Merge pull request #20 from minvws/osx-check

exception when running CMS on MacOS
minvws · Nov 4, 2022 · 384fedd · 384fedd
2 parents 2564f20 + dca0b03
commit 384fedd
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/src/Exceptions/CryptoException.php b/src/Exceptions/CryptoException.php
@@ -48,4 +48,14 @@ public static function cannotReadFile(?string $path): CryptoException
 
         return new self(sprintf("error while reading keyfile %s: file is not readable by user (try chmod 644)", $path));
     }
+
+    public static function opensslVersion(): CryptoException
+    {
+        return new self('MacOS ships with an incompatible openssl (libreSSL) that does not support CMS encryption');
+    }
+
+    public static function opensslNotFound(): CryptoException
+    {
+        return new self('Cannot find openssl binary');
+    }
 }
diff --git a/src/Service/Cms/ProcessSpawnService.php b/src/Service/Cms/ProcessSpawnService.php
@@ -55,6 +55,12 @@ public function encrypt(string $plainText): string
 
         $errOutput = $process->getErrorOutput();
         if (!empty($errOutput)) {
+            if ($process->getExitCode() == 1 && $this->isLibreSSL()) {
+                throw CryptoException::opensslVersion();
+            }
+            if ($process->getExitCode() == 127) {
+                throw CryptoException::opensslNotFound();
+            }
             throw CryptoException::encrypt($errOutput);
         }
 
@@ -88,9 +94,28 @@ public function decrypt(string $cipherText): string
 
         $errOutput = $process->getErrorOutput();
         if (!empty($errOutput)) {
+            if ($process->getExitCode() == 1 && $this->isLibreSSL()) {
+                throw CryptoException::opensslVersion();
+            }
+            if ($process->getExitCode() == 127) {
+                throw CryptoException::opensslNotFound();
+            }
+
             throw CryptoException::decrypt($errOutput);
         }
 
         return $process->getOutput();
     }
+
+    protected function isLibreSSL(): bool
+    {
+        $process = new Process(['openssl', 'version']);
+        $process->run();
+        if ($process->getExitCode() != 0) {
+            return false;    // assume ok
+        }
+
+        $processOutput = $process->getOutput();
+        return strpos($processOutput, 'LibreSSL') !== false;
+    }
 }