function checkCert($cert = null)
 {
     $pKeyP = getCert($cert);
     if (!$pKeyP) {
         exit("Can't obtain Cert.");
     }
     $pKey = openssl_pkey_get_public($pKeyP);
     if (!$pKey) {
         exit(__('"Cert. not validated"', 'eshop') . $pKeyP);
     }
     $_SS2 = "";
     foreach ($_GET as $key => $value) {
         if ($key != 'wp__ss2' && $key != 'eshopaction' && $key != 'page_id') {
             $_SS2 .= "{$value}|";
         }
     }
     $ok = openssl_verify($_SS2, base64_decode($_GET['wp__ss2']), $pKey);
     if ($ok !== 1) {
         exit(__('SS2 not verified', 'eshop'));
     }
     return $ok === 1;
 }
Beispiel #2
0
function queryOrder($nren, $order)
{
    echo "Looking for {$order} issued to nren {$nren}\n";
    $nren = NREN_Handler::getByID($nren);
    if (!$nren) {
        echo "\n\tError when retrieving NREN {$nren}, please use correct NREN-ID\n\n";
        listNRENs();
        return;
    }
    $person = new Person();
    $person->setNREN($nren);
    $person->isAuth(true);
    $ca = CAHandler::getCA($person);
    $status = $ca->pollCertStatus($order, true);
    $errors = explode("\n", $status, 2);
    if (!is_numeric($errors[0])) {
        echo "Malformed response from CA, all bets are off :/\n";
        return;
    }
    echo "Response from CA backend: " . $errors[0] . ":\n";
    switch ($errors[0]) {
        case 0:
            echo "Certificate is currently being processed by Comodo\n";
            break;
        case 1:
            echo "Certificate available, no errors detected\n";
            getCert($ca, $order, $person);
            break;
        case -1:
            echo "Request via vulnerable channel (non-https)\n";
            break;
        case -2:
            echo "Unrecognized argument sent to CA backend.\n";
            echo $status . "\n";
            break;
        case "-3":
        case "-4":
            /* invalid password? */
            echo "You are not allowed to log in and view this certificate\n";
            $caa = "CA Account problems -";
            if (strpos($errors[1], "loginPassword") !== FALSE) {
                echo "{$caa} invalid password\n";
            }
            /* invalid username? */
            if (strpos($errors[1], "loginName") !== FALSE) {
                echo "{$caa} invalid username\n";
            }
            if (strpos($errors[1], "ap") !== FALSE) {
                echo "{$caa} invalid AP-Name\n";
            }
            if (strpos($errors[1], "orderNumber") !== FALSE) {
                echo "Invalid orderNumber, make sure that the certificate you are looking for" . " are accessible via this NREN-account!\n";
            }
            break;
        case "-13":
            echo "The CSR contained a publickey with invalid keysize, make sure it is long enough!\n";
            break;
        case "-14":
            echo "Unknown error\n";
            break;
        case "-16":
            echo "Permission denied when contacting Comodo backend\n";
            break;
        case "-17":
            echo "Confusa used GET insted of POST when contacting CA backend\n";
            break;
        case "-20":
            echo "CSR rejected by CA\n";
            break;
        case "-21":
            echo "Certificate has been revoked\n";
            break;
        case "-22":
            echo "Awaiting payment, certificate on hold\n";
            break;
        default:
            echo "unknown error (" . $errors[0] . ")\n";
            break;
    }
    /* endswitch */
    print_r($errors[1]);
    echo "\n";
}