mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-04 15:44:07 +01:00
414 lines
13 KiB
PHP
414 lines
13 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
/*
|
|
* sysPass
|
|
*
|
|
* @author nuxsmin
|
|
* @link https://syspass.org
|
|
* @copyright 2012-2024, Rubén Domínguez nuxsmin@$syspass.org
|
|
*
|
|
* This file is part of sysPass.
|
|
*
|
|
* sysPass is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* sysPass is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
namespace SP\Domain\Import\Services;
|
|
|
|
use CallbackFilterIterator;
|
|
use DOMDocument;
|
|
use DOMElement;
|
|
use DOMNodeList;
|
|
use DOMXPath;
|
|
use Exception;
|
|
use SP\Core\Crypt\Hash;
|
|
use SP\Core\Events\Event;
|
|
use SP\Core\Events\EventMessage;
|
|
use SP\Domain\Account\Dtos\AccountCreateDto;
|
|
use SP\Domain\Account\Models\Account;
|
|
use SP\Domain\Category\Models\Category;
|
|
use SP\Domain\Client\Models\Client;
|
|
use SP\Domain\Common\Providers\Version;
|
|
use SP\Domain\Core\Exceptions\CryptException;
|
|
use SP\Domain\Export\Services\XmlVerify;
|
|
use SP\Domain\Import\Dtos\ImportParamsDto;
|
|
use SP\Domain\Import\Ports\ItemsImportService;
|
|
use SP\Domain\Tag\Models\Tag;
|
|
|
|
use function SP\__;
|
|
use function SP\__u;
|
|
use function SP\processException;
|
|
|
|
/**
|
|
* Import assets from a sysPass exported XML file
|
|
*/
|
|
final class SyspassImport extends XmlImportBase implements ItemsImportService
|
|
{
|
|
/**
|
|
* Iniciar la importación desde sysPass.
|
|
*
|
|
* @param ImportParamsDto $importParams
|
|
* @return ItemsImportService
|
|
* @throws ImportException
|
|
*/
|
|
public function doImport(ImportParamsDto $importParams): ItemsImportService
|
|
{
|
|
try {
|
|
$this->eventDispatcher->notify(
|
|
'run.import.syspass',
|
|
new Event($this, EventMessage::factory()->addDescription(__u('sysPass XML Import')))
|
|
);
|
|
|
|
$this->version = $this->getXmlVersion();
|
|
|
|
if ($this->detectEncrypted()) {
|
|
if ($importParams->getPassword() === '') {
|
|
throw ImportException::error(__u('Encryption password not set'));
|
|
}
|
|
|
|
$this->processEncrypted($importParams);
|
|
}
|
|
|
|
$this->checkIntegrity($importParams);
|
|
$this->processCategories();
|
|
$this->processClients();
|
|
$this->processTags();
|
|
$this->processAccounts($importParams);
|
|
|
|
return $this;
|
|
} catch (ImportException $e) {
|
|
throw $e;
|
|
} catch (Exception $e) {
|
|
throw ImportException::from($e);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Obtener la versión del XML
|
|
*/
|
|
private function getXmlVersion(): int
|
|
{
|
|
return (int)Version::versionToInteger(
|
|
(new DOMXPath($this->document))->query('/Root/Meta/Version')->item(0)?->nodeValue ?? 0
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Verificar si existen datos encriptados
|
|
*/
|
|
private function detectEncrypted(): bool
|
|
{
|
|
return $this->document->getElementsByTagName('Encrypted')->length > 0;
|
|
}
|
|
|
|
/**
|
|
* Procesar los datos encriptados y añadirlos al árbol DOM desencriptados
|
|
*
|
|
* @throws ImportException
|
|
*/
|
|
private function processEncrypted(ImportParamsDto $importParams): void
|
|
{
|
|
$hash = $this->document
|
|
->getElementsByTagName('Encrypted')
|
|
->item(0)
|
|
?->getAttribute('hash');
|
|
|
|
if (!empty($hash) && !Hash::checkHashKey($importParams->getPassword(), $hash)) {
|
|
throw ImportException::error(__u('Wrong encryption password'));
|
|
}
|
|
|
|
/** @var DOMElement $node */
|
|
foreach ($this->document->getElementsByTagName('Data') as $node) {
|
|
try {
|
|
if ($this->version >= 2100 && $this->version <= 3100) {
|
|
$encryptedNodeValue = base64_decode($node->nodeValue);
|
|
} elseif ($this->version >= 3200) {
|
|
$encryptedNodeValue = $node->nodeValue;
|
|
} else {
|
|
throw ImportException::error(__u('The file was exported with an old sysPass version (<= 2.10).'));
|
|
}
|
|
|
|
$xmlDecrypted = $this->crypt->decrypt(
|
|
$encryptedNodeValue,
|
|
$node->getAttribute('key'),
|
|
$importParams->getPassword()
|
|
);
|
|
} catch (CryptException $e) {
|
|
processException($e);
|
|
|
|
$this->eventDispatcher->notify('exception', new Event($e));
|
|
|
|
continue;
|
|
}
|
|
|
|
$document = new DOMDocument();
|
|
|
|
if ($document->loadXML($xmlDecrypted) === false) {
|
|
throw ImportException::error(__u('Wrong encryption password'));
|
|
}
|
|
|
|
$this->document->documentElement
|
|
->appendChild(
|
|
$this->document->importNode($document->documentElement, true)
|
|
);
|
|
}
|
|
|
|
// Eliminar los datos encriptados tras desencriptar los mismos
|
|
if ($this->document->getElementsByTagName('Data')->length > 0) {
|
|
$nodeData = $this->document
|
|
->getElementsByTagName('Encrypted')
|
|
->item(0);
|
|
$nodeData->parentNode->removeChild($nodeData);
|
|
}
|
|
|
|
$this->eventDispatcher->notify(
|
|
'run.import.syspass.process.decryption',
|
|
new Event($this, EventMessage::factory()->addDescription(__u('Data unencrypted')))
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Checks XML file's data integrity using the signed hash
|
|
*/
|
|
private function checkIntegrity(ImportParamsDto $importParams): void
|
|
{
|
|
$key = $importParams->getPassword() ?? sha1($this->configData->getPasswordSalt());
|
|
|
|
if (!XmlVerify::checkXmlHash($this->document, $key)) {
|
|
$this->eventDispatcher->notify(
|
|
'run.import.syspass.process.verify',
|
|
new Event(
|
|
$this,
|
|
EventMessage::factory()
|
|
->addDescription(__u('Error while checking integrity hash'))
|
|
->addDescription(
|
|
__u(
|
|
'If you are importing an exported file from the same origin, the data could be compromised.'
|
|
)
|
|
)
|
|
)
|
|
);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Obtener las categorías y añadirlas a sysPass.
|
|
* @throws ImportException
|
|
*/
|
|
private function processCategories(): void
|
|
{
|
|
try {
|
|
foreach ($this->getNodesData('Categories', 'Category') as $category) {
|
|
$nodesIterator = new CallbackFilterIterator(
|
|
$category->childNodes->getIterator(),
|
|
static fn(DOMElement $element) => isset($element->tagName)
|
|
);
|
|
|
|
$data = ['id' => (int)$category->getAttribute('id')];
|
|
|
|
/** @var DOMElement $node */
|
|
foreach ($nodesIterator as $node) {
|
|
$data[$node->tagName] = $node->nodeValue;
|
|
}
|
|
|
|
$this->addCategory(new Category($data));
|
|
|
|
$this->eventDispatcher->notify(
|
|
'run.import.syspass.process.category',
|
|
new Event(
|
|
$this,
|
|
EventMessage::factory()
|
|
->addDetail(__u('Category imported'), $data['name'])
|
|
)
|
|
);
|
|
}
|
|
} catch (Exception $e) {
|
|
$this->eventDispatcher->notify(
|
|
'exception',
|
|
new Event(
|
|
$e,
|
|
EventMessage::factory()->addDescription(__('Unable to import categories'))
|
|
)
|
|
);
|
|
|
|
throw ImportException::from($e);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws ImportException
|
|
*/
|
|
private function processClients(): void
|
|
{
|
|
try {
|
|
foreach ($this->getNodesData('Clients', 'Client') as $client) {
|
|
$nodesIterator = new CallbackFilterIterator(
|
|
$client->childNodes->getIterator(),
|
|
static fn(DOMElement $element) => isset($element->tagName)
|
|
);
|
|
|
|
$data = ['id' => (int)$client->getAttribute('id')];
|
|
|
|
/** @var DOMElement $node */
|
|
foreach ($nodesIterator as $node) {
|
|
$data[$node->tagName] = $node->nodeValue;
|
|
}
|
|
|
|
|
|
$this->addClient(new Client($data));
|
|
|
|
$this->eventDispatcher->notify(
|
|
'run.import.syspass.process.client',
|
|
new Event(
|
|
$this,
|
|
EventMessage::factory()
|
|
->addDetail(__u('Client imported'), $data['name'])
|
|
)
|
|
);
|
|
}
|
|
} catch (Exception $e) {
|
|
$this->eventDispatcher->notify(
|
|
'exception',
|
|
new Event(
|
|
$e,
|
|
EventMessage::factory()->addDescription(__('Unable to import clients'))
|
|
)
|
|
);
|
|
|
|
throw ImportException::from($e);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws ImportException
|
|
*/
|
|
private function processTags(): void
|
|
{
|
|
try {
|
|
foreach ($this->getNodesData('Tags', 'Tag') as $tag) {
|
|
$nodesIterator = new CallbackFilterIterator(
|
|
$tag->childNodes->getIterator(),
|
|
static fn(DOMElement $element) => isset($element->tagName)
|
|
);
|
|
|
|
$data = ['id' => (int)$tag->getAttribute('id')];
|
|
|
|
/** @var DOMElement $node */
|
|
foreach ($nodesIterator as $node) {
|
|
if ($node->tagName === 'name') {
|
|
$data['name'] = $node->nodeValue;
|
|
}
|
|
}
|
|
|
|
$this->addTag(new Tag($data));
|
|
|
|
$this->eventDispatcher->notify(
|
|
'run.import.syspass.process.tag',
|
|
new Event(
|
|
$this,
|
|
EventMessage::factory()->addDetail(__u('Tag imported'), $data['name'])
|
|
)
|
|
);
|
|
}
|
|
} catch (Exception $e) {
|
|
$this->eventDispatcher->notify(
|
|
'exception',
|
|
new Event(
|
|
$e,
|
|
EventMessage::factory()->addDescription(__('Unable to import tags'))
|
|
)
|
|
);
|
|
|
|
throw ImportException::from($e);
|
|
}
|
|
}
|
|
|
|
private function processAccounts(ImportParamsDto $importParams): void
|
|
{
|
|
foreach ($this->getNodesData('Accounts', 'Account') as $account) {
|
|
$data = [];
|
|
|
|
$nodesIterator = new CallbackFilterIterator(
|
|
$account->childNodes->getIterator(),
|
|
static fn(DOMElement $element) => isset($element->tagName)
|
|
);
|
|
|
|
/** @var DOMElement $node */
|
|
foreach ($nodesIterator as $node) {
|
|
switch ($node->tagName) {
|
|
case 'categoryId':
|
|
$data['categoryId'] =
|
|
$this->getOrSetCache(self::ITEM_CATEGORY, (int)$node->nodeValue);
|
|
break;
|
|
case 'clientId':
|
|
case 'customerId':
|
|
$data['clientId'] =
|
|
$this->getOrSetCache(self::ITEM_CLIENT, (int)$node->nodeValue);
|
|
break;
|
|
case 'tags':
|
|
$data['tags'] = $this->processAccountTags($node->childNodes);
|
|
break;
|
|
default:
|
|
$data[$node->tagName] = $node->nodeValue;
|
|
}
|
|
}
|
|
|
|
try {
|
|
$dto = AccountCreateDto::fromAccount(new Account($data));
|
|
$dtoWithTags = $dto->withTags($data['tags']);
|
|
|
|
$this->addAccount($dtoWithTags, $importParams, true);
|
|
|
|
$this->eventDispatcher->notify(
|
|
'run.import.syspass.process.account',
|
|
new Event(
|
|
$this,
|
|
EventMessage::factory()->addDetail(__u('Account imported'), $data['name'])
|
|
)
|
|
);
|
|
} catch (Exception $e) {
|
|
$this->eventDispatcher->notify(
|
|
'exception',
|
|
new Event(
|
|
$e,
|
|
EventMessage::factory()->addDescription(__('Unable to import account'))
|
|
)
|
|
);
|
|
|
|
$this->eventDispatcher->notify('exception', new Event($e));
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Procesar las etiquetas de la cuenta
|
|
*/
|
|
private function processAccountTags(DOMNodeList $nodes): array
|
|
{
|
|
$tags = [];
|
|
|
|
$nodesIterator = new CallbackFilterIterator(
|
|
$nodes->getIterator(),
|
|
static fn(DOMElement $element) => isset($element->tagName)
|
|
);
|
|
|
|
/** @var DOMElement $node */
|
|
foreach ($nodesIterator as $node) {
|
|
$tags[] = $this->getOrSetCache(self::ITEM_TAG, (int)$node->getAttribute('id'));
|
|
}
|
|
|
|
return $tags;
|
|
}
|
|
}
|