From 3637d599424d8ee03c1bb6b10414a11fee58faa8 Mon Sep 17 00:00:00 2001
From: Janos SUTO <sj@acts.hu>
Date: Tue, 26 Dec 2023 06:52:54 +0100
Subject: [PATCH] Added support to timestamp service authentication

Signed-off-by: Janos SUTO <sj@acts.hu>
---
 config.php.in                             |  5 +++++
 webui/system/helper/TrustedTimestamps.php | 18 +++++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/config.php.in b/config.php.in
index 1aa24fbc..9eac26ac 100644
--- a/config.php.in
+++ b/config.php.in
@@ -232,6 +232,11 @@ $config['TSA_START_ID'] = 1;
 $config['TSA_STAMP_REQUEST_UNIT_SIZE'] = 10000;
 $config['TSA_VERIFY_CERTIFICATE'] = true;
 $config['TSA_RELAXED_CHECK'] = false;
+$config['TSA_AUTH_USER'] = '';
+$config['TSA_AUTH_PASSWORD'] = '';
+$config['TSA_AUTH_CERT_FILE'] = '';
+$config['TSA_AUTH_KEY_FILE'] = '';
+$config['TSA_AUTH_KEY_PASSWORD'] = '';
 
 $config['DB_DRIVER'] = 'mysql';
 $config['DB_PREFIX'] = '';
diff --git a/webui/system/helper/TrustedTimestamps.php b/webui/system/helper/TrustedTimestamps.php
index c8e2ec64..67dc1893 100644
--- a/webui/system/helper/TrustedTimestamps.php
+++ b/webui/system/helper/TrustedTimestamps.php
@@ -71,6 +71,10 @@ class TrustedTimestamps
         if (!file_exists($requestfile_path))
             throw new Exception("The Requestfile was not found");
 
+        $header = array('Content-Type: application/timestamp-query');
+        if(TSA_AUTH_USER)
+            $header[] = "Authorization: Basic " . base64_encode(TSA_AUTH_USER . ':' . TSA_AUTH_PASSWORD);
+
         $ch = curl_init();
         curl_setopt($ch, CURLOPT_URL, $tsa_url);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@@ -78,10 +82,22 @@ class TrustedTimestamps
         curl_setopt($ch, CURLOPT_POST, 1);
         curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
         curl_setopt($ch, CURLOPT_POSTFIELDS, file_get_contents($requestfile_path));
-        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/timestamp-query'));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
         curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TSA_VERIFY_CERTIFICATE);
 
+        if(TSA_AUTH_CERT_FILE && TSA_AUTH_KEY_FILE)
+        {
+            if(!file_exists(TSA_AUTH_CERT_FILE))
+                throw new Exception("Client certificate file " . TSA_AUTH_CERT_FILE . " not found");
+            curl_setopt($ch, CURLOPT_SSLCERT, TSA_AUTH_CERT_FILE);
+            if(!file_exists(TSA_AUTH_KEY_FILE))
+                throw new Exception("Client key file " . TSA_AUTH_KEY_FILE . " not found");
+            curl_setopt($ch, CURLOPT_SSLKEY, TSA_AUTH_KEY_FILE);
+            if(TSA_AUTH_KEY_PASSWORD)
+                curl_setopt($ch, CURLOPT_KEYPASSWD, TSA_AUTH_KEY_PASSWORD);
+        }
+
         $binary_response_string = curl_exec($ch);
 
         $error = curl_error($ch);