/**
* Set up this testcase
*
*/
public function setUp()
{
if (!extension_loaded('openssl')) {
throw new PrerequisitesNotMetError(PREREQUISITE_LIBRARYMISSING, $cause = NULL, array('openssl'));
}
$this->fixture = X509Certificate::fromString(trim('
-----BEGIN CERTIFICATE-----
MIICtDCCAh2gAwIBAwIBADANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCREUx
GjAYBgNVBAgUEUJhZGVuLVf8cnR0ZW1iZXJnMRIwEAYDVQQHEwlLYXJsc3J1aGUx
EDAOBgNVBAoTB1hQIFRlYW0xEDAOBgNVBAsTB1hQIFRlYW0xFDASBgNVBAMTC1Rp
bW0gRnJpZWJlMSYwJAYJKoZIhvcNAQkBFhdmcmllYmVAeHAtZnJhbWV3b3JrLm5l
dDAeFw0wMzAyMDkxNTE2NDlaFw0wNDAyMDkxNTE2NDlaMIGfMQswCQYDVQQGEwJE
RTEaMBgGA1UECBQRQmFkZW4tV/xydHRlbWJlcmcxEjAQBgNVBAcTCUthcmxzcnVo
ZTEQMA4GA1UEChMHWFAgVGVhbTEQMA4GA1UECxMHWFAgVGVhbTEUMBIGA1UEAxML
VGltbSBGcmllYmUxJjAkBgkqhkiG9w0BCQEWF2ZyaWViZUB4cC1mcmFtZXdvcmsu
bmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHg6T7V45CAtsDsJ4Lw/RT
31SHKqvkofbCzaREJ0yg8fy2KtmurU55JK5VOmcdFPIAgtEo3qaCXUtUfRVS398O
ezwkcOmJRhbkkzUGiuGbRobZRLjOXrYCQYZ7mQJQc80wmki0SLy0OmU1SrJiWIBy
UoOjW4EQZqVCuEHgeRiAdwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBADeL3Pvtua3w
nwdr2RRfQ3f1b36gRN3loSiEspDhCjbdR6xf//r+/XewPtP86HSx+hEKuwkNh+oY
UnoNtLoDwBRZkrJIvOyuzBwaMIlLvYGfGYr3DAweMqn3AQ2j5GaA56cMrVa+Tb/y
WPDyiSAwwKIzRnlGBb+eJGQX2ZDyvPg7
-----END CERTIFICATE-----
'));
}
/**
* Sign this CSR
*
* @param security.KeyPair keypair
* @param int days default 365
* @param var cacert default NULL
* @return security.cert.X509Certificate
*/
public function sign($keypair, $days = 365, $cacert = NULL)
{
if (FALSE === ($x509 = openssl_csr_sign($this->_res, $cacert, $keypair->_res, $days))) {
trigger_error(implode("\n @", OpenSslUtil::getErrors()), E_USER_NOTICE);
throw new CertificateException('Cannot sign certificate');
}
if (FALSE === openssl_x509_export($x509, $str)) {
trigger_error(implode("\n @", OpenSslUtil::getErrors()), E_USER_NOTICE);
throw new CertificateException('Cannot export certificate');
}
return X509Certificate::fromString($str);
}
protected function fetchLatestCertData($until = false)
{
$ctx = $this->getStreamContext();
set_error_handler(function ($code, $message, $filename, $lineno, $context) {
throw new \ErrorException(sprintf('%s: %s in %s line %d', $code, $message, $filename, $lineno), $code, 0, $filename, $lineno);
});
try {
$fp = stream_socket_client('ssl://mxr.mozilla.org:443', $errNo, $errStr, 30, STREAM_CLIENT_CONNECT, $ctx);
} catch (\ErrorException $e) {
restore_error_handler();
throw new \RuntimeException($errStr, $errNo, $e);
}
restore_error_handler();
$headers = "GET /mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 HTTP/1.1\r\n";
$headers .= "Host: mxr.mozilla.org\r\n";
$headers .= "Connection: close\r\n";
$headers .= "Accept: */*\r\n";
fwrite($fp, "{$headers}\r\n");
// send request
$response = '';
while (!feof($fp)) {
$response .= fgets($fp);
if ($until && strpos($response, $until) !== false) {
break;
}
}
fclose($fp);
$params = stream_context_get_params($ctx);
$cert = new X509Certificate($params['options']['ssl']['peer_certificate']);
$pin = $cert->getPin();
if ($pin !== static::MOZILLA_MXR_SSL_PIN) {
if (time() < static::MOZILLA_MXR_SSL_EXP) {
throw new \RuntimeException(sprintf('ERROR: Certificate pin for mxr.mozilla.org did NOT match expected value! ' . 'Expected: %s Received: %s', static::MOZILLA_MXR_SSL_PIN, $pin));
}
trigger_error('WARNING: mxr.mozilla.org certificate pin may be out of date. ' . 'If you continue to see this message after updating Sslurp, please ' . 'file an issue at https://github.com/EvanDotPro/Sslurp/issues');
}
return $this->decodeChunkedString($this->getResponseBody($response));
}
