示例#1
0
 public function __construct(Cert $cert)
 {
     $this->cert = $cert;
     if ($parent = $cert->getParent()) {
         $this->parentValidator = new self($parent);
     }
 }
示例#2
0
 /**
  * Verify certificate chain
  *
  * Verifies the chain of certificates based on the first one as root certificate.
  *
  * @access private
  * @param int $now Unix timestamp in milliseconds
  * @return array An array of Cert-objects based on the identity certificates
  */
 private function verifyChain($now)
 {
     if (!is_array($this->certs)) {
         throw new \Exception("certs must be an array of at least one cert");
     }
     $rootIssuer;
     try {
         // the root
         $token = WebToken::parse($this->certs[0]);
         $rootIssuer = $token->getPayload();
         $rootIssuer = $rootIssuer["iss"];
     } catch (Exception $x) {
         // can't extract components
         throw new \Exception("malformed signature");
     }
     // TODO: Check if PrimaryCache entry exists, try verifyChainAgainstKey with cached entry.
     // If it fails, remove the cache entry and retry verifyChainAgainstKey with newly fetched key.
     // TODO: Extract this into verifyChainAgainstKey
     $rootPK = CertBundle::getPublicKey($rootIssuer);
     $certResult = array();
     for ($i = 0; $i < sizeof($this->certs); $i++) {
         $cert = Cert::parse($this->certs[$i], $rootPK);
         if (!$cert->verify($now)) {
             throw new \Exception("certificate " . $i . " is not valid");
         }
         $certResult[] = $cert;
     }
     // TODO: Extract this into verifyChainAgainstKey
     return $certResult;
 }
 private function _setCA(Cert &$cert, $insertMode = FALSE)
 {
     $method = "PUT";
     $url = E3_PROV_URL_TRUSTSTORE . "/certs/" . rawurlencode($cert->getId());
     if ($insertMode) {
         $method = "POST";
         $url = E3_PROV_URL_TRUSTSTORE . "/certs";
     }
     /**
      * Send the XML payload the the Provisioning Backend
      */
     LoggerInterface::log(($insertMode ? "Creating" : "Updating") . " Cert: {$cert->toXML()}\nEndpoint: ({$method}) {$url}", LoggerInterface::INFO);
     $reply = $this->restClient->makeCall($url, $method, $cert->toXML());
     $xml = simplexml_load_string($reply->getPayload());
     if ($reply->getHTTPCode() === "200") {
         if ($insertMode) {
             if ($cert->getId() == NULL) {
                 $cert->setId((string) $xml->id);
             }
         }
         return $cert;
     } else {
         throw new Exception(!empty($xml->error) ? $xml->error->errorText : UNDEFINED_ERROR_TEXT);
     }
 }
示例#4
0
 public function destroy($certId)
 {
     $cert = Cert::find($certId);
     if (!$cert || $cert->owner->id != Auth::user()->id && !Auth::user()->isAdmin()) {
         return Redirect::route('certs-path');
     }
     $sluggedDomain = Str::slug(str_replace('.', '_', $cert->domain));
     $cert->delete();
     File::delete($this->certDir . $sluggedDomain . '.key');
     File::delete($this->certDir . $sluggedDomain . '.pem');
     File::delete($this->certDir . $sluggedDomain . '.crt');
     return Redirect::route('certs-path');
 }
 private function validateFormAndGetCA(&$validationErrors)
 {
     $registry = Zend_Registry::getInstance();
     $translate = $registry->get("Zend_Translate");
     $validationErrors = array();
     $ca = new Cert();
     $validate_alnum_wspace = new Zend_Validate_Alnum(array('allowWhiteSpace' => true));
     // TODO: validate id field?
     $id = $_POST['ca_id'];
     $ca->setId($id);
     $name = $_POST['ca_name'];
     if (!$validate_alnum_wspace->isValid($name)) {
         $validationErrors['ca_name'] = $translate->translate("The CA name must be only alpha-numeric characters");
     }
     $ca->setDisplayName($_POST['ca_name']);
     if (isset($_FILES['ca_file']) && !empty($_FILES['ca_file']['name'])) {
         if (!$_FILES['ca_file']['error']) {
             $contents = file_get_contents($_FILES['ca_file']['tmp_name']);
             if ($contents !== false) {
                 $ca->setContent($contents);
             } else {
                 $validationErrors['ca_file'] = $translate->translate("There was an error getting contents of CA file.");
             }
         } else {
             $validationErrors['ca_file'] = $translate->translate("There was an error uploading file: ") . $_FILES['content']['error'];
         }
     } else {
         if (empty($id)) {
             $validationErrors['ca_file'] = $translate->translate("Please upload a CA file.");
         }
     }
     return $ca;
 }
示例#6
0
 /**
  * Parse serialized identity certificate
  *
  * Parses a serialized, signed identity certificate and check if it's valid by
  * checking the signature against the public key of the issuer.
  *
  * @access public
  * @static
  * @param string $signedObject Signed identity certificate
  * @param AbstractPublicKey $publicKey Public key of the issuer
  * @return Cert Instance of the identity certificate
  */
 public static function parse($signedObject, $publicKey)
 {
     $token = WebToken::parse($signedObject);
     //    try {
     if (!$token->verify($publicKey)) {
         throw new \Exception("cert was not valid signed");
     }
     /*  } catch (\Exception $x) {
         // can't extract components
         throw new \Exception("cert was not valid signed");
       }*/
     $params = $token->getPayload();
     return Cert::deserialize($params);
 }
示例#7
0
 /**
  * Create identity certificate
  *
  * Create an identity certificate that is signed by this identity providers key
  *
  * @access public
  * @static
  * @param string $principal The mail address of the person to identify
  * @param AbstractPublicKey $publicKeyIdentity The public key of the person
  * @param int $now Unix Timestamp in milliseconds or null for now
  * @param string $issuer Issuer domain of the identity provider or null for the configured hostname
  * @return string The serialized signed identity certificate
  */
 public static function createIdentityCert($principal, $publicKeyIdentity, $now = null, $issuer = null)
 {
     if ($now == null) {
         $now = time() * 1000;
     }
     if ($issuer == null) {
         $issuer = Configuration::getInstance()->get('hostname');
     }
     $expires = $now + Configuration::getInstance()->get('identity_validity') * 1000;
     $certAssertion = new Assertion($now, $expires, $issuer, null);
     $certParams = new CertParams($publicKeyIdentity, array("email" => $principal));
     $cert = new Cert($certAssertion, $certParams, null);
     return $cert->sign(Secrets::loadSecretKey());
 }