forked from syseleven/shared-secrets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathread.php
110 lines (100 loc) · 4.43 KB
/
read.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
# prevent direct access
if (!defined("SYS11_SECRETS")) {
die("");
}
function read_secret($secret, &$error = null)
{
$result = null;
$error = false;
# only proceed when the share-only mode is not enabled
if (!SHARE_ONLY) {
# handle secret decoding
//$secret = parse_secret_url($secret);
$decoded_secret = base64_decode(url_base64_decode(apache_bugfix_decode($secret)), true);
# only proceed when the secret is not empty
if (!empty($decoded_secret)) {
$keys = array_keys(RSA_PRIVATE_KEYS);
$recipients = [];
foreach ($keys as $key) {
if (is_privkey(RSA_PRIVATE_KEYS[$key])) {
# open the private key
$privkey = open_privkey(RSA_PRIVATE_KEYS[$key]);
if (null !== $privkey) {
$recipients[] = $privkey;
}
}
}
if (0 < count($recipients)) {
try {
$decrypted_secret = decrypt_v01($decoded_secret, $recipients, $decrypt_error, $keyid, $fingerprint);
} finally {
# prevent deprecation notice in PHP 8.0 and above
if (0 > version_compare(PHP_VERSION, "8.0.0")) {
$keys = array_keys($recipients);
foreach ($keys as $key) {
openssl_pkey_free($recipients[$key]);
}
}
zeroize_array($recipients);
}
if (null !== $decrypted_secret) {
if ($link = mysqli_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASS, MYSQL_DB, MYSQL_PORT)) {
try {
if ($statement = mysqli_prepare($link, MYSQL_WRITE_USE)) {
$fingerprint = bin2hex($fingerprint);
$keyid = bin2hex($keyid);
if (mysqli_stmt_bind_param($statement, "sss", $keyid, $fingerprint, $secret)) {
if (mysqli_stmt_execute($statement)) {
if (1 === mysqli_affected_rows($link)) {
$result = $decrypted_secret;
} else {
$error = print_r($secret, true);
}
} else {
if (DEBUG_MODE) {
$error = "Insert statement could not be executed";
}
}
} else {
if (DEBUG_MODE) {
$error = "Insert statement parameters could not be bound.";
}
}
} else {
if (DEBUG_MODE) {
$error = "Insert statement could not be prepared.";
}
}
} finally {
mysqli_close($link);
}
} else {
if (DEBUG_MODE) {
$error = "Database connection could not be established.";
}
}
} else {
if (DEBUG_MODE) {
$error = "Decryption failed: $decrypt_error";
}
}
} else {
if (DEBUG_MODE) {
$error = "Private key could not be read.";
}
}
} else {
if (DEBUG_MODE) {
$error = "The secret must not be empty.";
}
}
} else {
$error = "The retrieval of secret sharing links is disabled.";
}
# set default error if non is given
if ((null === $result) && (false === $error)) {
$error = "An unknown error occured.";
}
return $result;
}