mirror of
https://github.com/privacy-protection-tools/anti-AD.git
synced 2025-01-23 23:09:17 +08:00
425 lines
11 KiB
PHP
425 lines
11 KiB
PHP
|
<?php
|
||
|
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
|
||
|
|
||
|
/**
|
||
|
* DNS Library for handling lookups and updates.
|
||
|
*
|
||
|
* PHP Version 5
|
||
|
*
|
||
|
* Copyright (c) 2010, Mike Pultz <mike@mikepultz.com>.
|
||
|
* All rights reserved.
|
||
|
*
|
||
|
* Redistribution and use in source and binary forms, with or without
|
||
|
* modification, are permitted provided that the following conditions
|
||
|
* are met:
|
||
|
*
|
||
|
* * Redistributions of source code must retain the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer.
|
||
|
*
|
||
|
* * Redistributions in binary form must reproduce the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer in
|
||
|
* the documentation and/or other materials provided with the
|
||
|
* distribution.
|
||
|
*
|
||
|
* * Neither the name of Mike Pultz nor the names of his contributors
|
||
|
* may be used to endorse or promote products derived from this
|
||
|
* software without specific prior written permission.
|
||
|
*
|
||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||
|
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRIC
|
||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||
|
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
* POSSIBILITY OF SUCH DAMAGE.
|
||
|
*
|
||
|
* @category Networking
|
||
|
* @package Net_DNS2
|
||
|
* @author Mike Pultz <mike@mikepultz.com>
|
||
|
* @copyright 2011 Mike Pultz <mike@mikepultz.com>
|
||
|
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
|
||
|
* @version SVN: $Id$
|
||
|
* @link http://pear.php.net/package/Net_DNS2
|
||
|
* @since File available since Release 1.1.0
|
||
|
*
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* SSL Private Key container class
|
||
|
*
|
||
|
* @category Networking
|
||
|
* @package Net_DNS2
|
||
|
* @author Mike Pultz <mike@mikepultz.com>
|
||
|
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
|
||
|
* @link http://pear.php.net/package/Net_DNS2
|
||
|
*
|
||
|
*/
|
||
|
class Net_DNS2_PrivateKey
|
||
|
{
|
||
|
/*
|
||
|
* the filename that was loaded; stored for reference
|
||
|
*/
|
||
|
public $filename;
|
||
|
|
||
|
/*
|
||
|
* the keytag for the signature
|
||
|
*/
|
||
|
public $keytag;
|
||
|
|
||
|
/*
|
||
|
* the sign name for the signature
|
||
|
*/
|
||
|
public $signname;
|
||
|
|
||
|
/*
|
||
|
* the algorithm used for the signature
|
||
|
*/
|
||
|
public $algorithm;
|
||
|
|
||
|
/*
|
||
|
* the key format fo the signature
|
||
|
*/
|
||
|
public $key_format;
|
||
|
|
||
|
/*
|
||
|
* the openssl private key id
|
||
|
*/
|
||
|
public $instance;
|
||
|
|
||
|
/*
|
||
|
* RSA: modulus
|
||
|
*/
|
||
|
private $_modulus;
|
||
|
|
||
|
/*
|
||
|
* RSA: public exponent
|
||
|
*/
|
||
|
private $_public_exponent;
|
||
|
|
||
|
/*
|
||
|
* RSA: rivate exponent
|
||
|
*/
|
||
|
private $_private_exponent;
|
||
|
|
||
|
/*
|
||
|
* RSA: prime1
|
||
|
*/
|
||
|
private $_prime1;
|
||
|
|
||
|
/*
|
||
|
* RSA: prime2
|
||
|
*/
|
||
|
private $_prime2;
|
||
|
|
||
|
/*
|
||
|
* RSA: exponent 1
|
||
|
*/
|
||
|
private $_exponent1;
|
||
|
|
||
|
/*
|
||
|
* RSA: exponent 2
|
||
|
*/
|
||
|
private $_exponent2;
|
||
|
|
||
|
/*
|
||
|
* RSA: coefficient
|
||
|
*/
|
||
|
private $_coefficient;
|
||
|
|
||
|
/*
|
||
|
* DSA: prime
|
||
|
*/
|
||
|
public $prime;
|
||
|
|
||
|
/*
|
||
|
* DSA: subprime
|
||
|
*/
|
||
|
public $subprime;
|
||
|
|
||
|
/*
|
||
|
* DSA: base
|
||
|
*/
|
||
|
public $base;
|
||
|
|
||
|
/*
|
||
|
* DSA: private value
|
||
|
*/
|
||
|
public $private_value;
|
||
|
|
||
|
/*
|
||
|
* DSA: public value
|
||
|
*/
|
||
|
public $public_value;
|
||
|
|
||
|
/**
|
||
|
* Constructor - base constructor the private key container class
|
||
|
*
|
||
|
* @param string $file path to a private-key file to parse and load
|
||
|
*
|
||
|
* @throws Net_DNS2_Exception
|
||
|
* @access public
|
||
|
*
|
||
|
*/
|
||
|
public function __construct($file = null)
|
||
|
{
|
||
|
if (isset($file)) {
|
||
|
$this->parseFile($file);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* parses a private key file generated by dnssec-keygen
|
||
|
*
|
||
|
* @param string $file path to a private-key file to parse and load
|
||
|
*
|
||
|
* @return boolean
|
||
|
* @throws Net_DNS2_Exception
|
||
|
* @access public
|
||
|
*
|
||
|
*/
|
||
|
public function parseFile($file)
|
||
|
{
|
||
|
//
|
||
|
// check for OpenSSL
|
||
|
//
|
||
|
if (extension_loaded('openssl') === false) {
|
||
|
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'the OpenSSL extension is required to use parse private key.',
|
||
|
Net_DNS2_Lookups::E_OPENSSL_UNAVAIL
|
||
|
);
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// check to make sure the file exists
|
||
|
//
|
||
|
if (is_readable($file) == false) {
|
||
|
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'invalid private key file: ' . $file,
|
||
|
Net_DNS2_Lookups::E_OPENSSL_INV_PKEY
|
||
|
);
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// get the base filename, and parse it for the local value
|
||
|
//
|
||
|
$keyname = basename($file);
|
||
|
if (strlen($keyname) == 0) {
|
||
|
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'failed to get basename() for: ' . $file,
|
||
|
Net_DNS2_Lookups::E_OPENSSL_INV_PKEY
|
||
|
);
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// parse the keyname
|
||
|
//
|
||
|
if (preg_match("/K(.*)\.\+(\d{3})\+(\d*)\.private/", $keyname, $matches)) {
|
||
|
|
||
|
$this->signname = $matches[1];
|
||
|
$this->algorithm = intval($matches[2]);
|
||
|
$this->keytag = intval($matches[3]);
|
||
|
|
||
|
} else {
|
||
|
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'file ' . $keyname . ' does not look like a private key file!',
|
||
|
Net_DNS2_Lookups::E_OPENSSL_INV_PKEY
|
||
|
);
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// read all the data from the
|
||
|
//
|
||
|
$data = file($file, FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES);
|
||
|
if (count($data) == 0) {
|
||
|
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'file ' . $keyname . ' is empty!',
|
||
|
Net_DNS2_Lookups::E_OPENSSL_INV_PKEY
|
||
|
);
|
||
|
}
|
||
|
|
||
|
foreach ($data as $line) {
|
||
|
|
||
|
list($key, $value) = explode(':', $line);
|
||
|
|
||
|
$key = trim($key);
|
||
|
$value = trim($value);
|
||
|
|
||
|
switch(strtolower($key)) {
|
||
|
|
||
|
case 'private-key-format':
|
||
|
$this->_key_format = $value;
|
||
|
break;
|
||
|
|
||
|
case 'algorithm':
|
||
|
if ($this->algorithm != $value) {
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'Algorithm mis-match! filename is ' . $this->algorithm .
|
||
|
', contents say ' . $value,
|
||
|
Net_DNS2_Lookups::E_OPENSSL_INV_ALGO
|
||
|
);
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
//
|
||
|
// RSA
|
||
|
//
|
||
|
case 'modulus':
|
||
|
$this->_modulus = $value;
|
||
|
break;
|
||
|
|
||
|
case 'publicexponent':
|
||
|
$this->_public_exponent = $value;
|
||
|
break;
|
||
|
|
||
|
case 'privateexponent':
|
||
|
$this->_private_exponent = $value;
|
||
|
break;
|
||
|
|
||
|
case 'prime1':
|
||
|
$this->_prime1 = $value;
|
||
|
break;
|
||
|
|
||
|
case 'prime2':
|
||
|
$this->_prime2 = $value;
|
||
|
break;
|
||
|
|
||
|
case 'exponent1':
|
||
|
$this->_exponent1 = $value;
|
||
|
break;
|
||
|
|
||
|
case 'exponent2':
|
||
|
$this->_exponent2 = $value;
|
||
|
break;
|
||
|
|
||
|
case 'coefficient':
|
||
|
$this->_coefficient = $value;
|
||
|
break;
|
||
|
|
||
|
//
|
||
|
// DSA - this won't work in PHP until the OpenSSL extension is better
|
||
|
//
|
||
|
case 'prime(p)':
|
||
|
$this->prime = $value;
|
||
|
break;
|
||
|
|
||
|
case 'subprime(q)':
|
||
|
$this->subprime = $value;
|
||
|
break;
|
||
|
|
||
|
case 'base(g)':
|
||
|
$this->base = $value;
|
||
|
break;
|
||
|
|
||
|
case 'private_value(x)':
|
||
|
$this->private_value = $value;
|
||
|
break;
|
||
|
|
||
|
case 'public_value(y)':
|
||
|
$this->public_value = $value;
|
||
|
break;
|
||
|
|
||
|
default:
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'unknown private key data: ' . $key . ': ' . $value,
|
||
|
Net_DNS2_Lookups::E_OPENSSL_INV_PKEY
|
||
|
);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// generate the private key
|
||
|
//
|
||
|
$args = array();
|
||
|
|
||
|
switch($this->algorithm) {
|
||
|
|
||
|
//
|
||
|
// RSA
|
||
|
//
|
||
|
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSAMD5:
|
||
|
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA1:
|
||
|
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA256:
|
||
|
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA512:
|
||
|
|
||
|
$args = array(
|
||
|
|
||
|
'rsa' => array(
|
||
|
|
||
|
'n' => base64_decode($this->_modulus),
|
||
|
'e' => base64_decode($this->_public_exponent),
|
||
|
'd' => base64_decode($this->_private_exponent),
|
||
|
'p' => base64_decode($this->_prime1),
|
||
|
'q' => base64_decode($this->_prime2),
|
||
|
'dmp1' => base64_decode($this->_exponent1),
|
||
|
'dmq1' => base64_decode($this->_exponent2),
|
||
|
'iqmp' => base64_decode($this->_coefficient)
|
||
|
)
|
||
|
);
|
||
|
|
||
|
break;
|
||
|
|
||
|
//
|
||
|
// DSA - this won't work in PHP until the OpenSSL extension is better
|
||
|
//
|
||
|
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSA:
|
||
|
|
||
|
$args = array(
|
||
|
|
||
|
'dsa' => array(
|
||
|
|
||
|
'p' => base64_decode($this->prime),
|
||
|
'q' => base64_decode($this->subprime),
|
||
|
'g' => base64_decode($this->base),
|
||
|
'priv_key' => base64_decode($this->private_value),
|
||
|
'pub_key' => base64_decode($this->public_value)
|
||
|
)
|
||
|
);
|
||
|
|
||
|
break;
|
||
|
|
||
|
default:
|
||
|
throw new Net_DNS2_Exception(
|
||
|
'we only currently support RSAMD5 and RSASHA1 encryption.',
|
||
|
Net_DNS2_Lookups::E_OPENSSL_INV_PKEY
|
||
|
);
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// generate and store the key
|
||
|
//
|
||
|
$this->instance = openssl_pkey_new($args);
|
||
|
if ($this->instance === false) {
|
||
|
throw new Net_DNS2_Exception(
|
||
|
openssl_error_string(),
|
||
|
Net_DNS2_Lookups::E_OPENSSL_ERROR
|
||
|
);
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// store the filename incase we need it for something
|
||
|
//
|
||
|
$this->filename = $file;
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Local variables:
|
||
|
* tab-width: 4
|
||
|
* c-basic-offset: 4
|
||
|
* c-hanging-comment-ender-p: nil
|
||
|
* End:
|
||
|
*/
|
||
|
?>
|