diff options
Diffstat (limited to 'modules-available/rebootcontrol/inc/sshkey.inc.php')
-rw-r--r-- | modules-available/rebootcontrol/inc/sshkey.inc.php | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/modules-available/rebootcontrol/inc/sshkey.inc.php b/modules-available/rebootcontrol/inc/sshkey.inc.php index cce9b3dc..e0954415 100644 --- a/modules-available/rebootcontrol/inc/sshkey.inc.php +++ b/modules-available/rebootcontrol/inc/sshkey.inc.php @@ -3,13 +3,17 @@ class SSHKey { - public static function getPrivateKey(&$regen = false) { + public static function getPrivateKey(?bool &$regen = false): ?string + { $privKey = Property::get("rebootcontrol-private-key"); if (!$privKey) { - $rsaKey = openssl_pkey_new(array( + $rsaKey = openssl_pkey_new([ 'private_key_bits' => 2048, - 'private_key_type' => OPENSSL_KEYTYPE_RSA)); - openssl_pkey_export( openssl_pkey_get_private($rsaKey), $privKey); + 'private_key_type' => OPENSSL_KEYTYPE_RSA]); + if (!openssl_pkey_export( openssl_pkey_get_private($rsaKey), $privKey)) { + $regen = false; + return null; + } Property::set("rebootcontrol-private-key", $privKey); if (Module::isAvailable('sysconfig')) { ConfigTgz::rebuildAllConfigs(); @@ -19,21 +23,30 @@ class SSHKey return $privKey; } - public static function getPublicKey() { + public static function getPublicKey(): ?string + { $pkImport = openssl_pkey_get_private(self::getPrivateKey()); + if ($pkImport === false) + return null; return self::sshEncodePublicKey($pkImport); } - private static function sshEncodePublicKey($privKey) { + private static function sshEncodePublicKey($privKey): ?string + { $keyInfo = openssl_pkey_get_details($privKey); + if ($keyInfo === false) + return null; $buffer = pack("N", 7) . "ssh-rsa" . self::sshEncodeBuffer($keyInfo['rsa']['e']) . self::sshEncodeBuffer($keyInfo['rsa']['n']); return "ssh-rsa " . base64_encode($buffer); } - private static function sshEncodeBuffer($buffer) { + private static function sshEncodeBuffer(string $buffer): string + { $len = strlen($buffer); + // Prefix with extra null byte if the MSB is set, to ensure + // nobody will ever interpret this as a negative number if (ord($buffer[0]) & 0x80) { $len++; $buffer = "\x00" . $buffer; |