From 7d83b7234e80a2fe8fe8d914381f89ebdc63ce7e Mon Sep 17 00:00:00 2001 From: root Date: Sat, 3 Dec 2022 04:09:44 +0100 Subject: [PATCH] Require PHPSecLib --- composer.json | 3 +- composer.lock | 229 +++++++++++++++++++++++++++++++++++- index.php | 4 + src/Cave/Cave.php | 26 +++- src/Cave/CaveController.php | 32 +++++ 5 files changed, 290 insertions(+), 4 deletions(-) create mode 100644 src/Cave/CaveController.php diff --git a/composer.json b/composer.json index 6a5c274..3112633 100644 --- a/composer.json +++ b/composer.json @@ -9,7 +9,8 @@ "gac/routing": "dev-main", "twig/twig": "^3.0", "ext-json": "*", - "161sh/seriousjson": "@dev" + "161sh/seriousjson": "@dev", + "phpseclib/phpseclib": "~3.0" }, "require-dev": { "phpunit/phpunit": "^8" diff --git a/composer.lock b/composer.lock index 9f2879f..19af8b2 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d5fef76f306691ffbfa0e708d2513deb", + "content-hash": "e4f04ba7a46f1b0192e64baac5bdb5df", "packages": [ { "name": "161sh/seriousjson", @@ -107,6 +107,233 @@ ], "time": "2022-10-01T10:24:00+00:00" }, + { + "name": "paragonie/constant_time_encoding", + "version": "v2.6.3", + "source": { + "type": "git", + "url": "https://github.com/paragonie/constant_time_encoding.git", + "reference": "58c3f47f650c94ec05a151692652a868995d2938" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/58c3f47f650c94ec05a151692652a868995d2938", + "reference": "58c3f47f650c94ec05a151692652a868995d2938", + "shasum": "" + }, + "require": { + "php": "^7|^8" + }, + "require-dev": { + "phpunit/phpunit": "^6|^7|^8|^9", + "vimeo/psalm": "^1|^2|^3|^4" + }, + "type": "library", + "autoload": { + "psr-4": { + "ParagonIE\\ConstantTime\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com", + "role": "Maintainer" + }, + { + "name": "Steve 'Sc00bz' Thomas", + "email": "steve@tobtu.com", + "homepage": "https://www.tobtu.com", + "role": "Original Developer" + } + ], + "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)", + "keywords": [ + "base16", + "base32", + "base32_decode", + "base32_encode", + "base64", + "base64_decode", + "base64_encode", + "bin2hex", + "encoding", + "hex", + "hex2bin", + "rfc4648" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/constant_time_encoding/issues", + "source": "https://github.com/paragonie/constant_time_encoding" + }, + "time": "2022-06-14T06:56:20+00:00" + }, + { + "name": "paragonie/random_compat", + "version": "v9.99.100", + "source": { + "type": "git", + "url": "https://github.com/paragonie/random_compat.git", + "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a", + "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a", + "shasum": "" + }, + "require": { + "php": ">= 7" + }, + "require-dev": { + "phpunit/phpunit": "4.*|5.*", + "vimeo/psalm": "^1" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + }, + "type": "library", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "polyfill", + "pseudorandom", + "random" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/random_compat/issues", + "source": "https://github.com/paragonie/random_compat" + }, + "time": "2020-10-15T08:29:30+00:00" + }, + { + "name": "phpseclib/phpseclib", + "version": "3.0.x-dev", + "source": { + "type": "git", + "url": "https://github.com/phpseclib/phpseclib.git", + "reference": "68aa48de66c80d096fb414891e8abc1e78c1f552" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/68aa48de66c80d096fb414891e8abc1e78c1f552", + "reference": "68aa48de66c80d096fb414891e8abc1e78c1f552", + "shasum": "" + }, + "require": { + "paragonie/constant_time_encoding": "^1|^2", + "paragonie/random_compat": "^1.4|^2.0|^9.99.99", + "php": ">=5.6.1" + }, + "require-dev": { + "phpunit/phpunit": "*" + }, + "suggest": { + "ext-dom": "Install the DOM extension to load XML formatted public keys.", + "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.", + "ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.", + "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.", + "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations." + }, + "type": "library", + "autoload": { + "files": [ + "phpseclib/bootstrap.php" + ], + "psr-4": { + "phpseclib3\\": "phpseclib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jim Wigginton", + "email": "terrafrost@php.net", + "role": "Lead Developer" + }, + { + "name": "Patrick Monnerat", + "email": "pm@datasphere.ch", + "role": "Developer" + }, + { + "name": "Andreas Fischer", + "email": "bantu@phpbb.com", + "role": "Developer" + }, + { + "name": "Hans-Jürgen Petrich", + "email": "petrich@tronic-media.com", + "role": "Developer" + }, + { + "name": "Graham Campbell", + "email": "graham@alt-three.com", + "role": "Developer" + } + ], + "description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.", + "homepage": "http://phpseclib.sourceforge.net", + "keywords": [ + "BigInteger", + "aes", + "asn.1", + "asn1", + "blowfish", + "crypto", + "cryptography", + "encryption", + "rsa", + "security", + "sftp", + "signature", + "signing", + "ssh", + "twofish", + "x.509", + "x509" + ], + "support": { + "issues": "https://github.com/phpseclib/phpseclib/issues", + "source": "https://github.com/phpseclib/phpseclib/tree/3.0" + }, + "funding": [ + { + "url": "https://github.com/terrafrost", + "type": "github" + }, + { + "url": "https://www.patreon.com/phpseclib", + "type": "patreon" + }, + { + "url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib", + "type": "tidelift" + } + ], + "time": "2022-11-29T12:09:31+00:00" + }, { "name": "symfony/polyfill-ctype", "version": "dev-main", diff --git a/index.php b/index.php index 92e014c..5ff289c 100644 --- a/index.php +++ b/index.php @@ -28,6 +28,7 @@ $twig = new \Twig\Environment($loader, [ $data = new JsonDatabase(__DIR__ . DIRECTORY_SEPARATOR . 'data'); $tor = new Tor(); $api = new Api(); +$cave = new Cave(); try { // Initialize Database @@ -39,6 +40,9 @@ try { // Initialize Tor API in order to register routes $api->init(); + // Initialize CA Endpoint + $cave->init(); + // Handle routes $routes->handle(); } catch (RouteNotFoundException $ex) { diff --git a/src/Cave/Cave.php b/src/Cave/Cave.php index 3a46a67..18c959f 100644 --- a/src/Cave/Cave.php +++ b/src/Cave/Cave.php @@ -2,10 +2,32 @@ namespace Cave; +use Cave\CaveController; +use Gac\Routing\Request; + class Cave { public function init() { - // Push Routes - return "Hello World"; + global $routes; + + // Respond with supported legacy versions and current version of API + $routes->add('/cave', function (Request $request) { + $request->status(200, 'OK') + ->send([ 'result' => 'ok', 'legacy' => [], 'version' => ['v1'] ]); + }); + + $routes->add('/cave/v1', function (Request $request) { + $request->status(200, 'OK') + ->send([ 'result' => 'unauthorized' ]); + }); + + // Sign a certificate using the CA + $routes->add('/cave/v1/sign/', [ CaveController::class, 'sign' ]); + + // Internal: Fetch full PEM file for serial + $routes->add('/cave/v1/fetch/{serial}', [ CaveController::class, 'fetch' ]); + + // Internal: Revoke Certificate with given serial + $routes->add('/cave/v1/revoke/{serial}', [ CaveController::class, 'revoke' ]); } } ?> diff --git a/src/Cave/CaveController.php b/src/Cave/CaveController.php new file mode 100644 index 0000000..3060225 --- /dev/null +++ b/src/Cave/CaveController.php @@ -0,0 +1,32 @@ +status(200, 'OK') + ->send([ 'result' => 'signed' ]); + } + + function fetch(\Gac\Routing\Request $request, $serial) { + $request->status(200, 'OK') + ->send([ 'result' => 'ok' ]); + } + + function revoke(\Gac\Routing\Request $request, $serial) { + $request->status(200, 'OK') + ->send([ 'result' => 'revoked' ]); + } + + // Default response if no action is defined + function response(\Gac\Routing\Request $request) { + $request->status(200, 'OK') + ->send([ 'result' => 'ok' ]); + } + +} \ No newline at end of file