grommunio /
grommunio-web
@@ -31,7 +31,7 @@ discard block |
||
| 31 | 31 | echo "<br>################################## CREATING #######################<br>"; |
| 32 | 32 | |
| 33 | 33 | $options = [ |
| 34 | - "shareType" => 3, |
|
| 34 | + "shareType" => 3, |
|
| 35 | 35 | ]; |
| 36 | 36 | $created1 = $ocscloient->createShare("/aaaaaa/test.eml", $options); |
| 37 | 37 | print_r($created1); |
@@ -39,7 +39,7 @@ discard block |
||
| 39 | 39 | echo "<br>################################## UPDATE #######################<br>"; |
| 40 | 40 | |
| 41 | 41 | $options = [ |
| 42 | - "shareType" => 3, |
|
| 42 | + "shareType" => 3, |
|
| 43 | 43 | ]; |
| 44 | 44 | $ocscloient->updateShare($created1->getId(), "expireDate", "2020-03-23"); |
| 45 | 45 | |
@@ -56,9 +56,9 @@ discard block |
||
| 56 | 56 | echo "<br>################################## READING #######################<br>"; |
| 57 | 57 | |
| 58 | 58 | try { |
| 59 | - $deleteShare = $ocscloient->loadShareByID($share4->getId()); |
|
| 60 | - print_r($deleteShare); |
|
| 59 | + $deleteShare = $ocscloient->loadShareByID($share4->getId()); |
|
| 60 | + print_r($deleteShare); |
|
| 61 | 61 | } |
| 62 | 62 | catch (Exception $e) { |
| 63 | - print_r($e); |
|
| 63 | + print_r($e); |
|
| 64 | 64 | } |
@@ -58,7 +58,6 @@ |
||
| 58 | 58 | try { |
| 59 | 59 | $deleteShare = $ocscloient->loadShareByID($share4->getId()); |
| 60 | 60 | print_r($deleteShare); |
| 61 | -} |
|
| 62 | -catch (Exception $e) { |
|
| 61 | +} catch (Exception $e) { |
|
| 63 | 62 | print_r($e); |
| 64 | 63 | } |
@@ -6,50 +6,50 @@ |
||
| 6 | 6 | * This plugin provides the backend for Owncloud and OCS. |
| 7 | 7 | */ |
| 8 | 8 | class PluginFilesbackendOwncloud extends Plugin { |
| 9 | - /** |
|
| 10 | - * Constructor. |
|
| 11 | - */ |
|
| 12 | - public function __construct() { |
|
| 13 | - } |
|
| 9 | + /** |
|
| 10 | + * Constructor. |
|
| 11 | + */ |
|
| 12 | + public function __construct() { |
|
| 13 | + } |
|
| 14 | 14 | |
| 15 | - /** |
|
| 16 | - * Called to initialize the plugin and register for hooks. |
|
| 17 | - */ |
|
| 18 | - public function init() { |
|
| 19 | - $this->registerHook('server.core.settings.init.before'); |
|
| 20 | - } |
|
| 15 | + /** |
|
| 16 | + * Called to initialize the plugin and register for hooks. |
|
| 17 | + */ |
|
| 18 | + public function init() { |
|
| 19 | + $this->registerHook('server.core.settings.init.before'); |
|
| 20 | + } |
|
| 21 | 21 | |
| 22 | - /** |
|
| 23 | - * Function is executed when a hook is triggered by the PluginManager. |
|
| 24 | - * |
|
| 25 | - * @param string $eventID Identifier of the hook |
|
| 26 | - * @param array $data Reference to the data of the triggered hook |
|
| 27 | - */ |
|
| 28 | - public function execute($eventID, &$data) { |
|
| 29 | - switch ($eventID) { |
|
| 30 | - case 'server.core.settings.init.before': |
|
| 31 | - $this->onBeforeSettingsInit($data); |
|
| 32 | - break; |
|
| 33 | - } |
|
| 34 | - } |
|
| 22 | + /** |
|
| 23 | + * Function is executed when a hook is triggered by the PluginManager. |
|
| 24 | + * |
|
| 25 | + * @param string $eventID Identifier of the hook |
|
| 26 | + * @param array $data Reference to the data of the triggered hook |
|
| 27 | + */ |
|
| 28 | + public function execute($eventID, &$data) { |
|
| 29 | + switch ($eventID) { |
|
| 30 | + case 'server.core.settings.init.before': |
|
| 31 | + $this->onBeforeSettingsInit($data); |
|
| 32 | + break; |
|
| 33 | + } |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * Called when the core Settings class is initialized and ready to accept sysadmin default |
|
| 38 | - * settings. Registers the sysadmin defaults for the filesbackendOwncloud plugin. |
|
| 39 | - * |
|
| 40 | - * @param array $data Reference to the data of the triggered hook |
|
| 41 | - */ |
|
| 42 | - public function onBeforeSettingsInit(&$data) { |
|
| 43 | - $data['settingsObj']->addSysAdminDefaults([ |
|
| 44 | - 'zarafa' => [ |
|
| 45 | - 'v1' => [ |
|
| 46 | - 'plugins' => [ |
|
| 47 | - 'filesbackendOwncloud' => [ |
|
| 48 | - 'enable' => true, |
|
| 49 | - ], |
|
| 50 | - ], |
|
| 51 | - ], |
|
| 52 | - ], |
|
| 53 | - ]); |
|
| 54 | - } |
|
| 36 | + /** |
|
| 37 | + * Called when the core Settings class is initialized and ready to accept sysadmin default |
|
| 38 | + * settings. Registers the sysadmin defaults for the filesbackendOwncloud plugin. |
|
| 39 | + * |
|
| 40 | + * @param array $data Reference to the data of the triggered hook |
|
| 41 | + */ |
|
| 42 | + public function onBeforeSettingsInit(&$data) { |
|
| 43 | + $data['settingsObj']->addSysAdminDefaults([ |
|
| 44 | + 'zarafa' => [ |
|
| 45 | + 'v1' => [ |
|
| 46 | + 'plugins' => [ |
|
| 47 | + 'filesbackendOwncloud' => [ |
|
| 48 | + 'enable' => true, |
|
| 49 | + ], |
|
| 50 | + ], |
|
| 51 | + ], |
|
| 52 | + ], |
|
| 53 | + ]); |
|
| 54 | + } |
|
| 55 | 55 | } |
@@ -4,60 +4,60 @@ |
||
| 4 | 4 | * Plugin which will enable desktop notifications for new mails. |
| 5 | 5 | */ |
| 6 | 6 | class Pluginintranet extends Plugin { |
| 7 | - /** |
|
| 8 | - * Function initializes the Plugin and registers all hooks. |
|
| 9 | - */ |
|
| 10 | - public function init() { |
|
| 11 | - $this->registerHook('server.core.settings.init.before'); |
|
| 12 | - } |
|
| 7 | + /** |
|
| 8 | + * Function initializes the Plugin and registers all hooks. |
|
| 9 | + */ |
|
| 10 | + public function init() { |
|
| 11 | + $this->registerHook('server.core.settings.init.before'); |
|
| 12 | + } |
|
| 13 | 13 | |
| 14 | - /** |
|
| 15 | - * Function is executed when a hook is triggered by the PluginManager. |
|
| 16 | - * |
|
| 17 | - * @param string $eventID the id of the triggered hook |
|
| 18 | - * @param mixed $data object(s) related to the hook |
|
| 19 | - */ |
|
| 20 | - public function execute($eventID, &$data) { |
|
| 21 | - switch ($eventID) { |
|
| 22 | - case 'server.core.settings.init.before': |
|
| 23 | - $this->injectPluginSettings($data); |
|
| 24 | - break; |
|
| 25 | - } |
|
| 26 | - } |
|
| 14 | + /** |
|
| 15 | + * Function is executed when a hook is triggered by the PluginManager. |
|
| 16 | + * |
|
| 17 | + * @param string $eventID the id of the triggered hook |
|
| 18 | + * @param mixed $data object(s) related to the hook |
|
| 19 | + */ |
|
| 20 | + public function execute($eventID, &$data) { |
|
| 21 | + switch ($eventID) { |
|
| 22 | + case 'server.core.settings.init.before': |
|
| 23 | + $this->injectPluginSettings($data); |
|
| 24 | + break; |
|
| 25 | + } |
|
| 26 | + } |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * Called when the core Settings class is initialized and ready to accept sysadmin default |
|
| 30 | - * settings. Registers the sysadmin defaults for the desktopnotifications plugin. |
|
| 31 | - * |
|
| 32 | - * @param array $data Reference to the data of the triggered hook |
|
| 33 | - */ |
|
| 34 | - public function injectPluginSettings(&$data) { |
|
| 35 | - $defaultIcon = 'data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNCIgaGVpZ2h0PSIxNCIgdmlld0JveD0iMCAwIDEyMi44OCAxMTMuNiI+PHBhdGggZD0iTTcxLjg5IDEwMC41NnEtMy44NiAzLjgyLTguMzcgNy42M2wzLjc0LS42MmE0OS4zOCA0OS4zOCAwIDAgMCA3LjA4LTJsLjQzLjY0IDEgMS4yN2gwIDBhMTYuNCAxNi40IDAgMCAwIDIuMTMgMiA1NS4yOSA1NS4yOSAwIDAgMS05LjczIDIuOTIgNTguNzMgNTguNzMgMCAwIDEtMjIuODMgMCA1My40OCA1My40OCAwIDAgMS0xMC42LTMuMjcuMjYuMjYgMCAwIDEtLjE0LS4wNyA2Mi4xIDYyLjEgMCAwIDEtOS42LTUuMTdBNTQuNDEgNTQuNDEgMCAwIDEgMTYuNiA5N2E1Mi42OSA1Mi42OSAwIDAgMS02Ljg5LTguMzhBNTkuNzkgNTkuNzkgMCAwIDEgNC40NiA3OWE1NS43OSA1NS43OSAwIDAgMS0zLjM0LTEwLjc4IDU4LjczIDU4LjczIDAgMCAxIDAtMjIuODMgNTIuODYgNTIuODYgMCAwIDEgMy4yOC0xMC42LjMzLjMzIDAgMCAxIC4wNi0uMTRBNjAuMzQgNjAuMzQgMCAwIDEgOS43MSAyNWE1NCA1NCAwIDAgMSA2Ljg5LTguMzkgNTIuMTkgNTIuMTkgMCAwIDEgOC40LTYuOSA1OS43IDU5LjcgMCAwIDEgOS42Ny01LjI1IDU0LjUyIDU0LjUyIDAgMCAxIDEwLjcyLTMuMzQgNTguNzMgNTguNzMgMCAwIDEgMjIuODMgMCA1My44OSA1My44OSAwIDAgMSAxMC42IDMuMjcuMjguMjggMCAwIDEgLjEzLjA3IDYxLjc1IDYxLjc1IDAgMCAxIDkuNjggNS4yNUE1NC40MSA1NC40MSAwIDAgMSA5NyAxNi41OWE1Mi4yNyA1Mi4yNyAwIDAgMSA2Ljg5IDguNDEgNTguMTkgNTguMTkgMCAwIDEgNS4yNSA5LjY3IDU0LjUyIDU0LjUyIDAgMCAxIDMuMzQgMTAuNzRsLjEyLjYtNS40Mi0xLjUzYTQ3IDQ3IDAgMCAwLTIuNi03LjgzIDU0LjIyIDU0LjIyIDAgMCAwLTIuODctNS43Nkg4NS4wOGE2NS40NyA2NS40NyAwIDAgMSA0LjIgOC40OWwtNi4xNi0xLjY2YTY1LjczIDY1LjczIDAgMCAwLTMuODYtNi44M2gtMjB2My40MWwtLjYxLjIyYTEzLjQ4IDEzLjQ4IDAgMCAwLTQuMzYgMi42OHYtNi4zM2gtMjBxLTcuNjcgMTEuOTEtOC42MiAyMy40NGgyNS41N3ExIDIuNDcgMi4wOSA1SDI1LjYyYy4zMSA3Ljg3IDMgMTUuNjcgNy44OCAyMy40NGgyMC44MlY2MS41Nmw1IDExdjEwLjE3aDQuNzZsMi4yOSA1aC03LjA4djE3LjUxYTEyMy44NCAxMjMuODQgMCAwIDAgMTAuNTMtOS42NXExLjA1IDIuNDkgMi4wNyA1ek0xMTQuNzUgOThhNC42NCA0LjY0IDAgMCAxLTEuMTcuNzloLS4wOGE0LjE0IDQuMTQgMCAwIDEtNC4zNi0uNmwtMTEuNi05Ljg0LTQgOS43N2ExMi45MyAxMi45MyAwIDAgMS0xLjE5IDIuMjUgOS4xIDkuMSAwIDAgMS0xLjUxIDEuNzYgNC43OCA0Ljc4IDAgMCAxLTcuNS0uODIgOS4yOCA5LjI4IDAgMCAxLS45Mi0xLjYzYy02LjktMTcuNDktMTYuMjYtMzQuOS0yMy4yNi01Mi40QTMuMTEgMy4xMSAwIDAgMSA2Mi42NSA0M2MxNi43NyAzLjEgMzguNSAxMC4xOSA1NS41NSAxNC43MSA1LjMgMS40IDYuMTYgNi4wNyAyLjI1IDkuNjlhMTIuMjEgMTIuMjEgMCAwIDEtMiAxLjUyYy0zIDEuNy02IDMuNjctOSA1LjQ3bDExLjU1IDkuOWE0LjI1IDQuMjUgMCAwIDEgMSAxLjI2di4wOGE0LjI4IDQuMjggMCAwIDEgLjM5IDEuNDdoMGE0LjI2IDQuMjYgMCAwIDEtLjE2IDEuNTQgNC4zOSA0LjM5IDAgMCAxLS43MiAxLjM5IDk0LjU1IDk0LjU1IDAgMCAxLTYuNzYgNy45N3ptLTMtMy44NGw1LjU5LTYuNTZjLTIuNDYtMi4xMS0xMy0xMC4yOS0xNC4wOS0xMi4yNmEyLjQxIDIuNDEgMCAwIDEgLjgzLTMuMjVjMy42Ni0yIDguMzYtNC44NiAxMS44My03LjE3YTguMzggOC4zOCAwIDAgMCAxLjIyLS44OSA0LjQyIDQuNDIgMCAwIDAgLjc1LS44N2wuMTYtLjMtLjMxLS4xOGEzLjkyIDMuOTIgMCAwIDAtLjc2LS4yNkw2NSA0OC42bDIxLjgzIDQ5LjE0YTQuOCA0LjggMCAwIDAgLjM4LjdsLjIyLjI5LjI4LS4yYTQuNTEgNC41MSAwIDAgMCAuNzMtLjg5IDcuNTEgNy41MSAwIDAgMCAuNjgtMS4zM2MxLjYzLTQgMy40OS05LjQ3IDUuNC0xMy4xN2wuMjMtLjMyYTIuNCAyLjQgMCAwIDEgMy4zNy0uMjdsMTMuNjQgMTEuNTd6bS02MS42MiAxNC4wM2ExMDUuNTYgMTA1LjU2IDAgMCAxLTE5LjI2LTIwLjQ4SDE1LjE2YTUxLjUgNTEuNSAwIDAgMCAxMi42MSAxMiA1Mi44MSA1Mi44MSAwIDAgMCA4Ljg5IDQuOHMuMDcgMCAuMTEuMDdhNDkuMTMgNDkuMTMgMCAwIDAgOS42NCAzIDY1LjEzIDY1LjEzIDAgMCAwIDMuNzUuNjJ6TTExLjg5IDgyLjczSDI3LjdhNTAuNiA1MC42IDAgMCAxLTctMjMuNDRINWE1NS43NSA1NS43NSAwIDAgMCAxIDcuOTRBNDguMjcgNDguMjcgMCAwIDAgOSA3N2E1NC4xNiA1NC4xNiAwIDAgMCAyLjg2IDUuNzZ6TTUgNTQuMzFoMTUuNzVhNTQuMzggNTQuMzggMCAwIDEgNy43Ny0yMy40NEgxMS44OUE1NC4xNiA1NC4xNiAwIDAgMCA5IDM2LjYzczAgLjA3LS4wNy4xYTQ5LjkxIDQ5LjkxIDAgMCAwLTMgOS42NSA1MS40NiA1MS40NiAwIDAgMC0xIDcuOTN6TTE1LjEzIDI1LjloMTYuNTlBMTE3LjcyIDExNy43MiAwIDAgMSA1MC40NiA1LjM1Yy0xLjM5LjE3LTIuNzYuMzctNC4wOC42NWE0OC4zNiA0OC4zNiAwIDAgMC05Ljc1IDMgNTUuMjQgNTUuMjQgMCAwIDAtOC44OSA0LjggNTEuNSA1MS41IDAgMCAwLTEyLjYxIDEyaDB6bTQ4LTIwLjU1QTExNC42MyAxMTQuNjMgMCAwIDEgODEuODggMjUuOWgxNi42YTQ4LjYzIDQ4LjYzIDAgMCAwLTUtNS43NiA0OS44MSA0OS44MSAwIDAgMC03LjYzLTYuMjdBNTMuMjcgNTMuMjcgMCAwIDAgNzcgOS4wNnMtLjA2IDAtLjEtLjA2YTQ5LjE1IDQ5LjE1IDAgMCAwLTkuNjQtM2MtMS4zNi0uMjctMi43My0uNDgtNC4wOS0uNjVoMHptLTMuODQgMy4yNFYyNS45aDE2LjQ5QTExNS42OCAxMTUuNjggMCAwIDAgNTkuMjkgOC41OXptLTUgOTYuNjNWODcuNzFIMzdhMTA1LjY3IDEwNS42NyAwIDAgMCAxNy4zNSAxNy41MXptMC03OS4zMlY4LjU5QTExNi4zIDExNi4zIDAgMCAwIDM3LjgyIDI1Ljl6IiBmaWxsPSIjMmI3OGMyIi8+PC9zdmc+Cg=='; |
|
| 36 | - $pluginData = [ |
|
| 37 | - 'enable' => PLUGIN_INTRANET_USER_DEFAULT_ENABLE, |
|
| 38 | - 'button-title' => PLUGIN_INTRANET_BUTTON_TITLE, |
|
| 39 | - 'url' => PLUGIN_INTRANET_URL, |
|
| 40 | - 'autostart' => defined('PLUGIN_INTRANET_AUTOSTART') ? (bool) PLUGIN_INTRANET_AUTOSTART : false, |
|
| 41 | - 'icon' => defined('PLUGIN_INTRANET_ICON') ? PATH_PLUGIN_DIR . '/intranet/' . PLUGIN_INTRANET_ICON : $defaultIcon, |
|
| 42 | - ]; |
|
| 28 | + /** |
|
| 29 | + * Called when the core Settings class is initialized and ready to accept sysadmin default |
|
| 30 | + * settings. Registers the sysadmin defaults for the desktopnotifications plugin. |
|
| 31 | + * |
|
| 32 | + * @param array $data Reference to the data of the triggered hook |
|
| 33 | + */ |
|
| 34 | + public function injectPluginSettings(&$data) { |
|
| 35 | + $defaultIcon = 'data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNCIgaGVpZ2h0PSIxNCIgdmlld0JveD0iMCAwIDEyMi44OCAxMTMuNiI+PHBhdGggZD0iTTcxLjg5IDEwMC41NnEtMy44NiAzLjgyLTguMzcgNy42M2wzLjc0LS42MmE0OS4zOCA0OS4zOCAwIDAgMCA3LjA4LTJsLjQzLjY0IDEgMS4yN2gwIDBhMTYuNCAxNi40IDAgMCAwIDIuMTMgMiA1NS4yOSA1NS4yOSAwIDAgMS05LjczIDIuOTIgNTguNzMgNTguNzMgMCAwIDEtMjIuODMgMCA1My40OCA1My40OCAwIDAgMS0xMC42LTMuMjcuMjYuMjYgMCAwIDEtLjE0LS4wNyA2Mi4xIDYyLjEgMCAwIDEtOS42LTUuMTdBNTQuNDEgNTQuNDEgMCAwIDEgMTYuNiA5N2E1Mi42OSA1Mi42OSAwIDAgMS02Ljg5LTguMzhBNTkuNzkgNTkuNzkgMCAwIDEgNC40NiA3OWE1NS43OSA1NS43OSAwIDAgMS0zLjM0LTEwLjc4IDU4LjczIDU4LjczIDAgMCAxIDAtMjIuODMgNTIuODYgNTIuODYgMCAwIDEgMy4yOC0xMC42LjMzLjMzIDAgMCAxIC4wNi0uMTRBNjAuMzQgNjAuMzQgMCAwIDEgOS43MSAyNWE1NCA1NCAwIDAgMSA2Ljg5LTguMzkgNTIuMTkgNTIuMTkgMCAwIDEgOC40LTYuOSA1OS43IDU5LjcgMCAwIDEgOS42Ny01LjI1IDU0LjUyIDU0LjUyIDAgMCAxIDEwLjcyLTMuMzQgNTguNzMgNTguNzMgMCAwIDEgMjIuODMgMCA1My44OSA1My44OSAwIDAgMSAxMC42IDMuMjcuMjguMjggMCAwIDEgLjEzLjA3IDYxLjc1IDYxLjc1IDAgMCAxIDkuNjggNS4yNUE1NC40MSA1NC40MSAwIDAgMSA5NyAxNi41OWE1Mi4yNyA1Mi4yNyAwIDAgMSA2Ljg5IDguNDEgNTguMTkgNTguMTkgMCAwIDEgNS4yNSA5LjY3IDU0LjUyIDU0LjUyIDAgMCAxIDMuMzQgMTAuNzRsLjEyLjYtNS40Mi0xLjUzYTQ3IDQ3IDAgMCAwLTIuNi03LjgzIDU0LjIyIDU0LjIyIDAgMCAwLTIuODctNS43Nkg4NS4wOGE2NS40NyA2NS40NyAwIDAgMSA0LjIgOC40OWwtNi4xNi0xLjY2YTY1LjczIDY1LjczIDAgMCAwLTMuODYtNi44M2gtMjB2My40MWwtLjYxLjIyYTEzLjQ4IDEzLjQ4IDAgMCAwLTQuMzYgMi42OHYtNi4zM2gtMjBxLTcuNjcgMTEuOTEtOC42MiAyMy40NGgyNS41N3ExIDIuNDcgMi4wOSA1SDI1LjYyYy4zMSA3Ljg3IDMgMTUuNjcgNy44OCAyMy40NGgyMC44MlY2MS41Nmw1IDExdjEwLjE3aDQuNzZsMi4yOSA1aC03LjA4djE3LjUxYTEyMy44NCAxMjMuODQgMCAwIDAgMTAuNTMtOS42NXExLjA1IDIuNDkgMi4wNyA1ek0xMTQuNzUgOThhNC42NCA0LjY0IDAgMCAxLTEuMTcuNzloLS4wOGE0LjE0IDQuMTQgMCAwIDEtNC4zNi0uNmwtMTEuNi05Ljg0LTQgOS43N2ExMi45MyAxMi45MyAwIDAgMS0xLjE5IDIuMjUgOS4xIDkuMSAwIDAgMS0xLjUxIDEuNzYgNC43OCA0Ljc4IDAgMCAxLTcuNS0uODIgOS4yOCA5LjI4IDAgMCAxLS45Mi0xLjYzYy02LjktMTcuNDktMTYuMjYtMzQuOS0yMy4yNi01Mi40QTMuMTEgMy4xMSAwIDAgMSA2Mi42NSA0M2MxNi43NyAzLjEgMzguNSAxMC4xOSA1NS41NSAxNC43MSA1LjMgMS40IDYuMTYgNi4wNyAyLjI1IDkuNjlhMTIuMjEgMTIuMjEgMCAwIDEtMiAxLjUyYy0zIDEuNy02IDMuNjctOSA1LjQ3bDExLjU1IDkuOWE0LjI1IDQuMjUgMCAwIDEgMSAxLjI2di4wOGE0LjI4IDQuMjggMCAwIDEgLjM5IDEuNDdoMGE0LjI2IDQuMjYgMCAwIDEtLjE2IDEuNTQgNC4zOSA0LjM5IDAgMCAxLS43MiAxLjM5IDk0LjU1IDk0LjU1IDAgMCAxLTYuNzYgNy45N3ptLTMtMy44NGw1LjU5LTYuNTZjLTIuNDYtMi4xMS0xMy0xMC4yOS0xNC4wOS0xMi4yNmEyLjQxIDIuNDEgMCAwIDEgLjgzLTMuMjVjMy42Ni0yIDguMzYtNC44NiAxMS44My03LjE3YTguMzggOC4zOCAwIDAgMCAxLjIyLS44OSA0LjQyIDQuNDIgMCAwIDAgLjc1LS44N2wuMTYtLjMtLjMxLS4xOGEzLjkyIDMuOTIgMCAwIDAtLjc2LS4yNkw2NSA0OC42bDIxLjgzIDQ5LjE0YTQuOCA0LjggMCAwIDAgLjM4LjdsLjIyLjI5LjI4LS4yYTQuNTEgNC41MSAwIDAgMCAuNzMtLjg5IDcuNTEgNy41MSAwIDAgMCAuNjgtMS4zM2MxLjYzLTQgMy40OS05LjQ3IDUuNC0xMy4xN2wuMjMtLjMyYTIuNCAyLjQgMCAwIDEgMy4zNy0uMjdsMTMuNjQgMTEuNTd6bS02MS42MiAxNC4wM2ExMDUuNTYgMTA1LjU2IDAgMCAxLTE5LjI2LTIwLjQ4SDE1LjE2YTUxLjUgNTEuNSAwIDAgMCAxMi42MSAxMiA1Mi44MSA1Mi44MSAwIDAgMCA4Ljg5IDQuOHMuMDcgMCAuMTEuMDdhNDkuMTMgNDkuMTMgMCAwIDAgOS42NCAzIDY1LjEzIDY1LjEzIDAgMCAwIDMuNzUuNjJ6TTExLjg5IDgyLjczSDI3LjdhNTAuNiA1MC42IDAgMCAxLTctMjMuNDRINWE1NS43NSA1NS43NSAwIDAgMCAxIDcuOTRBNDguMjcgNDguMjcgMCAwIDAgOSA3N2E1NC4xNiA1NC4xNiAwIDAgMCAyLjg2IDUuNzZ6TTUgNTQuMzFoMTUuNzVhNTQuMzggNTQuMzggMCAwIDEgNy43Ny0yMy40NEgxMS44OUE1NC4xNiA1NC4xNiAwIDAgMCA5IDM2LjYzczAgLjA3LS4wNy4xYTQ5LjkxIDQ5LjkxIDAgMCAwLTMgOS42NSA1MS40NiA1MS40NiAwIDAgMC0xIDcuOTN6TTE1LjEzIDI1LjloMTYuNTlBMTE3LjcyIDExNy43MiAwIDAgMSA1MC40NiA1LjM1Yy0xLjM5LjE3LTIuNzYuMzctNC4wOC42NWE0OC4zNiA0OC4zNiAwIDAgMC05Ljc1IDMgNTUuMjQgNTUuMjQgMCAwIDAtOC44OSA0LjggNTEuNSA1MS41IDAgMCAwLTEyLjYxIDEyaDB6bTQ4LTIwLjU1QTExNC42MyAxMTQuNjMgMCAwIDEgODEuODggMjUuOWgxNi42YTQ4LjYzIDQ4LjYzIDAgMCAwLTUtNS43NiA0OS44MSA0OS44MSAwIDAgMC03LjYzLTYuMjdBNTMuMjcgNTMuMjcgMCAwIDAgNzcgOS4wNnMtLjA2IDAtLjEtLjA2YTQ5LjE1IDQ5LjE1IDAgMCAwLTkuNjQtM2MtMS4zNi0uMjctMi43My0uNDgtNC4wOS0uNjVoMHptLTMuODQgMy4yNFYyNS45aDE2LjQ5QTExNS42OCAxMTUuNjggMCAwIDAgNTkuMjkgOC41OXptLTUgOTYuNjNWODcuNzFIMzdhMTA1LjY3IDEwNS42NyAwIDAgMCAxNy4zNSAxNy41MXptMC03OS4zMlY4LjU5QTExNi4zIDExNi4zIDAgMCAwIDM3LjgyIDI1Ljl6IiBmaWxsPSIjMmI3OGMyIi8+PC9zdmc+Cg=='; |
|
| 36 | + $pluginData = [ |
|
| 37 | + 'enable' => PLUGIN_INTRANET_USER_DEFAULT_ENABLE, |
|
| 38 | + 'button-title' => PLUGIN_INTRANET_BUTTON_TITLE, |
|
| 39 | + 'url' => PLUGIN_INTRANET_URL, |
|
| 40 | + 'autostart' => defined('PLUGIN_INTRANET_AUTOSTART') ? (bool) PLUGIN_INTRANET_AUTOSTART : false, |
|
| 41 | + 'icon' => defined('PLUGIN_INTRANET_ICON') ? PATH_PLUGIN_DIR . '/intranet/' . PLUGIN_INTRANET_ICON : $defaultIcon, |
|
| 42 | + ]; |
|
| 43 | 43 | |
| 44 | - $i = 1; |
|
| 45 | - while (defined('PLUGIN_INTRANET_URL_' . $i)) { |
|
| 46 | - $pluginData['button-title-' . $i] = constant('PLUGIN_INTRANET_BUTTON_TITLE_' . $i); |
|
| 47 | - $pluginData['url-' . $i] = constant('PLUGIN_INTRANET_URL_' . $i); |
|
| 48 | - $pluginData['autostart-' . $i] = defined('PLUGIN_INTRANET_AUTOSTART_' . $i) ? (bool) constant('PLUGIN_INTRANET_AUTOSTART_' . $i) : false; |
|
| 49 | - $pluginData['icon-' . $i] = defined('PLUGIN_INTRANET_ICON_' . $i) ? PATH_PLUGIN_DIR . '/intranet/' . constant('PLUGIN_INTRANET_ICON_' . $i) : $defaultIcon; |
|
| 50 | - ++$i; |
|
| 51 | - } |
|
| 44 | + $i = 1; |
|
| 45 | + while (defined('PLUGIN_INTRANET_URL_' . $i)) { |
|
| 46 | + $pluginData['button-title-' . $i] = constant('PLUGIN_INTRANET_BUTTON_TITLE_' . $i); |
|
| 47 | + $pluginData['url-' . $i] = constant('PLUGIN_INTRANET_URL_' . $i); |
|
| 48 | + $pluginData['autostart-' . $i] = defined('PLUGIN_INTRANET_AUTOSTART_' . $i) ? (bool) constant('PLUGIN_INTRANET_AUTOSTART_' . $i) : false; |
|
| 49 | + $pluginData['icon-' . $i] = defined('PLUGIN_INTRANET_ICON_' . $i) ? PATH_PLUGIN_DIR . '/intranet/' . constant('PLUGIN_INTRANET_ICON_' . $i) : $defaultIcon; |
|
| 50 | + ++$i; |
|
| 51 | + } |
|
| 52 | 52 | |
| 53 | - $data['settingsObj']->addSysAdminDefaults([ |
|
| 54 | - 'zarafa' => [ |
|
| 55 | - 'v1' => [ |
|
| 56 | - 'plugins' => [ |
|
| 57 | - 'intranet' => $pluginData, |
|
| 58 | - ], |
|
| 59 | - ], |
|
| 60 | - ], |
|
| 61 | - ]); |
|
| 62 | - } |
|
| 53 | + $data['settingsObj']->addSysAdminDefaults([ |
|
| 54 | + 'zarafa' => [ |
|
| 55 | + 'v1' => [ |
|
| 56 | + 'plugins' => [ |
|
| 57 | + 'intranet' => $pluginData, |
|
| 58 | + ], |
|
| 59 | + ], |
|
| 60 | + ], |
|
| 61 | + ]); |
|
| 62 | + } |
|
| 63 | 63 | } |
@@ -1,11 +1,11 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (class_exists('\PHPUnit\Framework\TestCase')) { |
| 4 | - class_alias('\PHPUnit\Framework\TestCase', '\PHPUnit_Framework_TestCase'); |
|
| 4 | + class_alias('\PHPUnit\Framework\TestCase', '\PHPUnit_Framework_TestCase'); |
|
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | if (!defined('OPENSSL_CONF_PATH')) { |
| 8 | - define('OPENSSL_CONF_PATH', '/etc/ssl/openssl.cnf'); |
|
| 8 | + define('OPENSSL_CONF_PATH', '/etc/ssl/openssl.cnf'); |
|
| 9 | 9 | } |
| 10 | 10 | |
| 11 | 11 | // Mock grommunio Web Log |
@@ -13,8 +13,8 @@ discard block |
||
| 13 | 13 | define('LOGLEVEL_INFO', 0); |
| 14 | 14 | |
| 15 | 15 | class Log { |
| 16 | - public static function Write($level, $message) { |
|
| 17 | - } |
|
| 16 | + public static function Write($level, $message) { |
|
| 17 | + } |
|
| 18 | 18 | } |
| 19 | 19 | |
| 20 | 20 | abstract class SMIMETest extends PHPUnit_Framework_TestCase { |
@@ -9,83 +9,83 @@ |
||
| 9 | 9 | * @coversNothing |
| 10 | 10 | */ |
| 11 | 11 | class CertificateTest extends SMIMETest { |
| 12 | - protected function setUp() { |
|
| 13 | - $this->countryName = "NL"; |
|
| 14 | - $this->stateOrProvinceName = "Zuid Holland"; |
|
| 15 | - $this->localityName = "Delft"; |
|
| 16 | - $this->organizationName = "grommunio"; |
|
| 17 | - $this->organizationalUnitName = "Dev"; |
|
| 18 | - $this->commonName = "John"; |
|
| 19 | - $this->emailAddress = "[email protected]"; |
|
| 20 | - $dn = [ |
|
| 21 | - "countryName" => $this->countryName, |
|
| 22 | - "stateOrProvinceName" => $this->stateOrProvinceName, |
|
| 23 | - "localityName" => $this->localityName, |
|
| 24 | - "organizationName" => $this->organizationName, |
|
| 25 | - "organizationalUnitName" => $this->organizationalUnitName, |
|
| 26 | - "commonName" => $this->commonName, |
|
| 27 | - "emailAddress" => $this->emailAddress, |
|
| 28 | - ]; |
|
| 29 | - $config = ['config' => OPENSSL_CONF_PATH]; |
|
| 30 | - $daysvalid = 365; |
|
| 31 | - $privkey = openssl_pkey_new(); |
|
| 32 | - $csr = openssl_csr_new($dn, $privkey, $config); |
|
| 33 | - $this->validFrom = time(); |
|
| 34 | - $this->validTo = time() + (86400 * 365); |
|
| 35 | - $sscert = openssl_csr_sign($csr, null, $privkey, $daysvalid, $config); |
|
| 36 | - openssl_x509_export($sscert, $publickey); |
|
| 12 | + protected function setUp() { |
|
| 13 | + $this->countryName = "NL"; |
|
| 14 | + $this->stateOrProvinceName = "Zuid Holland"; |
|
| 15 | + $this->localityName = "Delft"; |
|
| 16 | + $this->organizationName = "grommunio"; |
|
| 17 | + $this->organizationalUnitName = "Dev"; |
|
| 18 | + $this->commonName = "John"; |
|
| 19 | + $this->emailAddress = "[email protected]"; |
|
| 20 | + $dn = [ |
|
| 21 | + "countryName" => $this->countryName, |
|
| 22 | + "stateOrProvinceName" => $this->stateOrProvinceName, |
|
| 23 | + "localityName" => $this->localityName, |
|
| 24 | + "organizationName" => $this->organizationName, |
|
| 25 | + "organizationalUnitName" => $this->organizationalUnitName, |
|
| 26 | + "commonName" => $this->commonName, |
|
| 27 | + "emailAddress" => $this->emailAddress, |
|
| 28 | + ]; |
|
| 29 | + $config = ['config' => OPENSSL_CONF_PATH]; |
|
| 30 | + $daysvalid = 365; |
|
| 31 | + $privkey = openssl_pkey_new(); |
|
| 32 | + $csr = openssl_csr_new($dn, $privkey, $config); |
|
| 33 | + $this->validFrom = time(); |
|
| 34 | + $this->validTo = time() + (86400 * 365); |
|
| 35 | + $sscert = openssl_csr_sign($csr, null, $privkey, $daysvalid, $config); |
|
| 36 | + openssl_x509_export($sscert, $publickey); |
|
| 37 | 37 | |
| 38 | - $this->certdata = $publickey; |
|
| 39 | - $this->cert = new Certificate($this->certdata); |
|
| 40 | - } |
|
| 38 | + $this->certdata = $publickey; |
|
| 39 | + $this->cert = new Certificate($this->certdata); |
|
| 40 | + } |
|
| 41 | 41 | |
| 42 | - public function testEmailaddress() { |
|
| 43 | - $this->assertEquals($this->cert->emailAddress(), $this->emailAddress); |
|
| 44 | - } |
|
| 42 | + public function testEmailaddress() { |
|
| 43 | + $this->assertEquals($this->cert->emailAddress(), $this->emailAddress); |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - public function testDerPem() { |
|
| 47 | - $pem = $this->cert->pem(); |
|
| 48 | - $der = $this->cert->der(); |
|
| 46 | + public function testDerPem() { |
|
| 47 | + $pem = $this->cert->pem(); |
|
| 48 | + $der = $this->cert->der(); |
|
| 49 | 49 | |
| 50 | - // FIXME: remove der2pem |
|
| 51 | - $this->assertEquals($pem, der2pem($der)); |
|
| 52 | - $this->assertEquals($this->certdata, $pem); |
|
| 53 | - } |
|
| 50 | + // FIXME: remove der2pem |
|
| 51 | + $this->assertEquals($pem, der2pem($der)); |
|
| 52 | + $this->assertEquals($this->certdata, $pem); |
|
| 53 | + } |
|
| 54 | 54 | |
| 55 | - public function testValidFrom() { |
|
| 56 | - $this->assertEquals($this->cert->validFrom(), $this->validFrom); |
|
| 57 | - } |
|
| 55 | + public function testValidFrom() { |
|
| 56 | + $this->assertEquals($this->cert->validFrom(), $this->validFrom); |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | - public function testValidTo() { |
|
| 60 | - $this->assertEquals($this->cert->validTo(), $this->validTo); |
|
| 61 | - } |
|
| 59 | + public function testValidTo() { |
|
| 60 | + $this->assertEquals($this->cert->validTo(), $this->validTo); |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | - public function testExpired() { |
|
| 64 | - $this->assertEquals($this->cert->valid(), false); |
|
| 65 | - } |
|
| 63 | + public function testExpired() { |
|
| 64 | + $this->assertEquals($this->cert->valid(), false); |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - public function testCAURL() { |
|
| 68 | - $this->assertEmpty($this->cert->caURL()); |
|
| 69 | - } |
|
| 67 | + public function testCAURL() { |
|
| 68 | + $this->assertEmpty($this->cert->caURL()); |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - public function testOCSPURL() { |
|
| 72 | - $this->assertEmpty($this->cert->ocspURL()); |
|
| 73 | - } |
|
| 71 | + public function testOCSPURL() { |
|
| 72 | + $this->assertEmpty($this->cert->ocspURL()); |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - public function testIssuer() { |
|
| 76 | - $issuer = $this->cert->issuer(true); |
|
| 77 | - $this->assertInternalType('object', $issuer); |
|
| 78 | - } |
|
| 75 | + public function testIssuer() { |
|
| 76 | + $issuer = $this->cert->issuer(true); |
|
| 77 | + $this->assertInternalType('object', $issuer); |
|
| 78 | + } |
|
| 79 | 79 | |
| 80 | - public function testFingerprint() { |
|
| 81 | - $this->assertNotEmpty($this->cert->fingerprint()); |
|
| 82 | - $this->assertNotEmpty($this->cert->fingerprint('md5')); |
|
| 83 | - } |
|
| 80 | + public function testFingerprint() { |
|
| 81 | + $this->assertNotEmpty($this->cert->fingerprint()); |
|
| 82 | + $this->assertNotEmpty($this->cert->fingerprint('md5')); |
|
| 83 | + } |
|
| 84 | 84 | |
| 85 | - public function testGetName() { |
|
| 86 | - $name = $this->cert->getName(); |
|
| 87 | - $this->assertContains($this->emailAddress, $name); |
|
| 88 | - $this->assertContains($this->countryName, $name); |
|
| 89 | - $this->assertContains($this->stateOrProvinceName, $name); |
|
| 90 | - } |
|
| 85 | + public function testGetName() { |
|
| 86 | + $name = $this->cert->getName(); |
|
| 87 | + $this->assertContains($this->emailAddress, $name); |
|
| 88 | + $this->assertContains($this->countryName, $name); |
|
| 89 | + $this->assertContains($this->stateOrProvinceName, $name); |
|
| 90 | + } |
|
| 91 | 91 | } |
@@ -8,43 +8,43 @@ |
||
| 8 | 8 | * @coversNothing |
| 9 | 9 | */ |
| 10 | 10 | class OCSPCertificateTest extends \PHPUnit_Framework_TestCase { |
| 11 | - protected $cert; |
|
| 11 | + protected $cert; |
|
| 12 | 12 | |
| 13 | - protected function setUp() { |
|
| 14 | - $this->certdata = file_get_contents('./test/user.crt'); |
|
| 15 | - $this->cert = new Certificate($this->certdata); |
|
| 16 | - } |
|
| 13 | + protected function setUp() { |
|
| 14 | + $this->certdata = file_get_contents('./test/user.crt'); |
|
| 15 | + $this->cert = new Certificate($this->certdata); |
|
| 16 | + } |
|
| 17 | 17 | |
| 18 | - public function testEmailaddress() { |
|
| 19 | - $this->assertEquals($this->cert->emailAddress(), '[email protected]'); |
|
| 20 | - } |
|
| 18 | + public function testEmailaddress() { |
|
| 19 | + $this->assertEquals($this->cert->emailAddress(), '[email protected]'); |
|
| 20 | + } |
|
| 21 | 21 | |
| 22 | - public function testDerPem() { |
|
| 23 | - $pem = $this->cert->pem(); |
|
| 24 | - $der = $this->cert->der(); |
|
| 22 | + public function testDerPem() { |
|
| 23 | + $pem = $this->cert->pem(); |
|
| 24 | + $der = $this->cert->der(); |
|
| 25 | 25 | |
| 26 | - // FIXME: remove der2pem |
|
| 27 | - $this->assertEquals($pem, der2pem($der)); |
|
| 28 | - $this->assertEquals($this->certdata, $pem); |
|
| 29 | - } |
|
| 26 | + // FIXME: remove der2pem |
|
| 27 | + $this->assertEquals($pem, der2pem($der)); |
|
| 28 | + $this->assertEquals($this->certdata, $pem); |
|
| 29 | + } |
|
| 30 | 30 | |
| 31 | - public function testValidFrom() { |
|
| 32 | - $this->assertEquals($this->cert->validFrom(), 1491298233); |
|
| 33 | - } |
|
| 31 | + public function testValidFrom() { |
|
| 32 | + $this->assertEquals($this->cert->validFrom(), 1491298233); |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - public function testValidTo() { |
|
| 36 | - $this->assertEquals($this->cert->validTo(), 1523698233); |
|
| 37 | - } |
|
| 35 | + public function testValidTo() { |
|
| 36 | + $this->assertEquals($this->cert->validTo(), 1523698233); |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | - public function testExpired() { |
|
| 40 | - $this->assertEquals($this->cert->valid(), false); |
|
| 41 | - } |
|
| 39 | + public function testExpired() { |
|
| 40 | + $this->assertEquals($this->cert->valid(), false); |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | - public function testCAURL() { |
|
| 44 | - $this->assertNotEmpty($this->cert->caURL()); |
|
| 45 | - } |
|
| 43 | + public function testCAURL() { |
|
| 44 | + $this->assertNotEmpty($this->cert->caURL()); |
|
| 45 | + } |
|
| 46 | 46 | |
| 47 | - public function testOCSPURL() { |
|
| 48 | - $this->assertNotEmpty($this->cert->ocspURL()); |
|
| 49 | - } |
|
| 47 | + public function testOCSPURL() { |
|
| 48 | + $this->assertNotEmpty($this->cert->ocspURL()); |
|
| 49 | + } |
|
| 50 | 50 | } |
@@ -14,110 +14,110 @@ |
||
| 14 | 14 | * @coversNothing |
| 15 | 15 | */ |
| 16 | 16 | class UploadCertificateTest extends SMIMETest { |
| 17 | - public const DAY_EPOCH = 86400; |
|
| 18 | - public const PASSPHRASE = 'test'; |
|
| 19 | - public const EMAIL_ADDRESS = '[email protected]'; |
|
| 20 | - |
|
| 21 | - // Cache private key generation |
|
| 22 | - private $privkey = ''; |
|
| 23 | - |
|
| 24 | - private function generatePKCS12($emailAddress = self::EMAIL_ADDRESS, $passphrase = self::PASSPHRASE) { |
|
| 25 | - $validFrom = time(); |
|
| 26 | - $validTo = time() + self::DAY_EPOCH * 365; |
|
| 27 | - $daysvalid = ($validTo - $validFrom) / self::DAY_EPOCH; |
|
| 28 | - $dn = [ |
|
| 29 | - "countryName" => "NL", |
|
| 30 | - "stateOrProvinceName" => "Zuid Holland", |
|
| 31 | - "localityName" => "Delft", |
|
| 32 | - "organizationName" => "grommunio", |
|
| 33 | - "organizationalUnitName" => "Dev", |
|
| 34 | - "commonName" => "John", |
|
| 35 | - "emailAddress" => $emailAddress, |
|
| 36 | - ]; |
|
| 37 | - $config = ['config' => OPENSSL_CONF_PATH]; |
|
| 38 | - if (empty($this->privkey)) { |
|
| 39 | - $this->privkey = openssl_pkey_new(); |
|
| 40 | - } |
|
| 41 | - |
|
| 42 | - $csr = openssl_csr_new($dn, $this->privkey, $config); |
|
| 43 | - $sscert = openssl_csr_sign($csr, null, $this->privkey, $daysvalid, $config); |
|
| 44 | - openssl_x509_export($sscert, $publickey); |
|
| 45 | - openssl_pkcs12_export($publickey, $out, $this->privkey, $passphrase); |
|
| 46 | - |
|
| 47 | - return $out; |
|
| 48 | - } |
|
| 49 | - |
|
| 50 | - /** |
|
| 51 | - * @param string $days string formatted as -500d or +500d |
|
| 52 | - */ |
|
| 53 | - private function generatePKCS12Faketime($days) { |
|
| 54 | - $libfaketime = '/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1'; |
|
| 55 | - if (!file_exists($libfaketime)) { |
|
| 56 | - // Arch libfaketime location |
|
| 57 | - $libfaketime = '/usr/lib/faketime/libfaketime.so.1'; |
|
| 58 | - } |
|
| 59 | - |
|
| 60 | - return base64_decode(shell_exec("LD_PRELOAD='{$libfaketime}' FAKETIME={$days} php ./test/create_pkcs12.php")); |
|
| 61 | - } |
|
| 62 | - |
|
| 63 | - /** |
|
| 64 | - * Test a valid generate certificate. |
|
| 65 | - */ |
|
| 66 | - public function testValidCert() { |
|
| 67 | - $pkcs12 = $this->generatePKCS12(); |
|
| 68 | - list($message, $cert, $data) = validateUploadedPKCS($pkcs12, self::PASSPHRASE, self::EMAIL_ADDRESS); |
|
| 69 | - $this->assertEquals($message, ''); |
|
| 70 | - $this->assertNotEmpty($cert); |
|
| 71 | - $this->assertNotEmpty($data); |
|
| 72 | - } |
|
| 73 | - |
|
| 74 | - /** |
|
| 75 | - * Test an invalid PKCS#12 format. |
|
| 76 | - */ |
|
| 77 | - public function testFaultyPKCS12() { |
|
| 78 | - $this->assertEquals(validateUploadedPKCS('burp', 'burp', '[email protected]')[0], 'Unable to decrypt certificate'); |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - /** |
|
| 82 | - * Test an incorrect passphrase. |
|
| 83 | - */ |
|
| 84 | - public function testIncorrectPassphrase() { |
|
| 85 | - $pkcs12 = $this->generatePKCS12(); |
|
| 86 | - $this->assertEquals(validateUploadedPKCS($pkcs12, 'burp', '[email protected]')[0], 'Unable to decrypt certificate'); |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - /** |
|
| 90 | - * Test incorrect email address, which does not match the account <-> cert. |
|
| 91 | - */ |
|
| 92 | - public function testIncorrectEmailAddress() { |
|
| 93 | - $pkcs12 = $this->generatePKCS12(); |
|
| 94 | - $this->assertEquals( |
|
| 95 | - validateUploadedPKCS($pkcs12, self::PASSPHRASE, '[email protected]')[0], |
|
| 96 | - "Certificate email address doesn't match grommunio Web account " . self::EMAIL_ADDRESS |
|
| 97 | - ); |
|
| 98 | - } |
|
| 99 | - |
|
| 100 | - /** |
|
| 101 | - * Test an expired certificate. |
|
| 102 | - */ |
|
| 103 | - public function testCertificateDateExpired() { |
|
| 104 | - $pkcs12 = $this->generatePKCS12Faketime('-500d'); |
|
| 105 | - list($message, $cert, $data) = validateUploadedPKCS($pkcs12, self::PASSPHRASE, self::EMAIL_ADDRESS); |
|
| 106 | - $validTo = date('Y-m-d', $data['validTo_time_t']); |
|
| 107 | - |
|
| 108 | - $this->assertEquals($message, sprintf("Certificate was expired on %s. Certificate has not been imported", $validTo)); |
|
| 109 | - $this->assertNotEmpty($cert); |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - /** |
|
| 113 | - * Test an certificate in the future. |
|
| 114 | - */ |
|
| 115 | - public function testCertificateNotValid() { |
|
| 116 | - $pkcs12 = $this->generatePKCS12Faketime('+500d'); |
|
| 117 | - list($message, $cert, $data) = validateUploadedPKCS($pkcs12, self::PASSPHRASE, self::EMAIL_ADDRESS); |
|
| 118 | - $validFrom = date('Y-m-d', $data['validFrom_time_t']); |
|
| 119 | - |
|
| 120 | - $this->assertEquals($message, sprintf("Certificate is not yet valid %s. Certificate has not been imported", $validFrom)); |
|
| 121 | - $this->assertNotEmpty($cert); |
|
| 122 | - } |
|
| 17 | + public const DAY_EPOCH = 86400; |
|
| 18 | + public const PASSPHRASE = 'test'; |
|
| 19 | + public const EMAIL_ADDRESS = '[email protected]'; |
|
| 20 | + |
|
| 21 | + // Cache private key generation |
|
| 22 | + private $privkey = ''; |
|
| 23 | + |
|
| 24 | + private function generatePKCS12($emailAddress = self::EMAIL_ADDRESS, $passphrase = self::PASSPHRASE) { |
|
| 25 | + $validFrom = time(); |
|
| 26 | + $validTo = time() + self::DAY_EPOCH * 365; |
|
| 27 | + $daysvalid = ($validTo - $validFrom) / self::DAY_EPOCH; |
|
| 28 | + $dn = [ |
|
| 29 | + "countryName" => "NL", |
|
| 30 | + "stateOrProvinceName" => "Zuid Holland", |
|
| 31 | + "localityName" => "Delft", |
|
| 32 | + "organizationName" => "grommunio", |
|
| 33 | + "organizationalUnitName" => "Dev", |
|
| 34 | + "commonName" => "John", |
|
| 35 | + "emailAddress" => $emailAddress, |
|
| 36 | + ]; |
|
| 37 | + $config = ['config' => OPENSSL_CONF_PATH]; |
|
| 38 | + if (empty($this->privkey)) { |
|
| 39 | + $this->privkey = openssl_pkey_new(); |
|
| 40 | + } |
|
| 41 | + |
|
| 42 | + $csr = openssl_csr_new($dn, $this->privkey, $config); |
|
| 43 | + $sscert = openssl_csr_sign($csr, null, $this->privkey, $daysvalid, $config); |
|
| 44 | + openssl_x509_export($sscert, $publickey); |
|
| 45 | + openssl_pkcs12_export($publickey, $out, $this->privkey, $passphrase); |
|
| 46 | + |
|
| 47 | + return $out; |
|
| 48 | + } |
|
| 49 | + |
|
| 50 | + /** |
|
| 51 | + * @param string $days string formatted as -500d or +500d |
|
| 52 | + */ |
|
| 53 | + private function generatePKCS12Faketime($days) { |
|
| 54 | + $libfaketime = '/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1'; |
|
| 55 | + if (!file_exists($libfaketime)) { |
|
| 56 | + // Arch libfaketime location |
|
| 57 | + $libfaketime = '/usr/lib/faketime/libfaketime.so.1'; |
|
| 58 | + } |
|
| 59 | + |
|
| 60 | + return base64_decode(shell_exec("LD_PRELOAD='{$libfaketime}' FAKETIME={$days} php ./test/create_pkcs12.php")); |
|
| 61 | + } |
|
| 62 | + |
|
| 63 | + /** |
|
| 64 | + * Test a valid generate certificate. |
|
| 65 | + */ |
|
| 66 | + public function testValidCert() { |
|
| 67 | + $pkcs12 = $this->generatePKCS12(); |
|
| 68 | + list($message, $cert, $data) = validateUploadedPKCS($pkcs12, self::PASSPHRASE, self::EMAIL_ADDRESS); |
|
| 69 | + $this->assertEquals($message, ''); |
|
| 70 | + $this->assertNotEmpty($cert); |
|
| 71 | + $this->assertNotEmpty($data); |
|
| 72 | + } |
|
| 73 | + |
|
| 74 | + /** |
|
| 75 | + * Test an invalid PKCS#12 format. |
|
| 76 | + */ |
|
| 77 | + public function testFaultyPKCS12() { |
|
| 78 | + $this->assertEquals(validateUploadedPKCS('burp', 'burp', '[email protected]')[0], 'Unable to decrypt certificate'); |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + /** |
|
| 82 | + * Test an incorrect passphrase. |
|
| 83 | + */ |
|
| 84 | + public function testIncorrectPassphrase() { |
|
| 85 | + $pkcs12 = $this->generatePKCS12(); |
|
| 86 | + $this->assertEquals(validateUploadedPKCS($pkcs12, 'burp', '[email protected]')[0], 'Unable to decrypt certificate'); |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + /** |
|
| 90 | + * Test incorrect email address, which does not match the account <-> cert. |
|
| 91 | + */ |
|
| 92 | + public function testIncorrectEmailAddress() { |
|
| 93 | + $pkcs12 = $this->generatePKCS12(); |
|
| 94 | + $this->assertEquals( |
|
| 95 | + validateUploadedPKCS($pkcs12, self::PASSPHRASE, '[email protected]')[0], |
|
| 96 | + "Certificate email address doesn't match grommunio Web account " . self::EMAIL_ADDRESS |
|
| 97 | + ); |
|
| 98 | + } |
|
| 99 | + |
|
| 100 | + /** |
|
| 101 | + * Test an expired certificate. |
|
| 102 | + */ |
|
| 103 | + public function testCertificateDateExpired() { |
|
| 104 | + $pkcs12 = $this->generatePKCS12Faketime('-500d'); |
|
| 105 | + list($message, $cert, $data) = validateUploadedPKCS($pkcs12, self::PASSPHRASE, self::EMAIL_ADDRESS); |
|
| 106 | + $validTo = date('Y-m-d', $data['validTo_time_t']); |
|
| 107 | + |
|
| 108 | + $this->assertEquals($message, sprintf("Certificate was expired on %s. Certificate has not been imported", $validTo)); |
|
| 109 | + $this->assertNotEmpty($cert); |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + /** |
|
| 113 | + * Test an certificate in the future. |
|
| 114 | + */ |
|
| 115 | + public function testCertificateNotValid() { |
|
| 116 | + $pkcs12 = $this->generatePKCS12Faketime('+500d'); |
|
| 117 | + list($message, $cert, $data) = validateUploadedPKCS($pkcs12, self::PASSPHRASE, self::EMAIL_ADDRESS); |
|
| 118 | + $validFrom = date('Y-m-d', $data['validFrom_time_t']); |
|
| 119 | + |
|
| 120 | + $this->assertEquals($message, sprintf("Certificate is not yet valid %s. Certificate has not been imported", $validFrom)); |
|
| 121 | + $this->assertNotEmpty($cert); |
|
| 122 | + } |
|
| 123 | 123 | } |
@@ -11,368 +11,368 @@ |
||
| 11 | 11 | * Certificate Revocation List (CRL) Profile (http://www.ietf.org/rfc/rfc5280.txt) |
| 12 | 12 | */ |
| 13 | 13 | class X509Helper extends Der { |
| 14 | - public function generalName() { |
|
| 15 | - $tag = $this->peek(); |
|
| 16 | - |
|
| 17 | - switch ($tag) { |
|
| 18 | - case 0: |
|
| 19 | - $res['otherName'] = $this->oid(-6); |
|
| 20 | - break; |
|
| 21 | - |
|
| 22 | - case 1: |
|
| 23 | - $res['rfc822Name'] = $this->next(-22); |
|
| 24 | - break; |
|
| 25 | - |
|
| 26 | - case 2: |
|
| 27 | - $res['dNSName'] = $this->next(-22); |
|
| 28 | - break; |
|
| 29 | - |
|
| 30 | - case 4: |
|
| 31 | - $this->next(4); |
|
| 32 | - $res['directoryName'] = $this->name(); |
|
| 33 | - $res['directoryName_'] = $this->nameasstring($res['directoryName']); |
|
| 34 | - break; |
|
| 35 | - |
|
| 36 | - case 6: |
|
| 37 | - $res['uniformResourceIdentifier'] = $this->next(-22); |
|
| 38 | - break; |
|
| 39 | - |
|
| 40 | - default: |
|
| 41 | - throw new \Exception("Unsupported GeneralName: {$tag}"); |
|
| 14 | + public function generalName() { |
|
| 15 | + $tag = $this->peek(); |
|
| 16 | + |
|
| 17 | + switch ($tag) { |
|
| 18 | + case 0: |
|
| 19 | + $res['otherName'] = $this->oid(-6); |
|
| 20 | + break; |
|
| 21 | + |
|
| 22 | + case 1: |
|
| 23 | + $res['rfc822Name'] = $this->next(-22); |
|
| 24 | + break; |
|
| 25 | + |
|
| 26 | + case 2: |
|
| 27 | + $res['dNSName'] = $this->next(-22); |
|
| 28 | + break; |
|
| 29 | + |
|
| 30 | + case 4: |
|
| 31 | + $this->next(4); |
|
| 32 | + $res['directoryName'] = $this->name(); |
|
| 33 | + $res['directoryName_'] = $this->nameasstring($res['directoryName']); |
|
| 34 | + break; |
|
| 35 | + |
|
| 36 | + case 6: |
|
| 37 | + $res['uniformResourceIdentifier'] = $this->next(-22); |
|
| 38 | + break; |
|
| 39 | + |
|
| 40 | + default: |
|
| 41 | + throw new \Exception("Unsupported GeneralName: {$tag}"); |
|
| 42 | 42 | # trigger_error("Unsupported GeneralName: $tag", E_USER_ERROR); |
| 43 | - } |
|
| 44 | - |
|
| 45 | - return $res; |
|
| 46 | - } |
|
| 47 | - |
|
| 48 | - public function generalNames($tag = null) { |
|
| 49 | - $res = []; |
|
| 50 | - $this->beginsequence($tag); |
|
| 51 | - while ($this->in()) { |
|
| 52 | - $res[] = $this->generalName(); |
|
| 53 | - } |
|
| 54 | - $this->end(); |
|
| 55 | - |
|
| 56 | - return $res; |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - public function nameasstring($name) { |
|
| 60 | - $rdnd = ''; |
|
| 61 | - $res = ''; |
|
| 62 | - $abbvrs = [ |
|
| 63 | - 'countryName' => 'c', |
|
| 64 | - 'organizationName' => 'o', |
|
| 65 | - 'commonName' => 'cn', |
|
| 66 | - 'stateOrProvinceName' => 'state', |
|
| 67 | - 'localityName' => 'l', |
|
| 68 | - 'organizationalUnitName' => 'ou', |
|
| 69 | - 'domainComponent' => 'dc', |
|
| 70 | - ]; |
|
| 71 | - foreach ($name as $rdn) { |
|
| 72 | - $mrdnd = ''; |
|
| 73 | - $r = ""; |
|
| 74 | - foreach ($rdn as $type => $value) { |
|
| 75 | - if (substr($type, -1) == '*') { |
|
| 76 | - continue; |
|
| 77 | - } |
|
| 78 | - $type = empty($abbvrs[$type]) ? $type : $abbvrs[$type]; |
|
| 79 | - $r .= $mrdnd . $type . '=' . $value; |
|
| 80 | - $mrdnd = '+'; |
|
| 81 | - } |
|
| 82 | - $res .= $rdnd . $r; |
|
| 83 | - $rdnd = ','; |
|
| 84 | - } |
|
| 85 | - |
|
| 86 | - return $res; |
|
| 87 | - } |
|
| 43 | + } |
|
| 44 | + |
|
| 45 | + return $res; |
|
| 46 | + } |
|
| 47 | + |
|
| 48 | + public function generalNames($tag = null) { |
|
| 49 | + $res = []; |
|
| 50 | + $this->beginsequence($tag); |
|
| 51 | + while ($this->in()) { |
|
| 52 | + $res[] = $this->generalName(); |
|
| 53 | + } |
|
| 54 | + $this->end(); |
|
| 55 | + |
|
| 56 | + return $res; |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + public function nameasstring($name) { |
|
| 60 | + $rdnd = ''; |
|
| 61 | + $res = ''; |
|
| 62 | + $abbvrs = [ |
|
| 63 | + 'countryName' => 'c', |
|
| 64 | + 'organizationName' => 'o', |
|
| 65 | + 'commonName' => 'cn', |
|
| 66 | + 'stateOrProvinceName' => 'state', |
|
| 67 | + 'localityName' => 'l', |
|
| 68 | + 'organizationalUnitName' => 'ou', |
|
| 69 | + 'domainComponent' => 'dc', |
|
| 70 | + ]; |
|
| 71 | + foreach ($name as $rdn) { |
|
| 72 | + $mrdnd = ''; |
|
| 73 | + $r = ""; |
|
| 74 | + foreach ($rdn as $type => $value) { |
|
| 75 | + if (substr($type, -1) == '*') { |
|
| 76 | + continue; |
|
| 77 | + } |
|
| 78 | + $type = empty($abbvrs[$type]) ? $type : $abbvrs[$type]; |
|
| 79 | + $r .= $mrdnd . $type . '=' . $value; |
|
| 80 | + $mrdnd = '+'; |
|
| 81 | + } |
|
| 82 | + $res .= $rdnd . $r; |
|
| 83 | + $rdnd = ','; |
|
| 84 | + } |
|
| 85 | + |
|
| 86 | + return $res; |
|
| 87 | + } |
|
| 88 | 88 | } |
| 89 | 89 | |
| 90 | 90 | class X509 extends Der { |
| 91 | - protected $xtns; |
|
| 92 | - |
|
| 93 | - protected $keyUsages = [ |
|
| 94 | - 'digitalSignature', |
|
| 95 | - 'contentCommitment', |
|
| 96 | - 'keyEncipherment', |
|
| 97 | - 'dataEncipherment', |
|
| 98 | - 'keyAgreement', |
|
| 99 | - 'keyCertSign', |
|
| 100 | - 'cRLSign', |
|
| 101 | - 'encipherOnly', |
|
| 102 | - 'decipherOnly', |
|
| 103 | - ]; |
|
| 104 | - |
|
| 105 | - public function __construct() { |
|
| 106 | - $this->xtns = new X509Helper(); |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - public function certificate($der) { |
|
| 110 | - $this->init($der); |
|
| 111 | - |
|
| 112 | - return $this->certificate_do(); |
|
| 113 | - } |
|
| 114 | - |
|
| 115 | - protected function certificate_do() { |
|
| 116 | - $cert['certificate_der'] = $this->der(); # inclusive signatureAlgorithm and signature |
|
| 117 | - $this->beginsequence(); |
|
| 118 | - $cert['tbsCertificate'] = $this->tbsCertificate(); |
|
| 119 | - $cert['signatureAlgorithm'] = $this->signatureAlgorithm(); |
|
| 120 | - $cert['signature'] = $this->next(3); |
|
| 121 | - $this->end(); |
|
| 122 | - |
|
| 123 | - return $cert; |
|
| 124 | - # print_r($cert); |
|
| 125 | - } |
|
| 126 | - |
|
| 127 | - protected function tbsCertificate() { |
|
| 128 | - $res['tbsCertificate_der'] = $this->der(); |
|
| 129 | - $this->beginsequence(); |
|
| 130 | - $res['version'] = 0; |
|
| 131 | - if ($this->peek(0)) { |
|
| 132 | - $res['version'] = $this->next(2); |
|
| 133 | - } |
|
| 134 | - $res['serialNumber_der'] = $this->der(); |
|
| 135 | - $res['serialNumber'] = $this->next(2); |
|
| 136 | - $res['signature'] = $this->signatureAlgorithm(); |
|
| 137 | - $res['issuer_der'] = $this->der(); |
|
| 138 | - $res['issuer'] = $this->name(); |
|
| 139 | - $res['issuer_'] = $this->xtns->nameasstring($res['issuer']); |
|
| 140 | - $res['validity'] = $this->validity(); |
|
| 141 | - $res['subject_der'] = $this->der(); |
|
| 142 | - $res['subject'] = $this->name(); |
|
| 143 | - $res['subject_'] = $this->xtns->nameasstring($res['subject']); |
|
| 144 | - $this->beginsequence(); |
|
| 145 | - $res['subjectPublicKeyInfo']['algorithm'] = $this->signatureAlgorithm(); |
|
| 146 | - $res['subjectPublicKeyInfo']['subjectPublicKey'] = $this->next(3); |
|
| 147 | - $this->end(); |
|
| 148 | - if ($this->peek() == 1) { # issuerUniqueID IMPLICIT |
|
| 149 | - $this->next(1); |
|
| 150 | - } |
|
| 151 | - if ($this->peek() == 2) { # subjectUniqueID IMPLICIT |
|
| 152 | - $this->next(1); |
|
| 153 | - } |
|
| 154 | - if ($this->peek(3)) { |
|
| 155 | - $res['extensions'] = $this->extensions(); |
|
| 156 | - } |
|
| 157 | - $this->end(); |
|
| 158 | - |
|
| 159 | - return $res; |
|
| 160 | - } |
|
| 161 | - |
|
| 162 | - protected function validity() { |
|
| 163 | - $this->beginsequence(); |
|
| 164 | - $res = ['notBefore' => $this->time(), 'notAfter' => $this->time()]; |
|
| 165 | - $this->end(); |
|
| 166 | - |
|
| 167 | - return $res; |
|
| 168 | - } |
|
| 169 | - |
|
| 170 | - protected function keyUsage($der) { |
|
| 171 | - $this->xtns->init($der); |
|
| 172 | - $bitstring = $this->xtns->next(3); |
|
| 173 | - |
|
| 174 | - /* |
|
| 91 | + protected $xtns; |
|
| 92 | + |
|
| 93 | + protected $keyUsages = [ |
|
| 94 | + 'digitalSignature', |
|
| 95 | + 'contentCommitment', |
|
| 96 | + 'keyEncipherment', |
|
| 97 | + 'dataEncipherment', |
|
| 98 | + 'keyAgreement', |
|
| 99 | + 'keyCertSign', |
|
| 100 | + 'cRLSign', |
|
| 101 | + 'encipherOnly', |
|
| 102 | + 'decipherOnly', |
|
| 103 | + ]; |
|
| 104 | + |
|
| 105 | + public function __construct() { |
|
| 106 | + $this->xtns = new X509Helper(); |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + public function certificate($der) { |
|
| 110 | + $this->init($der); |
|
| 111 | + |
|
| 112 | + return $this->certificate_do(); |
|
| 113 | + } |
|
| 114 | + |
|
| 115 | + protected function certificate_do() { |
|
| 116 | + $cert['certificate_der'] = $this->der(); # inclusive signatureAlgorithm and signature |
|
| 117 | + $this->beginsequence(); |
|
| 118 | + $cert['tbsCertificate'] = $this->tbsCertificate(); |
|
| 119 | + $cert['signatureAlgorithm'] = $this->signatureAlgorithm(); |
|
| 120 | + $cert['signature'] = $this->next(3); |
|
| 121 | + $this->end(); |
|
| 122 | + |
|
| 123 | + return $cert; |
|
| 124 | + # print_r($cert); |
|
| 125 | + } |
|
| 126 | + |
|
| 127 | + protected function tbsCertificate() { |
|
| 128 | + $res['tbsCertificate_der'] = $this->der(); |
|
| 129 | + $this->beginsequence(); |
|
| 130 | + $res['version'] = 0; |
|
| 131 | + if ($this->peek(0)) { |
|
| 132 | + $res['version'] = $this->next(2); |
|
| 133 | + } |
|
| 134 | + $res['serialNumber_der'] = $this->der(); |
|
| 135 | + $res['serialNumber'] = $this->next(2); |
|
| 136 | + $res['signature'] = $this->signatureAlgorithm(); |
|
| 137 | + $res['issuer_der'] = $this->der(); |
|
| 138 | + $res['issuer'] = $this->name(); |
|
| 139 | + $res['issuer_'] = $this->xtns->nameasstring($res['issuer']); |
|
| 140 | + $res['validity'] = $this->validity(); |
|
| 141 | + $res['subject_der'] = $this->der(); |
|
| 142 | + $res['subject'] = $this->name(); |
|
| 143 | + $res['subject_'] = $this->xtns->nameasstring($res['subject']); |
|
| 144 | + $this->beginsequence(); |
|
| 145 | + $res['subjectPublicKeyInfo']['algorithm'] = $this->signatureAlgorithm(); |
|
| 146 | + $res['subjectPublicKeyInfo']['subjectPublicKey'] = $this->next(3); |
|
| 147 | + $this->end(); |
|
| 148 | + if ($this->peek() == 1) { # issuerUniqueID IMPLICIT |
|
| 149 | + $this->next(1); |
|
| 150 | + } |
|
| 151 | + if ($this->peek() == 2) { # subjectUniqueID IMPLICIT |
|
| 152 | + $this->next(1); |
|
| 153 | + } |
|
| 154 | + if ($this->peek(3)) { |
|
| 155 | + $res['extensions'] = $this->extensions(); |
|
| 156 | + } |
|
| 157 | + $this->end(); |
|
| 158 | + |
|
| 159 | + return $res; |
|
| 160 | + } |
|
| 161 | + |
|
| 162 | + protected function validity() { |
|
| 163 | + $this->beginsequence(); |
|
| 164 | + $res = ['notBefore' => $this->time(), 'notAfter' => $this->time()]; |
|
| 165 | + $this->end(); |
|
| 166 | + |
|
| 167 | + return $res; |
|
| 168 | + } |
|
| 169 | + |
|
| 170 | + protected function keyUsage($der) { |
|
| 171 | + $this->xtns->init($der); |
|
| 172 | + $bitstring = $this->xtns->next(3); |
|
| 173 | + |
|
| 174 | + /* |
|
| 175 | 175 | Convert to 'binary' string - '1' in front to not have prefix zeroes removed |
| 176 | 176 | Let go of the last ord(substr($ku[0]['value'], 0, 1) bits as per the BIT STRING der spec |
| 177 | 177 | as well as the '1' prefix from above |
| 178 | 178 | */ |
| 179 | 179 | |
| 180 | - $unusedbits = ord(substr($bitstring, 0, 1)); |
|
| 181 | - $ku = base_convert(bin2hex(chr(1) . substr($bitstring, 1)), 16, 2); |
|
| 182 | - $ku = substr($ku, 1, -$unusedbits); |
|
| 183 | - $res = []; |
|
| 184 | - for ($c = 0; $c < strlen($ku); ++$c) { |
|
| 185 | - if ($ku[$c]) { |
|
| 186 | - $res[$this->keyUsages[$c]] = 1; |
|
| 187 | - } |
|
| 188 | - } |
|
| 189 | - |
|
| 190 | - return $res; |
|
| 191 | - } |
|
| 192 | - |
|
| 193 | - protected function authorityInfoAccess($der) { |
|
| 194 | - $this->xtns->init($der); |
|
| 195 | - $this->xtns->beginsequence(); |
|
| 196 | - while ($this->xtns->in()) { |
|
| 197 | - $this->xtns->beginsequence(); |
|
| 198 | - $accessMethod = $this->xtns->oid(); |
|
| 199 | - $res[$accessMethod][] = [ |
|
| 200 | - # 'accessMethod' => $accessMethod, |
|
| 201 | - 'accessLocation' => $this->xtns->generalName(), |
|
| 202 | - ]; |
|
| 203 | - $this->xtns->end(); |
|
| 204 | - } |
|
| 205 | - $this->xtns->end(); |
|
| 206 | - |
|
| 207 | - return $res; |
|
| 208 | - } |
|
| 209 | - |
|
| 210 | - protected function certificatePolicies($der) { |
|
| 211 | - $this->xtns->init($der); |
|
| 212 | - |
|
| 213 | - $res = []; |
|
| 214 | - $this->xtns->beginsequence(); |
|
| 215 | - while ($this->xtns->in()) { |
|
| 216 | - $this->xtns->beginsequence(); |
|
| 217 | - $PolicyInformation['policyIdentifier'] = $this->xtns->oid(); |
|
| 218 | - if ($this->xtns->in()) { |
|
| 219 | - $this->xtns->beginsequence(); |
|
| 220 | - while ($this->xtns->in()) { |
|
| 221 | - $this->xtns->beginsequence(); |
|
| 222 | - $policyQualifier = []; |
|
| 223 | - $policyQualifierId = $this->xtns->oid(); |
|
| 224 | - $policyQualifier['policyQualifierId'] = $policyQualifierId; |
|
| 225 | - if ($policyQualifierId == 'cps') { |
|
| 226 | - $policyQualifier['cPSuri'] = $this->xtns->next(22); |
|
| 227 | - } |
|
| 228 | - elseif ($policyQualifierId == 'unotice') { |
|
| 229 | - $this->xtns->beginsequence(); |
|
| 230 | - if ($this->xtns->peek() == 16) { |
|
| 231 | - $this->xtns->beginsequence(); |
|
| 232 | - $policyQualifier['UserNotice']['noticeRef']['organisation'] = $this->xtns->next(); |
|
| 233 | - $this->xtns->beginsequence(); |
|
| 234 | - while ($this->xtns->in()) { |
|
| 235 | - $policyQualifier['UserNotice']['noticeRef']['noticeNumbers'][] = $this->xtns->next(2); |
|
| 236 | - } |
|
| 237 | - $this->xtns->end(); |
|
| 238 | - $this->xtns->end(); |
|
| 239 | - } |
|
| 240 | - if ($this->xtns->in()) { |
|
| 241 | - $policyQualifier['UserNotice']['explicitText'] = $this->xtns->next(); |
|
| 242 | - } |
|
| 243 | - $this->xtns->end(); |
|
| 244 | - } |
|
| 245 | - |
|
| 246 | - $PolicyInformation['qualifier'][] = $policyQualifier; |
|
| 247 | - $this->xtns->end(); |
|
| 248 | - } |
|
| 249 | - $this->xtns->end(); |
|
| 250 | - } |
|
| 251 | - $this->xtns->end(); |
|
| 252 | - $res[] = $PolicyInformation; |
|
| 253 | - } |
|
| 254 | - $this->xtns->end(); |
|
| 255 | - |
|
| 256 | - return $res; |
|
| 257 | - } |
|
| 258 | - |
|
| 259 | - protected function cRLDistributionPoints($der) { |
|
| 260 | - $this->xtns->init($der); |
|
| 261 | - $this->xtns->beginsequence(); |
|
| 262 | - while ($this->xtns->in()) { |
|
| 263 | - $res = []; |
|
| 264 | - $this->xtns->beginsequence(); |
|
| 265 | - if ($this->xtns->peek(0)) { |
|
| 266 | - if ($this->xtns->peek() == 0) { |
|
| 267 | - $res['distributionPoint']['fullname'][] = $this->xtns->generalnames(0); |
|
| 268 | - } |
|
| 269 | - if ($this->xtns->peek() == 1) { |
|
| 270 | - $res['distributionPoint']['nameRelativeToCRLIssuer'][] = $this->xtns->name(1); |
|
| 271 | - } |
|
| 272 | - } |
|
| 273 | - if ($this->xtns->peek() == 1) { |
|
| 274 | - $res['reasons'] = $this->xtns->next(1); |
|
| 275 | - } |
|
| 276 | - if ($this->xtns->peek() == 2) { |
|
| 277 | - $res['cRLIssuer'] = $this->xtns->next(2); |
|
| 278 | - } |
|
| 279 | - $this->xtns->end(); |
|
| 280 | - $crldps[] = $res; |
|
| 281 | - } |
|
| 282 | - $this->xtns->end(); |
|
| 283 | - |
|
| 284 | - return $crldps; |
|
| 285 | - } |
|
| 286 | - |
|
| 287 | - protected function authorityKeyIdentifier($der) { |
|
| 288 | - $this->xtns->init($der); |
|
| 289 | - $this->xtns->beginsequence(); |
|
| 290 | - if ($this->xtns->peek() == 0) { |
|
| 291 | - $res['keyIdentifier'] = chunk_split(bin2hex($this->xtns->next()), 2, ':'); |
|
| 292 | - } |
|
| 293 | - if ($this->xtns->in() && $this->xtns->peek() == 1) { |
|
| 294 | - $res['authorityCertIssuer'] = $this->xtns->GeneralNames(); |
|
| 295 | - } |
|
| 296 | - if ($this->xtns->in() && $this->xtns->peek() == 2) { |
|
| 297 | - $res['authorityCertSerialNumber'] = $this->xtns->next(); |
|
| 298 | - } |
|
| 299 | - $this->xtns->end(); |
|
| 300 | - |
|
| 301 | - return $res; |
|
| 302 | - } |
|
| 303 | - |
|
| 304 | - protected function subjectKeyIdentifier($der) { |
|
| 305 | - $this->xtns->init($der); |
|
| 306 | - $res['keyIdentifier'] = chunk_split(bin2hex($this->xtns->next(4)), 2, ':'); |
|
| 307 | - |
|
| 308 | - return $res; |
|
| 309 | - } |
|
| 310 | - |
|
| 311 | - protected function basicConstraints($der) { |
|
| 312 | - $res['cA'] = false; |
|
| 313 | - $this->xtns->init($der); |
|
| 314 | - $this->xtns->beginsequence(); |
|
| 315 | - if ($this->xtns->in()) { |
|
| 316 | - $res['cA'] = $this->xtns->next(1); |
|
| 317 | - } |
|
| 318 | - # pathLenConstraint optional even if cA is true ??? |
|
| 319 | - if ($res['cA'] && $this->xtns->in()) { |
|
| 320 | - $res['pathLenConstraint'] = $this->xtns->next(2); |
|
| 321 | - } |
|
| 322 | - $this->xtns->end(); |
|
| 323 | - |
|
| 324 | - return $res; |
|
| 325 | - } |
|
| 326 | - |
|
| 327 | - protected function extKeyUsage($der) { |
|
| 328 | - $this->xtns->init($der); |
|
| 329 | - $this->xtns->beginsequence(); |
|
| 330 | - while ($this->xtns->in()) { |
|
| 331 | - $res[$this->xtns->oid()] = 1; |
|
| 332 | - } |
|
| 333 | - $this->xtns->end(); |
|
| 334 | - |
|
| 335 | - return $res; |
|
| 336 | - } |
|
| 337 | - |
|
| 338 | - protected function subjectAltName($der) { |
|
| 339 | - $this->xtns->init($der); |
|
| 340 | - $this->xtns->beginsequence(); |
|
| 341 | - while ($this->xtns->in()) { |
|
| 342 | - $res['subjectAltName'][] = $this->xtns->generalName(); |
|
| 343 | - } |
|
| 344 | - $this->xtns->end(); |
|
| 345 | - |
|
| 346 | - return $res; |
|
| 347 | - } |
|
| 348 | - |
|
| 349 | - protected function privateKeyUsagePeriod($der) { |
|
| 350 | - $this->xtns->init($der); |
|
| 351 | - $this->xtns->beginsequence(); |
|
| 352 | - if ($this->xtns->in() && $this->xtns->peek() == 0) { |
|
| 353 | - $res['notBefore'] = $this->xtns->time(-24); |
|
| 354 | - } |
|
| 355 | - if ($this->xtns->in() && $this->xtns->peek() == 1) { |
|
| 356 | - $res['notAfter'] = $this->xtns->time(-24); |
|
| 357 | - } |
|
| 358 | - $this->xtns->end(); |
|
| 359 | - |
|
| 360 | - return $res; |
|
| 361 | - } |
|
| 362 | - |
|
| 363 | - protected function ocspNoCheck($der) { |
|
| 364 | - $this->xtns->init($der); |
|
| 365 | - |
|
| 366 | - return $this->xtns->next(); |
|
| 367 | - } |
|
| 368 | - |
|
| 369 | - # RFC 2313 p. 15 ... |
|
| 370 | - |
|
| 371 | - public function RSASignatureValue($der) { |
|
| 372 | - $this->xtns->init($der); |
|
| 373 | - $res['digestAlgorithm']['algorithm'] = $this->xtns->oid(); |
|
| 374 | - $res['digestAlgorithm']['parameters'] = $this->next(); |
|
| 375 | - |
|
| 376 | - return $res; |
|
| 377 | - } |
|
| 180 | + $unusedbits = ord(substr($bitstring, 0, 1)); |
|
| 181 | + $ku = base_convert(bin2hex(chr(1) . substr($bitstring, 1)), 16, 2); |
|
| 182 | + $ku = substr($ku, 1, -$unusedbits); |
|
| 183 | + $res = []; |
|
| 184 | + for ($c = 0; $c < strlen($ku); ++$c) { |
|
| 185 | + if ($ku[$c]) { |
|
| 186 | + $res[$this->keyUsages[$c]] = 1; |
|
| 187 | + } |
|
| 188 | + } |
|
| 189 | + |
|
| 190 | + return $res; |
|
| 191 | + } |
|
| 192 | + |
|
| 193 | + protected function authorityInfoAccess($der) { |
|
| 194 | + $this->xtns->init($der); |
|
| 195 | + $this->xtns->beginsequence(); |
|
| 196 | + while ($this->xtns->in()) { |
|
| 197 | + $this->xtns->beginsequence(); |
|
| 198 | + $accessMethod = $this->xtns->oid(); |
|
| 199 | + $res[$accessMethod][] = [ |
|
| 200 | + # 'accessMethod' => $accessMethod, |
|
| 201 | + 'accessLocation' => $this->xtns->generalName(), |
|
| 202 | + ]; |
|
| 203 | + $this->xtns->end(); |
|
| 204 | + } |
|
| 205 | + $this->xtns->end(); |
|
| 206 | + |
|
| 207 | + return $res; |
|
| 208 | + } |
|
| 209 | + |
|
| 210 | + protected function certificatePolicies($der) { |
|
| 211 | + $this->xtns->init($der); |
|
| 212 | + |
|
| 213 | + $res = []; |
|
| 214 | + $this->xtns->beginsequence(); |
|
| 215 | + while ($this->xtns->in()) { |
|
| 216 | + $this->xtns->beginsequence(); |
|
| 217 | + $PolicyInformation['policyIdentifier'] = $this->xtns->oid(); |
|
| 218 | + if ($this->xtns->in()) { |
|
| 219 | + $this->xtns->beginsequence(); |
|
| 220 | + while ($this->xtns->in()) { |
|
| 221 | + $this->xtns->beginsequence(); |
|
| 222 | + $policyQualifier = []; |
|
| 223 | + $policyQualifierId = $this->xtns->oid(); |
|
| 224 | + $policyQualifier['policyQualifierId'] = $policyQualifierId; |
|
| 225 | + if ($policyQualifierId == 'cps') { |
|
| 226 | + $policyQualifier['cPSuri'] = $this->xtns->next(22); |
|
| 227 | + } |
|
| 228 | + elseif ($policyQualifierId == 'unotice') { |
|
| 229 | + $this->xtns->beginsequence(); |
|
| 230 | + if ($this->xtns->peek() == 16) { |
|
| 231 | + $this->xtns->beginsequence(); |
|
| 232 | + $policyQualifier['UserNotice']['noticeRef']['organisation'] = $this->xtns->next(); |
|
| 233 | + $this->xtns->beginsequence(); |
|
| 234 | + while ($this->xtns->in()) { |
|
| 235 | + $policyQualifier['UserNotice']['noticeRef']['noticeNumbers'][] = $this->xtns->next(2); |
|
| 236 | + } |
|
| 237 | + $this->xtns->end(); |
|
| 238 | + $this->xtns->end(); |
|
| 239 | + } |
|
| 240 | + if ($this->xtns->in()) { |
|
| 241 | + $policyQualifier['UserNotice']['explicitText'] = $this->xtns->next(); |
|
| 242 | + } |
|
| 243 | + $this->xtns->end(); |
|
| 244 | + } |
|
| 245 | + |
|
| 246 | + $PolicyInformation['qualifier'][] = $policyQualifier; |
|
| 247 | + $this->xtns->end(); |
|
| 248 | + } |
|
| 249 | + $this->xtns->end(); |
|
| 250 | + } |
|
| 251 | + $this->xtns->end(); |
|
| 252 | + $res[] = $PolicyInformation; |
|
| 253 | + } |
|
| 254 | + $this->xtns->end(); |
|
| 255 | + |
|
| 256 | + return $res; |
|
| 257 | + } |
|
| 258 | + |
|
| 259 | + protected function cRLDistributionPoints($der) { |
|
| 260 | + $this->xtns->init($der); |
|
| 261 | + $this->xtns->beginsequence(); |
|
| 262 | + while ($this->xtns->in()) { |
|
| 263 | + $res = []; |
|
| 264 | + $this->xtns->beginsequence(); |
|
| 265 | + if ($this->xtns->peek(0)) { |
|
| 266 | + if ($this->xtns->peek() == 0) { |
|
| 267 | + $res['distributionPoint']['fullname'][] = $this->xtns->generalnames(0); |
|
| 268 | + } |
|
| 269 | + if ($this->xtns->peek() == 1) { |
|
| 270 | + $res['distributionPoint']['nameRelativeToCRLIssuer'][] = $this->xtns->name(1); |
|
| 271 | + } |
|
| 272 | + } |
|
| 273 | + if ($this->xtns->peek() == 1) { |
|
| 274 | + $res['reasons'] = $this->xtns->next(1); |
|
| 275 | + } |
|
| 276 | + if ($this->xtns->peek() == 2) { |
|
| 277 | + $res['cRLIssuer'] = $this->xtns->next(2); |
|
| 278 | + } |
|
| 279 | + $this->xtns->end(); |
|
| 280 | + $crldps[] = $res; |
|
| 281 | + } |
|
| 282 | + $this->xtns->end(); |
|
| 283 | + |
|
| 284 | + return $crldps; |
|
| 285 | + } |
|
| 286 | + |
|
| 287 | + protected function authorityKeyIdentifier($der) { |
|
| 288 | + $this->xtns->init($der); |
|
| 289 | + $this->xtns->beginsequence(); |
|
| 290 | + if ($this->xtns->peek() == 0) { |
|
| 291 | + $res['keyIdentifier'] = chunk_split(bin2hex($this->xtns->next()), 2, ':'); |
|
| 292 | + } |
|
| 293 | + if ($this->xtns->in() && $this->xtns->peek() == 1) { |
|
| 294 | + $res['authorityCertIssuer'] = $this->xtns->GeneralNames(); |
|
| 295 | + } |
|
| 296 | + if ($this->xtns->in() && $this->xtns->peek() == 2) { |
|
| 297 | + $res['authorityCertSerialNumber'] = $this->xtns->next(); |
|
| 298 | + } |
|
| 299 | + $this->xtns->end(); |
|
| 300 | + |
|
| 301 | + return $res; |
|
| 302 | + } |
|
| 303 | + |
|
| 304 | + protected function subjectKeyIdentifier($der) { |
|
| 305 | + $this->xtns->init($der); |
|
| 306 | + $res['keyIdentifier'] = chunk_split(bin2hex($this->xtns->next(4)), 2, ':'); |
|
| 307 | + |
|
| 308 | + return $res; |
|
| 309 | + } |
|
| 310 | + |
|
| 311 | + protected function basicConstraints($der) { |
|
| 312 | + $res['cA'] = false; |
|
| 313 | + $this->xtns->init($der); |
|
| 314 | + $this->xtns->beginsequence(); |
|
| 315 | + if ($this->xtns->in()) { |
|
| 316 | + $res['cA'] = $this->xtns->next(1); |
|
| 317 | + } |
|
| 318 | + # pathLenConstraint optional even if cA is true ??? |
|
| 319 | + if ($res['cA'] && $this->xtns->in()) { |
|
| 320 | + $res['pathLenConstraint'] = $this->xtns->next(2); |
|
| 321 | + } |
|
| 322 | + $this->xtns->end(); |
|
| 323 | + |
|
| 324 | + return $res; |
|
| 325 | + } |
|
| 326 | + |
|
| 327 | + protected function extKeyUsage($der) { |
|
| 328 | + $this->xtns->init($der); |
|
| 329 | + $this->xtns->beginsequence(); |
|
| 330 | + while ($this->xtns->in()) { |
|
| 331 | + $res[$this->xtns->oid()] = 1; |
|
| 332 | + } |
|
| 333 | + $this->xtns->end(); |
|
| 334 | + |
|
| 335 | + return $res; |
|
| 336 | + } |
|
| 337 | + |
|
| 338 | + protected function subjectAltName($der) { |
|
| 339 | + $this->xtns->init($der); |
|
| 340 | + $this->xtns->beginsequence(); |
|
| 341 | + while ($this->xtns->in()) { |
|
| 342 | + $res['subjectAltName'][] = $this->xtns->generalName(); |
|
| 343 | + } |
|
| 344 | + $this->xtns->end(); |
|
| 345 | + |
|
| 346 | + return $res; |
|
| 347 | + } |
|
| 348 | + |
|
| 349 | + protected function privateKeyUsagePeriod($der) { |
|
| 350 | + $this->xtns->init($der); |
|
| 351 | + $this->xtns->beginsequence(); |
|
| 352 | + if ($this->xtns->in() && $this->xtns->peek() == 0) { |
|
| 353 | + $res['notBefore'] = $this->xtns->time(-24); |
|
| 354 | + } |
|
| 355 | + if ($this->xtns->in() && $this->xtns->peek() == 1) { |
|
| 356 | + $res['notAfter'] = $this->xtns->time(-24); |
|
| 357 | + } |
|
| 358 | + $this->xtns->end(); |
|
| 359 | + |
|
| 360 | + return $res; |
|
| 361 | + } |
|
| 362 | + |
|
| 363 | + protected function ocspNoCheck($der) { |
|
| 364 | + $this->xtns->init($der); |
|
| 365 | + |
|
| 366 | + return $this->xtns->next(); |
|
| 367 | + } |
|
| 368 | + |
|
| 369 | + # RFC 2313 p. 15 ... |
|
| 370 | + |
|
| 371 | + public function RSASignatureValue($der) { |
|
| 372 | + $this->xtns->init($der); |
|
| 373 | + $res['digestAlgorithm']['algorithm'] = $this->xtns->oid(); |
|
| 374 | + $res['digestAlgorithm']['parameters'] = $this->next(); |
|
| 375 | + |
|
| 376 | + return $res; |
|
| 377 | + } |
|
| 378 | 378 | } |
@@ -224,8 +224,7 @@ |
||
| 224 | 224 | $policyQualifier['policyQualifierId'] = $policyQualifierId; |
| 225 | 225 | if ($policyQualifierId == 'cps') { |
| 226 | 226 | $policyQualifier['cPSuri'] = $this->xtns->next(22); |
| 227 | - } |
|
| 228 | - elseif ($policyQualifierId == 'unotice') { |
|
| 227 | + } elseif ($policyQualifierId == 'unotice') { |
|
| 229 | 228 | $this->xtns->beginsequence(); |
| 230 | 229 | if ($this->xtns->peek() == 16) { |
| 231 | 230 | $this->xtns->beginsequence(); |
@@ -6,207 +6,207 @@ |
||
| 6 | 6 | * OCSP is able to encode OCSPRequests and decode OCSPResponses - just enough for NemID use. |
| 7 | 7 | */ |
| 8 | 8 | class OCSP extends X509 { |
| 9 | - public function request($certids = []) { |
|
| 10 | - $certids_der = ''; |
|
| 11 | - foreach ($certids as $certid) { |
|
| 12 | - $certids_der .= $this->sequence( |
|
| 13 | - $this->sequence($this->s2oid($certid['hash_alg'])) . |
|
| 14 | - $this->octetstring($certid['issuerNameHash']) . |
|
| 15 | - $this->octetstring($certid['issuerKeyHash']) . |
|
| 16 | - $certid['serialNumber_der'] |
|
| 17 | - ); |
|
| 18 | - } |
|
| 19 | - |
|
| 20 | - return $this->sequence($this->sequence($this->sequence($this->sequence($certids_der)))); |
|
| 21 | - } |
|
| 22 | - |
|
| 23 | - private function sequence($pdu) { |
|
| 24 | - return "\x30" . self::len($pdu) . $pdu; |
|
| 25 | - } |
|
| 26 | - |
|
| 27 | - protected function octetstring($s) { |
|
| 28 | - return "\x04" . $this->len($s) . $s; |
|
| 29 | - } |
|
| 30 | - |
|
| 31 | - /** serialNumber is now in DER encoding - no need to convert from bc to DER |
|
| 32 | - * so this is not used any more. |
|
| 33 | - * |
|
| 34 | - * @param mixed $d |
|
| 35 | - */ |
|
| 36 | - private function d2i($d) { |
|
| 37 | - $der = ''; |
|
| 38 | - while ($d) { |
|
| 39 | - $der .= chr(bcmod($d, 256)); |
|
| 40 | - $d = bcdiv($d, 256, 0); |
|
| 41 | - } |
|
| 42 | - |
|
| 43 | - return "\x02" . $this->len($der) . strrev($der); |
|
| 44 | - } |
|
| 45 | - |
|
| 46 | - private function len($i) { |
|
| 47 | - $i = strlen($i); |
|
| 48 | - if ($i <= 127) { |
|
| 49 | - $res = pack('C', $i); |
|
| 50 | - } |
|
| 51 | - elseif ($i <= 255) { |
|
| 52 | - $res = pack('CC', 0x81, $i); |
|
| 53 | - } |
|
| 54 | - elseif ($i <= 65535) { |
|
| 55 | - $res = pack('Cn', 0x82, $i); |
|
| 56 | - } |
|
| 57 | - else { |
|
| 58 | - $res = pack('CN', 0x84, $i); |
|
| 59 | - } |
|
| 60 | - |
|
| 61 | - return $res; |
|
| 62 | - } |
|
| 63 | - |
|
| 64 | - protected function s2oid($s) { |
|
| 65 | - $e = explode('.', $s); |
|
| 66 | - $der = chr(40 * $e[0] + $e[1]); |
|
| 67 | - |
|
| 68 | - foreach (array_slice($e, 2) as $c) { |
|
| 69 | - $mask = 0; |
|
| 70 | - $derrev = ''; |
|
| 71 | - while ($c) { |
|
| 72 | - $derrev .= chr(bcmod($c, 128) + $mask); |
|
| 73 | - $c = bcdiv($c, 128, 0); |
|
| 74 | - $mask = 128; |
|
| 75 | - } |
|
| 76 | - $der .= strrev($derrev); |
|
| 77 | - } |
|
| 78 | - |
|
| 79 | - return "\x06" . $this->len($der) . $der; |
|
| 80 | - } |
|
| 81 | - |
|
| 82 | - public function certOcspID($certid = [], $hash_alg = 'sha256') { |
|
| 83 | - $hash_algs = ['sha1' => "1.3.14.3.2.26", 'sha256' => "2.16.840.1.101.3.4.2.1"]; |
|
| 84 | - |
|
| 85 | - return [ |
|
| 86 | - 'hash_alg' => $hash_algs[$hash_alg], |
|
| 87 | - 'issuerNameHash' => openssl_digest($certid['issuerName'], $hash_alg, true), |
|
| 88 | - 'issuerKeyHash' => openssl_digest($certid['issuerKey'], $hash_alg, true), |
|
| 89 | - 'serialNumber_der' => $certid['serialNumber_der'], |
|
| 90 | - ]; |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - public function response($der) { |
|
| 94 | - $this->init($der); |
|
| 95 | - $this->beginsequence(); |
|
| 96 | - $ocspresponse['responseStatus'] = $this->responseStatus(); |
|
| 97 | - if ($ocspresponse['responseStatus'] == 'successful') { |
|
| 98 | - $ocspresponse['responseBytes'] = $this->responseBytes(); |
|
| 99 | - } |
|
| 100 | - $this->end(); |
|
| 101 | - |
|
| 102 | - return $ocspresponse; |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - protected function responseStatus() { |
|
| 106 | - $responsestatus = [ |
|
| 107 | - 'successful', |
|
| 108 | - 'malformedRequest', |
|
| 109 | - 'internalError', |
|
| 110 | - 'tryLater', |
|
| 111 | - 'NOT USED', |
|
| 112 | - 'sigRequired', |
|
| 113 | - 'unauthorized', |
|
| 114 | - ]; |
|
| 115 | - |
|
| 116 | - return $responsestatus[$this->next(10)]; |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - protected function responseBytes() { |
|
| 120 | - $this->next(0); |
|
| 121 | - $this->beginsequence(); |
|
| 122 | - $res['responseType'] = $this->oid(); |
|
| 123 | - if ($res['responseType'] == 'ocspBasic') { |
|
| 124 | - $res['BasicOCSPResponse'] = $this->ocspBasic($this->next(4)); |
|
| 125 | - } |
|
| 126 | - $this->end(); |
|
| 127 | - |
|
| 128 | - return $res; |
|
| 129 | - } |
|
| 130 | - |
|
| 131 | - protected function ocspBasic($der) { |
|
| 132 | - $this->xtns->init($der); |
|
| 133 | - $this->xtns->beginsequence(); |
|
| 134 | - $res['tbsResponseData_der'] = $this->xtns->der(); |
|
| 135 | - $res['tbsResponseData'] = $this->tbsResponseData(); |
|
| 136 | - $res['signatureAlgorithm'] = $this->xtns->signatureAlgorithm(); |
|
| 137 | - $res['signature'] = $this->xtns->next(3); |
|
| 138 | - |
|
| 139 | - if ($this->xtns->peek() === 0) { |
|
| 140 | - $this->xtns->next(0); |
|
| 141 | - if ($this->xtns->peek() === 16) { |
|
| 142 | - $this->xtns->beginsequence(); |
|
| 143 | - $x = new X509(); |
|
| 144 | - while ($this->xtns->in()) { |
|
| 145 | - $res['certs'][] = $x->certificate($this->xtns->der(null, true)); # get and continue past ... |
|
| 146 | - } |
|
| 147 | - $this->xtns->end(); |
|
| 148 | - } |
|
| 149 | - } |
|
| 150 | - $this->xtns->end(); |
|
| 151 | - |
|
| 152 | - return $res; |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - protected function tbsResponseData() { |
|
| 156 | - $res['version'] = 0; |
|
| 157 | - $this->xtns->beginsequence(); |
|
| 158 | - if ($this->xtns->peek() == 0) { |
|
| 159 | - $this->xtns->next(0); |
|
| 160 | - $res['version'] = $this->xtns->next(2); |
|
| 161 | - } |
|
| 162 | - $choice = $this->xtns->peek(); |
|
| 163 | - $this->xtns->next(); |
|
| 164 | - if ($choice == 1) { |
|
| 165 | - $res['responderID']['byName'] = $this->xtns->name(); |
|
| 166 | - } |
|
| 167 | - elseif ($choice == 2) { |
|
| 168 | - $res['responderID']['byKey'] = $this->xtns->keyident(); |
|
| 169 | - } |
|
| 170 | - $res['producedAt'] = $this->xtns->time(); |
|
| 171 | - $res['responses'] = $this->singleResponses(); |
|
| 172 | - $this->xtns->end(); |
|
| 173 | - |
|
| 174 | - return $res; |
|
| 175 | - } |
|
| 176 | - |
|
| 177 | - protected function singleResponses() { |
|
| 178 | - $this->xtns->beginsequence(); |
|
| 179 | - while ($this->xtns->in()) { |
|
| 180 | - $this->xtns->beginsequence(); |
|
| 181 | - $srres['certID'] = $this->certID(); |
|
| 182 | - $certstatuses = ['good', 'revoked', 'unknown']; |
|
| 183 | - $srres['certStatus'] = $certstatuses[$this->xtns->peek()]; |
|
| 184 | - $this->xtns->next(); |
|
| 185 | - $srres['thisUpdate'] = $this->xtns->time(); |
|
| 186 | - if ($this->xtns->in() && $this->xtns->peek() == 0) { |
|
| 187 | - $this->xtns->next(0); |
|
| 188 | - $srres['nextupdate'] = $this->xtns->time(); |
|
| 189 | - } |
|
| 190 | - if ($this->xtns->in() && $this->xtns->peek() == 1) { |
|
| 191 | - $this->xtns->next(1); |
|
| 192 | - $srres['singleextensions'] = $this->xtns->next; |
|
| 193 | - } |
|
| 194 | - $res[] = $srres; |
|
| 195 | - $this->xtns->end(); |
|
| 196 | - } |
|
| 197 | - $this->xtns->end(); |
|
| 198 | - |
|
| 199 | - return $res; |
|
| 200 | - } |
|
| 201 | - |
|
| 202 | - public function certID() { |
|
| 203 | - $this->xtns->beginsequence(); |
|
| 204 | - $res['hashAlgorithm'] = $this->xtns->signatureAlgorithm(); |
|
| 205 | - $res['issuerNameHash'] = $this->xtns->next(4); |
|
| 206 | - $res['issuerKeyHash'] = $this->xtns->next(4); |
|
| 207 | - $res['serialNumber'] = $this->xtns->next(2); |
|
| 208 | - $this->xtns->end(); |
|
| 209 | - |
|
| 210 | - return $res; |
|
| 211 | - } |
|
| 9 | + public function request($certids = []) { |
|
| 10 | + $certids_der = ''; |
|
| 11 | + foreach ($certids as $certid) { |
|
| 12 | + $certids_der .= $this->sequence( |
|
| 13 | + $this->sequence($this->s2oid($certid['hash_alg'])) . |
|
| 14 | + $this->octetstring($certid['issuerNameHash']) . |
|
| 15 | + $this->octetstring($certid['issuerKeyHash']) . |
|
| 16 | + $certid['serialNumber_der'] |
|
| 17 | + ); |
|
| 18 | + } |
|
| 19 | + |
|
| 20 | + return $this->sequence($this->sequence($this->sequence($this->sequence($certids_der)))); |
|
| 21 | + } |
|
| 22 | + |
|
| 23 | + private function sequence($pdu) { |
|
| 24 | + return "\x30" . self::len($pdu) . $pdu; |
|
| 25 | + } |
|
| 26 | + |
|
| 27 | + protected function octetstring($s) { |
|
| 28 | + return "\x04" . $this->len($s) . $s; |
|
| 29 | + } |
|
| 30 | + |
|
| 31 | + /** serialNumber is now in DER encoding - no need to convert from bc to DER |
|
| 32 | + * so this is not used any more. |
|
| 33 | + * |
|
| 34 | + * @param mixed $d |
|
| 35 | + */ |
|
| 36 | + private function d2i($d) { |
|
| 37 | + $der = ''; |
|
| 38 | + while ($d) { |
|
| 39 | + $der .= chr(bcmod($d, 256)); |
|
| 40 | + $d = bcdiv($d, 256, 0); |
|
| 41 | + } |
|
| 42 | + |
|
| 43 | + return "\x02" . $this->len($der) . strrev($der); |
|
| 44 | + } |
|
| 45 | + |
|
| 46 | + private function len($i) { |
|
| 47 | + $i = strlen($i); |
|
| 48 | + if ($i <= 127) { |
|
| 49 | + $res = pack('C', $i); |
|
| 50 | + } |
|
| 51 | + elseif ($i <= 255) { |
|
| 52 | + $res = pack('CC', 0x81, $i); |
|
| 53 | + } |
|
| 54 | + elseif ($i <= 65535) { |
|
| 55 | + $res = pack('Cn', 0x82, $i); |
|
| 56 | + } |
|
| 57 | + else { |
|
| 58 | + $res = pack('CN', 0x84, $i); |
|
| 59 | + } |
|
| 60 | + |
|
| 61 | + return $res; |
|
| 62 | + } |
|
| 63 | + |
|
| 64 | + protected function s2oid($s) { |
|
| 65 | + $e = explode('.', $s); |
|
| 66 | + $der = chr(40 * $e[0] + $e[1]); |
|
| 67 | + |
|
| 68 | + foreach (array_slice($e, 2) as $c) { |
|
| 69 | + $mask = 0; |
|
| 70 | + $derrev = ''; |
|
| 71 | + while ($c) { |
|
| 72 | + $derrev .= chr(bcmod($c, 128) + $mask); |
|
| 73 | + $c = bcdiv($c, 128, 0); |
|
| 74 | + $mask = 128; |
|
| 75 | + } |
|
| 76 | + $der .= strrev($derrev); |
|
| 77 | + } |
|
| 78 | + |
|
| 79 | + return "\x06" . $this->len($der) . $der; |
|
| 80 | + } |
|
| 81 | + |
|
| 82 | + public function certOcspID($certid = [], $hash_alg = 'sha256') { |
|
| 83 | + $hash_algs = ['sha1' => "1.3.14.3.2.26", 'sha256' => "2.16.840.1.101.3.4.2.1"]; |
|
| 84 | + |
|
| 85 | + return [ |
|
| 86 | + 'hash_alg' => $hash_algs[$hash_alg], |
|
| 87 | + 'issuerNameHash' => openssl_digest($certid['issuerName'], $hash_alg, true), |
|
| 88 | + 'issuerKeyHash' => openssl_digest($certid['issuerKey'], $hash_alg, true), |
|
| 89 | + 'serialNumber_der' => $certid['serialNumber_der'], |
|
| 90 | + ]; |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + public function response($der) { |
|
| 94 | + $this->init($der); |
|
| 95 | + $this->beginsequence(); |
|
| 96 | + $ocspresponse['responseStatus'] = $this->responseStatus(); |
|
| 97 | + if ($ocspresponse['responseStatus'] == 'successful') { |
|
| 98 | + $ocspresponse['responseBytes'] = $this->responseBytes(); |
|
| 99 | + } |
|
| 100 | + $this->end(); |
|
| 101 | + |
|
| 102 | + return $ocspresponse; |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + protected function responseStatus() { |
|
| 106 | + $responsestatus = [ |
|
| 107 | + 'successful', |
|
| 108 | + 'malformedRequest', |
|
| 109 | + 'internalError', |
|
| 110 | + 'tryLater', |
|
| 111 | + 'NOT USED', |
|
| 112 | + 'sigRequired', |
|
| 113 | + 'unauthorized', |
|
| 114 | + ]; |
|
| 115 | + |
|
| 116 | + return $responsestatus[$this->next(10)]; |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + protected function responseBytes() { |
|
| 120 | + $this->next(0); |
|
| 121 | + $this->beginsequence(); |
|
| 122 | + $res['responseType'] = $this->oid(); |
|
| 123 | + if ($res['responseType'] == 'ocspBasic') { |
|
| 124 | + $res['BasicOCSPResponse'] = $this->ocspBasic($this->next(4)); |
|
| 125 | + } |
|
| 126 | + $this->end(); |
|
| 127 | + |
|
| 128 | + return $res; |
|
| 129 | + } |
|
| 130 | + |
|
| 131 | + protected function ocspBasic($der) { |
|
| 132 | + $this->xtns->init($der); |
|
| 133 | + $this->xtns->beginsequence(); |
|
| 134 | + $res['tbsResponseData_der'] = $this->xtns->der(); |
|
| 135 | + $res['tbsResponseData'] = $this->tbsResponseData(); |
|
| 136 | + $res['signatureAlgorithm'] = $this->xtns->signatureAlgorithm(); |
|
| 137 | + $res['signature'] = $this->xtns->next(3); |
|
| 138 | + |
|
| 139 | + if ($this->xtns->peek() === 0) { |
|
| 140 | + $this->xtns->next(0); |
|
| 141 | + if ($this->xtns->peek() === 16) { |
|
| 142 | + $this->xtns->beginsequence(); |
|
| 143 | + $x = new X509(); |
|
| 144 | + while ($this->xtns->in()) { |
|
| 145 | + $res['certs'][] = $x->certificate($this->xtns->der(null, true)); # get and continue past ... |
|
| 146 | + } |
|
| 147 | + $this->xtns->end(); |
|
| 148 | + } |
|
| 149 | + } |
|
| 150 | + $this->xtns->end(); |
|
| 151 | + |
|
| 152 | + return $res; |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + protected function tbsResponseData() { |
|
| 156 | + $res['version'] = 0; |
|
| 157 | + $this->xtns->beginsequence(); |
|
| 158 | + if ($this->xtns->peek() == 0) { |
|
| 159 | + $this->xtns->next(0); |
|
| 160 | + $res['version'] = $this->xtns->next(2); |
|
| 161 | + } |
|
| 162 | + $choice = $this->xtns->peek(); |
|
| 163 | + $this->xtns->next(); |
|
| 164 | + if ($choice == 1) { |
|
| 165 | + $res['responderID']['byName'] = $this->xtns->name(); |
|
| 166 | + } |
|
| 167 | + elseif ($choice == 2) { |
|
| 168 | + $res['responderID']['byKey'] = $this->xtns->keyident(); |
|
| 169 | + } |
|
| 170 | + $res['producedAt'] = $this->xtns->time(); |
|
| 171 | + $res['responses'] = $this->singleResponses(); |
|
| 172 | + $this->xtns->end(); |
|
| 173 | + |
|
| 174 | + return $res; |
|
| 175 | + } |
|
| 176 | + |
|
| 177 | + protected function singleResponses() { |
|
| 178 | + $this->xtns->beginsequence(); |
|
| 179 | + while ($this->xtns->in()) { |
|
| 180 | + $this->xtns->beginsequence(); |
|
| 181 | + $srres['certID'] = $this->certID(); |
|
| 182 | + $certstatuses = ['good', 'revoked', 'unknown']; |
|
| 183 | + $srres['certStatus'] = $certstatuses[$this->xtns->peek()]; |
|
| 184 | + $this->xtns->next(); |
|
| 185 | + $srres['thisUpdate'] = $this->xtns->time(); |
|
| 186 | + if ($this->xtns->in() && $this->xtns->peek() == 0) { |
|
| 187 | + $this->xtns->next(0); |
|
| 188 | + $srres['nextupdate'] = $this->xtns->time(); |
|
| 189 | + } |
|
| 190 | + if ($this->xtns->in() && $this->xtns->peek() == 1) { |
|
| 191 | + $this->xtns->next(1); |
|
| 192 | + $srres['singleextensions'] = $this->xtns->next; |
|
| 193 | + } |
|
| 194 | + $res[] = $srres; |
|
| 195 | + $this->xtns->end(); |
|
| 196 | + } |
|
| 197 | + $this->xtns->end(); |
|
| 198 | + |
|
| 199 | + return $res; |
|
| 200 | + } |
|
| 201 | + |
|
| 202 | + public function certID() { |
|
| 203 | + $this->xtns->beginsequence(); |
|
| 204 | + $res['hashAlgorithm'] = $this->xtns->signatureAlgorithm(); |
|
| 205 | + $res['issuerNameHash'] = $this->xtns->next(4); |
|
| 206 | + $res['issuerKeyHash'] = $this->xtns->next(4); |
|
| 207 | + $res['serialNumber'] = $this->xtns->next(2); |
|
| 208 | + $this->xtns->end(); |
|
| 209 | + |
|
| 210 | + return $res; |
|
| 211 | + } |
|
| 212 | 212 | } |
@@ -47,14 +47,11 @@ discard block |
||
| 47 | 47 | $i = strlen($i); |
| 48 | 48 | if ($i <= 127) { |
| 49 | 49 | $res = pack('C', $i); |
| 50 | - } |
|
| 51 | - elseif ($i <= 255) { |
|
| 50 | + } elseif ($i <= 255) { |
|
| 52 | 51 | $res = pack('CC', 0x81, $i); |
| 53 | - } |
|
| 54 | - elseif ($i <= 65535) { |
|
| 52 | + } elseif ($i <= 65535) { |
|
| 55 | 53 | $res = pack('Cn', 0x82, $i); |
| 56 | - } |
|
| 57 | - else { |
|
| 54 | + } else { |
|
| 58 | 55 | $res = pack('CN', 0x84, $i); |
| 59 | 56 | } |
| 60 | 57 | |
@@ -163,8 +160,7 @@ discard block |
||
| 163 | 160 | $this->xtns->next(); |
| 164 | 161 | if ($choice == 1) { |
| 165 | 162 | $res['responderID']['byName'] = $this->xtns->name(); |
| 166 | - } |
|
| 167 | - elseif ($choice == 2) { |
|
| 163 | + } elseif ($choice == 2) { |
|
| 168 | 164 | $res['responderID']['byKey'] = $this->xtns->keyident(); |
| 169 | 165 | } |
| 170 | 166 | $res['producedAt'] = $this->xtns->time(); |
