X509: improve base64-encoded detection rules

2024-09-28 15:19:02 +00:00 · 2015-10-20 10:20:58 -05:00 · 2015-10-20 10:20:58 -05:00 · 46bb95a265
commit 46bb95a265
parent dd34eb1c30
3 changed files with 58 additions and 8 deletions
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@ -3104,7 +3104,7 @@ class Crypt_RSA
         * subject=/O=organization/OU=org unit/CN=common name
         * issuer=/O=organization/CN=common name
         */
-        $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
+        $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1);
        // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
        $temp = preg_replace('#-+[^-]+-+#', '', $temp);
        // remove new lines
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@ -110,6 +110,12 @@ define('FILE_X509_FORMAT_DER', 1);
 * Only works on CSRs. Not currently supported.
 */
 define('FILE_X509_FORMAT_SPKAC', 2);
+/**
+ * Auto-detect the format
+ *
+ * Used only by the load*() functions
+ */
+define('FILE_X509_FORMAT_AUTO_DETECT', 3);
 /**#@-*/

 /**
@ -1423,10 +1429,11 @@ class File_X509
     * Returns an associative array describing the X.509 cert or a false if the cert failed to load
     *
     * @param string $cert
+     * @param int $mode
     * @access public
     * @return mixed
     */
-    function loadX509($cert)
+    function loadX509($cert, $mode = FILE_X509_FORMAT_AUTO_DETECT)
    {
        if (is_array($cert) && isset($cert['tbsCertificate'])) {
            unset($this->currentCert);
@ -1447,7 +1454,13 @@ class File_X509

        $asn1 = new File_ASN1();

-        $cert = $this->_extractBER($cert);
+        if ($mode != FILE_X509_FORMAT_DER) {
+            $newcert = $this->_extractBER($cert);
+            if ($mode == FILE_X509_FORMAT_PEM && $cert == $newcert) {
+                return false;
+            }
+            $cert = $newcert;
+        }

        if ($cert === false) {
            $this->currentCert = false;
@ -2846,7 +2859,7 @@ class File_X509
     * @access public
     * @return mixed
     */
-    function loadCSR($csr)
+    function loadCSR($csr, $mode = FILE_X509_FORMAT_AUTO_DETECT)
    {
        if (is_array($csr) && isset($csr['certificationRequestInfo'])) {
            unset($this->currentCert);
@ -2865,7 +2878,13 @@ class File_X509

        $asn1 = new File_ASN1();

-        $csr = $this->_extractBER($csr);
+        if ($mode != FILE_X509_FORMAT_DER) {
+            $newcsr = $this->_extractBER($csr);
+            if ($mode == FILE_X509_FORMAT_PEM && $csr == $newcsr) {
+                return false;
+            }
+            $csr = $newcsr;
+        }
        $orig = $csr;

        if ($csr === false) {
@ -3091,7 +3110,7 @@ class File_X509
     * @access public
     * @return mixed
     */
-    function loadCRL($crl)
+    function loadCRL($crl, $mode = FILE_X509_FORMAT_AUTO_DETECT)
    {
        if (is_array($crl) && isset($crl['tbsCertList'])) {
            $this->currentCert = $crl;
@ -3101,7 +3120,13 @@ class File_X509

        $asn1 = new File_ASN1();

-        $crl = $this->_extractBER($crl);
+        if ($mode != FILE_X509_FORMAT_DER) {
+            $newcrl = $this->_extractBER($crl);
+            if ($mode == FILE_X509_FORMAT_PEM && $crl == $newcrl) {
+                return false;
+            }
+            $crl = $newcrl;
+        }
        $orig = $crl;

        if ($crl === false) {
@ -4606,7 +4631,7 @@ class File_X509
         * subject=/O=organization/OU=org unit/CN=common name
         * issuer=/O=organization/CN=common name
         */
-        $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
+        $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1);
        // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
        $temp = preg_replace('#-+[^-]+-+#', '', $temp);
        // remove new lines
--- a/tests/Unit/File/X509/CSRTest.php
+++ b/tests/Unit/File/X509/CSRTest.php
@ -68,4 +68,29 @@ draiRBZruwMPwPIP

        $this->assertInternalType('array', $csr);
    }
+
+    public function testCSRDER()
+    {
+        $csr = 'MIICdzCCAV8CAQEwDDEKMAgGA1UEAwwBeDCCASIwDQYJKoZIhvcNAQEBBQADggEP' .
+               'ADCCAQoCggEBALtcrFDD2AHe3x2bR00wPDsPH6FJLxr5uc1ybb+ldDB5xNVImC8P' .
+               'LU6VXDZ5z68KjSovs1q0OWJWfCjlAuGLzqO35s86LI1CFuTFdkScVHMwh8zUVFoP' .
+               'pG7/9rKaNxCgaHs4evxjxQP2+Ny7tBqPLb/KV0exm6Twocf963jC/Tyn57G5erRf' .
+               'zpFrfK7DozhxY7znumJ4FuSn0TVkD6PPwZFn9VoTjv2ZoJmacGK+0r5yNKG799F5' .
+               'K8EgDrOCfbzCZjX6GJctyn2SNPTeBuXS9piH21FGnJAryv80zG+zUqFdEyoLUGJt' .
+               '4Vy6+tDP9cW68fiwTZS1Oc1VeFdL1G/CrjkCAwEAAaAmMCQGCSqGSIb3DQEJDjEX' .
+               'MBUwEwYKKwYBBAGCqlsBCQQFMAOCAQEwDQYJKoZIhvcNAQELBQADggEBAF4XOd+1' .
+               'jkJOYRInNpHfhzSD/ktDY50gpLPuDvl4f/ZBlKrb1eDYQG5F3bnYzoZWHN4n+6Zs' .
+               'CkljXs5ZPUZ5LuVpASumoG/aHXGz8c8NC3asJ1V73ljEPAfIXwqoIUoaP9jLL+Ee' .
+               'zy/ZCi2NKWVo2D7ocnn79oblAem9ksSeQl4z3Gvhuug6MsMqn96NU/ZY/vjYzAjb' .
+               'MAvJIVRY0rbCxbFa0K+XNJtF7GLyBxyPNFWCvADhvm9C4uPmoypYg7MY6EewJInN' .
+               'xzMH7I4xDLjNu0VBa6lAxTvflp0joQHKlTYX0SDIKPbQivjZMuObPuxDtkVZ0rQl' .
+               'AjmgMowaN5otTXM=';
+        $csr = base64_decode($csr);
+
+        $x509 = new File_X509();
+
+        $csr = $x509->loadCSR($csr);
+
+        $this->assertInternalType('array', $csr);
+    }
 }