Last active
April 3, 2018 16:55
-
-
Save alikon/233d1111cdd2e0d0b1cec18596bbc152 to your computer and use it in GitHub Desktop.
Generate the signed update manifest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* @package Joomla.Cli | |
* | |
* @copyright Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved. | |
* @license GNU General Public License version 2 or later; see LICENSE.txt | |
*/ | |
/** | |
* This is a CLI script to generate the signed update manifest which should be called from the command-line, not the | |
* web. For example something like: | |
* /usr/bin/php /path/to/site/cli/signmanifest.php | |
*/ | |
// Initialize Joomla framework | |
const _JEXEC = 1; | |
// Load system defines | |
if (file_exists(dirname(__DIR__) . '/defines.php')) | |
{ | |
require_once dirname(__DIR__) . '/defines.php'; | |
} | |
if (!defined('_JDEFINES')) | |
{ | |
define('JPATH_BASE', dirname(__DIR__)); | |
require_once JPATH_BASE . '/includes/defines.php'; | |
} | |
// Get the framework. | |
require_once JPATH_LIBRARIES . '/import.legacy.php'; | |
// Bootstrap the CMS libraries. | |
require_once JPATH_LIBRARIES . '/cms.php'; | |
/** | |
* Generate signed update manifest. | |
* | |
* @since __DEPLOY_VERSION__ | |
*/ | |
class signmanifest extends JApplicationCli | |
{ | |
/** | |
* Entry point for the script | |
* | |
* @return void | |
* | |
* @since __DEPLOY_VERSION__ | |
*/ | |
public function doExecute() | |
{ | |
// Get the extension developer public key or change this to your own keypairs | |
$dev_sk='c8ae09b5743ca7acdbc18907dca5803bc0e20b0cc9005833bc14642bbd4cf6d56c46e9505ba78f9fb113b34dace5c095f69d1f693d5a087272cf6d470e5e15c9'; | |
$dev_pk='6c46e9505ba78f9fb113b34dace5c095f69d1f693d5a087272cf6d470e5e15c9'; | |
echo 'DeveloperSecretKey:' . $dev_sk, PHP_EOL; | |
echo '---', PHP_EOL; | |
echo 'DeveloperPublicKey:' . $dev_pk , PHP_EOL; | |
// Get the original extension update manifest | |
$manifest = file_get_contents(dirname(__DIR__) . '/cli/testmanifest.xml'); | |
// Create a trimmed copy of the original manifest | |
$doc = new DOMDocument; | |
$doc->preserveWhiteSpace = false; | |
$dom->formatOutput = true; | |
$doc->loadxml( $manifest ); | |
$xml = $doc->savexml(); | |
$a= file_put_contents(dirname(__DIR__) . '/cli/trimmedmanifest.xml', $xml); | |
// Hash the trimmed manifest | |
$manifest = file_get_contents(dirname(__DIR__) . '/cli/trimmedmanifest.xml'); | |
$digest = hash("sha384", $manifest); | |
// Sign the digest with the key pairs | |
$dev_sk = ParagonIE_Sodium_Compat::hex2bin($dev_sk); | |
$dev_pk = ParagonIE_Sodium_Compat::hex2bin($dev_pk); | |
$signature = ParagonIE_Sodium_Compat::crypto_sign_detached($digest, $dev_sk); | |
// Verify the signature | |
if (ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $digest, $dev_pk)) | |
{ | |
echo 'OK', PHP_EOL; | |
} else { | |
throw new Exception('Invalid signature'); | |
} | |
// add the signature to the original manifest | |
// get the original manifest | |
$manifest = file_get_contents(dirname(__DIR__) . '/cli/testmanifest.xml'); | |
// add the signed hash to the public manifest | |
$xmldoc = new DOMDocument; | |
$xmldoc->preserveWhiteSpace = true; | |
$xmldoc->loadxml($manifest); | |
// Create the new tag | |
$newNode = $xmldoc->createElement('signature'); | |
$newValue = $xmldoc->createTextNode(bin2hex($signature)); | |
$newNode->appendChild($newValue); | |
$xmldoc->getElementsByTagName("updates")[0]->appendChild($newNode); | |
// Save the signed manfifest | |
$xml = $xmldoc->savexml(); | |
$a= file_put_contents(dirname(__DIR__) . '/cli/signedmanifest.xml', $xml); | |
echo 'Signature:' . bin2hex($signature), PHP_EOL; | |
} | |
} | |
JApplicationCli::getInstance('signmanifest')->execute(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
change $dev_pk,$dev_sk with your keypairs