19124950457

Committed 06 Nov 2025 04:35AM UTC coverage: 39.311%. First build

Build # 19124950457

Build Type

Pull #5757

github

Committed by

web-flow

Commit Message

Merge b88a58dc1 into f56fcda6c

Pull Request Pull Request #5757: feat: use crl by cert

Run Details

54 of 116 new or added lines in 11 files covered. (46.55%)

4599 of 11699 relevant lines covered (39.31%)

3.08 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

48.0

/lib/Controller/CrlController.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

namespace OCA\Libresign\Controller;

use OCA\Libresign\Service\CrlService;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataDownloadResponse;
use OCP\AppFramework\Http\DataResponse;
use OCP\IRequest;
use Psr\Log\LoggerInterface;

class CrlController extends Controller {
        public function __construct(
                string $appName,
                IRequest $request,
                private CrlService $crlService,
                private LoggerInterface $logger,
        ) {
                parent::__construct($appName, $request);
        }

        /**
         * Get Certificate Revocation List in DER format (RFC 5280 compliant)
         *
         * @param string $instanceId Instance identifier
         * @param int $generation Generation identifier
         * @param string $engineType Engine type identifier
         * @return DataDownloadResponse<Http::STATUS_OK, string, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR, array{error: string, message: string}, array{}>
         *
         * 200: CRL retrieved successfully in DER format
         * 500: Failed to generate CRL
         */
        #[NoAdminRequired]
        #[NoCSRFRequired]
        #[PublicPage]
        #[FrontpageRoute(verb: 'GET', url: '/crl/{instanceId}/{generation}/{engineType}/crl.der')]
        public function getRevocationList(string $instanceId, int $generation, string $engineType): DataDownloadResponse|DataResponse {
                try {
                        $crlDer = $this->crlService->generateCrlDer($instanceId, $generation, $engineType);

                        return new DataDownloadResponse(
                                $crlDer,
                                'crl.crl',
                                'application/pkix-crl'
                        );
                } catch (\Throwable $e) {
                        $this->logger->error('Failed to generate CRL', ['exception' => $e]);

                        return new DataResponse([
                                'error' => 'CRL generation failed',
                                'message' => $e->getMessage()
                        ], Http::STATUS_INTERNAL_SERVER_ERROR);
                }
        }

        /**
         * Check certificate revocation status
         *
         * @param string $serialNumber Certificate serial number to check
         * @return DataResponse<Http::STATUS_OK, array{serial_number: string, status: string, checked_at: string}, array{}>|DataResponse<Http::STATUS_BAD_REQUEST, array{error: string, message: string}, array{}>
         *
         * 200: Certificate status retrieved successfully
         * 400: Invalid serial number format
         */
        #[NoAdminRequired]
        #[NoCSRFRequired]
        #[PublicPage]
        #[FrontpageRoute(verb: 'GET', url: '/crl/check/{serialNumber}')]
        public function checkCertificateStatus(string $serialNumber): DataResponse {
                if (!$this->isValidHexSerial($serialNumber)) {
                        return new DataResponse(
                                ['error' => 'Invalid serial number', 'message' => 'Serial number must be in hex format (no 0x prefix)'],
                                Http::STATUS_BAD_REQUEST
                        );
                }

                return new DataResponse($this->crlService->getCertificateStatusResponse($serialNumber));
        }

        private function isValidHexSerial(string $serialNumber): bool {
                $serialNumber = trim($serialNumber);

                if (empty($serialNumber)) {
                        return false;
                }

                if (str_starts_with(strtolower($serialNumber), '0x')) {
                        return false;
                }

                return ctype_xdigit($serialNumber);
        }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
7	* SPDX-License-Identifier: AGPL-3.0-or-later
8	*/
9
10	namespace OCA\Libresign\Controller;
11
12	use OCA\Libresign\Service\CrlService;
13	use OCP\AppFramework\Controller;
14	use OCP\AppFramework\Http;
15	use OCP\AppFramework\Http\Attribute\FrontpageRoute;
16	use OCP\AppFramework\Http\Attribute\NoAdminRequired;
17	use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
18	use OCP\AppFramework\Http\Attribute\PublicPage;
19	use OCP\AppFramework\Http\DataDownloadResponse;
20	use OCP\AppFramework\Http\DataResponse;
21	use OCP\IRequest;
22	use Psr\Log\LoggerInterface;
23
24	class CrlController extends Controller {
25	public function __construct(
26	string $appName,
27	IRequest $request,
28	private CrlService $crlService,
29	private LoggerInterface $logger,
30	) {
31	parent::__construct($appName, $request);	6✔
32	}
33
34	/**
35	* Get Certificate Revocation List in DER format (RFC 5280 compliant)
36	*
37	* @param string $instanceId Instance identifier
38	* @param int $generation Generation identifier
39	* @param string $engineType Engine type identifier
40	* @return DataDownloadResponse<Http::STATUS_OK, string, array{}>\|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR, array{error: string, message: string}, array{}>
41	*
42	* 200: CRL retrieved successfully in DER format
43	* 500: Failed to generate CRL
44	*/
45	#[NoAdminRequired]
46	#[NoCSRFRequired]
47	#[PublicPage]
48	#[FrontpageRoute(verb: 'GET', url: '/crl/{instanceId}/{generation}/{engineType}/crl.der')]
49	public function getRevocationList(string $instanceId, int $generation, string $engineType): DataDownloadResponse\|DataResponse {
50	try {
NEW 51	$crlDer = $this->crlService->generateCrlDer($instanceId, $generation, $engineType);	×
52
53	return new DataDownloadResponse(	×
54	$crlDer,	×
55	'crl.crl',	×
56	'application/pkix-crl'	×
57	);	×
58	} catch (\Throwable $e) {	×
59	$this->logger->error('Failed to generate CRL', ['exception' => $e]);	×
60
61	return new DataResponse([	×
62	'error' => 'CRL generation failed',	×
63	'message' => $e->getMessage()	×
64	], Http::STATUS_INTERNAL_SERVER_ERROR);	×
65	}
66	}
67
68	/**
69	* Check certificate revocation status
70	*
71	* @param string $serialNumber Certificate serial number to check
72	* @return DataResponse<Http::STATUS_OK, array{serial_number: string, status: string, checked_at: string}, array{}>\|DataResponse<Http::STATUS_BAD_REQUEST, array{error: string, message: string}, array{}>
73	*
74	* 200: Certificate status retrieved successfully
75	* 400: Invalid serial number format
76	*/
77	#[NoAdminRequired]
78	#[NoCSRFRequired]
79	#[PublicPage]
80	#[FrontpageRoute(verb: 'GET', url: '/crl/check/{serialNumber}')]
81	public function checkCertificateStatus(string $serialNumber): DataResponse {
82	if (!$this->isValidHexSerial($serialNumber)) {	6✔
83	return new DataResponse(	3✔
84	['error' => 'Invalid serial number', 'message' => 'Serial number must be in hex format (no 0x prefix)'],	3✔
85	Http::STATUS_BAD_REQUEST	3✔
86	);	3✔
87	}
88
89	return new DataResponse($this->crlService->getCertificateStatusResponse($serialNumber));	3✔
90	}
91
92	private function isValidHexSerial(string $serialNumber): bool {
93	$serialNumber = trim($serialNumber);	6✔
94
95	if (empty($serialNumber)) {	6✔
96	return false;	1✔
97	}
98
99	if (str_starts_with(strtolower($serialNumber), '0x')) {	5✔
NEW 100	return false;	×
101	}
102
103	return ctype_xdigit($serialNumber);	5✔
104	}
105	}

LibreSign / libresign / 19124950457

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous