From 75c34ce68d70a998f3ac20b681d61d08f2cb6122 Mon Sep 17 00:00:00 2001
From: phl0 <github@florian-wolters.de>
Date: Sat, 20 Jan 2024 23:35:19 +0100
Subject: [PATCH] This re-encrypts the private keys with wavelog string

---
 application/controllers/Lotw.php              |  4 +-
 .../migrations/175_recode_lotw_keys.php       | 46 +++++++++++++++++++
 2 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 application/migrations/175_recode_lotw_keys.php

diff --git a/application/controllers/Lotw.php b/application/controllers/Lotw.php
index 50c51c2a0..4d8ea80b6 100644
--- a/application/controllers/Lotw.php
+++ b/application/controllers/Lotw.php
@@ -409,7 +409,7 @@ class Lotw extends CI_Controller {
 
 		if($worked) {
 			// Reading p12 successful
-		    $new_password = "cloudlog"; // set default password
+			$new_password = "wavelog"; // set default password
 			$result = null;
 			$worked = openssl_pkey_export($results['pkey'], $result, $new_password);
 
@@ -957,7 +957,7 @@ class Lotw extends CI_Controller {
 
 		$key = $sign_key;
 
-		$pkeyid = openssl_pkey_get_private($key, 'cloudlog');
+		$pkeyid = openssl_pkey_get_private($key, 'wavelog');
 		//openssl_sign($plaintext, $signature, $pkeyid, OPENSSL_ALGO_SHA1 );
 		//openssl_free_key($pkeyid);
 
diff --git a/application/migrations/175_recode_lotw_keys.php b/application/migrations/175_recode_lotw_keys.php
new file mode 100644
index 000000000..1da650f87
--- /dev/null
+++ b/application/migrations/175_recode_lotw_keys.php
@@ -0,0 +1,46 @@
+<?php
+
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_recode_lotw_keys extends CI_Migration {
+
+	public function up() {
+		$this->db->select('lotw_cert_id, cert_key');
+		$query = $this->db->get('lotw_certs');
+		foreach ($query->result() as $row) {
+			$pkeyid = openssl_pkey_get_private(trim($row->cert_key), 'cloudlog');
+			if (!$pkeyid) {
+				log_message('error', 'Extracting private key of LoTW cert '.$row->lotw_cert_id.' failed.');
+			}
+			$pkey = null;
+			$worked = openssl_pkey_export($pkeyid, $pkey, 'wavelog');
+			if ($worked) {
+				$this->db->set('cert_key', $pkey);
+				$this->db->where('lotw_cert_id', $row->lotw_cert_id);
+				$this->db->update('lotw_certs');
+			} else {
+				log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.');
+			}
+		}
+	}
+
+	public function down() {
+		$this->db->select('lotw_cert_id, cert_key');
+		$query = $this->db->get('lotw_certs');
+		foreach ($query->result() as $row) {
+			$pkeyid = openssl_pkey_get_private(trim($row->cert_key), 'wavelog');
+			if (!$pkeyid) {
+				log_message('error', 'Extracting private key of LoTW cert '.$row->lotw_cert_id.' failed.');
+			}
+			$pkey = null;
+			$worked = openssl_pkey_export($pkeyid, $pkey, 'cloudlog');
+			if ($worked) {
+				$this->db->set('cert_key', $pkey);
+				$this->db->where('lotw_cert_id', $row->lotw_cert_id);
+				$this->db->update('lotw_certs');
+			} else {
+				log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.');
+			}
+		}
+	}
+}