nextcloud/lib/private/Security/Certificate.php

<?php

declare(strict_types=1);
/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */
namespace OC\Security;

use OCP\ICertificate;

class Certificate implements ICertificate {
	protected string $name;

	protected ?string $commonName;

	protected ?string $organization;


	protected \DateTime $issueDate;

	protected \DateTime $expireDate;

	protected ?string $issuerName;

	protected ?string $issuerOrganization;

	/**
	 * @param string $data base64 encoded certificate
	 * @throws \Exception If the certificate could not get parsed
	 */
	public function __construct(string $data, string $name) {
		$this->name = $name;
		$gmt = new \DateTimeZone('GMT');

		// If string starts with "file://" ignore the certificate
		$query = 'file://';
		if (strtolower(substr($data, 0, strlen($query))) === $query) {
			throw new \Exception('Certificate could not get parsed.');
		}

		$info = openssl_x509_parse($data);
		if (!is_array($info)) {
			// There is a non-standardized certificate format only used by OpenSSL. Replace all
			// separators and try again.
			$data = str_replace(
				['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'],
				['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'],
				$data,
			);
			$info = openssl_x509_parse($data);
		}
		if (!is_array($info)) {
			throw new \Exception('Certificate could not get parsed.');
		}

		$this->commonName = $info['subject']['CN'] ?? null;
		$this->organization = $info['subject']['O'] ?? null;
		$this->issueDate = new \DateTime('@' . $info['validFrom_time_t'], $gmt);
		$this->expireDate = new \DateTime('@' . $info['validTo_time_t'], $gmt);
		$this->issuerName = $info['issuer']['CN'] ?? null;
		$this->issuerOrganization = $info['issuer']['O'] ?? null;
	}

	public function getName(): string {
		return $this->name;
	}

	public function getCommonName(): ?string {
		return $this->commonName;
	}

	public function getOrganization(): ?string {
		return $this->organization;
	}

	public function getIssueDate(): \DateTime {
		return $this->issueDate;
	}

	public function getExpireDate(): \DateTime {
		return $this->expireDate;
	}

	public function isExpired(): bool {
		$now = new \DateTime();
		return $this->issueDate > $now or $now > $this->expireDate;
	}

	public function getIssuerName(): ?string {
		return $this->issuerName;
	}

	public function getIssuerOrganization(): ?string {
		return $this->issuerOrganization;
	}
}
Add certificate class 2014-08-15 13:54:03 -04:00			`<?php`
Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00
			`declare(strict_types=1);`
Add certificate class 2014-08-15 13:54:03 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
Add certificate class 2014-08-15 13:54:03 -04:00			`*/`
Rename namespace 2014-08-18 10:30:23 -04:00			`namespace OC\Security;`
Add certificate class 2014-08-15 13:54:03 -04:00
			`use OCP\ICertificate;`

			`class Certificate implements ICertificate {`
Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 07:50:56 -04:00			`protected string $name;`
Add certificate class 2014-08-15 13:54:03 -04:00
Updates the typed properties. Based on: https://github.com/nextcloud/server/pull/39013#discussion_r1242340826 Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 14:18:36 -04:00			`protected ?string $commonName;`
Add certificate class 2014-08-15 13:54:03 -04:00
Updates the typed properties. Based on: https://github.com/nextcloud/server/pull/39013#discussion_r1242340826 Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 14:18:36 -04:00			`protected ?string $organization;`
Add certificate class 2014-08-15 13:54:03 -04:00

Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 07:50:56 -04:00			`protected \DateTime $issueDate;`
Add certificate class 2014-08-15 13:54:03 -04:00
Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 07:50:56 -04:00			`protected \DateTime $expireDate;`
Add certificate class 2014-08-15 13:54:03 -04:00
Updates the typed properties. Based on: https://github.com/nextcloud/server/pull/39013#discussion_r1242340826 Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 14:18:36 -04:00			`protected ?string $issuerName;`
Add certificate class 2014-08-15 13:54:03 -04:00
Updates the typed properties. Based on: https://github.com/nextcloud/server/pull/39013#discussion_r1242340826 Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 14:18:36 -04:00			`protected ?string $issuerOrganization;`
Add certificate class 2014-08-15 13:54:03 -04:00
Cleanup certificate code 2014-08-18 07:57:38 -04:00			`/**`
			`* @param string $data base64 encoded certificate`
Add unit tests and fix rootcerts creation bug 2014-08-27 10:28:51 -04:00			`* @throws \Exception If the certificate could not get parsed`
Cleanup certificate code 2014-08-18 07:57:38 -04:00			`*/`
Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function __construct(string $data, string $name) {`
Add certificate class 2014-08-15 13:54:03 -04:00			`$this->name = $name;`
Verify if returned object is an array The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61 2015-04-15 07:33:37 -04:00			`$gmt = new \DateTimeZone('GMT');`
[master] Ignore certificate file if it starts with file:// 2016-04-21 12:55:33 -04:00
			`// If string starts with "file://" ignore the certificate`
			`$query = 'file://';`
			`if (strtolower(substr($data, 0, strlen($query))) === $query) {`
			`throw new \Exception('Certificate could not get parsed.');`
			`}`

Verify if returned object is an array The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61 2015-04-15 07:33:37 -04:00			`$info = openssl_x509_parse($data);`
fix: gracefully parse non-standard trusted certificates Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud> 2024-09-24 04:33:07 -04:00			`if (!is_array($info)) {`
			`// There is a non-standardized certificate format only used by OpenSSL. Replace all`
			`// separators and try again.`
			`$data = str_replace(`
			`['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'],`
			`['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'],`
			`$data,`
			`);`
			`$info = openssl_x509_parse($data);`
			`}`
Verify if returned object is an array The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61 2015-04-15 07:33:37 -04:00			`if (!is_array($info)) {`
Add unit tests and fix rootcerts creation bug 2014-08-27 10:28:51 -04:00			`throw new \Exception('Certificate could not get parsed.');`
			`}`
Verify if returned object is an array The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61 2015-04-15 07:33:37 -04:00
Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 07:50:56 -04:00			`$this->commonName = $info['subject']['CN'] ?? null;`
			`$this->organization = $info['subject']['O'] ?? null;`
Verify if returned object is an array The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61 2015-04-15 07:33:37 -04:00			`$this->issueDate = new \DateTime('@' . $info['validFrom_time_t'], $gmt);`
			`$this->expireDate = new \DateTime('@' . $info['validTo_time_t'], $gmt);`
Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 07:50:56 -04:00			`$this->issuerName = $info['issuer']['CN'] ?? null;`
			`$this->issuerOrganization = $info['issuer']['O'] ?? null;`
Add certificate class 2014-08-15 13:54:03 -04:00			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function getName(): string {`
Add certificate class 2014-08-15 13:54:03 -04:00			`return $this->name;`
			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function getCommonName(): ?string {`
Add certificate class 2014-08-15 13:54:03 -04:00			`return $this->commonName;`
			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function getOrganization(): ?string {`
Add certificate class 2014-08-15 13:54:03 -04:00			`return $this->organization;`
			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function getIssueDate(): \DateTime {`
Add certificate class 2014-08-15 13:54:03 -04:00			`return $this->issueDate;`
			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function getExpireDate(): \DateTime {`
Add certificate class 2014-08-15 13:54:03 -04:00			`return $this->expireDate;`
			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function isExpired(): bool {`
Add certificate class 2014-08-15 13:54:03 -04:00			`$now = new \DateTime();`
Cleanup certificate code 2014-08-18 07:57:38 -04:00			`return $this->issueDate > $now or $now > $this->expireDate;`
Add certificate class 2014-08-15 13:54:03 -04:00			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function getIssuerName(): ?string {`
Add certificate class 2014-08-15 13:54:03 -04:00			`return $this->issuerName;`
			`}`

Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00			`public function getIssuerOrganization(): ?string {`
Add certificate class 2014-08-15 13:54:03 -04:00			`return $this->issuerOrganization;`
			`}`
			`}`