add openssl signing support. This adds an extra parameter

for the contents of the exported private key to Phar->setSignatureAlgorithm, and expects the public key to be in
a file named blah.phar.pubkey in the same directory as the phar blah.phar.  This works with openssl static or
shared and fails gracefully if openssl is not present without adding a dependency. config.w32 needs updating to match config.m4 [DOC]

diff --git a/ext/phar/config.m4 b/ext/phar/config.m4
index e7a577d6a8bc53d9a23f5b0b40d3025ecb71c04a..d1263e4de58b6c4102b55480e3706cbf11490d10 100644 (file)
--- a/ext/phar/config.m4
+++ b/ext/phar/config.m4
@@ -8,6 +8,17 @@ if test "$PHP_PHAR" != "no"; then
   PHP_NEW_EXTENSION(phar, util.c tar.c zip.c stream.c func_interceptors.c dirstream.c phar.c phar_object.c phar_path_check.c, $ext_shared)
   PHP_ADD_BUILD_DIR($ext_builddir/lib, 1)
   PHP_SUBST(PHAR_SHARED_LIBADD)
+  AC_MSG_CHECKING([for phar openssl support])
+  if test "$PHP_OPENSSL_SHARED" = "yes"; then
+    AC_MSG_RESULT([no (shared openssl)])
+  else
+    if test "$PHP_OPENSSL" = "yes"; then
+      AC_MSG_RESULT([yes])
+      AC_DEFINE(PHAR_HAVE_OPENSSL,1,[ ])
+    else
+      AC_MSG_RESULT([no])
+    fi
+  fi
   PHP_ADD_EXTENSION_DEP(phar, spl, true)
   PHP_ADD_MAKEFILE_FRAGMENT
 fi

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 27afc67dc74f35d032380740fd00abe96d7352d3..fc7870fe55e4d30ed53c5b10a4c30f1dde73884e 100644 (file)
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -24,6 +24,24 @@
 #include "SAPI.h"
 #include "func_interceptors.h"
 
+#ifdef PHAR_HAVE_OPENSSL
+
+/* OpenSSL includes */
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include <openssl/pkcs12.h>
+
+#endif
+
+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC);
+
 ZEND_DECLARE_MODULE_GLOBALS(phar)
 #if PHP_VERSION_ID >= 50300
 char *(*phar_save_resolve_path)(const char *filename, int filename_len TSRMLS_DC);
@@ -113,6 +131,7 @@ void phar_destroy_phar_data(phar_archive_data *phar TSRMLS_DC) /* {{{ */
        }
        if (phar->signature) {
                efree(phar->signature);
+               phar->signature = NULL;
        }
        if (phar->manifest.arBuckets) {
                zend_hash_destroy(&phar->manifest);
@@ -592,6 +611,7 @@ int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char *alias,
                int read_size, len;
                char sig_buf[8], *sig_ptr = sig_buf;
                off_t read_len;
+               size_t end_of_phar;
 
                if (-1 == php_stream_seek(fp, -8, SEEK_END)
                || (read_len = php_stream_tell(fp)) < 20
@@ -606,6 +626,149 @@ int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char *alias,
                }
                PHAR_GET_32(sig_ptr, sig_flags);
                switch(sig_flags) {
+               case PHAR_SIG_OPENSSL: {
+#ifdef PHAR_HAVE_OPENSSL
+                       BIO *in;
+                       EVP_PKEY *key;
+                       EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
+                       EVP_MD_CTX md_ctx;
+#endif
+                       php_uint32 signature_len, pubkey_len;
+                       char *sig, *pubkey = NULL, *pfile;
+                       off_t whence;
+                       php_stream *pfp;
+                       int tempsig;
+
+                       if (!zend_hash_exists(&module_registry, "openssl", sizeof("openssl"))) {
+                               efree(savebuf);
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl signature cannot be verified, openssl not loaded", fname);
+                               }
+                               return FAILURE;
+                       }
+                       /* we store the signature followed by the signature length */
+                       if (-1 == php_stream_seek(fp, -12, SEEK_CUR)
+                       || 4 != php_stream_read(fp, sig_buf, 4)) {
+                               efree(savebuf);
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl signature length could not be read", fname);
+                               }
+                               return FAILURE;
+                       }
+
+                       sig_ptr = sig_buf;
+                       PHAR_GET_32(sig_ptr, signature_len);
+
+                       sig = (char *)emalloc(signature_len);
+
+                       whence = signature_len + 4;
+                       whence = -whence;
+                       if (-1 == php_stream_seek(fp, whence, SEEK_CUR)
+                       || !(end_of_phar = php_stream_tell(fp))
+                       || signature_len != php_stream_read(fp, sig, signature_len)) {
+                               efree(savebuf);
+                               efree(sig);
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl signature could not be read", fname);
+                               }
+                               return FAILURE;
+                       }
+
+                       /* use __FILE__ . '.pubkey' for public key file */
+                       spprintf(&pfile, 0, "%s.pubkey", fname);
+                       pfp = php_stream_open_wrapper(pfile, "rb", 0, NULL);
+                       efree(pfile);
+                       if (!pfp || !(pubkey_len = php_stream_copy_to_mem(pfp, &pubkey, PHP_STREAM_COPY_ALL, 0)) || !pubkey) {
+                               efree(savebuf);
+                               efree(sig);
+                               if (pubkey) {
+                                       efree(pubkey);
+                               }
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl public key could not be read", fname);
+                               }
+                               return FAILURE;
+                       }
+                       php_stream_close(pfp);
+#ifndef PHAR_HAVE_OPENSSL
+                       tempsig = signature_len;
+                       if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey, pubkey_len, &sig, &tempsig TSRMLS_CC)) {
+                               efree(savebuf);
+                               efree(sig);
+                               if (pubkey) {
+                                       efree(pubkey);
+                               }
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl signature could not be verified", fname);
+                               }
+                               return FAILURE;
+                       }
+                       if (pubkey) {
+                               efree(pubkey);
+                       }
+                       signature_len = tempsig;
+#else
+                       in = BIO_new_mem_buf(pubkey, pubkey_len);
+                       if (NULL == in) {
+                               efree(savebuf);
+                               efree(sig);
+                               efree(pubkey);
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl signature could not be processed", fname);
+                               }
+                               return FAILURE;
+                       }
+                       key = PEM_read_bio_PUBKEY(in, NULL,NULL, NULL);
+                       BIO_free(in);
+                       efree(pubkey);
+                       if (NULL == key) {
+                               efree(savebuf);
+                               efree(sig);
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl signature could not be processed", fname);
+                               }
+                               return FAILURE;
+                       }
+
+                       EVP_VerifyInit(&md_ctx, mdtype);
+
+                       read_len -= signature_len + 4;
+                       if (read_len > sizeof(buf)) {
+                               read_size = sizeof(buf);
+                       } else {
+                               read_size = (int)read_len;
+                       }
+                       php_stream_seek(fp, 0, SEEK_SET);
+                       while (read_size && (len = php_stream_read(fp, (char*)buf, read_size)) > 0) {
+                               EVP_VerifyUpdate (&md_ctx, buf, len);
+                               read_len -= (off_t)len;
+                               if (read_len < read_size) {
+                                       read_size = (int)read_len;
+                               }
+                       }
+                       if (!EVP_VerifyFinal (&md_ctx, (unsigned char *)sig, signature_len, key)) {
+                               EVP_MD_CTX_cleanup(&md_ctx);
+                               efree(sig);
+                               efree(savebuf);
+                               php_stream_close(fp);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" has a broken signature", fname);
+                               }
+                               return FAILURE;
+                       }
+                       EVP_MD_CTX_cleanup(&md_ctx);
+#endif
+                       sig_len = phar_hex_str((const char*)sig, sig_len, &signature);
+                       efree(sig);
+               }
+               break;
 #if HAVE_HASH_EXT
                case PHAR_SIG_SHA512: {
                        unsigned char digest[64], saved[64];
@@ -2078,6 +2241,116 @@ char *phar_create_default_stub(const char *index_php, const char *web_index, siz
        return stub;
 }
 
+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC)
+{
+       zend_fcall_info fci;
+       zend_fcall_info_cache fcc;
+       zval *zdata, *zsig, *zkey, *retval_ptr, **zp[3], *openssl;
+
+       MAKE_STD_ZVAL(zdata);
+       MAKE_STD_ZVAL(openssl);
+       ZVAL_STRINGL(openssl, is_sign ? "openssl_sign" : "openssl_verify", is_sign ? sizeof("openssl_sign")-1 : sizeof("openssl_verify")-1, 1);
+       MAKE_STD_ZVAL(zsig);
+       ZVAL_STRINGL(zsig, *signature, *signature_len, 1);
+       MAKE_STD_ZVAL(zkey);
+       ZVAL_STRINGL(zkey, key, key_len, 1);
+       zp[0] = &zdata;
+       zp[1] = &zsig;
+       zp[2] = &zkey;
+
+       php_stream_rewind(fp);
+       Z_TYPE_P(zdata) = IS_STRING;
+       Z_STRLEN_P(zdata) = end;
+       if (end != (off_t) php_stream_copy_to_mem(fp, &(Z_STRVAL_P(zdata)), (size_t) end, 0)) {
+               zval_dtor(zdata);
+               zval_dtor(zsig);
+               zval_dtor(zkey);
+               return FAILURE;
+       }
+
+#if PHP_VERSION_ID < 50300
+       if (FAILURE == zend_fcall_info_init(openssl, &fci, &fcc TSRMLS_CC)) {
+#else
+       if (FAILURE == zend_fcall_info_init(openssl, 0, &fci, &fcc, NULL, NULL TSRMLS_CC)) {
+#endif
+               zval_dtor(zdata);
+               zval_dtor(zsig);
+               zval_dtor(zkey);
+               zval_dtor(openssl);
+               return FAILURE;
+       }
+       zval_dtor(openssl);
+       efree(openssl);
+
+       fci.param_count = 3;
+       fci.params = zp;
+#if PHP_VERSION_ID < 50300
+       ++(zdata->refcount);
+       ++(zsig->refcount);
+       ++(zkey->refcount);
+#else
+       Z_ADDREF_P(zdata);
+       if (is_sign) {
+               Z_SET_ISREF_P(zsig);
+       } else {
+               Z_ADDREF_P(zsig);
+       }
+       Z_ADDREF_P(zkey);
+#endif
+       fci.retval_ptr_ptr = &retval_ptr;
+
+       if (FAILURE == zend_call_function(&fci, &fcc TSRMLS_CC)) {
+               zval_dtor(zdata);
+               zval_dtor(zsig);
+               zval_dtor(zkey);
+               efree(zdata);
+               efree(zkey);
+               efree(zsig);
+               return FAILURE;
+       }
+#if PHP_VERSION_ID < 50300
+       --(zdata->refcount);
+       --(zsig->refcount);
+       --(zkey->refcount);
+#else
+       Z_DELREF_P(zdata);
+       if (is_sign) {
+               Z_UNSET_ISREF_P(zsig);
+       } else {
+               Z_DELREF_P(zsig);
+       }
+       Z_DELREF_P(zkey);
+#endif
+       zval_dtor(zdata);
+       efree(zdata);
+       zval_dtor(zkey);
+       efree(zkey);
+       switch (Z_TYPE_P(retval_ptr)) {
+               default:
+               case IS_LONG :
+                       zval_dtor(zsig);
+                       efree(zsig);
+                       if (1 == Z_LVAL_P(retval_ptr)) {
+                               efree(retval_ptr);
+                               return SUCCESS;
+                       }
+                       efree(retval_ptr);
+                       return FAILURE;
+               case IS_BOOL :
+                       efree(retval_ptr);
+                       if (Z_BVAL_P(retval_ptr)) {
+                               *signature = estrndup(Z_STRVAL_P(zsig), Z_STRLEN_P(zsig));
+                               *signature_len = Z_STRLEN_P(zsig);
+                               zval_dtor(zsig);
+                               efree(zsig);
+                               return SUCCESS;
+                       }
+                       zval_dtor(zsig);
+                       efree(zsig);
+                       return FAILURE;
+       }
+}
+
 /**
  * Save phar contents to disk
  *
@@ -2621,11 +2894,11 @@ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert,
                unsigned char buf[1024];
                int  sig_flags = 0, sig_len;
                char sig_buf[4];
-
                php_stream_rewind(newfile);
                
                if (phar->signature) {
                        efree(phar->signature);
+                       phar->signature = NULL;
                }
                
                switch(phar->sig_flags) {
@@ -2670,8 +2943,83 @@ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert,
                        }
                        return EOF;
 #endif
-               case PHAR_SIG_PGP:
-                       /* TODO: currently fall back to sha1,later do both */
+               case PHAR_SIG_OPENSSL: {
+                       int siglen;
+                       unsigned char *sigbuf;
+#ifdef PHAR_HAVE_OPENSSL
+                       BIO *in;
+                       EVP_PKEY *key;
+                       EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
+                       EVP_MD_CTX md_ctx;
+                       
+                       if (!zend_hash_exists(&module_registry, "openssl", sizeof("openssl"))) {
+                               if (closeoldfile) {
+                                       php_stream_close(oldfile);
+                               }
+                               php_stream_close(newfile);
+                               if (error) {
+                                       spprintf(error, 0, "phar \"%s\" openssl signature cannot be created, openssl not loaded", phar->fname);
+                               }
+                               return EOF;
+                       }
+                       in = BIO_new_mem_buf(PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len));
+
+                       if (in == NULL) {
+                               if (closeoldfile) {
+                                       php_stream_close(oldfile);
+                               }
+                               php_stream_close(newfile);
+                               if (error) {
+                                       spprintf(error, 0, "unable to write contents of file \"%s\" to new phar \"%s\" with requested openssl signature", entry->filename, phar->fname);
+                               }
+                               return EOF;
+                       }
+                       key = PEM_read_bio_PrivateKey(in, NULL,NULL, "");
+
+                       BIO_free(in);
+                       siglen = EVP_PKEY_size(key);
+                       sigbuf = emalloc(siglen + 1);
+               
+                       EVP_SignInit(&md_ctx, mdtype);
+                       while ((sig_len = php_stream_read(newfile, (char*)buf, sizeof(buf))) > 0) {
+                               EVP_SignUpdate(&md_ctx, buf, sig_len);
+                       }
+                       if (!EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, key)) {
+                               efree(sigbuf);
+                               if (closeoldfile) {
+                                       php_stream_close(oldfile);
+                               }
+                               php_stream_close(newfile);
+                               if (error) {
+                                       spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
+                               }
+                               return EOF;
+                       }
+                       sigbuf[siglen] = '\0';
+                       EVP_MD_CTX_cleanup(&md_ctx);
+#else
+                       sigbuf = NULL;
+                       siglen = 0;
+                       php_stream_seek(newfile, 0, SEEK_END);
+                       if (FAILURE == phar_call_openssl_signverify(1, newfile, php_stream_tell(newfile), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen TSRMLS_CC)) {
+                               if (closeoldfile) {
+                                       php_stream_close(oldfile);
+                               }
+                               php_stream_close(newfile);
+                               if (error) {
+                                       spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
+                               }
+                               return EOF;
+                       }
+#endif
+                       sig_flags |= PHAR_SIG_OPENSSL;
+                       phar->sig_len = phar_hex_str((const char *)sigbuf, siglen, &phar->signature);
+                       php_stream_write(newfile, (char *) sigbuf, siglen);
+                       efree(sigbuf);
+                       phar_set_32(sig_buf, siglen);
+                       php_stream_write(newfile, sig_buf, 4);
+               }
+               break;
                default:
                case PHAR_SIG_SHA1: {
                        unsigned char digest[20];
@@ -3084,6 +3432,7 @@ PHP_MINFO_FUNCTION(phar) /* {{{ */
  */
 static zend_module_dep phar_deps[] = {
        ZEND_MOD_OPTIONAL("apc")
+       ZEND_MOD_OPTIONAL("openssl")
 #if HAVE_SPL
        ZEND_MOD_REQUIRED("spl")
 #endif

diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
index 9005ca84eb2958087ab8b7624492b8116f6afa93..4d8ba8475b2ef5ebfa34517a52e372f09fd0a9af 100755 (executable)
--- a/ext/phar/phar_internal.h
+++ b/ext/phar/phar_internal.h
@@ -103,7 +103,7 @@
 #define PHAR_SIG_SHA1             0x0002
 #define PHAR_SIG_SHA256           0x0003
 #define PHAR_SIG_SHA512           0x0004
-#define PHAR_SIG_PGP              0x0010
+#define PHAR_SIG_OPENSSL          0x0010
 
 /* flags byte for each file adheres to these bitmasks.
    All unused values are reserved */
@@ -171,6 +171,8 @@ ZEND_BEGIN_MODULE_GLOBALS(phar)
        char*       cwd;
        int         cwd_len;
        int         cwd_init;
+       char        *openssl_privatekey;
+       int         openssl_privatekey_len;
 ZEND_END_MODULE_GLOBALS(phar)
 
 ZEND_EXTERN_MODULE_GLOBALS(phar)

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 4ca68a0bcca10363a185725f5d8d12b73d759343..4c9a6e579040ce439eb9cca994f44165852238d7 100755 (executable)
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1251,6 +1251,13 @@ PHP_METHOD(Phar, getSupportedSignatures)
        add_next_index_stringl(return_value, "SHA-256", 7, 1);
        add_next_index_stringl(return_value, "SHA-512", 7, 1);
 #endif
+#if PHAR_HAVE_OPENSSL
+       add_next_index_stringl(return_value, "OpenSSL", 7, 1);
+#else
+       if (zend_hash_exists(&module_registry, "openssl", sizeof("openssl"))) {
+               add_next_index_stringl(return_value, "OpenSSL", 7, 1);
+       }
+#endif
 }
 /* }}} */
 
@@ -2675,7 +2682,7 @@ PHP_METHOD(Phar, setStub)
 }
 /* }}} */
 
-/* {{{ proto array Phar::setSignatureAlgorithm(int sigtype)
+/* {{{ proto array Phar::setSignatureAlgorithm(int sigtype[, string privatekey])
  * Sets the signature algorithm for a phar and applies it. The signature
  * algorithm must be one of Phar::MD5, Phar::SHA1, Phar::SHA256,
  * Phar::SHA512, or Phar::PGP (PGP is not yet supported and falls back to
@@ -2685,7 +2692,8 @@ PHP_METHOD(Phar, setStub)
 PHP_METHOD(Phar, setSignatureAlgorithm)
 {
        long algo;
-       char *error;
+       char *error, *key = NULL;
+       int key_len = 0;
        PHAR_ARCHIVE_OBJECT();
        
        if (PHAR_G(readonly) && !phar_obj->arc.archive->is_data) {
@@ -2704,7 +2712,7 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
                return;
        }
 
-       if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "l", &algo) != SUCCESS) {
+       if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "l|s", &algo, &key, &key_len) != SUCCESS) {
                return;
        }
 
@@ -2718,9 +2726,11 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
 #endif
                case PHAR_SIG_MD5 :
                case PHAR_SIG_SHA1 :
-               case PHAR_SIG_PGP :
+               case PHAR_SIG_OPENSSL :
                        phar_obj->arc.archive->sig_flags = algo;
                        phar_obj->arc.archive->is_modified = 1;
+                       PHAR_G(openssl_privatekey) = key;
+                       PHAR_G(openssl_privatekey_len) = key_len;
 
                        phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
                        if (error) {
@@ -2758,6 +2768,9 @@ PHP_METHOD(Phar, getSignature)
                case PHAR_SIG_SHA512:
                        add_assoc_stringl(return_value, "hash_type", "SHA-512", 7, 1);
                        break;
+               case PHAR_SIG_OPENSSL:
+                       add_assoc_stringl(return_value, "hash_type", "OpenSSL", 7, 1);
+                       break;
                }
        } else {
                RETURN_FALSE;
@@ -4571,6 +4584,7 @@ ZEND_END_ARG_INFO();
 static
 ZEND_BEGIN_ARG_INFO_EX(arginfo_phar_setSigAlgo, 0, 0, 1)
        ZEND_ARG_INFO(0, algorithm)
+       ZEND_ARG_INFO(0, privatekey)
 ZEND_END_ARG_INFO();
 
 static
@@ -4759,7 +4773,7 @@ void phar_object_init(TSRMLS_D) /* {{{ */
        REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PHP", PHAR_MIME_PHP)
        REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PHPS", PHAR_MIME_PHPS)
        REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "MD5", PHAR_SIG_MD5)
-       REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PGP", PHAR_SIG_PGP)
+       REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL", PHAR_SIG_OPENSSL)
        REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA1", PHAR_SIG_SHA1)
        REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA256", PHAR_SIG_SHA256)
        REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA512", PHAR_SIG_SHA512)

diff --git a/ext/phar/tests/files/openssl.phar b/ext/phar/tests/files/openssl.phar
new file mode 100644 (file)
index 0000000..f3864d7
Binary files /dev/null and b/ext/phar/tests/files/openssl.phar differ

diff --git a/ext/phar/tests/files/openssl.phar.pubkey b/ext/phar/tests/files/openssl.phar.pubkey
new file mode 100644 (file)
index 0000000..7dd79ac
--- /dev/null
+++ b/ext/phar/tests/files/openssl.phar.pubkey
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA3ADUiKZIEhekYShzPCZ3LFbg
+rDuV44jH94OdJQfqaCQBvZXqMoG1bWOeYfbc3iO0gHWW3SKB27Sf1ZBnc5c1+YzB
+mx9bFipOX2W2ouKS2YoHeIoR9leDNu4yqwBsuggFPGVPxM9ikEI+YAOGVTCd4mV5
+agpkVsHLNJWbz/nPVwIDAQAB
+-----END PUBLIC KEY-----

diff --git a/ext/phar/tests/files/private.pem b/ext/phar/tests/files/private.pem
new file mode 100644 (file)
index 0000000..e4f4883
--- /dev/null
+++ b/ext/phar/tests/files/private.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDA3ADUiKZIEhekYShzPCZ3LFbgrDuV44jH94OdJQfqaCQBvZXq
+MoG1bWOeYfbc3iO0gHWW3SKB27Sf1ZBnc5c1+YzBmx9bFipOX2W2ouKS2YoHeIoR
+9leDNu4yqwBsuggFPGVPxM9ikEI+YAOGVTCd4mV5agpkVsHLNJWbz/nPVwIDAQAB
+AoGAGiS4qBbuE48ATXQuO5DH1hfYnxQ575Oskw7mdIL0k74SQ3ojvF+kXae6fVni
+UQZ76JgRWKYZa2kRDymwLZXpxVbiGL9dDvQY8ZENDtWOy9s7TDtxNixbZloKBopg
+J7G1B05LgetR3dgFnQOwt+e3kOu72RpS7thyBaUm8zHCRSECQQDw+h5uxE7i9CC8
+KHyJlwGoR28KZgrSpo74yWhQ+b1lzxQ+rk2wToFD/p+WNe/nf78YUl/cq0LngCKH
+Y7t228VLAkEAzOHzAjuDlGGzK6Kpe67iKgXd+GpKwPr9iaFfmzABOkRwQug4LCN7
+skmzCX5pzxqMZW1xNICjeDjWsMA3d4EypQJBAJyXPA1onYaXc2oxuPPD3/zVJpAQ
+TTojp8Z9Qr9T+kJdNV+h7rQB37gqjtOSiynY9nm8lbSUya4bstRd96S+HU8CQQCp
+yBAd6H2oZ7IXVeuHACyRUF1ab5LVCukxtVXJ/2T1CSPSfieWhC0MWMCR/HzoUALK
+RoBKVtOgW9GllRQh5yG1AkARVYbvj0XBy6XUpe5WZsLNWwpw1JreRsygcPXYh8bs
+nxhCdHNHJQ01lRDMjvNLtI8a5YjJE/IeW76T2mPCiJZI
+-----END RSA PRIVATE KEY-----

diff --git a/ext/phar/tests/phar_get_supported_signatures_001.phpt b/ext/phar/tests/phar_get_supported_signatures_001.phpt
index f672c0024b5b72d56866fc40c865b940d3140af2..794da6a942dd80327e96f16a4a4c20f8bfcf017d 100644 (file)
--- a/ext/phar/tests/phar_get_supported_signatures_001.phpt
+++ b/ext/phar/tests/phar_get_supported_signatures_001.phpt
@@ -3,6 +3,7 @@ Phar::getSupportedSignatures()
 --SKIPIF--
 <?php if (!extension_loaded("phar")) die("skip"); ?>
 <?php if (extension_loaded("hash")) die("skip extension hash conflicts"); ?>
+<?php if (extension_loaded("openssl")) die("skip extension openssl loaded"); ?>
 --INI--
 phar.require_hash=0
 phar.readonly=0

diff --git a/ext/phar/tests/phar_get_supported_signatures_002.phpt b/ext/phar/tests/phar_get_supported_signatures_002.phpt
index ba86947d5d42055749914de629961f25567efc86..21bb56d7ea7fda8f73f1dcda102bef573f5fbfab 100644 (file)
--- a/ext/phar/tests/phar_get_supported_signatures_002.phpt
+++ b/ext/phar/tests/phar_get_supported_signatures_002.phpt
@@ -3,6 +3,7 @@ Phar::getSupportedSignatures()
 --SKIPIF--
 <?php if (!extension_loaded("phar")) die("skip"); ?>
 <?php if (!extension_loaded("hash")) die("skip extension hash required"); ?>
+<?php if (extension_loaded("openssl")) die("skip extension openssl loaded"); ?>
 --INI--
 phar.require_hash=0
 phar.readonly=0

diff --git a/ext/phar/tests/phar_setsignaturealgo2.phpt b/ext/phar/tests/phar_setsignaturealgo2.phpt
index cc83281b22e37133decbc3e3caf9d817bbb49277..57b16097e75ace8a1d396bd3dd4eb952e901d7a6 100644 (file)
--- a/ext/phar/tests/phar_setsignaturealgo2.phpt
+++ b/ext/phar/tests/phar_setsignaturealgo2.phpt
@@ -3,11 +3,13 @@ Phar::setSupportedSignatures() with hash
 --SKIPIF--
 <?php if (!extension_loaded("phar")) die("skip"); ?>
 <?php if (!extension_loaded("hash")) die("skip extension hash required"); ?>
+<?php if (!extension_loaded("openssl")) die("skip extension openssl required"); ?>
 --INI--
 phar.require_hash=0
 phar.readonly=0
 --FILE--
 <?php
+$fname = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.phar';
 $p = new Phar(dirname(__FILE__) . '/brandnewphar.phar', 0, 'brandnewphar.phar');
 $p['file1.txt'] = 'hi';
 var_dump($p->getSignature());
@@ -28,7 +30,10 @@ var_dump($p->getSignature());
 echo $e->getMessage();
 }
 try {
-$p->setSignatureAlgorithm(Phar::PGP);
+$private = openssl_get_privatekey(file_get_contents(dirname(__FILE__) . '/files/private.pem'));
+$pkey = '';
+openssl_pkey_export($private, $pkey);
+$p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
 var_dump($p->getSignature());
 } catch (Exception $e) {
 echo $e->getMessage();
@@ -36,7 +41,7 @@ echo $e->getMessage();
 ?>
 ===DONE===
 --CLEAN--
-<?php 
+<?php
 unlink(dirname(__FILE__) . '/brandnewphar.phar');
 ?>
 --EXPECTF--
@@ -74,6 +79,6 @@ array(2) {
   ["hash"]=>
   string(%d) "%s"
   ["hash_type"]=>
-  string(5) "SHA-1"
+  string(7) "OpenSSL"
 }
 ===DONE===

diff --git a/ext/phar/tests/test_signaturealgos.phpt b/ext/phar/tests/test_signaturealgos.phpt
index 74f9e639aee485f17df581807fe32511b88aa4fd..990cf1e66a76c4e5129e02a79bf888f2cc09def0 100644 (file)
--- a/ext/phar/tests/test_signaturealgos.phpt
+++ b/ext/phar/tests/test_signaturealgos.phpt
@@ -3,6 +3,7 @@ Phar: verify signature parsing works
 --SKIPIF--
 <?php if (!extension_loaded("phar")) die("skip"); ?>
 <?php if (!extension_loaded("hash")) die("skip extension hash conflicts"); ?>
+<?php if (!extension_loaded("openssl")) die("skip extension openssl conflicts"); ?>
 --INI--
 phar.require_hash=0
 phar.readonly=0
@@ -20,6 +21,9 @@ var_dump($r['hash_type']);
 $a = new Phar(dirname(__FILE__) . '/files/md5.phar');
 $r = $a->getSignature();
 var_dump($r['hash_type']);
+$a = new Phar(dirname(__FILE__) . '/files/openssl.phar');
+$r = $a->getSignature();
+var_dump($r['hash_type']);
 ?>
 ===DONE===
 --EXPECT--
@@ -27,4 +31,5 @@ string(5) "SHA-1"
 string(7) "SHA-512"
 string(7) "SHA-256"
 string(3) "MD5"
+string(7) "OpenSSL"
 ===DONE===