Differential D11021 Diff 26468 src/applications/auth/management/PhabricatorAuthManagementCachePKCS8Workflow.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/management/PhabricatorAuthManagementCachePKCS8Workflow.php
- This file was added.
| <?php | |||||
| final class PhabricatorAuthManagementCachePKCS8Workflow | |||||
| extends PhabricatorAuthManagementWorkflow { | |||||
| protected function didConstruct() { | |||||
| $this | |||||
| ->setName('cache-pkcs8') | |||||
| ->setExamples('**cache-pkcs8** --public __keyfile__ --pkcs8 __keyfile__') | |||||
| ->setSynopsis( | |||||
| pht( | |||||
| 'Cache the PKCS8 format of a public key. When developing on OSX, '. | |||||
| 'this can be used to work around issues with ssh-keygen. Use '. | |||||
| '`ssh-keygen -e -m PKCS8 -f key.pub` to generate a PKCS8 key to '. | |||||
| 'feed to this command.')) | |||||
| ->setArguments( | |||||
| array( | |||||
| array( | |||||
| 'name' => 'public', | |||||
| 'param' => 'keyfile', | |||||
| 'help' => pht('Path to public keyfile.'), | |||||
| ), | |||||
| array( | |||||
| 'name' => 'pkcs8', | |||||
| 'param' => 'keyfile', | |||||
| 'help' => pht('Path to corresponding PKCS8 key.'), | |||||
| ), | |||||
| )); | |||||
| } | |||||
| public function execute(PhutilArgumentParser $args) { | |||||
| $console = PhutilConsole::getConsole(); | |||||
| $public_keyfile = $args->getArg('public'); | |||||
| if (!strlen($public_keyfile)) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'You must specify the path to a public keyfile with --public.')); | |||||
| } | |||||
| if (!Filesystem::pathExists($public_keyfile)) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'Specified public keyfile "%s" does not exist!', | |||||
| $public_keyfile)); | |||||
| } | |||||
| $public_key = Filesystem::readFile($public_keyfile); | |||||
| $pkcs8_keyfile = $args->getArg('pkcs8'); | |||||
| if (!strlen($pkcs8_keyfile)) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'You must specify the path to a pkcs8 keyfile with --pkc8s.')); | |||||
| } | |||||
| if (!Filesystem::pathExists($pkcs8_keyfile)) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'Specified pkcs8 keyfile "%s" does not exist!', | |||||
| $pkcs8_keyfile)); | |||||
| } | |||||
| $pkcs8_key = Filesystem::readFile($pkcs8_keyfile); | |||||
| $warning = pht( | |||||
| 'Adding a PKCS8 keyfile to the cache can be very dangerous. If the '. | |||||
| 'PKCS8 file really encodes a different public key than the one '. | |||||
| 'specified, an attacker could use it to gain unautorized access.'. | |||||
| "\n\n". | |||||
| 'Generally, you should use this option only in a development '. | |||||
| 'environment where ssh-keygen is broken and it is inconvenient to '. | |||||
| 'fix it, and only if you are certain you understand the risks. You '. | |||||
| 'should never cache a PKCS8 file you did not generate yourself.'); | |||||
| $console->writeOut( | |||||
| "%s\n", | |||||
| phutil_console_wrap($warning)); | |||||
| $prompt = pht('Really trust this PKCS8 keyfile?'); | |||||
| if (!phutil_console_confirm($prompt)) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht('Aborted workflow.')); | |||||
| } | |||||
| $key = PhabricatorAuthSSHPublicKey::newFromRawKey($public_key); | |||||
| $key->forcePopulatePKCS8Cache($pkcs8_key); | |||||
| $console->writeOut( | |||||
| "%s\n", | |||||
| pht('Cached PKCS8 key for public key.')); | |||||
| return 0; | |||||
| } | |||||
| } | |||||