Skip to content

Commit 92a9e2d

Browse files
gr8bFredrik Sundblompitbulk
authored
X509 cert comments (#570)
Skip comments in .crt file Co-authored-by: Fredrik Sundblom <[email protected]> Co-authored-by: Sixto Martin <[email protected]>
1 parent d3884fb commit 92a9e2d

File tree

4 files changed

+38
-16
lines changed

4 files changed

+38
-16
lines changed

src/Saml2/Utils.php

+11-12
Original file line numberDiff line numberDiff line change
@@ -212,28 +212,27 @@ public static function treeCopyReplace(DomNode $targetNode, DomNode $sourceNode,
212212
/**
213213
* Returns a x509 cert (adding header & footer if required).
214214
*
215-
* @param string $cert A x509 unformated cert
216-
* @param bool $heads True if we want to include head and footer
215+
* @param string $x509cert A x509 unformated cert
216+
* @param bool $heads True if we want to include head and footer
217217
*
218218
* @return string $x509 Formatted cert
219219
*/
220-
public static function formatCert($cert, $heads = true)
220+
public static function formatCert($x509cert, $heads = true)
221221
{
222-
if (is_null($cert)) {
222+
if (is_null($x509cert)) {
223223
return;
224224
}
225225

226-
$x509cert = str_replace(array("\x0D", "\r", "\n"), "", $cert);
227-
if (!empty($x509cert)) {
228-
$x509cert = str_replace('-----BEGIN CERTIFICATE-----', "", $x509cert);
229-
$x509cert = str_replace('-----END CERTIFICATE-----', "", $x509cert);
230-
$x509cert = str_replace(' ', '', $x509cert);
226+
if (strpos($x509cert, '-----BEGIN CERTIFICATE-----') !== false) {
227+
$x509cert = static::getStringBetween($x509cert, '-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----');
228+
}
231229

232-
if ($heads) {
233-
$x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n";
234-
}
230+
$x509cert = str_replace(["\x0d", "\r", "\n", " "], '', $x509cert);
235231

232+
if ($heads && $x509cert !== '') {
233+
$x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n";
236234
}
235+
237236
return $x509cert;
238237
}
239238

tests/certs/with.comment.crt

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
# certificate comments should be ignored
2+
-----BEGIN CERTIFICATE-----
3+
MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC
4+
Tk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD
5+
VQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG
6+
9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4
7+
MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi
8+
ZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl
9+
aWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v
10+
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO
11+
NoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS
12+
KOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d
13+
1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8
14+
BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n
15+
bK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar
16+
Q4/67OZfHd7R+POBXhophSMv1ZOo
17+
-----END CERTIFICATE-----

tests/src/OneLogin/Saml2/AuthTest.php

+3-2
Original file line numberDiff line numberDiff line change
@@ -780,7 +780,8 @@ public function testProcessSLORequestRelayState()
780780
$_GET['RelayState'] = 'http://relaystate.com';
781781

782782
$this->_auth->setStrict(true);
783-
$targetUrl = $this->_auth->processSLO(false, null, null, null, true);
783+
$targetUrl = $this->_auth->processSLO(false, null, false, null, true);
784+
784785
$parsedQuery = getParamsFromUrl($targetUrl);
785786

786787
$sloResponseUrl = $this->_settingsInfo['idp']['singleLogoutService']['responseUrl'];
@@ -818,7 +819,7 @@ public function testProcessSLORequestSignedResponse()
818819
$_GET['RelayState'] = 'http://relaystate.com';
819820

820821
$auth->setStrict(true);
821-
$targetUrl = $auth->processSLO(false, null, null, null, true);
822+
$targetUrl = $auth->processSLO(false, null, false, null, true);
822823

823824
$parsedQuery = getParamsFromUrl($targetUrl);
824825

tests/src/OneLogin/Saml2/UtilsTest.php

+7-2
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,8 @@ public function testLoadXML()
3434
try {
3535
$res1 = Utils::loadXML($dom, $metadataUnloaded);
3636
$this->assertFalse($res1);
37-
} catch (Exception $e) {
38-
$this->assertEquals('DOMDocument::loadXML(): Premature end of data in tag EntityDescriptor line 1 in Entity, line: 1', $e->getMessage());
37+
} catch (\Exception $e) {
38+
$this->assertEquals('DOMDocument::loadXML(): Premature end of data in tag EntityDescriptor line 1 in Entity, line: 1', $e->getMessage());
3939
}
4040

4141
$metadataInvalid = file_get_contents(TEST_ROOT .'/data/metadata/noentity_metadata_settings1.xml');
@@ -194,6 +194,11 @@ public function testFormatCert()
194194
$this->assertStringNotContainsString('-----END CERTIFICATE-----', $formatedCert6);
195195
$this->assertEquals(strlen($cert2), 860);
196196

197+
$cert = file_get_contents(TEST_ROOT.'/certs/with.comment.crt');
198+
$formatedCert7 = Utils::formatCert($cert, true);
199+
$this->assertStringContainsString('-----BEGIN CERTIFICATE-----', $formatedCert7);
200+
$this->assertStringContainsString('-----END CERTIFICATE-----', $formatedCert7);
201+
$this->assertStringNotContainsString('comments', $formatedCert7);
197202
}
198203

199204
/**

0 commit comments

Comments
 (0)