Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-02-23 03:11:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
feature/cli_module
sysPass/lib/SP/Services/Crypt/SecureSessionService.php
Rubén D e4e6e04c57 * [MOD] Updated copyright 
Signed-off-by: Rubén D <nuxsmin@syspass.org>
2020-12-07 19:42:41 +01:00

167 lines
4.1 KiB
PHP
Raw Permalink Blame History

<?php
/*
* sysPass
*
* @author nuxsmin
* @link https://syspass.org
* @copyright 2012-2020, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*/
namespace SP\Services\Crypt;
use Defuse\Crypto\Key;
use Exception;
use SP\Core\Crypt\UUIDCookie;
use SP\Core\Crypt\Vault;
use SP\Http\Request;
use SP\Services\Service;
use SP\Services\ServiceException;
use SP\Storage\File\FileCache;
use SP\Storage\File\FileException;
/**
* Class SecureSessionService
*
* @package SP\Services\Crypt
*/
final class SecureSessionService extends Service
{
const CACHE_EXPIRE_TIME = 86400;
const CACHE_PATH = CACHE_PATH . DIRECTORY_SEPARATOR . 'secure_session';
/**
* @var string
*/
protected $seed;
/**
* @var Request
*/
protected $request;
/**
* @var UUIDCookie
*/
protected $cookie;
/**
* @var string
*/
private $filename;
/**
* Returns the encryption key
*
* @param UUIDCookie $cookie
*
* @return Key|false
*/
public function getKey(UUIDCookie $cookie)
{
$this->cookie = $cookie;
try {
$cache = FileCache::factory($this->getFileNameFromCookie());
if ($cache->isExpired(self::CACHE_EXPIRE_TIME)) {
logger('Session key expired or does not exist', 'ERROR');
return $this->saveKey();
}
if (($vault = $cache->load()) instanceof Vault) {
return Key::loadFromAsciiSafeString($vault->getData($this->getCypher()));
}
} catch (FileException $e) {
return $this->saveKey();
} catch (Exception $e) {
processException($e);
}
return false;
}
/**
* Returns an unique filename from a browser cookie
*
* @return string
* @throws ServiceException
*/
private function getFileNameFromCookie()
{
if (!$this->filename) {
if (($uuid = $this->cookie->loadCookie($this->seed)) === false
&& ($uuid = $this->cookie->createCookie($this->seed)) === false
) {
throw new ServiceException('Unable to get UUID for filename');
}
$this->filename = self::CACHE_PATH . DIRECTORY_SEPARATOR . $uuid;
}
return $this->filename;
}
/**
* Saves the encryption key
*
* @return Key|false
*/
private function saveKey()
{
try {
$securedKey = Key::createNewRandomKey();
FileCache::factory($this->getFileNameFromCookie())->save((new Vault())->saveData($securedKey->saveToAsciiSafeString(), $this->getCypher()));
logger('Saved session key');
return $securedKey;
} catch (Exception $e) {
processException($e);
}
return false;
}
/**
* Returns the key to be used for encrypting the session data
*
* @return string
*/
private function getCypher()
{
return hash_pbkdf2('sha1',
sha1($this->request->getHeader('User-Agent') . $this->request->getClientAddress()),
$this->seed,
500,
32
);
}
/**
* @return string
*/
public function getFilename(): string
{
return $this->filename;
}
protected function initialize()
{
$this->request = $this->dic->get(Request::class);
$this->seed = $this->config->getConfigData()->getPasswordSalt();
}
}
Reference in New Issue View Git Blame Copy Permalink