summaryrefslogtreecommitdiff
path: root/includes/lib/check_weak_key.php
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2011-10-21 20:20:27 +0200
committerMichael Tänzer <neo@nhng.de>2011-10-21 20:20:27 +0200
commit8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e (patch)
treeb59f918e159fc6fae64d735e20530eea352f3d5d /includes/lib/check_weak_key.php
parent99d0ec582fb1f76479424c0300005284c58e67b0 (diff)
downloadcacert-devel-8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e.tar.gz
cacert-devel-8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e.tar.xz
cacert-devel-8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e.zip
bug 978: New helper function runCommand() -> reduce boilerplate code
Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'includes/lib/check_weak_key.php')
-rw-r--r--includes/lib/check_weak_key.php93
1 files changed, 28 insertions, 65 deletions
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index d2aa33d..adf74c0 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -33,37 +33,18 @@ require_once 'general.php';
*/
function checkWeakKeyCSR($csr, $encoding = "PEM")
{
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
$encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl req -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $csr);
- fclose($pipes[0]);
-
- $csrText = "";
- while (!feof($pipes[1]))
- {
- $csrText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $csrText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
+ $status = runCommand("openssl req -inform $encoding -text -noout",
+ $csr, $csrText);
+ if ($status === true) {
return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
}
-
-
+
+ if ($status !== 0 || $csrText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
return checkWeakKeyText($csrText);
}
@@ -80,37 +61,18 @@ function checkWeakKeyCSR($csr, $encoding = "PEM")
*/
function checkWeakKeyX509($cert, $encoding = "PEM")
{
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
$encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl x509 -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $cert);
- fclose($pipes[0]);
-
- $certText = "";
- while (!feof($pipes[1]))
- {
- $certText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $certText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
+ $status = runCommand("openssl x509 -inform $encoding -text -noout",
+ $cert, $certText);
+ if ($status === true) {
return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
}
-
-
+
+ if ($status !== 0 || $certText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
return checkWeakKeyText($certText);
}
@@ -127,16 +89,17 @@ function checkWeakKeyX509($cert, $encoding = "PEM")
*/
function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
{
- /* Check for the debian OpenSSL vulnerability */
-
- $spkac = escapeshellarg($spkac);
$spkacname = escapeshellarg($spkacname);
- $spkacText = `echo $spkac | openssl spkac -spkac $spkacname`;
- if ($spkacText === null) {
- return _("I didn't receive a valid Certificate Request, hit the ".
- "back button and try again.");
+ $status = runCommand("openssl spkac -spkac $spkacname", $spkac, $spkacText);
+ if ($status === true) {
+ return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
}
-
+
+ if ($status !== 0 || $spkacText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit the ".
+ "back button and try again.");
+ }
+
return checkWeakKeyText($spkacText);
}
@@ -339,7 +302,7 @@ function checkDebianVulnerability($text, $keysize = 0)
// $checksum and $blacklist should be safe, but just to make sure
$checksum = escapeshellarg($checksum);
$blacklist = escapeshellarg($blacklist);
- exec("grep $checksum $blacklist", $dummy, $debianVuln);
+ $debianVuln = runCommand("grep $checksum $blacklist");
if ($debianVuln === 0) // grep returned something => it is on the list
{
return true;