/** * createCertList() Create a list of all valid certificates for the given subscriber * * The function will log the number of certificates found as well, but only the * total number and the number of different users. * * @param String $admin eppn of admin-person (owner of the cerfificate * used in the transaction). * @return Array the list of users and the number of (valid) certificates each user has */ static function createCertList($admin) { $ca = CAHandler::getCA($admin); /* Get all certificates for the organization from where admin originates. */ $list = $ca->getCertListForEPPN("%", $admin->getSubscriber()->getOrgName()); $res = array(); $found_certs = 0; $found_users = 0; if (isset($list) && is_array($list) && count($list) > 0) { foreach ($list as $value) { /* cert is for instance not set when using the * Comodo CA, from Comodo we get things * returned slightly different. */ if (isset($value['cert'])) { $cert = openssl_x509_parse(openssl_x509_read($value['cert']), false); $eppn_array = explode(" ", $value['cert_owner']); $eppn = $eppn_array[count($eppn_array) - 1]; } else { $cert = array(); /* Comodo has the full DN as the cert_owner */ $cert['name'] = $value['cert_owner']; $cert_name = $cert['name']; $eppn = Robot::getEPPN($cert_name); } if (isset($res[$eppn])) { if ($res[$eppn]['fullDN'] != $cert['name']) { $msg = "Several certificates with identical names ({$eppn}) but different DN"; $msg .= " " . $res[$eppn]['fullDN'] . "vs. " . $cert['name'] . "."; Logger::log_event(LOG_ALERT, $msg); continue; } $res[$eppn]['count'] = $res[$eppn]['count'] + 1; } else { $res[$eppn] = array('eppn' => $eppn, 'fullDN' => $cert['name'], 'count' => '1'); $found_users = $found_users + 1; } $found_certs = $found_certs + 1; } } Logger::log_event(LOG_NOTICE, "Created a list of {$found_certs} valid certificates for {$found_users} " . "different user(s) in subscriber " . $admin->getSubscriber()->getOrgName()); return $res; }