web-eid
diff --git a/‎composer.lock‎
Lines changed: 20 additions & 20 deletions b/‎composer.lock‎
Lines changed: 20 additions & 20 deletions
diff --git a/‎example/composer.lock‎
Lines changed: 21 additions & 21 deletions b/‎example/composer.lock‎
Lines changed: 21 additions & 21 deletions
diff --git a/‎example/src/Auth.php‎
Lines changed: 13 additions & 9 deletions b/‎example/src/Auth.php‎
Lines changed: 13 additions & 9 deletions
diff --git a/‎src/certificate/CertificateData.php‎
Lines changed: 10 additions & 20 deletions b/‎src/certificate/CertificateData.php‎
Lines changed: 10 additions & 20 deletions
@@ -38,15 +38,16 @@ class Auth
 {
     private $config;
 
-    public function __construct($config) {
+    public function __construct($config)
+    {
         $this->config = $config;
     }
 
     public function trustedIntermediateCACertificates(): array
     {
-        return CertificateLoader::loadCertificatesFromResources(
-            __DIR__ . "/../certificates/esteid2018.der.crt"
-        );
+        $directory = __DIR__ . "/../certificates/";
+        $certificates = glob($directory . "*.der.crt");
+        return CertificateLoader::loadCertificatesFromResources(...$certificates);
     }
 
     public function generator(): ChallengeNonceGenerator
@@ -87,11 +88,14 @@ public function getNonce()
 
     private function getPrincipalNameFromCertificate(X509 $userCertificate): string
     {
-        try {
-            return CertificateData::getSubjectGivenName($userCertificate) . " " . CertificateData::getSubjectSurname($userCertificate);
-        } catch (Exception $e) {
-            return CertificateData::getSubjectCN($userCertificate);
+        $surname = CertificateData::getSubjectSurname($userCertificate);
+        $givenname = CertificateData::getSubjectGivenName($userCertificate);
+        if ($surname && $givenname) {
+            $principalName = $givenname . " " . $surname;
+        } else {
+            $principalName = CertificateData::getSubjectCN($userCertificate);
         }
+        return $principalName;
     }
 
     /**
@@ -103,7 +107,7 @@ public function validate()
     {
         // Header names must be treated as case-insensitive (according to RFC2616) so we convert them to lowercase
         $headers = array_change_key_case(getallheaders(), CASE_LOWER);
-        
+
         if (!isset($headers["x-csrf-token"]) || ($headers["x-csrf-token"] != $_SESSION["csrf-token"])) {
             header("HTTP/1.0 405 Method Not Allowed");
             echo "CSRF token missing, unable to process your request";
 
@@ -27,7 +27,6 @@
 namespace web_eid\web_eid_authtoken_validation_php\certificate;
 
 use phpseclib3\File\X509;
-use UnexpectedValueException;
 use BadFunctionCallException;
 
 final class CertificateData
@@ -40,66 +39,57 @@ public function __construct()
 
     /**
      * Get commonName from x509 certificate
-     *
-     * @throws UnexpectedValueException
      */
-    public static function getSubjectCN(X509 $certificate): string
+    public static function getSubjectCN(X509 $certificate): ?string
     {
         return self::getField($certificate, 'id-at-commonName');
     }
 
     /**
      * Get surname from x509 certificate
-     *
-     * @throws UnexpectedValueException
      */
-    public static function getSubjectSurname(X509 $certificate): string
+    public static function getSubjectSurname(X509 $certificate): ?string
     {
         return self::getField($certificate, 'id-at-surname');
     }
 
     /**
      * Get given name from x509 certificate
-     *
-     * @throws UnexpectedValueException
      */
-    public static function getSubjectGivenName(X509 $certificate): string
+    public static function getSubjectGivenName(X509 $certificate): ?string
     {
         return self::getField($certificate, 'id-at-givenName');
     }
 
     /**
      * Get serialNumber (ID-code) from x509 certificate
-     *
-     * @throws UnexpectedValueException
      */
-    public static function getSubjectIdCode(X509 $certificate): string
+    public static function getSubjectIdCode(X509 $certificate): ?string
     {
         return self::getField($certificate, 'id-at-serialNumber');
     }
 
     /**
      * Get country code from x509 certificate
-     *
-     * @throws UnexpectedValueException
      */
-    public static function getSubjectCountryCode(X509 $certificate): string
+    public static function getSubjectCountryCode(X509 $certificate): ?string
     {
         return self::getField($certificate, 'id-at-countryName');
     }
 
     /**
      * Get specified subject field from x509 certificate
      *
-     * @throws UnexpectedValueException field identifier not found
      * @return string
      */
-    private static function getField(X509 $certificate, string $fieldId): string
+    private static function getField(X509 $certificate, string $fieldId): ?string
     {
         $result = $certificate->getSubjectDNProp($fieldId);
         if ($result) {
-            return $result[0];
+            return join(" ", $result);
+        }
+        else {
+            return null;
         }
-        throw new UnexpectedValueException("fieldId " . $fieldId . " not found in certificate subject");
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -38,15 +38,16 @@ class Auth`
`38`	`38`	`{`
`39`	`39`	`private $config;`
`40`	`40`
`41`		`- public function __construct($config) {`
	`41`	`+ public function __construct($config)`
	`42`	`+ {`
`42`	`43`	`$this->config = $config;`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`public function trustedIntermediateCACertificates(): array`
`46`	`47`	`{`
`47`		`- return CertificateLoader::loadCertificatesFromResources(`
`48`		`- __DIR__ . "/../certificates/esteid2018.der.crt"`
`49`		`- );`
	`48`	`+ $directory = __DIR__ . "/../certificates/";`
	`49`	`+ $certificates = glob($directory . "*.der.crt");`
	`50`	`+ return CertificateLoader::loadCertificatesFromResources(...$certificates);`
`50`	`51`	`}`
`51`	`52`
`52`	`53`	`public function generator(): ChallengeNonceGenerator`
`@@ -87,11 +88,14 @@ public function getNonce()`
`87`	`88`
`88`	`89`	`private function getPrincipalNameFromCertificate(X509 $userCertificate): string`
`89`	`90`	`{`
`90`		`- try {`
`91`		`- return CertificateData::getSubjectGivenName($userCertificate) . " " . CertificateData::getSubjectSurname($userCertificate);`
`92`		`- } catch (Exception $e) {`
`93`		`- return CertificateData::getSubjectCN($userCertificate);`
	`91`	`+ $surname = CertificateData::getSubjectSurname($userCertificate);`
	`92`	`+ $givenname = CertificateData::getSubjectGivenName($userCertificate);`
	`93`	`+ if ($surname && $givenname) {`
	`94`	`+ $principalName = $givenname . " " . $surname;`
	`95`	`+ } else {`
	`96`	`+ $principalName = CertificateData::getSubjectCN($userCertificate);`
`94`	`97`	`}`
	`98`	`+ return $principalName;`
`95`	`99`	`}`
`96`	`100`
`97`	`101`	`/**`
`@@ -103,7 +107,7 @@ public function validate()`
`103`	`107`	`{`
`104`	`108`	`// Header names must be treated as case-insensitive (according to RFC2616) so we convert them to lowercase`
`105`	`109`	`$headers = array_change_key_case(getallheaders(), CASE_LOWER);`
`106`		`-`
	`110`	`+`
`107`	`111`	`if (!isset($headers["x-csrf-token"]) \|\| ($headers["x-csrf-token"] != $_SESSION["csrf-token"])) {`
`108`	`112`	`header("HTTP/1.0 405 Method Not Allowed");`
`109`	`113`	`echo "CSRF token missing, unable to process your request";`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,6 @@`
`27`	`27`	`namespace web_eid\web_eid_authtoken_validation_php\certificate;`
`28`	`28`
`29`	`29`	`use phpseclib3\File\X509;`
`30`		`-use UnexpectedValueException;`
`31`	`30`	`use BadFunctionCallException;`
`32`	`31`
`33`	`32`	`final class CertificateData`
`@@ -40,66 +39,57 @@ public function __construct()`
`40`	`39`
`41`	`40`	`/**`
`42`	`41`	`* Get commonName from x509 certificate`
`43`		`- *`
`44`		`- * @throws UnexpectedValueException`
`45`	`42`	`*/`
`46`		`- public static function getSubjectCN(X509 $certificate): string`
	`43`	`+ public static function getSubjectCN(X509 $certificate): ?string`
`47`	`44`	`{`
`48`	`45`	`return self::getField($certificate, 'id-at-commonName');`
`49`	`46`	`}`
`50`	`47`
`51`	`48`	`/**`
`52`	`49`	`* Get surname from x509 certificate`
`53`		`- *`
`54`		`- * @throws UnexpectedValueException`
`55`	`50`	`*/`
`56`		`- public static function getSubjectSurname(X509 $certificate): string`
	`51`	`+ public static function getSubjectSurname(X509 $certificate): ?string`
`57`	`52`	`{`
`58`	`53`	`return self::getField($certificate, 'id-at-surname');`
`59`	`54`	`}`
`60`	`55`
`61`	`56`	`/**`
`62`	`57`	`* Get given name from x509 certificate`
`63`		`- *`
`64`		`- * @throws UnexpectedValueException`
`65`	`58`	`*/`
`66`		`- public static function getSubjectGivenName(X509 $certificate): string`
	`59`	`+ public static function getSubjectGivenName(X509 $certificate): ?string`
`67`	`60`	`{`
`68`	`61`	`return self::getField($certificate, 'id-at-givenName');`
`69`	`62`	`}`
`70`	`63`
`71`	`64`	`/**`
`72`	`65`	`* Get serialNumber (ID-code) from x509 certificate`
`73`		`- *`
`74`		`- * @throws UnexpectedValueException`
`75`	`66`	`*/`
`76`		`- public static function getSubjectIdCode(X509 $certificate): string`
	`67`	`+ public static function getSubjectIdCode(X509 $certificate): ?string`
`77`	`68`	`{`
`78`	`69`	`return self::getField($certificate, 'id-at-serialNumber');`
`79`	`70`	`}`
`80`	`71`
`81`	`72`	`/**`
`82`	`73`	`* Get country code from x509 certificate`
`83`		`- *`
`84`		`- * @throws UnexpectedValueException`
`85`	`74`	`*/`
`86`		`- public static function getSubjectCountryCode(X509 $certificate): string`
	`75`	`+ public static function getSubjectCountryCode(X509 $certificate): ?string`
`87`	`76`	`{`
`88`	`77`	`return self::getField($certificate, 'id-at-countryName');`
`89`	`78`	`}`
`90`	`79`
`91`	`80`	`/**`
`92`	`81`	`* Get specified subject field from x509 certificate`
`93`	`82`	`*`
`94`		`- * @throws UnexpectedValueException field identifier not found`
`95`	`83`	`* @return string`
`96`	`84`	`*/`
`97`		`- private static function getField(X509 $certificate, string $fieldId): string`
	`85`	`+ private static function getField(X509 $certificate, string $fieldId): ?string`
`98`	`86`	`{`
`99`	`87`	`$result = $certificate->getSubjectDNProp($fieldId);`
`100`	`88`	`if ($result) {`
`101`		`- return $result[0];`
	`89`	`+ return join(" ", $result);`
	`90`	`+ }`
	`91`	`+ else {`
	`92`	`+ return null;`
`102`	`93`	`}`
`103`		`- throw new UnexpectedValueException("fieldId " . $fieldId . " not found in certificate subject");`
`104`	`94`	`}`
`105`	`95`	`}`