mirror of
https://github.com/nextcloud/server.git
synced 2025-02-23 08:28:36 +00:00
fix: gracefully parse non-standard trusted certificates
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
This commit is contained in:
parent
aec1ac1da4
commit
e2373b56fe
3 changed files with 42 additions and 2 deletions
lib/private/Security
tests
|
@ -60,6 +60,16 @@ class Certificate implements ICertificate {
|
|||
}
|
||||
|
||||
$info = openssl_x509_parse($data);
|
||||
if (!is_array($info)) {
|
||||
// There is a non-standardized certificate format only used by OpenSSL. Replace all
|
||||
// separators and try again.
|
||||
$data = str_replace(
|
||||
['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'],
|
||||
['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'],
|
||||
$data,
|
||||
);
|
||||
$info = openssl_x509_parse($data);
|
||||
}
|
||||
if (!is_array($info)) {
|
||||
throw new \Exception('Certificate could not get parsed.');
|
||||
}
|
||||
|
|
25
tests/data/certificates/openSslTrustedCertificate.crt
Normal file
25
tests/data/certificates/openSslTrustedCertificate.crt
Normal file
|
@ -0,0 +1,25 @@
|
|||
-----BEGIN TRUSTED CERTIFICATE-----
|
||||
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
|
||||
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
|
||||
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
|
||||
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
|
||||
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
|
||||
NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
|
||||
LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
|
||||
A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
|
||||
IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
|
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
|
||||
W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
|
||||
3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
|
||||
6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
|
||||
Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
|
||||
NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
|
||||
MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
|
||||
r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
|
||||
DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
|
||||
YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
|
||||
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
|
||||
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
|
||||
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
|
||||
jVaMaDAMMAoGCCsGAQUFBwMB
|
||||
-----END TRUSTED CERTIFICATE-----
|
|
@ -45,7 +45,7 @@ class CertificateTest extends \Test\TestCase {
|
|||
$this->expiredCertificate = new Certificate($expiredCertificate, 'ExpiredCertificate');
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function testBogusData() {
|
||||
$this->expectException(\Exception::class);
|
||||
$this->expectExceptionMessage('Certificate could not get parsed.');
|
||||
|
@ -54,7 +54,12 @@ class CertificateTest extends \Test\TestCase {
|
|||
$certificate->getIssueDate();
|
||||
}
|
||||
|
||||
|
||||
public function testOpenSslTrustedCertificateFormat(): void {
|
||||
$trustedCertificate = file_get_contents(__DIR__ . '/../../data/certificates/openSslTrustedCertificate.crt');
|
||||
$certificate = new Certificate($trustedCertificate, 'TrustedCertificate');
|
||||
$this->assertSame('thawte, Inc.', $certificate->getOrganization());
|
||||
}
|
||||
|
||||
public function testCertificateStartingWithFileReference() {
|
||||
$this->expectException(\Exception::class);
|
||||
$this->expectExceptionMessage('Certificate could not get parsed.');
|
||||
|
|
Loading…
Reference in a new issue