/** * receivePastedCSR() handle a CSR pasted through an input-field * * @param String $csr_var_name String containing the CSR * @param Boolena $testBlacklist true if the CSR should be matched to the * openssl-vulnkey * * @return CSR_PKCS10|null * @throws ConfusaGenException if fthe CSR is malformed, blacklisted or * otherwise invalid. */ public static function receivePastedCSR($csr_var_name, $testBlacklist = false) { if (!isset($_POST) || !array_key_exists($csr_var_name, $_POST)) { throw new ConfusaGenException("csr not found in {$_POST}!"); } $csr_content = Input::sanitizeBase64($_POST[$csr_var_name]); if ($testBlacklist) { CSRUpload::testBlacklist($csr_content); } return new CSR_PKCS10($csr_content); }
public function pre_process($person) { parent::pre_process($person); $authvar = ""; $csr = null; if (isset($_POST['signCSR'])) { $this->signCSR(Input::sanitizeCertKey($_POST['signCSR'])); return; } /* Testing for uploaded files */ if (isset($_FILES['user_csr']['name'])) { try { $csr = CSRUpload::receiveUploadedCSR('user_csr', true); } catch (FileException $fileEx) { $msg = $this->translateTag('l10n_err_csrproc', 'processcsr'); Framework::error_output($msg . $fileEx->getMessage()); $this->csr = null; return; } } else { if (isset($_POST['user_csr'])) { try { $csr = CSRUPload::receivePastedCSR('user_csr'); } catch (ConfusaGenException $cge) { $msg = $this->translateTag('l10n_err_no_csr', 'processcsr'); Framework::error_output($msg . $cg - e > getMessage()); $this->csr = null; return; } } else { /* No CSR present, neither paste nor file, kindly bump user */ Framework::error_output($this->translateTag('l10n_err_no_csr', 'processcsr')); return; } } if (!$csr->isValid()) { $msg = $this->translateTag('l10n_err_csrinvalid1', 'processcsr'); $msg .= Config::get_config('min_key_length'); $msg .= $this->translateTag('l10n_err_csrinvalid2', 'processcsr'); Framework::error_output($msg); $this->csr = null; return; } if (Config::get_config('ca_mode') == CA_COMODO || match_dn($csr->getSubject(), $this->ca->getFullDN())) { $csr->setUploadedDate(date("Y-m-d H:i:s")); $csr->setUploadedFromIP($_SERVER['REMOTE_ADDR']); $csr->storeDB($this->person); $this->csr = $csr; } }
function testBlacklistCompromisedKey() { $list = $this->getCompromisedList(2); if ($list) { foreach ($list as $file) { $csr = $this->getCSRFromFile($file); try { CSRUpload::testBlacklist($csr); $this->fail("Compromised RSA-key should fail CSRUpload::testBlacklist() -> {$file}"); } catch (Exception $e) { $this->pass(); } } } else { $this->fail("Missing library of compromised keys, please download and unpack as instructed in " . __FILE__); } }