Removed chmod from CryptKey and add toggle to disable checking

This commit is contained in:
Yannick de Lange 2017-08-01 14:59:21 +02:00
parent 7c2218fdcc
commit 2aca909d20
2 changed files with 18 additions and 16 deletions

View File

@ -29,8 +29,9 @@ class CryptKey
/** /**
* @param string $keyPath * @param string $keyPath
* @param null|string $passPhrase * @param null|string $passPhrase
* @param bool $keyPermissionsCheck
*/ */
public function __construct($keyPath, $passPhrase = null) public function __construct($keyPath, $passPhrase = null, $keyPermissionsCheck = true)
{ {
if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) { if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {
$keyPath = $this->saveKeyToFile($keyPath); $keyPath = $this->saveKeyToFile($keyPath);
@ -44,21 +45,15 @@ class CryptKey
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath)); throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
} }
// Verify the permissions of the key if ($keyPermissionsCheck === true) {
$keyPathPerms = decoct(fileperms($keyPath) & 0777); // Verify the permissions of the key
if ($keyPathPerms !== '600') { $keyPathPerms = decoct(fileperms($keyPath) & 0777);
// Attempt to correct the permissions if (in_array($keyPathPerms, ['600', '660'], true) === false) {
if (chmod($keyPath, 0600) === false) { trigger_error(sprintf(
// @codeCoverageIgnoreStart 'Key file "%s" permissions are not correct, should be 600 or 660 instead of %s',
trigger_error( $keyPath,
sprintf( $keyPathPerms
'Key file "%s" permissions are not correct, should be 600 instead of %s, unable to automatically resolve the issue', ), E_USER_NOTICE);
$keyPath,
$keyPathPerms
),
E_USER_NOTICE
);
// @codeCoverageIgnoreEnd
} }
} }

View File

@ -26,6 +26,13 @@ use Zend\Diactoros\ServerRequestFactory;
class AuthorizationServerTest extends \PHPUnit_Framework_TestCase class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
{ {
public function setUp()
{
// Make sure the keys have the correct permissions.
chmod(__DIR__ . '/Stubs/private.key', 0600);
chmod(__DIR__ . '/Stubs/public.key', 0600);
}
public function testRespondToRequestInvalidGrantType() public function testRespondToRequestInvalidGrantType()
{ {
$server = new AuthorizationServer( $server = new AuthorizationServer(