Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/phabricator
 Path: blob/master/src/applications/auth/management/PhabricatorAuthManagementCachePKCS8Workflow.php
12256 views
1
<?php

2


3
final class PhabricatorAuthManagementCachePKCS8Workflow

4
  extends PhabricatorAuthManagementWorkflow {

5


6
  protected function didConstruct() {

7
    $this

8
      ->setName('cache-pkcs8')

9
      ->setExamples('**cache-pkcs8** --public __keyfile__ --pkcs8 __keyfile__')

10
      ->setSynopsis(

11
        pht(

12
          'Cache the PKCS8 format of a public key. When developing on OSX, '.

13
          'this can be used to work around issues with ssh-keygen. Use '.

14
          '`%s` to generate a PKCS8 key to feed to this command.',

15
          'ssh-keygen -e -m PKCS8 -f key.pub'))

16
      ->setArguments(

17
        array(

18
          array(

19
            'name' => 'public',

20
            'param' => 'keyfile',

21
            'help' => pht('Path to public keyfile.'),

22
          ),

23
          array(

24
            'name' => 'pkcs8',

25
            'param' => 'keyfile',

26
            'help' => pht('Path to corresponding PKCS8 key.'),

27
          ),

28
        ));

29
  }

30


31
  public function execute(PhutilArgumentParser $args) {

32
    $console = PhutilConsole::getConsole();

33


34
    $public_keyfile = $args->getArg('public');

35
    if (!strlen($public_keyfile)) {

36
      throw new PhutilArgumentUsageException(

37
        pht(

38
          'You must specify the path to a public keyfile with %s.',

39
          '--public'));

40
    }

41


42
    if (!Filesystem::pathExists($public_keyfile)) {

43
      throw new PhutilArgumentUsageException(

44
        pht(

45
          'Specified public keyfile "%s" does not exist!',

46
          $public_keyfile));

47
    }

48


49
    $public_key = Filesystem::readFile($public_keyfile);

50


51
    $pkcs8_keyfile = $args->getArg('pkcs8');

52
    if (!strlen($pkcs8_keyfile)) {

53
      throw new PhutilArgumentUsageException(

54
        pht(

55
          'You must specify the path to a pkcs8 keyfile with %s.',

56
          '--pkc8s'));

57
    }

58


59
    if (!Filesystem::pathExists($pkcs8_keyfile)) {

60
      throw new PhutilArgumentUsageException(

61
        pht(

62
          'Specified pkcs8 keyfile "%s" does not exist!',

63
          $pkcs8_keyfile));

64
    }

65


66
    $pkcs8_key = Filesystem::readFile($pkcs8_keyfile);

67


68
    $warning = pht(

69
      'Adding a PKCS8 keyfile to the cache can be very dangerous. If the '.

70
      'PKCS8 file really encodes a different public key than the one '.

71
      'specified, an attacker could use it to gain unauthorized access.'.

72
      "\n\n".

73
      'Generally, you should use this option only in a development '.

74
      'environment where ssh-keygen is broken and it is inconvenient to '.

75
      'fix it, and only if you are certain you understand the risks. You '.

76
      'should never cache a PKCS8 file you did not generate yourself.');

77


78
    $console->writeOut(

79
      "%s\n",

80
      phutil_console_wrap($warning));

81


82
    $prompt = pht('Really trust this PKCS8 keyfile?');

83
    if (!phutil_console_confirm($prompt)) {

84
      throw new PhutilArgumentUsageException(

85
        pht('Aborted workflow.'));

86
    }

87


88
    $key = PhabricatorAuthSSHPublicKey::newFromRawKey($public_key);

89
    $key->forcePopulatePKCS8Cache($pkcs8_key);

90


91
    $console->writeOut(

92
      "%s\n",

93
      pht('Cached PKCS8 key for public key.'));

94


95
    return 0;

96
  }

97


98
}

99


100