upload without temp file

mahmishr · mahmishr · commit 61672e5edeee · 2025-07-02T23:47:36.000+05:30
diff --git a/lib/Utilities/PGP/BatchUpload/MutualAuthUploadUtility.php b/lib/Utilities/PGP/BatchUpload/MutualAuthUploadUtility.php
@@ -9,7 +9,7 @@ class MutualAuthUploadUtility
     /**
      * Uploads an encrypted file using mTLS with a PKCS#12 (.p12/.pfx) client certificate.
      *
-     * @param string $encryptedPgpBytes The encrypted file content (ASCII-armored).
+     * @param string $encryptedPgpBytes The encrypted file content.
      * @param string $endpointUrl The full API endpoint URL.
      * @param string $fileName The file name to use in the multipart upload.
      * @param string $p12FilePath Path to the PKCS#12 client certificate file.
@@ -28,103 +28,25 @@ public static function uploadWithP12(
         $verify_ssl = true,
         $logger = null
     ) {
-        $tmpFile = tempnam(sys_get_temp_dir(), 'pgp_');
-        file_put_contents($tmpFile, $encryptedPgpBytes);
-
-        $ch = curl_init();
-        $cfile = new \CURLFile($tmpFile, 'application/octet-stream', $fileName);
-        $postFields = ['file' => $cfile];
-
-        curl_setopt($ch, CURLOPT_URL, $endpointUrl);
-        curl_setopt($ch, CURLOPT_POST, 1);
-        curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
-
-        // mTLS: client cert (PKCS#12)
-        curl_setopt($ch, CURLOPT_SSLCERT, $p12FilePath);
-        curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'P12');
-        curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $p12Password);
-
-        // CA cert for server validation
-        if ($caCertPath) {
-            curl_setopt($ch, CURLOPT_CAINFO, $caCertPath);
-        }
-
-        // SSL verification
-        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
-        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $verify_ssl ? 2 : 0);
-
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        
-        // Optional: Add correlation ID for logging/tracing
-        $correlationId = self::generateCorrelationId();
-        curl_setopt($ch, CURLOPT_HTTPHEADER, [
-            "v-c-correlation-id: $correlationId"
-        ]);
-
-        // Use CURLOPT_HEADERFUNCTION to parse headers
-        $responseHeaders = [];
-        curl_setopt($ch, CURLOPT_HEADERFUNCTION, function($curl, $header_line) use (&$responseHeaders) {
-            $len = strlen($header_line);
-            $header_line = trim($header_line);
-            if (empty($header_line) || strpos($header_line, ':') === false) {
-                return $len;
-            }
-            
-            list($key, $value) = explode(':', $header_line, 2);
-            $key = trim($key);
-            $value = trim($value);
-            
-            if (isset($responseHeaders[$key])) {
-                if (is_array($responseHeaders[$key])) {
-                    $responseHeaders[$key][] = $value;
-                } else {
-                    $responseHeaders[$key] = [$responseHeaders[$key], $value];
-                }
-            } else {
-                $responseHeaders[$key] = $value;
-            }
-            
-            return $len;
-        });
-
-        $body = curl_exec($ch);
-
-        if ($body === false) {
-            $err = curl_error($ch);
-            curl_close($ch);
-            unlink($tmpFile);
-            $error_message = "cURL error: $err";
-            if ($logger) $logger->error($error_message);
-            throw new ApiException($error_message, 500);
-        }
-
-        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-        $err = curl_error($ch);
-
-        curl_close($ch);
-        unlink($tmpFile);
-
-        if ($err || $httpCode === 0) {
-            $error_message = $err ? "cURL error: $err" : "API call failed, but for an unknown reason. This could happen if you are disconnected from the network.";
-            if ($logger) $logger->error($error_message);
-            throw new ApiException($error_message, 500);
-        } elseif ($httpCode >= 200 && $httpCode < 300) {
-            if ($logger) $logger->info("Upload completed for correlationId: $correlationId. Status: $httpCode");
-            // Check if response is JSON and return decoded JSON if it is, otherwise return as string
-            $jsonResponse = json_decode($body, true);
-            $processedBody = (json_last_error() === JSON_ERROR_NONE) ? $jsonResponse : $body;
-            return [$processedBody, $httpCode, $responseHeaders];
-        } else {
-            $msg = "File upload failed. Status code: $httpCode, body: $body";
-            if ($logger) $logger->error($msg);
-            throw new ApiException($msg, $httpCode, $responseHeaders, $body);
-        }
+        return self::doMultipartUpload(
+            $encryptedPgpBytes,
+            $endpointUrl,
+            $fileName,
+            [
+                'type' => 'p12',
+                'cert' => $p12FilePath,
+                'password' => $p12Password,
+            ],
+            $caCertPath,
+            $verify_ssl,
+            $logger
+        );
     }
 
     /**
      * Uploads an encrypted file using mTLS with client key/cert PEM files.
      *
-     * @param string $encryptedPgpBytes The encrypted file content (ASCII-armored).
+     * @param string $encryptedPgpBytes The encrypted file content.
      * @param string $endpointUrl The full API endpoint URL.
      * @param string $fileName The file name to use in the multipart upload.
      * @param string $clientCertPath Path to the client certificate (PEM).
@@ -145,22 +67,67 @@ public static function uploadWithKeyAndCert(
         $verify_ssl = true,
         $logger = null
     ) {
-        $tmpFile = tempnam(sys_get_temp_dir(), 'pgp_');
-        file_put_contents($tmpFile, $encryptedPgpBytes);
+        return self::doMultipartUpload(
+            $encryptedPgpBytes,
+            $endpointUrl,
+            $fileName,
+            [
+                'type' => 'pem',
+                'cert' => $clientCertPath,
+                'key' => $clientKeyPath,
+                'password' => $clientKeyPassword,
+            ],
+            $caCertPath,
+            $verify_ssl,
+            $logger
+        );  
+    }
 
+    /**
+     * Shared logic for multipart upload with mTLS.
+     */
+    private static function doMultipartUpload(
+        $encryptedPgpBytes,
+        $endpointUrl,
+        $fileName,
+        $tlsConfig,
+        $caCertPath,
+        $verify_ssl,
+        $logger
+    ){
+        $boundary = '--------------------------' . microtime(true);
+        $eol = "\r\n";
+        // works without this header too: Content-Transfer-Encoding
+        $multipartBody =
+            "--$boundary$eol" .
+            "Content-Disposition: form-data; name=\"file\"; filename=\"$fileName\"$eol" .
+            "Content-Type: application/octet-stream$eol" .
+            "Content-Transfer-Encoding: binary$eol$eol" .
+            $encryptedPgpBytes . $eol .
+            "--$boundary--$eol";
+        
+        $correlationId = self::generateCorrelationId();
+        
         $ch = curl_init();
-        $cfile = new \CURLFile($tmpFile, 'application/octet-stream', $fileName);
-        $postFields = ['file' => $cfile];
-
         curl_setopt($ch, CURLOPT_URL, $endpointUrl);
         curl_setopt($ch, CURLOPT_POST, 1);
-        curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $multipartBody);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Content-Type: multipart/form-data; boundary=$boundary",
+            "v-c-correlation-id: $correlationId"
+        ]);
 
-        // mTLS: client cert and key
-        curl_setopt($ch, CURLOPT_SSLCERT, $clientCertPath);
-        curl_setopt($ch, CURLOPT_SSLKEY, $clientKeyPath);
-        if ($clientKeyPassword) {
-            curl_setopt($ch, CURLOPT_KEYPASSWD, $clientKeyPassword);
+        // mTLS: handle both PKCS#12 and cert and key
+        if ($tlsConfig['type'] === 'p12') {
+            curl_setopt($ch, CURLOPT_SSLCERT, $tlsConfig['cert']);
+            curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'P12');
+            curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $tlsConfig['password']);
+        } else {
+            curl_setopt($ch, CURLOPT_SSLCERT, $tlsConfig['cert']);
+            curl_setopt($ch, CURLOPT_SSLKEY, $tlsConfig['key']);
+            if (!empty($tlsConfig['password'])) {
+                curl_setopt($ch, CURLOPT_KEYPASSWD, $tlsConfig['password']);
+            }
         }
 
         // CA cert for server validation
@@ -173,12 +140,6 @@ public static function uploadWithKeyAndCert(
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $verify_ssl ? 2 : 0);
 
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        
-        // Optional: Add correlation ID for logging/tracing
-        $correlationId = self::generateCorrelationId();
-        curl_setopt($ch, CURLOPT_HTTPHEADER, [
-            "v-c-correlation-id: $correlationId"
-        ]);
 
         // Use CURLOPT_HEADERFUNCTION to parse headers
         $responseHeaders = [];
@@ -211,18 +172,15 @@ public static function uploadWithKeyAndCert(
         if ($body === false) {
             $err = curl_error($ch);
             curl_close($ch);
-            unlink($tmpFile);
             $error_message = "cURL error: $err";
             if ($logger) $logger->error($error_message);
             throw new ApiException($error_message, 500);
         }
 
         $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
         $err = curl_error($ch);
-        $http_header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
-        $http_body = substr($body, $http_header_size);
+
         curl_close($ch);
-        unlink($tmpFile);
 
         if ($err || $httpCode === 0) {
             if ($err) {
@@ -236,13 +194,14 @@ public static function uploadWithKeyAndCert(
             throw new ApiException($error_message, 500);
         } elseif ($httpCode >= 200 && $httpCode < 300) {
             if ($logger) $logger->info("Upload completed for correlationId: $correlationId. Status: $httpCode");
-            $jsonResponse = json_decode($http_body);
+            // Check if response is JSON and return decoded JSON if it is, otherwise return as string
+            $jsonResponse = json_decode($body, true);
             $processedBody = (json_last_error() === JSON_ERROR_NONE) ? $jsonResponse : $body;
             return [$processedBody, $httpCode, $responseHeaders];
         } else {
-            $msg = "File upload failed. Status code: $httpCode, body: $http_body";
+            $msg = "File upload failed. Status code: $httpCode, body: $body";
             if ($logger) $logger->error($msg);
-            throw new ApiException($msg, $httpCode, $responseHeaders, $http_body);
+            throw new ApiException($msg, $httpCode, $responseHeaders, $body);
         }
     }
 
diff --git a/lib/Utilities/PGP/BatchUpload/PgpEncryptionUtility.php b/lib/Utilities/PGP/BatchUpload/PgpEncryptionUtility.php
@@ -41,7 +41,7 @@ public static function encryptFileToBytes($inputFile, $publicKeyFile)
         $literal = new \OpenPGP_LiteralDataPacket($data, ['format' => 'b', 'filename' => basename($inputFile)]);
     
         $encrypted = \OpenPGP_Crypt_Symmetric::encrypt([$pubKeyPacket], new \OpenPGP_Message([$literal]));
-    
-        return $encrypted->to_bytes();
+    //also works without converting to string
+        return (string)$encrypted->to_bytes();
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public static function encryptFileToBytes($inputFile, $publicKeyFile)`
`41`	`41`	`$literal = new \OpenPGP_LiteralDataPacket($data, ['format' => 'b', 'filename' => basename($inputFile)]);`
`42`	`42`
`43`	`43`	`$encrypted = \OpenPGP_Crypt_Symmetric::encrypt([$pubKeyPacket], new \OpenPGP_Message([$literal]));`
`44`		`-`
`45`		`- return $encrypted->to_bytes();`
	`44`	`+ //also works without converting to string`
	`45`	`+ return (string)$encrypted->to_bytes();`
`46`	`46`	`}`
`47`	`47`	`}`