0
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2025-02-23 08:28:36 +00:00

fix: gracefully parse non-standard trusted certificates

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
This commit is contained in:
Richard Steinmetz 2024-09-24 10:33:07 +02:00
parent aec1ac1da4
commit e2373b56fe
No known key found for this signature in database
GPG key ID: 27137D9E7D273FB2
3 changed files with 42 additions and 2 deletions
lib/private/Security
tests

View file

@ -60,6 +60,16 @@ class Certificate implements ICertificate {
}
$info = openssl_x509_parse($data);
if (!is_array($info)) {
// There is a non-standardized certificate format only used by OpenSSL. Replace all
// separators and try again.
$data = str_replace(
['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'],
['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'],
$data,
);
$info = openssl_x509_parse($data);
}
if (!is_array($info)) {
throw new \Exception('Certificate could not get parsed.');
}

View file

@ -0,0 +1,25 @@
-----BEGIN TRUSTED CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaDAMMAoGCCsGAQUFBwMB
-----END TRUSTED CERTIFICATE-----

View file

@ -45,7 +45,7 @@ class CertificateTest extends \Test\TestCase {
$this->expiredCertificate = new Certificate($expiredCertificate, 'ExpiredCertificate');
}
public function testBogusData() {
$this->expectException(\Exception::class);
$this->expectExceptionMessage('Certificate could not get parsed.');
@ -54,7 +54,12 @@ class CertificateTest extends \Test\TestCase {
$certificate->getIssueDate();
}
public function testOpenSslTrustedCertificateFormat(): void {
$trustedCertificate = file_get_contents(__DIR__ . '/../../data/certificates/openSslTrustedCertificate.crt');
$certificate = new Certificate($trustedCertificate, 'TrustedCertificate');
$this->assertSame('thawte, Inc.', $certificate->getOrganization());
}
public function testCertificateStartingWithFileReference() {
$this->expectException(\Exception::class);
$this->expectExceptionMessage('Certificate could not get parsed.');