diff --git a/lib/Handler/Pkcs12Handler.php b/lib/Handler/Pkcs12Handler.php index 672063d3b..eac32f47f 100644 --- a/lib/Handler/Pkcs12Handler.php +++ b/lib/Handler/Pkcs12Handler.php @@ -138,27 +138,35 @@ public function getCertificateChain($resource): array { continue; } - // Probably the best way to do this would be: - // ASN1::asn1map($decoded[0], Maps\TheMapName::MAP); - // But, what's the MAP to use? - // - // With maps also could be possible read all certificate data and - // maybe discart openssl at this pint - try { - $decoded = ASN1::decodeBER($signature); - $certificates[$signerCounter]['signingTime'] = $decoded[0]['content'][1]['content'][0]['content'][4]['content'][0]['content'][3]['content'][1]['content'][1]['content'][0]['content']; - } catch (\Throwable $th) { - if ($fromFallback) { - $certificates[$signerCounter]['signingTime'] = $fromFallback['signingTime']; + if (!isset($fromFallback['signingTime'])) { + // Probably the best way to do this would be: + // ASN1::asn1map($decoded[0], Maps\TheMapName::MAP); + // But, what's the MAP to use? + // + // With maps also could be possible read all certificate data and + // maybe discart openssl at this pint + try { + $decoded = ASN1::decodeBER($signature); + $certificates[$signerCounter]['signingTime'] = $decoded[0]['content'][1]['content'][0]['content'][4]['content'][0]['content'][3]['content'][1]['content'][1]['content'][0]['content']; + } catch (\Throwable $th) { } } $pkcs7PemSignature = $this->der2pem($signature); if (openssl_pkcs7_read($pkcs7PemSignature, $pemCertificates)) { - foreach ($pemCertificates as $key => $pemCertificate) { - $certificates[$signerCounter]['chain'][$key] = openssl_x509_parse($pemCertificate); - if (empty($certificates[$signerCounter]['chain'][$key]['signature_validation'])) { - $certificates[$signerCounter]['chain'][$key]['signature_validation'] = [ + foreach ($pemCertificates as $certificateIndex => $pemCertificate) { + $parsed = openssl_x509_parse($pemCertificate); + foreach ($parsed as $key => $value) { + if (!isset($certificates[$signerCounter]['chain'][$certificateIndex][$key])) { + $certificates[$signerCounter]['chain'][$certificateIndex][$key] = $value; + } elseif ($key === 'name') { + $certificates[$signerCounter]['chain'][$certificateIndex][$key] = $value; + } elseif ($key === 'signatureTypeSN' && $certificates[$signerCounter]['chain'][$certificateIndex][$key] !== $value) { + $certificates[$signerCounter]['chain'][$certificateIndex][$key] = $value; + } + } + if (empty($certificates[$signerCounter]['chain'][$certificateIndex]['signature_validation'])) { + $certificates[$signerCounter]['chain'][$certificateIndex]['signature_validation'] = [ 'id' => 1, 'label' => $this->l10n->t('Certificate is Trusted.'), ]; diff --git a/tests/Unit/Service/FileServiceTest.php b/tests/Unit/Service/FileServiceTest.php index f019e320a..e14967d7a 100644 --- a/tests/Unit/Service/FileServiceTest.php +++ b/tests/Unit/Service/FileServiceTest.php @@ -282,6 +282,10 @@ function (self $self, FileService $service) { 'id' => 1, 'label' => 'Signature is valid.', ], + 'certificate_validation' => [ + 'id' => 3, + 'label' => 'Certificate issuer is unknown.', + ], 'hash_algorithm' => 'RSA-SHA1', ], ],