aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2021-01-20 10:46:06 +0100
committerRoeland Jago Douma <roeland@famdouma.nl>2021-01-20 10:57:41 +0100
commitd751fedffb110aca956e9f786cd9ecdafdfa6ecd (patch)
tree36f0ca4314e50e72c308fd43af79d8fc084b69c6 /lib/private
parent4373afeae107852e9feb9fe0c152c608add561eb (diff)
downloadnextcloud-server-d751fedffb110aca956e9f786cd9ecdafdfa6ecd.tar.gz
nextcloud-server-d751fedffb110aca956e9f786cd9ecdafdfa6ecd.zip
phpsec lib can't parse multiple certs in one go
So we have to split it manually and do it ourselves Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/Installer.php22
1 files changed, 20 insertions, 2 deletions
diff --git a/lib/private/Installer.php b/lib/private/Installer.php
index 6dfc9a5f0bb..2a0fdab87ff 100644
--- a/lib/private/Installer.php
+++ b/lib/private/Installer.php
@@ -216,6 +216,18 @@ class Installer {
}
/**
+ * Split the certificate file in individual certs
+ *
+ * @param string $cert
+ * @return string[]
+ */
+ private function splitCerts(string $cert): array {
+ preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
+
+ return $matches[0];
+ }
+
+ /**
* Downloads an app and puts it into the app directory
*
* @param string $appId
@@ -231,12 +243,18 @@ class Installer {
if ($app['id'] === $appId) {
// Load the certificate
$certificate = new X509();
- $certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
+ $rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt');
+ $rootCrts = $this->splitCerts($rootCrt);
+ foreach ($rootCrts as $rootCrt) {
+ $certificate->loadCA($rootCrt);
+ }
$loadedCertificate = $certificate->loadX509($app['certificate']);
// Verify if the certificate has been revoked
$crl = new X509();
- $crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
+ foreach ($rootCrts as $rootCrt) {
+ $crl->loadCA($rootCrt);
+ }
$crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl'));
if ($crl->validateSignature() !== true) {
throw new \Exception('Could not validate CRL signature');