-
-
Notifications
You must be signed in to change notification settings - Fork 111
Expand file tree
/
Copy pathCertificateChainService.php
More file actions
63 lines (54 loc) · 1.56 KB
/
CertificateChainService.php
File metadata and controls
63 lines (54 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\Libresign\Service\File;
use OCA\Libresign\Db\File;
use OCA\Libresign\Handler\SignEngine\Pkcs12Handler;
use Psr\Log\LoggerInterface;
class CertificateChainService {
public function __construct(
private Pkcs12Handler $pkcs12Handler,
private LoggerInterface $logger,
) {
}
public function getCertificateChain($fileNode, File $libreSignFile, $options): array {
if (!$options->isValidateFile() || !$libreSignFile->getSignedNodeId()) {
return [];
}
try {
$resource = $fileNode->fopen('rb');
if (!is_resource($resource)) {
$this->logger->warning('Failed to load certificate chain: unable to open signed file stream');
return [];
}
$sha256 = $this->getSha256FromResource($resource);
rewind($resource);
if ($sha256 === $libreSignFile->getSignedHash()) {
$this->pkcs12Handler->setIsLibreSignFile();
}
$certData = $this->pkcs12Handler->getCertificateChain($resource);
fclose($resource);
return $certData;
} catch (\Exception $e) {
$this->logger->warning('Failed to load certificate chain: ' . $e->getMessage());
return [];
}
}
private function getSha256FromResource($resource): string {
if (!is_resource($resource)) {
return '';
}
$hashContext = hash_init('sha256');
while (!feof($resource)) {
$buffer = fread($resource, 8192);
if ($buffer === false) {
break;
}
hash_update($hashContext, $buffer);
}
return hash_final($hashContext);
}
}