_type($options['options'] ?? null))); + } + + $options['flags'] ??= 0; + $nullOnFailure = $options['flags'] & \FILTER_NULL_ON_FAILURE; + $options['flags'] |= \FILTER_NULL_ON_FAILURE; + + $value = filter_var($value, $filter, $options); + + if (null !== $value || $nullOnFailure) { + return $value; + } + + throw new \UnexpectedValueException(sprintf('Parameter value "%s" is invalid and flag "FILTER_NULL_ON_FAILURE" was not set.', $key)); + } + + /** + * Returns an iterator for parameters. + * + * @return \ArrayIterator + */ + public function getIterator(): \ArrayIterator + { + return new \ArrayIterator($this->parameters); + } + + /** + * Returns the number of parameters. + */ + public function count(): int + { + return \count($this->parameters); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/README.md b/qa-tool/htdocs/vendor/symfony/http-foundation/README.md new file mode 100644 index 0000000..5cf9007 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/README.md @@ -0,0 +1,14 @@ +HttpFoundation Component +======================== + +The HttpFoundation component defines an object-oriented layer for the HTTP +specification. + +Resources +--------- + + * [Documentation](https://symfony.com/doc/current/components/http_foundation.html) + * [Contributing](https://symfony.com/doc/current/contributing/index.html) + * [Report issues](https://github.com/symfony/symfony/issues) and + [send Pull Requests](https://github.com/symfony/symfony/pulls) + in the [main Symfony repository](https://github.com/symfony/symfony) diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/AbstractRequestRateLimiter.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/AbstractRequestRateLimiter.php new file mode 100644 index 0000000..550090f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/AbstractRequestRateLimiter.php @@ -0,0 +1,81 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RateLimiter; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\RateLimiter\LimiterInterface; +use Symfony\Component\RateLimiter\Policy\NoLimiter; +use Symfony\Component\RateLimiter\RateLimit; + +/** + * An implementation of PeekableRequestRateLimiterInterface that + * fits most use-cases. + * + * @author Wouter de Jong + */ +abstract class AbstractRequestRateLimiter implements PeekableRequestRateLimiterInterface +{ + public function consume(Request $request): RateLimit + { + return $this->doConsume($request, 1); + } + + public function peek(Request $request): RateLimit + { + return $this->doConsume($request, 0); + } + + private function doConsume(Request $request, int $tokens): RateLimit + { + $limiters = $this->getLimiters($request); + if (0 === \count($limiters)) { + $limiters = [new NoLimiter()]; + } + + $minimalRateLimit = null; + foreach ($limiters as $limiter) { + $rateLimit = $limiter->consume($tokens); + + $minimalRateLimit = $minimalRateLimit ? self::getMinimalRateLimit($minimalRateLimit, $rateLimit) : $rateLimit; + } + + return $minimalRateLimit; + } + + public function reset(Request $request): void + { + foreach ($this->getLimiters($request) as $limiter) { + $limiter->reset(); + } + } + + /** + * @return LimiterInterface[] a set of limiters using keys extracted from the request + */ + abstract protected function getLimiters(Request $request): array; + + private static function getMinimalRateLimit(RateLimit $first, RateLimit $second): RateLimit + { + if ($first->isAccepted() !== $second->isAccepted()) { + return $first->isAccepted() ? $second : $first; + } + + $firstRemainingTokens = $first->getRemainingTokens(); + $secondRemainingTokens = $second->getRemainingTokens(); + + if ($firstRemainingTokens === $secondRemainingTokens) { + return $first->getRetryAfter() < $second->getRetryAfter() ? $second : $first; + } + + return $firstRemainingTokens > $secondRemainingTokens ? $second : $first; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/PeekableRequestRateLimiterInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/PeekableRequestRateLimiterInterface.php new file mode 100644 index 0000000..63471af --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/PeekableRequestRateLimiterInterface.php @@ -0,0 +1,35 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RateLimiter; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\RateLimiter\RateLimit; + +/** + * A request limiter which allows peeking ahead. + * + * This is valuable to reduce the cache backend load in scenarios + * like a login when we only want to consume a token on login failure, + * and where the majority of requests will be successful and thus not + * need to consume a token. + * + * This way we can peek ahead before allowing the request through, and + * only consume if the request failed (1 backend op). This is compared + * to always consuming and then resetting the limit if the request + * is successful (2 backend ops). + * + * @author Jordi Boggiano + */ +interface PeekableRequestRateLimiterInterface extends RequestRateLimiterInterface +{ + public function peek(Request $request): RateLimit; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/RequestRateLimiterInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/RequestRateLimiterInterface.php new file mode 100644 index 0000000..4c87a40 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RateLimiter/RequestRateLimiterInterface.php @@ -0,0 +1,30 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RateLimiter; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\RateLimiter\RateLimit; + +/** + * A special type of limiter that deals with requests. + * + * This allows to limit on different types of information + * from the requests. + * + * @author Wouter de Jong + */ +interface RequestRateLimiterInterface +{ + public function consume(Request $request): RateLimit; + + public function reset(Request $request): void; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RedirectResponse.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RedirectResponse.php new file mode 100644 index 0000000..3c2e4b6 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RedirectResponse.php @@ -0,0 +1,92 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * RedirectResponse represents an HTTP response doing a redirect. + * + * @author Fabien Potencier + */ +class RedirectResponse extends Response +{ + protected string $targetUrl; + + /** + * Creates a redirect response so that it conforms to the rules defined for a redirect status code. + * + * @param string $url The URL to redirect to. The URL should be a full URL, with schema etc., + * but practically every browser redirects on paths only as well + * @param int $status The HTTP status code (302 "Found" by default) + * @param array $headers The headers (Location is always set to the given URL) + * + * @throws \InvalidArgumentException + * + * @see https://tools.ietf.org/html/rfc2616#section-10.3 + */ + public function __construct(string $url, int $status = 302, array $headers = []) + { + parent::__construct('', $status, $headers); + + $this->setTargetUrl($url); + + if (!$this->isRedirect()) { + throw new \InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $status)); + } + + if (301 == $status && !\array_key_exists('cache-control', array_change_key_case($headers, \CASE_LOWER))) { + $this->headers->remove('cache-control'); + } + } + + /** + * Returns the target URL. + */ + public function getTargetUrl(): string + { + return $this->targetUrl; + } + + /** + * Sets the redirect target of this response. + * + * @return $this + * + * @throws \InvalidArgumentException + */ + public function setTargetUrl(string $url): static + { + if ('' === $url) { + throw new \InvalidArgumentException('Cannot redirect to an empty URL.'); + } + + $this->targetUrl = $url; + + $this->setContent( + sprintf(' + + + + + + Redirecting to %1$s + + + Redirecting to %1$s. + +', htmlspecialchars($url, \ENT_QUOTES, 'UTF-8'))); + + $this->headers->set('Location', $url); + $this->headers->set('Content-Type', 'text/html; charset=utf-8'); + + return $this; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Request.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Request.php new file mode 100644 index 0000000..df33247 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Request.php @@ -0,0 +1,2092 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException; +use Symfony\Component\HttpFoundation\Exception\JsonException; +use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException; +use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException; +use Symfony\Component\HttpFoundation\Session\SessionInterface; + +// Help opcache.preload discover always-needed symbols +class_exists(AcceptHeader::class); +class_exists(FileBag::class); +class_exists(HeaderBag::class); +class_exists(HeaderUtils::class); +class_exists(InputBag::class); +class_exists(ParameterBag::class); +class_exists(ServerBag::class); + +/** + * Request represents an HTTP request. + * + * The methods dealing with URL accept / return a raw path (% encoded): + * * getBasePath + * * getBaseUrl + * * getPathInfo + * * getRequestUri + * * getUri + * * getUriForPath + * + * @author Fabien Potencier + */ +class Request +{ + public const HEADER_FORWARDED = 0b000001; // When using RFC 7239 + public const HEADER_X_FORWARDED_FOR = 0b000010; + public const HEADER_X_FORWARDED_HOST = 0b000100; + public const HEADER_X_FORWARDED_PROTO = 0b001000; + public const HEADER_X_FORWARDED_PORT = 0b010000; + public const HEADER_X_FORWARDED_PREFIX = 0b100000; + + public const HEADER_X_FORWARDED_AWS_ELB = 0b0011010; // AWS ELB doesn't send X-Forwarded-Host + public const HEADER_X_FORWARDED_TRAEFIK = 0b0111110; // All "X-Forwarded-*" headers sent by Traefik reverse proxy + + public const METHOD_HEAD = 'HEAD'; + public const METHOD_GET = 'GET'; + public const METHOD_POST = 'POST'; + public const METHOD_PUT = 'PUT'; + public const METHOD_PATCH = 'PATCH'; + public const METHOD_DELETE = 'DELETE'; + public const METHOD_PURGE = 'PURGE'; + public const METHOD_OPTIONS = 'OPTIONS'; + public const METHOD_TRACE = 'TRACE'; + public const METHOD_CONNECT = 'CONNECT'; + + /** + * @var string[] + */ + protected static array $trustedProxies = []; + + /** + * @var string[] + */ + protected static array $trustedHostPatterns = []; + + /** + * @var string[] + */ + protected static array $trustedHosts = []; + + protected static bool $httpMethodParameterOverride = false; + + /** + * Custom parameters. + */ + public ParameterBag $attributes; + + /** + * Request body parameters ($_POST). + * + * @see getPayload() for portability between content types + */ + public InputBag $request; + + /** + * Query string parameters ($_GET). + */ + public InputBag $query; + + /** + * Server and execution environment parameters ($_SERVER). + */ + public ServerBag $server; + + /** + * Uploaded files ($_FILES). + */ + public FileBag $files; + + /** + * Cookies ($_COOKIE). + */ + public InputBag $cookies; + + /** + * Headers (taken from the $_SERVER). + */ + public HeaderBag $headers; + + /** + * @var string|resource|false|null + */ + protected $content; + + /** + * @var string[]|null + */ + protected ?array $languages = null; + + /** + * @var string[]|null + */ + protected ?array $charsets = null; + + /** + * @var string[]|null + */ + protected ?array $encodings = null; + + /** + * @var string[]|null + */ + protected ?array $acceptableContentTypes = null; + + protected ?string $pathInfo = null; + protected ?string $requestUri = null; + protected ?string $baseUrl = null; + protected ?string $basePath = null; + protected ?string $method = null; + protected ?string $format = null; + protected SessionInterface|\Closure|null $session = null; + protected ?string $locale = null; + protected string $defaultLocale = 'en'; + + /** + * @var array|null + */ + protected static ?array $formats = null; + + protected static ?\Closure $requestFactory = null; + + private ?string $preferredFormat = null; + + private bool $isHostValid = true; + private bool $isForwardedValid = true; + private bool $isSafeContentPreferred; + + private array $trustedValuesCache = []; + + private static int $trustedHeaderSet = -1; + + private const FORWARDED_PARAMS = [ + self::HEADER_X_FORWARDED_FOR => 'for', + self::HEADER_X_FORWARDED_HOST => 'host', + self::HEADER_X_FORWARDED_PROTO => 'proto', + self::HEADER_X_FORWARDED_PORT => 'host', + ]; + + /** + * Names for headers that can be trusted when + * using trusted proxies. + * + * The FORWARDED header is the standard as of rfc7239. + * + * The other headers are non-standard, but widely used + * by popular reverse proxies (like Apache mod_proxy or Amazon EC2). + */ + private const TRUSTED_HEADERS = [ + self::HEADER_FORWARDED => 'FORWARDED', + self::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR', + self::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST', + self::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO', + self::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT', + self::HEADER_X_FORWARDED_PREFIX => 'X_FORWARDED_PREFIX', + ]; + + /** @var bool */ + private $isIisRewrite = false; + + /** + * @param array $query The GET parameters + * @param array $request The POST parameters + * @param array $attributes The request attributes (parameters parsed from the PATH_INFO, ...) + * @param array $cookies The COOKIE parameters + * @param array $files The FILES parameters + * @param array $server The SERVER parameters + * @param string|resource|null $content The raw body data + */ + public function __construct(array $query = [], array $request = [], array $attributes = [], array $cookies = [], array $files = [], array $server = [], $content = null) + { + $this->initialize($query, $request, $attributes, $cookies, $files, $server, $content); + } + + /** + * Sets the parameters for this request. + * + * This method also re-initializes all properties. + * + * @param array $query The GET parameters + * @param array $request The POST parameters + * @param array $attributes The request attributes (parameters parsed from the PATH_INFO, ...) + * @param array $cookies The COOKIE parameters + * @param array $files The FILES parameters + * @param array $server The SERVER parameters + * @param string|resource|null $content The raw body data + */ + public function initialize(array $query = [], array $request = [], array $attributes = [], array $cookies = [], array $files = [], array $server = [], $content = null): void + { + $this->request = new InputBag($request); + $this->query = new InputBag($query); + $this->attributes = new ParameterBag($attributes); + $this->cookies = new InputBag($cookies); + $this->files = new FileBag($files); + $this->server = new ServerBag($server); + $this->headers = new HeaderBag($this->server->getHeaders()); + + $this->content = $content; + $this->languages = null; + $this->charsets = null; + $this->encodings = null; + $this->acceptableContentTypes = null; + $this->pathInfo = null; + $this->requestUri = null; + $this->baseUrl = null; + $this->basePath = null; + $this->method = null; + $this->format = null; + } + + /** + * Creates a new request with values from PHP's super globals. + */ + public static function createFromGlobals(): static + { + $request = self::createRequestFromFactory($_GET, $_POST, [], $_COOKIE, $_FILES, $_SERVER); + + if (str_starts_with($request->headers->get('CONTENT_TYPE', ''), 'application/x-www-form-urlencoded') + && \in_array(strtoupper($request->server->get('REQUEST_METHOD', 'GET')), ['PUT', 'DELETE', 'PATCH'], true) + ) { + parse_str($request->getContent(), $data); + $request->request = new InputBag($data); + } + + return $request; + } + + /** + * Creates a Request based on a given URI and configuration. + * + * The information contained in the URI always take precedence + * over the other information (server and parameters). + * + * @param string $uri The URI + * @param string $method The HTTP method + * @param array $parameters The query (GET) or request (POST) parameters + * @param array $cookies The request cookies ($_COOKIE) + * @param array $files The request files ($_FILES) + * @param array $server The server parameters ($_SERVER) + * @param string|resource|null $content The raw body data + */ + public static function create(string $uri, string $method = 'GET', array $parameters = [], array $cookies = [], array $files = [], array $server = [], $content = null): static + { + $server = array_replace([ + 'SERVER_NAME' => 'localhost', + 'SERVER_PORT' => 80, + 'HTTP_HOST' => 'localhost', + 'HTTP_USER_AGENT' => 'Symfony', + 'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', + 'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5', + 'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7', + 'REMOTE_ADDR' => '127.0.0.1', + 'SCRIPT_NAME' => '', + 'SCRIPT_FILENAME' => '', + 'SERVER_PROTOCOL' => 'HTTP/1.1', + 'REQUEST_TIME' => time(), + 'REQUEST_TIME_FLOAT' => microtime(true), + ], $server); + + $server['PATH_INFO'] = ''; + $server['REQUEST_METHOD'] = strtoupper($method); + + $components = parse_url($uri); + if (false === $components) { + throw new \InvalidArgumentException(sprintf('Malformed URI "%s".', $uri)); + } + if (isset($components['host'])) { + $server['SERVER_NAME'] = $components['host']; + $server['HTTP_HOST'] = $components['host']; + } + + if (isset($components['scheme'])) { + if ('https' === $components['scheme']) { + $server['HTTPS'] = 'on'; + $server['SERVER_PORT'] = 443; + } else { + unset($server['HTTPS']); + $server['SERVER_PORT'] = 80; + } + } + + if (isset($components['port'])) { + $server['SERVER_PORT'] = $components['port']; + $server['HTTP_HOST'] .= ':'.$components['port']; + } + + if (isset($components['user'])) { + $server['PHP_AUTH_USER'] = $components['user']; + } + + if (isset($components['pass'])) { + $server['PHP_AUTH_PW'] = $components['pass']; + } + + if (!isset($components['path'])) { + $components['path'] = '/'; + } + + switch (strtoupper($method)) { + case 'POST': + case 'PUT': + case 'DELETE': + if (!isset($server['CONTENT_TYPE'])) { + $server['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'; + } + // no break + case 'PATCH': + $request = $parameters; + $query = []; + break; + default: + $request = []; + $query = $parameters; + break; + } + + $queryString = ''; + if (isset($components['query'])) { + parse_str(html_entity_decode($components['query']), $qs); + + if ($query) { + $query = array_replace($qs, $query); + $queryString = http_build_query($query, '', '&'); + } else { + $query = $qs; + $queryString = $components['query']; + } + } elseif ($query) { + $queryString = http_build_query($query, '', '&'); + } + + $server['REQUEST_URI'] = $components['path'].('' !== $queryString ? '?'.$queryString : ''); + $server['QUERY_STRING'] = $queryString; + + return self::createRequestFromFactory($query, $request, [], $cookies, $files, $server, $content); + } + + /** + * Sets a callable able to create a Request instance. + * + * This is mainly useful when you need to override the Request class + * to keep BC with an existing system. It should not be used for any + * other purpose. + */ + public static function setFactory(?callable $callable): void + { + self::$requestFactory = null === $callable ? null : $callable(...); + } + + /** + * Clones a request and overrides some of its parameters. + * + * @param array|null $query The GET parameters + * @param array|null $request The POST parameters + * @param array|null $attributes The request attributes (parameters parsed from the PATH_INFO, ...) + * @param array|null $cookies The COOKIE parameters + * @param array|null $files The FILES parameters + * @param array|null $server The SERVER parameters + */ + public function duplicate(?array $query = null, ?array $request = null, ?array $attributes = null, ?array $cookies = null, ?array $files = null, ?array $server = null): static + { + $dup = clone $this; + if (null !== $query) { + $dup->query = new InputBag($query); + } + if (null !== $request) { + $dup->request = new InputBag($request); + } + if (null !== $attributes) { + $dup->attributes = new ParameterBag($attributes); + } + if (null !== $cookies) { + $dup->cookies = new InputBag($cookies); + } + if (null !== $files) { + $dup->files = new FileBag($files); + } + if (null !== $server) { + $dup->server = new ServerBag($server); + $dup->headers = new HeaderBag($dup->server->getHeaders()); + } + $dup->languages = null; + $dup->charsets = null; + $dup->encodings = null; + $dup->acceptableContentTypes = null; + $dup->pathInfo = null; + $dup->requestUri = null; + $dup->baseUrl = null; + $dup->basePath = null; + $dup->method = null; + $dup->format = null; + + if (!$dup->get('_format') && $this->get('_format')) { + $dup->attributes->set('_format', $this->get('_format')); + } + + if (!$dup->getRequestFormat(null)) { + $dup->setRequestFormat($this->getRequestFormat(null)); + } + + return $dup; + } + + /** + * Clones the current request. + * + * Note that the session is not cloned as duplicated requests + * are most of the time sub-requests of the main one. + */ + public function __clone() + { + $this->query = clone $this->query; + $this->request = clone $this->request; + $this->attributes = clone $this->attributes; + $this->cookies = clone $this->cookies; + $this->files = clone $this->files; + $this->server = clone $this->server; + $this->headers = clone $this->headers; + } + + public function __toString(): string + { + $content = $this->getContent(); + + $cookieHeader = ''; + $cookies = []; + + foreach ($this->cookies as $k => $v) { + $cookies[] = \is_array($v) ? http_build_query([$k => $v], '', '; ', \PHP_QUERY_RFC3986) : "$k=$v"; + } + + if ($cookies) { + $cookieHeader = 'Cookie: '.implode('; ', $cookies)."\r\n"; + } + + return + sprintf('%s %s %s', $this->getMethod(), $this->getRequestUri(), $this->server->get('SERVER_PROTOCOL'))."\r\n". + $this->headers. + $cookieHeader."\r\n". + $content; + } + + /** + * Overrides the PHP global variables according to this request instance. + * + * It overrides $_GET, $_POST, $_REQUEST, $_SERVER, $_COOKIE. + * $_FILES is never overridden, see rfc1867 + */ + public function overrideGlobals(): void + { + $this->server->set('QUERY_STRING', static::normalizeQueryString(http_build_query($this->query->all(), '', '&'))); + + $_GET = $this->query->all(); + $_POST = $this->request->all(); + $_SERVER = $this->server->all(); + $_COOKIE = $this->cookies->all(); + + foreach ($this->headers->all() as $key => $value) { + $key = strtoupper(str_replace('-', '_', $key)); + if (\in_array($key, ['CONTENT_TYPE', 'CONTENT_LENGTH', 'CONTENT_MD5'], true)) { + $_SERVER[$key] = implode(', ', $value); + } else { + $_SERVER['HTTP_'.$key] = implode(', ', $value); + } + } + + $request = ['g' => $_GET, 'p' => $_POST, 'c' => $_COOKIE]; + + $requestOrder = \ini_get('request_order') ?: \ini_get('variables_order'); + $requestOrder = preg_replace('#[^cgp]#', '', strtolower($requestOrder)) ?: 'gp'; + + $_REQUEST = [[]]; + + foreach (str_split($requestOrder) as $order) { + $_REQUEST[] = $request[$order]; + } + + $_REQUEST = array_merge(...$_REQUEST); + } + + /** + * Sets a list of trusted proxies. + * + * You should only list the reverse proxies that you manage directly. + * + * @param array $proxies A list of trusted proxies, the string 'REMOTE_ADDR' will be replaced with $_SERVER['REMOTE_ADDR'] + * @param int $trustedHeaderSet A bit field of Request::HEADER_*, to set which headers to trust from your proxies + */ + public static function setTrustedProxies(array $proxies, int $trustedHeaderSet): void + { + self::$trustedProxies = array_reduce($proxies, function ($proxies, $proxy) { + if ('REMOTE_ADDR' !== $proxy) { + $proxies[] = $proxy; + } elseif (isset($_SERVER['REMOTE_ADDR'])) { + $proxies[] = $_SERVER['REMOTE_ADDR']; + } + + return $proxies; + }, []); + self::$trustedHeaderSet = $trustedHeaderSet; + } + + /** + * Gets the list of trusted proxies. + * + * @return string[] + */ + public static function getTrustedProxies(): array + { + return self::$trustedProxies; + } + + /** + * Gets the set of trusted headers from trusted proxies. + * + * @return int A bit field of Request::HEADER_* that defines which headers are trusted from your proxies + */ + public static function getTrustedHeaderSet(): int + { + return self::$trustedHeaderSet; + } + + /** + * Sets a list of trusted host patterns. + * + * You should only list the hosts you manage using regexs. + * + * @param array $hostPatterns A list of trusted host patterns + */ + public static function setTrustedHosts(array $hostPatterns): void + { + self::$trustedHostPatterns = array_map(fn ($hostPattern) => sprintf('{%s}i', $hostPattern), $hostPatterns); + // we need to reset trusted hosts on trusted host patterns change + self::$trustedHosts = []; + } + + /** + * Gets the list of trusted host patterns. + * + * @return string[] + */ + public static function getTrustedHosts(): array + { + return self::$trustedHostPatterns; + } + + /** + * Normalizes a query string. + * + * It builds a normalized query string, where keys/value pairs are alphabetized, + * have consistent escaping and unneeded delimiters are removed. + */ + public static function normalizeQueryString(?string $qs): string + { + if ('' === ($qs ?? '')) { + return ''; + } + + $qs = HeaderUtils::parseQuery($qs); + ksort($qs); + + return http_build_query($qs, '', '&', \PHP_QUERY_RFC3986); + } + + /** + * Enables support for the _method request parameter to determine the intended HTTP method. + * + * Be warned that enabling this feature might lead to CSRF issues in your code. + * Check that you are using CSRF tokens when required. + * If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered + * and used to send a "PUT" or "DELETE" request via the _method request parameter. + * If these methods are not protected against CSRF, this presents a possible vulnerability. + * + * The HTTP method can only be overridden when the real HTTP method is POST. + */ + public static function enableHttpMethodParameterOverride(): void + { + self::$httpMethodParameterOverride = true; + } + + /** + * Checks whether support for the _method request parameter is enabled. + */ + public static function getHttpMethodParameterOverride(): bool + { + return self::$httpMethodParameterOverride; + } + + /** + * Gets a "parameter" value from any bag. + * + * This method is mainly useful for libraries that want to provide some flexibility. If you don't need the + * flexibility in controllers, it is better to explicitly get request parameters from the appropriate + * public property instead (attributes, query, request). + * + * Order of precedence: PATH (routing placeholders or custom attributes), GET, POST + * + * @internal use explicit input sources instead + */ + public function get(string $key, mixed $default = null): mixed + { + if ($this !== $result = $this->attributes->get($key, $this)) { + return $result; + } + + if ($this->query->has($key)) { + return $this->query->all()[$key]; + } + + if ($this->request->has($key)) { + return $this->request->all()[$key]; + } + + return $default; + } + + /** + * Gets the Session. + * + * @throws SessionNotFoundException When session is not set properly + */ + public function getSession(): SessionInterface + { + $session = $this->session; + if (!$session instanceof SessionInterface && null !== $session) { + $this->setSession($session = $session()); + } + + if (null === $session) { + throw new SessionNotFoundException('Session has not been set.'); + } + + return $session; + } + + /** + * Whether the request contains a Session which was started in one of the + * previous requests. + */ + public function hasPreviousSession(): bool + { + // the check for $this->session avoids malicious users trying to fake a session cookie with proper name + return $this->hasSession() && $this->cookies->has($this->getSession()->getName()); + } + + /** + * Whether the request contains a Session object. + * + * This method does not give any information about the state of the session object, + * like whether the session is started or not. It is just a way to check if this Request + * is associated with a Session instance. + * + * @param bool $skipIfUninitialized When true, ignores factories injected by `setSessionFactory` + */ + public function hasSession(bool $skipIfUninitialized = false): bool + { + return null !== $this->session && (!$skipIfUninitialized || $this->session instanceof SessionInterface); + } + + public function setSession(SessionInterface $session): void + { + $this->session = $session; + } + + /** + * @internal + * + * @param callable(): SessionInterface $factory + */ + public function setSessionFactory(callable $factory): void + { + $this->session = $factory(...); + } + + /** + * Returns the client IP addresses. + * + * In the returned array the most trusted IP address is first, and the + * least trusted one last. The "real" client IP address is the last one, + * but this is also the least trusted one. Trusted proxies are stripped. + * + * Use this method carefully; you should use getClientIp() instead. + * + * @see getClientIp() + */ + public function getClientIps(): array + { + $ip = $this->server->get('REMOTE_ADDR'); + + if (!$this->isFromTrustedProxy()) { + return [$ip]; + } + + return $this->getTrustedValues(self::HEADER_X_FORWARDED_FOR, $ip) ?: [$ip]; + } + + /** + * Returns the client IP address. + * + * This method can read the client IP address from the "X-Forwarded-For" header + * when trusted proxies were set via "setTrustedProxies()". The "X-Forwarded-For" + * header value is a comma+space separated list of IP addresses, the left-most + * being the original client, and each successive proxy that passed the request + * adding the IP address where it received the request from. + * + * If your reverse proxy uses a different header name than "X-Forwarded-For", + * ("Client-Ip" for instance), configure it via the $trustedHeaderSet + * argument of the Request::setTrustedProxies() method instead. + * + * @see getClientIps() + * @see https://wikipedia.org/wiki/X-Forwarded-For + */ + public function getClientIp(): ?string + { + $ipAddresses = $this->getClientIps(); + + return $ipAddresses[0]; + } + + /** + * Returns current script name. + */ + public function getScriptName(): string + { + return $this->server->get('SCRIPT_NAME', $this->server->get('ORIG_SCRIPT_NAME', '')); + } + + /** + * Returns the path being requested relative to the executed script. + * + * The path info always starts with a /. + * + * Suppose this request is instantiated from /mysite on localhost: + * + * * http://localhost/mysite returns an empty string + * * http://localhost/mysite/about returns '/about' + * * http://localhost/mysite/enco%20ded returns '/enco%20ded' + * * http://localhost/mysite/about?var=1 returns '/about' + * + * @return string The raw path (i.e. not urldecoded) + */ + public function getPathInfo(): string + { + return $this->pathInfo ??= $this->preparePathInfo(); + } + + /** + * Returns the root path from which this request is executed. + * + * Suppose that an index.php file instantiates this request object: + * + * * http://localhost/index.php returns an empty string + * * http://localhost/index.php/page returns an empty string + * * http://localhost/web/index.php returns '/web' + * * http://localhost/we%20b/index.php returns '/we%20b' + * + * @return string The raw path (i.e. not urldecoded) + */ + public function getBasePath(): string + { + return $this->basePath ??= $this->prepareBasePath(); + } + + /** + * Returns the root URL from which this request is executed. + * + * The base URL never ends with a /. + * + * This is similar to getBasePath(), except that it also includes the + * script filename (e.g. index.php) if one exists. + * + * @return string The raw URL (i.e. not urldecoded) + */ + public function getBaseUrl(): string + { + $trustedPrefix = ''; + + // the proxy prefix must be prepended to any prefix being needed at the webserver level + if ($this->isFromTrustedProxy() && $trustedPrefixValues = $this->getTrustedValues(self::HEADER_X_FORWARDED_PREFIX)) { + $trustedPrefix = rtrim($trustedPrefixValues[0], '/'); + } + + return $trustedPrefix.$this->getBaseUrlReal(); + } + + /** + * Returns the real base URL received by the webserver from which this request is executed. + * The URL does not include trusted reverse proxy prefix. + * + * @return string The raw URL (i.e. not urldecoded) + */ + private function getBaseUrlReal(): string + { + return $this->baseUrl ??= $this->prepareBaseUrl(); + } + + /** + * Gets the request's scheme. + */ + public function getScheme(): string + { + return $this->isSecure() ? 'https' : 'http'; + } + + /** + * Returns the port on which the request is made. + * + * This method can read the client port from the "X-Forwarded-Port" header + * when trusted proxies were set via "setTrustedProxies()". + * + * The "X-Forwarded-Port" header must contain the client port. + * + * @return int|string|null Can be a string if fetched from the server bag + */ + public function getPort(): int|string|null + { + if ($this->isFromTrustedProxy() && $host = $this->getTrustedValues(self::HEADER_X_FORWARDED_PORT)) { + $host = $host[0]; + } elseif ($this->isFromTrustedProxy() && $host = $this->getTrustedValues(self::HEADER_X_FORWARDED_HOST)) { + $host = $host[0]; + } elseif (!$host = $this->headers->get('HOST')) { + return $this->server->get('SERVER_PORT'); + } + + if ('[' === $host[0]) { + $pos = strpos($host, ':', strrpos($host, ']')); + } else { + $pos = strrpos($host, ':'); + } + + if (false !== $pos && $port = substr($host, $pos + 1)) { + return (int) $port; + } + + return 'https' === $this->getScheme() ? 443 : 80; + } + + /** + * Returns the user. + */ + public function getUser(): ?string + { + return $this->headers->get('PHP_AUTH_USER'); + } + + /** + * Returns the password. + */ + public function getPassword(): ?string + { + return $this->headers->get('PHP_AUTH_PW'); + } + + /** + * Gets the user info. + * + * @return string|null A user name if any and, optionally, scheme-specific information about how to gain authorization to access the server + */ + public function getUserInfo(): ?string + { + $userinfo = $this->getUser(); + + $pass = $this->getPassword(); + if ('' != $pass) { + $userinfo .= ":$pass"; + } + + return $userinfo; + } + + /** + * Returns the HTTP host being requested. + * + * The port name will be appended to the host if it's non-standard. + */ + public function getHttpHost(): string + { + $scheme = $this->getScheme(); + $port = $this->getPort(); + + if (('http' === $scheme && 80 == $port) || ('https' === $scheme && 443 == $port)) { + return $this->getHost(); + } + + return $this->getHost().':'.$port; + } + + /** + * Returns the requested URI (path and query string). + * + * @return string The raw URI (i.e. not URI decoded) + */ + public function getRequestUri(): string + { + return $this->requestUri ??= $this->prepareRequestUri(); + } + + /** + * Gets the scheme and HTTP host. + * + * If the URL was called with basic authentication, the user + * and the password are not added to the generated string. + */ + public function getSchemeAndHttpHost(): string + { + return $this->getScheme().'://'.$this->getHttpHost(); + } + + /** + * Generates a normalized URI (URL) for the Request. + * + * @see getQueryString() + */ + public function getUri(): string + { + if (null !== $qs = $this->getQueryString()) { + $qs = '?'.$qs; + } + + return $this->getSchemeAndHttpHost().$this->getBaseUrl().$this->getPathInfo().$qs; + } + + /** + * Generates a normalized URI for the given path. + * + * @param string $path A path to use instead of the current one + */ + public function getUriForPath(string $path): string + { + return $this->getSchemeAndHttpHost().$this->getBaseUrl().$path; + } + + /** + * Returns the path as relative reference from the current Request path. + * + * Only the URIs path component (no schema, host etc.) is relevant and must be given. + * Both paths must be absolute and not contain relative parts. + * Relative URLs from one resource to another are useful when generating self-contained downloadable document archives. + * Furthermore, they can be used to reduce the link size in documents. + * + * Example target paths, given a base path of "/a/b/c/d": + * - "/a/b/c/d" -> "" + * - "/a/b/c/" -> "./" + * - "/a/b/" -> "../" + * - "/a/b/c/other" -> "other" + * - "/a/x/y" -> "../../x/y" + */ + public function getRelativeUriForPath(string $path): string + { + // be sure that we are dealing with an absolute path + if (!isset($path[0]) || '/' !== $path[0]) { + return $path; + } + + if ($path === $basePath = $this->getPathInfo()) { + return ''; + } + + $sourceDirs = explode('/', isset($basePath[0]) && '/' === $basePath[0] ? substr($basePath, 1) : $basePath); + $targetDirs = explode('/', substr($path, 1)); + array_pop($sourceDirs); + $targetFile = array_pop($targetDirs); + + foreach ($sourceDirs as $i => $dir) { + if (isset($targetDirs[$i]) && $dir === $targetDirs[$i]) { + unset($sourceDirs[$i], $targetDirs[$i]); + } else { + break; + } + } + + $targetDirs[] = $targetFile; + $path = str_repeat('../', \count($sourceDirs)).implode('/', $targetDirs); + + // A reference to the same base directory or an empty subdirectory must be prefixed with "./". + // This also applies to a segment with a colon character (e.g., "file:colon") that cannot be used + // as the first segment of a relative-path reference, as it would be mistaken for a scheme name + // (see https://tools.ietf.org/html/rfc3986#section-4.2). + return !isset($path[0]) || '/' === $path[0] + || false !== ($colonPos = strpos($path, ':')) && ($colonPos < ($slashPos = strpos($path, '/')) || false === $slashPos) + ? "./$path" : $path; + } + + /** + * Generates the normalized query string for the Request. + * + * It builds a normalized query string, where keys/value pairs are alphabetized + * and have consistent escaping. + */ + public function getQueryString(): ?string + { + $qs = static::normalizeQueryString($this->server->get('QUERY_STRING')); + + return '' === $qs ? null : $qs; + } + + /** + * Checks whether the request is secure or not. + * + * This method can read the client protocol from the "X-Forwarded-Proto" header + * when trusted proxies were set via "setTrustedProxies()". + * + * The "X-Forwarded-Proto" header must contain the protocol: "https" or "http". + */ + public function isSecure(): bool + { + if ($this->isFromTrustedProxy() && $proto = $this->getTrustedValues(self::HEADER_X_FORWARDED_PROTO)) { + return \in_array(strtolower($proto[0]), ['https', 'on', 'ssl', '1'], true); + } + + $https = $this->server->get('HTTPS'); + + return $https && 'off' !== strtolower($https); + } + + /** + * Returns the host name. + * + * This method can read the client host name from the "X-Forwarded-Host" header + * when trusted proxies were set via "setTrustedProxies()". + * + * The "X-Forwarded-Host" header must contain the client host name. + * + * @throws SuspiciousOperationException when the host name is invalid or not trusted + */ + public function getHost(): string + { + if ($this->isFromTrustedProxy() && $host = $this->getTrustedValues(self::HEADER_X_FORWARDED_HOST)) { + $host = $host[0]; + } elseif (!$host = $this->headers->get('HOST')) { + if (!$host = $this->server->get('SERVER_NAME')) { + $host = $this->server->get('SERVER_ADDR', ''); + } + } + + // trim and remove port number from host + // host is lowercase as per RFC 952/2181 + $host = strtolower(preg_replace('/:\d+$/', '', trim($host))); + + // as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user) + // check that it does not contain forbidden characters (see RFC 952 and RFC 2181) + // use preg_replace() instead of preg_match() to prevent DoS attacks with long host names + if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) { + if (!$this->isHostValid) { + return ''; + } + $this->isHostValid = false; + + throw new SuspiciousOperationException(sprintf('Invalid Host "%s".', $host)); + } + + if (\count(self::$trustedHostPatterns) > 0) { + // to avoid host header injection attacks, you should provide a list of trusted host patterns + + if (\in_array($host, self::$trustedHosts, true)) { + return $host; + } + + foreach (self::$trustedHostPatterns as $pattern) { + if (preg_match($pattern, $host)) { + self::$trustedHosts[] = $host; + + return $host; + } + } + + if (!$this->isHostValid) { + return ''; + } + $this->isHostValid = false; + + throw new SuspiciousOperationException(sprintf('Untrusted Host "%s".', $host)); + } + + return $host; + } + + /** + * Sets the request method. + */ + public function setMethod(string $method): void + { + $this->method = null; + $this->server->set('REQUEST_METHOD', $method); + } + + /** + * Gets the request "intended" method. + * + * If the X-HTTP-Method-Override header is set, and if the method is a POST, + * then it is used to determine the "real" intended HTTP method. + * + * The _method request parameter can also be used to determine the HTTP method, + * but only if enableHttpMethodParameterOverride() has been called. + * + * The method is always an uppercased string. + * + * @see getRealMethod() + */ + public function getMethod(): string + { + if (null !== $this->method) { + return $this->method; + } + + $this->method = strtoupper($this->server->get('REQUEST_METHOD', 'GET')); + + if ('POST' !== $this->method) { + return $this->method; + } + + $method = $this->headers->get('X-HTTP-METHOD-OVERRIDE'); + + if (!$method && self::$httpMethodParameterOverride) { + $method = $this->request->get('_method', $this->query->get('_method', 'POST')); + } + + if (!\is_string($method)) { + return $this->method; + } + + $method = strtoupper($method); + + if (\in_array($method, ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'CONNECT', 'OPTIONS', 'PATCH', 'PURGE', 'TRACE'], true)) { + return $this->method = $method; + } + + if (!preg_match('/^[A-Z]++$/D', $method)) { + throw new SuspiciousOperationException(sprintf('Invalid method override "%s".', $method)); + } + + return $this->method = $method; + } + + /** + * Gets the "real" request method. + * + * @see getMethod() + */ + public function getRealMethod(): string + { + return strtoupper($this->server->get('REQUEST_METHOD', 'GET')); + } + + /** + * Gets the mime type associated with the format. + */ + public function getMimeType(string $format): ?string + { + if (null === static::$formats) { + static::initializeFormats(); + } + + return isset(static::$formats[$format]) ? static::$formats[$format][0] : null; + } + + /** + * Gets the mime types associated with the format. + * + * @return string[] + */ + public static function getMimeTypes(string $format): array + { + if (null === static::$formats) { + static::initializeFormats(); + } + + return static::$formats[$format] ?? []; + } + + /** + * Gets the format associated with the mime type. + */ + public function getFormat(?string $mimeType): ?string + { + $canonicalMimeType = null; + if ($mimeType && false !== $pos = strpos($mimeType, ';')) { + $canonicalMimeType = trim(substr($mimeType, 0, $pos)); + } + + if (null === static::$formats) { + static::initializeFormats(); + } + + foreach (static::$formats as $format => $mimeTypes) { + if (\in_array($mimeType, (array) $mimeTypes, true)) { + return $format; + } + if (null !== $canonicalMimeType && \in_array($canonicalMimeType, (array) $mimeTypes, true)) { + return $format; + } + } + + return null; + } + + /** + * Associates a format with mime types. + * + * @param string|string[] $mimeTypes The associated mime types (the preferred one must be the first as it will be used as the content type) + */ + public function setFormat(?string $format, string|array $mimeTypes): void + { + if (null === static::$formats) { + static::initializeFormats(); + } + + static::$formats[$format] = \is_array($mimeTypes) ? $mimeTypes : [$mimeTypes]; + } + + /** + * Gets the request format. + * + * Here is the process to determine the format: + * + * * format defined by the user (with setRequestFormat()) + * * _format request attribute + * * $default + * + * @see getPreferredFormat + */ + public function getRequestFormat(?string $default = 'html'): ?string + { + $this->format ??= $this->attributes->get('_format'); + + return $this->format ?? $default; + } + + /** + * Sets the request format. + */ + public function setRequestFormat(?string $format): void + { + $this->format = $format; + } + + /** + * Gets the usual name of the format associated with the request's media type (provided in the Content-Type header). + * + * @see Request::$formats + */ + public function getContentTypeFormat(): ?string + { + return $this->getFormat($this->headers->get('CONTENT_TYPE', '')); + } + + /** + * Sets the default locale. + */ + public function setDefaultLocale(string $locale): void + { + $this->defaultLocale = $locale; + + if (null === $this->locale) { + $this->setPhpDefaultLocale($locale); + } + } + + /** + * Get the default locale. + */ + public function getDefaultLocale(): string + { + return $this->defaultLocale; + } + + /** + * Sets the locale. + */ + public function setLocale(string $locale): void + { + $this->setPhpDefaultLocale($this->locale = $locale); + } + + /** + * Get the locale. + */ + public function getLocale(): string + { + return $this->locale ?? $this->defaultLocale; + } + + /** + * Checks if the request method is of specified type. + * + * @param string $method Uppercase request method (GET, POST etc) + */ + public function isMethod(string $method): bool + { + return $this->getMethod() === strtoupper($method); + } + + /** + * Checks whether or not the method is safe. + * + * @see https://tools.ietf.org/html/rfc7231#section-4.2.1 + */ + public function isMethodSafe(): bool + { + return \in_array($this->getMethod(), ['GET', 'HEAD', 'OPTIONS', 'TRACE']); + } + + /** + * Checks whether or not the method is idempotent. + */ + public function isMethodIdempotent(): bool + { + return \in_array($this->getMethod(), ['HEAD', 'GET', 'PUT', 'DELETE', 'TRACE', 'OPTIONS', 'PURGE']); + } + + /** + * Checks whether the method is cacheable or not. + * + * @see https://tools.ietf.org/html/rfc7231#section-4.2.3 + */ + public function isMethodCacheable(): bool + { + return \in_array($this->getMethod(), ['GET', 'HEAD']); + } + + /** + * Returns the protocol version. + * + * If the application is behind a proxy, the protocol version used in the + * requests between the client and the proxy and between the proxy and the + * server might be different. This returns the former (from the "Via" header) + * if the proxy is trusted (see "setTrustedProxies()"), otherwise it returns + * the latter (from the "SERVER_PROTOCOL" server parameter). + */ + public function getProtocolVersion(): ?string + { + if ($this->isFromTrustedProxy()) { + preg_match('~^(HTTP/)?([1-9]\.[0-9]) ~', $this->headers->get('Via') ?? '', $matches); + + if ($matches) { + return 'HTTP/'.$matches[2]; + } + } + + return $this->server->get('SERVER_PROTOCOL'); + } + + /** + * Returns the request body content. + * + * @param bool $asResource If true, a resource will be returned + * + * @return string|resource + * + * @psalm-return ($asResource is true ? resource : string) + */ + public function getContent(bool $asResource = false) + { + $currentContentIsResource = \is_resource($this->content); + + if (true === $asResource) { + if ($currentContentIsResource) { + rewind($this->content); + + return $this->content; + } + + // Content passed in parameter (test) + if (\is_string($this->content)) { + $resource = fopen('php://temp', 'r+'); + fwrite($resource, $this->content); + rewind($resource); + + return $resource; + } + + $this->content = false; + + return fopen('php://input', 'r'); + } + + if ($currentContentIsResource) { + rewind($this->content); + + return stream_get_contents($this->content); + } + + if (null === $this->content || false === $this->content) { + $this->content = file_get_contents('php://input'); + } + + return $this->content; + } + + /** + * Gets the decoded form or json request body. + * + * @throws JsonException When the body cannot be decoded to an array + */ + public function getPayload(): InputBag + { + if ($this->request->count()) { + return clone $this->request; + } + + if ('' === $content = $this->getContent()) { + return new InputBag([]); + } + + try { + $content = json_decode($content, true, 512, \JSON_BIGINT_AS_STRING | \JSON_THROW_ON_ERROR); + } catch (\JsonException $e) { + throw new JsonException('Could not decode request body.', $e->getCode(), $e); + } + + if (!\is_array($content)) { + throw new JsonException(sprintf('JSON content was expected to decode to an array, "%s" returned.', get_debug_type($content))); + } + + return new InputBag($content); + } + + /** + * Gets the request body decoded as array, typically from a JSON payload. + * + * @see getPayload() for portability between content types + * + * @throws JsonException When the body cannot be decoded to an array + */ + public function toArray(): array + { + if ('' === $content = $this->getContent()) { + throw new JsonException('Request body is empty.'); + } + + try { + $content = json_decode($content, true, 512, \JSON_BIGINT_AS_STRING | \JSON_THROW_ON_ERROR); + } catch (\JsonException $e) { + throw new JsonException('Could not decode request body.', $e->getCode(), $e); + } + + if (!\is_array($content)) { + throw new JsonException(sprintf('JSON content was expected to decode to an array, "%s" returned.', get_debug_type($content))); + } + + return $content; + } + + /** + * Gets the Etags. + */ + public function getETags(): array + { + return preg_split('/\s*,\s*/', $this->headers->get('If-None-Match', ''), -1, \PREG_SPLIT_NO_EMPTY); + } + + public function isNoCache(): bool + { + return $this->headers->hasCacheControlDirective('no-cache') || 'no-cache' == $this->headers->get('Pragma'); + } + + /** + * Gets the preferred format for the response by inspecting, in the following order: + * * the request format set using setRequestFormat; + * * the values of the Accept HTTP header. + * + * Note that if you use this method, you should send the "Vary: Accept" header + * in the response to prevent any issues with intermediary HTTP caches. + */ + public function getPreferredFormat(?string $default = 'html'): ?string + { + if (!isset($this->preferredFormat) && null !== $preferredFormat = $this->getRequestFormat(null)) { + $this->preferredFormat = $preferredFormat; + } + + if ($this->preferredFormat ?? null) { + return $this->preferredFormat; + } + + foreach ($this->getAcceptableContentTypes() as $mimeType) { + if ($this->preferredFormat = $this->getFormat($mimeType)) { + return $this->preferredFormat; + } + } + + return $default; + } + + /** + * Returns the preferred language. + * + * @param string[] $locales An array of ordered available locales + */ + public function getPreferredLanguage(?array $locales = null): ?string + { + $preferredLanguages = $this->getLanguages(); + + if (!$locales) { + return $preferredLanguages[0] ?? null; + } + + $locales = array_map($this->formatLocale(...), $locales ?? []); + if (!$preferredLanguages) { + return $locales[0]; + } + + if ($matches = array_intersect($preferredLanguages, $locales)) { + return current($matches); + } + + $combinations = array_merge(...array_map($this->getLanguageCombinations(...), $preferredLanguages)); + foreach ($combinations as $combination) { + foreach ($locales as $locale) { + if (str_starts_with($locale, $combination)) { + return $locale; + } + } + } + + return $locales[0]; + } + + /** + * Gets a list of languages acceptable by the client browser ordered in the user browser preferences. + * + * @return string[] + */ + public function getLanguages(): array + { + if (null !== $this->languages) { + return $this->languages; + } + + $languages = AcceptHeader::fromString($this->headers->get('Accept-Language'))->all(); + $this->languages = []; + foreach ($languages as $acceptHeaderItem) { + $lang = $acceptHeaderItem->getValue(); + $this->languages[] = $this->formatLocale($lang); + } + $this->languages = array_unique($this->languages); + + return $this->languages; + } + + /** + * Strips the locale to only keep the canonicalized language value. + * + * Depending on the $locale value, this method can return values like : + * - language_Script_REGION: "fr_Latn_FR", "zh_Hans_TW" + * - language_Script: "fr_Latn", "zh_Hans" + * - language_REGION: "fr_FR", "zh_TW" + * - language: "fr", "zh" + * + * Invalid locale values are returned as is. + * + * @see https://wikipedia.org/wiki/IETF_language_tag + * @see https://datatracker.ietf.org/doc/html/rfc5646 + */ + private static function formatLocale(string $locale): string + { + [$language, $script, $region] = self::getLanguageComponents($locale); + + return implode('_', array_filter([$language, $script, $region])); + } + + /** + * Returns an array of all possible combinations of the language components. + * + * For instance, if the locale is "fr_Latn_FR", this method will return: + * - "fr_Latn_FR" + * - "fr_Latn" + * - "fr_FR" + * - "fr" + * + * @return string[] + */ + private static function getLanguageCombinations(string $locale): array + { + [$language, $script, $region] = self::getLanguageComponents($locale); + + return array_unique([ + implode('_', array_filter([$language, $script, $region])), + implode('_', array_filter([$language, $script])), + implode('_', array_filter([$language, $region])), + $language, + ]); + } + + /** + * Returns an array with the language components of the locale. + * + * For example: + * - If the locale is "fr_Latn_FR", this method will return "fr", "Latn", "FR" + * - If the locale is "fr_FR", this method will return "fr", null, "FR" + * - If the locale is "zh_Hans", this method will return "zh", "Hans", null + * + * @see https://wikipedia.org/wiki/IETF_language_tag + * @see https://datatracker.ietf.org/doc/html/rfc5646 + * + * @return array{string, string|null, string|null} + */ + private static function getLanguageComponents(string $locale): array + { + $locale = str_replace('_', '-', strtolower($locale)); + $pattern = '/^([a-zA-Z]{2,3}|i-[a-zA-Z]{5,})(?:-([a-zA-Z]{4}))?(?:-([a-zA-Z]{2}))?(?:-(.+))?$/'; + if (!preg_match($pattern, $locale, $matches)) { + return [$locale, null, null]; + } + if (str_starts_with($matches[1], 'i-')) { + // Language not listed in ISO 639 that are not variants + // of any listed language, which can be registered with the + // i-prefix, such as i-cherokee + $matches[1] = substr($matches[1], 2); + } + + return [ + $matches[1], + isset($matches[2]) ? ucfirst(strtolower($matches[2])) : null, + isset($matches[3]) ? strtoupper($matches[3]) : null, + ]; + } + + /** + * Gets a list of charsets acceptable by the client browser in preferable order. + * + * @return string[] + */ + public function getCharsets(): array + { + return $this->charsets ??= array_map('strval', array_keys(AcceptHeader::fromString($this->headers->get('Accept-Charset'))->all())); + } + + /** + * Gets a list of encodings acceptable by the client browser in preferable order. + * + * @return string[] + */ + public function getEncodings(): array + { + return $this->encodings ??= array_map('strval', array_keys(AcceptHeader::fromString($this->headers->get('Accept-Encoding'))->all())); + } + + /** + * Gets a list of content types acceptable by the client browser in preferable order. + * + * @return string[] + */ + public function getAcceptableContentTypes(): array + { + return $this->acceptableContentTypes ??= array_map('strval', array_keys(AcceptHeader::fromString($this->headers->get('Accept'))->all())); + } + + /** + * Returns true if the request is an XMLHttpRequest. + * + * It works if your JavaScript library sets an X-Requested-With HTTP header. + * It is known to work with common JavaScript frameworks: + * + * @see https://wikipedia.org/wiki/List_of_Ajax_frameworks#JavaScript + */ + public function isXmlHttpRequest(): bool + { + return 'XMLHttpRequest' == $this->headers->get('X-Requested-With'); + } + + /** + * Checks whether the client browser prefers safe content or not according to RFC8674. + * + * @see https://tools.ietf.org/html/rfc8674 + */ + public function preferSafeContent(): bool + { + if (isset($this->isSafeContentPreferred)) { + return $this->isSafeContentPreferred; + } + + if (!$this->isSecure()) { + // see https://tools.ietf.org/html/rfc8674#section-3 + return $this->isSafeContentPreferred = false; + } + + return $this->isSafeContentPreferred = AcceptHeader::fromString($this->headers->get('Prefer'))->has('safe'); + } + + /* + * The following methods are derived from code of the Zend Framework (1.10dev - 2010-01-24) + * + * Code subject to the new BSD license (https://framework.zend.com/license). + * + * Copyright (c) 2005-2010 Zend Technologies USA Inc. (https://www.zend.com/) + */ + + protected function prepareRequestUri(): string + { + $requestUri = ''; + + if ($this->isIisRewrite() && '' != $this->server->get('UNENCODED_URL')) { + // IIS7 with URL Rewrite: make sure we get the unencoded URL (double slash problem) + $requestUri = $this->server->get('UNENCODED_URL'); + $this->server->remove('UNENCODED_URL'); + } elseif ($this->server->has('REQUEST_URI')) { + $requestUri = $this->server->get('REQUEST_URI'); + + if ('' !== $requestUri && '/' === $requestUri[0]) { + // To only use path and query remove the fragment. + if (false !== $pos = strpos($requestUri, '#')) { + $requestUri = substr($requestUri, 0, $pos); + } + } else { + // HTTP proxy reqs setup request URI with scheme and host [and port] + the URL path, + // only use URL path. + $uriComponents = parse_url($requestUri); + + if (isset($uriComponents['path'])) { + $requestUri = $uriComponents['path']; + } + + if (isset($uriComponents['query'])) { + $requestUri .= '?'.$uriComponents['query']; + } + } + } elseif ($this->server->has('ORIG_PATH_INFO')) { + // IIS 5.0, PHP as CGI + $requestUri = $this->server->get('ORIG_PATH_INFO'); + if ('' != $this->server->get('QUERY_STRING')) { + $requestUri .= '?'.$this->server->get('QUERY_STRING'); + } + $this->server->remove('ORIG_PATH_INFO'); + } + + // normalize the request URI to ease creating sub-requests from this request + $this->server->set('REQUEST_URI', $requestUri); + + return $requestUri; + } + + /** + * Prepares the base URL. + */ + protected function prepareBaseUrl(): string + { + $filename = basename($this->server->get('SCRIPT_FILENAME', '')); + + if (basename($this->server->get('SCRIPT_NAME', '')) === $filename) { + $baseUrl = $this->server->get('SCRIPT_NAME'); + } elseif (basename($this->server->get('PHP_SELF', '')) === $filename) { + $baseUrl = $this->server->get('PHP_SELF'); + } elseif (basename($this->server->get('ORIG_SCRIPT_NAME', '')) === $filename) { + $baseUrl = $this->server->get('ORIG_SCRIPT_NAME'); // 1and1 shared hosting compatibility + } else { + // Backtrack up the script_filename to find the portion matching + // php_self + $path = $this->server->get('PHP_SELF', ''); + $file = $this->server->get('SCRIPT_FILENAME', ''); + $segs = explode('/', trim($file, '/')); + $segs = array_reverse($segs); + $index = 0; + $last = \count($segs); + $baseUrl = ''; + do { + $seg = $segs[$index]; + $baseUrl = '/'.$seg.$baseUrl; + ++$index; + } while ($last > $index && (false !== $pos = strpos($path, $baseUrl)) && 0 != $pos); + } + + // Does the baseUrl have anything in common with the request_uri? + $requestUri = $this->getRequestUri(); + if ('' !== $requestUri && '/' !== $requestUri[0]) { + $requestUri = '/'.$requestUri; + } + + if ($baseUrl && null !== $prefix = $this->getUrlencodedPrefix($requestUri, $baseUrl)) { + // full $baseUrl matches + return $prefix; + } + + if ($baseUrl && null !== $prefix = $this->getUrlencodedPrefix($requestUri, rtrim(\dirname($baseUrl), '/'.\DIRECTORY_SEPARATOR).'/')) { + // directory portion of $baseUrl matches + return rtrim($prefix, '/'.\DIRECTORY_SEPARATOR); + } + + $truncatedRequestUri = $requestUri; + if (false !== $pos = strpos($requestUri, '?')) { + $truncatedRequestUri = substr($requestUri, 0, $pos); + } + + $basename = basename($baseUrl ?? ''); + if (!$basename || !strpos(rawurldecode($truncatedRequestUri), $basename)) { + // no match whatsoever; set it blank + return ''; + } + + // If using mod_rewrite or ISAPI_Rewrite strip the script filename + // out of baseUrl. $pos !== 0 makes sure it is not matching a value + // from PATH_INFO or QUERY_STRING + if (\strlen($requestUri) >= \strlen($baseUrl) && (false !== $pos = strpos($requestUri, $baseUrl)) && 0 !== $pos) { + $baseUrl = substr($requestUri, 0, $pos + \strlen($baseUrl)); + } + + return rtrim($baseUrl, '/'.\DIRECTORY_SEPARATOR); + } + + /** + * Prepares the base path. + */ + protected function prepareBasePath(): string + { + $baseUrl = $this->getBaseUrl(); + if (!$baseUrl) { + return ''; + } + + $filename = basename($this->server->get('SCRIPT_FILENAME')); + if (basename($baseUrl) === $filename) { + $basePath = \dirname($baseUrl); + } else { + $basePath = $baseUrl; + } + + if ('\\' === \DIRECTORY_SEPARATOR) { + $basePath = str_replace('\\', '/', $basePath); + } + + return rtrim($basePath, '/'); + } + + /** + * Prepares the path info. + */ + protected function preparePathInfo(): string + { + if (null === ($requestUri = $this->getRequestUri())) { + return '/'; + } + + // Remove the query string from REQUEST_URI + if (false !== $pos = strpos($requestUri, '?')) { + $requestUri = substr($requestUri, 0, $pos); + } + if ('' !== $requestUri && '/' !== $requestUri[0]) { + $requestUri = '/'.$requestUri; + } + + if (null === ($baseUrl = $this->getBaseUrlReal())) { + return $requestUri; + } + + $pathInfo = substr($requestUri, \strlen($baseUrl)); + if (false === $pathInfo || '' === $pathInfo) { + // If substr() returns false then PATH_INFO is set to an empty string + return '/'; + } + + return $pathInfo; + } + + /** + * Initializes HTTP request formats. + */ + protected static function initializeFormats(): void + { + static::$formats = [ + 'html' => ['text/html', 'application/xhtml+xml'], + 'txt' => ['text/plain'], + 'js' => ['application/javascript', 'application/x-javascript', 'text/javascript'], + 'css' => ['text/css'], + 'json' => ['application/json', 'application/x-json'], + 'jsonld' => ['application/ld+json'], + 'xml' => ['text/xml', 'application/xml', 'application/x-xml'], + 'rdf' => ['application/rdf+xml'], + 'atom' => ['application/atom+xml'], + 'rss' => ['application/rss+xml'], + 'form' => ['application/x-www-form-urlencoded', 'multipart/form-data'], + ]; + } + + private function setPhpDefaultLocale(string $locale): void + { + // if either the class Locale doesn't exist, or an exception is thrown when + // setting the default locale, the intl module is not installed, and + // the call can be ignored: + try { + if (class_exists(\Locale::class, false)) { + \Locale::setDefault($locale); + } + } catch (\Exception) { + } + } + + /** + * Returns the prefix as encoded in the string when the string starts with + * the given prefix, null otherwise. + */ + private function getUrlencodedPrefix(string $string, string $prefix): ?string + { + if ($this->isIisRewrite()) { + // ISS with UrlRewriteModule might report SCRIPT_NAME/PHP_SELF with wrong case + // see https://github.com/php/php-src/issues/11981 + if (0 !== stripos(rawurldecode($string), $prefix)) { + return null; + } + } elseif (!str_starts_with(rawurldecode($string), $prefix)) { + return null; + } + + $len = \strlen($prefix); + + if (preg_match(sprintf('#^(%%[[:xdigit:]]{2}|.){%d}#', $len), $string, $match)) { + return $match[0]; + } + + return null; + } + + private static function createRequestFromFactory(array $query = [], array $request = [], array $attributes = [], array $cookies = [], array $files = [], array $server = [], $content = null): static + { + if (self::$requestFactory) { + $request = (self::$requestFactory)($query, $request, $attributes, $cookies, $files, $server, $content); + + if (!$request instanceof self) { + throw new \LogicException('The Request factory must return an instance of Symfony\Component\HttpFoundation\Request.'); + } + + return $request; + } + + return new static($query, $request, $attributes, $cookies, $files, $server, $content); + } + + /** + * Indicates whether this request originated from a trusted proxy. + * + * This can be useful to determine whether or not to trust the + * contents of a proxy-specific header. + */ + public function isFromTrustedProxy(): bool + { + return self::$trustedProxies && IpUtils::checkIp($this->server->get('REMOTE_ADDR', ''), self::$trustedProxies); + } + + /** + * This method is rather heavy because it splits and merges headers, and it's called by many other methods such as + * getPort(), isSecure(), getHost(), getClientIps(), getBaseUrl() etc. Thus, we try to cache the results for + * best performance. + */ + private function getTrustedValues(int $type, ?string $ip = null): array + { + $cacheKey = $type."\0".((self::$trustedHeaderSet & $type) ? $this->headers->get(self::TRUSTED_HEADERS[$type]) : ''); + $cacheKey .= "\0".$ip."\0".$this->headers->get(self::TRUSTED_HEADERS[self::HEADER_FORWARDED]); + + if (isset($this->trustedValuesCache[$cacheKey])) { + return $this->trustedValuesCache[$cacheKey]; + } + + $clientValues = []; + $forwardedValues = []; + + if ((self::$trustedHeaderSet & $type) && $this->headers->has(self::TRUSTED_HEADERS[$type])) { + foreach (explode(',', $this->headers->get(self::TRUSTED_HEADERS[$type])) as $v) { + $clientValues[] = (self::HEADER_X_FORWARDED_PORT === $type ? '0.0.0.0:' : '').trim($v); + } + } + + if ((self::$trustedHeaderSet & self::HEADER_FORWARDED) && (isset(self::FORWARDED_PARAMS[$type])) && $this->headers->has(self::TRUSTED_HEADERS[self::HEADER_FORWARDED])) { + $forwarded = $this->headers->get(self::TRUSTED_HEADERS[self::HEADER_FORWARDED]); + $parts = HeaderUtils::split($forwarded, ',;='); + $param = self::FORWARDED_PARAMS[$type]; + foreach ($parts as $subParts) { + if (null === $v = HeaderUtils::combine($subParts)[$param] ?? null) { + continue; + } + if (self::HEADER_X_FORWARDED_PORT === $type) { + if (str_ends_with($v, ']') || false === $v = strrchr($v, ':')) { + $v = $this->isSecure() ? ':443' : ':80'; + } + $v = '0.0.0.0'.$v; + } + $forwardedValues[] = $v; + } + } + + if (null !== $ip) { + $clientValues = $this->normalizeAndFilterClientIps($clientValues, $ip); + $forwardedValues = $this->normalizeAndFilterClientIps($forwardedValues, $ip); + } + + if ($forwardedValues === $clientValues || !$clientValues) { + return $this->trustedValuesCache[$cacheKey] = $forwardedValues; + } + + if (!$forwardedValues) { + return $this->trustedValuesCache[$cacheKey] = $clientValues; + } + + if (!$this->isForwardedValid) { + return $this->trustedValuesCache[$cacheKey] = null !== $ip ? ['0.0.0.0', $ip] : []; + } + $this->isForwardedValid = false; + + throw new ConflictingHeadersException(sprintf('The request has both a trusted "%s" header and a trusted "%s" header, conflicting with each other. You should either configure your proxy to remove one of them, or configure your project to distrust the offending one.', self::TRUSTED_HEADERS[self::HEADER_FORWARDED], self::TRUSTED_HEADERS[$type])); + } + + private function normalizeAndFilterClientIps(array $clientIps, string $ip): array + { + if (!$clientIps) { + return []; + } + $clientIps[] = $ip; // Complete the IP chain with the IP the request actually came from + $firstTrustedIp = null; + + foreach ($clientIps as $key => $clientIp) { + if (strpos($clientIp, '.')) { + // Strip :port from IPv4 addresses. This is allowed in Forwarded + // and may occur in X-Forwarded-For. + $i = strpos($clientIp, ':'); + if ($i) { + $clientIps[$key] = $clientIp = substr($clientIp, 0, $i); + } + } elseif (str_starts_with($clientIp, '[')) { + // Strip brackets and :port from IPv6 addresses. + $i = strpos($clientIp, ']', 1); + $clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1); + } + + if (!filter_var($clientIp, \FILTER_VALIDATE_IP)) { + unset($clientIps[$key]); + + continue; + } + + if (IpUtils::checkIp($clientIp, self::$trustedProxies)) { + unset($clientIps[$key]); + + // Fallback to this when the client IP falls into the range of trusted proxies + $firstTrustedIp ??= $clientIp; + } + } + + // Now the IP chain contains only untrusted proxies and the client IP + return $clientIps ? array_reverse($clientIps) : [$firstTrustedIp]; + } + + /** + * Is this IIS with UrlRewriteModule? + * + * This method consumes, caches and removed the IIS_WasUrlRewritten env var, + * so we don't inherit it to sub-requests. + */ + private function isIisRewrite(): bool + { + if (1 === $this->server->getInt('IIS_WasUrlRewritten')) { + $this->isIisRewrite = true; + $this->server->remove('IIS_WasUrlRewritten'); + } + + return $this->isIisRewrite; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/AttributesRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/AttributesRequestMatcher.php new file mode 100644 index 0000000..09d6f49 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/AttributesRequestMatcher.php @@ -0,0 +1,45 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the Request attributes matches all regular expressions. + * + * @author Fabien Potencier + */ +class AttributesRequestMatcher implements RequestMatcherInterface +{ + /** + * @param array $regexps + */ + public function __construct(private array $regexps) + { + } + + public function matches(Request $request): bool + { + foreach ($this->regexps as $key => $regexp) { + $attribute = $request->attributes->get($key); + if (!\is_string($attribute)) { + return false; + } + if (!preg_match('{'.$regexp.'}', $attribute)) { + return false; + } + } + + return true; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/ExpressionRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/ExpressionRequestMatcher.php new file mode 100644 index 0000000..935853f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/ExpressionRequestMatcher.php @@ -0,0 +1,43 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\ExpressionLanguage\Expression; +use Symfony\Component\ExpressionLanguage\ExpressionLanguage; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * ExpressionRequestMatcher uses an expression to match a Request. + * + * @author Fabien Potencier + */ +class ExpressionRequestMatcher implements RequestMatcherInterface +{ + public function __construct( + private ExpressionLanguage $language, + private Expression|string $expression, + ) { + } + + public function matches(Request $request): bool + { + return $this->language->evaluate($this->expression, [ + 'request' => $request, + 'method' => $request->getMethod(), + 'path' => rawurldecode($request->getPathInfo()), + 'host' => $request->getHost(), + 'ip' => $request->getClientIp(), + 'attributes' => $request->attributes->all(), + ]); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/HeaderRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/HeaderRequestMatcher.php new file mode 100644 index 0000000..8617a8a --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/HeaderRequestMatcher.php @@ -0,0 +1,52 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the presence of HTTP headers in a Request. + * + * @author Alexandre Daubois + */ +class HeaderRequestMatcher implements RequestMatcherInterface +{ + /** + * @var string[] + */ + private array $headers; + + /** + * @param string[]|string $headers A header or a list of headers + * Strings can contain a comma-delimited list of headers + */ + public function __construct(array|string $headers) + { + $this->headers = array_reduce((array) $headers, static fn (array $headers, string $header) => array_merge($headers, preg_split('/\s*,\s*/', $header)), []); + } + + public function matches(Request $request): bool + { + if (!$this->headers) { + return true; + } + + foreach ($this->headers as $header) { + if (!$request->headers->has($header)) { + return false; + } + } + + return true; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/HostRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/HostRequestMatcher.php new file mode 100644 index 0000000..2836759 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/HostRequestMatcher.php @@ -0,0 +1,32 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the Request URL host name matches a regular expression. + * + * @author Fabien Potencier + */ +class HostRequestMatcher implements RequestMatcherInterface +{ + public function __construct(private string $regexp) + { + } + + public function matches(Request $request): bool + { + return preg_match('{'.$this->regexp.'}i', $request->getHost()); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/IpsRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/IpsRequestMatcher.php new file mode 100644 index 0000000..333612e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/IpsRequestMatcher.php @@ -0,0 +1,44 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\IpUtils; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the client IP of a Request. + * + * @author Fabien Potencier + */ +class IpsRequestMatcher implements RequestMatcherInterface +{ + private array $ips; + + /** + * @param string[]|string $ips A specific IP address or a range specified using IP/netmask like 192.168.1.0/24 + * Strings can contain a comma-delimited list of IPs/ranges + */ + public function __construct(array|string $ips) + { + $this->ips = array_reduce((array) $ips, static fn (array $ips, string $ip) => array_merge($ips, preg_split('/\s*,\s*/', $ip)), []); + } + + public function matches(Request $request): bool + { + if (!$this->ips) { + return true; + } + + return IpUtils::checkIp($request->getClientIp() ?? '', $this->ips); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/IsJsonRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/IsJsonRequestMatcher.php new file mode 100644 index 0000000..875f992 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/IsJsonRequestMatcher.php @@ -0,0 +1,28 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the Request content is valid JSON. + * + * @author Fabien Potencier + */ +class IsJsonRequestMatcher implements RequestMatcherInterface +{ + public function matches(Request $request): bool + { + return json_validate($request->getContent()); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/MethodRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/MethodRequestMatcher.php new file mode 100644 index 0000000..b37f6e3 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/MethodRequestMatcher.php @@ -0,0 +1,46 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the HTTP method of a Request. + * + * @author Fabien Potencier + */ +class MethodRequestMatcher implements RequestMatcherInterface +{ + /** + * @var string[] + */ + private array $methods = []; + + /** + * @param string[]|string $methods An HTTP method or an array of HTTP methods + * Strings can contain a comma-delimited list of methods + */ + public function __construct(array|string $methods) + { + $this->methods = array_reduce(array_map('strtoupper', (array) $methods), static fn (array $methods, string $method) => array_merge($methods, preg_split('/\s*,\s*/', $method)), []); + } + + public function matches(Request $request): bool + { + if (!$this->methods) { + return true; + } + + return \in_array($request->getMethod(), $this->methods, true); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/PathRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/PathRequestMatcher.php new file mode 100644 index 0000000..c7c7a02 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/PathRequestMatcher.php @@ -0,0 +1,32 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the Request URL path info matches a regular expression. + * + * @author Fabien Potencier + */ +class PathRequestMatcher implements RequestMatcherInterface +{ + public function __construct(private string $regexp) + { + } + + public function matches(Request $request): bool + { + return preg_match('{'.$this->regexp.'}', rawurldecode($request->getPathInfo())); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/PortRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/PortRequestMatcher.php new file mode 100644 index 0000000..5a01ce9 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/PortRequestMatcher.php @@ -0,0 +1,32 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the HTTP port of a Request. + * + * @author Fabien Potencier + */ +class PortRequestMatcher implements RequestMatcherInterface +{ + public function __construct(private int $port) + { + } + + public function matches(Request $request): bool + { + return $request->getPort() === $this->port; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/QueryParameterRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/QueryParameterRequestMatcher.php new file mode 100644 index 0000000..86161e7 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/QueryParameterRequestMatcher.php @@ -0,0 +1,46 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the presence of HTTP query parameters of a Request. + * + * @author Alexandre Daubois + */ +class QueryParameterRequestMatcher implements RequestMatcherInterface +{ + /** + * @var string[] + */ + private array $parameters; + + /** + * @param string[]|string $parameters A parameter or a list of parameters + * Strings can contain a comma-delimited list of query parameters + */ + public function __construct(array|string $parameters) + { + $this->parameters = array_reduce(array_map(strtolower(...), (array) $parameters), static fn (array $parameters, string $parameter) => array_merge($parameters, preg_split('/\s*,\s*/', $parameter)), []); + } + + public function matches(Request $request): bool + { + if (!$this->parameters) { + return true; + } + + return 0 === \count(array_diff_assoc($this->parameters, $request->query->keys())); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/SchemeRequestMatcher.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/SchemeRequestMatcher.php new file mode 100644 index 0000000..9c9cd58 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcher/SchemeRequestMatcher.php @@ -0,0 +1,46 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\RequestMatcher; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcherInterface; + +/** + * Checks the HTTP scheme of a Request. + * + * @author Fabien Potencier + */ +class SchemeRequestMatcher implements RequestMatcherInterface +{ + /** + * @var string[] + */ + private array $schemes; + + /** + * @param string[]|string $schemes A scheme or a list of schemes + * Strings can contain a comma-delimited list of schemes + */ + public function __construct(array|string $schemes) + { + $this->schemes = array_reduce(array_map('strtolower', (array) $schemes), static fn (array $schemes, string $scheme) => array_merge($schemes, preg_split('/\s*,\s*/', $scheme)), []); + } + + public function matches(Request $request): bool + { + if (!$this->schemes) { + return true; + } + + return \in_array($request->getScheme(), $this->schemes, true); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcherInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcherInterface.php new file mode 100644 index 0000000..6dcc3e0 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestMatcherInterface.php @@ -0,0 +1,25 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * RequestMatcherInterface is an interface for strategies to match a Request. + * + * @author Fabien Potencier + */ +interface RequestMatcherInterface +{ + /** + * Decides whether the rule(s) implemented by the strategy matches the supplied request. + */ + public function matches(Request $request): bool; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/RequestStack.php b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestStack.php new file mode 100644 index 0000000..ac8263e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/RequestStack.php @@ -0,0 +1,107 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException; +use Symfony\Component\HttpFoundation\Session\SessionInterface; + +/** + * Request stack that controls the lifecycle of requests. + * + * @author Benjamin Eberlei + */ +class RequestStack +{ + /** + * @var Request[] + */ + private array $requests = []; + + /** + * Pushes a Request on the stack. + * + * This method should generally not be called directly as the stack + * management should be taken care of by the application itself. + */ + public function push(Request $request): void + { + $this->requests[] = $request; + } + + /** + * Pops the current request from the stack. + * + * This operation lets the current request go out of scope. + * + * This method should generally not be called directly as the stack + * management should be taken care of by the application itself. + */ + public function pop(): ?Request + { + if (!$this->requests) { + return null; + } + + return array_pop($this->requests); + } + + public function getCurrentRequest(): ?Request + { + return end($this->requests) ?: null; + } + + /** + * Gets the main request. + * + * Be warned that making your code aware of the main request + * might make it un-compatible with other features of your framework + * like ESI support. + */ + public function getMainRequest(): ?Request + { + if (!$this->requests) { + return null; + } + + return $this->requests[0]; + } + + /** + * Returns the parent request of the current. + * + * Be warned that making your code aware of the parent request + * might make it un-compatible with other features of your framework + * like ESI support. + * + * If current Request is the main request, it returns null. + */ + public function getParentRequest(): ?Request + { + $pos = \count($this->requests) - 2; + + return $this->requests[$pos] ?? null; + } + + /** + * Gets the current session. + * + * @throws SessionNotFoundException + */ + public function getSession(): SessionInterface + { + if ((null !== $request = end($this->requests) ?: null) && $request->hasSession()) { + return $request->getSession(); + } + + throw new SessionNotFoundException(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Response.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Response.php new file mode 100644 index 0000000..22c09a0 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Response.php @@ -0,0 +1,1315 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +// Help opcache.preload discover always-needed symbols +class_exists(ResponseHeaderBag::class); + +/** + * Response represents an HTTP response. + * + * @author Fabien Potencier + */ +class Response +{ + public const HTTP_CONTINUE = 100; + public const HTTP_SWITCHING_PROTOCOLS = 101; + public const HTTP_PROCESSING = 102; // RFC2518 + public const HTTP_EARLY_HINTS = 103; // RFC8297 + public const HTTP_OK = 200; + public const HTTP_CREATED = 201; + public const HTTP_ACCEPTED = 202; + public const HTTP_NON_AUTHORITATIVE_INFORMATION = 203; + public const HTTP_NO_CONTENT = 204; + public const HTTP_RESET_CONTENT = 205; + public const HTTP_PARTIAL_CONTENT = 206; + public const HTTP_MULTI_STATUS = 207; // RFC4918 + public const HTTP_ALREADY_REPORTED = 208; // RFC5842 + public const HTTP_IM_USED = 226; // RFC3229 + public const HTTP_MULTIPLE_CHOICES = 300; + public const HTTP_MOVED_PERMANENTLY = 301; + public const HTTP_FOUND = 302; + public const HTTP_SEE_OTHER = 303; + public const HTTP_NOT_MODIFIED = 304; + public const HTTP_USE_PROXY = 305; + public const HTTP_RESERVED = 306; + public const HTTP_TEMPORARY_REDIRECT = 307; + public const HTTP_PERMANENTLY_REDIRECT = 308; // RFC7238 + public const HTTP_BAD_REQUEST = 400; + public const HTTP_UNAUTHORIZED = 401; + public const HTTP_PAYMENT_REQUIRED = 402; + public const HTTP_FORBIDDEN = 403; + public const HTTP_NOT_FOUND = 404; + public const HTTP_METHOD_NOT_ALLOWED = 405; + public const HTTP_NOT_ACCEPTABLE = 406; + public const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407; + public const HTTP_REQUEST_TIMEOUT = 408; + public const HTTP_CONFLICT = 409; + public const HTTP_GONE = 410; + public const HTTP_LENGTH_REQUIRED = 411; + public const HTTP_PRECONDITION_FAILED = 412; + public const HTTP_REQUEST_ENTITY_TOO_LARGE = 413; + public const HTTP_REQUEST_URI_TOO_LONG = 414; + public const HTTP_UNSUPPORTED_MEDIA_TYPE = 415; + public const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416; + public const HTTP_EXPECTATION_FAILED = 417; + public const HTTP_I_AM_A_TEAPOT = 418; // RFC2324 + public const HTTP_MISDIRECTED_REQUEST = 421; // RFC7540 + public const HTTP_UNPROCESSABLE_ENTITY = 422; // RFC4918 + public const HTTP_LOCKED = 423; // RFC4918 + public const HTTP_FAILED_DEPENDENCY = 424; // RFC4918 + public const HTTP_TOO_EARLY = 425; // RFC-ietf-httpbis-replay-04 + public const HTTP_UPGRADE_REQUIRED = 426; // RFC2817 + public const HTTP_PRECONDITION_REQUIRED = 428; // RFC6585 + public const HTTP_TOO_MANY_REQUESTS = 429; // RFC6585 + public const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431; // RFC6585 + public const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451; // RFC7725 + public const HTTP_INTERNAL_SERVER_ERROR = 500; + public const HTTP_NOT_IMPLEMENTED = 501; + public const HTTP_BAD_GATEWAY = 502; + public const HTTP_SERVICE_UNAVAILABLE = 503; + public const HTTP_GATEWAY_TIMEOUT = 504; + public const HTTP_VERSION_NOT_SUPPORTED = 505; + public const HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL = 506; // RFC2295 + public const HTTP_INSUFFICIENT_STORAGE = 507; // RFC4918 + public const HTTP_LOOP_DETECTED = 508; // RFC5842 + public const HTTP_NOT_EXTENDED = 510; // RFC2774 + public const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511; // RFC6585 + + /** + * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control + */ + private const HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES = [ + 'must_revalidate' => false, + 'no_cache' => false, + 'no_store' => false, + 'no_transform' => false, + 'public' => false, + 'private' => false, + 'proxy_revalidate' => false, + 'max_age' => true, + 's_maxage' => true, + 'stale_if_error' => true, // RFC5861 + 'stale_while_revalidate' => true, // RFC5861 + 'immutable' => false, + 'last_modified' => true, + 'etag' => true, + ]; + + public ResponseHeaderBag $headers; + + protected string $content; + protected string $version; + protected int $statusCode; + protected string $statusText; + protected ?string $charset = null; + + /** + * Status codes translation table. + * + * The list of codes is complete according to the + * {@link https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml Hypertext Transfer Protocol (HTTP) Status Code Registry} + * (last updated 2021-10-01). + * + * Unless otherwise noted, the status code is defined in RFC2616. + */ + public static array $statusTexts = [ + 100 => 'Continue', + 101 => 'Switching Protocols', + 102 => 'Processing', // RFC2518 + 103 => 'Early Hints', + 200 => 'OK', + 201 => 'Created', + 202 => 'Accepted', + 203 => 'Non-Authoritative Information', + 204 => 'No Content', + 205 => 'Reset Content', + 206 => 'Partial Content', + 207 => 'Multi-Status', // RFC4918 + 208 => 'Already Reported', // RFC5842 + 226 => 'IM Used', // RFC3229 + 300 => 'Multiple Choices', + 301 => 'Moved Permanently', + 302 => 'Found', + 303 => 'See Other', + 304 => 'Not Modified', + 305 => 'Use Proxy', + 307 => 'Temporary Redirect', + 308 => 'Permanent Redirect', // RFC7238 + 400 => 'Bad Request', + 401 => 'Unauthorized', + 402 => 'Payment Required', + 403 => 'Forbidden', + 404 => 'Not Found', + 405 => 'Method Not Allowed', + 406 => 'Not Acceptable', + 407 => 'Proxy Authentication Required', + 408 => 'Request Timeout', + 409 => 'Conflict', + 410 => 'Gone', + 411 => 'Length Required', + 412 => 'Precondition Failed', + 413 => 'Content Too Large', // RFC-ietf-httpbis-semantics + 414 => 'URI Too Long', + 415 => 'Unsupported Media Type', + 416 => 'Range Not Satisfiable', + 417 => 'Expectation Failed', + 418 => 'I\'m a teapot', // RFC2324 + 421 => 'Misdirected Request', // RFC7540 + 422 => 'Unprocessable Content', // RFC-ietf-httpbis-semantics + 423 => 'Locked', // RFC4918 + 424 => 'Failed Dependency', // RFC4918 + 425 => 'Too Early', // RFC-ietf-httpbis-replay-04 + 426 => 'Upgrade Required', // RFC2817 + 428 => 'Precondition Required', // RFC6585 + 429 => 'Too Many Requests', // RFC6585 + 431 => 'Request Header Fields Too Large', // RFC6585 + 451 => 'Unavailable For Legal Reasons', // RFC7725 + 500 => 'Internal Server Error', + 501 => 'Not Implemented', + 502 => 'Bad Gateway', + 503 => 'Service Unavailable', + 504 => 'Gateway Timeout', + 505 => 'HTTP Version Not Supported', + 506 => 'Variant Also Negotiates', // RFC2295 + 507 => 'Insufficient Storage', // RFC4918 + 508 => 'Loop Detected', // RFC5842 + 510 => 'Not Extended', // RFC2774 + 511 => 'Network Authentication Required', // RFC6585 + ]; + + /** + * Tracks headers already sent in informational responses. + */ + private array $sentHeaders; + + /** + * @param int $status The HTTP status code (200 "OK" by default) + * + * @throws \InvalidArgumentException When the HTTP status code is not valid + */ + public function __construct(?string $content = '', int $status = 200, array $headers = []) + { + $this->headers = new ResponseHeaderBag($headers); + $this->setContent($content); + $this->setStatusCode($status); + $this->setProtocolVersion('1.0'); + } + + /** + * Returns the Response as an HTTP string. + * + * The string representation of the Response is the same as the + * one that will be sent to the client only if the prepare() method + * has been called before. + * + * @see prepare() + */ + public function __toString(): string + { + return + sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n". + $this->headers."\r\n". + $this->getContent(); + } + + /** + * Clones the current Response instance. + */ + public function __clone() + { + $this->headers = clone $this->headers; + } + + /** + * Prepares the Response before it is sent to the client. + * + * This method tweaks the Response to ensure that it is + * compliant with RFC 2616. Most of the changes are based on + * the Request that is "associated" with this Response. + * + * @return $this + */ + public function prepare(Request $request): static + { + $headers = $this->headers; + + if ($this->isInformational() || $this->isEmpty()) { + $this->setContent(null); + $headers->remove('Content-Type'); + $headers->remove('Content-Length'); + // prevent PHP from sending the Content-Type header based on default_mimetype + ini_set('default_mimetype', ''); + } else { + // Content-type based on the Request + if (!$headers->has('Content-Type')) { + $format = $request->getRequestFormat(null); + if (null !== $format && $mimeType = $request->getMimeType($format)) { + $headers->set('Content-Type', $mimeType); + } + } + + // Fix Content-Type + $charset = $this->charset ?: 'UTF-8'; + if (!$headers->has('Content-Type')) { + $headers->set('Content-Type', 'text/html; charset='.$charset); + } elseif (0 === stripos($headers->get('Content-Type') ?? '', 'text/') && false === stripos($headers->get('Content-Type') ?? '', 'charset')) { + // add the charset + $headers->set('Content-Type', $headers->get('Content-Type').'; charset='.$charset); + } + + // Fix Content-Length + if ($headers->has('Transfer-Encoding')) { + $headers->remove('Content-Length'); + } + + if ($request->isMethod('HEAD')) { + // cf. RFC2616 14.13 + $length = $headers->get('Content-Length'); + $this->setContent(null); + if ($length) { + $headers->set('Content-Length', $length); + } + } + } + + // Fix protocol + if ('HTTP/1.0' != $request->server->get('SERVER_PROTOCOL')) { + $this->setProtocolVersion('1.1'); + } + + // Check if we need to send extra expire info headers + if ('1.0' == $this->getProtocolVersion() && str_contains($headers->get('Cache-Control', ''), 'no-cache')) { + $headers->set('pragma', 'no-cache'); + $headers->set('expires', -1); + } + + $this->ensureIEOverSSLCompatibility($request); + + if ($request->isSecure()) { + foreach ($headers->getCookies() as $cookie) { + $cookie->setSecureDefault(true); + } + } + + return $this; + } + + /** + * Sends HTTP headers. + * + * @param positive-int|null $statusCode The status code to use, override the statusCode property if set and not null + * + * @return $this + */ + public function sendHeaders(?int $statusCode = null): static + { + // headers have already been sent by the developer + if (headers_sent()) { + return $this; + } + + $informationalResponse = $statusCode >= 100 && $statusCode < 200; + if ($informationalResponse && !\function_exists('headers_send')) { + // skip informational responses if not supported by the SAPI + return $this; + } + + // headers + foreach ($this->headers->allPreserveCaseWithoutCookies() as $name => $values) { + // As recommended by RFC 8297, PHP automatically copies headers from previous 103 responses, we need to deal with that if headers changed + $previousValues = $this->sentHeaders[$name] ?? null; + if ($previousValues === $values) { + // Header already sent in a previous response, it will be automatically copied in this response by PHP + continue; + } + + $replace = 0 === strcasecmp($name, 'Content-Type'); + + if (null !== $previousValues && array_diff($previousValues, $values)) { + header_remove($name); + $previousValues = null; + } + + $newValues = null === $previousValues ? $values : array_diff($values, $previousValues); + + foreach ($newValues as $value) { + header($name.': '.$value, $replace, $this->statusCode); + } + + if ($informationalResponse) { + $this->sentHeaders[$name] = $values; + } + } + + // cookies + foreach ($this->headers->getCookies() as $cookie) { + header('Set-Cookie: '.$cookie, false, $this->statusCode); + } + + if ($informationalResponse) { + headers_send($statusCode); + + return $this; + } + + $statusCode ??= $this->statusCode; + + // status + header(sprintf('HTTP/%s %s %s', $this->version, $statusCode, $this->statusText), true, $statusCode); + + return $this; + } + + /** + * Sends content for the current web response. + * + * @return $this + */ + public function sendContent(): static + { + echo $this->content; + + return $this; + } + + /** + * Sends HTTP headers and content. + * + * @param bool $flush Whether output buffers should be flushed + * + * @return $this + */ + public function send(bool $flush = true): static + { + $this->sendHeaders(); + $this->sendContent(); + + if (!$flush) { + return $this; + } + + if (\function_exists('fastcgi_finish_request')) { + fastcgi_finish_request(); + } elseif (\function_exists('litespeed_finish_request')) { + litespeed_finish_request(); + } elseif (!\in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true)) { + static::closeOutputBuffers(0, true); + flush(); + } + + return $this; + } + + /** + * Sets the response content. + * + * @return $this + */ + public function setContent(?string $content): static + { + $this->content = $content ?? ''; + + return $this; + } + + /** + * Gets the current response content. + */ + public function getContent(): string|false + { + return $this->content; + } + + /** + * Sets the HTTP protocol version (1.0 or 1.1). + * + * @return $this + * + * @final + */ + public function setProtocolVersion(string $version): static + { + $this->version = $version; + + return $this; + } + + /** + * Gets the HTTP protocol version. + * + * @final + */ + public function getProtocolVersion(): string + { + return $this->version; + } + + /** + * Sets the response status code. + * + * If the status text is null it will be automatically populated for the known + * status codes and left empty otherwise. + * + * @return $this + * + * @throws \InvalidArgumentException When the HTTP status code is not valid + * + * @final + */ + public function setStatusCode(int $code, ?string $text = null): static + { + $this->statusCode = $code; + if ($this->isInvalid()) { + throw new \InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $code)); + } + + if (null === $text) { + $this->statusText = self::$statusTexts[$code] ?? 'unknown status'; + + return $this; + } + + $this->statusText = $text; + + return $this; + } + + /** + * Retrieves the status code for the current web response. + * + * @final + */ + public function getStatusCode(): int + { + return $this->statusCode; + } + + /** + * Sets the response charset. + * + * @return $this + * + * @final + */ + public function setCharset(string $charset): static + { + $this->charset = $charset; + + return $this; + } + + /** + * Retrieves the response charset. + * + * @final + */ + public function getCharset(): ?string + { + return $this->charset; + } + + /** + * Returns true if the response may safely be kept in a shared (surrogate) cache. + * + * Responses marked "private" with an explicit Cache-Control directive are + * considered uncacheable. + * + * Responses with neither a freshness lifetime (Expires, max-age) nor cache + * validator (Last-Modified, ETag) are considered uncacheable because there is + * no way to tell when or how to remove them from the cache. + * + * Note that RFC 7231 and RFC 7234 possibly allow for a more permissive implementation, + * for example "status codes that are defined as cacheable by default [...] + * can be reused by a cache with heuristic expiration unless otherwise indicated" + * (https://tools.ietf.org/html/rfc7231#section-6.1) + * + * @final + */ + public function isCacheable(): bool + { + if (!\in_array($this->statusCode, [200, 203, 300, 301, 302, 404, 410])) { + return false; + } + + if ($this->headers->hasCacheControlDirective('no-store') || $this->headers->getCacheControlDirective('private')) { + return false; + } + + return $this->isValidateable() || $this->isFresh(); + } + + /** + * Returns true if the response is "fresh". + * + * Fresh responses may be served from cache without any interaction with the + * origin. A response is considered fresh when it includes a Cache-Control/max-age + * indicator or Expires header and the calculated age is less than the freshness lifetime. + * + * @final + */ + public function isFresh(): bool + { + return $this->getTtl() > 0; + } + + /** + * Returns true if the response includes headers that can be used to validate + * the response with the origin server using a conditional GET request. + * + * @final + */ + public function isValidateable(): bool + { + return $this->headers->has('Last-Modified') || $this->headers->has('ETag'); + } + + /** + * Marks the response as "private". + * + * It makes the response ineligible for serving other clients. + * + * @return $this + * + * @final + */ + public function setPrivate(): static + { + $this->headers->removeCacheControlDirective('public'); + $this->headers->addCacheControlDirective('private'); + + return $this; + } + + /** + * Marks the response as "public". + * + * It makes the response eligible for serving other clients. + * + * @return $this + * + * @final + */ + public function setPublic(): static + { + $this->headers->addCacheControlDirective('public'); + $this->headers->removeCacheControlDirective('private'); + + return $this; + } + + /** + * Marks the response as "immutable". + * + * @return $this + * + * @final + */ + public function setImmutable(bool $immutable = true): static + { + if ($immutable) { + $this->headers->addCacheControlDirective('immutable'); + } else { + $this->headers->removeCacheControlDirective('immutable'); + } + + return $this; + } + + /** + * Returns true if the response is marked as "immutable". + * + * @final + */ + public function isImmutable(): bool + { + return $this->headers->hasCacheControlDirective('immutable'); + } + + /** + * Returns true if the response must be revalidated by shared caches once it has become stale. + * + * This method indicates that the response must not be served stale by a + * cache in any circumstance without first revalidating with the origin. + * When present, the TTL of the response should not be overridden to be + * greater than the value provided by the origin. + * + * @final + */ + public function mustRevalidate(): bool + { + return $this->headers->hasCacheControlDirective('must-revalidate') || $this->headers->hasCacheControlDirective('proxy-revalidate'); + } + + /** + * Returns the Date header as a DateTime instance. + * + * @throws \RuntimeException When the header is not parseable + * + * @final + */ + public function getDate(): ?\DateTimeImmutable + { + return $this->headers->getDate('Date'); + } + + /** + * Sets the Date header. + * + * @return $this + * + * @final + */ + public function setDate(\DateTimeInterface $date): static + { + $date = \DateTimeImmutable::createFromInterface($date); + $date = $date->setTimezone(new \DateTimeZone('UTC')); + $this->headers->set('Date', $date->format('D, d M Y H:i:s').' GMT'); + + return $this; + } + + /** + * Returns the age of the response in seconds. + * + * @final + */ + public function getAge(): int + { + if (null !== $age = $this->headers->get('Age')) { + return (int) $age; + } + + return max(time() - (int) $this->getDate()->format('U'), 0); + } + + /** + * Marks the response stale by setting the Age header to be equal to the maximum age of the response. + * + * @return $this + */ + public function expire(): static + { + if ($this->isFresh()) { + $this->headers->set('Age', $this->getMaxAge()); + $this->headers->remove('Expires'); + } + + return $this; + } + + /** + * Returns the value of the Expires header as a DateTime instance. + * + * @final + */ + public function getExpires(): ?\DateTimeImmutable + { + try { + return $this->headers->getDate('Expires'); + } catch (\RuntimeException) { + // according to RFC 2616 invalid date formats (e.g. "0" and "-1") must be treated as in the past + return \DateTimeImmutable::createFromFormat('U', time() - 172800); + } + } + + /** + * Sets the Expires HTTP header with a DateTime instance. + * + * Passing null as value will remove the header. + * + * @return $this + * + * @final + */ + public function setExpires(?\DateTimeInterface $date): static + { + if (null === $date) { + $this->headers->remove('Expires'); + + return $this; + } + + $date = \DateTimeImmutable::createFromInterface($date); + $date = $date->setTimezone(new \DateTimeZone('UTC')); + $this->headers->set('Expires', $date->format('D, d M Y H:i:s').' GMT'); + + return $this; + } + + /** + * Returns the number of seconds after the time specified in the response's Date + * header when the response should no longer be considered fresh. + * + * First, it checks for a s-maxage directive, then a max-age directive, and then it falls + * back on an expires header. It returns null when no maximum age can be established. + * + * @final + */ + public function getMaxAge(): ?int + { + if ($this->headers->hasCacheControlDirective('s-maxage')) { + return (int) $this->headers->getCacheControlDirective('s-maxage'); + } + + if ($this->headers->hasCacheControlDirective('max-age')) { + return (int) $this->headers->getCacheControlDirective('max-age'); + } + + if (null !== $expires = $this->getExpires()) { + $maxAge = (int) $expires->format('U') - (int) $this->getDate()->format('U'); + + return max($maxAge, 0); + } + + return null; + } + + /** + * Sets the number of seconds after which the response should no longer be considered fresh. + * + * This method sets the Cache-Control max-age directive. + * + * @return $this + * + * @final + */ + public function setMaxAge(int $value): static + { + $this->headers->addCacheControlDirective('max-age', $value); + + return $this; + } + + /** + * Sets the number of seconds after which the response should no longer be returned by shared caches when backend is down. + * + * This method sets the Cache-Control stale-if-error directive. + * + * @return $this + * + * @final + */ + public function setStaleIfError(int $value): static + { + $this->headers->addCacheControlDirective('stale-if-error', $value); + + return $this; + } + + /** + * Sets the number of seconds after which the response should no longer return stale content by shared caches. + * + * This method sets the Cache-Control stale-while-revalidate directive. + * + * @return $this + * + * @final + */ + public function setStaleWhileRevalidate(int $value): static + { + $this->headers->addCacheControlDirective('stale-while-revalidate', $value); + + return $this; + } + + /** + * Sets the number of seconds after which the response should no longer be considered fresh by shared caches. + * + * This method sets the Cache-Control s-maxage directive. + * + * @return $this + * + * @final + */ + public function setSharedMaxAge(int $value): static + { + $this->setPublic(); + $this->headers->addCacheControlDirective('s-maxage', $value); + + return $this; + } + + /** + * Returns the response's time-to-live in seconds. + * + * It returns null when no freshness information is present in the response. + * + * When the response's TTL is 0, the response may not be served from cache without first + * revalidating with the origin. + * + * @final + */ + public function getTtl(): ?int + { + $maxAge = $this->getMaxAge(); + + return null !== $maxAge ? max($maxAge - $this->getAge(), 0) : null; + } + + /** + * Sets the response's time-to-live for shared caches in seconds. + * + * This method adjusts the Cache-Control/s-maxage directive. + * + * @return $this + * + * @final + */ + public function setTtl(int $seconds): static + { + $this->setSharedMaxAge($this->getAge() + $seconds); + + return $this; + } + + /** + * Sets the response's time-to-live for private/client caches in seconds. + * + * This method adjusts the Cache-Control/max-age directive. + * + * @return $this + * + * @final + */ + public function setClientTtl(int $seconds): static + { + $this->setMaxAge($this->getAge() + $seconds); + + return $this; + } + + /** + * Returns the Last-Modified HTTP header as a DateTime instance. + * + * @throws \RuntimeException When the HTTP header is not parseable + * + * @final + */ + public function getLastModified(): ?\DateTimeImmutable + { + return $this->headers->getDate('Last-Modified'); + } + + /** + * Sets the Last-Modified HTTP header with a DateTime instance. + * + * Passing null as value will remove the header. + * + * @return $this + * + * @final + */ + public function setLastModified(?\DateTimeInterface $date): static + { + if (null === $date) { + $this->headers->remove('Last-Modified'); + + return $this; + } + + $date = \DateTimeImmutable::createFromInterface($date); + $date = $date->setTimezone(new \DateTimeZone('UTC')); + $this->headers->set('Last-Modified', $date->format('D, d M Y H:i:s').' GMT'); + + return $this; + } + + /** + * Returns the literal value of the ETag HTTP header. + * + * @final + */ + public function getEtag(): ?string + { + return $this->headers->get('ETag'); + } + + /** + * Sets the ETag value. + * + * @param string|null $etag The ETag unique identifier or null to remove the header + * @param bool $weak Whether you want a weak ETag or not + * + * @return $this + * + * @final + */ + public function setEtag(?string $etag, bool $weak = false): static + { + if (null === $etag) { + $this->headers->remove('Etag'); + } else { + if (!str_starts_with($etag, '"')) { + $etag = '"'.$etag.'"'; + } + + $this->headers->set('ETag', (true === $weak ? 'W/' : '').$etag); + } + + return $this; + } + + /** + * Sets the response's cache headers (validation and/or expiration). + * + * Available options are: must_revalidate, no_cache, no_store, no_transform, public, private, proxy_revalidate, max_age, s_maxage, immutable, last_modified and etag. + * + * @return $this + * + * @throws \InvalidArgumentException + * + * @final + */ + public function setCache(array $options): static + { + if ($diff = array_diff(array_keys($options), array_keys(self::HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES))) { + throw new \InvalidArgumentException(sprintf('Response does not support the following options: "%s".', implode('", "', $diff))); + } + + if (isset($options['etag'])) { + $this->setEtag($options['etag']); + } + + if (isset($options['last_modified'])) { + $this->setLastModified($options['last_modified']); + } + + if (isset($options['max_age'])) { + $this->setMaxAge($options['max_age']); + } + + if (isset($options['s_maxage'])) { + $this->setSharedMaxAge($options['s_maxage']); + } + + if (isset($options['stale_while_revalidate'])) { + $this->setStaleWhileRevalidate($options['stale_while_revalidate']); + } + + if (isset($options['stale_if_error'])) { + $this->setStaleIfError($options['stale_if_error']); + } + + foreach (self::HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES as $directive => $hasValue) { + if (!$hasValue && isset($options[$directive])) { + if ($options[$directive]) { + $this->headers->addCacheControlDirective(str_replace('_', '-', $directive)); + } else { + $this->headers->removeCacheControlDirective(str_replace('_', '-', $directive)); + } + } + } + + if (isset($options['public'])) { + if ($options['public']) { + $this->setPublic(); + } else { + $this->setPrivate(); + } + } + + if (isset($options['private'])) { + if ($options['private']) { + $this->setPrivate(); + } else { + $this->setPublic(); + } + } + + return $this; + } + + /** + * Modifies the response so that it conforms to the rules defined for a 304 status code. + * + * This sets the status, removes the body, and discards any headers + * that MUST NOT be included in 304 responses. + * + * @return $this + * + * @see https://tools.ietf.org/html/rfc2616#section-10.3.5 + * + * @final + */ + public function setNotModified(): static + { + $this->setStatusCode(304); + $this->setContent(null); + + // remove headers that MUST NOT be included with 304 Not Modified responses + foreach (['Allow', 'Content-Encoding', 'Content-Language', 'Content-Length', 'Content-MD5', 'Content-Type', 'Last-Modified'] as $header) { + $this->headers->remove($header); + } + + return $this; + } + + /** + * Returns true if the response includes a Vary header. + * + * @final + */ + public function hasVary(): bool + { + return null !== $this->headers->get('Vary'); + } + + /** + * Returns an array of header names given in the Vary header. + * + * @final + */ + public function getVary(): array + { + if (!$vary = $this->headers->all('Vary')) { + return []; + } + + $ret = []; + foreach ($vary as $item) { + $ret[] = preg_split('/[\s,]+/', $item); + } + + return array_merge([], ...$ret); + } + + /** + * Sets the Vary header. + * + * @param bool $replace Whether to replace the actual value or not (true by default) + * + * @return $this + * + * @final + */ + public function setVary(string|array $headers, bool $replace = true): static + { + $this->headers->set('Vary', $headers, $replace); + + return $this; + } + + /** + * Determines if the Response validators (ETag, Last-Modified) match + * a conditional value specified in the Request. + * + * If the Response is not modified, it sets the status code to 304 and + * removes the actual content by calling the setNotModified() method. + * + * @final + */ + public function isNotModified(Request $request): bool + { + if (!$request->isMethodCacheable()) { + return false; + } + + $notModified = false; + $lastModified = $this->headers->get('Last-Modified'); + $modifiedSince = $request->headers->get('If-Modified-Since'); + + if (($ifNoneMatchEtags = $request->getETags()) && (null !== $etag = $this->getEtag())) { + if (0 == strncmp($etag, 'W/', 2)) { + $etag = substr($etag, 2); + } + + // Use weak comparison as per https://tools.ietf.org/html/rfc7232#section-3.2. + foreach ($ifNoneMatchEtags as $ifNoneMatchEtag) { + if (0 == strncmp($ifNoneMatchEtag, 'W/', 2)) { + $ifNoneMatchEtag = substr($ifNoneMatchEtag, 2); + } + + if ($ifNoneMatchEtag === $etag || '*' === $ifNoneMatchEtag) { + $notModified = true; + break; + } + } + } + // Only do If-Modified-Since date comparison when If-None-Match is not present as per https://tools.ietf.org/html/rfc7232#section-3.3. + elseif ($modifiedSince && $lastModified) { + $notModified = strtotime($modifiedSince) >= strtotime($lastModified); + } + + if ($notModified) { + $this->setNotModified(); + } + + return $notModified; + } + + /** + * Is response invalid? + * + * @see https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html + * + * @final + */ + public function isInvalid(): bool + { + return $this->statusCode < 100 || $this->statusCode >= 600; + } + + /** + * Is response informative? + * + * @final + */ + public function isInformational(): bool + { + return $this->statusCode >= 100 && $this->statusCode < 200; + } + + /** + * Is response successful? + * + * @final + */ + public function isSuccessful(): bool + { + return $this->statusCode >= 200 && $this->statusCode < 300; + } + + /** + * Is the response a redirect? + * + * @final + */ + public function isRedirection(): bool + { + return $this->statusCode >= 300 && $this->statusCode < 400; + } + + /** + * Is there a client error? + * + * @final + */ + public function isClientError(): bool + { + return $this->statusCode >= 400 && $this->statusCode < 500; + } + + /** + * Was there a server side error? + * + * @final + */ + public function isServerError(): bool + { + return $this->statusCode >= 500 && $this->statusCode < 600; + } + + /** + * Is the response OK? + * + * @final + */ + public function isOk(): bool + { + return 200 === $this->statusCode; + } + + /** + * Is the response forbidden? + * + * @final + */ + public function isForbidden(): bool + { + return 403 === $this->statusCode; + } + + /** + * Is the response a not found error? + * + * @final + */ + public function isNotFound(): bool + { + return 404 === $this->statusCode; + } + + /** + * Is the response a redirect of some form? + * + * @final + */ + public function isRedirect(?string $location = null): bool + { + return \in_array($this->statusCode, [201, 301, 302, 303, 307, 308]) && (null === $location ?: $location == $this->headers->get('Location')); + } + + /** + * Is the response empty? + * + * @final + */ + public function isEmpty(): bool + { + return \in_array($this->statusCode, [204, 304]); + } + + /** + * Cleans or flushes output buffers up to target level. + * + * Resulting level can be greater than target level if a non-removable buffer has been encountered. + * + * @final + */ + public static function closeOutputBuffers(int $targetLevel, bool $flush): void + { + $status = ob_get_status(true); + $level = \count($status); + $flags = \PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? \PHP_OUTPUT_HANDLER_FLUSHABLE : \PHP_OUTPUT_HANDLER_CLEANABLE); + + while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) { + if ($flush) { + ob_end_flush(); + } else { + ob_end_clean(); + } + } + } + + /** + * Marks a response as safe according to RFC8674. + * + * @see https://tools.ietf.org/html/rfc8674 + */ + public function setContentSafe(bool $safe = true): void + { + if ($safe) { + $this->headers->set('Preference-Applied', 'safe'); + } elseif ('safe' === $this->headers->get('Preference-Applied')) { + $this->headers->remove('Preference-Applied'); + } + + $this->setVary('Prefer', false); + } + + /** + * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9. + * + * @see http://support.microsoft.com/kb/323308 + * + * @final + */ + protected function ensureIEOverSSLCompatibility(Request $request): void + { + if (false !== stripos($this->headers->get('Content-Disposition') ?? '', 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT') ?? '', $match) && true === $request->isSecure()) { + if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) { + $this->headers->remove('Cache-Control'); + } + } + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/ResponseHeaderBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/ResponseHeaderBag.php new file mode 100644 index 0000000..c8f0843 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/ResponseHeaderBag.php @@ -0,0 +1,271 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * ResponseHeaderBag is a container for Response HTTP headers. + * + * @author Fabien Potencier + */ +class ResponseHeaderBag extends HeaderBag +{ + public const COOKIES_FLAT = 'flat'; + public const COOKIES_ARRAY = 'array'; + + public const DISPOSITION_ATTACHMENT = 'attachment'; + public const DISPOSITION_INLINE = 'inline'; + + protected array $computedCacheControl = []; + protected array $cookies = []; + protected array $headerNames = []; + + public function __construct(array $headers = []) + { + parent::__construct($headers); + + if (!isset($this->headers['cache-control'])) { + $this->set('Cache-Control', ''); + } + + /* RFC2616 - 14.18 says all Responses need to have a Date */ + if (!isset($this->headers['date'])) { + $this->initDate(); + } + } + + /** + * Returns the headers, with original capitalizations. + */ + public function allPreserveCase(): array + { + $headers = []; + foreach ($this->all() as $name => $value) { + $headers[$this->headerNames[$name] ?? $name] = $value; + } + + return $headers; + } + + public function allPreserveCaseWithoutCookies(): array + { + $headers = $this->allPreserveCase(); + if (isset($this->headerNames['set-cookie'])) { + unset($headers[$this->headerNames['set-cookie']]); + } + + return $headers; + } + + public function replace(array $headers = []): void + { + $this->headerNames = []; + + parent::replace($headers); + + if (!isset($this->headers['cache-control'])) { + $this->set('Cache-Control', ''); + } + + if (!isset($this->headers['date'])) { + $this->initDate(); + } + } + + public function all(?string $key = null): array + { + $headers = parent::all(); + + if (null !== $key) { + $key = strtr($key, self::UPPER, self::LOWER); + + return 'set-cookie' !== $key ? $headers[$key] ?? [] : array_map('strval', $this->getCookies()); + } + + foreach ($this->getCookies() as $cookie) { + $headers['set-cookie'][] = (string) $cookie; + } + + return $headers; + } + + public function set(string $key, string|array|null $values, bool $replace = true): void + { + $uniqueKey = strtr($key, self::UPPER, self::LOWER); + + if ('set-cookie' === $uniqueKey) { + if ($replace) { + $this->cookies = []; + } + foreach ((array) $values as $cookie) { + $this->setCookie(Cookie::fromString($cookie)); + } + $this->headerNames[$uniqueKey] = $key; + + return; + } + + $this->headerNames[$uniqueKey] = $key; + + parent::set($key, $values, $replace); + + // ensure the cache-control header has sensible defaults + if (\in_array($uniqueKey, ['cache-control', 'etag', 'last-modified', 'expires'], true) && '' !== $computed = $this->computeCacheControlValue()) { + $this->headers['cache-control'] = [$computed]; + $this->headerNames['cache-control'] = 'Cache-Control'; + $this->computedCacheControl = $this->parseCacheControl($computed); + } + } + + public function remove(string $key): void + { + $uniqueKey = strtr($key, self::UPPER, self::LOWER); + unset($this->headerNames[$uniqueKey]); + + if ('set-cookie' === $uniqueKey) { + $this->cookies = []; + + return; + } + + parent::remove($key); + + if ('cache-control' === $uniqueKey) { + $this->computedCacheControl = []; + } + + if ('date' === $uniqueKey) { + $this->initDate(); + } + } + + public function hasCacheControlDirective(string $key): bool + { + return \array_key_exists($key, $this->computedCacheControl); + } + + public function getCacheControlDirective(string $key): bool|string|null + { + return $this->computedCacheControl[$key] ?? null; + } + + public function setCookie(Cookie $cookie): void + { + $this->cookies[$cookie->getDomain()][$cookie->getPath()][$cookie->getName()] = $cookie; + $this->headerNames['set-cookie'] = 'Set-Cookie'; + } + + /** + * Removes a cookie from the array, but does not unset it in the browser. + */ + public function removeCookie(string $name, ?string $path = '/', ?string $domain = null): void + { + $path ??= '/'; + + unset($this->cookies[$domain][$path][$name]); + + if (empty($this->cookies[$domain][$path])) { + unset($this->cookies[$domain][$path]); + + if (empty($this->cookies[$domain])) { + unset($this->cookies[$domain]); + } + } + + if (!$this->cookies) { + unset($this->headerNames['set-cookie']); + } + } + + /** + * Returns an array with all cookies. + * + * @return Cookie[] + * + * @throws \InvalidArgumentException When the $format is invalid + */ + public function getCookies(string $format = self::COOKIES_FLAT): array + { + if (!\in_array($format, [self::COOKIES_FLAT, self::COOKIES_ARRAY])) { + throw new \InvalidArgumentException(sprintf('Format "%s" invalid (%s).', $format, implode(', ', [self::COOKIES_FLAT, self::COOKIES_ARRAY]))); + } + + if (self::COOKIES_ARRAY === $format) { + return $this->cookies; + } + + $flattenedCookies = []; + foreach ($this->cookies as $path) { + foreach ($path as $cookies) { + foreach ($cookies as $cookie) { + $flattenedCookies[] = $cookie; + } + } + } + + return $flattenedCookies; + } + + /** + * Clears a cookie in the browser. + * + * @param bool $partitioned + */ + public function clearCookie(string $name, ?string $path = '/', ?string $domain = null, bool $secure = false, bool $httpOnly = true, ?string $sameSite = null /* , bool $partitioned = false */): void + { + $partitioned = 6 < \func_num_args() ? \func_get_arg(6) : false; + + $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite, $partitioned)); + } + + /** + * @see HeaderUtils::makeDisposition() + */ + public function makeDisposition(string $disposition, string $filename, string $filenameFallback = ''): string + { + return HeaderUtils::makeDisposition($disposition, $filename, $filenameFallback); + } + + /** + * Returns the calculated value of the cache-control header. + * + * This considers several other headers and calculates or modifies the + * cache-control header to a sensible, conservative value. + */ + protected function computeCacheControlValue(): string + { + if (!$this->cacheControl) { + if ($this->has('Last-Modified') || $this->has('Expires')) { + return 'private, must-revalidate'; // allows for heuristic expiration (RFC 7234 Section 4.2.2) in the case of "Last-Modified" + } + + // conservative by default + return 'no-cache, private'; + } + + $header = $this->getCacheControlHeader(); + if (isset($this->cacheControl['public']) || isset($this->cacheControl['private'])) { + return $header; + } + + // public if s-maxage is defined, private otherwise + if (!isset($this->cacheControl['s-maxage'])) { + return $header.', private'; + } + + return $header; + } + + private function initDate(): void + { + $this->set('Date', gmdate('D, d M Y H:i:s').' GMT'); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/ServerBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/ServerBag.php new file mode 100644 index 0000000..09fc386 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/ServerBag.php @@ -0,0 +1,97 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * ServerBag is a container for HTTP headers from the $_SERVER variable. + * + * @author Fabien Potencier + * @author Bulat Shakirzyanov + * @author Robert Kiss + */ +class ServerBag extends ParameterBag +{ + /** + * Gets the HTTP headers. + */ + public function getHeaders(): array + { + $headers = []; + foreach ($this->parameters as $key => $value) { + if (str_starts_with($key, 'HTTP_')) { + $headers[substr($key, 5)] = $value; + } elseif (\in_array($key, ['CONTENT_TYPE', 'CONTENT_LENGTH', 'CONTENT_MD5'], true) && '' !== $value) { + $headers[$key] = $value; + } + } + + if (isset($this->parameters['PHP_AUTH_USER'])) { + $headers['PHP_AUTH_USER'] = $this->parameters['PHP_AUTH_USER']; + $headers['PHP_AUTH_PW'] = $this->parameters['PHP_AUTH_PW'] ?? ''; + } else { + /* + * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default + * For this workaround to work, add these lines to your .htaccess file: + * RewriteCond %{HTTP:Authorization} .+ + * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0] + * + * A sample .htaccess file: + * RewriteEngine On + * RewriteCond %{HTTP:Authorization} .+ + * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0] + * RewriteCond %{REQUEST_FILENAME} !-f + * RewriteRule ^(.*)$ index.php [QSA,L] + */ + + $authorizationHeader = null; + if (isset($this->parameters['HTTP_AUTHORIZATION'])) { + $authorizationHeader = $this->parameters['HTTP_AUTHORIZATION']; + } elseif (isset($this->parameters['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorizationHeader = $this->parameters['REDIRECT_HTTP_AUTHORIZATION']; + } + + if (null !== $authorizationHeader) { + if (0 === stripos($authorizationHeader, 'basic ')) { + // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic + $exploded = explode(':', base64_decode(substr($authorizationHeader, 6)), 2); + if (2 == \count($exploded)) { + [$headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']] = $exploded; + } + } elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest '))) { + // In some circumstances PHP_AUTH_DIGEST needs to be set + $headers['PHP_AUTH_DIGEST'] = $authorizationHeader; + $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader; + } elseif (0 === stripos($authorizationHeader, 'bearer ')) { + /* + * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables, + * I'll just set $headers['AUTHORIZATION'] here. + * https://php.net/reserved.variables.server + */ + $headers['AUTHORIZATION'] = $authorizationHeader; + } + } + } + + if (isset($headers['AUTHORIZATION'])) { + return $headers; + } + + // PHP_AUTH_USER/PHP_AUTH_PW + if (isset($headers['PHP_AUTH_USER'])) { + $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.($headers['PHP_AUTH_PW'] ?? '')); + } elseif (isset($headers['PHP_AUTH_DIGEST'])) { + $headers['AUTHORIZATION'] = $headers['PHP_AUTH_DIGEST']; + } + + return $headers; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php new file mode 100644 index 0000000..042f3bd --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php @@ -0,0 +1,118 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Attribute; + +/** + * This class relates to session attribute storage. + * + * @implements \IteratorAggregate + */ +class AttributeBag implements AttributeBagInterface, \IteratorAggregate, \Countable +{ + protected array $attributes = []; + + private string $name = 'attributes'; + private string $storageKey; + + /** + * @param string $storageKey The key used to store attributes in the session + */ + public function __construct(string $storageKey = '_sf2_attributes') + { + $this->storageKey = $storageKey; + } + + public function getName(): string + { + return $this->name; + } + + public function setName(string $name): void + { + $this->name = $name; + } + + public function initialize(array &$attributes): void + { + $this->attributes = &$attributes; + } + + public function getStorageKey(): string + { + return $this->storageKey; + } + + public function has(string $name): bool + { + return \array_key_exists($name, $this->attributes); + } + + public function get(string $name, mixed $default = null): mixed + { + return \array_key_exists($name, $this->attributes) ? $this->attributes[$name] : $default; + } + + public function set(string $name, mixed $value): void + { + $this->attributes[$name] = $value; + } + + public function all(): array + { + return $this->attributes; + } + + public function replace(array $attributes): void + { + $this->attributes = []; + foreach ($attributes as $key => $value) { + $this->set($key, $value); + } + } + + public function remove(string $name): mixed + { + $retval = null; + if (\array_key_exists($name, $this->attributes)) { + $retval = $this->attributes[$name]; + unset($this->attributes[$name]); + } + + return $retval; + } + + public function clear(): mixed + { + $return = $this->attributes; + $this->attributes = []; + + return $return; + } + + /** + * Returns an iterator for attributes. + * + * @return \ArrayIterator + */ + public function getIterator(): \ArrayIterator + { + return new \ArrayIterator($this->attributes); + } + + /** + * Returns the number of attributes. + */ + public function count(): int + { + return \count($this->attributes); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Attribute/AttributeBagInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Attribute/AttributeBagInterface.php new file mode 100644 index 0000000..39ec9d7 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Attribute/AttributeBagInterface.php @@ -0,0 +1,53 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Attribute; + +use Symfony\Component\HttpFoundation\Session\SessionBagInterface; + +/** + * Attributes store. + * + * @author Drak + */ +interface AttributeBagInterface extends SessionBagInterface +{ + /** + * Checks if an attribute is defined. + */ + public function has(string $name): bool; + + /** + * Returns an attribute. + */ + public function get(string $name, mixed $default = null): mixed; + + /** + * Sets an attribute. + */ + public function set(string $name, mixed $value): void; + + /** + * Returns attributes. + * + * @return array + */ + public function all(): array; + + public function replace(array $attributes): void; + + /** + * Removes an attribute. + * + * @return mixed The removed value or null when it does not exist + */ + public function remove(string $name): mixed; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/AutoExpireFlashBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/AutoExpireFlashBag.php new file mode 100644 index 0000000..2eba843 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/AutoExpireFlashBag.php @@ -0,0 +1,122 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Flash; + +/** + * AutoExpireFlashBag flash message container. + * + * @author Drak + */ +class AutoExpireFlashBag implements FlashBagInterface +{ + private string $name = 'flashes'; + private array $flashes = ['display' => [], 'new' => []]; + private string $storageKey; + + /** + * @param string $storageKey The key used to store flashes in the session + */ + public function __construct(string $storageKey = '_symfony_flashes') + { + $this->storageKey = $storageKey; + } + + public function getName(): string + { + return $this->name; + } + + public function setName(string $name): void + { + $this->name = $name; + } + + public function initialize(array &$flashes): void + { + $this->flashes = &$flashes; + + // The logic: messages from the last request will be stored in new, so we move them to previous + // This request we will show what is in 'display'. What is placed into 'new' this time round will + // be moved to display next time round. + $this->flashes['display'] = \array_key_exists('new', $this->flashes) ? $this->flashes['new'] : []; + $this->flashes['new'] = []; + } + + public function add(string $type, mixed $message): void + { + $this->flashes['new'][$type][] = $message; + } + + public function peek(string $type, array $default = []): array + { + return $this->has($type) ? $this->flashes['display'][$type] : $default; + } + + public function peekAll(): array + { + return \array_key_exists('display', $this->flashes) ? $this->flashes['display'] : []; + } + + public function get(string $type, array $default = []): array + { + $return = $default; + + if (!$this->has($type)) { + return $return; + } + + if (isset($this->flashes['display'][$type])) { + $return = $this->flashes['display'][$type]; + unset($this->flashes['display'][$type]); + } + + return $return; + } + + public function all(): array + { + $return = $this->flashes['display']; + $this->flashes['display'] = []; + + return $return; + } + + public function setAll(array $messages): void + { + $this->flashes['new'] = $messages; + } + + public function set(string $type, string|array $messages): void + { + $this->flashes['new'][$type] = (array) $messages; + } + + public function has(string $type): bool + { + return \array_key_exists($type, $this->flashes['display']) && $this->flashes['display'][$type]; + } + + public function keys(): array + { + return array_keys($this->flashes['display']); + } + + public function getStorageKey(): string + { + return $this->storageKey; + } + + public function clear(): mixed + { + return $this->all(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/FlashBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/FlashBag.php new file mode 100644 index 0000000..044639b --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/FlashBag.php @@ -0,0 +1,113 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Flash; + +/** + * FlashBag flash message container. + * + * @author Drak + */ +class FlashBag implements FlashBagInterface +{ + private string $name = 'flashes'; + private array $flashes = []; + private string $storageKey; + + /** + * @param string $storageKey The key used to store flashes in the session + */ + public function __construct(string $storageKey = '_symfony_flashes') + { + $this->storageKey = $storageKey; + } + + public function getName(): string + { + return $this->name; + } + + public function setName(string $name): void + { + $this->name = $name; + } + + public function initialize(array &$flashes): void + { + $this->flashes = &$flashes; + } + + public function add(string $type, mixed $message): void + { + $this->flashes[$type][] = $message; + } + + public function peek(string $type, array $default = []): array + { + return $this->has($type) ? $this->flashes[$type] : $default; + } + + public function peekAll(): array + { + return $this->flashes; + } + + public function get(string $type, array $default = []): array + { + if (!$this->has($type)) { + return $default; + } + + $return = $this->flashes[$type]; + + unset($this->flashes[$type]); + + return $return; + } + + public function all(): array + { + $return = $this->peekAll(); + $this->flashes = []; + + return $return; + } + + public function set(string $type, string|array $messages): void + { + $this->flashes[$type] = (array) $messages; + } + + public function setAll(array $messages): void + { + $this->flashes = $messages; + } + + public function has(string $type): bool + { + return \array_key_exists($type, $this->flashes) && $this->flashes[$type]; + } + + public function keys(): array + { + return array_keys($this->flashes); + } + + public function getStorageKey(): string + { + return $this->storageKey; + } + + public function clear(): mixed + { + return $this->all(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/FlashBagInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/FlashBagInterface.php new file mode 100644 index 0000000..79e98f5 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Flash/FlashBagInterface.php @@ -0,0 +1,72 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Flash; + +use Symfony\Component\HttpFoundation\Session\SessionBagInterface; + +/** + * FlashBagInterface. + * + * @author Drak + */ +interface FlashBagInterface extends SessionBagInterface +{ + /** + * Adds a flash message for the given type. + */ + public function add(string $type, mixed $message): void; + + /** + * Registers one or more messages for a given type. + */ + public function set(string $type, string|array $messages): void; + + /** + * Gets flash messages for a given type. + * + * @param string $type Message category type + * @param array $default Default value if $type does not exist + */ + public function peek(string $type, array $default = []): array; + + /** + * Gets all flash messages. + */ + public function peekAll(): array; + + /** + * Gets and clears flash from the stack. + * + * @param array $default Default value if $type does not exist + */ + public function get(string $type, array $default = []): array; + + /** + * Gets and clears flashes from the stack. + */ + public function all(): array; + + /** + * Sets all flash messages. + */ + public function setAll(array $messages): void; + + /** + * Has flash messages for a given type? + */ + public function has(string $type): bool; + + /** + * Returns a list of all defined types. + */ + public function keys(): array; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/FlashBagAwareSessionInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/FlashBagAwareSessionInterface.php new file mode 100644 index 0000000..90151d3 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/FlashBagAwareSessionInterface.php @@ -0,0 +1,22 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface; + +/** + * Interface for session with a flashbag. + */ +interface FlashBagAwareSessionInterface extends SessionInterface +{ + public function getFlashBag(): FlashBagInterface; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Session.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Session.php new file mode 100644 index 0000000..972021f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Session.php @@ -0,0 +1,223 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag; +use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface; +use Symfony\Component\HttpFoundation\Session\Flash\FlashBag; +use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface; +use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag; +use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; +use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface; + +// Help opcache.preload discover always-needed symbols +class_exists(AttributeBag::class); +class_exists(FlashBag::class); +class_exists(SessionBagProxy::class); + +/** + * @author Fabien Potencier + * @author Drak + * + * @implements \IteratorAggregate + */ +class Session implements FlashBagAwareSessionInterface, \IteratorAggregate, \Countable +{ + protected SessionStorageInterface $storage; + + private string $flashName; + private string $attributeName; + private array $data = []; + private int $usageIndex = 0; + private ?\Closure $usageReporter; + + public function __construct(?SessionStorageInterface $storage = null, ?AttributeBagInterface $attributes = null, ?FlashBagInterface $flashes = null, ?callable $usageReporter = null) + { + $this->storage = $storage ?? new NativeSessionStorage(); + $this->usageReporter = null === $usageReporter ? null : $usageReporter(...); + + $attributes ??= new AttributeBag(); + $this->attributeName = $attributes->getName(); + $this->registerBag($attributes); + + $flashes ??= new FlashBag(); + $this->flashName = $flashes->getName(); + $this->registerBag($flashes); + } + + public function start(): bool + { + return $this->storage->start(); + } + + public function has(string $name): bool + { + return $this->getAttributeBag()->has($name); + } + + public function get(string $name, mixed $default = null): mixed + { + return $this->getAttributeBag()->get($name, $default); + } + + public function set(string $name, mixed $value): void + { + $this->getAttributeBag()->set($name, $value); + } + + public function all(): array + { + return $this->getAttributeBag()->all(); + } + + public function replace(array $attributes): void + { + $this->getAttributeBag()->replace($attributes); + } + + public function remove(string $name): mixed + { + return $this->getAttributeBag()->remove($name); + } + + public function clear(): void + { + $this->getAttributeBag()->clear(); + } + + public function isStarted(): bool + { + return $this->storage->isStarted(); + } + + /** + * Returns an iterator for attributes. + * + * @return \ArrayIterator + */ + public function getIterator(): \ArrayIterator + { + return new \ArrayIterator($this->getAttributeBag()->all()); + } + + /** + * Returns the number of attributes. + */ + public function count(): int + { + return \count($this->getAttributeBag()->all()); + } + + public function &getUsageIndex(): int + { + return $this->usageIndex; + } + + /** + * @internal + */ + public function isEmpty(): bool + { + if ($this->isStarted()) { + ++$this->usageIndex; + if ($this->usageReporter && 0 <= $this->usageIndex) { + ($this->usageReporter)(); + } + } + foreach ($this->data as &$data) { + if ($data) { + return false; + } + } + + return true; + } + + public function invalidate(?int $lifetime = null): bool + { + $this->storage->clear(); + + return $this->migrate(true, $lifetime); + } + + public function migrate(bool $destroy = false, ?int $lifetime = null): bool + { + return $this->storage->regenerate($destroy, $lifetime); + } + + public function save(): void + { + $this->storage->save(); + } + + public function getId(): string + { + return $this->storage->getId(); + } + + public function setId(string $id): void + { + if ($this->storage->getId() !== $id) { + $this->storage->setId($id); + } + } + + public function getName(): string + { + return $this->storage->getName(); + } + + public function setName(string $name): void + { + $this->storage->setName($name); + } + + public function getMetadataBag(): MetadataBag + { + ++$this->usageIndex; + if ($this->usageReporter && 0 <= $this->usageIndex) { + ($this->usageReporter)(); + } + + return $this->storage->getMetadataBag(); + } + + public function registerBag(SessionBagInterface $bag): void + { + $this->storage->registerBag(new SessionBagProxy($bag, $this->data, $this->usageIndex, $this->usageReporter)); + } + + public function getBag(string $name): SessionBagInterface + { + $bag = $this->storage->getBag($name); + + return method_exists($bag, 'getBag') ? $bag->getBag() : $bag; + } + + /** + * Gets the flashbag interface. + */ + public function getFlashBag(): FlashBagInterface + { + return $this->getBag($this->flashName); + } + + /** + * Gets the attributebag interface. + * + * Note that this method was added to help with IDE autocompletion. + */ + private function getAttributeBag(): AttributeBagInterface + { + return $this->getBag($this->attributeName); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionBagInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionBagInterface.php new file mode 100644 index 0000000..6a224cf --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionBagInterface.php @@ -0,0 +1,42 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +/** + * Session Bag store. + * + * @author Drak + */ +interface SessionBagInterface +{ + /** + * Gets this bag's name. + */ + public function getName(): string; + + /** + * Initializes the Bag. + */ + public function initialize(array &$array): void; + + /** + * Gets the storage key for this bag. + */ + public function getStorageKey(): string; + + /** + * Clears out data from bag. + * + * @return mixed Whatever data was contained + */ + public function clear(): mixed; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionBagProxy.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionBagProxy.php new file mode 100644 index 0000000..e759d94 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionBagProxy.php @@ -0,0 +1,83 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +/** + * @author Nicolas Grekas + * + * @internal + */ +final class SessionBagProxy implements SessionBagInterface +{ + private SessionBagInterface $bag; + private array $data; + private ?int $usageIndex; + private ?\Closure $usageReporter; + + public function __construct(SessionBagInterface $bag, array &$data, ?int &$usageIndex, ?callable $usageReporter) + { + $this->bag = $bag; + $this->data = &$data; + $this->usageIndex = &$usageIndex; + $this->usageReporter = null === $usageReporter ? null : $usageReporter(...); + } + + public function getBag(): SessionBagInterface + { + ++$this->usageIndex; + if ($this->usageReporter && 0 <= $this->usageIndex) { + ($this->usageReporter)(); + } + + return $this->bag; + } + + public function isEmpty(): bool + { + if (!isset($this->data[$this->bag->getStorageKey()])) { + return true; + } + ++$this->usageIndex; + if ($this->usageReporter && 0 <= $this->usageIndex) { + ($this->usageReporter)(); + } + + return empty($this->data[$this->bag->getStorageKey()]); + } + + public function getName(): string + { + return $this->bag->getName(); + } + + public function initialize(array &$array): void + { + ++$this->usageIndex; + if ($this->usageReporter && 0 <= $this->usageIndex) { + ($this->usageReporter)(); + } + + $this->data[$this->bag->getStorageKey()] = &$array; + + $this->bag->initialize($array); + } + + public function getStorageKey(): string + { + return $this->bag->getStorageKey(); + } + + public function clear(): mixed + { + return $this->bag->clear(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionFactory.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionFactory.php new file mode 100644 index 0000000..c06ed4b --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionFactory.php @@ -0,0 +1,40 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +use Symfony\Component\HttpFoundation\RequestStack; +use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageFactoryInterface; + +// Help opcache.preload discover always-needed symbols +class_exists(Session::class); + +/** + * @author Jérémy Derussé + */ +class SessionFactory implements SessionFactoryInterface +{ + private RequestStack $requestStack; + private SessionStorageFactoryInterface $storageFactory; + private ?\Closure $usageReporter; + + public function __construct(RequestStack $requestStack, SessionStorageFactoryInterface $storageFactory, ?callable $usageReporter = null) + { + $this->requestStack = $requestStack; + $this->storageFactory = $storageFactory; + $this->usageReporter = null === $usageReporter ? null : $usageReporter(...); + } + + public function createSession(): SessionInterface + { + return new Session($this->storageFactory->createStorage($this->requestStack->getMainRequest()), null, null, $this->usageReporter); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionFactoryInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionFactoryInterface.php new file mode 100644 index 0000000..b24fdc4 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionFactoryInterface.php @@ -0,0 +1,20 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +/** + * @author Kevin Bond + */ +interface SessionFactoryInterface +{ + public function createSession(): SessionInterface; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionInterface.php new file mode 100644 index 0000000..3e29ba4 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionInterface.php @@ -0,0 +1,140 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag; + +/** + * Interface for the session. + * + * @author Drak + */ +interface SessionInterface +{ + /** + * Starts the session storage. + * + * @throws \RuntimeException if session fails to start + */ + public function start(): bool; + + /** + * Returns the session ID. + */ + public function getId(): string; + + /** + * Sets the session ID. + */ + public function setId(string $id): void; + + /** + * Returns the session name. + */ + public function getName(): string; + + /** + * Sets the session name. + */ + public function setName(string $name): void; + + /** + * Invalidates the current session. + * + * Clears all session attributes and flashes and regenerates the + * session and deletes the old session from persistence. + * + * @param int|null $lifetime Sets the cookie lifetime for the session cookie. A null value + * will leave the system settings unchanged, 0 sets the cookie + * to expire with browser session. Time is in seconds, and is + * not a Unix timestamp. + */ + public function invalidate(?int $lifetime = null): bool; + + /** + * Migrates the current session to a new session id while maintaining all + * session attributes. + * + * @param bool $destroy Whether to delete the old session or leave it to garbage collection + * @param int|null $lifetime Sets the cookie lifetime for the session cookie. A null value + * will leave the system settings unchanged, 0 sets the cookie + * to expire with browser session. Time is in seconds, and is + * not a Unix timestamp. + */ + public function migrate(bool $destroy = false, ?int $lifetime = null): bool; + + /** + * Force the session to be saved and closed. + * + * This method is generally not required for real sessions as + * the session will be automatically saved at the end of + * code execution. + */ + public function save(): void; + + /** + * Checks if an attribute is defined. + */ + public function has(string $name): bool; + + /** + * Returns an attribute. + */ + public function get(string $name, mixed $default = null): mixed; + + /** + * Sets an attribute. + */ + public function set(string $name, mixed $value): void; + + /** + * Returns attributes. + */ + public function all(): array; + + /** + * Sets attributes. + */ + public function replace(array $attributes): void; + + /** + * Removes an attribute. + * + * @return mixed The removed value or null when it does not exist + */ + public function remove(string $name): mixed; + + /** + * Clears all attributes. + */ + public function clear(): void; + + /** + * Checks if the session was started. + */ + public function isStarted(): bool; + + /** + * Registers a SessionBagInterface with the session. + */ + public function registerBag(SessionBagInterface $bag): void; + + /** + * Gets a bag instance by name. + */ + public function getBag(string $name): SessionBagInterface; + + /** + * Gets session meta. + */ + public function getMetadataBag(): MetadataBag; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionUtils.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionUtils.php new file mode 100644 index 0000000..504c584 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/SessionUtils.php @@ -0,0 +1,59 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +/** + * Session utility functions. + * + * @author Nicolas Grekas + * @author Rémon van de Kamp + * + * @internal + */ +final class SessionUtils +{ + /** + * Finds the session header amongst the headers that are to be sent, removes it, and returns + * it so the caller can process it further. + */ + public static function popSessionCookie(string $sessionName, #[\SensitiveParameter] string $sessionId): ?string + { + $sessionCookie = null; + $sessionCookiePrefix = sprintf(' %s=', urlencode($sessionName)); + $sessionCookieWithId = sprintf('%s%s;', $sessionCookiePrefix, urlencode($sessionId)); + $otherCookies = []; + foreach (headers_list() as $h) { + if (0 !== stripos($h, 'Set-Cookie:')) { + continue; + } + if (11 === strpos($h, $sessionCookiePrefix, 11)) { + $sessionCookie = $h; + + if (11 !== strpos($h, $sessionCookieWithId, 11)) { + $otherCookies[] = $h; + } + } else { + $otherCookies[] = $h; + } + } + if (null === $sessionCookie) { + return null; + } + + header_remove('Set-Cookie'); + foreach ($otherCookies as $h) { + header($h, false); + } + + return $sessionCookie; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php new file mode 100644 index 0000000..288c242 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/AbstractSessionHandler.php @@ -0,0 +1,111 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +use Symfony\Component\HttpFoundation\Session\SessionUtils; + +/** + * This abstract session handler provides a generic implementation + * of the PHP 7.0 SessionUpdateTimestampHandlerInterface, + * enabling strict and lazy session handling. + * + * @author Nicolas Grekas + */ +abstract class AbstractSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface +{ + private string $sessionName; + private string $prefetchId; + private string $prefetchData; + private ?string $newSessionId = null; + private string $igbinaryEmptyData; + + public function open(string $savePath, string $sessionName): bool + { + $this->sessionName = $sessionName; + if (!headers_sent() && !\ini_get('session.cache_limiter') && '0' !== \ini_get('session.cache_limiter')) { + header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) \ini_get('session.cache_expire'))); + } + + return true; + } + + abstract protected function doRead(#[\SensitiveParameter] string $sessionId): string; + + abstract protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool; + + abstract protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool; + + public function validateId(#[\SensitiveParameter] string $sessionId): bool + { + $this->prefetchData = $this->read($sessionId); + $this->prefetchId = $sessionId; + + return '' !== $this->prefetchData; + } + + public function read(#[\SensitiveParameter] string $sessionId): string + { + if (isset($this->prefetchId)) { + $prefetchId = $this->prefetchId; + $prefetchData = $this->prefetchData; + unset($this->prefetchId, $this->prefetchData); + + if ($prefetchId === $sessionId || '' === $prefetchData) { + $this->newSessionId = '' === $prefetchData ? $sessionId : null; + + return $prefetchData; + } + } + + $data = $this->doRead($sessionId); + $this->newSessionId = '' === $data ? $sessionId : null; + + return $data; + } + + public function write(#[\SensitiveParameter] string $sessionId, string $data): bool + { + // see https://github.com/igbinary/igbinary/issues/146 + $this->igbinaryEmptyData ??= \function_exists('igbinary_serialize') ? igbinary_serialize([]) : ''; + if ('' === $data || $this->igbinaryEmptyData === $data) { + return $this->destroy($sessionId); + } + $this->newSessionId = null; + + return $this->doWrite($sessionId, $data); + } + + public function destroy(#[\SensitiveParameter] string $sessionId): bool + { + if (!headers_sent() && filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOL)) { + if (!isset($this->sessionName)) { + throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class)); + } + $cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId); + + /* + * We send an invalidation Set-Cookie header (zero lifetime) + * when either the session was started or a cookie with + * the session name was sent by the client (in which case + * we know it's invalid as a valid session cookie would've + * started the session). + */ + if (null === $cookie || isset($_COOKIE[$this->sessionName])) { + $params = session_get_cookie_params(); + unset($params['lifetime']); + setcookie($this->sessionName, '', $params); + } + } + + return $this->newSessionId === $sessionId || $this->doDestroy($sessionId); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/IdentityMarshaller.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/IdentityMarshaller.php new file mode 100644 index 0000000..411a8d1 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/IdentityMarshaller.php @@ -0,0 +1,36 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +use Symfony\Component\Cache\Marshaller\MarshallerInterface; + +/** + * @author Ahmed TAILOULOUTE + */ +class IdentityMarshaller implements MarshallerInterface +{ + public function marshall(array $values, ?array &$failed): array + { + foreach ($values as $key => $value) { + if (!\is_string($value)) { + throw new \LogicException(sprintf('%s accepts only string as data.', __METHOD__)); + } + } + + return $values; + } + + public function unmarshall(string $value): string + { + return $value; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MarshallingSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MarshallingSessionHandler.php new file mode 100644 index 0000000..1567f54 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MarshallingSessionHandler.php @@ -0,0 +1,76 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +use Symfony\Component\Cache\Marshaller\MarshallerInterface; + +/** + * @author Ahmed TAILOULOUTE + */ +class MarshallingSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface +{ + private AbstractSessionHandler $handler; + private MarshallerInterface $marshaller; + + public function __construct(AbstractSessionHandler $handler, MarshallerInterface $marshaller) + { + $this->handler = $handler; + $this->marshaller = $marshaller; + } + + public function open(string $savePath, string $name): bool + { + return $this->handler->open($savePath, $name); + } + + public function close(): bool + { + return $this->handler->close(); + } + + public function destroy(#[\SensitiveParameter] string $sessionId): bool + { + return $this->handler->destroy($sessionId); + } + + public function gc(int $maxlifetime): int|false + { + return $this->handler->gc($maxlifetime); + } + + public function read(#[\SensitiveParameter] string $sessionId): string + { + return $this->marshaller->unmarshall($this->handler->read($sessionId)); + } + + public function write(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $failed = []; + $marshalledData = $this->marshaller->marshall(['data' => $data], $failed); + + if (isset($failed['data'])) { + return false; + } + + return $this->handler->write($sessionId, $marshalledData['data']); + } + + public function validateId(#[\SensitiveParameter] string $sessionId): bool + { + return $this->handler->validateId($sessionId); + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return $this->handler->updateTimestamp($sessionId, $data); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MemcachedSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MemcachedSessionHandler.php new file mode 100644 index 0000000..91a023d --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MemcachedSessionHandler.php @@ -0,0 +1,112 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +/** + * Memcached based session storage handler based on the Memcached class + * provided by the PHP memcached extension. + * + * @see https://php.net/memcached + * + * @author Drak + */ +class MemcachedSessionHandler extends AbstractSessionHandler +{ + private \Memcached $memcached; + + /** + * Time to live in seconds. + */ + private int|\Closure|null $ttl; + + /** + * Key prefix for shared environments. + */ + private string $prefix; + + /** + * Constructor. + * + * List of available options: + * * prefix: The prefix to use for the memcached keys in order to avoid collision + * * ttl: The time to live in seconds. + * + * @throws \InvalidArgumentException When unsupported options are passed + */ + public function __construct(\Memcached $memcached, array $options = []) + { + $this->memcached = $memcached; + + if ($diff = array_diff(array_keys($options), ['prefix', 'expiretime', 'ttl'])) { + throw new \InvalidArgumentException(sprintf('The following options are not supported "%s".', implode(', ', $diff))); + } + + $this->ttl = $options['expiretime'] ?? $options['ttl'] ?? null; + $this->prefix = $options['prefix'] ?? 'sf2s'; + } + + public function close(): bool + { + return $this->memcached->quit(); + } + + protected function doRead(#[\SensitiveParameter] string $sessionId): string + { + return $this->memcached->get($this->prefix.$sessionId) ?: ''; + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $this->memcached->touch($this->prefix.$sessionId, $this->getCompatibleTtl()); + + return true; + } + + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return $this->memcached->set($this->prefix.$sessionId, $data, $this->getCompatibleTtl()); + } + + private function getCompatibleTtl(): int + { + $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); + + // If the relative TTL that is used exceeds 30 days, memcached will treat the value as Unix time. + // We have to convert it to an absolute Unix time at this point, to make sure the TTL is correct. + if ($ttl > 60 * 60 * 24 * 30) { + $ttl += time(); + } + + return $ttl; + } + + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool + { + $result = $this->memcached->delete($this->prefix.$sessionId); + + return $result || \Memcached::RES_NOTFOUND == $this->memcached->getResultCode(); + } + + public function gc(int $maxlifetime): int|false + { + // not required here because memcached will auto expire the records anyhow. + return 0; + } + + /** + * Return a Memcached instance. + */ + protected function getMemcached(): \Memcached + { + return $this->memcached; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MigratingSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MigratingSessionHandler.php new file mode 100644 index 0000000..8ed6a7b --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MigratingSessionHandler.php @@ -0,0 +1,100 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +/** + * Migrating session handler for migrating from one handler to another. It reads + * from the current handler and writes both the current and new ones. + * + * It ignores errors from the new handler. + * + * @author Ross Motley + * @author Oliver Radwell + */ +class MigratingSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface +{ + private \SessionHandlerInterface&\SessionUpdateTimestampHandlerInterface $currentHandler; + private \SessionHandlerInterface&\SessionUpdateTimestampHandlerInterface $writeOnlyHandler; + + public function __construct(\SessionHandlerInterface $currentHandler, \SessionHandlerInterface $writeOnlyHandler) + { + if (!$currentHandler instanceof \SessionUpdateTimestampHandlerInterface) { + $currentHandler = new StrictSessionHandler($currentHandler); + } + if (!$writeOnlyHandler instanceof \SessionUpdateTimestampHandlerInterface) { + $writeOnlyHandler = new StrictSessionHandler($writeOnlyHandler); + } + + $this->currentHandler = $currentHandler; + $this->writeOnlyHandler = $writeOnlyHandler; + } + + public function close(): bool + { + $result = $this->currentHandler->close(); + $this->writeOnlyHandler->close(); + + return $result; + } + + public function destroy(#[\SensitiveParameter] string $sessionId): bool + { + $result = $this->currentHandler->destroy($sessionId); + $this->writeOnlyHandler->destroy($sessionId); + + return $result; + } + + public function gc(int $maxlifetime): int|false + { + $result = $this->currentHandler->gc($maxlifetime); + $this->writeOnlyHandler->gc($maxlifetime); + + return $result; + } + + public function open(string $savePath, string $sessionName): bool + { + $result = $this->currentHandler->open($savePath, $sessionName); + $this->writeOnlyHandler->open($savePath, $sessionName); + + return $result; + } + + public function read(#[\SensitiveParameter] string $sessionId): string + { + // No reading from new handler until switch-over + return $this->currentHandler->read($sessionId); + } + + public function write(#[\SensitiveParameter] string $sessionId, string $sessionData): bool + { + $result = $this->currentHandler->write($sessionId, $sessionData); + $this->writeOnlyHandler->write($sessionId, $sessionData); + + return $result; + } + + public function validateId(#[\SensitiveParameter] string $sessionId): bool + { + // No reading from new handler until switch-over + return $this->currentHandler->validateId($sessionId); + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $sessionData): bool + { + $result = $this->currentHandler->updateTimestamp($sessionId, $sessionData); + $this->writeOnlyHandler->updateTimestamp($sessionId, $sessionData); + + return $result; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MongoDbSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MongoDbSessionHandler.php new file mode 100644 index 0000000..d558603 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/MongoDbSessionHandler.php @@ -0,0 +1,186 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +use MongoDB\BSON\Binary; +use MongoDB\BSON\UTCDateTime; +use MongoDB\Client; +use MongoDB\Driver\BulkWrite; +use MongoDB\Driver\Manager; +use MongoDB\Driver\Query; + +/** + * Session handler using the MongoDB driver extension. + * + * @author Markus Bachmann + * @author Jérôme Tamarelle + * + * @see https://php.net/mongodb + */ +class MongoDbSessionHandler extends AbstractSessionHandler +{ + private Manager $manager; + private string $namespace; + private array $options; + private int|\Closure|null $ttl; + + /** + * Constructor. + * + * List of available options: + * * database: The name of the database [required] + * * collection: The name of the collection [required] + * * id_field: The field name for storing the session id [default: _id] + * * data_field: The field name for storing the session data [default: data] + * * time_field: The field name for storing the timestamp [default: time] + * * expiry_field: The field name for storing the expiry-timestamp [default: expires_at] + * * ttl: The time to live in seconds. + * + * It is strongly recommended to put an index on the `expiry_field` for + * garbage-collection. Alternatively it's possible to automatically expire + * the sessions in the database as described below: + * + * A TTL collections can be used on MongoDB 2.2+ to cleanup expired sessions + * automatically. Such an index can for example look like this: + * + * db..createIndex( + * { "": 1 }, + * { "expireAfterSeconds": 0 } + * ) + * + * More details on: https://docs.mongodb.org/manual/tutorial/expire-data/ + * + * If you use such an index, you can drop `gc_probability` to 0 since + * no garbage-collection is required. + * + * @throws \InvalidArgumentException When "database" or "collection" not provided + */ + public function __construct(Client|Manager $mongo, array $options) + { + if (!isset($options['database']) || !isset($options['collection'])) { + throw new \InvalidArgumentException('You must provide the "database" and "collection" option for MongoDBSessionHandler.'); + } + + if ($mongo instanceof Client) { + $mongo = $mongo->getManager(); + } + + $this->manager = $mongo; + $this->namespace = $options['database'].'.'.$options['collection']; + + $this->options = array_merge([ + 'id_field' => '_id', + 'data_field' => 'data', + 'time_field' => 'time', + 'expiry_field' => 'expires_at', + ], $options); + $this->ttl = $this->options['ttl'] ?? null; + } + + public function close(): bool + { + return true; + } + + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool + { + $write = new BulkWrite(); + $write->delete( + [$this->options['id_field'] => $sessionId], + ['limit' => 1] + ); + + $this->manager->executeBulkWrite($this->namespace, $write); + + return true; + } + + public function gc(int $maxlifetime): int|false + { + $write = new BulkWrite(); + $write->delete( + [$this->options['expiry_field'] => ['$lt' => $this->getUTCDateTime()]], + ); + $result = $this->manager->executeBulkWrite($this->namespace, $write); + + return $result->getDeletedCount() ?? false; + } + + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); + $expiry = $this->getUTCDateTime($ttl); + + $fields = [ + $this->options['time_field'] => $this->getUTCDateTime(), + $this->options['expiry_field'] => $expiry, + $this->options['data_field'] => new Binary($data, Binary::TYPE_GENERIC), + ]; + + $write = new BulkWrite(); + $write->update( + [$this->options['id_field'] => $sessionId], + ['$set' => $fields], + ['upsert' => true] + ); + + $this->manager->executeBulkWrite($this->namespace, $write); + + return true; + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); + $expiry = $this->getUTCDateTime($ttl); + + $write = new BulkWrite(); + $write->update( + [$this->options['id_field'] => $sessionId], + ['$set' => [ + $this->options['time_field'] => $this->getUTCDateTime(), + $this->options['expiry_field'] => $expiry, + ]], + ['multi' => false], + ); + + $this->manager->executeBulkWrite($this->namespace, $write); + + return true; + } + + protected function doRead(#[\SensitiveParameter] string $sessionId): string + { + $cursor = $this->manager->executeQuery($this->namespace, new Query([ + $this->options['id_field'] => $sessionId, + $this->options['expiry_field'] => ['$gte' => $this->getUTCDateTime()], + ], [ + 'projection' => [ + '_id' => false, + $this->options['data_field'] => true, + ], + 'limit' => 1, + ])); + + foreach ($cursor as $document) { + return (string) $document->{$this->options['data_field']} ?? ''; + } + + // Not found + return ''; + } + + private function getUTCDateTime(int $additionalSeconds = 0): UTCDateTime + { + return new UTCDateTime((time() + $additionalSeconds) * 1000); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/NativeFileSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/NativeFileSessionHandler.php new file mode 100644 index 0000000..f8c6151 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/NativeFileSessionHandler.php @@ -0,0 +1,55 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +/** + * Native session handler using PHP's built in file storage. + * + * @author Drak + */ +class NativeFileSessionHandler extends \SessionHandler +{ + /** + * @param string|null $savePath Path of directory to save session files + * Default null will leave setting as defined by PHP. + * '/path', 'N;/path', or 'N;octal-mode;/path + * + * @see https://php.net/session.configuration#ini.session.save-path for further details. + * + * @throws \InvalidArgumentException On invalid $savePath + * @throws \RuntimeException When failing to create the save directory + */ + public function __construct(?string $savePath = null) + { + $baseDir = $savePath ??= \ini_get('session.save_path'); + + if ($count = substr_count($savePath, ';')) { + if ($count > 2) { + throw new \InvalidArgumentException(sprintf('Invalid argument $savePath \'%s\'.', $savePath)); + } + + // characters after last ';' are the path + $baseDir = ltrim(strrchr($savePath, ';'), ';'); + } + + if ($baseDir && !is_dir($baseDir) && !@mkdir($baseDir, 0777, true) && !is_dir($baseDir)) { + throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s".', $baseDir)); + } + + if ($savePath !== \ini_get('session.save_path')) { + ini_set('session.save_path', $savePath); + } + if ('files' !== \ini_get('session.save_handler')) { + ini_set('session.save_handler', 'files'); + } + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/NullSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/NullSessionHandler.php new file mode 100644 index 0000000..a77185e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/NullSessionHandler.php @@ -0,0 +1,55 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +/** + * Can be used in unit testing or in a situations where persisted sessions are not desired. + * + * @author Drak + */ +class NullSessionHandler extends AbstractSessionHandler +{ + public function close(): bool + { + return true; + } + + public function validateId(#[\SensitiveParameter] string $sessionId): bool + { + return true; + } + + protected function doRead(#[\SensitiveParameter] string $sessionId): string + { + return ''; + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return true; + } + + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return true; + } + + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool + { + return true; + } + + public function gc(int $maxlifetime): int|false + { + return 0; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php new file mode 100644 index 0000000..aa8ab56 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php @@ -0,0 +1,899 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +use Doctrine\DBAL\Schema\Schema; +use Doctrine\DBAL\Types\Types; + +/** + * Session handler using a PDO connection to read and write data. + * + * It works with MySQL, PostgreSQL, Oracle, SQL Server and SQLite and implements + * different locking strategies to handle concurrent access to the same session. + * Locking is necessary to prevent loss of data due to race conditions and to keep + * the session data consistent between read() and write(). With locking, requests + * for the same session will wait until the other one finished writing. For this + * reason it's best practice to close a session as early as possible to improve + * concurrency. PHPs internal files session handler also implements locking. + * + * Attention: Since SQLite does not support row level locks but locks the whole database, + * it means only one session can be accessed at a time. Even different sessions would wait + * for another to finish. So saving session in SQLite should only be considered for + * development or prototypes. + * + * Session data is a binary string that can contain non-printable characters like the null byte. + * For this reason it must be saved in a binary column in the database like BLOB in MySQL. + * Saving it in a character column could corrupt the data. You can use createTable() + * to initialize a correctly defined table. + * + * @see https://php.net/sessionhandlerinterface + * + * @author Fabien Potencier + * @author Michael Williams + * @author Tobias Schultze + */ +class PdoSessionHandler extends AbstractSessionHandler +{ + /** + * No locking is done. This means sessions are prone to loss of data due to + * race conditions of concurrent requests to the same session. The last session + * write will win in this case. It might be useful when you implement your own + * logic to deal with this like an optimistic approach. + */ + public const LOCK_NONE = 0; + + /** + * Creates an application-level lock on a session. The disadvantage is that the + * lock is not enforced by the database and thus other, unaware parts of the + * application could still concurrently modify the session. The advantage is it + * does not require a transaction. + * This mode is not available for SQLite and not yet implemented for oci and sqlsrv. + */ + public const LOCK_ADVISORY = 1; + + /** + * Issues a real row lock. Since it uses a transaction between opening and + * closing a session, you have to be careful when you use same database connection + * that you also use for your application logic. This mode is the default because + * it's the only reliable solution across DBMSs. + */ + public const LOCK_TRANSACTIONAL = 2; + + private \PDO $pdo; + + /** + * DSN string or null for session.save_path or false when lazy connection disabled. + */ + private string|false|null $dsn = false; + + private string $driver; + private string $table = 'sessions'; + private string $idCol = 'sess_id'; + private string $dataCol = 'sess_data'; + private string $lifetimeCol = 'sess_lifetime'; + private string $timeCol = 'sess_time'; + + /** + * Time to live in seconds. + */ + private int|\Closure|null $ttl; + + /** + * Username when lazy-connect. + */ + private ?string $username = null; + + /** + * Password when lazy-connect. + */ + private ?string $password = null; + + /** + * Connection options when lazy-connect. + */ + private array $connectionOptions = []; + + /** + * The strategy for locking, see constants. + */ + private int $lockMode = self::LOCK_TRANSACTIONAL; + + /** + * It's an array to support multiple reads before closing which is manual, non-standard usage. + * + * @var \PDOStatement[] An array of statements to release advisory locks + */ + private array $unlockStatements = []; + + /** + * True when the current session exists but expired according to session.gc_maxlifetime. + */ + private bool $sessionExpired = false; + + /** + * Whether a transaction is active. + */ + private bool $inTransaction = false; + + /** + * Whether gc() has been called. + */ + private bool $gcCalled = false; + + /** + * You can either pass an existing database connection as PDO instance or + * pass a DSN string that will be used to lazy-connect to the database + * when the session is actually used. Furthermore it's possible to pass null + * which will then use the session.save_path ini setting as PDO DSN parameter. + * + * List of available options: + * * db_table: The name of the table [default: sessions] + * * db_id_col: The column where to store the session id [default: sess_id] + * * db_data_col: The column where to store the session data [default: sess_data] + * * db_lifetime_col: The column where to store the lifetime [default: sess_lifetime] + * * db_time_col: The column where to store the timestamp [default: sess_time] + * * db_username: The username when lazy-connect [default: ''] + * * db_password: The password when lazy-connect [default: ''] + * * db_connection_options: An array of driver-specific connection options [default: []] + * * lock_mode: The strategy for locking, see constants [default: LOCK_TRANSACTIONAL] + * * ttl: The time to live in seconds. + * + * @param \PDO|string|null $pdoOrDsn A \PDO instance or DSN string or URL string or null + * + * @throws \InvalidArgumentException When PDO error mode is not PDO::ERRMODE_EXCEPTION + */ + public function __construct(#[\SensitiveParameter] \PDO|string|null $pdoOrDsn = null, #[\SensitiveParameter] array $options = []) + { + if ($pdoOrDsn instanceof \PDO) { + if (\PDO::ERRMODE_EXCEPTION !== $pdoOrDsn->getAttribute(\PDO::ATTR_ERRMODE)) { + throw new \InvalidArgumentException(sprintf('"%s" requires PDO error mode attribute be set to throw Exceptions (i.e. $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION)).', __CLASS__)); + } + + $this->pdo = $pdoOrDsn; + $this->driver = $this->pdo->getAttribute(\PDO::ATTR_DRIVER_NAME); + } elseif (\is_string($pdoOrDsn) && str_contains($pdoOrDsn, '://')) { + $this->dsn = $this->buildDsnFromUrl($pdoOrDsn); + } else { + $this->dsn = $pdoOrDsn; + } + + $this->table = $options['db_table'] ?? $this->table; + $this->idCol = $options['db_id_col'] ?? $this->idCol; + $this->dataCol = $options['db_data_col'] ?? $this->dataCol; + $this->lifetimeCol = $options['db_lifetime_col'] ?? $this->lifetimeCol; + $this->timeCol = $options['db_time_col'] ?? $this->timeCol; + $this->username = $options['db_username'] ?? $this->username; + $this->password = $options['db_password'] ?? $this->password; + $this->connectionOptions = $options['db_connection_options'] ?? $this->connectionOptions; + $this->lockMode = $options['lock_mode'] ?? $this->lockMode; + $this->ttl = $options['ttl'] ?? null; + } + + /** + * Adds the Table to the Schema if it doesn't exist. + */ + public function configureSchema(Schema $schema, ?\Closure $isSameDatabase = null): void + { + if ($schema->hasTable($this->table) || ($isSameDatabase && !$isSameDatabase($this->getConnection()->exec(...)))) { + return; + } + + $table = $schema->createTable($this->table); + switch ($this->driver) { + case 'mysql': + $table->addColumn($this->idCol, Types::BINARY)->setLength(128)->setNotnull(true); + $table->addColumn($this->dataCol, Types::BLOB)->setNotnull(true); + $table->addColumn($this->lifetimeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true); + $table->addColumn($this->timeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true); + $table->addOption('collate', 'utf8mb4_bin'); + $table->addOption('engine', 'InnoDB'); + break; + case 'sqlite': + $table->addColumn($this->idCol, Types::TEXT)->setNotnull(true); + $table->addColumn($this->dataCol, Types::BLOB)->setNotnull(true); + $table->addColumn($this->lifetimeCol, Types::INTEGER)->setNotnull(true); + $table->addColumn($this->timeCol, Types::INTEGER)->setNotnull(true); + break; + case 'pgsql': + $table->addColumn($this->idCol, Types::STRING)->setLength(128)->setNotnull(true); + $table->addColumn($this->dataCol, Types::BINARY)->setNotnull(true); + $table->addColumn($this->lifetimeCol, Types::INTEGER)->setNotnull(true); + $table->addColumn($this->timeCol, Types::INTEGER)->setNotnull(true); + break; + case 'oci': + $table->addColumn($this->idCol, Types::STRING)->setLength(128)->setNotnull(true); + $table->addColumn($this->dataCol, Types::BLOB)->setNotnull(true); + $table->addColumn($this->lifetimeCol, Types::INTEGER)->setNotnull(true); + $table->addColumn($this->timeCol, Types::INTEGER)->setNotnull(true); + break; + case 'sqlsrv': + $table->addColumn($this->idCol, Types::TEXT)->setLength(128)->setNotnull(true); + $table->addColumn($this->dataCol, Types::BLOB)->setNotnull(true); + $table->addColumn($this->lifetimeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true); + $table->addColumn($this->timeCol, Types::INTEGER)->setUnsigned(true)->setNotnull(true); + break; + default: + throw new \DomainException(sprintf('Creating the session table is currently not implemented for PDO driver "%s".', $this->driver)); + } + $table->setPrimaryKey([$this->idCol]); + $table->addIndex([$this->lifetimeCol], $this->lifetimeCol.'_idx'); + } + + /** + * Creates the table to store sessions which can be called once for setup. + * + * Session ID is saved in a column of maximum length 128 because that is enough even + * for a 512 bit configured session.hash_function like Whirlpool. Session data is + * saved in a BLOB. One could also use a shorter inlined varbinary column + * if one was sure the data fits into it. + * + * @throws \PDOException When the table already exists + * @throws \DomainException When an unsupported PDO driver is used + */ + public function createTable(): void + { + // connect if we are not yet + $this->getConnection(); + + $sql = match ($this->driver) { + // We use varbinary for the ID column because it prevents unwanted conversions: + // - character set conversions between server and client + // - trailing space removal + // - case-insensitivity + // - language processing like é == e + 'mysql' => "CREATE TABLE $this->table ($this->idCol VARBINARY(128) NOT NULL PRIMARY KEY, $this->dataCol BLOB NOT NULL, $this->lifetimeCol INTEGER UNSIGNED NOT NULL, $this->timeCol INTEGER UNSIGNED NOT NULL) COLLATE utf8mb4_bin, ENGINE = InnoDB", + 'sqlite' => "CREATE TABLE $this->table ($this->idCol TEXT NOT NULL PRIMARY KEY, $this->dataCol BLOB NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)", + 'pgsql' => "CREATE TABLE $this->table ($this->idCol VARCHAR(128) NOT NULL PRIMARY KEY, $this->dataCol BYTEA NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)", + 'oci' => "CREATE TABLE $this->table ($this->idCol VARCHAR2(128) NOT NULL PRIMARY KEY, $this->dataCol BLOB NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)", + 'sqlsrv' => "CREATE TABLE $this->table ($this->idCol VARCHAR(128) NOT NULL PRIMARY KEY, $this->dataCol VARBINARY(MAX) NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)", + default => throw new \DomainException(sprintf('Creating the session table is currently not implemented for PDO driver "%s".', $this->driver)), + }; + + try { + $this->pdo->exec($sql); + $this->pdo->exec("CREATE INDEX {$this->lifetimeCol}_idx ON $this->table ($this->lifetimeCol)"); + } catch (\PDOException $e) { + $this->rollback(); + + throw $e; + } + } + + /** + * Returns true when the current session exists but expired according to session.gc_maxlifetime. + * + * Can be used to distinguish between a new session and one that expired due to inactivity. + */ + public function isSessionExpired(): bool + { + return $this->sessionExpired; + } + + public function open(string $savePath, string $sessionName): bool + { + $this->sessionExpired = false; + + if (!isset($this->pdo)) { + $this->connect($this->dsn ?: $savePath); + } + + return parent::open($savePath, $sessionName); + } + + public function read(#[\SensitiveParameter] string $sessionId): string + { + try { + return parent::read($sessionId); + } catch (\PDOException $e) { + $this->rollback(); + + throw $e; + } + } + + public function gc(int $maxlifetime): int|false + { + // We delay gc() to close() so that it is executed outside the transactional and blocking read-write process. + // This way, pruning expired sessions does not block them from being started while the current session is used. + $this->gcCalled = true; + + return 0; + } + + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool + { + // delete the record associated with this id + $sql = "DELETE FROM $this->table WHERE $this->idCol = :id"; + + try { + $stmt = $this->pdo->prepare($sql); + $stmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); + $stmt->execute(); + } catch (\PDOException $e) { + $this->rollback(); + + throw $e; + } + + return true; + } + + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $maxlifetime = (int) (($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime')); + + try { + // We use a single MERGE SQL query when supported by the database. + $mergeStmt = $this->getMergeStatement($sessionId, $data, $maxlifetime); + if (null !== $mergeStmt) { + $mergeStmt->execute(); + + return true; + } + + $updateStmt = $this->getUpdateStatement($sessionId, $data, $maxlifetime); + $updateStmt->execute(); + + // When MERGE is not supported, like in Postgres < 9.5, we have to use this approach that can result in + // duplicate key errors when the same session is written simultaneously (given the LOCK_NONE behavior). + // We can just catch such an error and re-execute the update. This is similar to a serializable + // transaction with retry logic on serialization failures but without the overhead and without possible + // false positives due to longer gap locking. + if (!$updateStmt->rowCount()) { + try { + $insertStmt = $this->getInsertStatement($sessionId, $data, $maxlifetime); + $insertStmt->execute(); + } catch (\PDOException $e) { + // Handle integrity violation SQLSTATE 23000 (or a subclass like 23505 in Postgres) for duplicate keys + if (str_starts_with($e->getCode(), '23')) { + $updateStmt->execute(); + } else { + throw $e; + } + } + } + } catch (\PDOException $e) { + $this->rollback(); + + throw $e; + } + + return true; + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $expiry = time() + (int) (($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime')); + + try { + $updateStmt = $this->pdo->prepare( + "UPDATE $this->table SET $this->lifetimeCol = :expiry, $this->timeCol = :time WHERE $this->idCol = :id" + ); + $updateStmt->bindValue(':id', $sessionId, \PDO::PARAM_STR); + $updateStmt->bindValue(':expiry', $expiry, \PDO::PARAM_INT); + $updateStmt->bindValue(':time', time(), \PDO::PARAM_INT); + $updateStmt->execute(); + } catch (\PDOException $e) { + $this->rollback(); + + throw $e; + } + + return true; + } + + public function close(): bool + { + $this->commit(); + + while ($unlockStmt = array_shift($this->unlockStatements)) { + $unlockStmt->execute(); + } + + if ($this->gcCalled) { + $this->gcCalled = false; + + // delete the session records that have expired + $sql = "DELETE FROM $this->table WHERE $this->lifetimeCol < :time"; + $stmt = $this->pdo->prepare($sql); + $stmt->bindValue(':time', time(), \PDO::PARAM_INT); + $stmt->execute(); + } + + if (false !== $this->dsn) { + unset($this->pdo, $this->driver); // only close lazy-connection + } + + return true; + } + + /** + * Lazy-connects to the database. + */ + private function connect(#[\SensitiveParameter] string $dsn): void + { + $this->pdo = new \PDO($dsn, $this->username, $this->password, $this->connectionOptions); + $this->pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); + $this->driver = $this->pdo->getAttribute(\PDO::ATTR_DRIVER_NAME); + } + + /** + * Builds a PDO DSN from a URL-like connection string. + * + * @todo implement missing support for oci DSN (which look totally different from other PDO ones) + */ + private function buildDsnFromUrl(#[\SensitiveParameter] string $dsnOrUrl): string + { + // (pdo_)?sqlite3?:///... => (pdo_)?sqlite3?://localhost/... or else the URL will be invalid + $url = preg_replace('#^((?:pdo_)?sqlite3?):///#', '$1://localhost/', $dsnOrUrl); + + $params = parse_url($url); + + if (false === $params) { + return $dsnOrUrl; // If the URL is not valid, let's assume it might be a DSN already. + } + + $params = array_map('rawurldecode', $params); + + // Override the default username and password. Values passed through options will still win over these in the constructor. + if (isset($params['user'])) { + $this->username = $params['user']; + } + + if (isset($params['pass'])) { + $this->password = $params['pass']; + } + + if (!isset($params['scheme'])) { + throw new \InvalidArgumentException('URLs without scheme are not supported to configure the PdoSessionHandler.'); + } + + $driverAliasMap = [ + 'mssql' => 'sqlsrv', + 'mysql2' => 'mysql', // Amazon RDS, for some weird reason + 'postgres' => 'pgsql', + 'postgresql' => 'pgsql', + 'sqlite3' => 'sqlite', + ]; + + $driver = $driverAliasMap[$params['scheme']] ?? $params['scheme']; + + // Doctrine DBAL supports passing its internal pdo_* driver names directly too (allowing both dashes and underscores). This allows supporting the same here. + if (str_starts_with($driver, 'pdo_') || str_starts_with($driver, 'pdo-')) { + $driver = substr($driver, 4); + } + + $dsn = null; + switch ($driver) { + case 'mysql': + $dsn = 'mysql:'; + if ('' !== ($params['query'] ?? '')) { + $queryParams = []; + parse_str($params['query'], $queryParams); + if ('' !== ($queryParams['charset'] ?? '')) { + $dsn .= 'charset='.$queryParams['charset'].';'; + } + + if ('' !== ($queryParams['unix_socket'] ?? '')) { + $dsn .= 'unix_socket='.$queryParams['unix_socket'].';'; + + if (isset($params['path'])) { + $dbName = substr($params['path'], 1); // Remove the leading slash + $dsn .= 'dbname='.$dbName.';'; + } + + return $dsn; + } + } + // If "unix_socket" is not in the query, we continue with the same process as pgsql + // no break + case 'pgsql': + $dsn ??= 'pgsql:'; + + if (isset($params['host']) && '' !== $params['host']) { + $dsn .= 'host='.$params['host'].';'; + } + + if (isset($params['port']) && '' !== $params['port']) { + $dsn .= 'port='.$params['port'].';'; + } + + if (isset($params['path'])) { + $dbName = substr($params['path'], 1); // Remove the leading slash + $dsn .= 'dbname='.$dbName.';'; + } + + return $dsn; + + case 'sqlite': + return 'sqlite:'.substr($params['path'], 1); + + case 'sqlsrv': + $dsn = 'sqlsrv:server='; + + if (isset($params['host'])) { + $dsn .= $params['host']; + } + + if (isset($params['port']) && '' !== $params['port']) { + $dsn .= ','.$params['port']; + } + + if (isset($params['path'])) { + $dbName = substr($params['path'], 1); // Remove the leading slash + $dsn .= ';Database='.$dbName; + } + + return $dsn; + + default: + throw new \InvalidArgumentException(sprintf('The scheme "%s" is not supported by the PdoSessionHandler URL configuration. Pass a PDO DSN directly.', $params['scheme'])); + } + } + + /** + * Helper method to begin a transaction. + * + * Since SQLite does not support row level locks, we have to acquire a reserved lock + * on the database immediately. Because of https://bugs.php.net/42766 we have to create + * such a transaction manually which also means we cannot use PDO::commit or + * PDO::rollback or PDO::inTransaction for SQLite. + * + * Also MySQLs default isolation, REPEATABLE READ, causes deadlock for different sessions + * due to https://percona.com/blog/2013/12/12/one-more-innodb-gap-lock-to-avoid/ . + * So we change it to READ COMMITTED. + */ + private function beginTransaction(): void + { + if (!$this->inTransaction) { + if ('sqlite' === $this->driver) { + $this->pdo->exec('BEGIN IMMEDIATE TRANSACTION'); + } else { + if ('mysql' === $this->driver) { + $this->pdo->exec('SET TRANSACTION ISOLATION LEVEL READ COMMITTED'); + } + $this->pdo->beginTransaction(); + } + $this->inTransaction = true; + } + } + + /** + * Helper method to commit a transaction. + */ + private function commit(): void + { + if ($this->inTransaction) { + try { + // commit read-write transaction which also releases the lock + if ('sqlite' === $this->driver) { + $this->pdo->exec('COMMIT'); + } else { + $this->pdo->commit(); + } + $this->inTransaction = false; + } catch (\PDOException $e) { + $this->rollback(); + + throw $e; + } + } + } + + /** + * Helper method to rollback a transaction. + */ + private function rollback(): void + { + // We only need to rollback if we are in a transaction. Otherwise the resulting + // error would hide the real problem why rollback was called. We might not be + // in a transaction when not using the transactional locking behavior or when + // two callbacks (e.g. destroy and write) are invoked that both fail. + if ($this->inTransaction) { + if ('sqlite' === $this->driver) { + $this->pdo->exec('ROLLBACK'); + } else { + $this->pdo->rollBack(); + } + $this->inTransaction = false; + } + } + + /** + * Reads the session data in respect to the different locking strategies. + * + * We need to make sure we do not return session data that is already considered garbage according + * to the session.gc_maxlifetime setting because gc() is called after read() and only sometimes. + */ + protected function doRead(#[\SensitiveParameter] string $sessionId): string + { + if (self::LOCK_ADVISORY === $this->lockMode) { + $this->unlockStatements[] = $this->doAdvisoryLock($sessionId); + } + + $selectSql = $this->getSelectSql(); + $selectStmt = $this->pdo->prepare($selectSql); + $selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); + $insertStmt = null; + + while (true) { + $selectStmt->execute(); + $sessionRows = $selectStmt->fetchAll(\PDO::FETCH_NUM); + + if ($sessionRows) { + $expiry = (int) $sessionRows[0][1]; + + if ($expiry < time()) { + $this->sessionExpired = true; + + return ''; + } + + return \is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0]; + } + + if (null !== $insertStmt) { + $this->rollback(); + throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.'); + } + + if (!filter_var(\ini_get('session.use_strict_mode'), \FILTER_VALIDATE_BOOL) && self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) { + // In strict mode, session fixation is not possible: new sessions always start with a unique + // random id, so that concurrency is not possible and this code path can be skipped. + // Exclusive-reading of non-existent rows does not block, so we need to do an insert to block + // until other connections to the session are committed. + try { + $insertStmt = $this->getInsertStatement($sessionId, '', 0); + $insertStmt->execute(); + } catch (\PDOException $e) { + // Catch duplicate key error because other connection created the session already. + // It would only not be the case when the other connection destroyed the session. + if (str_starts_with($e->getCode(), '23')) { + // Retrieve finished session data written by concurrent connection by restarting the loop. + // We have to start a new transaction as a failed query will mark the current transaction as + // aborted in PostgreSQL and disallow further queries within it. + $this->rollback(); + $this->beginTransaction(); + continue; + } + + throw $e; + } + } + + return ''; + } + } + + /** + * Executes an application-level lock on the database. + * + * @return \PDOStatement The statement that needs to be executed later to release the lock + * + * @throws \DomainException When an unsupported PDO driver is used + * + * @todo implement missing advisory locks + * - for oci using DBMS_LOCK.REQUEST + * - for sqlsrv using sp_getapplock with LockOwner = Session + */ + private function doAdvisoryLock(#[\SensitiveParameter] string $sessionId): \PDOStatement + { + switch ($this->driver) { + case 'mysql': + // MySQL 5.7.5 and later enforces a maximum length on lock names of 64 characters. Previously, no limit was enforced. + $lockId = substr($sessionId, 0, 64); + // should we handle the return value? 0 on timeout, null on error + // we use a timeout of 50 seconds which is also the default for innodb_lock_wait_timeout + $stmt = $this->pdo->prepare('SELECT GET_LOCK(:key, 50)'); + $stmt->bindValue(':key', $lockId, \PDO::PARAM_STR); + $stmt->execute(); + + $releaseStmt = $this->pdo->prepare('DO RELEASE_LOCK(:key)'); + $releaseStmt->bindValue(':key', $lockId, \PDO::PARAM_STR); + + return $releaseStmt; + case 'pgsql': + // Obtaining an exclusive session level advisory lock requires an integer key. + // When session.sid_bits_per_character > 4, the session id can contain non-hex-characters. + // So we cannot just use hexdec(). + if (4 === \PHP_INT_SIZE) { + $sessionInt1 = $this->convertStringToInt($sessionId); + $sessionInt2 = $this->convertStringToInt(substr($sessionId, 4, 4)); + + $stmt = $this->pdo->prepare('SELECT pg_advisory_lock(:key1, :key2)'); + $stmt->bindValue(':key1', $sessionInt1, \PDO::PARAM_INT); + $stmt->bindValue(':key2', $sessionInt2, \PDO::PARAM_INT); + $stmt->execute(); + + $releaseStmt = $this->pdo->prepare('SELECT pg_advisory_unlock(:key1, :key2)'); + $releaseStmt->bindValue(':key1', $sessionInt1, \PDO::PARAM_INT); + $releaseStmt->bindValue(':key2', $sessionInt2, \PDO::PARAM_INT); + } else { + $sessionBigInt = $this->convertStringToInt($sessionId); + + $stmt = $this->pdo->prepare('SELECT pg_advisory_lock(:key)'); + $stmt->bindValue(':key', $sessionBigInt, \PDO::PARAM_INT); + $stmt->execute(); + + $releaseStmt = $this->pdo->prepare('SELECT pg_advisory_unlock(:key)'); + $releaseStmt->bindValue(':key', $sessionBigInt, \PDO::PARAM_INT); + } + + return $releaseStmt; + case 'sqlite': + throw new \DomainException('SQLite does not support advisory locks.'); + default: + throw new \DomainException(sprintf('Advisory locks are currently not implemented for PDO driver "%s".', $this->driver)); + } + } + + /** + * Encodes the first 4 (when PHP_INT_SIZE == 4) or 8 characters of the string as an integer. + * + * Keep in mind, PHP integers are signed. + */ + private function convertStringToInt(string $string): int + { + if (4 === \PHP_INT_SIZE) { + return (\ord($string[3]) << 24) + (\ord($string[2]) << 16) + (\ord($string[1]) << 8) + \ord($string[0]); + } + + $int1 = (\ord($string[7]) << 24) + (\ord($string[6]) << 16) + (\ord($string[5]) << 8) + \ord($string[4]); + $int2 = (\ord($string[3]) << 24) + (\ord($string[2]) << 16) + (\ord($string[1]) << 8) + \ord($string[0]); + + return $int2 + ($int1 << 32); + } + + /** + * Return a locking or nonlocking SQL query to read session information. + * + * @throws \DomainException When an unsupported PDO driver is used + */ + private function getSelectSql(): string + { + if (self::LOCK_TRANSACTIONAL === $this->lockMode) { + $this->beginTransaction(); + + switch ($this->driver) { + case 'mysql': + case 'oci': + case 'pgsql': + return "SELECT $this->dataCol, $this->lifetimeCol FROM $this->table WHERE $this->idCol = :id FOR UPDATE"; + case 'sqlsrv': + return "SELECT $this->dataCol, $this->lifetimeCol FROM $this->table WITH (UPDLOCK, ROWLOCK) WHERE $this->idCol = :id"; + case 'sqlite': + // we already locked when starting transaction + break; + default: + throw new \DomainException(sprintf('Transactional locks are currently not implemented for PDO driver "%s".', $this->driver)); + } + } + + return "SELECT $this->dataCol, $this->lifetimeCol FROM $this->table WHERE $this->idCol = :id"; + } + + /** + * Returns an insert statement supported by the database for writing session data. + */ + private function getInsertStatement(#[\SensitiveParameter] string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement + { + switch ($this->driver) { + case 'oci': + $data = fopen('php://memory', 'r+'); + fwrite($data, $sessionData); + rewind($data); + $sql = "INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, EMPTY_BLOB(), :expiry, :time) RETURNING $this->dataCol into :data"; + break; + default: + $data = $sessionData; + $sql = "INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :expiry, :time)"; + break; + } + + $stmt = $this->pdo->prepare($sql); + $stmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); + $stmt->bindParam(':data', $data, \PDO::PARAM_LOB); + $stmt->bindValue(':expiry', time() + $maxlifetime, \PDO::PARAM_INT); + $stmt->bindValue(':time', time(), \PDO::PARAM_INT); + + return $stmt; + } + + /** + * Returns an update statement supported by the database for writing session data. + */ + private function getUpdateStatement(#[\SensitiveParameter] string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement + { + switch ($this->driver) { + case 'oci': + $data = fopen('php://memory', 'r+'); + fwrite($data, $sessionData); + rewind($data); + $sql = "UPDATE $this->table SET $this->dataCol = EMPTY_BLOB(), $this->lifetimeCol = :expiry, $this->timeCol = :time WHERE $this->idCol = :id RETURNING $this->dataCol into :data"; + break; + default: + $data = $sessionData; + $sql = "UPDATE $this->table SET $this->dataCol = :data, $this->lifetimeCol = :expiry, $this->timeCol = :time WHERE $this->idCol = :id"; + break; + } + + $stmt = $this->pdo->prepare($sql); + $stmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); + $stmt->bindParam(':data', $data, \PDO::PARAM_LOB); + $stmt->bindValue(':expiry', time() + $maxlifetime, \PDO::PARAM_INT); + $stmt->bindValue(':time', time(), \PDO::PARAM_INT); + + return $stmt; + } + + /** + * Returns a merge/upsert (i.e. insert or update) statement when supported by the database for writing session data. + */ + private function getMergeStatement(#[\SensitiveParameter] string $sessionId, string $data, int $maxlifetime): ?\PDOStatement + { + switch (true) { + case 'mysql' === $this->driver: + $mergeSql = "INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :expiry, :time) ". + "ON DUPLICATE KEY UPDATE $this->dataCol = VALUES($this->dataCol), $this->lifetimeCol = VALUES($this->lifetimeCol), $this->timeCol = VALUES($this->timeCol)"; + break; + case 'sqlsrv' === $this->driver && version_compare($this->pdo->getAttribute(\PDO::ATTR_SERVER_VERSION), '10', '>='): + // MERGE is only available since SQL Server 2008 and must be terminated by semicolon + // It also requires HOLDLOCK according to https://weblogs.sqlteam.com/dang/2009/01/31/upsert-race-condition-with-merge/ + $mergeSql = "MERGE INTO $this->table WITH (HOLDLOCK) USING (SELECT 1 AS dummy) AS src ON ($this->idCol = ?) ". + "WHEN NOT MATCHED THEN INSERT ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (?, ?, ?, ?) ". + "WHEN MATCHED THEN UPDATE SET $this->dataCol = ?, $this->lifetimeCol = ?, $this->timeCol = ?;"; + break; + case 'sqlite' === $this->driver: + $mergeSql = "INSERT OR REPLACE INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :expiry, :time)"; + break; + case 'pgsql' === $this->driver && version_compare($this->pdo->getAttribute(\PDO::ATTR_SERVER_VERSION), '9.5', '>='): + $mergeSql = "INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :expiry, :time) ". + "ON CONFLICT ($this->idCol) DO UPDATE SET ($this->dataCol, $this->lifetimeCol, $this->timeCol) = (EXCLUDED.$this->dataCol, EXCLUDED.$this->lifetimeCol, EXCLUDED.$this->timeCol)"; + break; + default: + // MERGE is not supported with LOBs: https://oracle.com/technetwork/articles/fuecks-lobs-095315.html + return null; + } + + $mergeStmt = $this->pdo->prepare($mergeSql); + + if ('sqlsrv' === $this->driver) { + $mergeStmt->bindParam(1, $sessionId, \PDO::PARAM_STR); + $mergeStmt->bindParam(2, $sessionId, \PDO::PARAM_STR); + $mergeStmt->bindParam(3, $data, \PDO::PARAM_LOB); + $mergeStmt->bindValue(4, time() + $maxlifetime, \PDO::PARAM_INT); + $mergeStmt->bindValue(5, time(), \PDO::PARAM_INT); + $mergeStmt->bindParam(6, $data, \PDO::PARAM_LOB); + $mergeStmt->bindValue(7, time() + $maxlifetime, \PDO::PARAM_INT); + $mergeStmt->bindValue(8, time(), \PDO::PARAM_INT); + } else { + $mergeStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); + $mergeStmt->bindParam(':data', $data, \PDO::PARAM_LOB); + $mergeStmt->bindValue(':expiry', time() + $maxlifetime, \PDO::PARAM_INT); + $mergeStmt->bindValue(':time', time(), \PDO::PARAM_INT); + } + + return $mergeStmt; + } + + /** + * Return a PDO instance. + */ + protected function getConnection(): \PDO + { + if (!isset($this->pdo)) { + $this->connect($this->dsn ?: \ini_get('session.save_path')); + } + + return $this->pdo; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/RedisSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/RedisSessionHandler.php new file mode 100644 index 0000000..b696eee --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/RedisSessionHandler.php @@ -0,0 +1,103 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +use Predis\Response\ErrorInterface; +use Relay\Relay; + +/** + * Redis based session storage handler based on the Redis class + * provided by the PHP redis extension. + * + * @author Dalibor Karlović + */ +class RedisSessionHandler extends AbstractSessionHandler +{ + /** + * Key prefix for shared environments. + */ + private string $prefix; + + /** + * Time to live in seconds. + */ + private int|\Closure|null $ttl; + + /** + * List of available options: + * * prefix: The prefix to use for the keys in order to avoid collision on the Redis server + * * ttl: The time to live in seconds. + * + * @throws \InvalidArgumentException When unsupported client or options are passed + */ + public function __construct( + private \Redis|Relay|\RedisArray|\RedisCluster|\Predis\ClientInterface $redis, + array $options = [], + ) { + if ($diff = array_diff(array_keys($options), ['prefix', 'ttl'])) { + throw new \InvalidArgumentException(sprintf('The following options are not supported "%s".', implode(', ', $diff))); + } + + $this->prefix = $options['prefix'] ?? 'sf_s'; + $this->ttl = $options['ttl'] ?? null; + } + + protected function doRead(#[\SensitiveParameter] string $sessionId): string + { + return $this->redis->get($this->prefix.$sessionId) ?: ''; + } + + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); + $result = $this->redis->setEx($this->prefix.$sessionId, (int) $ttl, $data); + + return $result && !$result instanceof ErrorInterface; + } + + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool + { + static $unlink = true; + + if ($unlink) { + try { + $unlink = false !== $this->redis->unlink($this->prefix.$sessionId); + } catch (\Throwable) { + $unlink = false; + } + } + + if (!$unlink) { + $this->redis->del($this->prefix.$sessionId); + } + + return true; + } + + #[\ReturnTypeWillChange] + public function close(): bool + { + return true; + } + + public function gc(int $maxlifetime): int|false + { + return 0; + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); + + return $this->redis->expire($this->prefix.$sessionId, (int) $ttl); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/SessionHandlerFactory.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/SessionHandlerFactory.php new file mode 100644 index 0000000..3f1d032 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/SessionHandlerFactory.php @@ -0,0 +1,95 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +use Doctrine\DBAL\Configuration; +use Doctrine\DBAL\DriverManager; +use Doctrine\DBAL\Schema\DefaultSchemaManagerFactory; +use Doctrine\DBAL\Tools\DsnParser; +use Relay\Relay; +use Symfony\Component\Cache\Adapter\AbstractAdapter; + +/** + * @author Nicolas Grekas + */ +class SessionHandlerFactory +{ + public static function createHandler(object|string $connection, array $options = []): AbstractSessionHandler + { + if ($query = \is_string($connection) ? parse_url($connection) : false) { + parse_str($query['query'] ?? '', $query); + + if (($options['ttl'] ?? null) instanceof \Closure) { + $query['ttl'] = $options['ttl']; + } + } + $options = ($query ?: []) + $options; + + switch (true) { + case $connection instanceof \Redis: + case $connection instanceof Relay: + case $connection instanceof \RedisArray: + case $connection instanceof \RedisCluster: + case $connection instanceof \Predis\ClientInterface: + return new RedisSessionHandler($connection); + + case $connection instanceof \Memcached: + return new MemcachedSessionHandler($connection); + + case $connection instanceof \PDO: + return new PdoSessionHandler($connection); + + case !\is_string($connection): + throw new \InvalidArgumentException(sprintf('Unsupported Connection: "%s".', get_debug_type($connection))); + case str_starts_with($connection, 'file://'): + $savePath = substr($connection, 7); + + return new StrictSessionHandler(new NativeFileSessionHandler('' === $savePath ? null : $savePath)); + + case str_starts_with($connection, 'redis:'): + case str_starts_with($connection, 'rediss:'): + case str_starts_with($connection, 'memcached:'): + if (!class_exists(AbstractAdapter::class)) { + throw new \InvalidArgumentException('Unsupported Redis or Memcached DSN. Try running "composer require symfony/cache".'); + } + $handlerClass = str_starts_with($connection, 'memcached:') ? MemcachedSessionHandler::class : RedisSessionHandler::class; + $connection = AbstractAdapter::createConnection($connection, ['lazy' => true]); + + return new $handlerClass($connection, array_intersect_key($options, ['prefix' => 1, 'ttl' => 1])); + + case str_starts_with($connection, 'pdo_oci://'): + if (!class_exists(DriverManager::class)) { + throw new \InvalidArgumentException('Unsupported PDO OCI DSN. Try running "composer require doctrine/dbal".'); + } + $connection[3] = '-'; + $params = (new DsnParser())->parse($connection); + $config = new Configuration(); + $config->setSchemaManagerFactory(new DefaultSchemaManagerFactory()); + + $connection = DriverManager::getConnection($params, $config)->getNativeConnection(); + // no break; + + case str_starts_with($connection, 'mssql://'): + case str_starts_with($connection, 'mysql://'): + case str_starts_with($connection, 'mysql2://'): + case str_starts_with($connection, 'pgsql://'): + case str_starts_with($connection, 'postgres://'): + case str_starts_with($connection, 'postgresql://'): + case str_starts_with($connection, 'sqlsrv://'): + case str_starts_with($connection, 'sqlite://'): + case str_starts_with($connection, 'sqlite3://'): + return new PdoSessionHandler($connection, $options); + } + + throw new \InvalidArgumentException(sprintf('Unsupported Connection: "%s".', $connection)); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php new file mode 100644 index 0000000..1f86687 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php @@ -0,0 +1,89 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; + +/** + * Adds basic `SessionUpdateTimestampHandlerInterface` behaviors to another `SessionHandlerInterface`. + * + * @author Nicolas Grekas + */ +class StrictSessionHandler extends AbstractSessionHandler +{ + private \SessionHandlerInterface $handler; + private bool $doDestroy; + + public function __construct(\SessionHandlerInterface $handler) + { + if ($handler instanceof \SessionUpdateTimestampHandlerInterface) { + throw new \LogicException(sprintf('"%s" is already an instance of "SessionUpdateTimestampHandlerInterface", you cannot wrap it with "%s".', get_debug_type($handler), self::class)); + } + + $this->handler = $handler; + } + + /** + * Returns true if this handler wraps an internal PHP session save handler using \SessionHandler. + * + * @internal + */ + public function isWrapper(): bool + { + return $this->handler instanceof \SessionHandler; + } + + public function open(string $savePath, string $sessionName): bool + { + parent::open($savePath, $sessionName); + + return $this->handler->open($savePath, $sessionName); + } + + protected function doRead(#[\SensitiveParameter] string $sessionId): string + { + return $this->handler->read($sessionId); + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return $this->write($sessionId, $data); + } + + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return $this->handler->write($sessionId, $data); + } + + public function destroy(#[\SensitiveParameter] string $sessionId): bool + { + $this->doDestroy = true; + $destroyed = parent::destroy($sessionId); + + return $this->doDestroy ? $this->doDestroy($sessionId) : $destroyed; + } + + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool + { + $this->doDestroy = false; + + return $this->handler->destroy($sessionId); + } + + public function close(): bool + { + return $this->handler->close(); + } + + public function gc(int $maxlifetime): int|false + { + return $this->handler->gc($maxlifetime); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MetadataBag.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MetadataBag.php new file mode 100644 index 0000000..3e80f7d --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MetadataBag.php @@ -0,0 +1,133 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Session\SessionBagInterface; + +/** + * Metadata container. + * + * Adds metadata to the session. + * + * @author Drak + */ +class MetadataBag implements SessionBagInterface +{ + public const CREATED = 'c'; + public const UPDATED = 'u'; + public const LIFETIME = 'l'; + + protected array $meta = [self::CREATED => 0, self::UPDATED => 0, self::LIFETIME => 0]; + + private string $name = '__metadata'; + private string $storageKey; + private int $lastUsed; + private int $updateThreshold; + + /** + * @param string $storageKey The key used to store bag in the session + * @param int $updateThreshold The time to wait between two UPDATED updates + */ + public function __construct(string $storageKey = '_sf2_meta', int $updateThreshold = 0) + { + $this->storageKey = $storageKey; + $this->updateThreshold = $updateThreshold; + } + + public function initialize(array &$array): void + { + $this->meta = &$array; + + if (isset($array[self::CREATED])) { + $this->lastUsed = $this->meta[self::UPDATED]; + + $timeStamp = time(); + if ($timeStamp - $array[self::UPDATED] >= $this->updateThreshold) { + $this->meta[self::UPDATED] = $timeStamp; + } + } else { + $this->stampCreated(); + } + } + + /** + * Gets the lifetime that the session cookie was set with. + */ + public function getLifetime(): int + { + return $this->meta[self::LIFETIME]; + } + + /** + * Stamps a new session's metadata. + * + * @param int|null $lifetime Sets the cookie lifetime for the session cookie. A null value + * will leave the system settings unchanged, 0 sets the cookie + * to expire with browser session. Time is in seconds, and is + * not a Unix timestamp. + */ + public function stampNew(?int $lifetime = null): void + { + $this->stampCreated($lifetime); + } + + public function getStorageKey(): string + { + return $this->storageKey; + } + + /** + * Gets the created timestamp metadata. + * + * @return int Unix timestamp + */ + public function getCreated(): int + { + return $this->meta[self::CREATED]; + } + + /** + * Gets the last used metadata. + * + * @return int Unix timestamp + */ + public function getLastUsed(): int + { + return $this->lastUsed; + } + + public function clear(): mixed + { + // nothing to do + return null; + } + + public function getName(): string + { + return $this->name; + } + + /** + * Sets name. + */ + public function setName(string $name): void + { + $this->name = $name; + } + + private function stampCreated(?int $lifetime = null): void + { + $timeStamp = time(); + $this->meta[self::CREATED] = $this->meta[self::UPDATED] = $this->lastUsed = $timeStamp; + $this->meta[self::LIFETIME] = $lifetime ?? (int) \ini_get('session.cookie_lifetime'); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockArraySessionStorage.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockArraySessionStorage.php new file mode 100644 index 0000000..617e51e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockArraySessionStorage.php @@ -0,0 +1,188 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Session\SessionBagInterface; + +/** + * MockArraySessionStorage mocks the session for unit tests. + * + * No PHP session is actually started since a session can be initialized + * and shutdown only once per PHP execution cycle. + * + * When doing functional testing, you should use MockFileSessionStorage instead. + * + * @author Fabien Potencier + * @author Bulat Shakirzyanov + * @author Drak + */ +class MockArraySessionStorage implements SessionStorageInterface +{ + protected string $id = ''; + protected string $name; + protected bool $started = false; + protected bool $closed = false; + protected array $data = []; + protected MetadataBag $metadataBag; + + /** + * @var SessionBagInterface[] + */ + protected array $bags = []; + + public function __construct(string $name = 'MOCKSESSID', ?MetadataBag $metaBag = null) + { + $this->name = $name; + $this->setMetadataBag($metaBag); + } + + public function setSessionData(array $array): void + { + $this->data = $array; + } + + public function start(): bool + { + if ($this->started) { + return true; + } + + if (!$this->id) { + $this->id = $this->generateId(); + } + + $this->loadSession(); + + return true; + } + + public function regenerate(bool $destroy = false, ?int $lifetime = null): bool + { + if (!$this->started) { + $this->start(); + } + + $this->metadataBag->stampNew($lifetime); + $this->id = $this->generateId(); + + return true; + } + + public function getId(): string + { + return $this->id; + } + + public function setId(string $id): void + { + if ($this->started) { + throw new \LogicException('Cannot set session ID after the session has started.'); + } + + $this->id = $id; + } + + public function getName(): string + { + return $this->name; + } + + public function setName(string $name): void + { + $this->name = $name; + } + + public function save(): void + { + if (!$this->started || $this->closed) { + throw new \RuntimeException('Trying to save a session that was not started yet or was already closed.'); + } + // nothing to do since we don't persist the session data + $this->closed = false; + $this->started = false; + } + + public function clear(): void + { + // clear out the bags + foreach ($this->bags as $bag) { + $bag->clear(); + } + + // clear out the session + $this->data = []; + + // reconnect the bags to the session + $this->loadSession(); + } + + public function registerBag(SessionBagInterface $bag): void + { + $this->bags[$bag->getName()] = $bag; + } + + public function getBag(string $name): SessionBagInterface + { + if (!isset($this->bags[$name])) { + throw new \InvalidArgumentException(sprintf('The SessionBagInterface "%s" is not registered.', $name)); + } + + if (!$this->started) { + $this->start(); + } + + return $this->bags[$name]; + } + + public function isStarted(): bool + { + return $this->started; + } + + public function setMetadataBag(?MetadataBag $bag): void + { + $this->metadataBag = $bag ?? new MetadataBag(); + } + + /** + * Gets the MetadataBag. + */ + public function getMetadataBag(): MetadataBag + { + return $this->metadataBag; + } + + /** + * Generates a session ID. + * + * This doesn't need to be particularly cryptographically secure since this is just + * a mock. + */ + protected function generateId(): string + { + return bin2hex(random_bytes(16)); + } + + protected function loadSession(): void + { + $bags = array_merge($this->bags, [$this->metadataBag]); + + foreach ($bags as $bag) { + $key = $bag->getStorageKey(); + $this->data[$key] ??= []; + $bag->initialize($this->data[$key]); + } + + $this->started = true; + $this->closed = false; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockFileSessionStorage.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockFileSessionStorage.php new file mode 100644 index 0000000..48dd74d --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockFileSessionStorage.php @@ -0,0 +1,149 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +/** + * MockFileSessionStorage is used to mock sessions for + * functional testing where you may need to persist session data + * across separate PHP processes. + * + * No PHP session is actually started since a session can be initialized + * and shutdown only once per PHP execution cycle and this class does + * not pollute any session related globals, including session_*() functions + * or session.* PHP ini directives. + * + * @author Drak + */ +class MockFileSessionStorage extends MockArraySessionStorage +{ + private string $savePath; + + /** + * @param string|null $savePath Path of directory to save session files + */ + public function __construct(?string $savePath = null, string $name = 'MOCKSESSID', ?MetadataBag $metaBag = null) + { + $savePath ??= sys_get_temp_dir(); + + if (!is_dir($savePath) && !@mkdir($savePath, 0777, true) && !is_dir($savePath)) { + throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s".', $savePath)); + } + + $this->savePath = $savePath; + + parent::__construct($name, $metaBag); + } + + public function start(): bool + { + if ($this->started) { + return true; + } + + if (!$this->id) { + $this->id = $this->generateId(); + } + + $this->read(); + + $this->started = true; + + return true; + } + + public function regenerate(bool $destroy = false, ?int $lifetime = null): bool + { + if (!$this->started) { + $this->start(); + } + + if ($destroy) { + $this->destroy(); + } + + return parent::regenerate($destroy, $lifetime); + } + + public function save(): void + { + if (!$this->started) { + throw new \RuntimeException('Trying to save a session that was not started yet or was already closed.'); + } + + $data = $this->data; + + foreach ($this->bags as $bag) { + if (empty($data[$key = $bag->getStorageKey()])) { + unset($data[$key]); + } + } + if ([$key = $this->metadataBag->getStorageKey()] === array_keys($data)) { + unset($data[$key]); + } + + try { + if ($data) { + $path = $this->getFilePath(); + $tmp = $path.bin2hex(random_bytes(6)); + file_put_contents($tmp, serialize($data)); + rename($tmp, $path); + } else { + $this->destroy(); + } + } finally { + $this->data = $data; + } + + // this is needed when the session object is re-used across multiple requests + // in functional tests. + $this->started = false; + } + + /** + * Deletes a session from persistent storage. + * Deliberately leaves session data in memory intact. + */ + private function destroy(): void + { + set_error_handler(static function () {}); + try { + unlink($this->getFilePath()); + } finally { + restore_error_handler(); + } + } + + /** + * Calculate path to file. + */ + private function getFilePath(): string + { + return $this->savePath.'/'.$this->id.'.mocksess'; + } + + /** + * Reads session from storage and loads session. + */ + private function read(): void + { + set_error_handler(static function () {}); + try { + $data = file_get_contents($this->getFilePath()); + } finally { + restore_error_handler(); + } + + $this->data = $data ? unserialize($data) : []; + + $this->loadSession(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockFileSessionStorageFactory.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockFileSessionStorageFactory.php new file mode 100644 index 0000000..6727cf1 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/MockFileSessionStorageFactory.php @@ -0,0 +1,42 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Request; + +// Help opcache.preload discover always-needed symbols +class_exists(MockFileSessionStorage::class); + +/** + * @author Jérémy Derussé + */ +class MockFileSessionStorageFactory implements SessionStorageFactoryInterface +{ + private ?string $savePath; + private string $name; + private ?MetadataBag $metaBag; + + /** + * @see MockFileSessionStorage constructor. + */ + public function __construct(?string $savePath = null, string $name = 'MOCKSESSID', ?MetadataBag $metaBag = null) + { + $this->savePath = $savePath; + $this->name = $name; + $this->metaBag = $metaBag; + } + + public function createStorage(?Request $request): SessionStorageInterface + { + return new MockFileSessionStorage($this->savePath, $this->name, $this->metaBag); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php new file mode 100644 index 0000000..d32292a --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php @@ -0,0 +1,402 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Session\SessionBagInterface; +use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler; +use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy; +use Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy; + +// Help opcache.preload discover always-needed symbols +class_exists(MetadataBag::class); +class_exists(StrictSessionHandler::class); +class_exists(SessionHandlerProxy::class); + +/** + * This provides a base class for session attribute storage. + * + * @author Drak + */ +class NativeSessionStorage implements SessionStorageInterface +{ + /** + * @var SessionBagInterface[] + */ + protected array $bags = []; + protected bool $started = false; + protected bool $closed = false; + protected AbstractProxy|\SessionHandlerInterface $saveHandler; + protected MetadataBag $metadataBag; + + /** + * Depending on how you want the storage driver to behave you probably + * want to override this constructor entirely. + * + * List of options for $options array with their defaults. + * + * @see https://php.net/session.configuration for options + * but we omit 'session.' from the beginning of the keys for convenience. + * + * ("auto_start", is not supported as it tells PHP to start a session before + * PHP starts to execute user-land code. Setting during runtime has no effect). + * + * cache_limiter, "" (use "0" to prevent headers from being sent entirely). + * cache_expire, "0" + * cookie_domain, "" + * cookie_httponly, "" + * cookie_lifetime, "0" + * cookie_path, "/" + * cookie_secure, "" + * cookie_samesite, null + * gc_divisor, "100" + * gc_maxlifetime, "1440" + * gc_probability, "1" + * lazy_write, "1" + * name, "PHPSESSID" + * referer_check, "" + * serialize_handler, "php" + * use_strict_mode, "1" + * use_cookies, "1" + * use_only_cookies, "1" + * use_trans_sid, "0" + * sid_length, "32" + * sid_bits_per_character, "5" + * trans_sid_hosts, $_SERVER['HTTP_HOST'] + * trans_sid_tags, "a=href,area=href,frame=src,form=" + */ + public function __construct(array $options = [], AbstractProxy|\SessionHandlerInterface|null $handler = null, ?MetadataBag $metaBag = null) + { + if (!\extension_loaded('session')) { + throw new \LogicException('PHP extension "session" is required.'); + } + + $options += [ + 'cache_limiter' => '', + 'cache_expire' => 0, + 'use_cookies' => 1, + 'lazy_write' => 1, + 'use_strict_mode' => 1, + ]; + + session_register_shutdown(); + + $this->setMetadataBag($metaBag); + $this->setOptions($options); + $this->setSaveHandler($handler); + } + + /** + * Gets the save handler instance. + */ + public function getSaveHandler(): AbstractProxy|\SessionHandlerInterface + { + return $this->saveHandler; + } + + public function start(): bool + { + if ($this->started) { + return true; + } + + if (\PHP_SESSION_ACTIVE === session_status()) { + throw new \RuntimeException('Failed to start the session: already started by PHP.'); + } + + if (filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOL) && headers_sent($file, $line)) { + throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line)); + } + + $sessionId = $_COOKIE[session_name()] ?? null; + /* + * Explanation of the session ID regular expression: `/^[a-zA-Z0-9,-]{22,250}$/`. + * + * ---------- Part 1 + * + * The part `[a-zA-Z0-9,-]` is related to the PHP ini directive `session.sid_bits_per_character` defined as 6. + * See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character. + * Allowed values are integers such as: + * - 4 for range `a-f0-9` + * - 5 for range `a-v0-9` + * - 6 for range `a-zA-Z0-9,-` + * + * ---------- Part 2 + * + * The part `{22,250}` is related to the PHP ini directive `session.sid_length`. + * See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-length. + * Allowed values are integers between 22 and 256, but we use 250 for the max. + * + * Where does the 250 come from? + * - The length of Windows and Linux filenames is limited to 255 bytes. Then the max must not exceed 255. + * - The session filename prefix is `sess_`, a 5 bytes string. Then the max must not exceed 255 - 5 = 250. + * + * ---------- Conclusion + * + * The parts 1 and 2 prevent the warning below: + * `PHP Warning: SessionHandler::read(): Session ID is too long or contains illegal characters. Only the A-Z, a-z, 0-9, "-", and "," characters are allowed.` + * + * The part 2 prevents the warning below: + * `PHP Warning: SessionHandler::read(): open(filepath, O_RDWR) failed: No such file or directory (2).` + */ + if ($sessionId && $this->saveHandler instanceof AbstractProxy && 'files' === $this->saveHandler->getSaveHandlerName() && !preg_match('/^[a-zA-Z0-9,-]{22,250}$/', $sessionId)) { + // the session ID in the header is invalid, create a new one + session_id(session_create_id()); + } + + // ok to try and start the session + if (!session_start()) { + throw new \RuntimeException('Failed to start the session.'); + } + + $this->loadSession(); + + return true; + } + + public function getId(): string + { + return $this->saveHandler->getId(); + } + + public function setId(string $id): void + { + $this->saveHandler->setId($id); + } + + public function getName(): string + { + return $this->saveHandler->getName(); + } + + public function setName(string $name): void + { + $this->saveHandler->setName($name); + } + + public function regenerate(bool $destroy = false, ?int $lifetime = null): bool + { + // Cannot regenerate the session ID for non-active sessions. + if (\PHP_SESSION_ACTIVE !== session_status()) { + return false; + } + + if (headers_sent()) { + return false; + } + + if (null !== $lifetime && $lifetime != \ini_get('session.cookie_lifetime')) { + $this->save(); + ini_set('session.cookie_lifetime', $lifetime); + $this->start(); + } + + if ($destroy) { + $this->metadataBag->stampNew(); + } + + return session_regenerate_id($destroy); + } + + public function save(): void + { + // Store a copy so we can restore the bags in case the session was not left empty + $session = $_SESSION; + + foreach ($this->bags as $bag) { + if (empty($_SESSION[$key = $bag->getStorageKey()])) { + unset($_SESSION[$key]); + } + } + if ($_SESSION && [$key = $this->metadataBag->getStorageKey()] === array_keys($_SESSION)) { + unset($_SESSION[$key]); + } + + // Register error handler to add information about the current save handler + $previousHandler = set_error_handler(function ($type, $msg, $file, $line) use (&$previousHandler) { + if (\E_WARNING === $type && str_starts_with($msg, 'session_write_close():')) { + $handler = $this->saveHandler instanceof SessionHandlerProxy ? $this->saveHandler->getHandler() : $this->saveHandler; + $msg = sprintf('session_write_close(): Failed to write session data with "%s" handler', $handler::class); + } + + return $previousHandler ? $previousHandler($type, $msg, $file, $line) : false; + }); + + try { + session_write_close(); + } finally { + restore_error_handler(); + + // Restore only if not empty + if ($_SESSION) { + $_SESSION = $session; + } + } + + $this->closed = true; + $this->started = false; + } + + public function clear(): void + { + // clear out the bags + foreach ($this->bags as $bag) { + $bag->clear(); + } + + // clear out the session + $_SESSION = []; + + // reconnect the bags to the session + $this->loadSession(); + } + + public function registerBag(SessionBagInterface $bag): void + { + if ($this->started) { + throw new \LogicException('Cannot register a bag when the session is already started.'); + } + + $this->bags[$bag->getName()] = $bag; + } + + public function getBag(string $name): SessionBagInterface + { + if (!isset($this->bags[$name])) { + throw new \InvalidArgumentException(sprintf('The SessionBagInterface "%s" is not registered.', $name)); + } + + if (!$this->started && $this->saveHandler->isActive()) { + $this->loadSession(); + } elseif (!$this->started) { + $this->start(); + } + + return $this->bags[$name]; + } + + public function setMetadataBag(?MetadataBag $metaBag): void + { + $this->metadataBag = $metaBag ?? new MetadataBag(); + } + + /** + * Gets the MetadataBag. + */ + public function getMetadataBag(): MetadataBag + { + return $this->metadataBag; + } + + public function isStarted(): bool + { + return $this->started; + } + + /** + * Sets session.* ini variables. + * + * For convenience we omit 'session.' from the beginning of the keys. + * Explicitly ignores other ini keys. + * + * @param array $options Session ini directives [key => value] + * + * @see https://php.net/session.configuration + */ + public function setOptions(array $options): void + { + if (headers_sent() || \PHP_SESSION_ACTIVE === session_status()) { + return; + } + + $validOptions = array_flip([ + 'cache_expire', 'cache_limiter', 'cookie_domain', 'cookie_httponly', + 'cookie_lifetime', 'cookie_path', 'cookie_secure', 'cookie_samesite', + 'gc_divisor', 'gc_maxlifetime', 'gc_probability', + 'lazy_write', 'name', 'referer_check', + 'serialize_handler', 'use_strict_mode', 'use_cookies', + 'use_only_cookies', 'use_trans_sid', + 'sid_length', 'sid_bits_per_character', 'trans_sid_hosts', 'trans_sid_tags', + ]); + + foreach ($options as $key => $value) { + if (isset($validOptions[$key])) { + if ('cookie_secure' === $key && 'auto' === $value) { + continue; + } + ini_set('session.'.$key, $value); + } + } + } + + /** + * Registers session save handler as a PHP session handler. + * + * To use internal PHP session save handlers, override this method using ini_set with + * session.save_handler and session.save_path e.g. + * + * ini_set('session.save_handler', 'files'); + * ini_set('session.save_path', '/tmp'); + * + * or pass in a \SessionHandler instance which configures session.save_handler in the + * constructor, for a template see NativeFileSessionHandler. + * + * @see https://php.net/session-set-save-handler + * @see https://php.net/sessionhandlerinterface + * @see https://php.net/sessionhandler + * + * @throws \InvalidArgumentException + */ + public function setSaveHandler(AbstractProxy|\SessionHandlerInterface|null $saveHandler): void + { + // Wrap $saveHandler in proxy and prevent double wrapping of proxy + if (!$saveHandler instanceof AbstractProxy && $saveHandler instanceof \SessionHandlerInterface) { + $saveHandler = new SessionHandlerProxy($saveHandler); + } elseif (!$saveHandler instanceof AbstractProxy) { + $saveHandler = new SessionHandlerProxy(new StrictSessionHandler(new \SessionHandler())); + } + $this->saveHandler = $saveHandler; + + if (headers_sent() || \PHP_SESSION_ACTIVE === session_status()) { + return; + } + + if ($this->saveHandler instanceof SessionHandlerProxy) { + session_set_save_handler($this->saveHandler, false); + } + } + + /** + * Load the session with attributes. + * + * After starting the session, PHP retrieves the session from whatever handlers + * are set to (either PHP's internal, or a custom save handler set with session_set_save_handler()). + * PHP takes the return value from the read() handler, unserializes it + * and populates $_SESSION with the result automatically. + */ + protected function loadSession(?array &$session = null): void + { + if (null === $session) { + $session = &$_SESSION; + } + + $bags = array_merge($this->bags, [$this->metadataBag]); + + foreach ($bags as $bag) { + $key = $bag->getStorageKey(); + $session[$key] = isset($session[$key]) && \is_array($session[$key]) ? $session[$key] : []; + $bag->initialize($session[$key]); + } + + $this->started = true; + $this->closed = false; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorageFactory.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorageFactory.php new file mode 100644 index 0000000..6463a4c --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorageFactory.php @@ -0,0 +1,50 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy; + +// Help opcache.preload discover always-needed symbols +class_exists(NativeSessionStorage::class); + +/** + * @author Jérémy Derussé + */ +class NativeSessionStorageFactory implements SessionStorageFactoryInterface +{ + private array $options; + private AbstractProxy|\SessionHandlerInterface|null $handler; + private ?MetadataBag $metaBag; + private bool $secure; + + /** + * @see NativeSessionStorage constructor. + */ + public function __construct(array $options = [], AbstractProxy|\SessionHandlerInterface|null $handler = null, ?MetadataBag $metaBag = null, bool $secure = false) + { + $this->options = $options; + $this->handler = $handler; + $this->metaBag = $metaBag; + $this->secure = $secure; + } + + public function createStorage(?Request $request): SessionStorageInterface + { + $storage = new NativeSessionStorage($this->options, $this->handler, $this->metaBag); + if ($this->secure && $request?->isSecure()) { + $storage->setOptions(['cookie_secure' => true]); + } + + return $storage; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/PhpBridgeSessionStorage.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/PhpBridgeSessionStorage.php new file mode 100644 index 0000000..8a8c50c --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/PhpBridgeSessionStorage.php @@ -0,0 +1,55 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy; + +/** + * Allows session to be started by PHP and managed by Symfony. + * + * @author Drak + */ +class PhpBridgeSessionStorage extends NativeSessionStorage +{ + public function __construct(AbstractProxy|\SessionHandlerInterface|null $handler = null, ?MetadataBag $metaBag = null) + { + if (!\extension_loaded('session')) { + throw new \LogicException('PHP extension "session" is required.'); + } + + $this->setMetadataBag($metaBag); + $this->setSaveHandler($handler); + } + + public function start(): bool + { + if ($this->started) { + return true; + } + + $this->loadSession(); + + return true; + } + + public function clear(): void + { + // clear out the bags and nothing else that may be set + // since the purpose of this driver is to share a handler + foreach ($this->bags as $bag) { + $bag->clear(); + } + + // reconnect the bags to the session + $this->loadSession(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/PhpBridgeSessionStorageFactory.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/PhpBridgeSessionStorageFactory.php new file mode 100644 index 0000000..aa4f800 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/PhpBridgeSessionStorageFactory.php @@ -0,0 +1,45 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy; + +// Help opcache.preload discover always-needed symbols +class_exists(PhpBridgeSessionStorage::class); + +/** + * @author Jérémy Derussé + */ +class PhpBridgeSessionStorageFactory implements SessionStorageFactoryInterface +{ + private AbstractProxy|\SessionHandlerInterface|null $handler; + private ?MetadataBag $metaBag; + private bool $secure; + + public function __construct(AbstractProxy|\SessionHandlerInterface|null $handler = null, ?MetadataBag $metaBag = null, bool $secure = false) + { + $this->handler = $handler; + $this->metaBag = $metaBag; + $this->secure = $secure; + } + + public function createStorage(?Request $request): SessionStorageInterface + { + $storage = new PhpBridgeSessionStorage($this->handler, $this->metaBag); + if ($this->secure && $request?->isSecure()) { + $storage->setOptions(['cookie_secure' => true]); + } + + return $storage; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Proxy/AbstractProxy.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Proxy/AbstractProxy.php new file mode 100644 index 0000000..c3a0278 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Proxy/AbstractProxy.php @@ -0,0 +1,98 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Proxy; + +/** + * @author Drak + */ +abstract class AbstractProxy +{ + protected bool $wrapper = false; + + protected ?string $saveHandlerName = null; + + /** + * Gets the session.save_handler name. + */ + public function getSaveHandlerName(): ?string + { + return $this->saveHandlerName; + } + + /** + * Is this proxy handler and instance of \SessionHandlerInterface. + */ + public function isSessionHandlerInterface(): bool + { + return $this instanceof \SessionHandlerInterface; + } + + /** + * Returns true if this handler wraps an internal PHP session save handler using \SessionHandler. + */ + public function isWrapper(): bool + { + return $this->wrapper; + } + + /** + * Has a session started? + */ + public function isActive(): bool + { + return \PHP_SESSION_ACTIVE === session_status(); + } + + /** + * Gets the session ID. + */ + public function getId(): string + { + return session_id(); + } + + /** + * Sets the session ID. + * + * @throws \LogicException + */ + public function setId(string $id): void + { + if ($this->isActive()) { + throw new \LogicException('Cannot change the ID of an active session.'); + } + + session_id($id); + } + + /** + * Gets the session name. + */ + public function getName(): string + { + return session_name(); + } + + /** + * Sets the session name. + * + * @throws \LogicException + */ + public function setName(string $name): void + { + if ($this->isActive()) { + throw new \LogicException('Cannot change the name of an active session.'); + } + + session_name($name); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Proxy/SessionHandlerProxy.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Proxy/SessionHandlerProxy.php new file mode 100644 index 0000000..b8df97f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/Proxy/SessionHandlerProxy.php @@ -0,0 +1,76 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage\Proxy; + +use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler; + +/** + * @author Drak + */ +class SessionHandlerProxy extends AbstractProxy implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface +{ + protected \SessionHandlerInterface $handler; + + public function __construct(\SessionHandlerInterface $handler) + { + $this->handler = $handler; + $this->wrapper = $handler instanceof \SessionHandler; + $this->saveHandlerName = $this->wrapper || ($handler instanceof StrictSessionHandler && $handler->isWrapper()) ? \ini_get('session.save_handler') : 'user'; + } + + public function getHandler(): \SessionHandlerInterface + { + return $this->handler; + } + + // \SessionHandlerInterface + + public function open(string $savePath, string $sessionName): bool + { + return $this->handler->open($savePath, $sessionName); + } + + public function close(): bool + { + return $this->handler->close(); + } + + public function read(#[\SensitiveParameter] string $sessionId): string|false + { + return $this->handler->read($sessionId); + } + + public function write(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return $this->handler->write($sessionId, $data); + } + + public function destroy(#[\SensitiveParameter] string $sessionId): bool + { + return $this->handler->destroy($sessionId); + } + + public function gc(int $maxlifetime): int|false + { + return $this->handler->gc($maxlifetime); + } + + public function validateId(#[\SensitiveParameter] string $sessionId): bool + { + return !$this->handler instanceof \SessionUpdateTimestampHandlerInterface || $this->handler->validateId($sessionId); + } + + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool + { + return $this->handler instanceof \SessionUpdateTimestampHandlerInterface ? $this->handler->updateTimestamp($sessionId, $data) : $this->write($sessionId, $data); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/SessionStorageFactoryInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/SessionStorageFactoryInterface.php new file mode 100644 index 0000000..d03f0da --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/SessionStorageFactoryInterface.php @@ -0,0 +1,25 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Request; + +/** + * @author Jérémy Derussé + */ +interface SessionStorageFactoryInterface +{ + /** + * Creates a new instance of SessionStorageInterface. + */ + public function createStorage(?Request $request): SessionStorageInterface; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/SessionStorageInterface.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/SessionStorageInterface.php new file mode 100644 index 0000000..c51850d --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Session/Storage/SessionStorageInterface.php @@ -0,0 +1,116 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session\Storage; + +use Symfony\Component\HttpFoundation\Session\SessionBagInterface; + +/** + * StorageInterface. + * + * @author Fabien Potencier + * @author Drak + */ +interface SessionStorageInterface +{ + /** + * Starts the session. + * + * @throws \RuntimeException if something goes wrong starting the session + */ + public function start(): bool; + + /** + * Checks if the session is started. + */ + public function isStarted(): bool; + + /** + * Returns the session ID. + */ + public function getId(): string; + + /** + * Sets the session ID. + */ + public function setId(string $id): void; + + /** + * Returns the session name. + */ + public function getName(): string; + + /** + * Sets the session name. + */ + public function setName(string $name): void; + + /** + * Regenerates id that represents this storage. + * + * This method must invoke session_regenerate_id($destroy) unless + * this interface is used for a storage object designed for unit + * or functional testing where a real PHP session would interfere + * with testing. + * + * Note regenerate+destroy should not clear the session data in memory + * only delete the session data from persistent storage. + * + * Care: When regenerating the session ID no locking is involved in PHP's + * session design. See https://bugs.php.net/61470 for a discussion. + * So you must make sure the regenerated session is saved BEFORE sending the + * headers with the new ID. Symfony's HttpKernel offers a listener for this. + * See Symfony\Component\HttpKernel\EventListener\SaveSessionListener. + * Otherwise session data could get lost again for concurrent requests with the + * new ID. One result could be that you get logged out after just logging in. + * + * @param bool $destroy Destroy session when regenerating? + * @param int|null $lifetime Sets the cookie lifetime for the session cookie. A null value + * will leave the system settings unchanged, 0 sets the cookie + * to expire with browser session. Time is in seconds, and is + * not a Unix timestamp. + * + * @throws \RuntimeException If an error occurs while regenerating this storage + */ + public function regenerate(bool $destroy = false, ?int $lifetime = null): bool; + + /** + * Force the session to be saved and closed. + * + * This method must invoke session_write_close() unless this interface is + * used for a storage object design for unit or functional testing where + * a real PHP session would interfere with testing, in which case + * it should actually persist the session data if required. + * + * @throws \RuntimeException if the session is saved without being started, or if the session + * is already closed + */ + public function save(): void; + + /** + * Clear all session data in memory. + */ + public function clear(): void; + + /** + * Gets a SessionBagInterface by name. + * + * @throws \InvalidArgumentException If the bag does not exist + */ + public function getBag(string $name): SessionBagInterface; + + /** + * Registers a SessionBagInterface for use. + */ + public function registerBag(SessionBagInterface $bag): void; + + public function getMetadataBag(): MetadataBag; +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/StreamedJsonResponse.php b/qa-tool/htdocs/vendor/symfony/http-foundation/StreamedJsonResponse.php new file mode 100644 index 0000000..5b20ce9 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/StreamedJsonResponse.php @@ -0,0 +1,162 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * StreamedJsonResponse represents a streamed HTTP response for JSON. + * + * A StreamedJsonResponse uses a structure and generics to create an + * efficient resource-saving JSON response. + * + * It is recommended to use flush() function after a specific number of items to directly stream the data. + * + * @see flush() + * + * @author Alexander Schranz + * + * Example usage: + * + * function loadArticles(): \Generator + * // some streamed loading + * yield ['title' => 'Article 1']; + * yield ['title' => 'Article 2']; + * yield ['title' => 'Article 3']; + * // recommended to use flush() after every specific number of items + * }), + * + * $response = new StreamedJsonResponse( + * // json structure with generators in which will be streamed + * [ + * '_embedded' => [ + * 'articles' => loadArticles(), // any generator which you want to stream as list of data + * ], + * ], + * ); + */ +class StreamedJsonResponse extends StreamedResponse +{ + private const PLACEHOLDER = '__symfony_json__'; + + /** + * @param mixed[] $data JSON Data containing PHP generators which will be streamed as list of data or a Generator + * @param int $status The HTTP status code (200 "OK" by default) + * @param array $headers An array of HTTP headers + * @param int $encodingOptions Flags for the json_encode() function + */ + public function __construct( + private readonly iterable $data, + int $status = 200, + array $headers = [], + private int $encodingOptions = JsonResponse::DEFAULT_ENCODING_OPTIONS, + ) { + parent::__construct($this->stream(...), $status, $headers); + + if (!$this->headers->get('Content-Type')) { + $this->headers->set('Content-Type', 'application/json'); + } + } + + private function stream(): void + { + $jsonEncodingOptions = \JSON_THROW_ON_ERROR | $this->encodingOptions; + $keyEncodingOptions = $jsonEncodingOptions & ~\JSON_NUMERIC_CHECK; + + $this->streamData($this->data, $jsonEncodingOptions, $keyEncodingOptions); + } + + private function streamData(mixed $data, int $jsonEncodingOptions, int $keyEncodingOptions): void + { + if (\is_array($data)) { + $this->streamArray($data, $jsonEncodingOptions, $keyEncodingOptions); + + return; + } + + if (is_iterable($data) && !$data instanceof \JsonSerializable) { + $this->streamIterable($data, $jsonEncodingOptions, $keyEncodingOptions); + + return; + } + + echo json_encode($data, $jsonEncodingOptions); + } + + private function streamArray(array $data, int $jsonEncodingOptions, int $keyEncodingOptions): void + { + $generators = []; + + array_walk_recursive($data, function (&$item, $key) use (&$generators) { + if (self::PLACEHOLDER === $key) { + // if the placeholder is already in the structure it should be replaced with a new one that explode + // works like expected for the structure + $generators[] = $key; + } + + // generators should be used but for better DX all kind of Traversable and objects are supported + if (\is_object($item)) { + $generators[] = $item; + $item = self::PLACEHOLDER; + } elseif (self::PLACEHOLDER === $item) { + // if the placeholder is already in the structure it should be replaced with a new one that explode + // works like expected for the structure + $generators[] = $item; + } + }); + + $jsonParts = explode('"'.self::PLACEHOLDER.'"', json_encode($data, $jsonEncodingOptions)); + + foreach ($generators as $index => $generator) { + // send first and between parts of the structure + echo $jsonParts[$index]; + + $this->streamData($generator, $jsonEncodingOptions, $keyEncodingOptions); + } + + // send last part of the structure + echo $jsonParts[array_key_last($jsonParts)]; + } + + private function streamIterable(iterable $iterable, int $jsonEncodingOptions, int $keyEncodingOptions): void + { + $isFirstItem = true; + $startTag = '['; + + foreach ($iterable as $key => $item) { + if ($isFirstItem) { + $isFirstItem = false; + // depending on the first elements key the generator is detected as a list or map + // we can not check for a whole list or map because that would hurt the performance + // of the streamed response which is the main goal of this response class + if (0 !== $key) { + $startTag = '{'; + } + + echo $startTag; + } else { + // if not first element of the generic, a separator is required between the elements + echo ','; + } + + if ('{' === $startTag) { + echo json_encode((string) $key, $keyEncodingOptions).':'; + } + + $this->streamData($item, $jsonEncodingOptions, $keyEncodingOptions); + } + + if ($isFirstItem) { // indicates that the generator was empty + echo '['; + } + + echo '[' === $startTag ? ']' : '}'; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/StreamedResponse.php b/qa-tool/htdocs/vendor/symfony/http-foundation/StreamedResponse.php new file mode 100644 index 0000000..3acaade --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/StreamedResponse.php @@ -0,0 +1,131 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +/** + * StreamedResponse represents a streamed HTTP response. + * + * A StreamedResponse uses a callback for its content. + * + * The callback should use the standard PHP functions like echo + * to stream the response back to the client. The flush() function + * can also be used if needed. + * + * @see flush() + * + * @author Fabien Potencier + */ +class StreamedResponse extends Response +{ + protected ?\Closure $callback = null; + protected bool $streamed = false; + + private bool $headersSent = false; + + /** + * @param int $status The HTTP status code (200 "OK" by default) + */ + public function __construct(?callable $callback = null, int $status = 200, array $headers = []) + { + parent::__construct(null, $status, $headers); + + if (null !== $callback) { + $this->setCallback($callback); + } + $this->streamed = false; + $this->headersSent = false; + } + + /** + * Sets the PHP callback associated with this Response. + * + * @return $this + */ + public function setCallback(callable $callback): static + { + $this->callback = $callback(...); + + return $this; + } + + public function getCallback(): ?\Closure + { + if (!isset($this->callback)) { + return null; + } + + return ($this->callback)(...); + } + + /** + * This method only sends the headers once. + * + * @param positive-int|null $statusCode The status code to use, override the statusCode property if set and not null + * + * @return $this + */ + public function sendHeaders(?int $statusCode = null): static + { + if ($this->headersSent) { + return $this; + } + + if ($statusCode < 100 || $statusCode >= 200) { + $this->headersSent = true; + } + + return parent::sendHeaders($statusCode); + } + + /** + * This method only sends the content once. + * + * @return $this + */ + public function sendContent(): static + { + if ($this->streamed) { + return $this; + } + + $this->streamed = true; + + if (!isset($this->callback)) { + throw new \LogicException('The Response callback must be set.'); + } + + ($this->callback)(); + + return $this; + } + + /** + * @return $this + * + * @throws \LogicException when the content is not null + */ + public function setContent(?string $content): static + { + if (null !== $content) { + throw new \LogicException('The content cannot be set on a StreamedResponse instance.'); + } + + $this->streamed = true; + + return $this; + } + + public function getContent(): string|false + { + return false; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/RequestAttributeValueSame.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/RequestAttributeValueSame.php new file mode 100644 index 0000000..6e11426 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/RequestAttributeValueSame.php @@ -0,0 +1,48 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Request; + +final class RequestAttributeValueSame extends Constraint +{ + private string $name; + private string $value; + + public function __construct(string $name, string $value) + { + $this->name = $name; + $this->value = $value; + } + + public function toString(): string + { + return sprintf('has attribute "%s" with value "%s"', $this->name, $this->value); + } + + /** + * @param Request $request + */ + protected function matches($request): bool + { + return $this->value === $request->attributes->get($this->name); + } + + /** + * @param Request $request + */ + protected function failureDescription($request): string + { + return 'the Request '.$this->toString(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseCookieValueSame.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseCookieValueSame.php new file mode 100644 index 0000000..768007b --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseCookieValueSame.php @@ -0,0 +1,76 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Cookie; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseCookieValueSame extends Constraint +{ + private string $name; + private string $value; + private string $path; + private ?string $domain; + + public function __construct(string $name, string $value, string $path = '/', ?string $domain = null) + { + $this->name = $name; + $this->value = $value; + $this->path = $path; + $this->domain = $domain; + } + + public function toString(): string + { + $str = sprintf('has cookie "%s"', $this->name); + if ('/' !== $this->path) { + $str .= sprintf(' with path "%s"', $this->path); + } + if ($this->domain) { + $str .= sprintf(' for domain "%s"', $this->domain); + } + $str .= sprintf(' with value "%s"', $this->value); + + return $str; + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + $cookie = $this->getCookie($response); + if (!$cookie) { + return false; + } + + return $this->value === (string) $cookie->getValue(); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } + + protected function getCookie(Response $response): ?Cookie + { + $cookies = $response->headers->getCookies(); + + $filteredCookies = array_filter($cookies, fn (Cookie $cookie) => $cookie->getName() === $this->name && $cookie->getPath() === $this->path && $cookie->getDomain() === $this->domain); + + return reset($filteredCookies) ?: null; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseFormatSame.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseFormatSame.php new file mode 100644 index 0000000..c75321f --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseFormatSame.php @@ -0,0 +1,65 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; + +/** + * Asserts that the response is in the given format. + * + * @author Kévin Dunglas + */ +final class ResponseFormatSame extends Constraint +{ + private Request $request; + private ?string $format; + + public function __construct( + Request $request, + ?string $format, + private readonly bool $verbose = true, + ) { + $this->request = $request; + $this->format = $format; + } + + public function toString(): string + { + return 'format is '.($this->format ?? 'null'); + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + return $this->format === $this->request->getFormat($response->headers->get('Content-Type')); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } + + /** + * @param Response $response + */ + protected function additionalFailureDescription($response): string + { + return $this->verbose ? (string) $response : explode("\r\n\r\n", (string) $response)[0]; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHasCookie.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHasCookie.php new file mode 100644 index 0000000..8eccea9 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHasCookie.php @@ -0,0 +1,68 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Cookie; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseHasCookie extends Constraint +{ + private string $name; + private string $path; + private ?string $domain; + + public function __construct(string $name, string $path = '/', ?string $domain = null) + { + $this->name = $name; + $this->path = $path; + $this->domain = $domain; + } + + public function toString(): string + { + $str = sprintf('has cookie "%s"', $this->name); + if ('/' !== $this->path) { + $str .= sprintf(' with path "%s"', $this->path); + } + if ($this->domain) { + $str .= sprintf(' for domain "%s"', $this->domain); + } + + return $str; + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + return null !== $this->getCookie($response); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } + + private function getCookie(Response $response): ?Cookie + { + $cookies = $response->headers->getCookies(); + + $filteredCookies = array_filter($cookies, fn (Cookie $cookie) => $cookie->getName() === $this->name && $cookie->getPath() === $this->path && $cookie->getDomain() === $this->domain); + + return reset($filteredCookies) ?: null; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHasHeader.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHasHeader.php new file mode 100644 index 0000000..08522c8 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHasHeader.php @@ -0,0 +1,46 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseHasHeader extends Constraint +{ + private string $headerName; + + public function __construct(string $headerName) + { + $this->headerName = $headerName; + } + + public function toString(): string + { + return sprintf('has header "%s"', $this->headerName); + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + return $response->headers->has($this->headerName); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHeaderLocationSame.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHeaderLocationSame.php new file mode 100644 index 0000000..9286ec7 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHeaderLocationSame.php @@ -0,0 +1,65 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseHeaderLocationSame extends Constraint +{ + public function __construct(private Request $request, private string $expectedValue) + { + } + + public function toString(): string + { + return sprintf('has header "Location" matching "%s"', $this->expectedValue); + } + + protected function matches($other): bool + { + if (!$other instanceof Response) { + return false; + } + + $location = $other->headers->get('Location'); + + if (null === $location) { + return false; + } + + return $this->toFullUrl($this->expectedValue) === $this->toFullUrl($location); + } + + protected function failureDescription($other): string + { + return 'the Response '.$this->toString(); + } + + private function toFullUrl(string $url): string + { + if (null === parse_url($url, \PHP_URL_PATH)) { + $url .= '/'; + } + + if (str_starts_with($url, '//')) { + return sprintf('%s:%s', $this->request->getScheme(), $url); + } + + if (str_starts_with($url, '/')) { + return $this->request->getSchemeAndHttpHost().$url; + } + + return $url; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHeaderSame.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHeaderSame.php new file mode 100644 index 0000000..8141df9 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseHeaderSame.php @@ -0,0 +1,48 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseHeaderSame extends Constraint +{ + private string $headerName; + private string $expectedValue; + + public function __construct(string $headerName, string $expectedValue) + { + $this->headerName = $headerName; + $this->expectedValue = $expectedValue; + } + + public function toString(): string + { + return sprintf('has header "%s" with value "%s"', $this->headerName, $this->expectedValue); + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + return $this->expectedValue === $response->headers->get($this->headerName, null); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsRedirected.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsRedirected.php new file mode 100644 index 0000000..b7ae15e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsRedirected.php @@ -0,0 +1,54 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseIsRedirected extends Constraint +{ + /** + * @param bool $verbose If true, the entire response is printed on failure. If false, the response body is omitted. + */ + public function __construct(private readonly bool $verbose = true) + { + } + + public function toString(): string + { + return 'is redirected'; + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + return $response->isRedirect(); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } + + /** + * @param Response $response + */ + protected function additionalFailureDescription($response): string + { + return $this->verbose ? (string) $response : explode("\r\n\r\n", (string) $response)[0]; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsSuccessful.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsSuccessful.php new file mode 100644 index 0000000..94a65ed --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsSuccessful.php @@ -0,0 +1,54 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseIsSuccessful extends Constraint +{ + /** + * @param bool $verbose If true, the entire response is printed on failure. If false, the response body is omitted. + */ + public function __construct(private readonly bool $verbose = true) + { + } + + public function toString(): string + { + return 'is successful'; + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + return $response->isSuccessful(); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } + + /** + * @param Response $response + */ + protected function additionalFailureDescription($response): string + { + return $this->verbose ? (string) $response : explode("\r\n\r\n", (string) $response)[0]; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsUnprocessable.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsUnprocessable.php new file mode 100644 index 0000000..799d558 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseIsUnprocessable.php @@ -0,0 +1,54 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseIsUnprocessable extends Constraint +{ + /** + * @param bool $verbose If true, the entire response is printed on failure. If false, the response body is omitted. + */ + public function __construct(private readonly bool $verbose = true) + { + } + + public function toString(): string + { + return 'is unprocessable'; + } + + /** + * @param Response $other + */ + protected function matches($other): bool + { + return Response::HTTP_UNPROCESSABLE_ENTITY === $other->getStatusCode(); + } + + /** + * @param Response $other + */ + protected function failureDescription($other): string + { + return 'the Response '.$this->toString(); + } + + /** + * @param Response $response + */ + protected function additionalFailureDescription($response): string + { + return $this->verbose ? (string) $response : explode("\r\n\r\n", (string) $response)[0]; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseStatusCodeSame.php b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseStatusCodeSame.php new file mode 100644 index 0000000..5ca6373 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/Test/Constraint/ResponseStatusCodeSame.php @@ -0,0 +1,54 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Test\Constraint; + +use PHPUnit\Framework\Constraint\Constraint; +use Symfony\Component\HttpFoundation\Response; + +final class ResponseStatusCodeSame extends Constraint +{ + private int $statusCode; + + public function __construct(int $statusCode, private readonly bool $verbose = true) + { + $this->statusCode = $statusCode; + } + + public function toString(): string + { + return 'status code is '.$this->statusCode; + } + + /** + * @param Response $response + */ + protected function matches($response): bool + { + return $this->statusCode === $response->getStatusCode(); + } + + /** + * @param Response $response + */ + protected function failureDescription($response): string + { + return 'the Response '.$this->toString(); + } + + /** + * @param Response $response + */ + protected function additionalFailureDescription($response): string + { + return $this->verbose ? (string) $response : explode("\r\n\r\n", (string) $response)[0]; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/UriSigner.php b/qa-tool/htdocs/vendor/symfony/http-foundation/UriSigner.php new file mode 100644 index 0000000..4415026 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/UriSigner.php @@ -0,0 +1,165 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\HttpFoundation\Exception\LogicException; + +/** + * @author Fabien Potencier + */ +class UriSigner +{ + private string $secret; + private string $hashParameter; + private string $expirationParameter; + + /** + * @param string $hashParameter Query string parameter to use + * @param string $expirationParameter Query string parameter to use for expiration + */ + public function __construct(#[\SensitiveParameter] string $secret, string $hashParameter = '_hash', string $expirationParameter = '_expiration') + { + if (!$secret) { + throw new \InvalidArgumentException('A non-empty secret is required.'); + } + + $this->secret = $secret; + $this->hashParameter = $hashParameter; + $this->expirationParameter = $expirationParameter; + } + + /** + * Signs a URI. + * + * The given URI is signed by adding the query string parameter + * which value depends on the URI and the secret. + * + * @param \DateTimeInterface|\DateInterval|int|null $expiration The expiration for the given URI. + * If $expiration is a \DateTimeInterface, it's expected to be the exact date + time. + * If $expiration is a \DateInterval, the interval is added to "now" to get the date + time. + * If $expiration is an int, it's expected to be a timestamp in seconds of the exact date + time. + * If $expiration is null, no expiration. + * + * The expiration is added as a query string parameter. + */ + public function sign(string $uri/*, \DateTimeInterface|\DateInterval|int|null $expiration = null*/): string + { + $expiration = null; + + if (1 < \func_num_args()) { + $expiration = func_get_arg(1); + } + + if (null !== $expiration && !$expiration instanceof \DateTimeInterface && !$expiration instanceof \DateInterval && !\is_int($expiration)) { + throw new \TypeError(sprintf('The second argument of %s() must be an instance of %s or %s, an integer or null (%s given).', __METHOD__, \DateTimeInterface::class, \DateInterval::class, get_debug_type($expiration))); + } + + $url = parse_url($uri); + $params = []; + + if (isset($url['query'])) { + parse_str($url['query'], $params); + } + + if (isset($params[$this->hashParameter])) { + throw new LogicException(sprintf('URI query parameter conflict: parameter name "%s" is reserved.', $this->hashParameter)); + } + + if (isset($params[$this->expirationParameter])) { + throw new LogicException(sprintf('URI query parameter conflict: parameter name "%s" is reserved.', $this->expirationParameter)); + } + + if (null !== $expiration) { + $params[$this->expirationParameter] = $this->getExpirationTime($expiration); + } + + $uri = $this->buildUrl($url, $params); + $params[$this->hashParameter] = $this->computeHash($uri); + + return $this->buildUrl($url, $params); + } + + /** + * Checks that a URI contains the correct hash. + * Also checks if the URI has not expired (If you used expiration during signing). + */ + public function check(string $uri): bool + { + $url = parse_url($uri); + $params = []; + + if (isset($url['query'])) { + parse_str($url['query'], $params); + } + + if (empty($params[$this->hashParameter])) { + return false; + } + + $hash = $params[$this->hashParameter]; + unset($params[$this->hashParameter]); + + if (!hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash)) { + return false; + } + + if ($expiration = $params[$this->expirationParameter] ?? false) { + return time() < $expiration; + } + + return true; + } + + public function checkRequest(Request $request): bool + { + $qs = ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : ''; + + // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering) + return $this->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$qs); + } + + private function computeHash(string $uri): string + { + return base64_encode(hash_hmac('sha256', $uri, $this->secret, true)); + } + + private function buildUrl(array $url, array $params = []): string + { + ksort($params, \SORT_STRING); + $url['query'] = http_build_query($params, '', '&'); + + $scheme = isset($url['scheme']) ? $url['scheme'].'://' : ''; + $host = $url['host'] ?? ''; + $port = isset($url['port']) ? ':'.$url['port'] : ''; + $user = $url['user'] ?? ''; + $pass = isset($url['pass']) ? ':'.$url['pass'] : ''; + $pass = ($user || $pass) ? "$pass@" : ''; + $path = $url['path'] ?? ''; + $query = $url['query'] ? '?'.$url['query'] : ''; + $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : ''; + + return $scheme.$user.$pass.$host.$port.$path.$query.$fragment; + } + + private function getExpirationTime(\DateTimeInterface|\DateInterval|int $expiration): string + { + if ($expiration instanceof \DateTimeInterface) { + return $expiration->format('U'); + } + + if ($expiration instanceof \DateInterval) { + return \DateTimeImmutable::createFromFormat('U', time())->add($expiration)->format('U'); + } + + return (string) $expiration; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/UrlHelper.php b/qa-tool/htdocs/vendor/symfony/http-foundation/UrlHelper.php new file mode 100644 index 0000000..f971cf6 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/UrlHelper.php @@ -0,0 +1,108 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation; + +use Symfony\Component\Routing\RequestContext; +use Symfony\Component\Routing\RequestContextAwareInterface; + +/** + * A helper service for manipulating URLs within and outside the request scope. + * + * @author Valentin Udaltsov + */ +final class UrlHelper +{ + public function __construct( + private RequestStack $requestStack, + private RequestContextAwareInterface|RequestContext|null $requestContext = null, + ) { + } + + public function getAbsoluteUrl(string $path): string + { + if (str_contains($path, '://') || str_starts_with($path, '//')) { + return $path; + } + + if (null === $request = $this->requestStack->getMainRequest()) { + return $this->getAbsoluteUrlFromContext($path); + } + + if ('#' === $path[0]) { + $path = $request->getRequestUri().$path; + } elseif ('?' === $path[0]) { + $path = $request->getPathInfo().$path; + } + + if (!$path || '/' !== $path[0]) { + $prefix = $request->getPathInfo(); + $last = \strlen($prefix) - 1; + if ($last !== $pos = strrpos($prefix, '/')) { + $prefix = substr($prefix, 0, $pos).'/'; + } + + return $request->getUriForPath($prefix.$path); + } + + return $request->getSchemeAndHttpHost().$path; + } + + public function getRelativePath(string $path): string + { + if (str_contains($path, '://') || str_starts_with($path, '//')) { + return $path; + } + + if (null === $request = $this->requestStack->getMainRequest()) { + return $path; + } + + return $request->getRelativeUriForPath($path); + } + + private function getAbsoluteUrlFromContext(string $path): string + { + if (null === $context = $this->requestContext) { + return $path; + } + + if ($context instanceof RequestContextAwareInterface) { + $context = $context->getContext(); + } + + if ('' === $host = $context->getHost()) { + return $path; + } + + $scheme = $context->getScheme(); + $port = ''; + + if ('http' === $scheme && 80 !== $context->getHttpPort()) { + $port = ':'.$context->getHttpPort(); + } elseif ('https' === $scheme && 443 !== $context->getHttpsPort()) { + $port = ':'.$context->getHttpsPort(); + } + + if ('#' === $path[0]) { + $queryString = $context->getQueryString(); + $path = $context->getPathInfo().($queryString ? '?'.$queryString : '').$path; + } elseif ('?' === $path[0]) { + $path = $context->getPathInfo().$path; + } + + if ('/' !== $path[0]) { + $path = rtrim($context->getBaseUrl(), '/').'/'.$path; + } + + return $scheme.'://'.$host.$port.$path; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/http-foundation/composer.json b/qa-tool/htdocs/vendor/symfony/http-foundation/composer.json new file mode 100644 index 0000000..6e88fc1 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/http-foundation/composer.json @@ -0,0 +1,44 @@ +{ + "name": "symfony/http-foundation", + "type": "library", + "description": "Defines an object-oriented layer for the HTTP specification", + "keywords": [], + "homepage": "https://symfony.com", + "license": "MIT", + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "require": { + "php": ">=8.2", + "symfony/polyfill-mbstring": "~1.1", + "symfony/polyfill-php83": "^1.27" + }, + "require-dev": { + "doctrine/dbal": "^3.6|^4", + "predis/predis": "^1.1|^2.0", + "symfony/cache": "^6.4|^7.0", + "symfony/dependency-injection": "^6.4|^7.0", + "symfony/http-kernel": "^6.4|^7.0", + "symfony/mime": "^6.4|^7.0", + "symfony/expression-language": "^6.4|^7.0", + "symfony/rate-limiter": "^6.4|^7.0" + }, + "conflict": { + "doctrine/dbal": "<3.6", + "symfony/cache": "<6.4" + }, + "autoload": { + "psr-4": { "Symfony\\Component\\HttpFoundation\\": "" }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "minimum-stability": "dev" +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/LICENSE b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/LICENSE new file mode 100644 index 0000000..6e3afce --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2015-present Fabien Potencier + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Mbstring.php b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Mbstring.php new file mode 100644 index 0000000..1ad33a8 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Mbstring.php @@ -0,0 +1,996 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Polyfill\Mbstring; + +/** + * Partial mbstring implementation in PHP, iconv based, UTF-8 centric. + * + * Implemented: + * - mb_chr - Returns a specific character from its Unicode code point + * - mb_convert_encoding - Convert character encoding + * - mb_convert_variables - Convert character code in variable(s) + * - mb_decode_mimeheader - Decode string in MIME header field + * - mb_encode_mimeheader - Encode string for MIME header XXX NATIVE IMPLEMENTATION IS REALLY BUGGED + * - mb_decode_numericentity - Decode HTML numeric string reference to character + * - mb_encode_numericentity - Encode character to HTML numeric string reference + * - mb_convert_case - Perform case folding on a string + * - mb_detect_encoding - Detect character encoding + * - mb_get_info - Get internal settings of mbstring + * - mb_http_input - Detect HTTP input character encoding + * - mb_http_output - Set/Get HTTP output character encoding + * - mb_internal_encoding - Set/Get internal character encoding + * - mb_list_encodings - Returns an array of all supported encodings + * - mb_ord - Returns the Unicode code point of a character + * - mb_output_handler - Callback function converts character encoding in output buffer + * - mb_scrub - Replaces ill-formed byte sequences with substitute characters + * - mb_strlen - Get string length + * - mb_strpos - Find position of first occurrence of string in a string + * - mb_strrpos - Find position of last occurrence of a string in a string + * - mb_str_split - Convert a string to an array + * - mb_strtolower - Make a string lowercase + * - mb_strtoupper - Make a string uppercase + * - mb_substitute_character - Set/Get substitution character + * - mb_substr - Get part of string + * - mb_stripos - Finds position of first occurrence of a string within another, case insensitive + * - mb_stristr - Finds first occurrence of a string within another, case insensitive + * - mb_strrchr - Finds the last occurrence of a character in a string within another + * - mb_strrichr - Finds the last occurrence of a character in a string within another, case insensitive + * - mb_strripos - Finds position of last occurrence of a string within another, case insensitive + * - mb_strstr - Finds first occurrence of a string within another + * - mb_strwidth - Return width of string + * - mb_substr_count - Count the number of substring occurrences + * - mb_ucfirst - Make a string's first character uppercase + * - mb_lcfirst - Make a string's first character lowercase + * + * Not implemented: + * - mb_convert_kana - Convert "kana" one from another ("zen-kaku", "han-kaku" and more) + * - mb_ereg_* - Regular expression with multibyte support + * - mb_parse_str - Parse GET/POST/COOKIE data and set global variable + * - mb_preferred_mime_name - Get MIME charset string + * - mb_regex_encoding - Returns current encoding for multibyte regex as string + * - mb_regex_set_options - Set/Get the default options for mbregex functions + * - mb_send_mail - Send encoded mail + * - mb_split - Split multibyte string using regular expression + * - mb_strcut - Get part of string + * - mb_strimwidth - Get truncated string with specified width + * + * @author Nicolas Grekas + * + * @internal + */ +final class Mbstring +{ + public const MB_CASE_FOLD = \PHP_INT_MAX; + + private const SIMPLE_CASE_FOLD = [ + ['µ', 'ſ', "\xCD\x85", 'ς', "\xCF\x90", "\xCF\x91", "\xCF\x95", "\xCF\x96", "\xCF\xB0", "\xCF\xB1", "\xCF\xB5", "\xE1\xBA\x9B", "\xE1\xBE\xBE"], + ['μ', 's', 'ι', 'σ', 'β', 'θ', 'φ', 'π', 'κ', 'ρ', 'ε', "\xE1\xB9\xA1", 'ι'], + ]; + + private static $encodingList = ['ASCII', 'UTF-8']; + private static $language = 'neutral'; + private static $internalEncoding = 'UTF-8'; + + public static function mb_convert_encoding($s, $toEncoding, $fromEncoding = null) + { + if (\is_array($s)) { + if (PHP_VERSION_ID < 70200) { + trigger_error('mb_convert_encoding() expects parameter 1 to be string, array given', \E_USER_WARNING); + + return null; + } + + $r = []; + foreach ($s as $str) { + $r[] = self::mb_convert_encoding($str, $toEncoding, $fromEncoding); + } + + return $r; + } + + if (\is_array($fromEncoding) || (null !== $fromEncoding && false !== strpos($fromEncoding, ','))) { + $fromEncoding = self::mb_detect_encoding($s, $fromEncoding); + } else { + $fromEncoding = self::getEncoding($fromEncoding); + } + + $toEncoding = self::getEncoding($toEncoding); + + if ('BASE64' === $fromEncoding) { + $s = base64_decode($s); + $fromEncoding = $toEncoding; + } + + if ('BASE64' === $toEncoding) { + return base64_encode($s); + } + + if ('HTML-ENTITIES' === $toEncoding || 'HTML' === $toEncoding) { + if ('HTML-ENTITIES' === $fromEncoding || 'HTML' === $fromEncoding) { + $fromEncoding = 'Windows-1252'; + } + if ('UTF-8' !== $fromEncoding) { + $s = iconv($fromEncoding, 'UTF-8//IGNORE', $s); + } + + return preg_replace_callback('/[\x80-\xFF]+/', [__CLASS__, 'html_encoding_callback'], $s); + } + + if ('HTML-ENTITIES' === $fromEncoding) { + $s = html_entity_decode($s, \ENT_COMPAT, 'UTF-8'); + $fromEncoding = 'UTF-8'; + } + + return iconv($fromEncoding, $toEncoding.'//IGNORE', $s); + } + + public static function mb_convert_variables($toEncoding, $fromEncoding, &...$vars) + { + $ok = true; + array_walk_recursive($vars, function (&$v) use (&$ok, $toEncoding, $fromEncoding) { + if (false === $v = self::mb_convert_encoding($v, $toEncoding, $fromEncoding)) { + $ok = false; + } + }); + + return $ok ? $fromEncoding : false; + } + + public static function mb_decode_mimeheader($s) + { + return iconv_mime_decode($s, 2, self::$internalEncoding); + } + + public static function mb_encode_mimeheader($s, $charset = null, $transferEncoding = null, $linefeed = null, $indent = null) + { + trigger_error('mb_encode_mimeheader() is bugged. Please use iconv_mime_encode() instead', \E_USER_WARNING); + } + + public static function mb_decode_numericentity($s, $convmap, $encoding = null) + { + if (null !== $s && !\is_scalar($s) && !(\is_object($s) && method_exists($s, '__toString'))) { + trigger_error('mb_decode_numericentity() expects parameter 1 to be string, '.\gettype($s).' given', \E_USER_WARNING); + + return null; + } + + if (!\is_array($convmap) || (80000 > \PHP_VERSION_ID && !$convmap)) { + return false; + } + + if (null !== $encoding && !\is_scalar($encoding)) { + trigger_error('mb_decode_numericentity() expects parameter 3 to be string, '.\gettype($s).' given', \E_USER_WARNING); + + return ''; // Instead of null (cf. mb_encode_numericentity). + } + + $s = (string) $s; + if ('' === $s) { + return ''; + } + + $encoding = self::getEncoding($encoding); + + if ('UTF-8' === $encoding) { + $encoding = null; + if (!preg_match('//u', $s)) { + $s = @iconv('UTF-8', 'UTF-8//IGNORE', $s); + } + } else { + $s = iconv($encoding, 'UTF-8//IGNORE', $s); + } + + $cnt = floor(\count($convmap) / 4) * 4; + + for ($i = 0; $i < $cnt; $i += 4) { + // collector_decode_htmlnumericentity ignores $convmap[$i + 3] + $convmap[$i] += $convmap[$i + 2]; + $convmap[$i + 1] += $convmap[$i + 2]; + } + + $s = preg_replace_callback('/&#(?:0*([0-9]+)|x0*([0-9a-fA-F]+))(?!&);?/', function (array $m) use ($cnt, $convmap) { + $c = isset($m[2]) ? (int) hexdec($m[2]) : $m[1]; + for ($i = 0; $i < $cnt; $i += 4) { + if ($c >= $convmap[$i] && $c <= $convmap[$i + 1]) { + return self::mb_chr($c - $convmap[$i + 2]); + } + } + + return $m[0]; + }, $s); + + if (null === $encoding) { + return $s; + } + + return iconv('UTF-8', $encoding.'//IGNORE', $s); + } + + public static function mb_encode_numericentity($s, $convmap, $encoding = null, $is_hex = false) + { + if (null !== $s && !\is_scalar($s) && !(\is_object($s) && method_exists($s, '__toString'))) { + trigger_error('mb_encode_numericentity() expects parameter 1 to be string, '.\gettype($s).' given', \E_USER_WARNING); + + return null; + } + + if (!\is_array($convmap) || (80000 > \PHP_VERSION_ID && !$convmap)) { + return false; + } + + if (null !== $encoding && !\is_scalar($encoding)) { + trigger_error('mb_encode_numericentity() expects parameter 3 to be string, '.\gettype($s).' given', \E_USER_WARNING); + + return null; // Instead of '' (cf. mb_decode_numericentity). + } + + if (null !== $is_hex && !\is_scalar($is_hex)) { + trigger_error('mb_encode_numericentity() expects parameter 4 to be boolean, '.\gettype($s).' given', \E_USER_WARNING); + + return null; + } + + $s = (string) $s; + if ('' === $s) { + return ''; + } + + $encoding = self::getEncoding($encoding); + + if ('UTF-8' === $encoding) { + $encoding = null; + if (!preg_match('//u', $s)) { + $s = @iconv('UTF-8', 'UTF-8//IGNORE', $s); + } + } else { + $s = iconv($encoding, 'UTF-8//IGNORE', $s); + } + + static $ulenMask = ["\xC0" => 2, "\xD0" => 2, "\xE0" => 3, "\xF0" => 4]; + + $cnt = floor(\count($convmap) / 4) * 4; + $i = 0; + $len = \strlen($s); + $result = ''; + + while ($i < $len) { + $ulen = $s[$i] < "\x80" ? 1 : $ulenMask[$s[$i] & "\xF0"]; + $uchr = substr($s, $i, $ulen); + $i += $ulen; + $c = self::mb_ord($uchr); + + for ($j = 0; $j < $cnt; $j += 4) { + if ($c >= $convmap[$j] && $c <= $convmap[$j + 1]) { + $cOffset = ($c + $convmap[$j + 2]) & $convmap[$j + 3]; + $result .= $is_hex ? sprintf('&#x%X;', $cOffset) : '&#'.$cOffset.';'; + continue 2; + } + } + $result .= $uchr; + } + + if (null === $encoding) { + return $result; + } + + return iconv('UTF-8', $encoding.'//IGNORE', $result); + } + + public static function mb_convert_case($s, $mode, $encoding = null) + { + $s = (string) $s; + if ('' === $s) { + return ''; + } + + $encoding = self::getEncoding($encoding); + + if ('UTF-8' === $encoding) { + $encoding = null; + if (!preg_match('//u', $s)) { + $s = @iconv('UTF-8', 'UTF-8//IGNORE', $s); + } + } else { + $s = iconv($encoding, 'UTF-8//IGNORE', $s); + } + + if (\MB_CASE_TITLE == $mode) { + static $titleRegexp = null; + if (null === $titleRegexp) { + $titleRegexp = self::getData('titleCaseRegexp'); + } + $s = preg_replace_callback($titleRegexp, [__CLASS__, 'title_case'], $s); + } else { + if (\MB_CASE_UPPER == $mode) { + static $upper = null; + if (null === $upper) { + $upper = self::getData('upperCase'); + } + $map = $upper; + } else { + if (self::MB_CASE_FOLD === $mode) { + static $caseFolding = null; + if (null === $caseFolding) { + $caseFolding = self::getData('caseFolding'); + } + $s = strtr($s, $caseFolding); + } + + static $lower = null; + if (null === $lower) { + $lower = self::getData('lowerCase'); + } + $map = $lower; + } + + static $ulenMask = ["\xC0" => 2, "\xD0" => 2, "\xE0" => 3, "\xF0" => 4]; + + $i = 0; + $len = \strlen($s); + + while ($i < $len) { + $ulen = $s[$i] < "\x80" ? 1 : $ulenMask[$s[$i] & "\xF0"]; + $uchr = substr($s, $i, $ulen); + $i += $ulen; + + if (isset($map[$uchr])) { + $uchr = $map[$uchr]; + $nlen = \strlen($uchr); + + if ($nlen == $ulen) { + $nlen = $i; + do { + $s[--$nlen] = $uchr[--$ulen]; + } while ($ulen); + } else { + $s = substr_replace($s, $uchr, $i - $ulen, $ulen); + $len += $nlen - $ulen; + $i += $nlen - $ulen; + } + } + } + } + + if (null === $encoding) { + return $s; + } + + return iconv('UTF-8', $encoding.'//IGNORE', $s); + } + + public static function mb_internal_encoding($encoding = null) + { + if (null === $encoding) { + return self::$internalEncoding; + } + + $normalizedEncoding = self::getEncoding($encoding); + + if ('UTF-8' === $normalizedEncoding || false !== @iconv($normalizedEncoding, $normalizedEncoding, ' ')) { + self::$internalEncoding = $normalizedEncoding; + + return true; + } + + if (80000 > \PHP_VERSION_ID) { + return false; + } + + throw new \ValueError(sprintf('Argument #1 ($encoding) must be a valid encoding, "%s" given', $encoding)); + } + + public static function mb_language($lang = null) + { + if (null === $lang) { + return self::$language; + } + + switch ($normalizedLang = strtolower($lang)) { + case 'uni': + case 'neutral': + self::$language = $normalizedLang; + + return true; + } + + if (80000 > \PHP_VERSION_ID) { + return false; + } + + throw new \ValueError(sprintf('Argument #1 ($language) must be a valid language, "%s" given', $lang)); + } + + public static function mb_list_encodings() + { + return ['UTF-8']; + } + + public static function mb_encoding_aliases($encoding) + { + switch (strtoupper($encoding)) { + case 'UTF8': + case 'UTF-8': + return ['utf8']; + } + + return false; + } + + public static function mb_check_encoding($var = null, $encoding = null) + { + if (\PHP_VERSION_ID < 70200 && \is_array($var)) { + trigger_error('mb_check_encoding() expects parameter 1 to be string, array given', \E_USER_WARNING); + + return null; + } + + if (null === $encoding) { + if (null === $var) { + return false; + } + $encoding = self::$internalEncoding; + } + + if (!\is_array($var)) { + return self::mb_detect_encoding($var, [$encoding]) || false !== @iconv($encoding, $encoding, $var); + } + + foreach ($var as $key => $value) { + if (!self::mb_check_encoding($key, $encoding)) { + return false; + } + if (!self::mb_check_encoding($value, $encoding)) { + return false; + } + } + + return true; + } + + public static function mb_detect_encoding($str, $encodingList = null, $strict = false) + { + if (null === $encodingList) { + $encodingList = self::$encodingList; + } else { + if (!\is_array($encodingList)) { + $encodingList = array_map('trim', explode(',', $encodingList)); + } + $encodingList = array_map('strtoupper', $encodingList); + } + + foreach ($encodingList as $enc) { + switch ($enc) { + case 'ASCII': + if (!preg_match('/[\x80-\xFF]/', $str)) { + return $enc; + } + break; + + case 'UTF8': + case 'UTF-8': + if (preg_match('//u', $str)) { + return 'UTF-8'; + } + break; + + default: + if (0 === strncmp($enc, 'ISO-8859-', 9)) { + return $enc; + } + } + } + + return false; + } + + public static function mb_detect_order($encodingList = null) + { + if (null === $encodingList) { + return self::$encodingList; + } + + if (!\is_array($encodingList)) { + $encodingList = array_map('trim', explode(',', $encodingList)); + } + $encodingList = array_map('strtoupper', $encodingList); + + foreach ($encodingList as $enc) { + switch ($enc) { + default: + if (strncmp($enc, 'ISO-8859-', 9)) { + return false; + } + // no break + case 'ASCII': + case 'UTF8': + case 'UTF-8': + } + } + + self::$encodingList = $encodingList; + + return true; + } + + public static function mb_strlen($s, $encoding = null) + { + $encoding = self::getEncoding($encoding); + if ('CP850' === $encoding || 'ASCII' === $encoding) { + return \strlen($s); + } + + return @iconv_strlen($s, $encoding); + } + + public static function mb_strpos($haystack, $needle, $offset = 0, $encoding = null) + { + $encoding = self::getEncoding($encoding); + if ('CP850' === $encoding || 'ASCII' === $encoding) { + return strpos($haystack, $needle, $offset); + } + + $needle = (string) $needle; + if ('' === $needle) { + if (80000 > \PHP_VERSION_ID) { + trigger_error(__METHOD__.': Empty delimiter', \E_USER_WARNING); + + return false; + } + + return 0; + } + + return iconv_strpos($haystack, $needle, $offset, $encoding); + } + + public static function mb_strrpos($haystack, $needle, $offset = 0, $encoding = null) + { + $encoding = self::getEncoding($encoding); + if ('CP850' === $encoding || 'ASCII' === $encoding) { + return strrpos($haystack, $needle, $offset); + } + + if ($offset != (int) $offset) { + $offset = 0; + } elseif ($offset = (int) $offset) { + if ($offset < 0) { + if (0 > $offset += self::mb_strlen($needle)) { + $haystack = self::mb_substr($haystack, 0, $offset, $encoding); + } + $offset = 0; + } else { + $haystack = self::mb_substr($haystack, $offset, 2147483647, $encoding); + } + } + + $pos = '' !== $needle || 80000 > \PHP_VERSION_ID + ? iconv_strrpos($haystack, $needle, $encoding) + : self::mb_strlen($haystack, $encoding); + + return false !== $pos ? $offset + $pos : false; + } + + public static function mb_str_split($string, $split_length = 1, $encoding = null) + { + if (null !== $string && !\is_scalar($string) && !(\is_object($string) && method_exists($string, '__toString'))) { + trigger_error('mb_str_split() expects parameter 1 to be string, '.\gettype($string).' given', \E_USER_WARNING); + + return null; + } + + if (1 > $split_length = (int) $split_length) { + if (80000 > \PHP_VERSION_ID) { + trigger_error('The length of each segment must be greater than zero', \E_USER_WARNING); + + return false; + } + + throw new \ValueError('Argument #2 ($length) must be greater than 0'); + } + + if (null === $encoding) { + $encoding = mb_internal_encoding(); + } + + if ('UTF-8' === $encoding = self::getEncoding($encoding)) { + $rx = '/('; + while (65535 < $split_length) { + $rx .= '.{65535}'; + $split_length -= 65535; + } + $rx .= '.{'.$split_length.'})/us'; + + return preg_split($rx, $string, -1, \PREG_SPLIT_DELIM_CAPTURE | \PREG_SPLIT_NO_EMPTY); + } + + $result = []; + $length = mb_strlen($string, $encoding); + + for ($i = 0; $i < $length; $i += $split_length) { + $result[] = mb_substr($string, $i, $split_length, $encoding); + } + + return $result; + } + + public static function mb_strtolower($s, $encoding = null) + { + return self::mb_convert_case($s, \MB_CASE_LOWER, $encoding); + } + + public static function mb_strtoupper($s, $encoding = null) + { + return self::mb_convert_case($s, \MB_CASE_UPPER, $encoding); + } + + public static function mb_substitute_character($c = null) + { + if (null === $c) { + return 'none'; + } + if (0 === strcasecmp($c, 'none')) { + return true; + } + if (80000 > \PHP_VERSION_ID) { + return false; + } + if (\is_int($c) || 'long' === $c || 'entity' === $c) { + return false; + } + + throw new \ValueError('Argument #1 ($substitute_character) must be "none", "long", "entity" or a valid codepoint'); + } + + public static function mb_substr($s, $start, $length = null, $encoding = null) + { + $encoding = self::getEncoding($encoding); + if ('CP850' === $encoding || 'ASCII' === $encoding) { + return (string) substr($s, $start, null === $length ? 2147483647 : $length); + } + + if ($start < 0) { + $start = iconv_strlen($s, $encoding) + $start; + if ($start < 0) { + $start = 0; + } + } + + if (null === $length) { + $length = 2147483647; + } elseif ($length < 0) { + $length = iconv_strlen($s, $encoding) + $length - $start; + if ($length < 0) { + return ''; + } + } + + return (string) iconv_substr($s, $start, $length, $encoding); + } + + public static function mb_stripos($haystack, $needle, $offset = 0, $encoding = null) + { + [$haystack, $needle] = str_replace(self::SIMPLE_CASE_FOLD[0], self::SIMPLE_CASE_FOLD[1], [ + self::mb_convert_case($haystack, \MB_CASE_LOWER, $encoding), + self::mb_convert_case($needle, \MB_CASE_LOWER, $encoding), + ]); + + return self::mb_strpos($haystack, $needle, $offset, $encoding); + } + + public static function mb_stristr($haystack, $needle, $part = false, $encoding = null) + { + $pos = self::mb_stripos($haystack, $needle, 0, $encoding); + + return self::getSubpart($pos, $part, $haystack, $encoding); + } + + public static function mb_strrchr($haystack, $needle, $part = false, $encoding = null) + { + $encoding = self::getEncoding($encoding); + if ('CP850' === $encoding || 'ASCII' === $encoding) { + $pos = strrpos($haystack, $needle); + } else { + $needle = self::mb_substr($needle, 0, 1, $encoding); + $pos = iconv_strrpos($haystack, $needle, $encoding); + } + + return self::getSubpart($pos, $part, $haystack, $encoding); + } + + public static function mb_strrichr($haystack, $needle, $part = false, $encoding = null) + { + $needle = self::mb_substr($needle, 0, 1, $encoding); + $pos = self::mb_strripos($haystack, $needle, $encoding); + + return self::getSubpart($pos, $part, $haystack, $encoding); + } + + public static function mb_strripos($haystack, $needle, $offset = 0, $encoding = null) + { + $haystack = self::mb_convert_case($haystack, \MB_CASE_LOWER, $encoding); + $needle = self::mb_convert_case($needle, \MB_CASE_LOWER, $encoding); + + $haystack = str_replace(self::SIMPLE_CASE_FOLD[0], self::SIMPLE_CASE_FOLD[1], $haystack); + $needle = str_replace(self::SIMPLE_CASE_FOLD[0], self::SIMPLE_CASE_FOLD[1], $needle); + + return self::mb_strrpos($haystack, $needle, $offset, $encoding); + } + + public static function mb_strstr($haystack, $needle, $part = false, $encoding = null) + { + $pos = strpos($haystack, $needle); + if (false === $pos) { + return false; + } + if ($part) { + return substr($haystack, 0, $pos); + } + + return substr($haystack, $pos); + } + + public static function mb_get_info($type = 'all') + { + $info = [ + 'internal_encoding' => self::$internalEncoding, + 'http_output' => 'pass', + 'http_output_conv_mimetypes' => '^(text/|application/xhtml\+xml)', + 'func_overload' => 0, + 'func_overload_list' => 'no overload', + 'mail_charset' => 'UTF-8', + 'mail_header_encoding' => 'BASE64', + 'mail_body_encoding' => 'BASE64', + 'illegal_chars' => 0, + 'encoding_translation' => 'Off', + 'language' => self::$language, + 'detect_order' => self::$encodingList, + 'substitute_character' => 'none', + 'strict_detection' => 'Off', + ]; + + if ('all' === $type) { + return $info; + } + if (isset($info[$type])) { + return $info[$type]; + } + + return false; + } + + public static function mb_http_input($type = '') + { + return false; + } + + public static function mb_http_output($encoding = null) + { + return null !== $encoding ? 'pass' === $encoding : 'pass'; + } + + public static function mb_strwidth($s, $encoding = null) + { + $encoding = self::getEncoding($encoding); + + if ('UTF-8' !== $encoding) { + $s = iconv($encoding, 'UTF-8//IGNORE', $s); + } + + $s = preg_replace('/[\x{1100}-\x{115F}\x{2329}\x{232A}\x{2E80}-\x{303E}\x{3040}-\x{A4CF}\x{AC00}-\x{D7A3}\x{F900}-\x{FAFF}\x{FE10}-\x{FE19}\x{FE30}-\x{FE6F}\x{FF00}-\x{FF60}\x{FFE0}-\x{FFE6}\x{20000}-\x{2FFFD}\x{30000}-\x{3FFFD}]/u', '', $s, -1, $wide); + + return ($wide << 1) + iconv_strlen($s, 'UTF-8'); + } + + public static function mb_substr_count($haystack, $needle, $encoding = null) + { + return substr_count($haystack, $needle); + } + + public static function mb_output_handler($contents, $status) + { + return $contents; + } + + public static function mb_chr($code, $encoding = null) + { + if (0x80 > $code %= 0x200000) { + $s = \chr($code); + } elseif (0x800 > $code) { + $s = \chr(0xC0 | $code >> 6).\chr(0x80 | $code & 0x3F); + } elseif (0x10000 > $code) { + $s = \chr(0xE0 | $code >> 12).\chr(0x80 | $code >> 6 & 0x3F).\chr(0x80 | $code & 0x3F); + } else { + $s = \chr(0xF0 | $code >> 18).\chr(0x80 | $code >> 12 & 0x3F).\chr(0x80 | $code >> 6 & 0x3F).\chr(0x80 | $code & 0x3F); + } + + if ('UTF-8' !== $encoding = self::getEncoding($encoding)) { + $s = mb_convert_encoding($s, $encoding, 'UTF-8'); + } + + return $s; + } + + public static function mb_ord($s, $encoding = null) + { + if ('UTF-8' !== $encoding = self::getEncoding($encoding)) { + $s = mb_convert_encoding($s, 'UTF-8', $encoding); + } + + if (1 === \strlen($s)) { + return \ord($s); + } + + $code = ($s = unpack('C*', substr($s, 0, 4))) ? $s[1] : 0; + if (0xF0 <= $code) { + return (($code - 0xF0) << 18) + (($s[2] - 0x80) << 12) + (($s[3] - 0x80) << 6) + $s[4] - 0x80; + } + if (0xE0 <= $code) { + return (($code - 0xE0) << 12) + (($s[2] - 0x80) << 6) + $s[3] - 0x80; + } + if (0xC0 <= $code) { + return (($code - 0xC0) << 6) + $s[2] - 0x80; + } + + return $code; + } + + public static function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = \STR_PAD_RIGHT, ?string $encoding = null): string + { + if (!\in_array($pad_type, [\STR_PAD_RIGHT, \STR_PAD_LEFT, \STR_PAD_BOTH], true)) { + throw new \ValueError('mb_str_pad(): Argument #4 ($pad_type) must be STR_PAD_LEFT, STR_PAD_RIGHT, or STR_PAD_BOTH'); + } + + if (null === $encoding) { + $encoding = self::mb_internal_encoding(); + } else { + self::assertEncoding($encoding, 'mb_str_pad(): Argument #5 ($encoding) must be a valid encoding, "%s" given'); + } + + if (self::mb_strlen($pad_string, $encoding) <= 0) { + throw new \ValueError('mb_str_pad(): Argument #3 ($pad_string) must be a non-empty string'); + } + + $paddingRequired = $length - self::mb_strlen($string, $encoding); + + if ($paddingRequired < 1) { + return $string; + } + + switch ($pad_type) { + case \STR_PAD_LEFT: + return self::mb_substr(str_repeat($pad_string, $paddingRequired), 0, $paddingRequired, $encoding).$string; + case \STR_PAD_RIGHT: + return $string.self::mb_substr(str_repeat($pad_string, $paddingRequired), 0, $paddingRequired, $encoding); + default: + $leftPaddingLength = floor($paddingRequired / 2); + $rightPaddingLength = $paddingRequired - $leftPaddingLength; + + return self::mb_substr(str_repeat($pad_string, $leftPaddingLength), 0, $leftPaddingLength, $encoding).$string.self::mb_substr(str_repeat($pad_string, $rightPaddingLength), 0, $rightPaddingLength, $encoding); + } + } + + public static function mb_ucfirst(string $string, ?string $encoding = null): string + { + if (null === $encoding) { + $encoding = self::mb_internal_encoding(); + } else { + self::assertEncoding($encoding, 'mb_ucfirst(): Argument #2 ($encoding) must be a valid encoding, "%s" given'); + } + + $firstChar = mb_substr($string, 0, 1, $encoding); + $firstChar = mb_convert_case($firstChar, \MB_CASE_TITLE, $encoding); + + return $firstChar.mb_substr($string, 1, null, $encoding); + } + + public static function mb_lcfirst(string $string, ?string $encoding = null): string + { + if (null === $encoding) { + $encoding = self::mb_internal_encoding(); + } else { + self::assertEncoding($encoding, 'mb_lcfirst(): Argument #2 ($encoding) must be a valid encoding, "%s" given'); + } + + $firstChar = mb_substr($string, 0, 1, $encoding); + $firstChar = mb_convert_case($firstChar, \MB_CASE_LOWER, $encoding); + + return $firstChar.mb_substr($string, 1, null, $encoding); + } + + private static function getSubpart($pos, $part, $haystack, $encoding) + { + if (false === $pos) { + return false; + } + if ($part) { + return self::mb_substr($haystack, 0, $pos, $encoding); + } + + return self::mb_substr($haystack, $pos, null, $encoding); + } + + private static function html_encoding_callback(array $m) + { + $i = 1; + $entities = ''; + $m = unpack('C*', htmlentities($m[0], \ENT_COMPAT, 'UTF-8')); + + while (isset($m[$i])) { + if (0x80 > $m[$i]) { + $entities .= \chr($m[$i++]); + continue; + } + if (0xF0 <= $m[$i]) { + $c = (($m[$i++] - 0xF0) << 18) + (($m[$i++] - 0x80) << 12) + (($m[$i++] - 0x80) << 6) + $m[$i++] - 0x80; + } elseif (0xE0 <= $m[$i]) { + $c = (($m[$i++] - 0xE0) << 12) + (($m[$i++] - 0x80) << 6) + $m[$i++] - 0x80; + } else { + $c = (($m[$i++] - 0xC0) << 6) + $m[$i++] - 0x80; + } + + $entities .= '&#'.$c.';'; + } + + return $entities; + } + + private static function title_case(array $s) + { + return self::mb_convert_case($s[1], \MB_CASE_UPPER, 'UTF-8').self::mb_convert_case($s[2], \MB_CASE_LOWER, 'UTF-8'); + } + + private static function getData($file) + { + if (file_exists($file = __DIR__.'/Resources/unidata/'.$file.'.php')) { + return require $file; + } + + return false; + } + + private static function getEncoding($encoding) + { + if (null === $encoding) { + return self::$internalEncoding; + } + + if ('UTF-8' === $encoding) { + return 'UTF-8'; + } + + $encoding = strtoupper($encoding); + + if ('8BIT' === $encoding || 'BINARY' === $encoding) { + return 'CP850'; + } + + if ('UTF8' === $encoding) { + return 'UTF-8'; + } + + return $encoding; + } + + private static function assertEncoding(string $encoding, string $errorFormat): void + { + try { + $validEncoding = @self::mb_check_encoding('', $encoding); + } catch (\ValueError $e) { + throw new \ValueError(\sprintf($errorFormat, $encoding)); + } + + // BC for PHP 7.3 and lower + if (!$validEncoding) { + throw new \ValueError(\sprintf($errorFormat, $encoding)); + } + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/README.md b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/README.md new file mode 100644 index 0000000..478b40d --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/README.md @@ -0,0 +1,13 @@ +Symfony Polyfill / Mbstring +=========================== + +This component provides a partial, native PHP implementation for the +[Mbstring](https://php.net/mbstring) extension. + +More information can be found in the +[main Polyfill README](https://github.com/symfony/polyfill/blob/main/README.md). + +License +======= + +This library is released under the [MIT license](LICENSE). diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php new file mode 100644 index 0000000..512bba0 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php @@ -0,0 +1,119 @@ + 'i̇', + 'µ' => 'μ', + 'ſ' => 's', + 'ͅ' => 'ι', + 'ς' => 'σ', + 'ϐ' => 'β', + 'ϑ' => 'θ', + 'ϕ' => 'φ', + 'ϖ' => 'π', + 'ϰ' => 'κ', + 'ϱ' => 'ρ', + 'ϵ' => 'ε', + 'ẛ' => 'ṡ', + 'ι' => 'ι', + 'ß' => 'ss', + 'ʼn' => 'ʼn', + 'ǰ' => 'ǰ', + 'ΐ' => 'ΐ', + 'ΰ' => 'ΰ', + 'և' => 'եւ', + 'ẖ' => 'ẖ', + 'ẗ' => 'ẗ', + 'ẘ' => 'ẘ', + 'ẙ' => 'ẙ', + 'ẚ' => 'aʾ', + 'ẞ' => 'ss', + 'ὐ' => 'ὐ', + 'ὒ' => 'ὒ', + 'ὔ' => 'ὔ', + 'ὖ' => 'ὖ', + 'ᾀ' => 'ἀι', + 'ᾁ' => 'ἁι', + 'ᾂ' => 'ἂι', + 'ᾃ' => 'ἃι', + 'ᾄ' => 'ἄι', + 'ᾅ' => 'ἅι', + 'ᾆ' => 'ἆι', + 'ᾇ' => 'ἇι', + 'ᾈ' => 'ἀι', + 'ᾉ' => 'ἁι', + 'ᾊ' => 'ἂι', + 'ᾋ' => 'ἃι', + 'ᾌ' => 'ἄι', + 'ᾍ' => 'ἅι', + 'ᾎ' => 'ἆι', + 'ᾏ' => 'ἇι', + 'ᾐ' => 'ἠι', + 'ᾑ' => 'ἡι', + 'ᾒ' => 'ἢι', + 'ᾓ' => 'ἣι', + 'ᾔ' => 'ἤι', + 'ᾕ' => 'ἥι', + 'ᾖ' => 'ἦι', + 'ᾗ' => 'ἧι', + 'ᾘ' => 'ἠι', + 'ᾙ' => 'ἡι', + 'ᾚ' => 'ἢι', + 'ᾛ' => 'ἣι', + 'ᾜ' => 'ἤι', + 'ᾝ' => 'ἥι', + 'ᾞ' => 'ἦι', + 'ᾟ' => 'ἧι', + 'ᾠ' => 'ὠι', + 'ᾡ' => 'ὡι', + 'ᾢ' => 'ὢι', + 'ᾣ' => 'ὣι', + 'ᾤ' => 'ὤι', + 'ᾥ' => 'ὥι', + 'ᾦ' => 'ὦι', + 'ᾧ' => 'ὧι', + 'ᾨ' => 'ὠι', + 'ᾩ' => 'ὡι', + 'ᾪ' => 'ὢι', + 'ᾫ' => 'ὣι', + 'ᾬ' => 'ὤι', + 'ᾭ' => 'ὥι', + 'ᾮ' => 'ὦι', + 'ᾯ' => 'ὧι', + 'ᾲ' => 'ὰι', + 'ᾳ' => 'αι', + 'ᾴ' => 'άι', + 'ᾶ' => 'ᾶ', + 'ᾷ' => 'ᾶι', + 'ᾼ' => 'αι', + 'ῂ' => 'ὴι', + 'ῃ' => 'ηι', + 'ῄ' => 'ήι', + 'ῆ' => 'ῆ', + 'ῇ' => 'ῆι', + 'ῌ' => 'ηι', + 'ῒ' => 'ῒ', + 'ῖ' => 'ῖ', + 'ῗ' => 'ῗ', + 'ῢ' => 'ῢ', + 'ῤ' => 'ῤ', + 'ῦ' => 'ῦ', + 'ῧ' => 'ῧ', + 'ῲ' => 'ὼι', + 'ῳ' => 'ωι', + 'ῴ' => 'ώι', + 'ῶ' => 'ῶ', + 'ῷ' => 'ῶι', + 'ῼ' => 'ωι', + 'ff' => 'ff', + 'fi' => 'fi', + 'fl' => 'fl', + 'ffi' => 'ffi', + 'ffl' => 'ffl', + 'ſt' => 'st', + 'st' => 'st', + 'ﬓ' => 'մն', + 'ﬔ' => 'մե', + 'ﬕ' => 'մի', + 'ﬖ' => 'վն', + 'ﬗ' => 'մխ', +]; diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/lowerCase.php b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/lowerCase.php new file mode 100644 index 0000000..fac60b0 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/lowerCase.php @@ -0,0 +1,1397 @@ + 'a', + 'B' => 'b', + 'C' => 'c', + 'D' => 'd', + 'E' => 'e', + 'F' => 'f', + 'G' => 'g', + 'H' => 'h', + 'I' => 'i', + 'J' => 'j', + 'K' => 'k', + 'L' => 'l', + 'M' => 'm', + 'N' => 'n', + 'O' => 'o', + 'P' => 'p', + 'Q' => 'q', + 'R' => 'r', + 'S' => 's', + 'T' => 't', + 'U' => 'u', + 'V' => 'v', + 'W' => 'w', + 'X' => 'x', + 'Y' => 'y', + 'Z' => 'z', + 'À' => 'à', + 'Á' => 'á', + 'Â' => 'â', + 'Ã' => 'ã', + 'Ä' => 'ä', + 'Å' => 'å', + 'Æ' => 'æ', + 'Ç' => 'ç', + 'È' => 'è', + 'É' => 'é', + 'Ê' => 'ê', + 'Ë' => 'ë', + 'Ì' => 'ì', + 'Í' => 'í', + 'Î' => 'î', + 'Ï' => 'ï', + 'Ð' => 'ð', + 'Ñ' => 'ñ', + 'Ò' => 'ò', + 'Ó' => 'ó', + 'Ô' => 'ô', + 'Õ' => 'õ', + 'Ö' => 'ö', + 'Ø' => 'ø', + 'Ù' => 'ù', + 'Ú' => 'ú', + 'Û' => 'û', + 'Ü' => 'ü', + 'Ý' => 'ý', + 'Þ' => 'þ', + 'Ā' => 'ā', + 'Ă' => 'ă', + 'Ą' => 'ą', + 'Ć' => 'ć', + 'Ĉ' => 'ĉ', + 'Ċ' => 'ċ', + 'Č' => 'č', + 'Ď' => 'ď', + 'Đ' => 'đ', + 'Ē' => 'ē', + 'Ĕ' => 'ĕ', + 'Ė' => 'ė', + 'Ę' => 'ę', + 'Ě' => 'ě', + 'Ĝ' => 'ĝ', + 'Ğ' => 'ğ', + 'Ġ' => 'ġ', + 'Ģ' => 'ģ', + 'Ĥ' => 'ĥ', + 'Ħ' => 'ħ', + 'Ĩ' => 'ĩ', + 'Ī' => 'ī', + 'Ĭ' => 'ĭ', + 'Į' => 'į', + 'İ' => 'i̇', + 'IJ' => 'ij', + 'Ĵ' => 'ĵ', + 'Ķ' => 'ķ', + 'Ĺ' => 'ĺ', + 'Ļ' => 'ļ', + 'Ľ' => 'ľ', + 'Ŀ' => 'ŀ', + 'Ł' => 'ł', + 'Ń' => 'ń', + 'Ņ' => 'ņ', + 'Ň' => 'ň', + 'Ŋ' => 'ŋ', + 'Ō' => 'ō', + 'Ŏ' => 'ŏ', + 'Ő' => 'ő', + 'Œ' => 'œ', + 'Ŕ' => 'ŕ', + 'Ŗ' => 'ŗ', + 'Ř' => 'ř', + 'Ś' => 'ś', + 'Ŝ' => 'ŝ', + 'Ş' => 'ş', + 'Š' => 'š', + 'Ţ' => 'ţ', + 'Ť' => 'ť', + 'Ŧ' => 'ŧ', + 'Ũ' => 'ũ', + 'Ū' => 'ū', + 'Ŭ' => 'ŭ', + 'Ů' => 'ů', + 'Ű' => 'ű', + 'Ų' => 'ų', + 'Ŵ' => 'ŵ', + 'Ŷ' => 'ŷ', + 'Ÿ' => 'ÿ', + 'Ź' => 'ź', + 'Ż' => 'ż', + 'Ž' => 'ž', + 'Ɓ' => 'ɓ', + 'Ƃ' => 'ƃ', + 'Ƅ' => 'ƅ', + 'Ɔ' => 'ɔ', + 'Ƈ' => 'ƈ', + 'Ɖ' => 'ɖ', + 'Ɗ' => 'ɗ', + 'Ƌ' => 'ƌ', + 'Ǝ' => 'ǝ', + 'Ə' => 'ə', + 'Ɛ' => 'ɛ', + 'Ƒ' => 'ƒ', + 'Ɠ' => 'ɠ', + 'Ɣ' => 'ɣ', + 'Ɩ' => 'ɩ', + 'Ɨ' => 'ɨ', + 'Ƙ' => 'ƙ', + 'Ɯ' => 'ɯ', + 'Ɲ' => 'ɲ', + 'Ɵ' => 'ɵ', + 'Ơ' => 'ơ', + 'Ƣ' => 'ƣ', + 'Ƥ' => 'ƥ', + 'Ʀ' => 'ʀ', + 'Ƨ' => 'ƨ', + 'Ʃ' => 'ʃ', + 'Ƭ' => 'ƭ', + 'Ʈ' => 'ʈ', + 'Ư' => 'ư', + 'Ʊ' => 'ʊ', + 'Ʋ' => 'ʋ', + 'Ƴ' => 'ƴ', + 'Ƶ' => 'ƶ', + 'Ʒ' => 'ʒ', + 'Ƹ' => 'ƹ', + 'Ƽ' => 'ƽ', + 'DŽ' => 'dž', + 'Dž' => 'dž', + 'LJ' => 'lj', + 'Lj' => 'lj', + 'NJ' => 'nj', + 'Nj' => 'nj', + 'Ǎ' => 'ǎ', + 'Ǐ' => 'ǐ', + 'Ǒ' => 'ǒ', + 'Ǔ' => 'ǔ', + 'Ǖ' => 'ǖ', + 'Ǘ' => 'ǘ', + 'Ǚ' => 'ǚ', + 'Ǜ' => 'ǜ', + 'Ǟ' => 'ǟ', + 'Ǡ' => 'ǡ', + 'Ǣ' => 'ǣ', + 'Ǥ' => 'ǥ', + 'Ǧ' => 'ǧ', + 'Ǩ' => 'ǩ', + 'Ǫ' => 'ǫ', + 'Ǭ' => 'ǭ', + 'Ǯ' => 'ǯ', + 'DZ' => 'dz', + 'Dz' => 'dz', + 'Ǵ' => 'ǵ', + 'Ƕ' => 'ƕ', + 'Ƿ' => 'ƿ', + 'Ǹ' => 'ǹ', + 'Ǻ' => 'ǻ', + 'Ǽ' => 'ǽ', + 'Ǿ' => 'ǿ', + 'Ȁ' => 'ȁ', + 'Ȃ' => 'ȃ', + 'Ȅ' => 'ȅ', + 'Ȇ' => 'ȇ', + 'Ȉ' => 'ȉ', + 'Ȋ' => 'ȋ', + 'Ȍ' => 'ȍ', + 'Ȏ' => 'ȏ', + 'Ȑ' => 'ȑ', + 'Ȓ' => 'ȓ', + 'Ȕ' => 'ȕ', + 'Ȗ' => 'ȗ', + 'Ș' => 'ș', + 'Ț' => 'ț', + 'Ȝ' => 'ȝ', + 'Ȟ' => 'ȟ', + 'Ƞ' => 'ƞ', + 'Ȣ' => 'ȣ', + 'Ȥ' => 'ȥ', + 'Ȧ' => 'ȧ', + 'Ȩ' => 'ȩ', + 'Ȫ' => 'ȫ', + 'Ȭ' => 'ȭ', + 'Ȯ' => 'ȯ', + 'Ȱ' => 'ȱ', + 'Ȳ' => 'ȳ', + 'Ⱥ' => 'ⱥ', + 'Ȼ' => 'ȼ', + 'Ƚ' => 'ƚ', + 'Ⱦ' => 'ⱦ', + 'Ɂ' => 'ɂ', + 'Ƀ' => 'ƀ', + 'Ʉ' => 'ʉ', + 'Ʌ' => 'ʌ', + 'Ɇ' => 'ɇ', + 'Ɉ' => 'ɉ', + 'Ɋ' => 'ɋ', + 'Ɍ' => 'ɍ', + 'Ɏ' => 'ɏ', + 'Ͱ' => 'ͱ', + 'Ͳ' => 'ͳ', + 'Ͷ' => 'ͷ', + 'Ϳ' => 'ϳ', + 'Ά' => 'ά', + 'Έ' => 'έ', + 'Ή' => 'ή', + 'Ί' => 'ί', + 'Ό' => 'ό', + 'Ύ' => 'ύ', + 'Ώ' => 'ώ', + 'Α' => 'α', + 'Β' => 'β', + 'Γ' => 'γ', + 'Δ' => 'δ', + 'Ε' => 'ε', + 'Ζ' => 'ζ', + 'Η' => 'η', + 'Θ' => 'θ', + 'Ι' => 'ι', + 'Κ' => 'κ', + 'Λ' => 'λ', + 'Μ' => 'μ', + 'Ν' => 'ν', + 'Ξ' => 'ξ', + 'Ο' => 'ο', + 'Π' => 'π', + 'Ρ' => 'ρ', + 'Σ' => 'σ', + 'Τ' => 'τ', + 'Υ' => 'υ', + 'Φ' => 'φ', + 'Χ' => 'χ', + 'Ψ' => 'ψ', + 'Ω' => 'ω', + 'Ϊ' => 'ϊ', + 'Ϋ' => 'ϋ', + 'Ϗ' => 'ϗ', + 'Ϙ' => 'ϙ', + 'Ϛ' => 'ϛ', + 'Ϝ' => 'ϝ', + 'Ϟ' => 'ϟ', + 'Ϡ' => 'ϡ', + 'Ϣ' => 'ϣ', + 'Ϥ' => 'ϥ', + 'Ϧ' => 'ϧ', + 'Ϩ' => 'ϩ', + 'Ϫ' => 'ϫ', + 'Ϭ' => 'ϭ', + 'Ϯ' => 'ϯ', + 'ϴ' => 'θ', + 'Ϸ' => 'ϸ', + 'Ϲ' => 'ϲ', + 'Ϻ' => 'ϻ', + 'Ͻ' => 'ͻ', + 'Ͼ' => 'ͼ', + 'Ͽ' => 'ͽ', + 'Ѐ' => 'ѐ', + 'Ё' => 'ё', + 'Ђ' => 'ђ', + 'Ѓ' => 'ѓ', + 'Є' => 'є', + 'Ѕ' => 'ѕ', + 'І' => 'і', + 'Ї' => 'ї', + 'Ј' => 'ј', + 'Љ' => 'љ', + 'Њ' => 'њ', + 'Ћ' => 'ћ', + 'Ќ' => 'ќ', + 'Ѝ' => 'ѝ', + 'Ў' => 'ў', + 'Џ' => 'џ', + 'А' => 'а', + 'Б' => 'б', + 'В' => 'в', + 'Г' => 'г', + 'Д' => 'д', + 'Е' => 'е', + 'Ж' => 'ж', + 'З' => 'з', + 'И' => 'и', + 'Й' => 'й', + 'К' => 'к', + 'Л' => 'л', + 'М' => 'м', + 'Н' => 'н', + 'О' => 'о', + 'П' => 'п', + 'Р' => 'р', + 'С' => 'с', + 'Т' => 'т', + 'У' => 'у', + 'Ф' => 'ф', + 'Х' => 'х', + 'Ц' => 'ц', + 'Ч' => 'ч', + 'Ш' => 'ш', + 'Щ' => 'щ', + 'Ъ' => 'ъ', + 'Ы' => 'ы', + 'Ь' => 'ь', + 'Э' => 'э', + 'Ю' => 'ю', + 'Я' => 'я', + 'Ѡ' => 'ѡ', + 'Ѣ' => 'ѣ', + 'Ѥ' => 'ѥ', + 'Ѧ' => 'ѧ', + 'Ѩ' => 'ѩ', + 'Ѫ' => 'ѫ', + 'Ѭ' => 'ѭ', + 'Ѯ' => 'ѯ', + 'Ѱ' => 'ѱ', + 'Ѳ' => 'ѳ', + 'Ѵ' => 'ѵ', + 'Ѷ' => 'ѷ', + 'Ѹ' => 'ѹ', + 'Ѻ' => 'ѻ', + 'Ѽ' => 'ѽ', + 'Ѿ' => 'ѿ', + 'Ҁ' => 'ҁ', + 'Ҋ' => 'ҋ', + 'Ҍ' => 'ҍ', + 'Ҏ' => 'ҏ', + 'Ґ' => 'ґ', + 'Ғ' => 'ғ', + 'Ҕ' => 'ҕ', + 'Җ' => 'җ', + 'Ҙ' => 'ҙ', + 'Қ' => 'қ', + 'Ҝ' => 'ҝ', + 'Ҟ' => 'ҟ', + 'Ҡ' => 'ҡ', + 'Ң' => 'ң', + 'Ҥ' => 'ҥ', + 'Ҧ' => 'ҧ', + 'Ҩ' => 'ҩ', + 'Ҫ' => 'ҫ', + 'Ҭ' => 'ҭ', + 'Ү' => 'ү', + 'Ұ' => 'ұ', + 'Ҳ' => 'ҳ', + 'Ҵ' => 'ҵ', + 'Ҷ' => 'ҷ', + 'Ҹ' => 'ҹ', + 'Һ' => 'һ', + 'Ҽ' => 'ҽ', + 'Ҿ' => 'ҿ', + 'Ӏ' => 'ӏ', + 'Ӂ' => 'ӂ', + 'Ӄ' => 'ӄ', + 'Ӆ' => 'ӆ', + 'Ӈ' => 'ӈ', + 'Ӊ' => 'ӊ', + 'Ӌ' => 'ӌ', + 'Ӎ' => 'ӎ', + 'Ӑ' => 'ӑ', + 'Ӓ' => 'ӓ', + 'Ӕ' => 'ӕ', + 'Ӗ' => 'ӗ', + 'Ә' => 'ә', + 'Ӛ' => 'ӛ', + 'Ӝ' => 'ӝ', + 'Ӟ' => 'ӟ', + 'Ӡ' => 'ӡ', + 'Ӣ' => 'ӣ', + 'Ӥ' => 'ӥ', + 'Ӧ' => 'ӧ', + 'Ө' => 'ө', + 'Ӫ' => 'ӫ', + 'Ӭ' => 'ӭ', + 'Ӯ' => 'ӯ', + 'Ӱ' => 'ӱ', + 'Ӳ' => 'ӳ', + 'Ӵ' => 'ӵ', + 'Ӷ' => 'ӷ', + 'Ӹ' => 'ӹ', + 'Ӻ' => 'ӻ', + 'Ӽ' => 'ӽ', + 'Ӿ' => 'ӿ', + 'Ԁ' => 'ԁ', + 'Ԃ' => 'ԃ', + 'Ԅ' => 'ԅ', + 'Ԇ' => 'ԇ', + 'Ԉ' => 'ԉ', + 'Ԋ' => 'ԋ', + 'Ԍ' => 'ԍ', + 'Ԏ' => 'ԏ', + 'Ԑ' => 'ԑ', + 'Ԓ' => 'ԓ', + 'Ԕ' => 'ԕ', + 'Ԗ' => 'ԗ', + 'Ԙ' => 'ԙ', + 'Ԛ' => 'ԛ', + 'Ԝ' => 'ԝ', + 'Ԟ' => 'ԟ', + 'Ԡ' => 'ԡ', + 'Ԣ' => 'ԣ', + 'Ԥ' => 'ԥ', + 'Ԧ' => 'ԧ', + 'Ԩ' => 'ԩ', + 'Ԫ' => 'ԫ', + 'Ԭ' => 'ԭ', + 'Ԯ' => 'ԯ', + 'Ա' => 'ա', + 'Բ' => 'բ', + 'Գ' => 'գ', + 'Դ' => 'դ', + 'Ե' => 'ե', + 'Զ' => 'զ', + 'Է' => 'է', + 'Ը' => 'ը', + 'Թ' => 'թ', + 'Ժ' => 'ժ', + 'Ի' => 'ի', + 'Լ' => 'լ', + 'Խ' => 'խ', + 'Ծ' => 'ծ', + 'Կ' => 'կ', + 'Հ' => 'հ', + 'Ձ' => 'ձ', + 'Ղ' => 'ղ', + 'Ճ' => 'ճ', + 'Մ' => 'մ', + 'Յ' => 'յ', + 'Ն' => 'ն', + 'Շ' => 'շ', + 'Ո' => 'ո', + 'Չ' => 'չ', + 'Պ' => 'պ', + 'Ջ' => 'ջ', + 'Ռ' => 'ռ', + 'Ս' => 'ս', + 'Վ' => 'վ', + 'Տ' => 'տ', + 'Ր' => 'ր', + 'Ց' => 'ց', + 'Ւ' => 'ւ', + 'Փ' => 'փ', + 'Ք' => 'ք', + 'Օ' => 'օ', + 'Ֆ' => 'ֆ', + 'Ⴀ' => 'ⴀ', + 'Ⴁ' => 'ⴁ', + 'Ⴂ' => 'ⴂ', + 'Ⴃ' => 'ⴃ', + 'Ⴄ' => 'ⴄ', + 'Ⴅ' => 'ⴅ', + 'Ⴆ' => 'ⴆ', + 'Ⴇ' => 'ⴇ', + 'Ⴈ' => 'ⴈ', + 'Ⴉ' => 'ⴉ', + 'Ⴊ' => 'ⴊ', + 'Ⴋ' => 'ⴋ', + 'Ⴌ' => 'ⴌ', + 'Ⴍ' => 'ⴍ', + 'Ⴎ' => 'ⴎ', + 'Ⴏ' => 'ⴏ', + 'Ⴐ' => 'ⴐ', + 'Ⴑ' => 'ⴑ', + 'Ⴒ' => 'ⴒ', + 'Ⴓ' => 'ⴓ', + 'Ⴔ' => 'ⴔ', + 'Ⴕ' => 'ⴕ', + 'Ⴖ' => 'ⴖ', + 'Ⴗ' => 'ⴗ', + 'Ⴘ' => 'ⴘ', + 'Ⴙ' => 'ⴙ', + 'Ⴚ' => 'ⴚ', + 'Ⴛ' => 'ⴛ', + 'Ⴜ' => 'ⴜ', + 'Ⴝ' => 'ⴝ', + 'Ⴞ' => 'ⴞ', + 'Ⴟ' => 'ⴟ', + 'Ⴠ' => 'ⴠ', + 'Ⴡ' => 'ⴡ', + 'Ⴢ' => 'ⴢ', + 'Ⴣ' => 'ⴣ', + 'Ⴤ' => 'ⴤ', + 'Ⴥ' => 'ⴥ', + 'Ⴧ' => 'ⴧ', + 'Ⴭ' => 'ⴭ', + 'Ꭰ' => 'ꭰ', + 'Ꭱ' => 'ꭱ', + 'Ꭲ' => 'ꭲ', + 'Ꭳ' => 'ꭳ', + 'Ꭴ' => 'ꭴ', + 'Ꭵ' => 'ꭵ', + 'Ꭶ' => 'ꭶ', + 'Ꭷ' => 'ꭷ', + 'Ꭸ' => 'ꭸ', + 'Ꭹ' => 'ꭹ', + 'Ꭺ' => 'ꭺ', + 'Ꭻ' => 'ꭻ', + 'Ꭼ' => 'ꭼ', + 'Ꭽ' => 'ꭽ', + 'Ꭾ' => 'ꭾ', + 'Ꭿ' => 'ꭿ', + 'Ꮀ' => 'ꮀ', + 'Ꮁ' => 'ꮁ', + 'Ꮂ' => 'ꮂ', + 'Ꮃ' => 'ꮃ', + 'Ꮄ' => 'ꮄ', + 'Ꮅ' => 'ꮅ', + 'Ꮆ' => 'ꮆ', + 'Ꮇ' => 'ꮇ', + 'Ꮈ' => 'ꮈ', + 'Ꮉ' => 'ꮉ', + 'Ꮊ' => 'ꮊ', + 'Ꮋ' => 'ꮋ', + 'Ꮌ' => 'ꮌ', + 'Ꮍ' => 'ꮍ', + 'Ꮎ' => 'ꮎ', + 'Ꮏ' => 'ꮏ', + 'Ꮐ' => 'ꮐ', + 'Ꮑ' => 'ꮑ', + 'Ꮒ' => 'ꮒ', + 'Ꮓ' => 'ꮓ', + 'Ꮔ' => 'ꮔ', + 'Ꮕ' => 'ꮕ', + 'Ꮖ' => 'ꮖ', + 'Ꮗ' => 'ꮗ', + 'Ꮘ' => 'ꮘ', + 'Ꮙ' => 'ꮙ', + 'Ꮚ' => 'ꮚ', + 'Ꮛ' => 'ꮛ', + 'Ꮜ' => 'ꮜ', + 'Ꮝ' => 'ꮝ', + 'Ꮞ' => 'ꮞ', + 'Ꮟ' => 'ꮟ', + 'Ꮠ' => 'ꮠ', + 'Ꮡ' => 'ꮡ', + 'Ꮢ' => 'ꮢ', + 'Ꮣ' => 'ꮣ', + 'Ꮤ' => 'ꮤ', + 'Ꮥ' => 'ꮥ', + 'Ꮦ' => 'ꮦ', + 'Ꮧ' => 'ꮧ', + 'Ꮨ' => 'ꮨ', + 'Ꮩ' => 'ꮩ', + 'Ꮪ' => 'ꮪ', + 'Ꮫ' => 'ꮫ', + 'Ꮬ' => 'ꮬ', + 'Ꮭ' => 'ꮭ', + 'Ꮮ' => 'ꮮ', + 'Ꮯ' => 'ꮯ', + 'Ꮰ' => 'ꮰ', + 'Ꮱ' => 'ꮱ', + 'Ꮲ' => 'ꮲ', + 'Ꮳ' => 'ꮳ', + 'Ꮴ' => 'ꮴ', + 'Ꮵ' => 'ꮵ', + 'Ꮶ' => 'ꮶ', + 'Ꮷ' => 'ꮷ', + 'Ꮸ' => 'ꮸ', + 'Ꮹ' => 'ꮹ', + 'Ꮺ' => 'ꮺ', + 'Ꮻ' => 'ꮻ', + 'Ꮼ' => 'ꮼ', + 'Ꮽ' => 'ꮽ', + 'Ꮾ' => 'ꮾ', + 'Ꮿ' => 'ꮿ', + 'Ᏸ' => 'ᏸ', + 'Ᏹ' => 'ᏹ', + 'Ᏺ' => 'ᏺ', + 'Ᏻ' => 'ᏻ', + 'Ᏼ' => 'ᏼ', + 'Ᏽ' => 'ᏽ', + 'Ა' => 'ა', + 'Ბ' => 'ბ', + 'Გ' => 'გ', + 'Დ' => 'დ', + 'Ე' => 'ე', + 'Ვ' => 'ვ', + 'Ზ' => 'ზ', + 'Თ' => 'თ', + 'Ი' => 'ი', + 'Კ' => 'კ', + 'Ლ' => 'ლ', + 'Მ' => 'მ', + 'Ნ' => 'ნ', + 'Ო' => 'ო', + 'Პ' => 'პ', + 'Ჟ' => 'ჟ', + 'Რ' => 'რ', + 'Ს' => 'ს', + 'Ტ' => 'ტ', + 'Უ' => 'უ', + 'Ფ' => 'ფ', + 'Ქ' => 'ქ', + 'Ღ' => 'ღ', + 'Ყ' => 'ყ', + 'Შ' => 'შ', + 'Ჩ' => 'ჩ', + 'Ც' => 'ც', + 'Ძ' => 'ძ', + 'Წ' => 'წ', + 'Ჭ' => 'ჭ', + 'Ხ' => 'ხ', + 'Ჯ' => 'ჯ', + 'Ჰ' => 'ჰ', + 'Ჱ' => 'ჱ', + 'Ჲ' => 'ჲ', + 'Ჳ' => 'ჳ', + 'Ჴ' => 'ჴ', + 'Ჵ' => 'ჵ', + 'Ჶ' => 'ჶ', + 'Ჷ' => 'ჷ', + 'Ჸ' => 'ჸ', + 'Ჹ' => 'ჹ', + 'Ჺ' => 'ჺ', + 'Ჽ' => 'ჽ', + 'Ჾ' => 'ჾ', + 'Ჿ' => 'ჿ', + 'Ḁ' => 'ḁ', + 'Ḃ' => 'ḃ', + 'Ḅ' => 'ḅ', + 'Ḇ' => 'ḇ', + 'Ḉ' => 'ḉ', + 'Ḋ' => 'ḋ', + 'Ḍ' => 'ḍ', + 'Ḏ' => 'ḏ', + 'Ḑ' => 'ḑ', + 'Ḓ' => 'ḓ', + 'Ḕ' => 'ḕ', + 'Ḗ' => 'ḗ', + 'Ḙ' => 'ḙ', + 'Ḛ' => 'ḛ', + 'Ḝ' => 'ḝ', + 'Ḟ' => 'ḟ', + 'Ḡ' => 'ḡ', + 'Ḣ' => 'ḣ', + 'Ḥ' => 'ḥ', + 'Ḧ' => 'ḧ', + 'Ḩ' => 'ḩ', + 'Ḫ' => 'ḫ', + 'Ḭ' => 'ḭ', + 'Ḯ' => 'ḯ', + 'Ḱ' => 'ḱ', + 'Ḳ' => 'ḳ', + 'Ḵ' => 'ḵ', + 'Ḷ' => 'ḷ', + 'Ḹ' => 'ḹ', + 'Ḻ' => 'ḻ', + 'Ḽ' => 'ḽ', + 'Ḿ' => 'ḿ', + 'Ṁ' => 'ṁ', + 'Ṃ' => 'ṃ', + 'Ṅ' => 'ṅ', + 'Ṇ' => 'ṇ', + 'Ṉ' => 'ṉ', + 'Ṋ' => 'ṋ', + 'Ṍ' => 'ṍ', + 'Ṏ' => 'ṏ', + 'Ṑ' => 'ṑ', + 'Ṓ' => 'ṓ', + 'Ṕ' => 'ṕ', + 'Ṗ' => 'ṗ', + 'Ṙ' => 'ṙ', + 'Ṛ' => 'ṛ', + 'Ṝ' => 'ṝ', + 'Ṟ' => 'ṟ', + 'Ṡ' => 'ṡ', + 'Ṣ' => 'ṣ', + 'Ṥ' => 'ṥ', + 'Ṧ' => 'ṧ', + 'Ṩ' => 'ṩ', + 'Ṫ' => 'ṫ', + 'Ṭ' => 'ṭ', + 'Ṯ' => 'ṯ', + 'Ṱ' => 'ṱ', + 'Ṳ' => 'ṳ', + 'Ṵ' => 'ṵ', + 'Ṷ' => 'ṷ', + 'Ṹ' => 'ṹ', + 'Ṻ' => 'ṻ', + 'Ṽ' => 'ṽ', + 'Ṿ' => 'ṿ', + 'Ẁ' => 'ẁ', + 'Ẃ' => 'ẃ', + 'Ẅ' => 'ẅ', + 'Ẇ' => 'ẇ', + 'Ẉ' => 'ẉ', + 'Ẋ' => 'ẋ', + 'Ẍ' => 'ẍ', + 'Ẏ' => 'ẏ', + 'Ẑ' => 'ẑ', + 'Ẓ' => 'ẓ', + 'Ẕ' => 'ẕ', + 'ẞ' => 'ß', + 'Ạ' => 'ạ', + 'Ả' => 'ả', + 'Ấ' => 'ấ', + 'Ầ' => 'ầ', + 'Ẩ' => 'ẩ', + 'Ẫ' => 'ẫ', + 'Ậ' => 'ậ', + 'Ắ' => 'ắ', + 'Ằ' => 'ằ', + 'Ẳ' => 'ẳ', + 'Ẵ' => 'ẵ', + 'Ặ' => 'ặ', + 'Ẹ' => 'ẹ', + 'Ẻ' => 'ẻ', + 'Ẽ' => 'ẽ', + 'Ế' => 'ế', + 'Ề' => 'ề', + 'Ể' => 'ể', + 'Ễ' => 'ễ', + 'Ệ' => 'ệ', + 'Ỉ' => 'ỉ', + 'Ị' => 'ị', + 'Ọ' => 'ọ', + 'Ỏ' => 'ỏ', + 'Ố' => 'ố', + 'Ồ' => 'ồ', + 'Ổ' => 'ổ', + 'Ỗ' => 'ỗ', + 'Ộ' => 'ộ', + 'Ớ' => 'ớ', + 'Ờ' => 'ờ', + 'Ở' => 'ở', + 'Ỡ' => 'ỡ', + 'Ợ' => 'ợ', + 'Ụ' => 'ụ', + 'Ủ' => 'ủ', + 'Ứ' => 'ứ', + 'Ừ' => 'ừ', + 'Ử' => 'ử', + 'Ữ' => 'ữ', + 'Ự' => 'ự', + 'Ỳ' => 'ỳ', + 'Ỵ' => 'ỵ', + 'Ỷ' => 'ỷ', + 'Ỹ' => 'ỹ', + 'Ỻ' => 'ỻ', + 'Ỽ' => 'ỽ', + 'Ỿ' => 'ỿ', + 'Ἀ' => 'ἀ', + 'Ἁ' => 'ἁ', + 'Ἂ' => 'ἂ', + 'Ἃ' => 'ἃ', + 'Ἄ' => 'ἄ', + 'Ἅ' => 'ἅ', + 'Ἆ' => 'ἆ', + 'Ἇ' => 'ἇ', + 'Ἐ' => 'ἐ', + 'Ἑ' => 'ἑ', + 'Ἒ' => 'ἒ', + 'Ἓ' => 'ἓ', + 'Ἔ' => 'ἔ', + 'Ἕ' => 'ἕ', + 'Ἠ' => 'ἠ', + 'Ἡ' => 'ἡ', + 'Ἢ' => 'ἢ', + 'Ἣ' => 'ἣ', + 'Ἤ' => 'ἤ', + 'Ἥ' => 'ἥ', + 'Ἦ' => 'ἦ', + 'Ἧ' => 'ἧ', + 'Ἰ' => 'ἰ', + 'Ἱ' => 'ἱ', + 'Ἲ' => 'ἲ', + 'Ἳ' => 'ἳ', + 'Ἴ' => 'ἴ', + 'Ἵ' => 'ἵ', + 'Ἶ' => 'ἶ', + 'Ἷ' => 'ἷ', + 'Ὀ' => 'ὀ', + 'Ὁ' => 'ὁ', + 'Ὂ' => 'ὂ', + 'Ὃ' => 'ὃ', + 'Ὄ' => 'ὄ', + 'Ὅ' => 'ὅ', + 'Ὑ' => 'ὑ', + 'Ὓ' => 'ὓ', + 'Ὕ' => 'ὕ', + 'Ὗ' => 'ὗ', + 'Ὠ' => 'ὠ', + 'Ὡ' => 'ὡ', + 'Ὢ' => 'ὢ', + 'Ὣ' => 'ὣ', + 'Ὤ' => 'ὤ', + 'Ὥ' => 'ὥ', + 'Ὦ' => 'ὦ', + 'Ὧ' => 'ὧ', + 'ᾈ' => 'ᾀ', + 'ᾉ' => 'ᾁ', + 'ᾊ' => 'ᾂ', + 'ᾋ' => 'ᾃ', + 'ᾌ' => 'ᾄ', + 'ᾍ' => 'ᾅ', + 'ᾎ' => 'ᾆ', + 'ᾏ' => 'ᾇ', + 'ᾘ' => 'ᾐ', + 'ᾙ' => 'ᾑ', + 'ᾚ' => 'ᾒ', + 'ᾛ' => 'ᾓ', + 'ᾜ' => 'ᾔ', + 'ᾝ' => 'ᾕ', + 'ᾞ' => 'ᾖ', + 'ᾟ' => 'ᾗ', + 'ᾨ' => 'ᾠ', + 'ᾩ' => 'ᾡ', + 'ᾪ' => 'ᾢ', + 'ᾫ' => 'ᾣ', + 'ᾬ' => 'ᾤ', + 'ᾭ' => 'ᾥ', + 'ᾮ' => 'ᾦ', + 'ᾯ' => 'ᾧ', + 'Ᾰ' => 'ᾰ', + 'Ᾱ' => 'ᾱ', + 'Ὰ' => 'ὰ', + 'Ά' => 'ά', + 'ᾼ' => 'ᾳ', + 'Ὲ' => 'ὲ', + 'Έ' => 'έ', + 'Ὴ' => 'ὴ', + 'Ή' => 'ή', + 'ῌ' => 'ῃ', + 'Ῐ' => 'ῐ', + 'Ῑ' => 'ῑ', + 'Ὶ' => 'ὶ', + 'Ί' => 'ί', + 'Ῠ' => 'ῠ', + 'Ῡ' => 'ῡ', + 'Ὺ' => 'ὺ', + 'Ύ' => 'ύ', + 'Ῥ' => 'ῥ', + 'Ὸ' => 'ὸ', + 'Ό' => 'ό', + 'Ὼ' => 'ὼ', + 'Ώ' => 'ώ', + 'ῼ' => 'ῳ', + 'Ω' => 'ω', + 'K' => 'k', + 'Å' => 'å', + 'Ⅎ' => 'ⅎ', + 'Ⅰ' => 'ⅰ', + 'Ⅱ' => 'ⅱ', + 'Ⅲ' => 'ⅲ', + 'Ⅳ' => 'ⅳ', + 'Ⅴ' => 'ⅴ', + 'Ⅵ' => 'ⅵ', + 'Ⅶ' => 'ⅶ', + 'Ⅷ' => 'ⅷ', + 'Ⅸ' => 'ⅸ', + 'Ⅹ' => 'ⅹ', + 'Ⅺ' => 'ⅺ', + 'Ⅻ' => 'ⅻ', + 'Ⅼ' => 'ⅼ', + 'Ⅽ' => 'ⅽ', + 'Ⅾ' => 'ⅾ', + 'Ⅿ' => 'ⅿ', + 'Ↄ' => 'ↄ', + 'Ⓐ' => 'ⓐ', + 'Ⓑ' => 'ⓑ', + 'Ⓒ' => 'ⓒ', + 'Ⓓ' => 'ⓓ', + 'Ⓔ' => 'ⓔ', + 'Ⓕ' => 'ⓕ', + 'Ⓖ' => 'ⓖ', + 'Ⓗ' => 'ⓗ', + 'Ⓘ' => 'ⓘ', + 'Ⓙ' => 'ⓙ', + 'Ⓚ' => 'ⓚ', + 'Ⓛ' => 'ⓛ', + 'Ⓜ' => 'ⓜ', + 'Ⓝ' => 'ⓝ', + 'Ⓞ' => 'ⓞ', + 'Ⓟ' => 'ⓟ', + 'Ⓠ' => 'ⓠ', + 'Ⓡ' => 'ⓡ', + 'Ⓢ' => 'ⓢ', + 'Ⓣ' => 'ⓣ', + 'Ⓤ' => 'ⓤ', + 'Ⓥ' => 'ⓥ', + 'Ⓦ' => 'ⓦ', + 'Ⓧ' => 'ⓧ', + 'Ⓨ' => 'ⓨ', + 'Ⓩ' => 'ⓩ', + 'Ⰰ' => 'ⰰ', + 'Ⰱ' => 'ⰱ', + 'Ⰲ' => 'ⰲ', + 'Ⰳ' => 'ⰳ', + 'Ⰴ' => 'ⰴ', + 'Ⰵ' => 'ⰵ', + 'Ⰶ' => 'ⰶ', + 'Ⰷ' => 'ⰷ', + 'Ⰸ' => 'ⰸ', + 'Ⰹ' => 'ⰹ', + 'Ⰺ' => 'ⰺ', + 'Ⰻ' => 'ⰻ', + 'Ⰼ' => 'ⰼ', + 'Ⰽ' => 'ⰽ', + 'Ⰾ' => 'ⰾ', + 'Ⰿ' => 'ⰿ', + 'Ⱀ' => 'ⱀ', + 'Ⱁ' => 'ⱁ', + 'Ⱂ' => 'ⱂ', + 'Ⱃ' => 'ⱃ', + 'Ⱄ' => 'ⱄ', + 'Ⱅ' => 'ⱅ', + 'Ⱆ' => 'ⱆ', + 'Ⱇ' => 'ⱇ', + 'Ⱈ' => 'ⱈ', + 'Ⱉ' => 'ⱉ', + 'Ⱊ' => 'ⱊ', + 'Ⱋ' => 'ⱋ', + 'Ⱌ' => 'ⱌ', + 'Ⱍ' => 'ⱍ', + 'Ⱎ' => 'ⱎ', + 'Ⱏ' => 'ⱏ', + 'Ⱐ' => 'ⱐ', + 'Ⱑ' => 'ⱑ', + 'Ⱒ' => 'ⱒ', + 'Ⱓ' => 'ⱓ', + 'Ⱔ' => 'ⱔ', + 'Ⱕ' => 'ⱕ', + 'Ⱖ' => 'ⱖ', + 'Ⱗ' => 'ⱗ', + 'Ⱘ' => 'ⱘ', + 'Ⱙ' => 'ⱙ', + 'Ⱚ' => 'ⱚ', + 'Ⱛ' => 'ⱛ', + 'Ⱜ' => 'ⱜ', + 'Ⱝ' => 'ⱝ', + 'Ⱞ' => 'ⱞ', + 'Ⱡ' => 'ⱡ', + 'Ɫ' => 'ɫ', + 'Ᵽ' => 'ᵽ', + 'Ɽ' => 'ɽ', + 'Ⱨ' => 'ⱨ', + 'Ⱪ' => 'ⱪ', + 'Ⱬ' => 'ⱬ', + 'Ɑ' => 'ɑ', + 'Ɱ' => 'ɱ', + 'Ɐ' => 'ɐ', + 'Ɒ' => 'ɒ', + 'Ⱳ' => 'ⱳ', + 'Ⱶ' => 'ⱶ', + 'Ȿ' => 'ȿ', + 'Ɀ' => 'ɀ', + 'Ⲁ' => 'ⲁ', + 'Ⲃ' => 'ⲃ', + 'Ⲅ' => 'ⲅ', + 'Ⲇ' => 'ⲇ', + 'Ⲉ' => 'ⲉ', + 'Ⲋ' => 'ⲋ', + 'Ⲍ' => 'ⲍ', + 'Ⲏ' => 'ⲏ', + 'Ⲑ' => 'ⲑ', + 'Ⲓ' => 'ⲓ', + 'Ⲕ' => 'ⲕ', + 'Ⲗ' => 'ⲗ', + 'Ⲙ' => 'ⲙ', + 'Ⲛ' => 'ⲛ', + 'Ⲝ' => 'ⲝ', + 'Ⲟ' => 'ⲟ', + 'Ⲡ' => 'ⲡ', + 'Ⲣ' => 'ⲣ', + 'Ⲥ' => 'ⲥ', + 'Ⲧ' => 'ⲧ', + 'Ⲩ' => 'ⲩ', + 'Ⲫ' => 'ⲫ', + 'Ⲭ' => 'ⲭ', + 'Ⲯ' => 'ⲯ', + 'Ⲱ' => 'ⲱ', + 'Ⲳ' => 'ⲳ', + 'Ⲵ' => 'ⲵ', + 'Ⲷ' => 'ⲷ', + 'Ⲹ' => 'ⲹ', + 'Ⲻ' => 'ⲻ', + 'Ⲽ' => 'ⲽ', + 'Ⲿ' => 'ⲿ', + 'Ⳁ' => 'ⳁ', + 'Ⳃ' => 'ⳃ', + 'Ⳅ' => 'ⳅ', + 'Ⳇ' => 'ⳇ', + 'Ⳉ' => 'ⳉ', + 'Ⳋ' => 'ⳋ', + 'Ⳍ' => 'ⳍ', + 'Ⳏ' => 'ⳏ', + 'Ⳑ' => 'ⳑ', + 'Ⳓ' => 'ⳓ', + 'Ⳕ' => 'ⳕ', + 'Ⳗ' => 'ⳗ', + 'Ⳙ' => 'ⳙ', + 'Ⳛ' => 'ⳛ', + 'Ⳝ' => 'ⳝ', + 'Ⳟ' => 'ⳟ', + 'Ⳡ' => 'ⳡ', + 'Ⳣ' => 'ⳣ', + 'Ⳬ' => 'ⳬ', + 'Ⳮ' => 'ⳮ', + 'Ⳳ' => 'ⳳ', + 'Ꙁ' => 'ꙁ', + 'Ꙃ' => 'ꙃ', + 'Ꙅ' => 'ꙅ', + 'Ꙇ' => 'ꙇ', + 'Ꙉ' => 'ꙉ', + 'Ꙋ' => 'ꙋ', + 'Ꙍ' => 'ꙍ', + 'Ꙏ' => 'ꙏ', + 'Ꙑ' => 'ꙑ', + 'Ꙓ' => 'ꙓ', + 'Ꙕ' => 'ꙕ', + 'Ꙗ' => 'ꙗ', + 'Ꙙ' => 'ꙙ', + 'Ꙛ' => 'ꙛ', + 'Ꙝ' => 'ꙝ', + 'Ꙟ' => 'ꙟ', + 'Ꙡ' => 'ꙡ', + 'Ꙣ' => 'ꙣ', + 'Ꙥ' => 'ꙥ', + 'Ꙧ' => 'ꙧ', + 'Ꙩ' => 'ꙩ', + 'Ꙫ' => 'ꙫ', + 'Ꙭ' => 'ꙭ', + 'Ꚁ' => 'ꚁ', + 'Ꚃ' => 'ꚃ', + 'Ꚅ' => 'ꚅ', + 'Ꚇ' => 'ꚇ', + 'Ꚉ' => 'ꚉ', + 'Ꚋ' => 'ꚋ', + 'Ꚍ' => 'ꚍ', + 'Ꚏ' => 'ꚏ', + 'Ꚑ' => 'ꚑ', + 'Ꚓ' => 'ꚓ', + 'Ꚕ' => 'ꚕ', + 'Ꚗ' => 'ꚗ', + 'Ꚙ' => 'ꚙ', + 'Ꚛ' => 'ꚛ', + 'Ꜣ' => 'ꜣ', + 'Ꜥ' => 'ꜥ', + 'Ꜧ' => 'ꜧ', + 'Ꜩ' => 'ꜩ', + 'Ꜫ' => 'ꜫ', + 'Ꜭ' => 'ꜭ', + 'Ꜯ' => 'ꜯ', + 'Ꜳ' => 'ꜳ', + 'Ꜵ' => 'ꜵ', + 'Ꜷ' => 'ꜷ', + 'Ꜹ' => 'ꜹ', + 'Ꜻ' => 'ꜻ', + 'Ꜽ' => 'ꜽ', + 'Ꜿ' => 'ꜿ', + 'Ꝁ' => 'ꝁ', + 'Ꝃ' => 'ꝃ', + 'Ꝅ' => 'ꝅ', + 'Ꝇ' => 'ꝇ', + 'Ꝉ' => 'ꝉ', + 'Ꝋ' => 'ꝋ', + 'Ꝍ' => 'ꝍ', + 'Ꝏ' => 'ꝏ', + 'Ꝑ' => 'ꝑ', + 'Ꝓ' => 'ꝓ', + 'Ꝕ' => 'ꝕ', + 'Ꝗ' => 'ꝗ', + 'Ꝙ' => 'ꝙ', + 'Ꝛ' => 'ꝛ', + 'Ꝝ' => 'ꝝ', + 'Ꝟ' => 'ꝟ', + 'Ꝡ' => 'ꝡ', + 'Ꝣ' => 'ꝣ', + 'Ꝥ' => 'ꝥ', + 'Ꝧ' => 'ꝧ', + 'Ꝩ' => 'ꝩ', + 'Ꝫ' => 'ꝫ', + 'Ꝭ' => 'ꝭ', + 'Ꝯ' => 'ꝯ', + 'Ꝺ' => 'ꝺ', + 'Ꝼ' => 'ꝼ', + 'Ᵹ' => 'ᵹ', + 'Ꝿ' => 'ꝿ', + 'Ꞁ' => 'ꞁ', + 'Ꞃ' => 'ꞃ', + 'Ꞅ' => 'ꞅ', + 'Ꞇ' => 'ꞇ', + 'Ꞌ' => 'ꞌ', + 'Ɥ' => 'ɥ', + 'Ꞑ' => 'ꞑ', + 'Ꞓ' => 'ꞓ', + 'Ꞗ' => 'ꞗ', + 'Ꞙ' => 'ꞙ', + 'Ꞛ' => 'ꞛ', + 'Ꞝ' => 'ꞝ', + 'Ꞟ' => 'ꞟ', + 'Ꞡ' => 'ꞡ', + 'Ꞣ' => 'ꞣ', + 'Ꞥ' => 'ꞥ', + 'Ꞧ' => 'ꞧ', + 'Ꞩ' => 'ꞩ', + 'Ɦ' => 'ɦ', + 'Ɜ' => 'ɜ', + 'Ɡ' => 'ɡ', + 'Ɬ' => 'ɬ', + 'Ɪ' => 'ɪ', + 'Ʞ' => 'ʞ', + 'Ʇ' => 'ʇ', + 'Ʝ' => 'ʝ', + 'Ꭓ' => 'ꭓ', + 'Ꞵ' => 'ꞵ', + 'Ꞷ' => 'ꞷ', + 'Ꞹ' => 'ꞹ', + 'Ꞻ' => 'ꞻ', + 'Ꞽ' => 'ꞽ', + 'Ꞿ' => 'ꞿ', + 'Ꟃ' => 'ꟃ', + 'Ꞔ' => 'ꞔ', + 'Ʂ' => 'ʂ', + 'Ᶎ' => 'ᶎ', + 'Ꟈ' => 'ꟈ', + 'Ꟊ' => 'ꟊ', + 'Ꟶ' => 'ꟶ', + 'A' => 'a', + 'B' => 'b', + 'C' => 'c', + 'D' => 'd', + 'E' => 'e', + 'F' => 'f', + 'G' => 'g', + 'H' => 'h', + 'I' => 'i', + 'J' => 'j', + 'K' => 'k', + 'L' => 'l', + 'M' => 'm', + 'N' => 'n', + 'O' => 'o', + 'P' => 'p', + 'Q' => 'q', + 'R' => 'r', + 'S' => 's', + 'T' => 't', + 'U' => 'u', + 'V' => 'v', + 'W' => 'w', + 'X' => 'x', + 'Y' => 'y', + 'Z' => 'z', + '𐐀' => '𐐨', + '𐐁' => '𐐩', + '𐐂' => '𐐪', + '𐐃' => '𐐫', + '𐐄' => '𐐬', + '𐐅' => '𐐭', + '𐐆' => '𐐮', + '𐐇' => '𐐯', + '𐐈' => '𐐰', + '𐐉' => '𐐱', + '𐐊' => '𐐲', + '𐐋' => '𐐳', + '𐐌' => '𐐴', + '𐐍' => '𐐵', + '𐐎' => '𐐶', + '𐐏' => '𐐷', + '𐐐' => '𐐸', + '𐐑' => '𐐹', + '𐐒' => '𐐺', + '𐐓' => '𐐻', + '𐐔' => '𐐼', + '𐐕' => '𐐽', + '𐐖' => '𐐾', + '𐐗' => '𐐿', + '𐐘' => '𐑀', + '𐐙' => '𐑁', + '𐐚' => '𐑂', + '𐐛' => '𐑃', + '𐐜' => '𐑄', + '𐐝' => '𐑅', + '𐐞' => '𐑆', + '𐐟' => '𐑇', + '𐐠' => '𐑈', + '𐐡' => '𐑉', + '𐐢' => '𐑊', + '𐐣' => '𐑋', + '𐐤' => '𐑌', + '𐐥' => '𐑍', + '𐐦' => '𐑎', + '𐐧' => '𐑏', + '𐒰' => '𐓘', + '𐒱' => '𐓙', + '𐒲' => '𐓚', + '𐒳' => '𐓛', + '𐒴' => '𐓜', + '𐒵' => '𐓝', + '𐒶' => '𐓞', + '𐒷' => '𐓟', + '𐒸' => '𐓠', + '𐒹' => '𐓡', + '𐒺' => '𐓢', + '𐒻' => '𐓣', + '𐒼' => '𐓤', + '𐒽' => '𐓥', + '𐒾' => '𐓦', + '𐒿' => '𐓧', + '𐓀' => '𐓨', + '𐓁' => '𐓩', + '𐓂' => '𐓪', + '𐓃' => '𐓫', + '𐓄' => '𐓬', + '𐓅' => '𐓭', + '𐓆' => '𐓮', + '𐓇' => '𐓯', + '𐓈' => '𐓰', + '𐓉' => '𐓱', + '𐓊' => '𐓲', + '𐓋' => '𐓳', + '𐓌' => '𐓴', + '𐓍' => '𐓵', + '𐓎' => '𐓶', + '𐓏' => '𐓷', + '𐓐' => '𐓸', + '𐓑' => '𐓹', + '𐓒' => '𐓺', + '𐓓' => '𐓻', + '𐲀' => '𐳀', + '𐲁' => '𐳁', + '𐲂' => '𐳂', + '𐲃' => '𐳃', + '𐲄' => '𐳄', + '𐲅' => '𐳅', + '𐲆' => '𐳆', + '𐲇' => '𐳇', + '𐲈' => '𐳈', + '𐲉' => '𐳉', + '𐲊' => '𐳊', + '𐲋' => '𐳋', + '𐲌' => '𐳌', + '𐲍' => '𐳍', + '𐲎' => '𐳎', + '𐲏' => '𐳏', + '𐲐' => '𐳐', + '𐲑' => '𐳑', + '𐲒' => '𐳒', + '𐲓' => '𐳓', + '𐲔' => '𐳔', + '𐲕' => '𐳕', + '𐲖' => '𐳖', + '𐲗' => '𐳗', + '𐲘' => '𐳘', + '𐲙' => '𐳙', + '𐲚' => '𐳚', + '𐲛' => '𐳛', + '𐲜' => '𐳜', + '𐲝' => '𐳝', + '𐲞' => '𐳞', + '𐲟' => '𐳟', + '𐲠' => '𐳠', + '𐲡' => '𐳡', + '𐲢' => '𐳢', + '𐲣' => '𐳣', + '𐲤' => '𐳤', + '𐲥' => '𐳥', + '𐲦' => '𐳦', + '𐲧' => '𐳧', + '𐲨' => '𐳨', + '𐲩' => '𐳩', + '𐲪' => '𐳪', + '𐲫' => '𐳫', + '𐲬' => '𐳬', + '𐲭' => '𐳭', + '𐲮' => '𐳮', + '𐲯' => '𐳯', + '𐲰' => '𐳰', + '𐲱' => '𐳱', + '𐲲' => '𐳲', + '𑢠' => '𑣀', + '𑢡' => '𑣁', + '𑢢' => '𑣂', + '𑢣' => '𑣃', + '𑢤' => '𑣄', + '𑢥' => '𑣅', + '𑢦' => '𑣆', + '𑢧' => '𑣇', + '𑢨' => '𑣈', + '𑢩' => '𑣉', + '𑢪' => '𑣊', + '𑢫' => '𑣋', + '𑢬' => '𑣌', + '𑢭' => '𑣍', + '𑢮' => '𑣎', + '𑢯' => '𑣏', + '𑢰' => '𑣐', + '𑢱' => '𑣑', + '𑢲' => '𑣒', + '𑢳' => '𑣓', + '𑢴' => '𑣔', + '𑢵' => '𑣕', + '𑢶' => '𑣖', + '𑢷' => '𑣗', + '𑢸' => '𑣘', + '𑢹' => '𑣙', + '𑢺' => '𑣚', + '𑢻' => '𑣛', + '𑢼' => '𑣜', + '𑢽' => '𑣝', + '𑢾' => '𑣞', + '𑢿' => '𑣟', + '𖹀' => '𖹠', + '𖹁' => '𖹡', + '𖹂' => '𖹢', + '𖹃' => '𖹣', + '𖹄' => '𖹤', + '𖹅' => '𖹥', + '𖹆' => '𖹦', + '𖹇' => '𖹧', + '𖹈' => '𖹨', + '𖹉' => '𖹩', + '𖹊' => '𖹪', + '𖹋' => '𖹫', + '𖹌' => '𖹬', + '𖹍' => '𖹭', + '𖹎' => '𖹮', + '𖹏' => '𖹯', + '𖹐' => '𖹰', + '𖹑' => '𖹱', + '𖹒' => '𖹲', + '𖹓' => '𖹳', + '𖹔' => '𖹴', + '𖹕' => '𖹵', + '𖹖' => '𖹶', + '𖹗' => '𖹷', + '𖹘' => '𖹸', + '𖹙' => '𖹹', + '𖹚' => '𖹺', + '𖹛' => '𖹻', + '𖹜' => '𖹼', + '𖹝' => '𖹽', + '𖹞' => '𖹾', + '𖹟' => '𖹿', + '𞤀' => '𞤢', + '𞤁' => '𞤣', + '𞤂' => '𞤤', + '𞤃' => '𞤥', + '𞤄' => '𞤦', + '𞤅' => '𞤧', + '𞤆' => '𞤨', + '𞤇' => '𞤩', + '𞤈' => '𞤪', + '𞤉' => '𞤫', + '𞤊' => '𞤬', + '𞤋' => '𞤭', + '𞤌' => '𞤮', + '𞤍' => '𞤯', + '𞤎' => '𞤰', + '𞤏' => '𞤱', + '𞤐' => '𞤲', + '𞤑' => '𞤳', + '𞤒' => '𞤴', + '𞤓' => '𞤵', + '𞤔' => '𞤶', + '𞤕' => '𞤷', + '𞤖' => '𞤸', + '𞤗' => '𞤹', + '𞤘' => '𞤺', + '𞤙' => '𞤻', + '𞤚' => '𞤼', + '𞤛' => '𞤽', + '𞤜' => '𞤾', + '𞤝' => '𞤿', + '𞤞' => '𞥀', + '𞤟' => '𞥁', + '𞤠' => '𞥂', + '𞤡' => '𞥃', +); diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/titleCaseRegexp.php b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/titleCaseRegexp.php new file mode 100644 index 0000000..2a8f6e7 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/Resources/unidata/titleCaseRegexp.php @@ -0,0 +1,5 @@ + 'A', + 'b' => 'B', + 'c' => 'C', + 'd' => 'D', + 'e' => 'E', + 'f' => 'F', + 'g' => 'G', + 'h' => 'H', + 'i' => 'I', + 'j' => 'J', + 'k' => 'K', + 'l' => 'L', + 'm' => 'M', + 'n' => 'N', + 'o' => 'O', + 'p' => 'P', + 'q' => 'Q', + 'r' => 'R', + 's' => 'S', + 't' => 'T', + 'u' => 'U', + 'v' => 'V', + 'w' => 'W', + 'x' => 'X', + 'y' => 'Y', + 'z' => 'Z', + 'µ' => 'Μ', + 'à' => 'À', + 'á' => 'Á', + 'â' => 'Â', + 'ã' => 'Ã', + 'ä' => 'Ä', + 'å' => 'Å', + 'æ' => 'Æ', + 'ç' => 'Ç', + 'è' => 'È', + 'é' => 'É', + 'ê' => 'Ê', + 'ë' => 'Ë', + 'ì' => 'Ì', + 'í' => 'Í', + 'î' => 'Î', + 'ï' => 'Ï', + 'ð' => 'Ð', + 'ñ' => 'Ñ', + 'ò' => 'Ò', + 'ó' => 'Ó', + 'ô' => 'Ô', + 'õ' => 'Õ', + 'ö' => 'Ö', + 'ø' => 'Ø', + 'ù' => 'Ù', + 'ú' => 'Ú', + 'û' => 'Û', + 'ü' => 'Ü', + 'ý' => 'Ý', + 'þ' => 'Þ', + 'ÿ' => 'Ÿ', + 'ā' => 'Ā', + 'ă' => 'Ă', + 'ą' => 'Ą', + 'ć' => 'Ć', + 'ĉ' => 'Ĉ', + 'ċ' => 'Ċ', + 'č' => 'Č', + 'ď' => 'Ď', + 'đ' => 'Đ', + 'ē' => 'Ē', + 'ĕ' => 'Ĕ', + 'ė' => 'Ė', + 'ę' => 'Ę', + 'ě' => 'Ě', + 'ĝ' => 'Ĝ', + 'ğ' => 'Ğ', + 'ġ' => 'Ġ', + 'ģ' => 'Ģ', + 'ĥ' => 'Ĥ', + 'ħ' => 'Ħ', + 'ĩ' => 'Ĩ', + 'ī' => 'Ī', + 'ĭ' => 'Ĭ', + 'į' => 'Į', + 'ı' => 'I', + 'ij' => 'IJ', + 'ĵ' => 'Ĵ', + 'ķ' => 'Ķ', + 'ĺ' => 'Ĺ', + 'ļ' => 'Ļ', + 'ľ' => 'Ľ', + 'ŀ' => 'Ŀ', + 'ł' => 'Ł', + 'ń' => 'Ń', + 'ņ' => 'Ņ', + 'ň' => 'Ň', + 'ŋ' => 'Ŋ', + 'ō' => 'Ō', + 'ŏ' => 'Ŏ', + 'ő' => 'Ő', + 'œ' => 'Œ', + 'ŕ' => 'Ŕ', + 'ŗ' => 'Ŗ', + 'ř' => 'Ř', + 'ś' => 'Ś', + 'ŝ' => 'Ŝ', + 'ş' => 'Ş', + 'š' => 'Š', + 'ţ' => 'Ţ', + 'ť' => 'Ť', + 'ŧ' => 'Ŧ', + 'ũ' => 'Ũ', + 'ū' => 'Ū', + 'ŭ' => 'Ŭ', + 'ů' => 'Ů', + 'ű' => 'Ű', + 'ų' => 'Ų', + 'ŵ' => 'Ŵ', + 'ŷ' => 'Ŷ', + 'ź' => 'Ź', + 'ż' => 'Ż', + 'ž' => 'Ž', + 'ſ' => 'S', + 'ƀ' => 'Ƀ', + 'ƃ' => 'Ƃ', + 'ƅ' => 'Ƅ', + 'ƈ' => 'Ƈ', + 'ƌ' => 'Ƌ', + 'ƒ' => 'Ƒ', + 'ƕ' => 'Ƕ', + 'ƙ' => 'Ƙ', + 'ƚ' => 'Ƚ', + 'ƞ' => 'Ƞ', + 'ơ' => 'Ơ', + 'ƣ' => 'Ƣ', + 'ƥ' => 'Ƥ', + 'ƨ' => 'Ƨ', + 'ƭ' => 'Ƭ', + 'ư' => 'Ư', + 'ƴ' => 'Ƴ', + 'ƶ' => 'Ƶ', + 'ƹ' => 'Ƹ', + 'ƽ' => 'Ƽ', + 'ƿ' => 'Ƿ', + 'Dž' => 'DŽ', + 'dž' => 'DŽ', + 'Lj' => 'LJ', + 'lj' => 'LJ', + 'Nj' => 'NJ', + 'nj' => 'NJ', + 'ǎ' => 'Ǎ', + 'ǐ' => 'Ǐ', + 'ǒ' => 'Ǒ', + 'ǔ' => 'Ǔ', + 'ǖ' => 'Ǖ', + 'ǘ' => 'Ǘ', + 'ǚ' => 'Ǚ', + 'ǜ' => 'Ǜ', + 'ǝ' => 'Ǝ', + 'ǟ' => 'Ǟ', + 'ǡ' => 'Ǡ', + 'ǣ' => 'Ǣ', + 'ǥ' => 'Ǥ', + 'ǧ' => 'Ǧ', + 'ǩ' => 'Ǩ', + 'ǫ' => 'Ǫ', + 'ǭ' => 'Ǭ', + 'ǯ' => 'Ǯ', + 'Dz' => 'DZ', + 'dz' => 'DZ', + 'ǵ' => 'Ǵ', + 'ǹ' => 'Ǹ', + 'ǻ' => 'Ǻ', + 'ǽ' => 'Ǽ', + 'ǿ' => 'Ǿ', + 'ȁ' => 'Ȁ', + 'ȃ' => 'Ȃ', + 'ȅ' => 'Ȅ', + 'ȇ' => 'Ȇ', + 'ȉ' => 'Ȉ', + 'ȋ' => 'Ȋ', + 'ȍ' => 'Ȍ', + 'ȏ' => 'Ȏ', + 'ȑ' => 'Ȑ', + 'ȓ' => 'Ȓ', + 'ȕ' => 'Ȕ', + 'ȗ' => 'Ȗ', + 'ș' => 'Ș', + 'ț' => 'Ț', + 'ȝ' => 'Ȝ', + 'ȟ' => 'Ȟ', + 'ȣ' => 'Ȣ', + 'ȥ' => 'Ȥ', + 'ȧ' => 'Ȧ', + 'ȩ' => 'Ȩ', + 'ȫ' => 'Ȫ', + 'ȭ' => 'Ȭ', + 'ȯ' => 'Ȯ', + 'ȱ' => 'Ȱ', + 'ȳ' => 'Ȳ', + 'ȼ' => 'Ȼ', + 'ȿ' => 'Ȿ', + 'ɀ' => 'Ɀ', + 'ɂ' => 'Ɂ', + 'ɇ' => 'Ɇ', + 'ɉ' => 'Ɉ', + 'ɋ' => 'Ɋ', + 'ɍ' => 'Ɍ', + 'ɏ' => 'Ɏ', + 'ɐ' => 'Ɐ', + 'ɑ' => 'Ɑ', + 'ɒ' => 'Ɒ', + 'ɓ' => 'Ɓ', + 'ɔ' => 'Ɔ', + 'ɖ' => 'Ɖ', + 'ɗ' => 'Ɗ', + 'ə' => 'Ə', + 'ɛ' => 'Ɛ', + 'ɜ' => 'Ɜ', + 'ɠ' => 'Ɠ', + 'ɡ' => 'Ɡ', + 'ɣ' => 'Ɣ', + 'ɥ' => 'Ɥ', + 'ɦ' => 'Ɦ', + 'ɨ' => 'Ɨ', + 'ɩ' => 'Ɩ', + 'ɪ' => 'Ɪ', + 'ɫ' => 'Ɫ', + 'ɬ' => 'Ɬ', + 'ɯ' => 'Ɯ', + 'ɱ' => 'Ɱ', + 'ɲ' => 'Ɲ', + 'ɵ' => 'Ɵ', + 'ɽ' => 'Ɽ', + 'ʀ' => 'Ʀ', + 'ʂ' => 'Ʂ', + 'ʃ' => 'Ʃ', + 'ʇ' => 'Ʇ', + 'ʈ' => 'Ʈ', + 'ʉ' => 'Ʉ', + 'ʊ' => 'Ʊ', + 'ʋ' => 'Ʋ', + 'ʌ' => 'Ʌ', + 'ʒ' => 'Ʒ', + 'ʝ' => 'Ʝ', + 'ʞ' => 'Ʞ', + 'ͅ' => 'Ι', + 'ͱ' => 'Ͱ', + 'ͳ' => 'Ͳ', + 'ͷ' => 'Ͷ', + 'ͻ' => 'Ͻ', + 'ͼ' => 'Ͼ', + 'ͽ' => 'Ͽ', + 'ά' => 'Ά', + 'έ' => 'Έ', + 'ή' => 'Ή', + 'ί' => 'Ί', + 'α' => 'Α', + 'β' => 'Β', + 'γ' => 'Γ', + 'δ' => 'Δ', + 'ε' => 'Ε', + 'ζ' => 'Ζ', + 'η' => 'Η', + 'θ' => 'Θ', + 'ι' => 'Ι', + 'κ' => 'Κ', + 'λ' => 'Λ', + 'μ' => 'Μ', + 'ν' => 'Ν', + 'ξ' => 'Ξ', + 'ο' => 'Ο', + 'π' => 'Π', + 'ρ' => 'Ρ', + 'ς' => 'Σ', + 'σ' => 'Σ', + 'τ' => 'Τ', + 'υ' => 'Υ', + 'φ' => 'Φ', + 'χ' => 'Χ', + 'ψ' => 'Ψ', + 'ω' => 'Ω', + 'ϊ' => 'Ϊ', + 'ϋ' => 'Ϋ', + 'ό' => 'Ό', + 'ύ' => 'Ύ', + 'ώ' => 'Ώ', + 'ϐ' => 'Β', + 'ϑ' => 'Θ', + 'ϕ' => 'Φ', + 'ϖ' => 'Π', + 'ϗ' => 'Ϗ', + 'ϙ' => 'Ϙ', + 'ϛ' => 'Ϛ', + 'ϝ' => 'Ϝ', + 'ϟ' => 'Ϟ', + 'ϡ' => 'Ϡ', + 'ϣ' => 'Ϣ', + 'ϥ' => 'Ϥ', + 'ϧ' => 'Ϧ', + 'ϩ' => 'Ϩ', + 'ϫ' => 'Ϫ', + 'ϭ' => 'Ϭ', + 'ϯ' => 'Ϯ', + 'ϰ' => 'Κ', + 'ϱ' => 'Ρ', + 'ϲ' => 'Ϲ', + 'ϳ' => 'Ϳ', + 'ϵ' => 'Ε', + 'ϸ' => 'Ϸ', + 'ϻ' => 'Ϻ', + 'а' => 'А', + 'б' => 'Б', + 'в' => 'В', + 'г' => 'Г', + 'д' => 'Д', + 'е' => 'Е', + 'ж' => 'Ж', + 'з' => 'З', + 'и' => 'И', + 'й' => 'Й', + 'к' => 'К', + 'л' => 'Л', + 'м' => 'М', + 'н' => 'Н', + 'о' => 'О', + 'п' => 'П', + 'р' => 'Р', + 'с' => 'С', + 'т' => 'Т', + 'у' => 'У', + 'ф' => 'Ф', + 'х' => 'Х', + 'ц' => 'Ц', + 'ч' => 'Ч', + 'ш' => 'Ш', + 'щ' => 'Щ', + 'ъ' => 'Ъ', + 'ы' => 'Ы', + 'ь' => 'Ь', + 'э' => 'Э', + 'ю' => 'Ю', + 'я' => 'Я', + 'ѐ' => 'Ѐ', + 'ё' => 'Ё', + 'ђ' => 'Ђ', + 'ѓ' => 'Ѓ', + 'є' => 'Є', + 'ѕ' => 'Ѕ', + 'і' => 'І', + 'ї' => 'Ї', + 'ј' => 'Ј', + 'љ' => 'Љ', + 'њ' => 'Њ', + 'ћ' => 'Ћ', + 'ќ' => 'Ќ', + 'ѝ' => 'Ѝ', + 'ў' => 'Ў', + 'џ' => 'Џ', + 'ѡ' => 'Ѡ', + 'ѣ' => 'Ѣ', + 'ѥ' => 'Ѥ', + 'ѧ' => 'Ѧ', + 'ѩ' => 'Ѩ', + 'ѫ' => 'Ѫ', + 'ѭ' => 'Ѭ', + 'ѯ' => 'Ѯ', + 'ѱ' => 'Ѱ', + 'ѳ' => 'Ѳ', + 'ѵ' => 'Ѵ', + 'ѷ' => 'Ѷ', + 'ѹ' => 'Ѹ', + 'ѻ' => 'Ѻ', + 'ѽ' => 'Ѽ', + 'ѿ' => 'Ѿ', + 'ҁ' => 'Ҁ', + 'ҋ' => 'Ҋ', + 'ҍ' => 'Ҍ', + 'ҏ' => 'Ҏ', + 'ґ' => 'Ґ', + 'ғ' => 'Ғ', + 'ҕ' => 'Ҕ', + 'җ' => 'Җ', + 'ҙ' => 'Ҙ', + 'қ' => 'Қ', + 'ҝ' => 'Ҝ', + 'ҟ' => 'Ҟ', + 'ҡ' => 'Ҡ', + 'ң' => 'Ң', + 'ҥ' => 'Ҥ', + 'ҧ' => 'Ҧ', + 'ҩ' => 'Ҩ', + 'ҫ' => 'Ҫ', + 'ҭ' => 'Ҭ', + 'ү' => 'Ү', + 'ұ' => 'Ұ', + 'ҳ' => 'Ҳ', + 'ҵ' => 'Ҵ', + 'ҷ' => 'Ҷ', + 'ҹ' => 'Ҹ', + 'һ' => 'Һ', + 'ҽ' => 'Ҽ', + 'ҿ' => 'Ҿ', + 'ӂ' => 'Ӂ', + 'ӄ' => 'Ӄ', + 'ӆ' => 'Ӆ', + 'ӈ' => 'Ӈ', + 'ӊ' => 'Ӊ', + 'ӌ' => 'Ӌ', + 'ӎ' => 'Ӎ', + 'ӏ' => 'Ӏ', + 'ӑ' => 'Ӑ', + 'ӓ' => 'Ӓ', + 'ӕ' => 'Ӕ', + 'ӗ' => 'Ӗ', + 'ә' => 'Ә', + 'ӛ' => 'Ӛ', + 'ӝ' => 'Ӝ', + 'ӟ' => 'Ӟ', + 'ӡ' => 'Ӡ', + 'ӣ' => 'Ӣ', + 'ӥ' => 'Ӥ', + 'ӧ' => 'Ӧ', + 'ө' => 'Ө', + 'ӫ' => 'Ӫ', + 'ӭ' => 'Ӭ', + 'ӯ' => 'Ӯ', + 'ӱ' => 'Ӱ', + 'ӳ' => 'Ӳ', + 'ӵ' => 'Ӵ', + 'ӷ' => 'Ӷ', + 'ӹ' => 'Ӹ', + 'ӻ' => 'Ӻ', + 'ӽ' => 'Ӽ', + 'ӿ' => 'Ӿ', + 'ԁ' => 'Ԁ', + 'ԃ' => 'Ԃ', + 'ԅ' => 'Ԅ', + 'ԇ' => 'Ԇ', + 'ԉ' => 'Ԉ', + 'ԋ' => 'Ԋ', + 'ԍ' => 'Ԍ', + 'ԏ' => 'Ԏ', + 'ԑ' => 'Ԑ', + 'ԓ' => 'Ԓ', + 'ԕ' => 'Ԕ', + 'ԗ' => 'Ԗ', + 'ԙ' => 'Ԙ', + 'ԛ' => 'Ԛ', + 'ԝ' => 'Ԝ', + 'ԟ' => 'Ԟ', + 'ԡ' => 'Ԡ', + 'ԣ' => 'Ԣ', + 'ԥ' => 'Ԥ', + 'ԧ' => 'Ԧ', + 'ԩ' => 'Ԩ', + 'ԫ' => 'Ԫ', + 'ԭ' => 'Ԭ', + 'ԯ' => 'Ԯ', + 'ա' => 'Ա', + 'բ' => 'Բ', + 'գ' => 'Գ', + 'դ' => 'Դ', + 'ե' => 'Ե', + 'զ' => 'Զ', + 'է' => 'Է', + 'ը' => 'Ը', + 'թ' => 'Թ', + 'ժ' => 'Ժ', + 'ի' => 'Ի', + 'լ' => 'Լ', + 'խ' => 'Խ', + 'ծ' => 'Ծ', + 'կ' => 'Կ', + 'հ' => 'Հ', + 'ձ' => 'Ձ', + 'ղ' => 'Ղ', + 'ճ' => 'Ճ', + 'մ' => 'Մ', + 'յ' => 'Յ', + 'ն' => 'Ն', + 'շ' => 'Շ', + 'ո' => 'Ո', + 'չ' => 'Չ', + 'պ' => 'Պ', + 'ջ' => 'Ջ', + 'ռ' => 'Ռ', + 'ս' => 'Ս', + 'վ' => 'Վ', + 'տ' => 'Տ', + 'ր' => 'Ր', + 'ց' => 'Ց', + 'ւ' => 'Ւ', + 'փ' => 'Փ', + 'ք' => 'Ք', + 'օ' => 'Օ', + 'ֆ' => 'Ֆ', + 'ა' => 'Ა', + 'ბ' => 'Ბ', + 'გ' => 'Გ', + 'დ' => 'Დ', + 'ე' => 'Ე', + 'ვ' => 'Ვ', + 'ზ' => 'Ზ', + 'თ' => 'Თ', + 'ი' => 'Ი', + 'კ' => 'Კ', + 'ლ' => 'Ლ', + 'მ' => 'Მ', + 'ნ' => 'Ნ', + 'ო' => 'Ო', + 'პ' => 'Პ', + 'ჟ' => 'Ჟ', + 'რ' => 'Რ', + 'ს' => 'Ს', + 'ტ' => 'Ტ', + 'უ' => 'Უ', + 'ფ' => 'Ფ', + 'ქ' => 'Ქ', + 'ღ' => 'Ღ', + 'ყ' => 'Ყ', + 'შ' => 'Შ', + 'ჩ' => 'Ჩ', + 'ც' => 'Ც', + 'ძ' => 'Ძ', + 'წ' => 'Წ', + 'ჭ' => 'Ჭ', + 'ხ' => 'Ხ', + 'ჯ' => 'Ჯ', + 'ჰ' => 'Ჰ', + 'ჱ' => 'Ჱ', + 'ჲ' => 'Ჲ', + 'ჳ' => 'Ჳ', + 'ჴ' => 'Ჴ', + 'ჵ' => 'Ჵ', + 'ჶ' => 'Ჶ', + 'ჷ' => 'Ჷ', + 'ჸ' => 'Ჸ', + 'ჹ' => 'Ჹ', + 'ჺ' => 'Ჺ', + 'ჽ' => 'Ჽ', + 'ჾ' => 'Ჾ', + 'ჿ' => 'Ჿ', + 'ᏸ' => 'Ᏸ', + 'ᏹ' => 'Ᏹ', + 'ᏺ' => 'Ᏺ', + 'ᏻ' => 'Ᏻ', + 'ᏼ' => 'Ᏼ', + 'ᏽ' => 'Ᏽ', + 'ᲀ' => 'В', + 'ᲁ' => 'Д', + 'ᲂ' => 'О', + 'ᲃ' => 'С', + 'ᲄ' => 'Т', + 'ᲅ' => 'Т', + 'ᲆ' => 'Ъ', + 'ᲇ' => 'Ѣ', + 'ᲈ' => 'Ꙋ', + 'ᵹ' => 'Ᵹ', + 'ᵽ' => 'Ᵽ', + 'ᶎ' => 'Ᶎ', + 'ḁ' => 'Ḁ', + 'ḃ' => 'Ḃ', + 'ḅ' => 'Ḅ', + 'ḇ' => 'Ḇ', + 'ḉ' => 'Ḉ', + 'ḋ' => 'Ḋ', + 'ḍ' => 'Ḍ', + 'ḏ' => 'Ḏ', + 'ḑ' => 'Ḑ', + 'ḓ' => 'Ḓ', + 'ḕ' => 'Ḕ', + 'ḗ' => 'Ḗ', + 'ḙ' => 'Ḙ', + 'ḛ' => 'Ḛ', + 'ḝ' => 'Ḝ', + 'ḟ' => 'Ḟ', + 'ḡ' => 'Ḡ', + 'ḣ' => 'Ḣ', + 'ḥ' => 'Ḥ', + 'ḧ' => 'Ḧ', + 'ḩ' => 'Ḩ', + 'ḫ' => 'Ḫ', + 'ḭ' => 'Ḭ', + 'ḯ' => 'Ḯ', + 'ḱ' => 'Ḱ', + 'ḳ' => 'Ḳ', + 'ḵ' => 'Ḵ', + 'ḷ' => 'Ḷ', + 'ḹ' => 'Ḹ', + 'ḻ' => 'Ḻ', + 'ḽ' => 'Ḽ', + 'ḿ' => 'Ḿ', + 'ṁ' => 'Ṁ', + 'ṃ' => 'Ṃ', + 'ṅ' => 'Ṅ', + 'ṇ' => 'Ṇ', + 'ṉ' => 'Ṉ', + 'ṋ' => 'Ṋ', + 'ṍ' => 'Ṍ', + 'ṏ' => 'Ṏ', + 'ṑ' => 'Ṑ', + 'ṓ' => 'Ṓ', + 'ṕ' => 'Ṕ', + 'ṗ' => 'Ṗ', + 'ṙ' => 'Ṙ', + 'ṛ' => 'Ṛ', + 'ṝ' => 'Ṝ', + 'ṟ' => 'Ṟ', + 'ṡ' => 'Ṡ', + 'ṣ' => 'Ṣ', + 'ṥ' => 'Ṥ', + 'ṧ' => 'Ṧ', + 'ṩ' => 'Ṩ', + 'ṫ' => 'Ṫ', + 'ṭ' => 'Ṭ', + 'ṯ' => 'Ṯ', + 'ṱ' => 'Ṱ', + 'ṳ' => 'Ṳ', + 'ṵ' => 'Ṵ', + 'ṷ' => 'Ṷ', + 'ṹ' => 'Ṹ', + 'ṻ' => 'Ṻ', + 'ṽ' => 'Ṽ', + 'ṿ' => 'Ṿ', + 'ẁ' => 'Ẁ', + 'ẃ' => 'Ẃ', + 'ẅ' => 'Ẅ', + 'ẇ' => 'Ẇ', + 'ẉ' => 'Ẉ', + 'ẋ' => 'Ẋ', + 'ẍ' => 'Ẍ', + 'ẏ' => 'Ẏ', + 'ẑ' => 'Ẑ', + 'ẓ' => 'Ẓ', + 'ẕ' => 'Ẕ', + 'ẛ' => 'Ṡ', + 'ạ' => 'Ạ', + 'ả' => 'Ả', + 'ấ' => 'Ấ', + 'ầ' => 'Ầ', + 'ẩ' => 'Ẩ', + 'ẫ' => 'Ẫ', + 'ậ' => 'Ậ', + 'ắ' => 'Ắ', + 'ằ' => 'Ằ', + 'ẳ' => 'Ẳ', + 'ẵ' => 'Ẵ', + 'ặ' => 'Ặ', + 'ẹ' => 'Ẹ', + 'ẻ' => 'Ẻ', + 'ẽ' => 'Ẽ', + 'ế' => 'Ế', + 'ề' => 'Ề', + 'ể' => 'Ể', + 'ễ' => 'Ễ', + 'ệ' => 'Ệ', + 'ỉ' => 'Ỉ', + 'ị' => 'Ị', + 'ọ' => 'Ọ', + 'ỏ' => 'Ỏ', + 'ố' => 'Ố', + 'ồ' => 'Ồ', + 'ổ' => 'Ổ', + 'ỗ' => 'Ỗ', + 'ộ' => 'Ộ', + 'ớ' => 'Ớ', + 'ờ' => 'Ờ', + 'ở' => 'Ở', + 'ỡ' => 'Ỡ', + 'ợ' => 'Ợ', + 'ụ' => 'Ụ', + 'ủ' => 'Ủ', + 'ứ' => 'Ứ', + 'ừ' => 'Ừ', + 'ử' => 'Ử', + 'ữ' => 'Ữ', + 'ự' => 'Ự', + 'ỳ' => 'Ỳ', + 'ỵ' => 'Ỵ', + 'ỷ' => 'Ỷ', + 'ỹ' => 'Ỹ', + 'ỻ' => 'Ỻ', + 'ỽ' => 'Ỽ', + 'ỿ' => 'Ỿ', + 'ἀ' => 'Ἀ', + 'ἁ' => 'Ἁ', + 'ἂ' => 'Ἂ', + 'ἃ' => 'Ἃ', + 'ἄ' => 'Ἄ', + 'ἅ' => 'Ἅ', + 'ἆ' => 'Ἆ', + 'ἇ' => 'Ἇ', + 'ἐ' => 'Ἐ', + 'ἑ' => 'Ἑ', + 'ἒ' => 'Ἒ', + 'ἓ' => 'Ἓ', + 'ἔ' => 'Ἔ', + 'ἕ' => 'Ἕ', + 'ἠ' => 'Ἠ', + 'ἡ' => 'Ἡ', + 'ἢ' => 'Ἢ', + 'ἣ' => 'Ἣ', + 'ἤ' => 'Ἤ', + 'ἥ' => 'Ἥ', + 'ἦ' => 'Ἦ', + 'ἧ' => 'Ἧ', + 'ἰ' => 'Ἰ', + 'ἱ' => 'Ἱ', + 'ἲ' => 'Ἲ', + 'ἳ' => 'Ἳ', + 'ἴ' => 'Ἴ', + 'ἵ' => 'Ἵ', + 'ἶ' => 'Ἶ', + 'ἷ' => 'Ἷ', + 'ὀ' => 'Ὀ', + 'ὁ' => 'Ὁ', + 'ὂ' => 'Ὂ', + 'ὃ' => 'Ὃ', + 'ὄ' => 'Ὄ', + 'ὅ' => 'Ὅ', + 'ὑ' => 'Ὑ', + 'ὓ' => 'Ὓ', + 'ὕ' => 'Ὕ', + 'ὗ' => 'Ὗ', + 'ὠ' => 'Ὠ', + 'ὡ' => 'Ὡ', + 'ὢ' => 'Ὢ', + 'ὣ' => 'Ὣ', + 'ὤ' => 'Ὤ', + 'ὥ' => 'Ὥ', + 'ὦ' => 'Ὦ', + 'ὧ' => 'Ὧ', + 'ὰ' => 'Ὰ', + 'ά' => 'Ά', + 'ὲ' => 'Ὲ', + 'έ' => 'Έ', + 'ὴ' => 'Ὴ', + 'ή' => 'Ή', + 'ὶ' => 'Ὶ', + 'ί' => 'Ί', + 'ὸ' => 'Ὸ', + 'ό' => 'Ό', + 'ὺ' => 'Ὺ', + 'ύ' => 'Ύ', + 'ὼ' => 'Ὼ', + 'ώ' => 'Ώ', + 'ᾀ' => 'ἈΙ', + 'ᾁ' => 'ἉΙ', + 'ᾂ' => 'ἊΙ', + 'ᾃ' => 'ἋΙ', + 'ᾄ' => 'ἌΙ', + 'ᾅ' => 'ἍΙ', + 'ᾆ' => 'ἎΙ', + 'ᾇ' => 'ἏΙ', + 'ᾐ' => 'ἨΙ', + 'ᾑ' => 'ἩΙ', + 'ᾒ' => 'ἪΙ', + 'ᾓ' => 'ἫΙ', + 'ᾔ' => 'ἬΙ', + 'ᾕ' => 'ἭΙ', + 'ᾖ' => 'ἮΙ', + 'ᾗ' => 'ἯΙ', + 'ᾠ' => 'ὨΙ', + 'ᾡ' => 'ὩΙ', + 'ᾢ' => 'ὪΙ', + 'ᾣ' => 'ὫΙ', + 'ᾤ' => 'ὬΙ', + 'ᾥ' => 'ὭΙ', + 'ᾦ' => 'ὮΙ', + 'ᾧ' => 'ὯΙ', + 'ᾰ' => 'Ᾰ', + 'ᾱ' => 'Ᾱ', + 'ᾳ' => 'ΑΙ', + 'ι' => 'Ι', + 'ῃ' => 'ΗΙ', + 'ῐ' => 'Ῐ', + 'ῑ' => 'Ῑ', + 'ῠ' => 'Ῠ', + 'ῡ' => 'Ῡ', + 'ῥ' => 'Ῥ', + 'ῳ' => 'ΩΙ', + 'ⅎ' => 'Ⅎ', + 'ⅰ' => 'Ⅰ', + 'ⅱ' => 'Ⅱ', + 'ⅲ' => 'Ⅲ', + 'ⅳ' => 'Ⅳ', + 'ⅴ' => 'Ⅴ', + 'ⅵ' => 'Ⅵ', + 'ⅶ' => 'Ⅶ', + 'ⅷ' => 'Ⅷ', + 'ⅸ' => 'Ⅸ', + 'ⅹ' => 'Ⅹ', + 'ⅺ' => 'Ⅺ', + 'ⅻ' => 'Ⅻ', + 'ⅼ' => 'Ⅼ', + 'ⅽ' => 'Ⅽ', + 'ⅾ' => 'Ⅾ', + 'ⅿ' => 'Ⅿ', + 'ↄ' => 'Ↄ', + 'ⓐ' => 'Ⓐ', + 'ⓑ' => 'Ⓑ', + 'ⓒ' => 'Ⓒ', + 'ⓓ' => 'Ⓓ', + 'ⓔ' => 'Ⓔ', + 'ⓕ' => 'Ⓕ', + 'ⓖ' => 'Ⓖ', + 'ⓗ' => 'Ⓗ', + 'ⓘ' => 'Ⓘ', + 'ⓙ' => 'Ⓙ', + 'ⓚ' => 'Ⓚ', + 'ⓛ' => 'Ⓛ', + 'ⓜ' => 'Ⓜ', + 'ⓝ' => 'Ⓝ', + 'ⓞ' => 'Ⓞ', + 'ⓟ' => 'Ⓟ', + 'ⓠ' => 'Ⓠ', + 'ⓡ' => 'Ⓡ', + 'ⓢ' => 'Ⓢ', + 'ⓣ' => 'Ⓣ', + 'ⓤ' => 'Ⓤ', + 'ⓥ' => 'Ⓥ', + 'ⓦ' => 'Ⓦ', + 'ⓧ' => 'Ⓧ', + 'ⓨ' => 'Ⓨ', + 'ⓩ' => 'Ⓩ', + 'ⰰ' => 'Ⰰ', + 'ⰱ' => 'Ⰱ', + 'ⰲ' => 'Ⰲ', + 'ⰳ' => 'Ⰳ', + 'ⰴ' => 'Ⰴ', + 'ⰵ' => 'Ⰵ', + 'ⰶ' => 'Ⰶ', + 'ⰷ' => 'Ⰷ', + 'ⰸ' => 'Ⰸ', + 'ⰹ' => 'Ⰹ', + 'ⰺ' => 'Ⰺ', + 'ⰻ' => 'Ⰻ', + 'ⰼ' => 'Ⰼ', + 'ⰽ' => 'Ⰽ', + 'ⰾ' => 'Ⰾ', + 'ⰿ' => 'Ⰿ', + 'ⱀ' => 'Ⱀ', + 'ⱁ' => 'Ⱁ', + 'ⱂ' => 'Ⱂ', + 'ⱃ' => 'Ⱃ', + 'ⱄ' => 'Ⱄ', + 'ⱅ' => 'Ⱅ', + 'ⱆ' => 'Ⱆ', + 'ⱇ' => 'Ⱇ', + 'ⱈ' => 'Ⱈ', + 'ⱉ' => 'Ⱉ', + 'ⱊ' => 'Ⱊ', + 'ⱋ' => 'Ⱋ', + 'ⱌ' => 'Ⱌ', + 'ⱍ' => 'Ⱍ', + 'ⱎ' => 'Ⱎ', + 'ⱏ' => 'Ⱏ', + 'ⱐ' => 'Ⱐ', + 'ⱑ' => 'Ⱑ', + 'ⱒ' => 'Ⱒ', + 'ⱓ' => 'Ⱓ', + 'ⱔ' => 'Ⱔ', + 'ⱕ' => 'Ⱕ', + 'ⱖ' => 'Ⱖ', + 'ⱗ' => 'Ⱗ', + 'ⱘ' => 'Ⱘ', + 'ⱙ' => 'Ⱙ', + 'ⱚ' => 'Ⱚ', + 'ⱛ' => 'Ⱛ', + 'ⱜ' => 'Ⱜ', + 'ⱝ' => 'Ⱝ', + 'ⱞ' => 'Ⱞ', + 'ⱡ' => 'Ⱡ', + 'ⱥ' => 'Ⱥ', + 'ⱦ' => 'Ⱦ', + 'ⱨ' => 'Ⱨ', + 'ⱪ' => 'Ⱪ', + 'ⱬ' => 'Ⱬ', + 'ⱳ' => 'Ⱳ', + 'ⱶ' => 'Ⱶ', + 'ⲁ' => 'Ⲁ', + 'ⲃ' => 'Ⲃ', + 'ⲅ' => 'Ⲅ', + 'ⲇ' => 'Ⲇ', + 'ⲉ' => 'Ⲉ', + 'ⲋ' => 'Ⲋ', + 'ⲍ' => 'Ⲍ', + 'ⲏ' => 'Ⲏ', + 'ⲑ' => 'Ⲑ', + 'ⲓ' => 'Ⲓ', + 'ⲕ' => 'Ⲕ', + 'ⲗ' => 'Ⲗ', + 'ⲙ' => 'Ⲙ', + 'ⲛ' => 'Ⲛ', + 'ⲝ' => 'Ⲝ', + 'ⲟ' => 'Ⲟ', + 'ⲡ' => 'Ⲡ', + 'ⲣ' => 'Ⲣ', + 'ⲥ' => 'Ⲥ', + 'ⲧ' => 'Ⲧ', + 'ⲩ' => 'Ⲩ', + 'ⲫ' => 'Ⲫ', + 'ⲭ' => 'Ⲭ', + 'ⲯ' => 'Ⲯ', + 'ⲱ' => 'Ⲱ', + 'ⲳ' => 'Ⲳ', + 'ⲵ' => 'Ⲵ', + 'ⲷ' => 'Ⲷ', + 'ⲹ' => 'Ⲹ', + 'ⲻ' => 'Ⲻ', + 'ⲽ' => 'Ⲽ', + 'ⲿ' => 'Ⲿ', + 'ⳁ' => 'Ⳁ', + 'ⳃ' => 'Ⳃ', + 'ⳅ' => 'Ⳅ', + 'ⳇ' => 'Ⳇ', + 'ⳉ' => 'Ⳉ', + 'ⳋ' => 'Ⳋ', + 'ⳍ' => 'Ⳍ', + 'ⳏ' => 'Ⳏ', + 'ⳑ' => 'Ⳑ', + 'ⳓ' => 'Ⳓ', + 'ⳕ' => 'Ⳕ', + 'ⳗ' => 'Ⳗ', + 'ⳙ' => 'Ⳙ', + 'ⳛ' => 'Ⳛ', + 'ⳝ' => 'Ⳝ', + 'ⳟ' => 'Ⳟ', + 'ⳡ' => 'Ⳡ', + 'ⳣ' => 'Ⳣ', + 'ⳬ' => 'Ⳬ', + 'ⳮ' => 'Ⳮ', + 'ⳳ' => 'Ⳳ', + 'ⴀ' => 'Ⴀ', + 'ⴁ' => 'Ⴁ', + 'ⴂ' => 'Ⴂ', + 'ⴃ' => 'Ⴃ', + 'ⴄ' => 'Ⴄ', + 'ⴅ' => 'Ⴅ', + 'ⴆ' => 'Ⴆ', + 'ⴇ' => 'Ⴇ', + 'ⴈ' => 'Ⴈ', + 'ⴉ' => 'Ⴉ', + 'ⴊ' => 'Ⴊ', + 'ⴋ' => 'Ⴋ', + 'ⴌ' => 'Ⴌ', + 'ⴍ' => 'Ⴍ', + 'ⴎ' => 'Ⴎ', + 'ⴏ' => 'Ⴏ', + 'ⴐ' => 'Ⴐ', + 'ⴑ' => 'Ⴑ', + 'ⴒ' => 'Ⴒ', + 'ⴓ' => 'Ⴓ', + 'ⴔ' => 'Ⴔ', + 'ⴕ' => 'Ⴕ', + 'ⴖ' => 'Ⴖ', + 'ⴗ' => 'Ⴗ', + 'ⴘ' => 'Ⴘ', + 'ⴙ' => 'Ⴙ', + 'ⴚ' => 'Ⴚ', + 'ⴛ' => 'Ⴛ', + 'ⴜ' => 'Ⴜ', + 'ⴝ' => 'Ⴝ', + 'ⴞ' => 'Ⴞ', + 'ⴟ' => 'Ⴟ', + 'ⴠ' => 'Ⴠ', + 'ⴡ' => 'Ⴡ', + 'ⴢ' => 'Ⴢ', + 'ⴣ' => 'Ⴣ', + 'ⴤ' => 'Ⴤ', + 'ⴥ' => 'Ⴥ', + 'ⴧ' => 'Ⴧ', + 'ⴭ' => 'Ⴭ', + 'ꙁ' => 'Ꙁ', + 'ꙃ' => 'Ꙃ', + 'ꙅ' => 'Ꙅ', + 'ꙇ' => 'Ꙇ', + 'ꙉ' => 'Ꙉ', + 'ꙋ' => 'Ꙋ', + 'ꙍ' => 'Ꙍ', + 'ꙏ' => 'Ꙏ', + 'ꙑ' => 'Ꙑ', + 'ꙓ' => 'Ꙓ', + 'ꙕ' => 'Ꙕ', + 'ꙗ' => 'Ꙗ', + 'ꙙ' => 'Ꙙ', + 'ꙛ' => 'Ꙛ', + 'ꙝ' => 'Ꙝ', + 'ꙟ' => 'Ꙟ', + 'ꙡ' => 'Ꙡ', + 'ꙣ' => 'Ꙣ', + 'ꙥ' => 'Ꙥ', + 'ꙧ' => 'Ꙧ', + 'ꙩ' => 'Ꙩ', + 'ꙫ' => 'Ꙫ', + 'ꙭ' => 'Ꙭ', + 'ꚁ' => 'Ꚁ', + 'ꚃ' => 'Ꚃ', + 'ꚅ' => 'Ꚅ', + 'ꚇ' => 'Ꚇ', + 'ꚉ' => 'Ꚉ', + 'ꚋ' => 'Ꚋ', + 'ꚍ' => 'Ꚍ', + 'ꚏ' => 'Ꚏ', + 'ꚑ' => 'Ꚑ', + 'ꚓ' => 'Ꚓ', + 'ꚕ' => 'Ꚕ', + 'ꚗ' => 'Ꚗ', + 'ꚙ' => 'Ꚙ', + 'ꚛ' => 'Ꚛ', + 'ꜣ' => 'Ꜣ', + 'ꜥ' => 'Ꜥ', + 'ꜧ' => 'Ꜧ', + 'ꜩ' => 'Ꜩ', + 'ꜫ' => 'Ꜫ', + 'ꜭ' => 'Ꜭ', + 'ꜯ' => 'Ꜯ', + 'ꜳ' => 'Ꜳ', + 'ꜵ' => 'Ꜵ', + 'ꜷ' => 'Ꜷ', + 'ꜹ' => 'Ꜹ', + 'ꜻ' => 'Ꜻ', + 'ꜽ' => 'Ꜽ', + 'ꜿ' => 'Ꜿ', + 'ꝁ' => 'Ꝁ', + 'ꝃ' => 'Ꝃ', + 'ꝅ' => 'Ꝅ', + 'ꝇ' => 'Ꝇ', + 'ꝉ' => 'Ꝉ', + 'ꝋ' => 'Ꝋ', + 'ꝍ' => 'Ꝍ', + 'ꝏ' => 'Ꝏ', + 'ꝑ' => 'Ꝑ', + 'ꝓ' => 'Ꝓ', + 'ꝕ' => 'Ꝕ', + 'ꝗ' => 'Ꝗ', + 'ꝙ' => 'Ꝙ', + 'ꝛ' => 'Ꝛ', + 'ꝝ' => 'Ꝝ', + 'ꝟ' => 'Ꝟ', + 'ꝡ' => 'Ꝡ', + 'ꝣ' => 'Ꝣ', + 'ꝥ' => 'Ꝥ', + 'ꝧ' => 'Ꝧ', + 'ꝩ' => 'Ꝩ', + 'ꝫ' => 'Ꝫ', + 'ꝭ' => 'Ꝭ', + 'ꝯ' => 'Ꝯ', + 'ꝺ' => 'Ꝺ', + 'ꝼ' => 'Ꝼ', + 'ꝿ' => 'Ꝿ', + 'ꞁ' => 'Ꞁ', + 'ꞃ' => 'Ꞃ', + 'ꞅ' => 'Ꞅ', + 'ꞇ' => 'Ꞇ', + 'ꞌ' => 'Ꞌ', + 'ꞑ' => 'Ꞑ', + 'ꞓ' => 'Ꞓ', + 'ꞔ' => 'Ꞔ', + 'ꞗ' => 'Ꞗ', + 'ꞙ' => 'Ꞙ', + 'ꞛ' => 'Ꞛ', + 'ꞝ' => 'Ꞝ', + 'ꞟ' => 'Ꞟ', + 'ꞡ' => 'Ꞡ', + 'ꞣ' => 'Ꞣ', + 'ꞥ' => 'Ꞥ', + 'ꞧ' => 'Ꞧ', + 'ꞩ' => 'Ꞩ', + 'ꞵ' => 'Ꞵ', + 'ꞷ' => 'Ꞷ', + 'ꞹ' => 'Ꞹ', + 'ꞻ' => 'Ꞻ', + 'ꞽ' => 'Ꞽ', + 'ꞿ' => 'Ꞿ', + 'ꟃ' => 'Ꟃ', + 'ꟈ' => 'Ꟈ', + 'ꟊ' => 'Ꟊ', + 'ꟶ' => 'Ꟶ', + 'ꭓ' => 'Ꭓ', + 'ꭰ' => 'Ꭰ', + 'ꭱ' => 'Ꭱ', + 'ꭲ' => 'Ꭲ', + 'ꭳ' => 'Ꭳ', + 'ꭴ' => 'Ꭴ', + 'ꭵ' => 'Ꭵ', + 'ꭶ' => 'Ꭶ', + 'ꭷ' => 'Ꭷ', + 'ꭸ' => 'Ꭸ', + 'ꭹ' => 'Ꭹ', + 'ꭺ' => 'Ꭺ', + 'ꭻ' => 'Ꭻ', + 'ꭼ' => 'Ꭼ', + 'ꭽ' => 'Ꭽ', + 'ꭾ' => 'Ꭾ', + 'ꭿ' => 'Ꭿ', + 'ꮀ' => 'Ꮀ', + 'ꮁ' => 'Ꮁ', + 'ꮂ' => 'Ꮂ', + 'ꮃ' => 'Ꮃ', + 'ꮄ' => 'Ꮄ', + 'ꮅ' => 'Ꮅ', + 'ꮆ' => 'Ꮆ', + 'ꮇ' => 'Ꮇ', + 'ꮈ' => 'Ꮈ', + 'ꮉ' => 'Ꮉ', + 'ꮊ' => 'Ꮊ', + 'ꮋ' => 'Ꮋ', + 'ꮌ' => 'Ꮌ', + 'ꮍ' => 'Ꮍ', + 'ꮎ' => 'Ꮎ', + 'ꮏ' => 'Ꮏ', + 'ꮐ' => 'Ꮐ', + 'ꮑ' => 'Ꮑ', + 'ꮒ' => 'Ꮒ', + 'ꮓ' => 'Ꮓ', + 'ꮔ' => 'Ꮔ', + 'ꮕ' => 'Ꮕ', + 'ꮖ' => 'Ꮖ', + 'ꮗ' => 'Ꮗ', + 'ꮘ' => 'Ꮘ', + 'ꮙ' => 'Ꮙ', + 'ꮚ' => 'Ꮚ', + 'ꮛ' => 'Ꮛ', + 'ꮜ' => 'Ꮜ', + 'ꮝ' => 'Ꮝ', + 'ꮞ' => 'Ꮞ', + 'ꮟ' => 'Ꮟ', + 'ꮠ' => 'Ꮠ', + 'ꮡ' => 'Ꮡ', + 'ꮢ' => 'Ꮢ', + 'ꮣ' => 'Ꮣ', + 'ꮤ' => 'Ꮤ', + 'ꮥ' => 'Ꮥ', + 'ꮦ' => 'Ꮦ', + 'ꮧ' => 'Ꮧ', + 'ꮨ' => 'Ꮨ', + 'ꮩ' => 'Ꮩ', + 'ꮪ' => 'Ꮪ', + 'ꮫ' => 'Ꮫ', + 'ꮬ' => 'Ꮬ', + 'ꮭ' => 'Ꮭ', + 'ꮮ' => 'Ꮮ', + 'ꮯ' => 'Ꮯ', + 'ꮰ' => 'Ꮰ', + 'ꮱ' => 'Ꮱ', + 'ꮲ' => 'Ꮲ', + 'ꮳ' => 'Ꮳ', + 'ꮴ' => 'Ꮴ', + 'ꮵ' => 'Ꮵ', + 'ꮶ' => 'Ꮶ', + 'ꮷ' => 'Ꮷ', + 'ꮸ' => 'Ꮸ', + 'ꮹ' => 'Ꮹ', + 'ꮺ' => 'Ꮺ', + 'ꮻ' => 'Ꮻ', + 'ꮼ' => 'Ꮼ', + 'ꮽ' => 'Ꮽ', + 'ꮾ' => 'Ꮾ', + 'ꮿ' => 'Ꮿ', + 'a' => 'A', + 'b' => 'B', + 'c' => 'C', + 'd' => 'D', + 'e' => 'E', + 'f' => 'F', + 'g' => 'G', + 'h' => 'H', + 'i' => 'I', + 'j' => 'J', + 'k' => 'K', + 'l' => 'L', + 'm' => 'M', + 'n' => 'N', + 'o' => 'O', + 'p' => 'P', + 'q' => 'Q', + 'r' => 'R', + 's' => 'S', + 't' => 'T', + 'u' => 'U', + 'v' => 'V', + 'w' => 'W', + 'x' => 'X', + 'y' => 'Y', + 'z' => 'Z', + '𐐨' => '𐐀', + '𐐩' => '𐐁', + '𐐪' => '𐐂', + '𐐫' => '𐐃', + '𐐬' => '𐐄', + '𐐭' => '𐐅', + '𐐮' => '𐐆', + '𐐯' => '𐐇', + '𐐰' => '𐐈', + '𐐱' => '𐐉', + '𐐲' => '𐐊', + '𐐳' => '𐐋', + '𐐴' => '𐐌', + '𐐵' => '𐐍', + '𐐶' => '𐐎', + '𐐷' => '𐐏', + '𐐸' => '𐐐', + '𐐹' => '𐐑', + '𐐺' => '𐐒', + '𐐻' => '𐐓', + '𐐼' => '𐐔', + '𐐽' => '𐐕', + '𐐾' => '𐐖', + '𐐿' => '𐐗', + '𐑀' => '𐐘', + '𐑁' => '𐐙', + '𐑂' => '𐐚', + '𐑃' => '𐐛', + '𐑄' => '𐐜', + '𐑅' => '𐐝', + '𐑆' => '𐐞', + '𐑇' => '𐐟', + '𐑈' => '𐐠', + '𐑉' => '𐐡', + '𐑊' => '𐐢', + '𐑋' => '𐐣', + '𐑌' => '𐐤', + '𐑍' => '𐐥', + '𐑎' => '𐐦', + '𐑏' => '𐐧', + '𐓘' => '𐒰', + '𐓙' => '𐒱', + '𐓚' => '𐒲', + '𐓛' => '𐒳', + '𐓜' => '𐒴', + '𐓝' => '𐒵', + '𐓞' => '𐒶', + '𐓟' => '𐒷', + '𐓠' => '𐒸', + '𐓡' => '𐒹', + '𐓢' => '𐒺', + '𐓣' => '𐒻', + '𐓤' => '𐒼', + '𐓥' => '𐒽', + '𐓦' => '𐒾', + '𐓧' => '𐒿', + '𐓨' => '𐓀', + '𐓩' => '𐓁', + '𐓪' => '𐓂', + '𐓫' => '𐓃', + '𐓬' => '𐓄', + '𐓭' => '𐓅', + '𐓮' => '𐓆', + '𐓯' => '𐓇', + '𐓰' => '𐓈', + '𐓱' => '𐓉', + '𐓲' => '𐓊', + '𐓳' => '𐓋', + '𐓴' => '𐓌', + '𐓵' => '𐓍', + '𐓶' => '𐓎', + '𐓷' => '𐓏', + '𐓸' => '𐓐', + '𐓹' => '𐓑', + '𐓺' => '𐓒', + '𐓻' => '𐓓', + '𐳀' => '𐲀', + '𐳁' => '𐲁', + '𐳂' => '𐲂', + '𐳃' => '𐲃', + '𐳄' => '𐲄', + '𐳅' => '𐲅', + '𐳆' => '𐲆', + '𐳇' => '𐲇', + '𐳈' => '𐲈', + '𐳉' => '𐲉', + '𐳊' => '𐲊', + '𐳋' => '𐲋', + '𐳌' => '𐲌', + '𐳍' => '𐲍', + '𐳎' => '𐲎', + '𐳏' => '𐲏', + '𐳐' => '𐲐', + '𐳑' => '𐲑', + '𐳒' => '𐲒', + '𐳓' => '𐲓', + '𐳔' => '𐲔', + '𐳕' => '𐲕', + '𐳖' => '𐲖', + '𐳗' => '𐲗', + '𐳘' => '𐲘', + '𐳙' => '𐲙', + '𐳚' => '𐲚', + '𐳛' => '𐲛', + '𐳜' => '𐲜', + '𐳝' => '𐲝', + '𐳞' => '𐲞', + '𐳟' => '𐲟', + '𐳠' => '𐲠', + '𐳡' => '𐲡', + '𐳢' => '𐲢', + '𐳣' => '𐲣', + '𐳤' => '𐲤', + '𐳥' => '𐲥', + '𐳦' => '𐲦', + '𐳧' => '𐲧', + '𐳨' => '𐲨', + '𐳩' => '𐲩', + '𐳪' => '𐲪', + '𐳫' => '𐲫', + '𐳬' => '𐲬', + '𐳭' => '𐲭', + '𐳮' => '𐲮', + '𐳯' => '𐲯', + '𐳰' => '𐲰', + '𐳱' => '𐲱', + '𐳲' => '𐲲', + '𑣀' => '𑢠', + '𑣁' => '𑢡', + '𑣂' => '𑢢', + '𑣃' => '𑢣', + '𑣄' => '𑢤', + '𑣅' => '𑢥', + '𑣆' => '𑢦', + '𑣇' => '𑢧', + '𑣈' => '𑢨', + '𑣉' => '𑢩', + '𑣊' => '𑢪', + '𑣋' => '𑢫', + '𑣌' => '𑢬', + '𑣍' => '𑢭', + '𑣎' => '𑢮', + '𑣏' => '𑢯', + '𑣐' => '𑢰', + '𑣑' => '𑢱', + '𑣒' => '𑢲', + '𑣓' => '𑢳', + '𑣔' => '𑢴', + '𑣕' => '𑢵', + '𑣖' => '𑢶', + '𑣗' => '𑢷', + '𑣘' => '𑢸', + '𑣙' => '𑢹', + '𑣚' => '𑢺', + '𑣛' => '𑢻', + '𑣜' => '𑢼', + '𑣝' => '𑢽', + '𑣞' => '𑢾', + '𑣟' => '𑢿', + '𖹠' => '𖹀', + '𖹡' => '𖹁', + '𖹢' => '𖹂', + '𖹣' => '𖹃', + '𖹤' => '𖹄', + '𖹥' => '𖹅', + '𖹦' => '𖹆', + '𖹧' => '𖹇', + '𖹨' => '𖹈', + '𖹩' => '𖹉', + '𖹪' => '𖹊', + '𖹫' => '𖹋', + '𖹬' => '𖹌', + '𖹭' => '𖹍', + '𖹮' => '𖹎', + '𖹯' => '𖹏', + '𖹰' => '𖹐', + '𖹱' => '𖹑', + '𖹲' => '𖹒', + '𖹳' => '𖹓', + '𖹴' => '𖹔', + '𖹵' => '𖹕', + '𖹶' => '𖹖', + '𖹷' => '𖹗', + '𖹸' => '𖹘', + '𖹹' => '𖹙', + '𖹺' => '𖹚', + '𖹻' => '𖹛', + '𖹼' => '𖹜', + '𖹽' => '𖹝', + '𖹾' => '𖹞', + '𖹿' => '𖹟', + '𞤢' => '𞤀', + '𞤣' => '𞤁', + '𞤤' => '𞤂', + '𞤥' => '𞤃', + '𞤦' => '𞤄', + '𞤧' => '𞤅', + '𞤨' => '𞤆', + '𞤩' => '𞤇', + '𞤪' => '𞤈', + '𞤫' => '𞤉', + '𞤬' => '𞤊', + '𞤭' => '𞤋', + '𞤮' => '𞤌', + '𞤯' => '𞤍', + '𞤰' => '𞤎', + '𞤱' => '𞤏', + '𞤲' => '𞤐', + '𞤳' => '𞤑', + '𞤴' => '𞤒', + '𞤵' => '𞤓', + '𞤶' => '𞤔', + '𞤷' => '𞤕', + '𞤸' => '𞤖', + '𞤹' => '𞤗', + '𞤺' => '𞤘', + '𞤻' => '𞤙', + '𞤼' => '𞤚', + '𞤽' => '𞤛', + '𞤾' => '𞤜', + '𞤿' => '𞤝', + '𞥀' => '𞤞', + '𞥁' => '𞤟', + '𞥂' => '𞤠', + '𞥃' => '𞤡', + 'ß' => 'SS', + 'ff' => 'FF', + 'fi' => 'FI', + 'fl' => 'FL', + 'ffi' => 'FFI', + 'ffl' => 'FFL', + 'ſt' => 'ST', + 'st' => 'ST', + 'և' => 'ԵՒ', + 'ﬓ' => 'ՄՆ', + 'ﬔ' => 'ՄԵ', + 'ﬕ' => 'ՄԻ', + 'ﬖ' => 'ՎՆ', + 'ﬗ' => 'ՄԽ', + 'ʼn' => 'ʼN', + 'ΐ' => 'Ϊ́', + 'ΰ' => 'Ϋ́', + 'ǰ' => 'J̌', + 'ẖ' => 'H̱', + 'ẗ' => 'T̈', + 'ẘ' => 'W̊', + 'ẙ' => 'Y̊', + 'ẚ' => 'Aʾ', + 'ὐ' => 'Υ̓', + 'ὒ' => 'Υ̓̀', + 'ὔ' => 'Υ̓́', + 'ὖ' => 'Υ̓͂', + 'ᾶ' => 'Α͂', + 'ῆ' => 'Η͂', + 'ῒ' => 'Ϊ̀', + 'ΐ' => 'Ϊ́', + 'ῖ' => 'Ι͂', + 'ῗ' => 'Ϊ͂', + 'ῢ' => 'Ϋ̀', + 'ΰ' => 'Ϋ́', + 'ῤ' => 'Ρ̓', + 'ῦ' => 'Υ͂', + 'ῧ' => 'Ϋ͂', + 'ῶ' => 'Ω͂', + 'ᾈ' => 'ἈΙ', + 'ᾉ' => 'ἉΙ', + 'ᾊ' => 'ἊΙ', + 'ᾋ' => 'ἋΙ', + 'ᾌ' => 'ἌΙ', + 'ᾍ' => 'ἍΙ', + 'ᾎ' => 'ἎΙ', + 'ᾏ' => 'ἏΙ', + 'ᾘ' => 'ἨΙ', + 'ᾙ' => 'ἩΙ', + 'ᾚ' => 'ἪΙ', + 'ᾛ' => 'ἫΙ', + 'ᾜ' => 'ἬΙ', + 'ᾝ' => 'ἭΙ', + 'ᾞ' => 'ἮΙ', + 'ᾟ' => 'ἯΙ', + 'ᾨ' => 'ὨΙ', + 'ᾩ' => 'ὩΙ', + 'ᾪ' => 'ὪΙ', + 'ᾫ' => 'ὫΙ', + 'ᾬ' => 'ὬΙ', + 'ᾭ' => 'ὭΙ', + 'ᾮ' => 'ὮΙ', + 'ᾯ' => 'ὯΙ', + 'ᾼ' => 'ΑΙ', + 'ῌ' => 'ΗΙ', + 'ῼ' => 'ΩΙ', + 'ᾲ' => 'ᾺΙ', + 'ᾴ' => 'ΆΙ', + 'ῂ' => 'ῊΙ', + 'ῄ' => 'ΉΙ', + 'ῲ' => 'ῺΙ', + 'ῴ' => 'ΏΙ', + 'ᾷ' => 'Α͂Ι', + 'ῇ' => 'Η͂Ι', + 'ῷ' => 'Ω͂Ι', +); diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/bootstrap.php b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/bootstrap.php new file mode 100644 index 0000000..6e4b5fc --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/bootstrap.php @@ -0,0 +1,159 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +use Symfony\Polyfill\Mbstring as p; + +if (\PHP_VERSION_ID >= 80000) { + return require __DIR__.'/bootstrap80.php'; +} + +if (!function_exists('mb_convert_encoding')) { + function mb_convert_encoding($string, $to_encoding, $from_encoding = null) { return p\Mbstring::mb_convert_encoding($string, $to_encoding, $from_encoding); } +} +if (!function_exists('mb_decode_mimeheader')) { + function mb_decode_mimeheader($string) { return p\Mbstring::mb_decode_mimeheader($string); } +} +if (!function_exists('mb_encode_mimeheader')) { + function mb_encode_mimeheader($string, $charset = null, $transfer_encoding = null, $newline = "\r\n", $indent = 0) { return p\Mbstring::mb_encode_mimeheader($string, $charset, $transfer_encoding, $newline, $indent); } +} +if (!function_exists('mb_decode_numericentity')) { + function mb_decode_numericentity($string, $map, $encoding = null) { return p\Mbstring::mb_decode_numericentity($string, $map, $encoding); } +} +if (!function_exists('mb_encode_numericentity')) { + function mb_encode_numericentity($string, $map, $encoding = null, $hex = false) { return p\Mbstring::mb_encode_numericentity($string, $map, $encoding, $hex); } +} +if (!function_exists('mb_convert_case')) { + function mb_convert_case($string, $mode, $encoding = null) { return p\Mbstring::mb_convert_case($string, $mode, $encoding); } +} +if (!function_exists('mb_internal_encoding')) { + function mb_internal_encoding($encoding = null) { return p\Mbstring::mb_internal_encoding($encoding); } +} +if (!function_exists('mb_language')) { + function mb_language($language = null) { return p\Mbstring::mb_language($language); } +} +if (!function_exists('mb_list_encodings')) { + function mb_list_encodings() { return p\Mbstring::mb_list_encodings(); } +} +if (!function_exists('mb_encoding_aliases')) { + function mb_encoding_aliases($encoding) { return p\Mbstring::mb_encoding_aliases($encoding); } +} +if (!function_exists('mb_check_encoding')) { + function mb_check_encoding($value = null, $encoding = null) { return p\Mbstring::mb_check_encoding($value, $encoding); } +} +if (!function_exists('mb_detect_encoding')) { + function mb_detect_encoding($string, $encodings = null, $strict = false) { return p\Mbstring::mb_detect_encoding($string, $encodings, $strict); } +} +if (!function_exists('mb_detect_order')) { + function mb_detect_order($encoding = null) { return p\Mbstring::mb_detect_order($encoding); } +} +if (!function_exists('mb_parse_str')) { + function mb_parse_str($string, &$result = []) { parse_str($string, $result); return (bool) $result; } +} +if (!function_exists('mb_strlen')) { + function mb_strlen($string, $encoding = null) { return p\Mbstring::mb_strlen($string, $encoding); } +} +if (!function_exists('mb_strpos')) { + function mb_strpos($haystack, $needle, $offset = 0, $encoding = null) { return p\Mbstring::mb_strpos($haystack, $needle, $offset, $encoding); } +} +if (!function_exists('mb_strtolower')) { + function mb_strtolower($string, $encoding = null) { return p\Mbstring::mb_strtolower($string, $encoding); } +} +if (!function_exists('mb_strtoupper')) { + function mb_strtoupper($string, $encoding = null) { return p\Mbstring::mb_strtoupper($string, $encoding); } +} +if (!function_exists('mb_substitute_character')) { + function mb_substitute_character($substitute_character = null) { return p\Mbstring::mb_substitute_character($substitute_character); } +} +if (!function_exists('mb_substr')) { + function mb_substr($string, $start, $length = 2147483647, $encoding = null) { return p\Mbstring::mb_substr($string, $start, $length, $encoding); } +} +if (!function_exists('mb_stripos')) { + function mb_stripos($haystack, $needle, $offset = 0, $encoding = null) { return p\Mbstring::mb_stripos($haystack, $needle, $offset, $encoding); } +} +if (!function_exists('mb_stristr')) { + function mb_stristr($haystack, $needle, $before_needle = false, $encoding = null) { return p\Mbstring::mb_stristr($haystack, $needle, $before_needle, $encoding); } +} +if (!function_exists('mb_strrchr')) { + function mb_strrchr($haystack, $needle, $before_needle = false, $encoding = null) { return p\Mbstring::mb_strrchr($haystack, $needle, $before_needle, $encoding); } +} +if (!function_exists('mb_strrichr')) { + function mb_strrichr($haystack, $needle, $before_needle = false, $encoding = null) { return p\Mbstring::mb_strrichr($haystack, $needle, $before_needle, $encoding); } +} +if (!function_exists('mb_strripos')) { + function mb_strripos($haystack, $needle, $offset = 0, $encoding = null) { return p\Mbstring::mb_strripos($haystack, $needle, $offset, $encoding); } +} +if (!function_exists('mb_strrpos')) { + function mb_strrpos($haystack, $needle, $offset = 0, $encoding = null) { return p\Mbstring::mb_strrpos($haystack, $needle, $offset, $encoding); } +} +if (!function_exists('mb_strstr')) { + function mb_strstr($haystack, $needle, $before_needle = false, $encoding = null) { return p\Mbstring::mb_strstr($haystack, $needle, $before_needle, $encoding); } +} +if (!function_exists('mb_get_info')) { + function mb_get_info($type = 'all') { return p\Mbstring::mb_get_info($type); } +} +if (!function_exists('mb_http_output')) { + function mb_http_output($encoding = null) { return p\Mbstring::mb_http_output($encoding); } +} +if (!function_exists('mb_strwidth')) { + function mb_strwidth($string, $encoding = null) { return p\Mbstring::mb_strwidth($string, $encoding); } +} +if (!function_exists('mb_substr_count')) { + function mb_substr_count($haystack, $needle, $encoding = null) { return p\Mbstring::mb_substr_count($haystack, $needle, $encoding); } +} +if (!function_exists('mb_output_handler')) { + function mb_output_handler($string, $status) { return p\Mbstring::mb_output_handler($string, $status); } +} +if (!function_exists('mb_http_input')) { + function mb_http_input($type = null) { return p\Mbstring::mb_http_input($type); } +} + +if (!function_exists('mb_convert_variables')) { + function mb_convert_variables($to_encoding, $from_encoding, &...$vars) { return p\Mbstring::mb_convert_variables($to_encoding, $from_encoding, ...$vars); } +} + +if (!function_exists('mb_ord')) { + function mb_ord($string, $encoding = null) { return p\Mbstring::mb_ord($string, $encoding); } +} +if (!function_exists('mb_chr')) { + function mb_chr($codepoint, $encoding = null) { return p\Mbstring::mb_chr($codepoint, $encoding); } +} +if (!function_exists('mb_scrub')) { + function mb_scrub($string, $encoding = null) { $encoding = null === $encoding ? mb_internal_encoding() : $encoding; return mb_convert_encoding($string, $encoding, $encoding); } +} +if (!function_exists('mb_str_split')) { + function mb_str_split($string, $length = 1, $encoding = null) { return p\Mbstring::mb_str_split($string, $length, $encoding); } +} + +if (!function_exists('mb_str_pad')) { + function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = STR_PAD_RIGHT, ?string $encoding = null): string { return p\Mbstring::mb_str_pad($string, $length, $pad_string, $pad_type, $encoding); } +} + +if (!function_exists('mb_ucfirst')) { + function mb_ucfirst(string $string, ?string $encoding = null): string { return p\Mbstring::mb_ucfirst($string, $encoding); } +} + +if (!function_exists('mb_lcfirst')) { + function mb_lcfirst(string $string, ?string $encoding = null): string { return p\Mbstring::mb_lcfirst($string, $encoding); } +} + +if (extension_loaded('mbstring')) { + return; +} + +if (!defined('MB_CASE_UPPER')) { + define('MB_CASE_UPPER', 0); +} +if (!defined('MB_CASE_LOWER')) { + define('MB_CASE_LOWER', 1); +} +if (!defined('MB_CASE_TITLE')) { + define('MB_CASE_TITLE', 2); +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/bootstrap80.php b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/bootstrap80.php new file mode 100644 index 0000000..ec2ae42 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/bootstrap80.php @@ -0,0 +1,155 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +use Symfony\Polyfill\Mbstring as p; + +if (!function_exists('mb_convert_encoding')) { + function mb_convert_encoding(array|string|null $string, ?string $to_encoding, array|string|null $from_encoding = null): array|string|false { return p\Mbstring::mb_convert_encoding($string ?? '', (string) $to_encoding, $from_encoding); } +} +if (!function_exists('mb_decode_mimeheader')) { + function mb_decode_mimeheader(?string $string): string { return p\Mbstring::mb_decode_mimeheader((string) $string); } +} +if (!function_exists('mb_encode_mimeheader')) { + function mb_encode_mimeheader(?string $string, ?string $charset = null, ?string $transfer_encoding = null, ?string $newline = "\r\n", ?int $indent = 0): string { return p\Mbstring::mb_encode_mimeheader((string) $string, $charset, $transfer_encoding, (string) $newline, (int) $indent); } +} +if (!function_exists('mb_decode_numericentity')) { + function mb_decode_numericentity(?string $string, array $map, ?string $encoding = null): string { return p\Mbstring::mb_decode_numericentity((string) $string, $map, $encoding); } +} +if (!function_exists('mb_encode_numericentity')) { + function mb_encode_numericentity(?string $string, array $map, ?string $encoding = null, ?bool $hex = false): string { return p\Mbstring::mb_encode_numericentity((string) $string, $map, $encoding, (bool) $hex); } +} +if (!function_exists('mb_convert_case')) { + function mb_convert_case(?string $string, ?int $mode, ?string $encoding = null): string { return p\Mbstring::mb_convert_case((string) $string, (int) $mode, $encoding); } +} +if (!function_exists('mb_internal_encoding')) { + function mb_internal_encoding(?string $encoding = null): string|bool { return p\Mbstring::mb_internal_encoding($encoding); } +} +if (!function_exists('mb_language')) { + function mb_language(?string $language = null): string|bool { return p\Mbstring::mb_language($language); } +} +if (!function_exists('mb_list_encodings')) { + function mb_list_encodings(): array { return p\Mbstring::mb_list_encodings(); } +} +if (!function_exists('mb_encoding_aliases')) { + function mb_encoding_aliases(?string $encoding): array { return p\Mbstring::mb_encoding_aliases((string) $encoding); } +} +if (!function_exists('mb_check_encoding')) { + function mb_check_encoding(array|string|null $value = null, ?string $encoding = null): bool { return p\Mbstring::mb_check_encoding($value, $encoding); } +} +if (!function_exists('mb_detect_encoding')) { + function mb_detect_encoding(?string $string, array|string|null $encodings = null, ?bool $strict = false): string|false { return p\Mbstring::mb_detect_encoding((string) $string, $encodings, (bool) $strict); } +} +if (!function_exists('mb_detect_order')) { + function mb_detect_order(array|string|null $encoding = null): array|bool { return p\Mbstring::mb_detect_order($encoding); } +} +if (!function_exists('mb_parse_str')) { + function mb_parse_str(?string $string, &$result = []): bool { parse_str((string) $string, $result); return (bool) $result; } +} +if (!function_exists('mb_strlen')) { + function mb_strlen(?string $string, ?string $encoding = null): int { return p\Mbstring::mb_strlen((string) $string, $encoding); } +} +if (!function_exists('mb_strpos')) { + function mb_strpos(?string $haystack, ?string $needle, ?int $offset = 0, ?string $encoding = null): int|false { return p\Mbstring::mb_strpos((string) $haystack, (string) $needle, (int) $offset, $encoding); } +} +if (!function_exists('mb_strtolower')) { + function mb_strtolower(?string $string, ?string $encoding = null): string { return p\Mbstring::mb_strtolower((string) $string, $encoding); } +} +if (!function_exists('mb_strtoupper')) { + function mb_strtoupper(?string $string, ?string $encoding = null): string { return p\Mbstring::mb_strtoupper((string) $string, $encoding); } +} +if (!function_exists('mb_substitute_character')) { + function mb_substitute_character(string|int|null $substitute_character = null): string|int|bool { return p\Mbstring::mb_substitute_character($substitute_character); } +} +if (!function_exists('mb_substr')) { + function mb_substr(?string $string, ?int $start, ?int $length = null, ?string $encoding = null): string { return p\Mbstring::mb_substr((string) $string, (int) $start, $length, $encoding); } +} +if (!function_exists('mb_stripos')) { + function mb_stripos(?string $haystack, ?string $needle, ?int $offset = 0, ?string $encoding = null): int|false { return p\Mbstring::mb_stripos((string) $haystack, (string) $needle, (int) $offset, $encoding); } +} +if (!function_exists('mb_stristr')) { + function mb_stristr(?string $haystack, ?string $needle, ?bool $before_needle = false, ?string $encoding = null): string|false { return p\Mbstring::mb_stristr((string) $haystack, (string) $needle, (bool) $before_needle, $encoding); } +} +if (!function_exists('mb_strrchr')) { + function mb_strrchr(?string $haystack, ?string $needle, ?bool $before_needle = false, ?string $encoding = null): string|false { return p\Mbstring::mb_strrchr((string) $haystack, (string) $needle, (bool) $before_needle, $encoding); } +} +if (!function_exists('mb_strrichr')) { + function mb_strrichr(?string $haystack, ?string $needle, ?bool $before_needle = false, ?string $encoding = null): string|false { return p\Mbstring::mb_strrichr((string) $haystack, (string) $needle, (bool) $before_needle, $encoding); } +} +if (!function_exists('mb_strripos')) { + function mb_strripos(?string $haystack, ?string $needle, ?int $offset = 0, ?string $encoding = null): int|false { return p\Mbstring::mb_strripos((string) $haystack, (string) $needle, (int) $offset, $encoding); } +} +if (!function_exists('mb_strrpos')) { + function mb_strrpos(?string $haystack, ?string $needle, ?int $offset = 0, ?string $encoding = null): int|false { return p\Mbstring::mb_strrpos((string) $haystack, (string) $needle, (int) $offset, $encoding); } +} +if (!function_exists('mb_strstr')) { + function mb_strstr(?string $haystack, ?string $needle, ?bool $before_needle = false, ?string $encoding = null): string|false { return p\Mbstring::mb_strstr((string) $haystack, (string) $needle, (bool) $before_needle, $encoding); } +} +if (!function_exists('mb_get_info')) { + function mb_get_info(?string $type = 'all'): array|string|int|false { return p\Mbstring::mb_get_info((string) $type); } +} +if (!function_exists('mb_http_output')) { + function mb_http_output(?string $encoding = null): string|bool { return p\Mbstring::mb_http_output($encoding); } +} +if (!function_exists('mb_strwidth')) { + function mb_strwidth(?string $string, ?string $encoding = null): int { return p\Mbstring::mb_strwidth((string) $string, $encoding); } +} +if (!function_exists('mb_substr_count')) { + function mb_substr_count(?string $haystack, ?string $needle, ?string $encoding = null): int { return p\Mbstring::mb_substr_count((string) $haystack, (string) $needle, $encoding); } +} +if (!function_exists('mb_output_handler')) { + function mb_output_handler(?string $string, ?int $status): string { return p\Mbstring::mb_output_handler((string) $string, (int) $status); } +} +if (!function_exists('mb_http_input')) { + function mb_http_input(?string $type = null): array|string|false { return p\Mbstring::mb_http_input($type); } +} + +if (!function_exists('mb_convert_variables')) { + function mb_convert_variables(?string $to_encoding, array|string|null $from_encoding, mixed &$var, mixed &...$vars): string|false { return p\Mbstring::mb_convert_variables((string) $to_encoding, $from_encoding ?? '', $var, ...$vars); } +} + +if (!function_exists('mb_ord')) { + function mb_ord(?string $string, ?string $encoding = null): int|false { return p\Mbstring::mb_ord((string) $string, $encoding); } +} +if (!function_exists('mb_chr')) { + function mb_chr(?int $codepoint, ?string $encoding = null): string|false { return p\Mbstring::mb_chr((int) $codepoint, $encoding); } +} +if (!function_exists('mb_scrub')) { + function mb_scrub(?string $string, ?string $encoding = null): string { $encoding ??= mb_internal_encoding(); return mb_convert_encoding((string) $string, $encoding, $encoding); } +} +if (!function_exists('mb_str_split')) { + function mb_str_split(?string $string, ?int $length = 1, ?string $encoding = null): array { return p\Mbstring::mb_str_split((string) $string, (int) $length, $encoding); } +} + +if (!function_exists('mb_str_pad')) { + function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = STR_PAD_RIGHT, ?string $encoding = null): string { return p\Mbstring::mb_str_pad($string, $length, $pad_string, $pad_type, $encoding); } +} + +if (!function_exists('mb_ucfirst')) { + function mb_ucfirst($string, ?string $encoding = null): string { return p\Mbstring::mb_ucfirst($string, $encoding); } +} + +if (!function_exists('mb_lcfirst')) { + function mb_lcfirst($string, ?string $encoding = null): string { return p\Mbstring::mb_lcfirst($string, $encoding); } +} + +if (extension_loaded('mbstring')) { + return; +} + +if (!defined('MB_CASE_UPPER')) { + define('MB_CASE_UPPER', 0); +} +if (!defined('MB_CASE_LOWER')) { + define('MB_CASE_LOWER', 1); +} +if (!defined('MB_CASE_TITLE')) { + define('MB_CASE_TITLE', 2); +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/composer.json b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/composer.json new file mode 100644 index 0000000..bd99d4b --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-mbstring/composer.json @@ -0,0 +1,38 @@ +{ + "name": "symfony/polyfill-mbstring", + "type": "library", + "description": "Symfony polyfill for the Mbstring extension", + "keywords": ["polyfill", "shim", "compatibility", "portable", "mbstring"], + "homepage": "https://symfony.com", + "license": "MIT", + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "require": { + "php": ">=7.1" + }, + "provide": { + "ext-mbstring": "*" + }, + "autoload": { + "psr-4": { "Symfony\\Polyfill\\Mbstring\\": "" }, + "files": [ "bootstrap.php" ] + }, + "suggest": { + "ext-mbstring": "For best performance" + }, + "minimum-stability": "dev", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/LICENSE b/qa-tool/htdocs/vendor/symfony/polyfill-php83/LICENSE new file mode 100644 index 0000000..733c826 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2022-present Fabien Potencier + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Php83.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Php83.php new file mode 100644 index 0000000..3d94b6c --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Php83.php @@ -0,0 +1,197 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Polyfill\Php83; + +/** + * @author Ion Bazan + * @author Pierre Ambroise + * + * @internal + */ +final class Php83 +{ + private const JSON_MAX_DEPTH = 0x7FFFFFFF; // see https://www.php.net/manual/en/function.json-decode.php + + public static function json_validate(string $json, int $depth = 512, int $flags = 0): bool + { + if (0 !== $flags && \defined('JSON_INVALID_UTF8_IGNORE') && \JSON_INVALID_UTF8_IGNORE !== $flags) { + throw new \ValueError('json_validate(): Argument #3 ($flags) must be a valid flag (allowed flags: JSON_INVALID_UTF8_IGNORE)'); + } + + if ($depth <= 0) { + throw new \ValueError('json_validate(): Argument #2 ($depth) must be greater than 0'); + } + + if ($depth > self::JSON_MAX_DEPTH) { + throw new \ValueError(sprintf('json_validate(): Argument #2 ($depth) must be less than %d', self::JSON_MAX_DEPTH)); + } + + json_decode($json, null, $depth, $flags); + + return \JSON_ERROR_NONE === json_last_error(); + } + + public static function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = \STR_PAD_RIGHT, ?string $encoding = null): string + { + if (!\in_array($pad_type, [\STR_PAD_RIGHT, \STR_PAD_LEFT, \STR_PAD_BOTH], true)) { + throw new \ValueError('mb_str_pad(): Argument #4 ($pad_type) must be STR_PAD_LEFT, STR_PAD_RIGHT, or STR_PAD_BOTH'); + } + + if (null === $encoding) { + $encoding = mb_internal_encoding(); + } + + try { + $validEncoding = @mb_check_encoding('', $encoding); + } catch (\ValueError $e) { + throw new \ValueError(sprintf('mb_str_pad(): Argument #5 ($encoding) must be a valid encoding, "%s" given', $encoding)); + } + + // BC for PHP 7.3 and lower + if (!$validEncoding) { + throw new \ValueError(sprintf('mb_str_pad(): Argument #5 ($encoding) must be a valid encoding, "%s" given', $encoding)); + } + + if (mb_strlen($pad_string, $encoding) <= 0) { + throw new \ValueError('mb_str_pad(): Argument #3 ($pad_string) must be a non-empty string'); + } + + $paddingRequired = $length - mb_strlen($string, $encoding); + + if ($paddingRequired < 1) { + return $string; + } + + switch ($pad_type) { + case \STR_PAD_LEFT: + return mb_substr(str_repeat($pad_string, $paddingRequired), 0, $paddingRequired, $encoding).$string; + case \STR_PAD_RIGHT: + return $string.mb_substr(str_repeat($pad_string, $paddingRequired), 0, $paddingRequired, $encoding); + default: + $leftPaddingLength = floor($paddingRequired / 2); + $rightPaddingLength = $paddingRequired - $leftPaddingLength; + + return mb_substr(str_repeat($pad_string, $leftPaddingLength), 0, $leftPaddingLength, $encoding).$string.mb_substr(str_repeat($pad_string, $rightPaddingLength), 0, $rightPaddingLength, $encoding); + } + } + + public static function str_increment(string $string): string + { + if ('' === $string) { + throw new \ValueError('str_increment(): Argument #1 ($string) cannot be empty'); + } + + if (!preg_match('/^[a-zA-Z0-9]+$/', $string)) { + throw new \ValueError('str_increment(): Argument #1 ($string) must be composed only of alphanumeric ASCII characters'); + } + + if (is_numeric($string)) { + $offset = stripos($string, 'e'); + if (false !== $offset) { + $char = $string[$offset]; + ++$char; + $string[$offset] = $char; + ++$string; + + switch ($string[$offset]) { + case 'f': + $string[$offset] = 'e'; + break; + case 'F': + $string[$offset] = 'E'; + break; + case 'g': + $string[$offset] = 'f'; + break; + case 'G': + $string[$offset] = 'F'; + break; + } + + return $string; + } + } + + return ++$string; + } + + public static function str_decrement(string $string): string + { + if ('' === $string) { + throw new \ValueError('str_decrement(): Argument #1 ($string) cannot be empty'); + } + + if (!preg_match('/^[a-zA-Z0-9]+$/', $string)) { + throw new \ValueError('str_decrement(): Argument #1 ($string) must be composed only of alphanumeric ASCII characters'); + } + + if (preg_match('/\A(?:0[aA0]?|[aA])\z/', $string)) { + throw new \ValueError(sprintf('str_decrement(): Argument #1 ($string) "%s" is out of decrement range', $string)); + } + + if (!\in_array(substr($string, -1), ['A', 'a', '0'], true)) { + return implode('', \array_slice(str_split($string), 0, -1)).\chr(\ord(substr($string, -1)) - 1); + } + + $carry = ''; + $decremented = ''; + + for ($i = \strlen($string) - 1; $i >= 0; --$i) { + $char = $string[$i]; + + switch ($char) { + case 'A': + if ('' !== $carry) { + $decremented = $carry.$decremented; + $carry = ''; + } + $carry = 'Z'; + + break; + case 'a': + if ('' !== $carry) { + $decremented = $carry.$decremented; + $carry = ''; + } + $carry = 'z'; + + break; + case '0': + if ('' !== $carry) { + $decremented = $carry.$decremented; + $carry = ''; + } + $carry = '9'; + + break; + case '1': + if ('' !== $carry) { + $decremented = $carry.$decremented; + $carry = ''; + } + + break; + default: + if ('' !== $carry) { + $decremented = $carry.$decremented; + $carry = ''; + } + + if (!\in_array($char, ['A', 'a', '0'], true)) { + $decremented = \chr(\ord($char) - 1).$decremented; + } + } + } + + return $decremented; + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/README.md b/qa-tool/htdocs/vendor/symfony/polyfill-php83/README.md new file mode 100644 index 0000000..f298776 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/README.md @@ -0,0 +1,22 @@ +Symfony Polyfill / Php83 +======================== + +This component provides features added to PHP 8.3 core: + +- [`json_validate`](https://wiki.php.net/rfc/json_validate) +- [`Override`](https://wiki.php.net/rfc/marking_overriden_methods) +- [`mb_str_pad`](https://wiki.php.net/rfc/mb_str_pad) +- [`ldap_exop_sync`](https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures) +- [`ldap_connect_wallet`](https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures) +- [`stream_context_set_options`](https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures) +- [`str_increment` and `str_decrement`](https://wiki.php.net/rfc/saner-inc-dec-operators) +- [`Date*Exception/Error classes`](https://wiki.php.net/rfc/datetime-exceptions) +- [`SQLite3Exception`](https://wiki.php.net/rfc/sqlite3_exceptions) + +More information can be found in the +[main Polyfill README](https://github.com/symfony/polyfill/blob/main/README.md). + +License +======= + +This library is released under the [MIT license](LICENSE). diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateError.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateError.php new file mode 100644 index 0000000..6e7ed8c --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateError.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateError extends Error + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateException.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateException.php new file mode 100644 index 0000000..041710a --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateException.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateException extends Exception + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateInvalidOperationException.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateInvalidOperationException.php new file mode 100644 index 0000000..e2e9dfc --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateInvalidOperationException.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateInvalidOperationException extends DateException + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateInvalidTimeZoneException.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateInvalidTimeZoneException.php new file mode 100644 index 0000000..75bcd26 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateInvalidTimeZoneException.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateInvalidTimeZoneException extends DateException + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedIntervalStringException.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedIntervalStringException.php new file mode 100644 index 0000000..af91b8e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedIntervalStringException.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateMalformedIntervalStringException extends DateException + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedPeriodStringException.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedPeriodStringException.php new file mode 100644 index 0000000..9b6d276 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedPeriodStringException.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateMalformedPeriodStringException extends DateException + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedStringException.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedStringException.php new file mode 100644 index 0000000..7ad0484 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateMalformedStringException.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateMalformedStringException extends DateException + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateObjectError.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateObjectError.php new file mode 100644 index 0000000..11f0edc --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateObjectError.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateObjectError extends DateError + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateRangeError.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateRangeError.php new file mode 100644 index 0000000..98e6703 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/DateRangeError.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class DateRangeError extends DateError + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/Override.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/Override.php new file mode 100644 index 0000000..d3e6b3e --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/Override.php @@ -0,0 +1,20 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + #[Attribute(Attribute::TARGET_METHOD)] + final class Override + { + public function __construct() + { + } + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/SQLite3Exception.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/SQLite3Exception.php new file mode 100644 index 0000000..ecb7c98 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/Resources/stubs/SQLite3Exception.php @@ -0,0 +1,16 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID < 80300) { + class SQLite3Exception extends Exception + { + } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/bootstrap.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/bootstrap.php new file mode 100644 index 0000000..f43af17 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/bootstrap.php @@ -0,0 +1,48 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +use Symfony\Polyfill\Php83 as p; + +if (\PHP_VERSION_ID >= 80300) { + return; +} + +if (!function_exists('json_validate')) { + function json_validate(string $json, int $depth = 512, int $flags = 0): bool { return p\Php83::json_validate($json, $depth, $flags); } +} + +if (!function_exists('mb_str_pad') && function_exists('mb_substr')) { + function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = STR_PAD_RIGHT, ?string $encoding = null): string { return p\Php83::mb_str_pad($string, $length, $pad_string, $pad_type, $encoding); } +} + +if (!function_exists('stream_context_set_options')) { + function stream_context_set_options($context, array $options): bool { return stream_context_set_option($context, $options); } +} + +if (!function_exists('str_increment')) { + function str_increment(string $string): string { return p\Php83::str_increment($string); } +} + +if (!function_exists('str_decrement')) { + function str_decrement(string $string): string { return p\Php83::str_decrement($string); } +} + +if (\PHP_VERSION_ID >= 80100) { + return require __DIR__.'/bootstrap81.php'; +} + +if (!function_exists('ldap_exop_sync') && function_exists('ldap_exop')) { + function ldap_exop_sync($ldap, string $request_oid, ?string $request_data = null, ?array $controls = null, &$response_data = null, &$response_oid = null): bool { return ldap_exop($ldap, $request_oid, $request_data, $controls, $response_data, $response_oid); } +} + +if (!function_exists('ldap_connect_wallet') && function_exists('ldap_connect')) { + function ldap_connect_wallet(?string $uri, string $wallet, string $password, int $auth_mode = \GSLC_SSL_NO_AUTH) { return ldap_connect($uri, $wallet, $password, $auth_mode); } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/bootstrap81.php b/qa-tool/htdocs/vendor/symfony/polyfill-php83/bootstrap81.php new file mode 100644 index 0000000..68395b4 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/bootstrap81.php @@ -0,0 +1,22 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +if (\PHP_VERSION_ID >= 80300) { + return; +} + +if (!function_exists('ldap_exop_sync') && function_exists('ldap_exop')) { + function ldap_exop_sync(\LDAP\Connection $ldap, string $request_oid, ?string $request_data = null, ?array $controls = null, &$response_data = null, &$response_oid = null): bool { return ldap_exop($ldap, $request_oid, $request_data, $controls, $response_data, $response_oid); } +} + +if (!function_exists('ldap_connect_wallet') && function_exists('ldap_connect')) { + function ldap_connect_wallet(?string $uri, string $wallet, #[\SensitiveParameter] string $password, int $auth_mode = \GSLC_SSL_NO_AUTH): \LDAP\Connection|false { return ldap_connect($uri, $wallet, $password, $auth_mode); } +} diff --git a/qa-tool/htdocs/vendor/symfony/polyfill-php83/composer.json b/qa-tool/htdocs/vendor/symfony/polyfill-php83/composer.json new file mode 100644 index 0000000..02a0bf8 --- /dev/null +++ b/qa-tool/htdocs/vendor/symfony/polyfill-php83/composer.json @@ -0,0 +1,33 @@ +{ + "name": "symfony/polyfill-php83", + "type": "library", + "description": "Symfony polyfill backporting some PHP 8.3+ features to lower PHP versions", + "keywords": ["polyfill", "shim", "compatibility", "portable"], + "homepage": "https://symfony.com", + "license": "MIT", + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "require": { + "php": ">=7.1" + }, + "autoload": { + "psr-4": { "Symfony\\Polyfill\\Php83\\": "" }, + "files": [ "bootstrap.php" ], + "classmap": [ "Resources/stubs" ] + }, + "minimum-stability": "dev", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + } +} diff --git a/styleguide/assets/css/style.css b/styleguide/assets/css/style.css new file mode 100644 index 0000000..49a66d6 --- /dev/null +++ b/styleguide/assets/css/style.css @@ -0,0 +1,1094 @@ +@font-face { + font-family: "URW Gothic L Demi"; + src: url("../fonts/urw_gothic_l_demi.ttf") format("truetype"); + font-style: normal; + font-weight: 600; + font-display: swap; +} + +@font-face { + font-family: "Nunito"; + src: url("../fonts/Nunito-VariableFont_wght.ttf") format("truetype"); + font-style: normal; + font-weight: 200 900; + font-display: swap; +} + +@font-face { + font-family: "Nunito"; + src: url("../fonts/Nunito-Italic-VariableFont_wght.ttf") format("truetype"); + font-style: italic; + font-weight: 200 900; + font-display: swap; +} + +:root { + --ob-blue: #00a7e6; + --ob-blue-soft: #33b9eb; + --ob-blue-shade-1: #0086b8; + --ob-blue-shade-2: #00648a; + --ob-blue-shade-3: #00435c; + --ob-blue-shade-4: #00212e; + --ob-blue-tint-1: #33b9eb; + --ob-blue-tint-2: #66caf0; + --ob-blue-tint-3: #99dcf5; + --ob-blue-tint-4: #ccedfa; + --ob-accent: #f59c00; + --ob-dark: #343537; + --ob-slate: #343537; + --ob-white: #ffffff; + + --ob-bg: #f5fbfe; + --ob-surface: #ffffff; + --ob-surface-soft: #99dcf5; + --ob-text: var(--ob-dark); + --ob-text-soft: rgba(52, 53, 55, 0.72); + --ob-border: rgba(52, 53, 55, 0.15); + --ob-code-bg: #eef3f6; + + --ob-success: #188f5c; + --ob-warning: var(--ob-accent); + --ob-danger: #c43b3b; + + --ob-shadow: 0 18px 40px rgba(52, 53, 55, 0.11); + --ob-focus: 0 0 0 3px rgba(0, 167, 230, 0.32); + + --ob-nav-bg: linear-gradient(178deg, #343537 0%, #2d2f31 100%); + --ob-nav-text: #ffffff; + --ob-nav-border: rgba(255, 255, 255, 0.14); + --ob-nav-link: rgba(255, 255, 255, 0.79); + --ob-nav-link-active-bg: rgba(51, 185, 235, 0.18); + --ob-nav-link-active-border: rgba(255, 255, 255, 0.24); + --ob-nav-ghost-border: rgba(255, 255, 255, 0.3); + --ob-nav-ghost-hover: rgba(255, 255, 255, 0.14); + + --ob-btn-light-bg: #ffffff; + --ob-btn-light-text: var(--ob-dark); + --ob-btn-light-border: var(--ob-border); + --ob-btn-light-hover-border: rgba(0, 167, 230, 0.48); + + --ob-toast-bg: #111114; + --ob-toast-text: #ffffff; + + --ob-radius: 14px; + --ob-radius-lg: 20px; + + --ob-font-body: "Nunito", "Segoe UI", Arial, sans-serif; + --ob-font-heading: "Nunito", "Segoe UI", Arial, sans-serif; + --ob-font-strong: "URW Gothic L Demi", "Nunito", "Segoe UI", Arial, sans-serif; + + --ob-nav-width: 282px; + --ob-content-max: 1140px; +} + +html[data-theme="dark"] { + --ob-bg: #14171b; + --ob-surface: #22252a; + --ob-surface-soft: #1f2328; + --ob-text: #f5f6f7; + --ob-text-soft: rgba(245, 246, 247, 0.72); + --ob-border: rgba(245, 246, 247, 0.16); + --ob-code-bg: #1a1d21; + + --ob-shadow: 0 16px 34px rgba(0, 0, 0, 0.32); + + --ob-nav-bg: linear-gradient(180deg, #17181b 0%, #1f2429 100%); + --ob-nav-link: rgba(245, 246, 247, 0.82); + --ob-nav-link-active-bg: rgba(51, 185, 235, 0.28); + + --ob-btn-light-bg: #272b31; + --ob-btn-light-text: #f5f6f7; + --ob-btn-light-border: rgba(245, 246, 247, 0.25); + --ob-btn-light-hover-border: rgba(102, 202, 240, 0.72); + + --ob-toast-bg: #0f1012; +} + +* { + box-sizing: border-box; +} + +html { + scroll-behavior: smooth; + color-scheme: light; +} + +html[data-theme="dark"] { + color-scheme: dark; +} + +body { + margin: 0; + background: var(--ob-bg); + color: var(--ob-text); + font-family: var(--ob-font-body); + line-height: 1.58; +} + +a { + color: inherit; + text-decoration: none; +} + +button, +a { + font: inherit; +} + +a:focus, +button:focus, +input:focus, +textarea:focus { + outline: none; + box-shadow: var(--ob-focus); +} + +.skip-link { + position: absolute; + left: 12px; + top: 12px; + background: #111114; + color: #ffffff; + border-radius: 10px; + padding: 8px 12px; + transform: translateY(-160%); + z-index: 100; +} + +.skip-link:focus { + transform: translateY(0); +} + +.app { + display: grid; + grid-template-columns: var(--ob-nav-width) 1fr; + min-height: 100vh; +} + +.sidenav { + position: sticky; + top: 0; + height: 100vh; + padding: 18px; + background: var(--ob-nav-bg); + color: var(--ob-nav-text); + border-right: 1px solid var(--ob-nav-border); + display: flex; + flex-direction: column; + gap: 14px; +} + +.sidenav__top { + display: flex; + flex-direction: column; + align-items: flex-start; + gap: 10px; +} + +.sidenav__controls { + display: flex; + align-items: center; + justify-content: flex-start; + gap: 6px; + width: 100%; +} + +.brand { + min-width: 0; +} + +.brand__logo { + display: block; + width: 164px; + height: auto; +} + +.sidenav__toggle { + display: none; +} + +.sidenav__nav { + display: flex; + flex-direction: column; + gap: 4px; +} + +.navlink { + border-radius: 11px; + padding: 9px 10px; + color: var(--ob-nav-link); + border: 1px solid transparent; +} + +.navlink:hover, +.navlink.is-active { + background: var(--ob-nav-link-active-bg); + color: var(--ob-nav-text); + border-color: var(--ob-nav-link-active-border); +} + +.main { + padding: 30px 28px 52px; +} + +.section { + max-width: var(--ob-content-max); + margin: 0 auto 34px; + scroll-margin-top: 20px; +} + +.hero__card { + border: 1px solid rgba(245, 251, 254, 0.14); + border-radius: 24px; + background: linear-gradient(135deg, #343537 0%, #22262a 48%, #203745 100%); + padding: clamp(22px, 3vw, 36px); + box-shadow: 0 26px 54px rgba(15, 19, 23, 0.38); + position: relative; + overflow: hidden; + isolation: isolate; +} + +.hero__card::before { + content: ""; + position: absolute; + right: -80px; + top: -90px; + width: 300px; + height: 300px; + border-radius: 999px; + background: radial-gradient(circle, rgba(51, 185, 235, 0.48) 0%, rgba(0, 167, 230, 0) 70%); + z-index: 0; +} + +.hero__card::after { + content: ""; + position: absolute; + left: -56px; + bottom: -70px; + width: 260px; + height: 220px; + border-radius: 999px; + background: radial-gradient(circle, rgba(245, 156, 0, 0.25) 0%, rgba(245, 156, 0, 0) 70%); + z-index: 0; +} + +.hero__grid { + position: relative; + z-index: 1; + display: grid; + grid-template-columns: minmax(0, 1.25fr) minmax(280px, 0.75fr); + gap: clamp(18px, 2.4vw, 28px); +} + +.hero__main { + max-width: 70ch; +} + +.hero__actions { + margin-top: 8px; +} + +.hero .kicker { + color: rgba(245, 251, 254, 0.8); +} + +.hero h1 { + color: #f5fbfe; +} + +.hero .lead { + color: rgba(245, 251, 254, 0.86); +} + +.hero .pill { + border-color: rgba(245, 251, 254, 0.28); + color: rgba(245, 251, 254, 0.9); + background: rgba(245, 251, 254, 0.09); +} + +.hero .pill--brand { + border-color: rgba(0, 167, 230, 0.52); + color: #f5fbfe; + background: rgba(0, 167, 230, 0.24); +} + +.hero .btn--light { + background: rgba(245, 251, 254, 0.1); + border-color: rgba(245, 251, 254, 0.32); + color: #f5fbfe; +} + +.hero .btn--light:hover { + border-color: rgba(0, 167, 230, 0.84); +} + +.hero__signal { + display: grid; + gap: 12px; + border: 1px solid rgba(245, 251, 254, 0.18); + border-radius: 18px; + background: linear-gradient(160deg, rgba(245, 251, 254, 0.15), rgba(245, 251, 254, 0.06)); + padding: 14px; + backdrop-filter: blur(2px); +} + +.hero__logo-stage { + border: 1px solid rgba(245, 251, 254, 0.18); + border-radius: 14px; + background: linear-gradient(145deg, rgba(28, 31, 34, 0.88), rgba(43, 48, 53, 0.84)); + min-height: 94px; + display: flex; + align-items: center; + justify-content: center; + padding: 14px; +} + +.hero__logo-stage img { + width: min(100%, 200px); + height: auto; +} + +.hero__metrics { + display: grid; + grid-template-columns: repeat(2, minmax(0, 1fr)); + gap: 10px; +} + +.hero__metric { + border: 1px solid rgba(245, 251, 254, 0.2); + border-radius: 12px; + background: rgba(16, 20, 24, 0.46); + padding: 10px; + display: grid; + gap: 5px; +} + +.hero__metric-chip { + width: 18px; + height: 18px; + border-radius: 999px; + border: 1px solid rgba(245, 251, 254, 0.56); +} + +.hero__metric-label { + font-size: 11px; + letter-spacing: 0.08em; + text-transform: uppercase; + color: rgba(245, 251, 254, 0.72); +} + +.hero__metric strong { + color: #f5fbfe; + font-size: 13px; +} + +.hero__tagline { + margin: 0; + color: rgba(245, 251, 254, 0.9); + font-size: 13px; +} + +.kicker { + margin: 0; + font-size: 12px; + text-transform: uppercase; + letter-spacing: 0.14em; + color: var(--ob-text-soft); +} + +h1, +h2, +h3, +h4, +p { + margin-top: 0; +} + +h1 { + font-family: var(--ob-font-strong); +} + +h2, +h3, +h4, +th { + font-family: var(--ob-font-heading); + font-weight: 700; +} + +h1 { + margin: 12px 0; + font-weight: 600; + font-size: clamp(38px, 5vw, 62px); + line-height: 1.02; + max-width: 16ch; +} + +h2 { + margin: 0; + font-size: clamp(26px, 3.1vw, 32px); + line-height: 1.12; +} + +h3 { + margin-bottom: 10px; + font-size: 21px; + line-height: 1.2; +} + +.lead { + max-width: 72ch; + margin-bottom: 14px; + font-size: clamp(17px, 2vw, 20px); +} + +.section__head { + margin-bottom: 18px; +} + +.muted { + color: var(--ob-text-soft); +} + +.small { + font-size: 12px; +} + +.grid { + display: grid; + gap: 22px; +} + +.grid--2 { + grid-template-columns: repeat(2, minmax(0, 1fr)); +} + +.grid--3 { + grid-template-columns: repeat(3, minmax(0, 1fr)); +} + +.card { + border: 1px solid var(--ob-border); + border-radius: var(--ob-radius); + background: var(--ob-surface); + box-shadow: var(--ob-shadow); + padding: 22px; +} +.section > .grid, +.section > .card { + margin-top: 22px; +} + +.metric { + min-height: 138px; +} + +.quote { + margin-top: 12px; + border-left: 4px solid var(--ob-blue); + padding: 10px 12px; + background: rgba(0, 167, 230, 0.08); + border-radius: 10px; +} + +.quote__text { + margin: 0; + font-family: var(--ob-font-body); + font-weight: 700; +} + +.table-wrap { + overflow-x: auto; +} + +.table { + width: 100%; + border-collapse: collapse; + min-width: 560px; +} + +.table th, +.table td { + text-align: left; + border-bottom: 1px solid var(--ob-border); + padding: 11px 10px; + vertical-align: top; +} + +.table th { + color: var(--ob-text); + font-size: 13px; + text-transform: uppercase; + letter-spacing: 0.08em; +} + +.table td { + color: var(--ob-text-soft); +} + +.logo-grid { + display: grid; + gap: 12px; +} + +.logo-stage { + min-height: 116px; + border-radius: 14px; + border: 1px solid var(--ob-border); + display: flex; + align-items: center; + justify-content: center; + padding: 16px; +} + +.logo-stage img { + max-width: 100%; + max-height: 66px; + width: auto; + height: auto; +} + +.logo-stage--icon img { + max-height: 88px; +} + +.logo-stage--light { + background: #ffffff; +} + +.logo-stage--dark { + background: #343537; +} + +.asset-actions { + margin-top: 12px; +} + +.logo-rules { + margin-top: 16px; +} + +.swatch { + display: flex; + flex-direction: column; + gap: 12px; +} + +.swatch__chip { + height: 62px; + border-radius: 12px; + border: 1px solid var(--ob-border); +} + +.swatch__meta { + display: flex; + justify-content: space-between; + align-items: baseline; + gap: 10px; +} + +.swatch__meta span { + color: var(--ob-text-soft); + font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace; +} + +.tone-swatches { + display: grid; + gap: 10px; +} + +.tone-swatch { + display: flex; + align-items: center; + gap: 10px; + width: 100%; + border: 1px solid var(--ob-border); + border-radius: 10px; + background: var(--ob-surface); + color: var(--ob-text); + padding: 8px 10px; + cursor: pointer; + text-align: left; +} + +.tone-swatch:hover { + border-color: var(--ob-blue-soft); +} + +.tone-swatch__chip { + width: 16px; + height: 16px; + border-radius: 999px; + border: 1px solid rgba(0, 0, 0, 0.2); + flex: 0 0 auto; +} + +.tone-swatch__value { + font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace; + font-size: 13px; +} + +.color-usage { + margin-top: 16px; +} + +.display-sample { + font-family: var(--ob-font-body); + font-weight: 700; + font-size: clamp(30px, 4vw, 46px); + line-height: 1.08; + margin-bottom: 18px; +} + +.type-sample { + border: 1px solid var(--ob-border); + border-radius: 12px; + background: rgba(51, 185, 235, 0.08); + padding: 14px; +} + +.type-kicker { + margin: 0 0 10px; + font-size: 11px; + text-transform: uppercase; + letter-spacing: 0.08em; + color: var(--ob-text-soft); +} + +.type-h1-demo { + margin: 0 0 12px; + font-family: var(--ob-font-strong); + font-weight: 600; + font-size: clamp(22px, 3.2vw, 32px); + line-height: 1.04; + white-space: nowrap; +} + +.type-h2-demo { + margin: 0 0 10px; + font-family: var(--ob-font-heading); + font-weight: 700; + font-size: clamp(20px, 2.6vw, 30px); + line-height: 1.12; + white-space: nowrap; +} + +.type-body-demo { + margin: 0 0 10px; + font-family: var(--ob-font-body); + font-size: 17px; + line-height: 1.58; +} + +.type-meta { + margin: 10px 0 0; + font-size: 13px; + color: var(--ob-text-soft); +} + +.type-compare { + margin-top: 12px; +} + +.type-compare-line { + margin: 0 0 12px; + font-size: clamp(24px, 2.8vw, 34px); + line-height: 1.16; +} + +.type-compare-line--body { + font-family: var(--ob-font-body); + font-weight: 700; +} + +.type-compare-line--strong { + font-family: var(--ob-font-strong); + font-weight: 600; +} + +.type-glyph-line { + margin: 0; + font-size: 15px; + line-height: 1.4; + color: var(--ob-text-soft); +} + +.type-glyph-line--body { + font-family: var(--ob-font-body); + font-weight: 600; +} + +.type-glyph-line--strong { + font-family: var(--ob-font-strong); + font-weight: 600; +} + +.component-stack { + margin-top: 16px; +} + +.component-hero { + margin-top: 8px; + border: 1px solid rgba(245, 251, 254, 0.14); + border-radius: 24px; + background: linear-gradient(135deg, #343537 0%, #22262a 48%, #203745 100%); + padding: clamp(18px, 2.6vw, 26px); + color: #f5fbfe; + box-shadow: 0 26px 54px rgba(15, 19, 23, 0.38); + position: relative; + overflow: hidden; + isolation: isolate; +} + +.component-hero::before { + content: ""; + position: absolute; + right: -80px; + top: -90px; + width: 300px; + height: 300px; + border-radius: 999px; + background: radial-gradient(circle, rgba(51, 185, 235, 0.48) 0%, rgba(0, 167, 230, 0) 70%); + z-index: 0; +} + +.component-hero::after { + content: ""; + position: absolute; + left: -56px; + bottom: -70px; + width: 260px; + height: 220px; + border-radius: 999px; + background: radial-gradient(circle, rgba(245, 156, 0, 0.25) 0%, rgba(245, 156, 0, 0) 70%); + z-index: 0; +} + +.component-hero__kicker { + margin: 0 0 10px; + font-size: 12px; + text-transform: uppercase; + letter-spacing: 0.12em; + color: rgba(245, 251, 254, 0.78); +} + +.component-hero__title { + margin: 0 0 10px; + font-family: var(--ob-font-strong); + font-weight: 600; + font-size: clamp(30px, 4vw, 44px); + line-height: 1.06; + color: #ffffff; +} + +.component-hero__text { + max-width: 60ch; + margin: 0 0 14px; + color: rgba(245, 251, 254, 0.92); +} + +.component-hero__kicker, +.component-hero__title, +.component-hero__text, +.component-hero .row, +.component-hero .cluster { + position: relative; + z-index: 1; +} + +.component-hero .btn--light { + background: rgba(245, 251, 254, 0.1); + border-color: rgba(245, 251, 254, 0.32); + color: #f5fbfe; +} + +.component-hero .btn--light:hover { + border-color: rgba(0, 167, 230, 0.84); +} + +.component-hero .row { + margin-top: 6px; + margin-bottom: 14px; + gap: 10px; +} + +.component-hero .cluster { + margin-top: 0; + margin-bottom: 0; + gap: 8px; +} + +.component-hero .pill { + border-color: rgba(245, 251, 254, 0.26); + color: rgba(245, 251, 254, 0.9); + background: rgba(245, 251, 254, 0.08); +} + +.demo-form { + display: grid; + gap: 10px; +} + +.field { + display: grid; + gap: 6px; + color: var(--ob-text-soft); +} + +.input { + width: 100%; + border-radius: 11px; + border: 1px solid var(--ob-border); + background: var(--ob-surface); + color: var(--ob-text); + min-height: 42px; + padding: 10px 12px; +} + +textarea.input { + resize: vertical; +} + +.alert { + border: 1px solid rgba(0, 167, 230, 0.42); + border-radius: 12px; + background: rgba(0, 167, 230, 0.12); + color: var(--ob-text); + padding: 12px; + display: grid; + gap: 6px; +} + +.cluster { + display: flex; + flex-wrap: wrap; + gap: 8px; + margin-bottom: 14px; +} + +.row { + display: flex; + align-items: center; + gap: 10px; +} + +.row--wrap { + flex-wrap: wrap; +} + +.row--space { + justify-content: space-between; +} + +.btn { + display: inline-flex; + align-items: center; + gap: 6px; + padding: 10px 14px; + border-radius: 12px; + border: 1px solid transparent; + cursor: pointer; + font-family: var(--ob-font-strong); + font-weight: 600; +} + +.btn--tiny { + padding: 4px 8px; + border-radius: 9px; + font-size: 11px; + min-height: 26px; +} + +.btn--sm { + padding: 8px 10px; + border-radius: 10px; + font-size: 12px; +} + +.btn--primary { + background: linear-gradient(132deg, var(--ob-blue) 0%, var(--ob-blue-soft) 100%); + color: #ffffff; +} + +.btn--primary:hover { + filter: brightness(1.06); +} + +.btn--light { + background: var(--ob-btn-light-bg); + color: var(--ob-btn-light-text); + border-color: var(--ob-btn-light-border); +} + +.btn--light:hover { + border-color: var(--ob-btn-light-hover-border); +} + +.sidenav .btn--ghost { + background: transparent; + color: var(--ob-nav-text); + border-color: var(--ob-nav-ghost-border); +} + +.sidenav .btn--ghost:hover { + background: var(--ob-nav-ghost-hover); +} + +.pill { + display: inline-flex; + align-items: center; + border-radius: 999px; + border: 1px solid var(--ob-border); + padding: 6px 10px; + font-size: 12px; + color: var(--ob-text-soft); + background: var(--ob-surface); +} + +.pill--brand { + border-color: rgba(0, 167, 230, 0.44); + color: var(--ob-dark); + background: rgba(0, 167, 230, 0.14); +} + +.pill--accent { + border-color: rgba(245, 156, 0, 0.46); + color: #8a5800; + background: rgba(245, 156, 0, 0.16); +} + +.pill--success { + border-color: rgba(24, 143, 92, 0.4); + color: #0f6f46; + background: rgba(24, 143, 92, 0.12); +} + +.bullets { + margin: 0; + padding-left: 18px; +} + +.bullets li { + margin: 7px 0; +} + +.code { + margin: 12px 0 0; + padding: 14px; + border-radius: 12px; + border: 1px solid var(--ob-border); + background: var(--ob-code-bg); + overflow: auto; +} + +.code code { + font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace; + font-size: 12px; + color: var(--ob-text); +} + +.footer { + max-width: var(--ob-content-max); + margin: 32px auto 0; + padding-top: 14px; + border-top: 1px solid var(--ob-border); +} + +.toast { + position: fixed; + right: 16px; + bottom: 16px; + background: var(--ob-toast-bg); + color: var(--ob-toast-text); + border-radius: 12px; + border: 1px solid rgba(255, 255, 255, 0.2); + padding: 9px 12px; + box-shadow: 0 10px 24px rgba(34, 34, 33, 0.35); + opacity: 0; + transform: translateY(8px); + transition: opacity 0.18s ease, transform 0.18s ease; + pointer-events: none; +} + +.toast.is-on { + opacity: 1; + transform: translateY(0); +} + +@media (max-width: 1080px) { + .grid--3 { + grid-template-columns: repeat(2, minmax(0, 1fr)); + } +} + +@media (max-width: 980px) { + .app { + grid-template-columns: 1fr; + } + + .sidenav { + position: fixed; + inset: 0 0 auto 0; + height: auto; + z-index: 20; + border-right: none; + border-bottom: 1px solid var(--ob-nav-border); + } + + .sidenav__toggle { + display: inline-flex; + } + + .sidenav__nav { + display: none; + padding-top: 8px; + max-height: min(56vh, 460px); + overflow: auto; + } + + .sidenav__nav.is-open { + display: flex; + } + + .main { + padding-top: 122px; + } + + .hero__grid { + grid-template-columns: 1fr; + } + + .hero__signal { + max-width: 560px; + } + + .grid--2, + .grid--3 { + grid-template-columns: 1fr; + } + + .table { + min-width: 460px; + } + + h1 { + max-width: 100%; + } +} + +@media (max-width: 620px) { + .main { + padding-left: 16px; + padding-right: 16px; + } + + .hero__card, + .card { + padding: 14px; + } + + .hero__metrics { + grid-template-columns: 1fr; + } +} + diff --git a/styleguide/assets/fonts/Nunito-Italic-VariableFont_wght.ttf b/styleguide/assets/fonts/Nunito-Italic-VariableFont_wght.ttf new file mode 100644 index 0000000..4622420 Binary files /dev/null and b/styleguide/assets/fonts/Nunito-Italic-VariableFont_wght.ttf differ diff --git a/styleguide/assets/fonts/Nunito-VariableFont_wght.ttf b/styleguide/assets/fonts/Nunito-VariableFont_wght.ttf new file mode 100644 index 0000000..10387be Binary files /dev/null and b/styleguide/assets/fonts/Nunito-VariableFont_wght.ttf differ diff --git a/styleguide/assets/fonts/urw_gothic_l_book.ttf b/styleguide/assets/fonts/urw_gothic_l_book.ttf new file mode 100644 index 0000000..2e5349a Binary files /dev/null and b/styleguide/assets/fonts/urw_gothic_l_book.ttf differ diff --git a/styleguide/assets/fonts/urw_gothic_l_demi.ttf b/styleguide/assets/fonts/urw_gothic_l_demi.ttf new file mode 100644 index 0000000..49f0f2d Binary files /dev/null and b/styleguide/assets/fonts/urw_gothic_l_demi.ttf differ diff --git a/styleguide/assets/img/o-Byte Favicon_Dark.svg b/styleguide/assets/img/o-Byte Favicon_Dark.svg new file mode 100644 index 0000000..1a0609f --- /dev/null +++ b/styleguide/assets/img/o-Byte Favicon_Dark.svg @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-Byte Favicon_Light.svg b/styleguide/assets/img/o-Byte Favicon_Light.svg new file mode 100644 index 0000000..116d32c --- /dev/null +++ b/styleguide/assets/img/o-Byte Favicon_Light.svg @@ -0,0 +1,21 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-byte_Logo_2024_Dark.svg b/styleguide/assets/img/o-byte_Logo_2024_Dark.svg new file mode 100644 index 0000000..c613532 --- /dev/null +++ b/styleguide/assets/img/o-byte_Logo_2024_Dark.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-byte_Logo_2024_Dark_clean.svg b/styleguide/assets/img/o-byte_Logo_2024_Dark_clean.svg new file mode 100644 index 0000000..97ba5ba --- /dev/null +++ b/styleguide/assets/img/o-byte_Logo_2024_Dark_clean.svg @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-byte_Logo_2024_Light.svg b/styleguide/assets/img/o-byte_Logo_2024_Light.svg new file mode 100644 index 0000000..ba22e2c --- /dev/null +++ b/styleguide/assets/img/o-byte_Logo_2024_Light.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-byte_Logo_2024_Light_clean.svg b/styleguide/assets/img/o-byte_Logo_2024_Light_clean.svg new file mode 100644 index 0000000..1e1f9c3 --- /dev/null +++ b/styleguide/assets/img/o-byte_Logo_2024_Light_clean.svg @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-byte_Logo_2024_Light_web_app.svg b/styleguide/assets/img/o-byte_Logo_2024_Light_web_app.svg new file mode 100644 index 0000000..3e6c877 --- /dev/null +++ b/styleguide/assets/img/o-byte_Logo_2024_Light_web_app.svg @@ -0,0 +1,113 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-byte_Logo_2024_White.svg b/styleguide/assets/img/o-byte_Logo_2024_White.svg new file mode 100644 index 0000000..82e1663 --- /dev/null +++ b/styleguide/assets/img/o-byte_Logo_2024_White.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/img/o-byte_Logo_2024_White_clean.svg b/styleguide/assets/img/o-byte_Logo_2024_White_clean.svg new file mode 100644 index 0000000..5c0ced0 --- /dev/null +++ b/styleguide/assets/img/o-byte_Logo_2024_White_clean.svg @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/styleguide/assets/js/app.js b/styleguide/assets/js/app.js new file mode 100644 index 0000000..da3a930 --- /dev/null +++ b/styleguide/assets/js/app.js @@ -0,0 +1,138 @@ +const $ = (selector, root = document) => root.querySelector(selector); +const $$ = (selector, root = document) => [...root.querySelectorAll(selector)]; + +const THEME_KEY = "obyte-theme"; +const themeToggle = $("#themeToggle"); +const toast = $("#toast"); +let toastTimer = null; + +function showToast(message) { + if (!toast) return; + toast.textContent = message; + toast.classList.add("is-on"); + clearTimeout(toastTimer); + toastTimer = setTimeout(() => toast.classList.remove("is-on"), 1400); +} + +async function copyText(value) { + try { + await navigator.clipboard.writeText(value); + showToast("Kopiert: " + value); + } catch { + const fallback = document.createElement("textarea"); + fallback.value = value; + fallback.style.position = "fixed"; + fallback.style.left = "-9999px"; + document.body.appendChild(fallback); + fallback.select(); + document.execCommand("copy"); + fallback.remove(); + showToast("Kopiert: " + value); + } +} + +document.addEventListener("click", (event) => { + const trigger = event.target.closest("[data-copy-value],[data-copy-block]"); + if (!trigger) return; + + const directValue = trigger.getAttribute("data-copy-value"); + const blockSelector = trigger.getAttribute("data-copy-block"); + + if (directValue) { + copyText(directValue); + return; + } + + if (blockSelector) { + const block = $(blockSelector); + if (block) { + copyText(block.innerText.trim()); + } + } +}); + +function applyTheme(theme) { + const isDark = theme === "dark"; + document.documentElement.setAttribute("data-theme", isDark ? "dark" : "light"); + + if (themeToggle) { + themeToggle.setAttribute("aria-pressed", String(isDark)); + themeToggle.textContent = isDark ? "Hell" : "Dunkel"; + } +} + +function loadInitialTheme() { + let savedTheme = null; + + try { + savedTheme = localStorage.getItem(THEME_KEY); + } catch { + savedTheme = null; + } + + if (savedTheme === "light" || savedTheme === "dark") { + applyTheme(savedTheme); + return; + } + + const prefersDark = window.matchMedia("(prefers-color-scheme: dark)").matches; + applyTheme(prefersDark ? "dark" : "light"); +} + +themeToggle?.addEventListener("click", () => { + const currentTheme = document.documentElement.getAttribute("data-theme"); + const nextTheme = currentTheme === "dark" ? "light" : "dark"; + + applyTheme(nextTheme); + + try { + localStorage.setItem(THEME_KEY, nextTheme); + } catch { + // Ignore storage errors in restrictive browser contexts. + } +}); + +loadInitialTheme(); + +const navToggle = $("#navToggle"); +const navLinks = $("#navLinks"); + +navToggle?.addEventListener("click", () => { + const open = navLinks?.classList.toggle("is-open"); + navToggle.setAttribute("aria-expanded", String(open)); +}); + +$$(".navlink").forEach((link) => { + link.addEventListener("click", () => { + if (window.matchMedia("(max-width: 980px)").matches) { + navLinks?.classList.remove("is-open"); + navToggle?.setAttribute("aria-expanded", "false"); + } + }); +}); + +const sections = $$(".section"); +const links = $$(".navlink"); + +function setActive(id) { + links.forEach((link) => { + link.classList.toggle("is-active", link.getAttribute("href") === "#" + id); + }); +} + +const observer = new IntersectionObserver( + (entries) => { + entries.forEach((entry) => { + if (entry.isIntersecting && entry.target.id) { + setActive(entry.target.id); + } + }); + }, + { threshold: 0.28 } +); + +sections.forEach((section) => observer.observe(section)); + +if (location.hash) { + setActive(location.hash.replace("#", "")); +} \ No newline at end of file diff --git a/styleguide/index.html b/styleguide/index.html new file mode 100644 index 0000000..c3a5a4b --- /dev/null +++ b/styleguide/index.html @@ -0,0 +1,886 @@ + + + + + + + + o-byte.com - Styleguide + + + + +
+ + +
+
+
+
+
+

o-byte.com Brand Guide 2026

+

Kommunikation, die im Alltag spürbar entlastet.

+

+ Dieser Styleguide übersetzt den Markenauftritt von o-byte.com in klare Regeln + für Design, Sprache und Anwendung. Technisch stark, visuell fokussiert und + konsequent serviceorientiert. +

+
+ ITK-Systemhaus + B2B + Telefonie & Integration + Gemeinsam erfolgreich +
+
+ Farbsystem + Tokens kopieren + Logo SVG + Favicon SVG +
+
+ +
+
+
+ +
+
+

Markenfundament

+

+ Positionierung und Kernbotschaft als inhaltlicher Rahmen für Website, Vertrieb, + Support und Produktkommunikation. +

+
+
+
+

Positionierung

+

+ o-byte.com ist ein spezialisiertes ITK-Systemhaus für moderne Business- + Kommunikation mit Fokus auf IP-basierte Telefonie, STARFACE und + integrationsgetriebene Erweiterungen. +

+
    +
  • Von Planung und Umsetzung bis Support aus einer Hand.
    • +
  • Partnerorientiert mit konkretem Kundennutzen statt Buzzwords.
    • +
  • Technisch tief, in der Kommunikation trotzdem verständlich.
    • +
+
+
+

Markenversprechen

+

+ Wir liefern lösungsorientierte Telekommunikation, die im Tagesgeschäft messbar + entlastet: bessere Erreichbarkeit, weniger Reibung, klare Prozesse. +

+
+

"Gemeinsam erfolgreich" ist Leitmotiv, nicht Claim-Dekoration.

+
+
+
+
+
+

Werte

+

Verlässlichkeit, Erreichbarkeit, Pragmatismus und Qualität.

+
+
+

Zielgruppen

+

KMU, Kanzleien, Praxen, Industrie und Partner mit Integrationsbedarf.

+
+
+

Markenton

+

Sachlich positiv, kompetent, auf Augenhöhe.

+
+
+
+ +
+
+

Tonalität

+

Wie o-byte.com spricht: serviceorientiert, klar und lösungsfokussiert.

+
+
+
+

Do

+
    +
  • Konkrete Ergebnisse und Nutzen zuerst benennen.
    • +
  • Aktive Sprache und direkte Handlungsangebote verwenden.
    • +
  • Technik erklären, ohne Überheblichkeit oder Jargon-Last.
    • +
  • Partnerschaftlich formulieren: gemeinsam, wir, zusammen.
    • +
+
+
+

Don't

+
    +
  • Leere Marketingphrasen ohne Substanz oder Beispiel.
    • +
  • Unnötig komplizierte Fachterminologie in Standardtexten.
    • +
  • Reißerische Versprechen ohne realistische Einordnung.
    • +
  • Kühle Distanzsprache ohne Servicebezug.
    • +
+
+
+
+

Textbausteine (Beispiele)

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
KontextEmpfohlenVermeiden
CTA"IT-Systemhaus anfragen""Jetzt revolutionieren"
Support"Wir kümmern uns direkt um Ihr Anliegen.""Bitte Ticket abwarten."
Produkt"Integration in DATEV und bestehende Prozesse.""Disruptive End-to-End-Synergien."
+
+
+
+ + + +
+
+

Farbsystem

+

+ o-byte Blue basiert auf festen Shades und Tints. Hauptfarbe, Hilfsfarbe und + Hintergrund sind auf die definierte Blau-Skala abgestimmt. +

+
+
+
+
+
+ Hauptfarbe: o-byte Blue + #00A7E6 +
+ +
+
+
+
+ Hilfsfarbe: Blue Tint 1 + #33B9EB +
+ +
+
+
+
+ Hintergrund + #F5FBFE +
+ +
+
+
+
+ Akzentfarbe + #F59C00 +
+ +
+
+
+
+ Slate + #343537 +
+ +
+
+
+
+ White + #FFFFFF +
+ +
+
+
+
+

20% Shades von #00A7E6

+
+ + + + +
+
+
+

20% Tints von #00A7E6

+
+ + + + +
+
+
+
+

Einsatzlogik

+
+ + + + + +
+

Shades nur für mehr Tiefe und Kontrast, Tints nur für leichte Flächen nutzen.

+
+
+ +
+
+

Typografie

+

Fließ- und Sekundärüberschriften in Nunito, Primär-Akzente weiterhin in URW Gothic L Demi.

+
+
+
+

Nunito live in der Anwendung

+
+

Einsatzbereich: H2-H4 + Fließtext

+

Stabiler Betrieb im Tagesgeschäft

+

+ Nunito ist die Standardschrift für längere Inhalte. Sie bleibt bei normaler + Lesedistanz ruhig, gut scanbar und belastet die Augen auch in längeren Texten nicht. +

+

Empfohlen: 17 px / 1.58 Zeilenhöhe / linksbündig

+
+
+
+

URW Demi live in der Anwendung

+
+

Einsatzbereich: H1 + CTA + Primärakzent

+

Kommunikation, die entlastet.

+
+ + +
+

URW Demi bewusst punktuell nutzen, nicht für lange Lesetexte.

+
+
+
+
+

Direkter Schriftvergleich

+
+
+

Nunito (Body/H2-H4)

+

Kommunikation auf Augenhöhe. Klar, direkt, verlässlich.

+

Aa Bb Cc Dd Ee Ff Gg ÄÖÜ äöü ß 0123456789

+
+
+

URW Gothic L Demi (H1/CTA)

+

Kommunikation auf Augenhöhe. Klar, direkt, verlässlich.

+

Aa Bb Cc Dd Ee Ff Gg ÄÖÜ äöü ß 0123456789

+
+
+
+
+

Typografische Skala

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ElementGrößeGewichtZeilenhöhe
H140-60 px (responsive)600 (URW Gothic L Demi)1.03
H230 px700 (Nunito)1.15
H321 px700 (Nunito)1.2
Body17 px400-700 (Nunito)1.58
+
+
+
+
+

Verbindliche Satzregeln

+
    +
  • Fließtext standardmäßig 17 px in Nunito, niemals kleiner als 16 px.
    • +
  • Lesetexte mit Zeilenhöhe 1.5 bis 1.65 setzen; Headlines enger führen (1.03 bis 1.2).
    • +
  • Zeilenlänge für längere Texte zwischen 45 und 75 Zeichen halten.
    • +
  • Text linksbündig, kein Blocksatz in Fließtexten.
    • +
  • Versalien nur für kurze Labels/Kicker einsetzen, nicht für ganze Absätze.
    • +
  • Fettungen sparsam nutzen: maximal ein Fokuspunkt pro Satz oder UI-Element.
    • +
+
+
+

Hierarchie-Definition

+
    +
  • H1 ist der einzige visuelle Primäranker einer Seite und bleibt in URW Gothic L Demi.
    • +
  • H2 strukturiert Hauptabschnitte in Nunito 700 und muss inhaltlich scanbar formuliert sein.
    • +
  • H3 benennt konkrete Teilthemen, Komponenten oder Arbeitsschritte.
    • +
  • Body trägt die Information: neutral, klar, ohne dekorative Effekte.
    • +
  • Buttons und CTAs bleiben in URW Gothic L Demi, damit Handlungsaufforderungen sofort auffallen.
    • +
  • In einer Card nie mehr als drei Hierarchieebenen kombinieren (z. B. H3, Body, Label).
    • +
+
+
+
+

Do / Don't Beispiele

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KontextDoDon't
AbsatzKurze, klare Sätze mit 1-2 Kernaussagen pro Absatz.Verschachtelte Satzkonstruktionen mit vielen Nebensätzen.
HeadlineNutzenorientiert und konkret, z. B. "Support in unter 2 Stunden".Abstrakt oder werblich, z. B. "Kommunikation neu gedacht".
CTAVerb + Ergebnis, z. B. "Angebot anfordern".Unklare Labels wie "Mehr" oder "Weiter".
HervorhebungWichtige Begriffe punktuell fett markieren.Ganze Absätze dauerhaft fett setzen.
+
+
+
+

Implementierungsbeispiele

+

Beispiel für saubere Text-Hierarchie mit den festgelegten Schriftrollen.

+ 
<section>
+  <h2>Service-Level und Erreichbarkeit</h2>
+  <p>Unser Support reagiert werktags innerhalb von zwei Stunden.</p>
+  <button class="btn btn--primary">Anfrage senden</button>
+</section>
+

Passende Token-Zuordnung in CSS.

+ 
:root {
+  --ob-font-body: "Nunito", "Segoe UI", Arial, sans-serif;
+  --ob-font-heading: "Nunito", "Segoe UI", Arial, sans-serif;
+  --ob-font-strong: "URW Gothic L Demi", "Nunito", "Segoe UI", Arial, sans-serif;
+}
+
+h1 { font-family: var(--ob-font-strong); }
+h2, h3, h4 { font-family: var(--ob-font-heading); }
+body { font-family: var(--ob-font-body); }
+
+
+ +
+
+

Bildsprache

+

Abgeleitet aus dem Auftritt: Menschen, Teams, echte Situationen, klare Kontraste.

+
+
+
+

Bildprinzipien

+
    +
  • Authentische Team- und Kundenszenen statt generischer Stock-Inszenierung.
    • +
  • Fokus auf Beratung, Zusammenarbeit, Support und konkrete Arbeitssituationen.
    • +
  • Helle, aufgeräumte Motive mit natürlicher Farbtemperatur.
    • +
  • Personen klar erkennbar, freundliche aber professionelle Haltung.
    • +
+
+
+

Nicht verwenden

+
    +
  • Überinszenierte Futuristik (neon, holografische Fake-Interfaces).
    • +
  • Stark entsättigte oder dramatisch dunkle Bildlooks ohne Markenbezug.
    • +
  • Beliebige Handschlag-Stockfotos ohne realen Kontext.
    • +
  • Unruhige Hintergründe, die Textlesbarkeit reduzieren.
    • +
+
+
+
+

Bildbearbeitung und Overlay

+

+ Nur dezente Korrekturen: Kontrast +5 bis +10, Sättigung maximal +6, kein harter + Farbstich. Text auf Bildern immer mit Kontrastfläche (hell/dunkel) absichern. +

+
+
+ +
+
+

UI-Komponenten

+

Robuste Standardbausteine für Website, Landingpages und Kundenportal.

+
+
+

Hero

+
+

Einstiegskomponente

+

Kommunikation, die im Alltag spürbar entlastet.

+

+ Der Hero transportiert Nutzen, Positionierung und klare Handlungsoptionen innerhalb + der ersten Bildschirmansicht. +

+
+ + +
+
+ ITK-Systemhaus + B2B + Telefonie & Integration +
+
+

+ Einsatz: immer als erste inhaltliche Komponente einer Seite, mit 1 Primär-CTA und + maximal 1-2 Sekundäraktionen. +

+
+
+
+

Buttons

+
+ + + +
+
+
+

Status

+
+ Standard + Aktiv + Priorität + Verfügbar +
+
+
+
+
+

Kontaktformular

+
+ + + + +
+
+
+

Hinweis-Box

+
+ Service-Hinweis: + Support-Anfragen immer mit Erreichbarkeit und kurzer Problembeschreibung einreichen. +
+

Alerts werden sachlich formuliert, ohne Alarmismus.

+
+
+
+

Card-Prinzip

+

+ Cards nutzen weiße Flächen, feine Linien und moderate Tiefe. Inhalte bleiben + strukturiert, ohne visuelle Überladung. Keine dekorativen Verläufe in + Content-Flächen. +

+
+
+ +
+
+

Accessibility und UX-Regeln

+

Verbindliche Mindeststandards für digitale Touchpoints.

+
+
+
+

Kontrast und Lesbarkeit

+
    +
  • Textkontrast mindestens WCAG AA (4.5:1 bei normalem Text).
    • +
  • Keine hellblauen Fließtexte auf weißem Hintergrund.
    • +
  • Interaktive Elemente mit klarer Fokusmarkierung versehen.
    • +
  • Alternativtexte für Grafiken und Bilder bereitstellen.
    • +
+
+
+

Interaktion

+
    +
  • Klickflächen mindestens 40 x 40 px.
    • +
  • Buttons eindeutig benennen (Verb + Nutzen).
    • +
  • Navigation logisch und auf mobilen Geräten ohne Brüche.
    • +
+
+
+
+

MUSS-Checkliste (Release-Gate)

+
    +
  • Jede Seite MUSS genau eine h1, eine sinnvolle Überschriften-Hierarchie und semantische Landmarks (header, nav, main, footer) haben.
    • +
  • Jede Seite MUSS ein korrektes lang-Attribut und einen eindeutigen, aussagekräftigen title haben.
    • +
  • Alle Funktionen MÜSSEN vollständig per Tastatur bedienbar sein (Tab, Shift+Tab, Enter, Space, Escape) und dürfen keine Keyboard-Falle erzeugen.
    • +
  • Der Fokus MUSS immer sichtbar sein, logisch durch die Seite laufen und darf nie per CSS entfernt werden.
    • +
  • Textkontrast MUSS mindestens 4.5:1 betragen; Kontrast von UI-Komponenten/Fokusindikatoren MUSS mindestens 3:1 betragen.
    • +
  • Information darf NIE nur über Farbe vermittelt werden; es MUSS immer ein zweiter Hinweis vorhanden sein (Text, Icon, Muster oder Statuslabel).
    • +
  • Interaktive Elemente MÜSSEN einen eindeutigen Accessible Name haben (keine Buttons/Links nur mit "Hier" oder nur Icon ohne Label).
    • +
  • Klick- und Touch-Ziele MÜSSEN mindestens 44 x 44 px gross sein oder gleichwertig grossen Abstand besitzen.
    • +
  • Formulare MÜSSEN programmatisch verknüpfte Labels besitzen; Pflichtfelder, Fehler und Hilfetexte MÜSSEN für Screenreader auslesbar sein.
    • +
  • Fehlermeldungen MÜSSEN konkret sagen, was falsch ist und wie es zu korrigieren ist; der Fokus MUSS nach Submit zur Fehlerzusammenfassung springen.
    • +
  • Statusänderungen (z. B. "gespeichert", "geladen", "Fehler") MÜSSEN per aria-live oder gleichwertig angekündigt werden.
    • +
  • Bilder mit Informationswert MÜSSEN sinnvolle Alt-Texte haben; rein dekorative Bilder MÜSSEN als dekorativ markiert sein.
    • +
  • Video mit Sprache MUSS Untertitel haben; reine Audioinhalte MÜSSEN ein Transkript haben; Autoplay mit Ton ist nicht zulässig.
    • +
  • Inhalte MÜSSEN bei 200 % Zoom und bei 320 CSS-Pixel Breite ohne horizontalen Pflicht-Scroll funktionieren (ausser technisch notwendige Ausnahmen wie Datentabellen).
    • +
  • Animationen/Bewegungen MÜSSEN reduzierbar sein (prefers-reduced-motion); Inhalte dürfen nicht mehr als 3-mal pro Sekunde blinken.
    • +
  • Authentifizierung darf keine unzumutbare kognitive Hürde erzeugen; es MUSS eine barrierefreie Alternative zu rein visuellen Aufgaben geben.
    • +
  • Release-Freigabe nur, wenn Kernpfade bestanden sind: Navigation, Suche, Login, Formulare, Checkout, Zahlung und Fehlerszenarien.
    • +
+

Definition of Done: Kein Release ohne bestandenen Keyboard-Test, Screenreader-Schnelltest und dokumentierte Behebung aller kritischen A11y-Defekte.

+
+
+ +
+
+

Design Tokens

+

Copy-ready Basis für Webprojekte und UI-Implementierung.

+
+
+
+

CSS Tokens

+ +
+ 
:root {
+  --ob-color-primary: #00A7E6;
+  --ob-color-primary-soft: #33B9EB;
+  --ob-color-primary-shade-1: #0086B8;
+  --ob-color-primary-shade-2: #00648A;
+  --ob-color-primary-shade-3: #00435C;
+  --ob-color-primary-shade-4: #00212E;
+  --ob-color-primary-tint-1: #33B9EB;
+  --ob-color-primary-tint-2: #66CAF0;
+  --ob-color-primary-tint-3: #99DCF5;
+  --ob-color-primary-tint-4: #CCEDFA;
+  --ob-color-accent: #F59C00;
+  --ob-color-dark: #343537;
+  --ob-color-slate: #343537;
+  --ob-color-bg: #F5FBFE;
+  --ob-color-surface: #FFFFFF;
+
+  --ob-font-body: "Nunito", "Segoe UI", Arial, sans-serif;
+  --ob-font-heading: "Nunito", "Segoe UI", Arial, sans-serif;
+  --ob-font-strong: "URW Gothic L Demi", "Nunito", "Segoe UI", Arial, sans-serif;
+
+  --ob-radius-sm: 10px;
+  --ob-radius-md: 14px;
+  --ob-radius-lg: 20px;
+
+  --ob-space-2: 8px;
+  --ob-space-3: 12px;
+  --ob-space-4: 16px;
+  --ob-space-6: 24px;
+  --ob-space-8: 32px;
+}
+
+
+
+

JSON Tokens

+ +
+ 
{
+  "color": {
+    "primary": "#00A7E6",
+    "primarySoft": "#33B9EB",
+    "primaryShades": ["#0086B8", "#00648A", "#00435C", "#00212E"],
+    "primaryTints": ["#33B9EB", "#66CAF0", "#99DCF5", "#CCEDFA"],
+    "accent": "#F59C00",
+    "dark": "#343537",
+    "slate": "#343537",
+    "background": "#F5FBFE",
+    "surface": "#FFFFFF"
+  },
+  "font": {
+    "body": "Nunito",
+    "heading": "Nunito",
+    "strong": "URW Gothic L Demi"
+  },
+  "radius": {
+    "sm": "10px",
+    "md": "14px",
+    "lg": "20px"
+  }
+}
+
+
+ +
+

o-byte.com - Styleguide - Stand: Februar 2026

+
+
+
+ +
+ + +