Skip to content

Commit

Permalink
Merge pull request #25214 from nextcloud/dependabot/composer/phpsecli…
Browse files Browse the repository at this point in the history
…b/phpseclib-2.0.30

Bump phpseclib/phpseclib from 2.0.25 to 2.0.30
  • Loading branch information
MorrisJobke authored Jan 21, 2021
2 parents d4d33e3 + fcbbcac commit 10214fb
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 4 deletions.
1 change: 1 addition & 0 deletions apps/files_external/lib/Lib/Storage/SFTP.php
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ public function getConnection() {

$login = false;
foreach ($this->auth as $auth) {
/** @psalm-suppress TooManyArguments */
$login = $this->client->login($this->user, $auth);
if ($login === true) {
break;
Expand Down
22 changes: 20 additions & 2 deletions lib/private/Installer.php
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,18 @@ public function updateAppstoreApp($appId, $allowUnstable = false) {
return false;
}

/**
* Split the certificate file in individual certs
*
* @param string $cert
* @return string[]
*/
private function splitCerts(string $cert): array {
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);

return $matches[0];
}

/**
* Downloads an app and puts it into the app directory
*
Expand All @@ -231,12 +243,18 @@ public function downloadApp($appId, $allowUnstable = false) {
if ($app['id'] === $appId) {
// Load the certificate
$certificate = new X509();
$certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
$rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt');
$rootCrts = $this->splitCerts($rootCrt);
foreach ($rootCrts as $rootCrt) {
$certificate->loadCA($rootCrt);
}
$loadedCertificate = $certificate->loadX509($app['certificate']);

// Verify if the certificate has been revoked
$crl = new X509();
$crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt'));
foreach ($rootCrts as $rootCrt) {
$crl->loadCA($rootCrt);
}
$crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl'));
if ($crl->validateSignature() !== true) {
throw new \Exception('Could not validate CRL signature');
Expand Down
18 changes: 17 additions & 1 deletion lib/private/IntegrityCheck/Checker.php
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,18 @@ public function writeCoreSignature(X509 $certificate,
}
}

/**
* Split the certificate file in individual certs
*
* @param string $cert
* @return string[]
*/
private function splitCerts(string $cert): array {
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);

return $matches[0];
}

/**
* Verifies the signature for the specified path.
*
Expand Down Expand Up @@ -333,7 +345,11 @@ private function verify(string $signaturePath, string $basePath, string $certifi
// Check if certificate is signed by Nextcloud Root Authority
$x509 = new \phpseclib\File\X509();
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);

$rootCerts = $this->splitCerts($rootCertificatePublicKey);
foreach ($rootCerts as $rootCert) {
$x509->loadCA($rootCert);
}
$x509->loadX509($certificate);
if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');
Expand Down

0 comments on commit 10214fb

Please sign in to comment.