diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2021-01-20 10:46:06 +0100 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2021-01-20 10:57:41 +0100 |
commit | d751fedffb110aca956e9f786cd9ecdafdfa6ecd (patch) | |
tree | 36f0ca4314e50e72c308fd43af79d8fc084b69c6 /lib/private | |
parent | 4373afeae107852e9feb9fe0c152c608add561eb (diff) | |
download | nextcloud-server-d751fedffb110aca956e9f786cd9ecdafdfa6ecd.tar.gz nextcloud-server-d751fedffb110aca956e9f786cd9ecdafdfa6ecd.zip |
phpsec lib can't parse multiple certs in one go
So we have to split it manually and do it ourselves
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private')
-rw-r--r-- | lib/private/Installer.php | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/lib/private/Installer.php b/lib/private/Installer.php index 6dfc9a5f0bb..2a0fdab87ff 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -216,6 +216,18 @@ class Installer { } /** + * Split the certificate file in individual certs + * + * @param string $cert + * @return string[] + */ + private function splitCerts(string $cert): array { + preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches); + + return $matches[0]; + } + + /** * Downloads an app and puts it into the app directory * * @param string $appId @@ -231,12 +243,18 @@ class Installer { if ($app['id'] === $appId) { // Load the certificate $certificate = new X509(); - $certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt')); + $rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'); + $rootCrts = $this->splitCerts($rootCrt); + foreach ($rootCrts as $rootCrt) { + $certificate->loadCA($rootCrt); + } $loadedCertificate = $certificate->loadX509($app['certificate']); // Verify if the certificate has been revoked $crl = new X509(); - $crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt')); + foreach ($rootCrts as $rootCrt) { + $crl->loadCA($rootCrt); + } $crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl')); if ($crl->validateSignature() !== true) { throw new \Exception('Could not validate CRL signature'); |