Skip to content

Commit

Permalink
Merge pull request #48307 from nextcloud/fix/gracefully-parse-trusted…
Browse files Browse the repository at this point in the history 
…-certificates
  • Loading branch information
@provokateurin
provokateurin committed Sep 24, 2024
2 parents 7da07bf + 19ad135 commit e247c26
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .reuse/dep5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Files: lib/l10n/*.js lib/l10n/*.json core/l10n/*.js core/l10n/*.json apps/admin_
Copyright: 2016 ownCloud, Inc., 2016-2024 Nextcloud translators
License: AGPL-3.0-only OR AGPL-3.0-or-later

Files: tests/data/block-aligned-plus-one.txt tests/data/block-aligned.txt tests/data/data.tar.gz tests/data/data.zip tests/data/desktopapp.png tests/data/desktopapp.svg tests/data/certificates/badCertificate.crt tests/data/certificates/expiredCertificate.crt tests/data/certificates/goodCertificate.crt tests/data/integritycheck/app/AnotherFile.txt tests/data/integritycheck/app/subfolder/file.txt tests/data/integritycheck/appWithInvalidData/AnotherFile.txt tests/data/integritycheck/appWithInvalidData/UnecessaryFile apps/user_ldap/tests/Integration/data/avatar-invalid.gif apps/user_ldap/tests/Integration/data/avatar-valid.jpg apps/user_ldap/img/copy.png apps/user_ldap/img/copy.svg
Files: tests/data/block-aligned-plus-one.txt tests/data/block-aligned.txt tests/data/data.tar.gz tests/data/data.zip tests/data/desktopapp.png tests/data/desktopapp.svg tests/data/certificates/badCertificate.crt tests/data/certificates/expiredCertificate.crt tests/data/certificates/goodCertificate.crt tests/data/certificates/openSslTrustedCertificate.crt tests/data/integritycheck/app/AnotherFile.txt tests/data/integritycheck/app/subfolder/file.txt tests/data/integritycheck/appWithInvalidData/AnotherFile.txt tests/data/integritycheck/appWithInvalidData/UnecessaryFile apps/user_ldap/tests/Integration/data/avatar-invalid.gif apps/user_ldap/tests/Integration/data/avatar-valid.jpg apps/user_ldap/img/copy.png apps/user_ldap/img/copy.svg
Copyright: 2015 ownCloud, Inc.
License: AGPL-3.0-only

Expand Down
10 changes: 10 additions & 0 deletions lib/private/Security/Certificate.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ public function __construct(string $data, string $name) {
}

$info = openssl_x509_parse($data);
if (!is_array($info)) {
// There is a non-standardized certificate format only used by OpenSSL. Replace all
// separators and try again.
$data = str_replace(
['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'],
['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'],
$data,
);
$info = openssl_x509_parse($data);
}
if (!is_array($info)) {
throw new \Exception('Certificate could not get parsed.');
}
Expand Down
25 changes: 25 additions & 0 deletions tests/data/certificates/openSslTrustedCertificate.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
-----BEGIN TRUSTED CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaDAMMAoGCCsGAQUFBwMB
-----END TRUSTED CERTIFICATE-----
7 changes: 6 additions & 1 deletion tests/lib/Security/CertificateTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,12 @@ public function testBogusData(): void {
$certificate->getIssueDate();
}


public function testOpenSslTrustedCertificateFormat(): void {
$trustedCertificate = file_get_contents(__DIR__ . '/../../data/certificates/openSslTrustedCertificate.crt');
$certificate = new Certificate($trustedCertificate, 'TrustedCertificate');
$this->assertSame('thawte, Inc.', $certificate->getOrganization());
}

public function testCertificateStartingWithFileReference(): void {
$this->expectException(\Exception::class);
$this->expectExceptionMessage('Certificate could not get parsed.');
Expand Down

0 comments on commit e247c26

Please sign in to comment.