Merge pull request #25214 from nextcloud/dependabot/composer/phpseclib/phpseclib-2.0.30
Bump phpseclib/phpseclib from 2.0.25 to 2.0.30
This commit is contained in:
Morris Jobke
GitHub
commit
10214fbee0
2
3rdparty
2
3rdparty
|
|
@ -1 +1 @@
|
|||
Subproject commit 099e537a03d162302c2366f7d53088d5bf623c4c
|
||||
Subproject commit 3faef8dfa15d0b946759bdb888d5b245de6fb524
|
||||
|
|
@ -141,6 +141,7 @@ class SFTP extends \OC\Files\Storage\Common {
|
|||
|
||||
$login = false;
|
||||
foreach ($this->auth as $auth) {
|
||||
/** @psalm-suppress TooManyArguments */
|
||||
$login = $this->client->login($this->user, $auth);
|
||||
if ($login === true) {
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -215,6 +215,18 @@ class Installer {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Split the certificate file in individual certs
|
||||
*
|
||||
* @param string $cert
|
||||
* @return string[]
|
||||
*/
|
||||
private function splitCerts(string $cert): array {
|
||||
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
|
||||
|
||||
return $matches[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* Downloads an app and puts it into the app directory
|
||||
*
|
||||
|
|
@ -231,12 +243,18 @@ class Installer {
|
|||
if ($app['id'] === $appId) {
|
||||
// Load the certificate
|
||||
$certificate = new X509();
|
||||
$certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
|
||||
$rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt');
|
||||
$rootCrts = $this->splitCerts($rootCrt);
|
||||
foreach ($rootCrts as $rootCrt) {
|
||||
$certificate->loadCA($rootCrt);
|
||||
}
|
||||
$loadedCertificate = $certificate->loadX509($app['certificate']);
|
||||
|
||||
// Verify if the certificate has been revoked
|
||||
$crl = new X509();
|
||||
$crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
|
||||
foreach ($rootCrts as $rootCrt) {
|
||||
$crl->loadCA($rootCrt);
|
||||
}
|
||||
$crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl'));
|
||||
if ($crl->validateSignature() !== true) {
|
||||
throw new \Exception('Could not validate CRL signature');
|
||||
|
|
|
|||
|
|
@ -299,6 +299,18 @@ class Checker {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Split the certificate file in individual certs
|
||||
*
|
||||
* @param string $cert
|
||||
* @return string[]
|
||||
*/
|
||||
private function splitCerts(string $cert): array {
|
||||
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
|
||||
|
||||
return $matches[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies the signature for the specified path.
|
||||
*
|
||||
|
|
@ -333,7 +345,11 @@ class Checker {
|
|||
// Check if certificate is signed by Nextcloud Root Authority
|
||||
$x509 = new \phpseclib\File\X509();
|
||||
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
|
||||
$x509->loadCA($rootCertificatePublicKey);
|
||||
|
||||
$rootCerts = $this->splitCerts($rootCertificatePublicKey);
|
||||
foreach ($rootCerts as $rootCert) {
|
||||
$x509->loadCA($rootCert);
|
||||
}
|
||||
$x509->loadX509($certificate);
|
||||
if (!$x509->validateSignature()) {
|
||||
throw new InvalidSignatureException('Certificate is not valid.');
|
||||
|
|
|
|||
Loading…
Reference in New Issue