From 75c34ce68d70a998f3ac20b681d61d08f2cb6122 Mon Sep 17 00:00:00 2001 From: phl0 Date: Sat, 20 Jan 2024 23:35:19 +0100 Subject: [PATCH 1/5] This re-encrypts the private keys with wavelog string --- application/controllers/Lotw.php | 4 +- .../migrations/175_recode_lotw_keys.php | 46 +++++++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 application/migrations/175_recode_lotw_keys.php diff --git a/application/controllers/Lotw.php b/application/controllers/Lotw.php index 50c51c2a0..4d8ea80b6 100644 --- a/application/controllers/Lotw.php +++ b/application/controllers/Lotw.php @@ -409,7 +409,7 @@ class Lotw extends CI_Controller { if($worked) { // Reading p12 successful - $new_password = "cloudlog"; // set default password + $new_password = "wavelog"; // set default password $result = null; $worked = openssl_pkey_export($results['pkey'], $result, $new_password); @@ -957,7 +957,7 @@ class Lotw extends CI_Controller { $key = $sign_key; - $pkeyid = openssl_pkey_get_private($key, 'cloudlog'); + $pkeyid = openssl_pkey_get_private($key, 'wavelog'); //openssl_sign($plaintext, $signature, $pkeyid, OPENSSL_ALGO_SHA1 ); //openssl_free_key($pkeyid); diff --git a/application/migrations/175_recode_lotw_keys.php b/application/migrations/175_recode_lotw_keys.php new file mode 100644 index 000000000..1da650f87 --- /dev/null +++ b/application/migrations/175_recode_lotw_keys.php @@ -0,0 +1,46 @@ +db->select('lotw_cert_id, cert_key'); + $query = $this->db->get('lotw_certs'); + foreach ($query->result() as $row) { + $pkeyid = openssl_pkey_get_private(trim($row->cert_key), 'cloudlog'); + if (!$pkeyid) { + log_message('error', 'Extracting private key of LoTW cert '.$row->lotw_cert_id.' failed.'); + } + $pkey = null; + $worked = openssl_pkey_export($pkeyid, $pkey, 'wavelog'); + if ($worked) { + $this->db->set('cert_key', $pkey); + $this->db->where('lotw_cert_id', $row->lotw_cert_id); + $this->db->update('lotw_certs'); + } else { + log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.'); + } + } + } + + public function down() { + $this->db->select('lotw_cert_id, cert_key'); + $query = $this->db->get('lotw_certs'); + foreach ($query->result() as $row) { + $pkeyid = openssl_pkey_get_private(trim($row->cert_key), 'wavelog'); + if (!$pkeyid) { + log_message('error', 'Extracting private key of LoTW cert '.$row->lotw_cert_id.' failed.'); + } + $pkey = null; + $worked = openssl_pkey_export($pkeyid, $pkey, 'cloudlog'); + if ($worked) { + $this->db->set('cert_key', $pkey); + $this->db->where('lotw_cert_id', $row->lotw_cert_id); + $this->db->update('lotw_certs'); + } else { + log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.'); + } + } + } +} From 7cd5ee11542a57bf755284a409af2c1b7f0cbf74 Mon Sep 17 00:00:00 2001 From: phl0 Date: Sat, 20 Jan 2024 23:41:00 +0100 Subject: [PATCH 2/5] Migration++ --- application/config/migration.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/migration.php b/application/config/migration.php index fc454147d..086fb9a7c 100644 --- a/application/config/migration.php +++ b/application/config/migration.php @@ -22,7 +22,7 @@ $config['migration_enabled'] = TRUE; | */ -$config['migration_version'] = 174; +$config['migration_version'] = 175; /* |-------------------------------------------------------------------------- From 555c31aee6086009837bd8e1c3895e9c69a9d029 Mon Sep 17 00:00:00 2001 From: phl0 Date: Sat, 20 Jan 2024 23:45:25 +0100 Subject: [PATCH 3/5] Log message if private key usage failed --- application/controllers/Lotw.php | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/application/controllers/Lotw.php b/application/controllers/Lotw.php index 4d8ea80b6..20f4c6be6 100644 --- a/application/controllers/Lotw.php +++ b/application/controllers/Lotw.php @@ -958,16 +958,19 @@ class Lotw extends CI_Controller { $key = $sign_key; $pkeyid = openssl_pkey_get_private($key, 'wavelog'); - //openssl_sign($plaintext, $signature, $pkeyid, OPENSSL_ALGO_SHA1 ); - //openssl_free_key($pkeyid); + if ($pkeyid) { + //openssl_sign($plaintext, $signature, $pkeyid, OPENSSL_ALGO_SHA1 ); + //openssl_free_key($pkeyid); - - if(openssl_sign($qso_string, $signature, $pkeyid, OPENSSL_ALGO_SHA1)) { - if (defined('PHP_MAJOR_VERSION') && PHP_MAJOR_VERSION < 8) { - openssl_free_key($pkeyid); - } - $signature_b64 = base64_encode($signature); - return $signature_b64; + if(openssl_sign($qso_string, $signature, $pkeyid, OPENSSL_ALGO_SHA1)) { + if (defined('PHP_MAJOR_VERSION') && PHP_MAJOR_VERSION < 8) { + openssl_free_key($pkeyid); + } + $signature_b64 = base64_encode($signature); + return $signature_b64; + } + } else { + log_message('error', 'Error signing LoTW log.'); } From f37d9590100efba4e541e5fcb49ef59658939c84 Mon Sep 17 00:00:00 2001 From: phl0 Date: Sat, 20 Jan 2024 23:59:45 +0100 Subject: [PATCH 4/5] Do not upload to LoTW if signing failed --- application/controllers/Lotw.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/application/controllers/Lotw.php b/application/controllers/Lotw.php index 20f4c6be6..4bb744ee2 100644 --- a/application/controllers/Lotw.php +++ b/application/controllers/Lotw.php @@ -262,6 +262,11 @@ class Lotw extends CI_Controller { // Build File to save $adif_to_save = $this->load->view('lotw_views/adif_views/adif_export', $data, TRUE); + if (strpos($adif_to_save, '')) { + // Signing failed + echo "Signing failed."; + continue; + } // create folder to store upload file if (!file_exists('./uploads/lotw')) { @@ -971,6 +976,7 @@ class Lotw extends CI_Controller { } } else { log_message('error', 'Error signing LoTW log.'); + return null; } From a4a3e98d3800af28173e5c00cdf72458083d68f8 Mon Sep 17 00:00:00 2001 From: phl0 Date: Sun, 21 Jan 2024 00:29:40 +0100 Subject: [PATCH 5/5] Only continue upon successfully extracrinf the pruvate key --- .../migrations/175_recode_lotw_keys.php | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/application/migrations/175_recode_lotw_keys.php b/application/migrations/175_recode_lotw_keys.php index 1da650f87..d84a4a5bd 100644 --- a/application/migrations/175_recode_lotw_keys.php +++ b/application/migrations/175_recode_lotw_keys.php @@ -11,15 +11,16 @@ class Migration_recode_lotw_keys extends CI_Migration { $pkeyid = openssl_pkey_get_private(trim($row->cert_key), 'cloudlog'); if (!$pkeyid) { log_message('error', 'Extracting private key of LoTW cert '.$row->lotw_cert_id.' failed.'); - } - $pkey = null; - $worked = openssl_pkey_export($pkeyid, $pkey, 'wavelog'); - if ($worked) { - $this->db->set('cert_key', $pkey); - $this->db->where('lotw_cert_id', $row->lotw_cert_id); - $this->db->update('lotw_certs'); } else { - log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.'); + $pkey = null; + $worked = openssl_pkey_export($pkeyid, $pkey, 'wavelog'); + if ($worked) { + $this->db->set('cert_key', $pkey); + $this->db->where('lotw_cert_id', $row->lotw_cert_id); + $this->db->update('lotw_certs'); + } else { + log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.'); + } } } } @@ -31,15 +32,16 @@ class Migration_recode_lotw_keys extends CI_Migration { $pkeyid = openssl_pkey_get_private(trim($row->cert_key), 'wavelog'); if (!$pkeyid) { log_message('error', 'Extracting private key of LoTW cert '.$row->lotw_cert_id.' failed.'); - } - $pkey = null; - $worked = openssl_pkey_export($pkeyid, $pkey, 'cloudlog'); - if ($worked) { - $this->db->set('cert_key', $pkey); - $this->db->where('lotw_cert_id', $row->lotw_cert_id); - $this->db->update('lotw_certs'); } else { - log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.'); + $pkey = null; + $worked = openssl_pkey_export($pkeyid, $pkey, 'cloudlog'); + if ($worked) { + $this->db->set('cert_key', $pkey); + $this->db->where('lotw_cert_id', $row->lotw_cert_id); + $this->db->update('lotw_certs'); + } else { + log_message('error', 'Updating LoTW key id '.$row->lotw_cert_id.' failed.'); + } } } }