/**
* createCertList() Create a list of all valid certificates for the given subscriber
*
* The function will log the number of certificates found as well, but only the
* total number and the number of different users.
*
* @param String $admin eppn of admin-person (owner of the cerfificate
* used in the transaction).
* @return Array the list of users and the number of (valid) certificates each user has
*/
static function createCertList($admin)
{
$ca = CAHandler::getCA($admin);
/* Get all certificates for the organization from where admin originates. */
$list = $ca->getCertListForEPPN("%", $admin->getSubscriber()->getOrgName());
$res = array();
$found_certs = 0;
$found_users = 0;
if (isset($list) && is_array($list) && count($list) > 0) {
foreach ($list as $value) {
/* cert is for instance not set when using the
* Comodo CA, from Comodo we get things
* returned slightly different. */
if (isset($value['cert'])) {
$cert = openssl_x509_parse(openssl_x509_read($value['cert']), false);
$eppn_array = explode(" ", $value['cert_owner']);
$eppn = $eppn_array[count($eppn_array) - 1];
} else {
$cert = array();
/* Comodo has the full DN as the cert_owner */
$cert['name'] = $value['cert_owner'];
$cert_name = $cert['name'];
$eppn = Robot::getEPPN($cert_name);
}
if (isset($res[$eppn])) {
if ($res[$eppn]['fullDN'] != $cert['name']) {
$msg = "Several certificates with identical names ({$eppn}) but different DN";
$msg .= " " . $res[$eppn]['fullDN'] . "vs. " . $cert['name'] . ".";
Logger::log_event(LOG_ALERT, $msg);
continue;
}
$res[$eppn]['count'] = $res[$eppn]['count'] + 1;
} else {
$res[$eppn] = array('eppn' => $eppn, 'fullDN' => $cert['name'], 'count' => '1');
$found_users = $found_users + 1;
}
$found_certs = $found_certs + 1;
}
}
Logger::log_event(LOG_NOTICE, "Created a list of {$found_certs} valid certificates for {$found_users} " . "different user(s) in subscriber " . $admin->getSubscriber()->getOrgName());
return $res;
}
