Merge pull request #2524 from LibreSign/bugfix/fields-to-generate-cfs…

…sl-cert

Fixes and tests coverage when generate CFSSL and OpenSSL root cert and PFX cert

.github/workflows/behat.yml

@@ -122,6 +122,6 @@ jobs:
         env:
           BEHAT_ROOT_DIR: ../../../../
         run: |
-          export BEHAT_RUN_AS=$(ls -ld behat.yml | awk '{print $3}')
+          export BEHAT_RUN_AS=runner
           export BEHAT_VERBOSE="$RUNNER_DEBUG"
           vendor/bin/behat -f junit -f pretty --colors

lib/Command/Configure/Cfssl.php

@@ -94,19 +94,19 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			throw new InvalidArgumentException('Invalid Comon Name');
 		}
 		if ($input->getOption('ou')) {
-			$names[] = ['id' => 'OU', 'value' => $input->getOption('ou')];
+			$names['OU'] = ['value' => $input->getOption('ou')];
 		}
 		if ($input->getOption('o')) {
-			$names[] = ['id' => 'O', 'value' => $input->getOption('o')];
+			$names['O'] = ['value' => $input->getOption('o')];
 		}
 		if ($input->getOption('c')) {
-			$names[] = ['id' => 'C', 'value' => $input->getOption('c')];
+			$names['C'] = ['value' => $input->getOption('c')];
 		}
 		if ($input->getOption('l')) {
-			$names[] = ['id' => 'L', 'value' => $input->getOption('l')];
+			$names['L'] = ['value' => $input->getOption('l')];
 		}
 		if ($input->getOption('st')) {
-			$names[] = ['id' => 'ST', 'value' => $input->getOption('st')];
+			$names['ST'] = ['value' => $input->getOption('st')];
 		}
 
 		if (PHP_OS_FAMILY === 'Windows') {
@@ -123,7 +123,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 		$configPath = $input->getOption('config-path');
 
 		$this->installService->generate(
-			$commonName,
+			(string) $commonName,
 			$names,
 			[
 				'engine' => 'cfssl',

lib/Command/Configure/OpenSsl.php

@@ -85,22 +85,22 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			throw new InvalidArgumentException('Invalid Comon Name');
 		}
 		if ($input->getOption('ou')) {
-			$names[] = ['id' => 'OU', 'value' => $input->getOption('ou')];
+			$names['OU'] = ['value' => $input->getOption('ou')];
 		}
 		if ($input->getOption('o')) {
-			$names[] = ['id' => 'O', 'value' => $input->getOption('o')];
+			$names['O'] = ['value' => $input->getOption('o')];
 		}
 		if ($input->getOption('c')) {
-			$names[] = ['id' => 'C', 'value' => $input->getOption('c')];
+			$names['C'] = ['value' => $input->getOption('c')];
 		}
 		if ($input->getOption('l')) {
-			$names[] = ['id' => 'L', 'value' => $input->getOption('l')];
+			$names['L'] = ['value' => $input->getOption('l')];
 		}
 		if ($input->getOption('st')) {
-			$names[] = ['id' => 'ST', 'value' => $input->getOption('st')];
+			$names['ST'] = ['value' => $input->getOption('st')];
 		}
 		$this->installService->generate(
-			$commonName,
+			(string) $commonName,
 			$names,
 			[
 				'engine' => 'openssl'

lib/Controller/AccountController.php

@@ -141,20 +141,27 @@ public function signatureGenerate(
 		string $signPassword
 	): JSONResponse {
 		try {
+			$identify = $this->userSession->getUser()->getEMailAddress();
+			if (!$identify) {
+				$identify = $this->userSession->getUser()->getUID()
+					. '@'
+					. $this->request->getServerHost();
+			}
 			$data = [
 				'user' => [
-					'identify' => $this->userSession->getUser()->getUID(),
+					'host' => $identify,
 					'name' => $this->userSession->getUser()->getDisplayName(),
 				],
 				'signPassword' => $signPassword,
 				'userId' => $this->userSession->getUser()->getUID()
 			];
 			$this->accountService->validateCertificateData($data);
-			$this->pkcs12Handler->generateCertificate(
+			$certificate = $this->pkcs12Handler->generateCertificate(
 				$data['user'],
 				$data['signPassword'],
 				$this->userSession->getUser()->getDisplayName()
 			);
+			$this->pkcs12Handler->savePfx($this->userSession->getUser()->getUID(), $certificate);
 
 			return new JSONResponse([], Http::STATUS_OK);
 		} catch (\Exception $exception) {

lib/Exception/EmptyRootCertificateException.php → lib/Exception/EmptyCertificateException.php

@@ -24,5 +24,5 @@
 
 namespace OCA\Libresign\Exception;
 
-class EmptyRootCertificateException extends \Exception {
+class EmptyCertificateException extends \Exception {
 }

lib/Handler/CertificateEngine/AEngineHandler.php

@@ -24,7 +24,7 @@
 
 namespace OCA\Libresign\Handler\CertificateEngine;
 
-use OCA\Libresign\Exception\EmptyRootCertificateException;
+use OCA\Libresign\Exception\EmptyCertificateException;
 use OCA\Libresign\Exception\InvalidPasswordException;
 use OCA\Libresign\Exception\LibresignException;
 use OCA\Libresign\Helper\MagicGetterSetterTrait;
@@ -34,6 +34,8 @@
 use OCP\Files\SimpleFS\ISimpleFolder;
 use OCP\IConfig;
 use OCP\IDateTimeFormatter;
+use OpenSSLAsymmetricKey;
+use OpenSSLCertificate;
 use ReflectionClass;
 
 /**
@@ -82,9 +84,12 @@ public function __construct(
 		$this->appData = $appDataFactory->get('libresign');
 	}
 
-	public function generateCertificate(string $certificate, string $privateKey): string {
+	protected function exportToPkcs12(
+		OpenSSLCertificate|string $certificate,
+		OpenSSLAsymmetricKey|OpenSSLCertificate|string $privateKey
+	): string {
 		if (empty($certificate) || empty($privateKey)) {
-			throw new EmptyRootCertificateException();
+			throw new EmptyCertificateException();
 		}
 		$certContent = null;
 		try {
@@ -107,20 +112,20 @@ public function generateCertificate(string $certificate, string $privateKey): st
 
 	public function updatePassword(string $certificate, string $currentPrivateKey, string $newPrivateKey): string {
 		if (empty($certificate) || empty($currentPrivateKey) || empty($newPrivateKey)) {
-			throw new EmptyRootCertificateException();
+			throw new EmptyCertificateException();
 		}
 		openssl_pkcs12_read($certificate, $certContent, $currentPrivateKey);
 		if (empty($certContent)) {
 			throw new InvalidPasswordException();
 		}
 		$this->setPassword($newPrivateKey);
-		$certContent = self::generateCertificate($certContent['cert'], $certContent['pkey']);
+		$certContent = self::exportToPkcs12($certContent['cert'], $certContent['pkey']);
 		return $certContent;
 	}
 
 	public function readCertificate(string $certificate, string $privateKey): array {
 		if (empty($certificate) || empty($privateKey)) {
-			throw new EmptyRootCertificateException();
+			throw new EmptyCertificateException();
 		}
 		openssl_pkcs12_read($certificate, $certContent, $privateKey);
 		if (empty($certContent)) {
@@ -133,9 +138,8 @@ public function readCertificate(string $certificate, string $privateKey): array
 		if (is_array($return['subject']['OU']) && !empty($return['subject']['OU'])) {
 			$return['subject']['OU'] = implode(', ', $return['subject']['OU']);
 		}
-		$return['subjectAltName'] = $parsed['extensions']['subjectAltName'];
 		$return['issuer'] = $parsed['issuer'];
-		$return['issuerInfoAccess'] = $parsed['extensions']['authorityInfoAccess'];
+		$return['extensions'] = $parsed['extensions'];
 		$return['validate'] = [
 			'from' => $this->dateTimeFormatter->formatDateTime($parsed['validFrom_time_t']),
 			'to' => $this->dateTimeFormatter->formatDateTime($parsed['validTo_time_t']),
@@ -249,7 +253,7 @@ public function getName(): string {
 		return $name;
 	}
 
-	private function getNames(): array {
+	protected function getNames(): array {
 		$names = [
 			'C' => $this->getCountry(),
 			'ST' => $this->getState(),