Commit c4eef3ec authored by Juan Segarra Montesinos's avatar Juan Segarra Montesinos Committed by Richard Mansfield
Browse files

MNET certificate's fingerprint display



This patch adds two fields in the Networking configuration page: the SHA1
fingerprint of the certificate and the MD5 fingerprint of the certificate.
This can be used to verify certificates. See feature request #3431
Signed-off-by: default avatarJuan Segarra Montesinos <juan.segarra@si.uji.es>
parent 96751593
......@@ -75,6 +75,16 @@ $networkingform = pieform(
'description' => get_string('publickeydescription2', 'admin', 365),
'value' => '<pre style="font-size: 0.7em; white-space: pre;">'.$openssl->certificate.'</pre>'
),
'sha1fingerprint' => array(
'type' => 'html',
'title' => 'SHA1 Fingerprint',
'value' => $openssl->sha1_fingerprint
),
'md5fingerprint' => array(
'type' => 'html',
'title' => 'MD5 Fingerprint',
'value' => $openssl->md5_fingerprint
),
'expires' => array(
'type' => 'html',
'title' => get_string('publickeyexpires','admin'),
......
......@@ -1027,6 +1027,7 @@ class OpenSslRepo {
private function __construct() {
if (empty($this->keypair)) {
$this->get_keypair();
$this->calculate_fingerprints();
$this->keypair['privatekey'] = openssl_pkey_get_private($this->keypair['keypair_PEM']);
$this->keypair['publickey'] = openssl_pkey_get_public($this->keypair['certificate']);
}
......@@ -1086,6 +1087,8 @@ class OpenSslRepo {
public function __get($name) {
if ('certificate' === $name) return $this->keypair['certificate'];
if ('expires' === $name) return $this->keypair['expires'];
if ('sha1_fingerprint' === $name) return $this->keypair['sha1_fingerprint'];
if ('md5_fingerprint' === $name ) return $this->keypair['md5_fingerprint'];
return null;
}
......@@ -1213,8 +1216,80 @@ class OpenSslRepo {
openssl_pkey_free($new_key);
unset($new_key); // Free up the resource
// Calculate fingerprints
$this->calculate_fingerprints();
return $this;
}
/**
* Calculates the SHA1 and MD5 fingerprints of the certificate in DER format
* It does the same as the fingerprint commandline option in x509
* command. For example:
*
* $ openssl x509 -in cert_file -fingerprint -sha1
* $ openssl x509 -in cert_file -fingerprint -md5
*/
private function calculate_fingerprints () {
// Convert the certificate to DER and calculate the digest
$pem_cert = $this->keypair['certificate'];
$from_pos = strpos($pem_cert, "-----BEGIN CERTIFICATE-----");
if ( $from_pos === false ) {
throw new CryptException("Certificate not in PEM format");
}
$from_pos = $from_pos + 27;
$to_pos = strpos($pem_cert, "-----END CERTIFICATE-----");
if ( $to_pos === false ) {
throw new CryptException("Certificate not in PEM format");
}
$der_cert = base64_decode(substr($pem_cert, $from_pos, $to_pos - $from_pos));
if ( $der_cert === FALSE ) {
throw new CryptException("Certificate not in PEM format");
}
$_sha1_fingerprint = sha1($der_cert);
if ( $sha1_fingerprint === FALSE ) {
throw new CryptException("Error calculating sha1 fingerprint");
}
$_md5_fingerprint = md5($der_cert);
if ( $md5_fingerprint === FALSE ) {
throw new CryptException("Error calculating md5 fingerprint");
}
unset($der_cert);
$_sha1_fingerprint = strtoupper($_sha1_fingerprint);
$_md5_fingerprint = strtoupper($_md5_fingerprint);
$sha1_fingerprint = $_sha1_fingerprint[0];
for ( $i = 1, $to = strlen($_sha1_fingerprint); $i < $to ; $i++ ) {
if ( $i % 2 == 0 ) {
$sha1_fingerprint .= ":" . $_sha1_fingerprint[$i];
} else {
$sha1_fingerprint .= $_sha1_fingerprint[$i];
}
}
$md5_fingerprint = $_md5_fingerprint[0];
for ( $i = 1, $to = strlen($_md5_fingerprint); $i < $to ; $i++ ) {
if ( $i % 2 == 0 ) {
$md5_fingerprint .= ":" . $_md5_fingerprint[$i];
} else {
$md5_fingerprint .= $_md5_fingerprint[$i];
}
}
$this->keypair['sha1_fingerprint'] = $sha1_fingerprint;
$this->keypair['md5_fingerprint'] = $md5_fingerprint;
}
}
class PublicKey {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment