getResponse() Küldés: __construct getSSLKeyPair _genSessionKey setRemoteNodeId _setRemotePublicKey getSslPublicKeyByNodeId setRemoteHost (HOST, publicKey) _setRemotePublicKey setRequestTarget (PSF) sendRequest _prepareRequest _encodeRequest($ADAT) AES::encrypt !! json, base64 - nincs AES :( _sessionKeyEncode _curlGet --> response _decodeRequest !! jelenleg csak json... _sessionKeyDecode json_decode - AES::decrypt */ function getSslKeyPair() { $q = "SELECT * FROM mayorSsl"; $r = db_query($q, array('fv'=>'getSslKeyPair','modul'=>'login','result'=>'record')); if ($r=='') { $SSLKeyPair = generateSSLKeyPair(); $secret = sha1(mt_rand(100000000000000,999999999999999)); $q = "INSERT INTO mayorSsl (privateKey,publicKey,secret) VALUES ('%s','%s','%s')"; $values = array($SSLKeyPair['privateKey'],$SSLKeyPair['publicKey'],$secret); $r = db_query($q, array('fv'=>'getSslKeyPair','modul'=>'login', 'values'=>$values)); return $SSLKeyPair; } else { return $r; } } function generateSSLKeyPair() { $SSL_KEY_PAIR=openssl_pkey_new(); // Get private key openssl_pkey_export($SSL_KEY_PAIR, $privatekey); // Get public key $publickey=openssl_pkey_get_details($SSL_KEY_PAIR); $publickey=$publickey["key"]; return array('fv'=>'geneateSslKeyPair','privateKey'=>$privatekey,'publicKey'=>$publickey); } function setNodeId($nodeId, $publicKey) { $q = "UPDATE mayorSsl SET nodeId=%u where publicKey='%s'"; $v = array($nodeId, $publicKey); return db_query($q, array('debug'=>false,'fv'=>'setNodeId','modul'=>'login', 'values'=>$v)); } function getSslPublicKey() { $SSLKeyPair = getSslKeyPair(); return $SSLKeyPair['publicKey']; } function getSslPublicKeyByNodeId($nodeId) { if (is_numeric($nodeId)) { $q = "SELECT publicKey FROM mayorKeychain WHERE valid=1 AND nodeId='%u'"; $values = array($nodeId); $result = db_query($q, array('debug'=>false,'fv'=>'getSslPublicKeyByNodeId','modul'=>'login', 'values'=>$values,'result'=>'value')); if ($result=='') return false; else return $result; } else { return false; } } function getPublicDataFromLocalKeychain($nodeId) { if (is_numeric($nodeId)) { // lekérdezés a helyi adatbázisból $q = "SELECT * FROM mayorKeychain WHERE valid=1 AND nodeId='%u'"; $values = array($nodeId); $result = db_query($q, array('debug'=>false,'fv'=>'getPublicDataFromLocalKeychain','modul'=>'login', 'values'=>$values,'result'=>'record')); if ($result=='') return false; else return $result; } elseif (is_null($nodeId)) { // Az összes eltárolt node adatának lekérdezése $q = "SELECT * FROM mayorKeychain WHERE valid=1 ORDER BY nodeTipus DESC, nev"; $result = db_query($q, array('debug'=>false,'fv'=>'getPublicDataFromLocalKeychain','modul'=>'login','result'=>'indexed')); if ($result=='') return false; else return $result; } } function addPublicDataToLocalKeychain($DATA) { // egy új rekord felvétele... $fields = array_keys($DATA); $values = array_values($DATA); $q = "INSERT INTO mayorKeychain (".implode(',', array_fill(0, count($fields), "%s")).") VALUES (".implode(',', array_fill(0, count($values), "'%s'")).")"; $v = array_merge($fields, $values); $r = db_query($q, array('debug'=>false,'func'=>'addPublicDataToLocalKeychain','modul'=>'login','values'=>$v,'result'=>'insert')); return $r; } function removeNodeFromLocalKeychain($nodeId) { $q = "DELETE FROM mayorKeychain WHERE nodeId=%u"; $v = array($nodeId); $r = db_query($q, array('debug'=>false,'func'=>'removeNodeFromLocalKeychain','modul'=>'login','values'=>$v)); return $r; } function sendPublicRequest($data) { if (defined('_DEVEL') && _DEVEL===true) $host = 'localhost'; else $host = 'www.mayor.hu'; $url = "https://$host/index.php?page=portal&sub=regisztracio&f=regisztracio&skin=ajax"; $salt_name='MS_'.sha1('portal_regisztracio_regisztracio'); $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // a választ feldolgozzuk curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYSTATUS, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // a helyi gépen nekem ez kellett :( curl_setopt($ch, CURLOPT_HEADER, 0); // curl_setopt($ch, CURLOPT_TIMEOUT,60); curl_setopt($ch, CURLOPT_USERAGENT, "MaYoR-registration (php; cURL)"); curl_setopt($ch, CURLOPT_VERBOSE, true); // Cookie curl_setopt($ch, CURLOPT_COOKIE, $salt_name.'=portal_regisztracio_regisztracio'); // POST curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); $response = curl_exec($ch); $INFO = curl_getinfo($ch); // ha kell if ($INFO['http_code'] == 200) { // minden ok //dump($INFO['url']); //dump("response:",$response); } else { echo 'URL'; dump($INFO['http_code'],$response,$INFO); throw new Exception($INFO['http_code']); } curl_close($ch); return $response; } //function base64url_encode($data) { // return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); //} //function base64url_decode($data) { // return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); //} function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') { $str = ''; $max = mb_strlen($keyspace, '8bit') - 1; for ($i = 0; $i < $length; ++$i) { $str .= $keyspace[random_int(0, $max)]; } return $str; } /* symmetric cryptographic module */ class AES { public function __construct() { } public function encrypt($data, $key) { $data = urlencode($data); // $return = $data; // $return = $key . $data; // $return = openssl_encrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA); // $return = db_query("SELECT aes_encrypt('%s','%s')",array('fv'=>'class AES','result'=>'value','modul'=>'login','values'=>array($data,$key))); if (function_exists('mcrypt_encrypt')) { $return = mcrypt_encrypt(MCRYPT_RIJNDAEL_128,$key,$data,MCRYPT_MODE_CBC,"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); } else { $return = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); // $return = openssl_decrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); //$_SESSION['alert'][] = 'info:mcrypt függvény nem található (tipp! telepítsd a php5-mcrypt csomagot a szerverre)'; } return base64_encode($return); } public function decrypt($data,$key) { $data = base64_decode($data); // $return = $data; // $return = substr($data,strlen($key)); // $return = openssl_decrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA); // $return = db_query("SELECT aes_decrypt('%s','%s')",array('fv'=>'class AES','result'=>'value','modul'=>'login','values'=>array($data,$key))); if (function_exists('mcrypt_decrypt')) { $return = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$key,$data,MCRYPT_MODE_CBC,"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); } else { // $return = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); $return = openssl_decrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); // $_SESSION['alert'][] = 'info:mcrypt függvény nem található (tipp! telepítsd a php5-mcrypt csomagot a szerverre)'; } return trim(urldecode($return)); } } class Interconnect { /* A: küldő, B: fogadó használja */ private $sessionKey; // egy kommunikációhoz használt session kulcs private $KP; // a saját kulcspárom private $nodeId; private $privateKey; private $publicKey; private $remotePublicKey; private $remoteNodeId; private $remoteHost; private $psf; private $myRequest; // a küldendő kérés (object) private $myResponse; // a küldendő válasz (object) private $incomingRequest; // a beérkező kérés (object) private $incomingResponse; // a beérkező válasz (object) private $status; // a művelet eredményességéek visszajelzése, hibaok kódja... private $controllerNodeId = '09862967'; // Ez van jelenleg az adatbázisban... /* Konstruktor */ public function __construct() { $this->sessionKey = $this->_genSessionKey(); $this->KP = getSSLKeyPair(); $this->nodeId = $this->KP['nodeId']; $this->privateKey = $this->KP['privateKey']; $this->publicKey = $this->KP['publicKey']; $this->status = 'ok:created'; $this->psf = 'page=rpc&f=rpc'; } /* Privát metódusok */ // private function _yconv($get) { // $get = str_replace(' ','+',$get); // hm. erre miért van szükség??? autokonverzió? // $get = str_replace('\/','/',$get); // hm. erre miért van szükség??? autokonverzió? // $get = str_replace('\\','',$get); // hm. erre miért van szükség??? autokonverzió?\"' // return $get; // } private function _curlGet($data) { $host = $this->remoteHost; $url = $this->remoteHost."/index.php?skin=rpc&".$this->psf; //dump('url',$url); $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // a választ feldolgozzuk curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYSTATUS, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // a helyi gépen nekem ez kellett :( curl_setopt($ch, CURLOPT_HEADER, 0); // curl_setopt($ch, CURLOPT_TIMEOUT,60); curl_setopt($ch, CURLOPT_USERAGENT, "MaYoR-interconnect (php; cURL)"); curl_setopt($ch, CURLOPT_VERBOSE, true); // POST $data['senderNodeId'] = $this->nodeId; curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); $response = curl_exec($ch); $INFO = curl_getinfo($ch); // ha kell if ($INFO['http_code'] == 200) { // minden ok //dump($INFO['url']); //dump($response); } else { echo 'URL'; dump($response,$INFO); throw new Exception($INFO['http_code']); } curl_close($ch); return $response; } private function _genSessionKey() { return base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(),mt_rand(), mt_rand(), mt_rand())); //return random_str( 32 ); } private function _sessionKeyEncode() { $crypttext = ''; $res = openssl_public_encrypt($this->sessionKey, $crypttext, $this->remotePublicKey); // majd a távoli publikus kulccal return base64_encode($crypttext); } private function _sessionKeyDecode($in) { $decodedtext = ''; $res = openssl_private_decrypt(base64_decode($in), $decodedtext, $this->privateKey); // a saját privát kulccsal return $decodedtext; } private function _genHash($in) { // hash generálás return hash('sha256', $in, false); } private function _hashEncode($in) { // a mi privát kulcsunkkal... $res = openssl_private_encrypt($in, $encodedHash, $this->privateKey); // a saját privát kulccsal return base64_encode($encodedHash); } private function _hashDecode($in) { // a remotePublic-kal $res = openssl_public_decrypt(base64_decode($in), $decodedHash, $this->remotePublicKey); // majd a távoli publikus kulccal return $decodedHash; } private function _verifyHash($PACKED) { return ($this->_genHash($PACKED['details']))===($this->_hashDecode($PACKED['hashEncoded'])); } private function _packData($DATA) { // --> array(details|sessionKeyEncoded) $ADAT['details'] = AES::encrypt(json_encode($DATA),$this->sessionKey); // implicit base64_encode $ADAT['hashEncoded'] = $this->_hashEncode($this->_genHash($ADAT['details'])); $ADAT['sessionKeyEncoded'] = $this->_sessionKeyEncode(); // implicit base64_encode $ADAT['status'] = $this->status; return $ADAT; } private function _unpackData($PACKED) { // packed[details] --> object !! feltesszük, hogy már be van állítva a sessionKey, ellenőrizve van a hash! return json_decode(AES::decrypt($PACKED['details'],$this->sessionKey), true); } private function _encodeRequest($IN = array()) { // HTTP GET paraméter return urlencode(json_encode($IN)); } private function _decodeRequest($IN) { // HTTP GET paraméter return json_decode($IN, true); } private function _encodeResponse($IN=array()) { // HTTP - tartalom return json_encode($IN); } private function _decodeResponse($IN=array()) { // HTTP - tartalom return json_decode($IN, true); } /* Publikus metódusok */ public function setRequestTarget($target) { if ($target == 'controller') $this->psf='page=rpc&sub=controller&f=rpc'; else if ($target == 'naplo') $this->psf='page=rpc&sub=naplo&f=rpc'; else $this->psf='page=rpc&f=rpc'; // alap funkciók } public function getRegistrationDataByNodeId($nodeId) { // feltesszük, hogy valid $origRemoteNodeId = $this->remoteNodeId; $this->setRemoteHostByNodeId($this->controllerNodeId); $ret = $this->sendRequest(array('func'=>'getPublicDataByNodeId', 'nodeId'=>$nodeId)); $this->setRemoteHostByNodeId($origRemoteNodeId); return $ret; } public function getPublicDataByNodeId($nodeId) { if (defined('_DEVEL') && _DEVEL===true) { // A helyi gép adatait adjuk meg $ret = array('nodeId'=>$this->nodeId, 'url'=>'https://localhost','publicKey'=>$this->publicKey); } else { if ($nodeId == '') $nodeId = $this->controllerNodeId; // Adott nodeId adatainak lekérdezése a helyi adatbázisból $ret = getPublicDataFromLocalKeychain($nodeId); if ($ret === false) { $RPC = new Interconnect(); $RPC->setRequestTarget('controller'); $RPC->setRemoteHostByNodeId($this->controllerNodeId); $ret2 = $RPC->sendRequest(array('func'=>'getPublicDataByNodeId', 'nodeId'=>$nodeId)); $ret = $ret2['nodeData']; foreach (array( 'regId','dij','utemezes','egyebTamogatas','szamlazasiCim','szamlaHelyseg','szamlaIrsz','szamlaKozteruletNev', 'szamlaKozteruletJelleg','szamlaHazszam' ) as $field) { unset($ret[$field]); } if (is_array($ret)) addPublicDataToLocalKeychain($ret); /* } elseif (false) { // Adott nodeId adatainak lekérdezése a www.mayor.hu-tól (controller) Interconnect-tel $origRemoteNodeId = $this->remoteNodeId; $origPsf = $this->psf; $this->setRequestTarget('controller'); $this->setRemoteHostByNodeId($this->controllerNodeId); $ret2 = $this->sendRequest(array('func'=>'getPublicDataByNodeId', 'nodeId'=>$nodeId)); $ret = $ret2['nodeData']; foreach (array( 'regId','dij','utemezes','egyebTamogatas','szamlazasiCim','szamlaHelyseg','szamlaIrsz','szamlaKozteruletNev', 'szamlaKozteruletJelleg','szamlaHazszam' ) as $field) { unset($ret[$field]); } if (is_array($ret)) addPublicDataToLocalKeychain($ret); if ($origRemoteNodeId!='') $this->setRemoteHostByNodeId($origRemoteNodeId); $this->psf = $origPsf; */ } } return $ret; } public function setRemoteHostByNodeId($nodeId) { $rData = $this->getPublicDataByNodeId($nodeId); if (is_array($rData)) { $this->remoteHost = $rData['url']; $this->remoteNodeId = $rData['nodeId']; $this->remotePublicKey = $rData['publicKey']; $this->status = 'ok:remoteHost'; } else { $this->remoteHost = ''; // controller $this->remoteNodeId = $this->controllerNodeId; $this->remotePublicKey = $rData['publicKey']; $this->status = 'ok:remoteHostController'; } } /* A oldal */ public function sendRequest($ADAT = array()) { $PACKED = $this->_packData($ADAT); $this->myRequest = $PACKED; // $this->myRequest = $this->_encodeRequest($PACKED); $response = $this->_curlGet($this->myRequest); $decodedResponse = $this->_decodeResponse($response); if ($this->sessionKey === $this->_sessionKeyDecode($decodedResponse['sessionKeyEncoded'])) { if ($this->_verifyHash($decodedResponse)) { $this->incomingResponse = $this->_unpackData($decodedResponse); $this->status = 'ok:success response'; } else { $this->incomingResponse = false; $this->status = 'error:wrong response hash'; } } else { $this->status = 'error:wrong response sessionKey ('.($this->sessionKey).' != '.($this->_sessionKeyDecode($decodedResponse['sessionKeyEncoded'])).') response: '.$response; $this->incomingResponse = false; } return $this->incomingResponse; } /* B oldal! */ public function processRequest() { // rights.php $PACKED = $_POST; $this->sessionKey = $this->_sessionKeyDecode($PACKED['sessionKeyEncoded']); if ($this->_verifyHash($PACKED)) { $this->incomingRequest = $this->_unpackData($PACKED); openlog("MaYoR", LOG_PID | LOG_PERROR, LOG_LOCAL0); syslog(LOG_WARNING, "Data unpacked: ".(json_encode($this->incomingRequest))." {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})"); closelog(); $this->status = 'ok:success request'; } else { $this->incomingRequest = false; $this->status = 'error:wrong request hash'; } return $this->incomingRequest; } public function setResponse($DATA) { // ez kell a pre-be $this->myResponse = $this->_encodeResponse($this->_packData($DATA)); } public function sendResponse() { // skin=rpc - csak ki kell írnunk az elküldendő adatsort - ezt a skin csinálja echo $this->myResponse; } public function getIncomingRequest() { return $this->incomingRequest; } // a pre-ben public function getPublicKey() { return $this->publicKey; } public function getSessionKey() { return $this->sessionKey; } public function getStatus() { return $this->status; } public function getRemoteNodeId() { return $this->remoteNodeId; } public function getControllerNodeId() { return $this->controllerNodeId; } public function getNodeId() { return $this->nodeId; } } ?>