mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-12-24 04:30:12 +01:00
TSA fixes
Signed-off-by: Janos SUTO <sj@acts.hu>
This commit is contained in:
parent
39fd0899b0
commit
4a131f3058
@ -1,11 +1,11 @@
|
||||
<?php
|
||||
|
||||
define(COUNT, 'count');
|
||||
define(HASH_VALUE, 'hash_value');
|
||||
define(RESPONSE_STRING, 'response_string');
|
||||
define(RESPONSE_TIME, 'response_time');
|
||||
define(START_ID, 'start_id');
|
||||
define(STOP_ID, 'stop_id');
|
||||
define('COUNT', 'count');
|
||||
define('HASH_VALUE', 'hash_value');
|
||||
define('RESPONSE_STRING', 'response_string');
|
||||
define('RESPONSE_TIME', 'response_time');
|
||||
define('START_ID', 'start_id');
|
||||
define('STOP_ID', 'stop_id');
|
||||
|
||||
ini_set("session.save_path", "/tmp");
|
||||
|
||||
@ -19,25 +19,25 @@ $lopts = array(
|
||||
'mode:',
|
||||
'verbose'
|
||||
);
|
||||
|
||||
|
||||
if ( $options = getopt( $opts, $lopts ) )
|
||||
{
|
||||
if ( isset($options['webui']) )
|
||||
if ( isset($options['webui']) )
|
||||
{
|
||||
$webuidir = $options['webui'];
|
||||
} else
|
||||
{
|
||||
echo "\nError: must provide path to WebUI directory\n\n";
|
||||
|
||||
|
||||
display_help();
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
if ( isset($options['mode']) && $options['mode'] == 'time') {
|
||||
$mode = $options['mode'];
|
||||
}
|
||||
|
||||
if ( isset($options['h']) )
|
||||
|
||||
if ( isset($options['h']) )
|
||||
{
|
||||
display_help();
|
||||
exit;
|
||||
@ -49,7 +49,7 @@ if ( $options = getopt( $opts, $lopts ) )
|
||||
}
|
||||
} else {
|
||||
display_help();
|
||||
exit;
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once($webuidir . "/config.php");
|
||||
@ -136,12 +136,12 @@ function get_hash_values() {
|
||||
|
||||
if(MODE == 'time') { $stop_id = $start_id + $count - 1; }
|
||||
|
||||
return array(
|
||||
START_ID => $start_id,
|
||||
STOP_ID => $stop_id,
|
||||
COUNT => $count,
|
||||
HASH_VALUE => sha1($s)
|
||||
);
|
||||
return [
|
||||
START_ID => $start_id,
|
||||
STOP_ID => $stop_id,
|
||||
COUNT => $count,
|
||||
HASH_VALUE => sha1($s)
|
||||
];
|
||||
|
||||
}
|
||||
|
||||
|
@ -32,7 +32,7 @@ class TrustedTimestamps
|
||||
{
|
||||
if (strlen($hash) !== 40)
|
||||
throw new Exception("Invalid Hash.");
|
||||
|
||||
|
||||
$outfilepath = self::createTempFile();
|
||||
$cmd = OPENSSL_BINARY . " ts -query -digest ".escapeshellarg($hash)." -cert -out ".escapeshellarg($outfilepath);
|
||||
|
||||
@ -41,7 +41,7 @@ class TrustedTimestamps
|
||||
|
||||
if ($retcode !== 0)
|
||||
throw new Exception("OpenSSL does not seem to be installed: ".implode(", ", $retarray));
|
||||
|
||||
|
||||
if (count($retarray) > 0 && stripos($retarray[0], "openssl:Error") !== false)
|
||||
throw new Exception("There was an error with OpenSSL. Is version >= 0.99 installed?: ".implode(", ", $retarray));
|
||||
|
||||
@ -72,14 +72,14 @@ class TrustedTimestamps
|
||||
$binary_response_string = curl_exec($ch);
|
||||
$status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
curl_close($ch);
|
||||
|
||||
|
||||
if ($status != 200 || !strlen($binary_response_string))
|
||||
throw new Exception("The request failed");
|
||||
|
||||
|
||||
$base64_response_string = base64_encode($binary_response_string);
|
||||
|
||||
|
||||
$response_time = self::getTimestampFromAnswer ($base64_response_string);
|
||||
|
||||
|
||||
return array("response_string" => $base64_response_string,
|
||||
"response_time" => $response_time);
|
||||
}
|
||||
@ -97,13 +97,13 @@ class TrustedTimestamps
|
||||
$responsefile = self::createTempFile($binary_response_string);
|
||||
|
||||
$cmd = OPENSSL_BINARY . " ts -reply -in ".escapeshellarg($responsefile)." -text";
|
||||
|
||||
|
||||
$retarray = array();
|
||||
exec($cmd." 2>&1", $retarray, $retcode);
|
||||
|
||||
|
||||
if ($retcode !== 0)
|
||||
throw new Exception("The reply failed: ".implode(", ", $retarray));
|
||||
|
||||
|
||||
$matches = array();
|
||||
$response_time = 0;
|
||||
|
||||
@ -119,13 +119,13 @@ class TrustedTimestamps
|
||||
if (preg_match("~^Time\sstamp\:\s(.*)~", $retline, $matches))
|
||||
{
|
||||
$response_time = strtotime($matches[1]);
|
||||
break;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$response_time)
|
||||
throw new Exception("The Timestamp was not found");
|
||||
|
||||
|
||||
return $response_time;
|
||||
}
|
||||
|
||||
@ -141,25 +141,25 @@ class TrustedTimestamps
|
||||
{
|
||||
if (strlen($hash) !== 40)
|
||||
throw new Exception("Invalid Hash");
|
||||
|
||||
|
||||
$binary_response_string = base64_decode($base64_response_string);
|
||||
|
||||
|
||||
if (!strlen($binary_response_string))
|
||||
throw new Exception("There was no response-string");
|
||||
|
||||
throw new Exception("There was no response-string");
|
||||
|
||||
if (!intval($response_time))
|
||||
throw new Exception("There is no valid response-time given");
|
||||
|
||||
|
||||
if (!file_exists($tsa_cert_file))
|
||||
throw new Exception("The TSA-Certificate could not be found");
|
||||
|
||||
|
||||
$responsefile = self::createTempFile($binary_response_string);
|
||||
|
||||
$cmd = OPENSSL_BINARY . " ts -verify -digest ".escapeshellarg($hash)." -in ".escapeshellarg($responsefile)." -CAfile ".escapeshellarg($tsa_cert_file);
|
||||
|
||||
|
||||
$retarray = array();
|
||||
exec($cmd." 2>&1", $retarray, $retcode);
|
||||
|
||||
|
||||
/*
|
||||
* just 2 "normal" cases:
|
||||
* 1) Everything okay -> retcode 0 + retarray[0] == "Verification: OK"
|
||||
@ -167,14 +167,23 @@ class TrustedTimestamps
|
||||
*
|
||||
* every other case (Certificate not found / invalid / openssl is not installed / ts command not known)
|
||||
* are being handled the same way -> retcode 1 + any retarray NOT containing "message imprint mismatch"
|
||||
*
|
||||
* For openssl 1.1.x it's 2 lines actually:
|
||||
*
|
||||
* Using configuration from /usr/lib/ssl/openssl.cnf
|
||||
* Verification: OK
|
||||
*
|
||||
*/
|
||||
|
||||
if ($retcode === 0 && strtolower(trim($retarray[0])) == "verification: ok")
|
||||
{
|
||||
if (self::getTimestampFromAnswer ($base64_response_string) != $response_time)
|
||||
throw new Exception("The responsetime of the request was changed");
|
||||
|
||||
return true;
|
||||
|
||||
if ($retcode === 0) {
|
||||
foreach ($retarray as $line) {
|
||||
if(strtolower(trim($line)) == "verification: ok") {
|
||||
if (self::getTimestampFromAnswer ($base64_response_string) != $response_time)
|
||||
throw new Exception("The responsetime of the request was changed");
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($retarray as $retline)
|
||||
@ -198,12 +207,10 @@ class TrustedTimestamps
|
||||
|
||||
if (!file_exists($tempfilename))
|
||||
throw new Exception("Tempfile could not be created");
|
||||
|
||||
|
||||
if (!empty($str) && !file_put_contents($tempfilename, $str))
|
||||
throw new Exception("Could not write to tempfile");
|
||||
|
||||
return $tempfilename;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user