Merge pull request #25214 from nextcloud/dependabot/composer/phpseclib/phpseclib-2.0.30

Bump phpseclib/phpseclib from 2.0.25 to 2.0.30
This commit is contained in:
Morris Jobke 2021-01-21 10:25:02 +01:00 committed by GitHub
commit 10214fbee0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 4 deletions

@ -1 +1 @@
Subproject commit 099e537a03d162302c2366f7d53088d5bf623c4c
Subproject commit 3faef8dfa15d0b946759bdb888d5b245de6fb524

View File

@ -141,6 +141,7 @@ class SFTP extends \OC\Files\Storage\Common {
$login = false;
foreach ($this->auth as $auth) {
/** @psalm-suppress TooManyArguments */
$login = $this->client->login($this->user, $auth);
if ($login === true) {
break;

View File

@ -215,6 +215,18 @@ class Installer {
return false;
}
/**
* Split the certificate file in individual certs
*
* @param string $cert
* @return string[]
*/
private function splitCerts(string $cert): array {
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
return $matches[0];
}
/**
* Downloads an app and puts it into the app directory
*
@ -231,12 +243,18 @@ class Installer {
if ($app['id'] === $appId) {
// Load the certificate
$certificate = new X509();
$certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
$rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt');
$rootCrts = $this->splitCerts($rootCrt);
foreach ($rootCrts as $rootCrt) {
$certificate->loadCA($rootCrt);
}
$loadedCertificate = $certificate->loadX509($app['certificate']);
// Verify if the certificate has been revoked
$crl = new X509();
$crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
foreach ($rootCrts as $rootCrt) {
$crl->loadCA($rootCrt);
}
$crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl'));
if ($crl->validateSignature() !== true) {
throw new \Exception('Could not validate CRL signature');

View File

@ -299,6 +299,18 @@ class Checker {
}
}
/**
* Split the certificate file in individual certs
*
* @param string $cert
* @return string[]
*/
private function splitCerts(string $cert): array {
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
return $matches[0];
}
/**
* Verifies the signature for the specified path.
*
@ -333,7 +345,11 @@ class Checker {
// Check if certificate is signed by Nextcloud Root Authority
$x509 = new \phpseclib\File\X509();
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);
$rootCerts = $this->splitCerts($rootCertificatePublicKey);
foreach ($rootCerts as $rootCert) {
$x509->loadCA($rootCert);
}
$x509->loadX509($certificate);
if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');