PHP Civi\Cxn\Rpc X509Util Examples

Programming Language: PHP

Namespace/Package Name: Civi\Cxn\Rpc

Class/Type: X509Util

Examples at hotexamples.com: 3

PHP Civi\Cxn\Rpc X509Util - 3 examples found. These are the top rated real world PHP examples of Civi\Cxn\Rpc\X509Util extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

loadCert(2)

loadCACert(1)

loadCrlDistCert(1)

Example #1

Show file

File: ApiServer.php Project: riyadennis/my_civicrm

 /**
  * Parse the ciphertext, process it, and return the response.
  *
  * FIXME Catch exceptions and return in a nice format.
  *
  * @param string $blob
  *   POST'ed ciphertext.
  * @return Message
  */
 public function handle($blob)
 {
     try {
         $reqMessage = $this->decode(StdMessage::NAME, $blob);
     } catch (InvalidMessageException $e) {
         $this->log->debug('Received invalid message', array('exception' => $e));
         $resp = new InsecureMessage(array('is_error' => 1, 'error_message' => 'Invalid message coding', array($e->getMessage(), $e->getTraceAsString())));
         return $resp->setCode(400);
     }
     $cxn = $this->cxnStore->getByCxnId($reqMessage->getCxnId());
     $validation = Cxn::getValidationMessages($cxn);
     if (!empty($validation)) {
         $this->log->error('Invalid cxn ({cxnId})', array('cxnId' => $reqMessage->getCxnId(), 'messages' => $validation));
         // $cxn is not valid, so we can't encode it use it for encoding.
         $resp = new InsecureMessage(array('is_error' => 1, 'error_message' => 'Invalid cxn details: ' . implode(', ', array_keys($validation))));
         return $resp->setCode(400);
     }
     try {
         list($entity, $action, $params, $appCert) = $reqMessage->getData();
         if ($this->certValidator) {
             $this->certValidator->validateCert($appCert);
             $appCertObj = X509Util::loadCert($appCert);
             $cn = $appCertObj->getDNProp('CN');
             if (count($cn) != 1 || $cn[0] !== $cxn['appId']) {
                 throw new InvalidMessageException('Invalid message: Submitted certificate does not matched expected appId');
             }
         }
         $respData = call_user_func($this->router, $cxn, $entity, $action, $params);
         $this->log->info('Processed API call ({entity}.{action})', array('entity' => $entity, 'action' => $action));
     } catch (\Exception $e) {
         $this->log->error('Error executing API call', array('request' => $reqMessage->getData(), 'exception' => $e));
         $respData = array('is_error' => 1, 'error_message' => $e->getMessage());
     }
     return new StdMessage($reqMessage->getCxnId(), $cxn['secret'], $respData);
 }

Example #2

Show file

File: DefaultCertificateValidator.php Project: riyadennis/my_civicrm

 /**
  * Determine the CRL URL which corresponds to this CA.
  */
 public function getCrlUrl()
 {
     if ($this->crlUrl === self::AUTOLOAD) {
         $this->crlUrl = NULL;
         // Default if we can't find something else.
         $caCertObj = X509Util::loadCACert($this->getCaCert());
         // There can be multiple DPs, but in practice CiviRootCA only has one.
         $crlDPs = $caCertObj->getExtension('id-ce-cRLDistributionPoints');
         if (is_array($crlDPs)) {
             foreach ($crlDPs as $crlDP) {
                 foreach ($crlDP['distributionPoint']['fullName'] as $fullName) {
                     if (isset($fullName['uniformResourceIdentifier'])) {
                         $this->crlUrl = $fullName['uniformResourceIdentifier'];
                         break 2;
                     }
                 }
             }
         }
     }
     return $this->crlUrl;
 }

Example #3

Show file

File: CATest.php Project: civicrm/civicrm-cxn-rpc

 /**
  * In this case, we have an app whose $appCertPem appears valid, and we have CRL
  * whose $crlDistCertPem is signed, but the $crlDistCertPem has usage rules
  * which do not allow signing CRLs.
  */
 public function testCRL_SignedByNonDist()
 {
     // create CA
     $caKeyPairPems = KeyPair::create();
     $caCertPem = CA::create($caKeyPairPems, '/O=test');
     $this->assertNotEmpty($caCertPem);
     // create would-be CRL dist authority -- but not really authorized for signing CRLs.
     // note createCSR() instead of createCrlDistCSR().
     $crlDistKeyPairPems = KeyPair::create();
     $crlDistCertPem = CA::signCSR($caKeyPairPems, $caCertPem, CA::createAppCSR($crlDistKeyPairPems, '/O=test'));
     $this->assertNotEmpty($crlDistCertPem);
     $certValidator = new DefaultCertificateValidator($caCertPem, NULL, NULL);
     $certValidator->validateCert($crlDistCertPem);
     // create CRL
     $crlDistCertObj = X509Util::loadCert($crlDistCertPem, $crlDistKeyPairPems, $caCertPem);
     $this->assertNotEmpty($crlDistCertObj);
     $crlObj = new \File_X509();
     $crlObj->setSerialNumber(1, 10);
     $crlObj->setEndDate('+2 days');
     $crlPem = $crlObj->saveCRL($crlObj->signCRL($crlDistCertObj, $crlObj));
     $this->assertNotEmpty($crlPem);
     $crlObj->loadCRL($crlPem);
     // create cert
     $appKeyPair = KeyPair::create();
     $appCertPem = CA::signCSR($caKeyPairPems, $caCertPem, CA::createAppCSR($appKeyPair, '/O=Application Provider'), 4321);
     // validate cert - fails due to improper CRL
     try {
         $certValidator = new DefaultCertificateValidator($caCertPem, $crlDistCertPem, $crlPem);
         $certValidator->validateCert($appCertPem);
         $this->fail('Expected InvalidCertException, but no exception was reported.');
     } catch (InvalidCertException $e) {
         $this->assertRegExp('/CRL-signing certificate is not a CRL-signing certificate/', $e->getMessage());
     }
 }