AjaxController uses RSA auth mechanism, 2048-bit RSA keys

phpseclib uses a default RSA key size of 1024, which will soon be insufficient for good security. This boosts the generated key size to 2048-bit.
owncloud · Aug 12, 2015 · 58cd102 · 58cd102
1 parent dce4178
commit 58cd102
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 20 deletions.
diff --git a/apps/files_external/appinfo/application.php b/apps/files_external/appinfo/application.php
@@ -24,7 +24,6 @@
 
 namespace OCA\Files_External\AppInfo;
 
-use \OCA\Files_External\Controller\AjaxController;
 use \OCP\AppFramework\App;
 use \OCP\IContainer;
 use \OCA\Files_External\Service\BackendService;
@@ -36,18 +35,6 @@ class Application extends App {
 	public function __construct(array $urlParams=array()) {
 		parent::__construct('files_external', $urlParams);
 
-		$container = $this->getContainer();
-
-		/**
-		 * Controllers
-		 */
-		$container->registerService('AjaxController', function (IContainer $c) {
-			return new AjaxController(
-				$c->query('AppName'),
-				$c->query('Request')
-			);
-		});
-
 		$this->loadBackends();
 		$this->loadAuthMechanisms();
 	}

diff --git a/apps/files_external/controller/ajaxcontroller.php b/apps/files_external/controller/ajaxcontroller.php
@@ -25,19 +25,19 @@
 use OCP\AppFramework\Controller;
 use OCP\IRequest;
 use OCP\AppFramework\Http\JSONResponse;
-use phpseclib\Crypt\RSA;
+use OCA\Files_External\Lib\Auth\PublicKey\RSA;
 
 class AjaxController extends Controller {
-	public function __construct($appName, IRequest $request) {
+	/** @var RSA */
+	private $rsaMechanism;
+
+	public function __construct($appName, IRequest $request, RSA $rsaMechanism) {
 		parent::__construct($appName, $request);
+		$this->rsaMechanism = $rsaMechanism;
 	}
 
 	private function generateSshKeys() {
-		$rsa = new RSA();
-		$rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_OPENSSH);
-		$rsa->setPassword(\OC::$server->getConfig()->getSystemValue('secret', ''));
-
-		$key = $rsa->createKey();
+		$key = $this->rsaMechanism->createKey();
 		// Replace the placeholder label with a more meaningful one
 		$key['publicKey'] = str_replace('phpseclib-generated-key', gethostname(), $key['publickey']);
 

diff --git a/apps/files_external/lib/auth/publickey/rsa.php b/apps/files_external/lib/auth/publickey/rsa.php
@@ -33,6 +33,8 @@
  */
 class RSA extends AuthMechanism {
 
+	const CREATE_KEY_BITS = 2048;
+
 	/** @var IConfig */
 	private $config;
 
@@ -62,4 +64,17 @@ public function manipulateStorageConfig(StorageConfig &$storage) {
 		$storage->setBackendOption('public_key_auth', $auth);
 	}
 
+	/**
+	 * Generate a keypair
+	 *
+	 * @return array ['privatekey' => $privateKey, 'publickey' => $publicKey]
+	 */
+	public function createKey() {
+		$rsa = new RSACrypt();
+		$rsa->setPublicKeyFormat(RSACrypt::PUBLIC_FORMAT_OPENSSH);
+		$rsa->setPassword($this->config->getSystemValue('secret', ''));
+
+		return $rsa->createKey(self::CREATE_KEY_BITS);
+	}
+
 }