From f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0 Mon Sep 17 00:00:00 2001 From: M.Gergo Date: Fri, 8 Mar 2019 21:20:34 +0100 Subject: további rendrakás --- mayor-orig/www/include/share/ssl/ssl.php | 461 ------------------------------- 1 file changed, 461 deletions(-) delete mode 100644 mayor-orig/www/include/share/ssl/ssl.php (limited to 'mayor-orig/www/include/share/ssl/ssl.php') diff --git a/mayor-orig/www/include/share/ssl/ssl.php b/mayor-orig/www/include/share/ssl/ssl.php deleted file mode 100644 index 61b6ca1b..00000000 --- a/mayor-orig/www/include/share/ssl/ssl.php +++ /dev/null @@ -1,461 +0,0 @@ -getResponse() - - Küldés: - __construct - getSSLKeyPair - _genSessionKey - setRemoteNodeId - _setRemotePublicKey - getSslPublicKeyByNodeId - setRemoteHost (HOST, publicKey) - _setRemotePublicKey - setRequestTarget (PSF) - sendRequest - _prepareRequest - _encodeRequest($ADAT) - AES::encrypt !! json, base64 - nincs AES :( - _sessionKeyEncode - _curlGet --> response - _decodeRequest !! jelenleg csak json... - _sessionKeyDecode - json_decode - AES::decrypt -*/ - - function getSslKeyPair() { - $q = "SELECT * FROM mayorSsl"; - $r = db_query($q, array('fv'=>'getSslKeyPair','modul'=>'login','result'=>'record')); - if ($r=='') { - $SSLKeyPair = generateSSLKeyPair(); - $secret = sha1(mt_rand(100000000000000,999999999999999)); - $q = "INSERT INTO mayorSsl (privateKey,publicKey,secret) VALUES ('%s','%s','%s')"; - $values = array($SSLKeyPair['privateKey'],$SSLKeyPair['publicKey'],$secret); - $r = db_query($q, array('fv'=>'getSslKeyPair','modul'=>'login', 'values'=>$values)); - return $SSLKeyPair; - } else { - return $r; - } - } - - function generateSSLKeyPair() { - $SSL_KEY_PAIR=openssl_pkey_new(); - // Get private key - openssl_pkey_export($SSL_KEY_PAIR, $privatekey); - // Get public key - $publickey=openssl_pkey_get_details($SSL_KEY_PAIR); - $publickey=$publickey["key"]; - return array('fv'=>'geneateSslKeyPair','privateKey'=>$privatekey,'publicKey'=>$publickey); - } - function setNodeId($nodeId, $publicKey) { - $q = "UPDATE mayorSsl SET nodeId=%u where publicKey='%s'"; - $v = array($nodeId, $publicKey); - return db_query($q, array('debug'=>false,'fv'=>'setNodeId','modul'=>'login', 'values'=>$v)); - } - - function getSslPublicKey() { - $SSLKeyPair = getSslKeyPair(); - return $SSLKeyPair['publicKey']; - } - - function getSslPublicKeyByNodeId($nodeId) { - if (is_numeric($nodeId)) { - $q = "SELECT publicKey FROM mayorKeychain WHERE valid=1 AND nodeId='%u'"; - $values = array($nodeId); - $result = db_query($q, array('debug'=>false,'fv'=>'getSslPublicKeyByNodeId','modul'=>'login', 'values'=>$values,'result'=>'value')); - if ($result=='') return false; - else return $result; - } else { - return false; - } - } - - function getPublicDataFromLocalKeychain($nodeId) { - if (is_numeric($nodeId)) { - // lekérdezés a helyi adatbázisból - $q = "SELECT * FROM mayorKeychain WHERE valid=1 AND nodeId='%u'"; - $values = array($nodeId); - $result = db_query($q, array('debug'=>false,'fv'=>'getPublicDataFromLocalKeychain','modul'=>'login', 'values'=>$values,'result'=>'record')); - if ($result=='') return false; - else return $result; - } elseif (is_null($nodeId)) { - // Az összes eltárolt node adatának lekérdezése - $q = "SELECT * FROM mayorKeychain WHERE valid=1 ORDER BY nodeTipus DESC, nev"; - $result = db_query($q, array('debug'=>false,'fv'=>'getPublicDataFromLocalKeychain','modul'=>'login','result'=>'indexed')); - if ($result=='') return false; - else return $result; - } - } - - function addPublicDataToLocalKeychain($DATA) { - // egy új rekord felvétele... - $fields = array_keys($DATA); - $values = array_values($DATA); - $q = "INSERT INTO mayorKeychain (".implode(',', array_fill(0, count($fields), "%s")).") VALUES (".implode(',', array_fill(0, count($values), "'%s'")).")"; - $v = array_merge($fields, $values); - $r = db_query($q, array('debug'=>false,'func'=>'addPublicDataToLocalKeychain','modul'=>'login','values'=>$v,'result'=>'insert')); - return $r; - } - function removeNodeFromLocalKeychain($nodeId) { - $q = "DELETE FROM mayorKeychain WHERE nodeId=%u"; - $v = array($nodeId); - $r = db_query($q, array('debug'=>false,'func'=>'removeNodeFromLocalKeychain','modul'=>'login','values'=>$v)); - return $r; - } - function sendPublicRequest($data) { - if (defined('_DEVEL') && _DEVEL===true) $host = 'localhost'; - else $host = 'www.mayor.hu'; - $url = "https://$host/index.php?page=portal&sub=regisztracio&f=regisztracio&skin=ajax"; - $salt_name='MS_'.sha1('portal_regisztracio_regisztracio'); - $ch = curl_init(); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // a választ feldolgozzuk - curl_setopt($ch, CURLOPT_URL, $url); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYSTATUS, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // a helyi gépen nekem ez kellett :( - curl_setopt($ch, CURLOPT_HEADER, 0); -// curl_setopt($ch, CURLOPT_TIMEOUT,60); - curl_setopt($ch, CURLOPT_USERAGENT, "MaYoR-registration (php; cURL)"); - curl_setopt($ch, CURLOPT_VERBOSE, true); - // Cookie - curl_setopt($ch, CURLOPT_COOKIE, $salt_name.'=portal_regisztracio_regisztracio'); - // POST - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); - - $response = curl_exec($ch); - $INFO = curl_getinfo($ch); // ha kell - if ($INFO['http_code'] == 200) { // minden ok - //dump($INFO['url']); - //dump("response:",$response); - } else { - echo 'URL'; - dump($INFO['http_code'],$response,$INFO); - throw new Exception($INFO['http_code']); - } - curl_close($ch); - - return $response; - } - -//function base64url_encode($data) { -// return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); -//} -//function base64url_decode($data) { -// return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); -//} -function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') -{ - $str = ''; - $max = mb_strlen($keyspace, '8bit') - 1; - for ($i = 0; $i < $length; ++$i) { - $str .= $keyspace[random_int(0, $max)]; - } - return $str; -} - /* symmetric cryptographic module */ - class AES { - - public function __construct() { } - public function encrypt($data, $key) { - $data = urlencode($data); - -// $return = $data; -// $return = $key . $data; -// $return = openssl_encrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA); -// $return = db_query("SELECT aes_encrypt('%s','%s')",array('fv'=>'class AES','result'=>'value','modul'=>'login','values'=>array($data,$key))); - - if (function_exists('mcrypt_encrypt')) { - $return = mcrypt_encrypt(MCRYPT_RIJNDAEL_128,$key,$data,MCRYPT_MODE_CBC,"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); - } else { - $_SESSION['alert'][] = 'info:mcrypt függvény nem található (tipp! telepítsd a php5-mcrypt csomagot a szerverre)'; - } - return base64_encode($return); - } - public function decrypt($data,$key) { - $data = base64_decode($data); - -// $return = $data; -// $return = substr($data,strlen($key)); -// $return = openssl_decrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA); -// $return = db_query("SELECT aes_decrypt('%s','%s')",array('fv'=>'class AES','result'=>'value','modul'=>'login','values'=>array($data,$key))); - if (function_exists('mcrypt_decrypt')) { - $return = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$key,$data,MCRYPT_MODE_CBC,"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); - } else { - $_SESSION['alert'][] = 'info:mcrypt függvény nem található (tipp! telepítsd a php5-mcrypt csomagot a szerverre)'; - } - return trim(urldecode($return)); - } - } - - class Interconnect { - - /* A: küldő, B: fogadó használja */ - - private $sessionKey; // egy kommunikációhoz használt session kulcs - private $KP; // a saját kulcspárom - private $nodeId; - private $privateKey; - private $publicKey; - private $remotePublicKey; - private $remoteNodeId; - private $remoteHost; - private $psf; - private $myRequest; // a küldendő kérés (object) - private $myResponse; // a küldendő válasz (object) - private $incomingRequest; // a beérkező kérés (object) - private $incomingResponse; // a beérkező válasz (object) - private $status; // a művelet eredményességéek visszajelzése, hibaok kódja... - private $controllerNodeId = '09862967'; // Ez van jelenleg az adatbázisban... - - /* Konstruktor */ - public function __construct() { - $this->sessionKey = $this->_genSessionKey(); - $this->KP = getSSLKeyPair(); - $this->nodeId = $this->KP['nodeId']; - $this->privateKey = $this->KP['privateKey']; - $this->publicKey = $this->KP['publicKey']; - $this->status = 'ok:created'; - $this->psf = 'page=rpc&f=rpc'; - } - /* Privát metódusok */ -// private function _yconv($get) { -// $get = str_replace(' ','+',$get); // hm. erre miért van szükség??? autokonverzió? -// $get = str_replace('\/','/',$get); // hm. erre miért van szükség??? autokonverzió? -// $get = str_replace('\\','',$get); // hm. erre miért van szükség??? autokonverzió?\"' -// return $get; -// } - private function _curlGet($data) { - $host = $this->remoteHost; - $url = $this->remoteHost."/index.php?skin=rpc&".$this->psf; - //dump('url',$url); - $ch = curl_init(); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // a választ feldolgozzuk - curl_setopt($ch, CURLOPT_URL, $url); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYSTATUS, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // a helyi gépen nekem ez kellett :( - curl_setopt($ch, CURLOPT_HEADER, 0); -// curl_setopt($ch, CURLOPT_TIMEOUT,60); - curl_setopt($ch, CURLOPT_USERAGENT, "MaYoR-interconnect (php; cURL)"); - curl_setopt($ch, CURLOPT_VERBOSE, true); - // POST - $data['senderNodeId'] = $this->nodeId; - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); - - $response = curl_exec($ch); - $INFO = curl_getinfo($ch); // ha kell - if ($INFO['http_code'] == 200) { // minden ok - //dump($INFO['url']); - //dump($response); - } else { - echo 'URL'; - dump($response,$INFO); - throw new Exception($INFO['http_code']); - } - curl_close($ch); - return $response; - } - private function _genSessionKey() { - return base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(),mt_rand(), mt_rand(), mt_rand())); - //return random_str( 32 ); - } - private function _sessionKeyEncode() { - $crypttext = ''; - $res = openssl_public_encrypt($this->sessionKey, $crypttext, $this->remotePublicKey); // majd a távoli publikus kulccal - return base64_encode($crypttext); - } - private function _sessionKeyDecode($in) { - $decodedtext = ''; - $res = openssl_private_decrypt(base64_decode($in), $decodedtext, $this->privateKey); // a saját privát kulccsal - return $decodedtext; - } - private function _genHash($in) { - // hash generálás - return hash('sha256', $in, false); - } - private function _hashEncode($in) { - // a mi privát kulcsunkkal... - $res = openssl_private_encrypt($in, $encodedHash, $this->privateKey); // a saját privát kulccsal - return base64_encode($encodedHash); - } - private function _hashDecode($in) { - // a remotePublic-kal - $res = openssl_public_decrypt(base64_decode($in), $decodedHash, $this->remotePublicKey); // majd a távoli publikus kulccal - return $decodedHash; - } - private function _verifyHash($PACKED) { - return ($this->_genHash($PACKED['details']))===($this->_hashDecode($PACKED['hashEncoded'])); - } - private function _packData($DATA) { // --> array(details|sessionKeyEncoded) - $ADAT['details'] = AES::encrypt(json_encode($DATA),$this->sessionKey); // implicit base64_encode - $ADAT['hashEncoded'] = $this->_hashEncode($this->_genHash($ADAT['details'])); - $ADAT['sessionKeyEncoded'] = $this->_sessionKeyEncode(); // implicit base64_encode - $ADAT['status'] = $this->status; - return $ADAT; - } - private function _unpackData($PACKED) { // packed[details] --> object !! feltesszük, hogy már be van állítva a sessionKey, ellenőrizve van a hash! - return json_decode(AES::decrypt($PACKED['details'],$this->sessionKey), true); - } - private function _encodeRequest($IN = array()) { // HTTP GET paraméter - return urlencode(json_encode($IN)); - } - private function _decodeRequest($IN) { // HTTP GET paraméter - return json_decode($IN, true); - } - private function _encodeResponse($IN=array()) { // HTTP - tartalom - return json_encode($IN); - } - private function _decodeResponse($IN=array()) { // HTTP - tartalom - return json_decode($IN, true); - } - /* Publikus metódusok */ - public function setRequestTarget($target) { - if ($target == 'controller') $this->psf='page=rpc&sub=controller&f=rpc'; - else if ($target == 'naplo') $this->psf='page=rpc&sub=naplo&f=rpc'; - else $this->psf='page=rpc&f=rpc'; // alap funkciók - } - public function getRegistrationDataByNodeId($nodeId) { // feltesszük, hogy valid - $origRemoteNodeId = $this->remoteNodeId; - $this->setRemoteHostByNodeId($this->controllerNodeId); - $ret = $this->sendRequest(array('func'=>'getPublicDataByNodeId', 'nodeId'=>$nodeId)); - $this->setRemoteHostByNodeId($origRemoteNodeId); - - return $ret; - } - public function getPublicDataByNodeId($nodeId) { - if (defined('_DEVEL') && _DEVEL===true) { - // A helyi gép adatait adjuk meg - $ret = array('nodeId'=>$this->nodeId, 'url'=>'https://localhost','publicKey'=>$this->publicKey); - } else { - if ($nodeId == '') $nodeId = $this->controllerNodeId; - // Adott nodeId adatainak lekérdezése a helyi adatbázisból - $ret = getPublicDataFromLocalKeychain($nodeId); - if ($ret === false) { - $RPC = new Interconnect(); - $RPC->setRequestTarget('controller'); - $RPC->setRemoteHostByNodeId($this->controllerNodeId); - $ret2 = $RPC->sendRequest(array('func'=>'getPublicDataByNodeId', 'nodeId'=>$nodeId)); - $ret = $ret2['nodeData']; - foreach (array( - 'regId','dij','utemezes','egyebTamogatas','szamlazasiCim','szamlaHelyseg','szamlaIrsz','szamlaKozteruletNev', - 'szamlaKozteruletJelleg','szamlaHazszam' - ) as $field) { - unset($ret[$field]); - } - if (is_array($ret)) addPublicDataToLocalKeychain($ret); -/* - } elseif (false) { - // Adott nodeId adatainak lekérdezése a www.mayor.hu-tól (controller) Interconnect-tel - $origRemoteNodeId = $this->remoteNodeId; - $origPsf = $this->psf; - $this->setRequestTarget('controller'); - $this->setRemoteHostByNodeId($this->controllerNodeId); - $ret2 = $this->sendRequest(array('func'=>'getPublicDataByNodeId', 'nodeId'=>$nodeId)); - $ret = $ret2['nodeData']; - foreach (array( - 'regId','dij','utemezes','egyebTamogatas','szamlazasiCim','szamlaHelyseg','szamlaIrsz','szamlaKozteruletNev', - 'szamlaKozteruletJelleg','szamlaHazszam' - ) as $field) { - unset($ret[$field]); - } - if (is_array($ret)) addPublicDataToLocalKeychain($ret); - if ($origRemoteNodeId!='') $this->setRemoteHostByNodeId($origRemoteNodeId); - $this->psf = $origPsf; -*/ - } - } - return $ret; - } - public function setRemoteHostByNodeId($nodeId) { - $rData = $this->getPublicDataByNodeId($nodeId); - if (is_array($rData)) { - $this->remoteHost = $rData['url']; - $this->remoteNodeId = $rData['nodeId']; - $this->remotePublicKey = $rData['publicKey']; - $this->status = 'ok:remoteHost'; - } else { - $this->remoteHost = ''; // controller - $this->remoteNodeId = $this->controllerNodeId; - $this->remotePublicKey = $rData['publicKey']; - $this->status = 'ok:remoteHostController'; - } - } - /* A oldal */ - public function sendRequest($ADAT = array()) { - $PACKED = $this->_packData($ADAT); - $this->myRequest = $PACKED; - // $this->myRequest = $this->_encodeRequest($PACKED); - - $response = $this->_curlGet($this->myRequest); - - $decodedResponse = $this->_decodeResponse($response); - if ($this->sessionKey === $this->_sessionKeyDecode($decodedResponse['sessionKeyEncoded'])) { - if ($this->_verifyHash($decodedResponse)) { - $this->incomingResponse = $this->_unpackData($decodedResponse); - $this->status = 'ok:success response'; - } else { - $this->incomingResponse = false; - $this->status = 'error:wrong response hash'; - } - } else { - $this->status = 'error:wrong response sessionKey ('.($this->sessionKey).' != '.($this->_sessionKeyDecode($decodedResponse['sessionKeyEncoded'])).') response: '.$response; - $this->incomingResponse = false; - } - return $this->incomingResponse; - } - /* B oldal! */ - public function processRequest() { // rights.php - $PACKED = $_POST; - $this->sessionKey = $this->_sessionKeyDecode($PACKED['sessionKeyEncoded']); - if ($this->_verifyHash($PACKED)) { - $this->incomingRequest = $this->_unpackData($PACKED); -openlog("MaYoR", LOG_PID | LOG_PERROR, LOG_LOCAL0); -syslog(LOG_WARNING, "Data unpacked: ".(json_encode($this->incomingRequest))." {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})"); -closelog(); - $this->status = 'ok:success request'; - } else { - $this->incomingRequest = false; - $this->status = 'error:wrong request hash'; - } - return $this->incomingRequest; - } - public function setResponse($DATA) { // ez kell a pre-be - $this->myResponse = $this->_encodeResponse($this->_packData($DATA)); - } - public function sendResponse() { // skin=rpc - csak ki kell írnunk az elküldendő adatsort - ezt a skin csinálja - echo $this->myResponse; - } - public function getIncomingRequest() { return $this->incomingRequest; } // a pre-ben - - public function getPublicKey() { return $this->publicKey; } - public function getSessionKey() { return $this->sessionKey; } - public function getStatus() { return $this->status; } - public function getRemoteNodeId() { return $this->remoteNodeId; } - public function getControllerNodeId() { return $this->controllerNodeId; } - public function getNodeId() { return $this->nodeId; } - } - - -?> -- cgit v1.2.3