Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-03 15:14:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b477fb696fb64dbf47fc7d025eb35de58bcfef96
sysPass/lib/SP/Domain/Crypt/Services/SecureSession.php
Rubén D ac8565bc13 style(php): Fix copyright comment 
Signed-off-by: Rubén D <nuxsmin@syspass.org>
2024-05-04 09:33:52 +02:00

132 lines
3.7 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
/**
* sysPass
*
* @author nuxsmin
* @link https://syspass.org
* @copyright 2012-2024, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*/
namespace SP\Domain\Crypt\Services;
use Defuse\Crypto\Key;
use Exception;
use SP\Core\Application;
use SP\Core\Crypt\Vault;
use SP\Domain\Common\Services\Service;
use SP\Domain\Common\Services\ServiceException;
use SP\Domain\Core\Crypt\CryptInterface;
use SP\Domain\Core\Crypt\RequestBasedPasswordInterface;
use SP\Domain\Core\Crypt\UuidCookieInterface;
use SP\Domain\Crypt\Ports\SecureSessionService;
use SP\Domain\Storage\Ports\FileCacheService;
use SP\Infrastructure\File\FileException;
use function SP\logger;
use function SP\processException;
/**
* Class SecureSession
*/
final class SecureSession extends Service implements SecureSessionService
{
private const CACHE_EXPIRE_TIME = 86400;
private const CACHE_PATH = CACHE_PATH . DIRECTORY_SEPARATOR . 'secure_session';
public function __construct(
Application $application,
private readonly CryptInterface $crypt,
private readonly FileCacheService $fileCache,
private readonly RequestBasedPasswordInterface $requestBasedPassword
) {
parent::__construct($application);
}
/**
* Returns an unique filename from a browser cookie
*
* @throws ServiceException
*/
public static function getFileNameFrom(UuidCookieInterface $cookie, string $seed): string
{
if (($uuid = $cookie->load($seed)) === false
&& ($uuid = $cookie->create($seed)) === false
) {
throw new ServiceException('Unable to get UUID for filename');
}
return self::CACHE_PATH . DIRECTORY_SEPARATOR . $uuid;
}
/**
* Returns the encryption key
*
*
* @return Key|false
*/
public function getKey(): Key|bool
{
try {
if ($this->fileCache->isExpired(self::CACHE_EXPIRE_TIME)) {
logger('Session key expired or does not exist', 'ERROR');
return $this->saveKey();
}
$vault = $this->fileCache->loadWith(Vault::class);
return Key::loadFromAsciiSafeString($vault->getData($this->requestBasedPassword->build()));
} catch (FileException) {
return $this->saveKey();
} catch (Exception $e) {
processException($e);
}
return false;
}
/**
* Saves the encryption key
*
* @return Key|false
*/
private function saveKey(): Key|bool
{
try {
$securedKey = Key::createNewRandomKey();
$data = Vault::factory($this->crypt)
->saveData(
$securedKey->saveToAsciiSafeString(),
$this->requestBasedPassword->build()
);
$this->fileCache->save($data);
logger('Saved session key');
return $securedKey;
} catch (Exception $e) {
processException($e);
}
return false;
}
}
Reference in New Issue View Git Blame Copy Permalink