Skip to content

Commit 6d6b046

Browse files
vitormattosvitormattos
authored
Merge pull request #5487 from LibreSign/fix/prevent-error-with-big-common-name
chore: handle error and cover with tests
2 parents 65f6da7 + 1673591 commit 6d6b046

File tree

2 files changed

+35
-1
lines changed

2 files changed

+35
-1
lines changed

lib/Handler/CertificateEngine/OpenSslHandler.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,11 @@ public function generateCertificate(): string {
8888
'private_key_type' => OPENSSL_KEYTYPE_RSA,
8989
]);
9090

91-
$csr = openssl_csr_new($this->getCsrNames(), $privateKey);
91+
$csr = @openssl_csr_new($this->getCsrNames(), $privateKey);
92+
if ($csr === false) {
93+
$message = openssl_error_string();
94+
throw new LibresignException('OpenSSL error: ' . $message);
95+
}
9296

9397
$x509 = openssl_csr_sign($csr, $rootCertificate, $rootPrivateKey, $this->expirity(), [
9498
'config' => $this->getFilenameToLeafCert(),

tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88

99
use OCA\Libresign\Exception\EmptyCertificateException;
1010
use OCA\Libresign\Exception\InvalidPasswordException;
11+
use OCA\Libresign\Exception\LibresignException;
1112
use OCA\Libresign\Handler\CertificateEngine\OpenSslHandler;
1213
use OCA\Libresign\Service\CertificatePolicyService;
1314
use OCP\Files\AppData\IAppDataFactory;
@@ -72,6 +73,35 @@ public function testInvalidPassword(): void {
7273
$signerInstance->readCertificate($certificateContent, 'invalid password');
7374
}
7475

76+
public function testMaxLengthOfDistinguishedNamesWithSuccess(): void {
77+
// Create root cert
78+
$rootInstance = $this->getInstance();
79+
$rootInstance->generateRootCert('', []);
80+
81+
// Create signer cert
82+
$signerInstance = $this->getInstance();
83+
$longName = str_repeat('a', 64);
84+
$signerInstance->setCommonName($longName);
85+
$signerInstance->setPassword('123456');
86+
$certificateContent = $signerInstance->generateCertificate();
87+
$parsed = $signerInstance->readCertificate($certificateContent, '123456');
88+
$this->assertEquals($longName, $parsed['subject']['CN']);
89+
}
90+
91+
public function testBiggerThanMaxLengthOfDistinguishedNamesWithError(): void {
92+
// Create root cert
93+
$rootInstance = $this->getInstance();
94+
$rootInstance->generateRootCert('', []);
95+
96+
// Create signer cert
97+
$signerInstance = $this->getInstance();
98+
$longName = str_repeat('a', 65);
99+
$signerInstance->setCommonName($longName);
100+
$signerInstance->setPassword('123456');
101+
$this->expectException(LibresignException::class);
102+
$signerInstance->generateCertificate();
103+
}
104+
75105
/**
76106
* @dataProvider dataReadCertificate
77107
*/

0 commit comments

Comments
 (0)