recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

phorge / src / applications / auth / management / PhabricatorAuthManagementCachePKCS8Workflow.php
at upstream/main 98 lines 3.1 kB view raw
Andre Klapper Fix PHP 8.1 "strlen(null)" exception for "/bin/auth cache-pkcs8" without parameter
412c01ff
1<?php 2 3final class PhabricatorAuthManagementCachePKCS8Workflow 4 extends PhabricatorAuthManagementWorkflow { 5 6 protected function didConstruct() { 7 $this 8 ->setName('cache-pkcs8') 9 ->setExamples('**cache-pkcs8** --public __keyfile__ --pkcs8 __keyfile__') 10 ->setSynopsis( 11 pht( 12 'Cache the PKCS8 format of a public key. When developing on OSX, '. 13 'this can be used to work around issues with ssh-keygen. Use '. 14 '`%s` to generate a PKCS8 key to feed to this command.', 15 'ssh-keygen -e -m PKCS8 -f key.pub')) 16 ->setArguments( 17 array( 18 array( 19 'name' => 'public', 20 'param' => 'keyfile', 21 'help' => pht('Path to public keyfile.'), 22 ), 23 array( 24 'name' => 'pkcs8', 25 'param' => 'keyfile', 26 'help' => pht('Path to corresponding PKCS8 key.'), 27 ), 28 )); 29 } 30 31 public function execute(PhutilArgumentParser $args) { 32 $console = PhutilConsole::getConsole(); 33 34 $public_keyfile = $args->getArg('public'); 35 if (!phutil_nonempty_string($public_keyfile)) { 36 throw new PhutilArgumentUsageException( 37 pht( 38 'You must specify the path to a public keyfile with %s.', 39 '--public')); 40 } 41 42 if (!Filesystem::pathExists($public_keyfile)) { 43 throw new PhutilArgumentUsageException( 44 pht( 45 'Specified public keyfile "%s" does not exist!', 46 $public_keyfile)); 47 } 48 49 $public_key = Filesystem::readFile($public_keyfile); 50 51 $pkcs8_keyfile = $args->getArg('pkcs8'); 52 if (!phutil_nonempty_string($pkcs8_keyfile)) { 53 throw new PhutilArgumentUsageException( 54 pht( 55 'You must specify the path to a pkcs8 keyfile with %s.', 56 '--pkc8s')); 57 } 58 59 if (!Filesystem::pathExists($pkcs8_keyfile)) { 60 throw new PhutilArgumentUsageException( 61 pht( 62 'Specified pkcs8 keyfile "%s" does not exist!', 63 $pkcs8_keyfile)); 64 } 65 66 $pkcs8_key = Filesystem::readFile($pkcs8_keyfile); 67 68 $warning = pht( 69 'Adding a PKCS8 keyfile to the cache can be very dangerous. If the '. 70 'PKCS8 file really encodes a different public key than the one '. 71 'specified, an attacker could use it to gain unauthorized access.'. 72 "\n\n". 73 'Generally, you should use this option only in a development '. 74 'environment where ssh-keygen is broken and it is inconvenient to '. 75 'fix it, and only if you are certain you understand the risks. You '. 76 'should never cache a PKCS8 file you did not generate yourself.'); 77 78 $console->writeOut( 79 "%s\n", 80 phutil_console_wrap($warning)); 81 82 $prompt = pht('Really trust this PKCS8 keyfile?'); 83 if (!phutil_console_confirm($prompt)) { 84 throw new PhutilArgumentUsageException( 85 pht('Aborted workflow.')); 86 } 87 88 $key = PhabricatorAuthSSHPublicKey::newFromRawKey($public_key); 89 $key->forcePopulatePKCS8Cache($pkcs8_key); 90 91 $console->writeOut( 92 "%s\n", 93 pht('Cached PKCS8 key for public key.')); 94 95 return 0; 96 } 97 98}