/**
* receivePastedCSR() handle a CSR pasted through an input-field
*
* @param String $csr_var_name String containing the CSR
* @param Boolena $testBlacklist true if the CSR should be matched to the
* openssl-vulnkey
*
* @return CSR_PKCS10|null
* @throws ConfusaGenException if fthe CSR is malformed, blacklisted or
* otherwise invalid.
*/
public static function receivePastedCSR($csr_var_name, $testBlacklist = false)
{
if (!isset($_POST) || !array_key_exists($csr_var_name, $_POST)) {
throw new ConfusaGenException("csr not found in {$_POST}!");
}
$csr_content = Input::sanitizeBase64($_POST[$csr_var_name]);
if ($testBlacklist) {
CSRUpload::testBlacklist($csr_content);
}
return new CSR_PKCS10($csr_content);
}
public function pre_process($person)
{
parent::pre_process($person);
$authvar = "";
$csr = null;
if (isset($_POST['signCSR'])) {
$this->signCSR(Input::sanitizeCertKey($_POST['signCSR']));
return;
}
/* Testing for uploaded files */
if (isset($_FILES['user_csr']['name'])) {
try {
$csr = CSRUpload::receiveUploadedCSR('user_csr', true);
} catch (FileException $fileEx) {
$msg = $this->translateTag('l10n_err_csrproc', 'processcsr');
Framework::error_output($msg . $fileEx->getMessage());
$this->csr = null;
return;
}
} else {
if (isset($_POST['user_csr'])) {
try {
$csr = CSRUPload::receivePastedCSR('user_csr');
} catch (ConfusaGenException $cge) {
$msg = $this->translateTag('l10n_err_no_csr', 'processcsr');
Framework::error_output($msg . $cg - e > getMessage());
$this->csr = null;
return;
}
} else {
/* No CSR present, neither paste nor file, kindly bump user */
Framework::error_output($this->translateTag('l10n_err_no_csr', 'processcsr'));
return;
}
}
if (!$csr->isValid()) {
$msg = $this->translateTag('l10n_err_csrinvalid1', 'processcsr');
$msg .= Config::get_config('min_key_length');
$msg .= $this->translateTag('l10n_err_csrinvalid2', 'processcsr');
Framework::error_output($msg);
$this->csr = null;
return;
}
if (Config::get_config('ca_mode') == CA_COMODO || match_dn($csr->getSubject(), $this->ca->getFullDN())) {
$csr->setUploadedDate(date("Y-m-d H:i:s"));
$csr->setUploadedFromIP($_SERVER['REMOTE_ADDR']);
$csr->storeDB($this->person);
$this->csr = $csr;
}
}
function testBlacklistCompromisedKey()
{
$list = $this->getCompromisedList(2);
if ($list) {
foreach ($list as $file) {
$csr = $this->getCSRFromFile($file);
try {
CSRUpload::testBlacklist($csr);
$this->fail("Compromised RSA-key should fail CSRUpload::testBlacklist() -> {$file}");
} catch (Exception $e) {
$this->pass();
}
}
} else {
$this->fail("Missing library of compromised keys, please download and unpack as instructed in " . __FILE__);
}
}
