diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2021-01-21 12:25:02 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-21 12:25:02 +0300 |
| commit | 10214fbee03496199e80b0411fcab78cc42362f6 (patch) | |
| tree | de7ab98e64dbaa6d1f26a9f4516b2ad88bc69de1 /lib | |
| parent | d4d33e3095fb5d0797ec7c3bb8c93c2d1c905ade (diff) | |
| parent | fcbbcacab4dc0178c7fdf1a61cfb81f922c60209 (diff) | |
Merge pull request #25214 from nextcloud/dependabot/composer/phpseclib/phpseclib-2.0.30
Bump phpseclib/phpseclib from 2.0.25 to 2.0.30
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Installer.php | 22 | ||||
| -rw-r--r-- | lib/private/IntegrityCheck/Checker.php | 18 |
2 files changed, 37 insertions, 3 deletions
diff --git a/lib/private/Installer.php b/lib/private/Installer.php index 6dfc9a5f0bb..2a0fdab87ff 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -216,6 +216,18 @@ class Installer { } /** + * Split the certificate file in individual certs + * + * @param string $cert + * @return string[] + */ + private function splitCerts(string $cert): array { + preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches); + + return $matches[0]; + } + + /** * Downloads an app and puts it into the app directory * * @param string $appId @@ -231,12 +243,18 @@ class Installer { if ($app['id'] === $appId) { // Load the certificate $certificate = new X509(); - $certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt')); + $rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'); + $rootCrts = $this->splitCerts($rootCrt); + foreach ($rootCrts as $rootCrt) { + $certificate->loadCA($rootCrt); + } $loadedCertificate = $certificate->loadX509($app['certificate']); // Verify if the certificate has been revoked $crl = new X509(); - $crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt')); + foreach ($rootCrts as $rootCrt) { + $crl->loadCA($rootCrt); + } $crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl')); if ($crl->validateSignature() !== true) { throw new \Exception('Could not validate CRL signature'); diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php index fc28d0e7393..122fac8927f 100644 --- a/lib/private/IntegrityCheck/Checker.php +++ b/lib/private/IntegrityCheck/Checker.php @@ -300,6 +300,18 @@ class Checker { } /** + * Split the certificate file in individual certs + * + * @param string $cert + * @return string[] + */ + private function splitCerts(string $cert): array { + preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches); + + return $matches[0]; + } + + /** * Verifies the signature for the specified path. * * @param string $signaturePath @@ -333,7 +345,11 @@ class Checker { // Check if certificate is signed by Nextcloud Root Authority $x509 = new \phpseclib\File\X509(); $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt'); - $x509->loadCA($rootCertificatePublicKey); + + $rootCerts = $this->splitCerts($rootCertificatePublicKey); + foreach ($rootCerts as $rootCert) { + $x509->loadCA($rootCert); + } $x509->loadX509($certificate); if (!$x509->validateSignature()) { throw new InvalidSignatureException('Certificate is not valid.'); |