protected function _loadCertificateChain() { if (isset($this->_trustedRootCertificateAuthoritiesFile)) { Janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($this->_trustedRootCertificateAuthoritiesFile); } try { $this->_certificateChain = Janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($this->_certificate); } catch (Exception $e) { $this->_response->Errors[] = $e->getMessage(); return false; } $certificates = $this->_certificateChain->getCertificates(); /** * @var Janus_OpenSsl_Certificate $certificate */ foreach ($certificates as $certificate) { $certificateSubject = $certificate->getSubject(); $this->_response->CertificateChain[] = array('Subject' => array('DN' => $certificate->getSubjectDn(), 'CN' => isset($certificateSubject['CN']) ? $certificateSubject['CN'] : $certificateSubject['O']), 'SubjectAlternative' => array('DNS' => $certificate->getSubjectAltNames()), 'Issuer' => array('Dn' => $certificate->getIssuerDn()), 'NotBefore' => array('UnixTime' => $certificate->getValidFromUnixTime()), 'NotAfter' => array('UnixTime' => $certificate->getValidUntilUnixTime()), 'RootCa' => $certificate->getTrustedRootCertificateAuthority(), 'SelfSigned' => $certificate->isSelfSigned()); } return true; }
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array(); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig(); $srConfig = sspmod_janus_DiContainer::getInstance()->getConfig(); $rootCertificatesFile = $srConfig->getString('ca_bundle_file'); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { try { $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entityId = $entityController->getEntity()->getEntityid(); $entityType = $entityController->getEntity()->getType(); try { try { $certificate = $entityController->getCertificate(); // @workaround // Since getCertificate() returns false when certificate does not exist following check is required to skip validation if (empty($certificate)) { throw new Exception('No certificate found'); } } catch (Exception $e) { if ($entityType === 'saml20-sp') { $cronLogger->with($entityId)->notice("SP does not have a certificate"); } else { if ($entityType === 'saml20-idp') { $cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?"); } } continue; } $validator = new Janus_OpenSsl_Certificate_Validator($certificate); $validator->setIgnoreSelfSigned(true); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } Janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile); $chain = Janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate); $validator = new Janus_OpenSsl_Certificate_Chain_Validator($chain); $validator->setIgnoreSelfSigned(true); $validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } } catch (Exception $e) { $cronLogger->with($entityId)->error($e->getMessage()); } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }