aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2021-01-21 10:25:02 +0100
committerGitHub <noreply@github.com>2021-01-21 10:25:02 +0100
commit10214fbee03496199e80b0411fcab78cc42362f6 (patch)
treede7ab98e64dbaa6d1f26a9f4516b2ad88bc69de1 /lib
parentd4d33e3095fb5d0797ec7c3bb8c93c2d1c905ade (diff)
parentfcbbcacab4dc0178c7fdf1a61cfb81f922c60209 (diff)
downloadnextcloud-server-10214fbee03496199e80b0411fcab78cc42362f6.tar.gz
nextcloud-server-10214fbee03496199e80b0411fcab78cc42362f6.zip
Merge pull request #25214 from nextcloud/dependabot/composer/phpseclib/phpseclib-2.0.30
Bump phpseclib/phpseclib from 2.0.25 to 2.0.30
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Installer.php22
-rw-r--r--lib/private/IntegrityCheck/Checker.php18
2 files changed, 37 insertions, 3 deletions
diff --git a/lib/private/Installer.php b/lib/private/Installer.php
index 6dfc9a5f0bb..2a0fdab87ff 100644
--- a/lib/private/Installer.php
+++ b/lib/private/Installer.php
@@ -216,6 +216,18 @@ class Installer {
}
/**
+ * Split the certificate file in individual certs
+ *
+ * @param string $cert
+ * @return string[]
+ */
+ private function splitCerts(string $cert): array {
+ preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
+
+ return $matches[0];
+ }
+
+ /**
* Downloads an app and puts it into the app directory
*
* @param string $appId
@@ -231,12 +243,18 @@ class Installer {
if ($app['id'] === $appId) {
// Load the certificate
$certificate = new X509();
- $certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
+ $rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt');
+ $rootCrts = $this->splitCerts($rootCrt);
+ foreach ($rootCrts as $rootCrt) {
+ $certificate->loadCA($rootCrt);
+ }
$loadedCertificate = $certificate->loadX509($app['certificate']);
// Verify if the certificate has been revoked
$crl = new X509();
- $crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
+ foreach ($rootCrts as $rootCrt) {
+ $crl->loadCA($rootCrt);
+ }
$crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl'));
if ($crl->validateSignature() !== true) {
throw new \Exception('Could not validate CRL signature');
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index fc28d0e7393..122fac8927f 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -300,6 +300,18 @@ class Checker {
}
/**
+ * Split the certificate file in individual certs
+ *
+ * @param string $cert
+ * @return string[]
+ */
+ private function splitCerts(string $cert): array {
+ preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
+
+ return $matches[0];
+ }
+
+ /**
* Verifies the signature for the specified path.
*
* @param string $signaturePath
@@ -333,7 +345,11 @@ class Checker {
// Check if certificate is signed by Nextcloud Root Authority
$x509 = new \phpseclib\File\X509();
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
- $x509->loadCA($rootCertificatePublicKey);
+
+ $rootCerts = $this->splitCerts($rootCertificatePublicKey);
+ foreach ($rootCerts as $rootCert) {
+ $x509->loadCA($rootCert);
+ }
$x509->loadX509($certificate);
if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');