function checkCert($cert = null) { $pKeyP = getCert($cert); if (!$pKeyP) { exit("Can't obtain Cert."); } $pKey = openssl_pkey_get_public($pKeyP); if (!$pKey) { exit(__('"Cert. not validated"', 'eshop') . $pKeyP); } $_SS2 = ""; foreach ($_GET as $key => $value) { if ($key != 'wp__ss2' && $key != 'eshopaction' && $key != 'page_id') { $_SS2 .= "{$value}|"; } } $ok = openssl_verify($_SS2, base64_decode($_GET['wp__ss2']), $pKey); if ($ok !== 1) { exit(__('SS2 not verified', 'eshop')); } return $ok === 1; }
function queryOrder($nren, $order) { echo "Looking for {$order} issued to nren {$nren}\n"; $nren = NREN_Handler::getByID($nren); if (!$nren) { echo "\n\tError when retrieving NREN {$nren}, please use correct NREN-ID\n\n"; listNRENs(); return; } $person = new Person(); $person->setNREN($nren); $person->isAuth(true); $ca = CAHandler::getCA($person); $status = $ca->pollCertStatus($order, true); $errors = explode("\n", $status, 2); if (!is_numeric($errors[0])) { echo "Malformed response from CA, all bets are off :/\n"; return; } echo "Response from CA backend: " . $errors[0] . ":\n"; switch ($errors[0]) { case 0: echo "Certificate is currently being processed by Comodo\n"; break; case 1: echo "Certificate available, no errors detected\n"; getCert($ca, $order, $person); break; case -1: echo "Request via vulnerable channel (non-https)\n"; break; case -2: echo "Unrecognized argument sent to CA backend.\n"; echo $status . "\n"; break; case "-3": case "-4": /* invalid password? */ echo "You are not allowed to log in and view this certificate\n"; $caa = "CA Account problems -"; if (strpos($errors[1], "loginPassword") !== FALSE) { echo "{$caa} invalid password\n"; } /* invalid username? */ if (strpos($errors[1], "loginName") !== FALSE) { echo "{$caa} invalid username\n"; } if (strpos($errors[1], "ap") !== FALSE) { echo "{$caa} invalid AP-Name\n"; } if (strpos($errors[1], "orderNumber") !== FALSE) { echo "Invalid orderNumber, make sure that the certificate you are looking for" . " are accessible via this NREN-account!\n"; } break; case "-13": echo "The CSR contained a publickey with invalid keysize, make sure it is long enough!\n"; break; case "-14": echo "Unknown error\n"; break; case "-16": echo "Permission denied when contacting Comodo backend\n"; break; case "-17": echo "Confusa used GET insted of POST when contacting CA backend\n"; break; case "-20": echo "CSR rejected by CA\n"; break; case "-21": echo "Certificate has been revoked\n"; break; case "-22": echo "Awaiting payment, certificate on hold\n"; break; default: echo "unknown error (" . $errors[0] . ")\n"; break; } /* endswitch */ print_r($errors[1]); echo "\n"; }