Commit 00b4caea authored by Michael Herold's avatar Michael Herold
Browse files

[web] Fixes handling of empty subjectKeyIdentifier

Downstream used patched for x.509 certs
parent ede0ef3d
v0.11.0
- Adds proper checks for localparts in gui
- Changes headerbar to use available space by not centering the title if needed
- [web] Fixes handling of x.509 certs with empty subjectKeyIdentifier
v0.10.0:
- Version number jump to get in sync with carnivora
- Adds cantarell as web font
......
<?php
/*
* Copyright (C) 2015 Michael Herold <quabla@hemio.de>
*
......@@ -23,18 +24,17 @@ namespace hemio\edentata\module\web;
*
* @author Michael Herold <quabla@hemio.de>
*/
class Cert
{
class Cert {
protected $formatted;
protected $raw;
protected $parsed;
const BEGIN = '-----BEGIN CERTIFICATE-----';
const END = '-----END CERTIFICATE-----';
const END = '-----END CERTIFICATE-----';
public static function extract($str)
{
$pattern = '/'.self::BEGIN.'(?<cert>[a-zA-Z\d+=\/\s]+)'.self::END.'/s';
public static function extract($str) {
$pattern = '/' . self::BEGIN . '(?<cert>[a-zA-Z\d+=\/\s]+)' . self::END . '/s';
$matches = [];
preg_match_all($pattern, $str, $matches);
......@@ -50,19 +50,16 @@ class Cert
return [new Cert(self::clean($str))];
}
public static function clean($str)
{
public static function clean($str) {
return preg_replace('/\s+/', '', $str);
}
public function __construct($certificate)
{
public function __construct($certificate) {
if ($certificate != self::clean($certificate))
throw new \hemio\edentata\exception\Error('Expecting cleaned string');
$this->formatted = self::BEGIN.PHP_EOL.chunk_split($certificate, 64,
PHP_EOL).self::END;
$this->raw = $certificate;
$this->formatted = self::BEGIN . PHP_EOL . chunk_split($certificate, 64, PHP_EOL) . self::END;
$this->raw = $certificate;
$this->parsed = openssl_x509_parse($this->formatted, true);
......@@ -76,9 +73,8 @@ class Cert
* @param string $hashAlg
* @return string
*/
public function fingerprint($hashAlg)
{
$str = openssl_x509_fingerprint($this->formatted, $hashAlg, false);
public function fingerprint($hashAlg) {
$str = openssl_x509_fingerprint($this->formatted, $hashAlg, false);
$chunk = trim(chunk_split($str, 2, ':'), ':');
return strtoupper($chunk);
}
......@@ -87,8 +83,7 @@ class Cert
*
* @return array
*/
public function fingerprints()
{
public function fingerprints() {
return [
'SHA-512' => $this->fingerprint('sha512'),
'SHA-384' => $this->fingerprint('sha384'),
......@@ -98,18 +93,16 @@ class Cert
];
}
public function commonName()
{
public function commonName() {
return $this->parsed['subject']['CN'];
}
public function altNames()
{
public function altNames() {
$names = [];
$entries = explode(',', $this->parsed['extensions']['subjectAltName']);
foreach ($entries as $entry) {
$keyVal = explode(':', $entry);
$keyVal = explode(':', $entry);
if (trim($keyVal[0]) === 'DNS')
$names[] = trim($keyVal[1]);
}
......@@ -121,22 +114,19 @@ class Cert
*
* @return \DateTime
*/
public function validFrom()
{
return new \DateTime('@'.$this->parsed['validFrom_time_t']);
public function validFrom() {
return new \DateTime('@' . $this->parsed['validFrom_time_t']);
}
/**
*
* @return \DateTime
*/
public function validTo()
{
return new \DateTime('@'.$this->parsed['validTo_time_t']);
public function validTo() {
return new \DateTime('@' . $this->parsed['validTo_time_t']);
}
public function trusted(array $intermediate)
{
public function trusted(array $intermediate) {
$itermediateFormatted = array_map(function (Cert $obj) {
return $obj->formatted();
}, $intermediate);
......@@ -151,14 +141,12 @@ class Cert
$status = null;
$stdout = '';
exec('/usr/bin/openssl verify -untrusted "'.$pthInterm.'" "'.$pthCert.'"',
$stdout, $status);
exec('/usr/bin/openssl verify -untrusted "' . $pthInterm . '" "' . $pthCert . '"', $stdout, $status);
return $status === 0;
}
public function authorityKeyIdentifier()
{
public function authorityKeyIdentifier() {
$str = $this->parsed['extensions']['authorityKeyIdentifier'];
// extract from keyid:KEY,... format
......@@ -168,31 +156,31 @@ class Cert
return trim($key[1]);
}
public function subjectKeyIdentifier()
{
return $this->parsed['extensions']['subjectKeyIdentifier'];
public function subjectKeyIdentifier() {
if (isset($this->parsed['extensions']['subjectKeyIdentifier']))
return $this->parsed['extensions']['subjectKeyIdentifier'];
else
return null;
}
public function raw()
{
public function raw() {
return $this->raw;
}
public function formatted()
{
public function formatted() {
return $this->formatted;
}
public function suggestChain(Db $db)
{
public function suggestChain(Db $db) {
$ident = $this->authorityKeyIdentifier();
$chain = [];
while ($next = $db->intermediateCertSelect($ident)->fetch()) {
while ($next = $db->intermediateCertSelect($ident)->fetch()) {
$chain[] = new Cert($next['x509_certificate']);
$ident = $next['authority_key_identifier'];
$ident = $next['authority_key_identifier'];
}
return $chain;
}
}
......@@ -30,7 +30,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
.button {
@extend .input_style;
//@extend .input_position;
width: auto;
@include button-background($button-color);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment