Skip to content

Commit 5bc89ff

Browse files
vitormattosbackportbot-libresign[bot]
vitormattos
authored and
backportbot-libresign[bot]
committed
refactor(password): normalize CRL status to enum at boundary
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
1 parent e64b6ee commit 5bc89ff

1 file changed

Lines changed: 14 additions & 3 deletions

File tree

lib/Service/IdentifyMethod/SignatureMethod/Password.php

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,8 @@ private function validateCertificateRevocation(array $certificateData): void {
4848
if (!array_key_exists('crl_validation', $certificateData)) {
4949
return;
5050
}
51-
$status = $certificateData['crl_validation'];
51+
$rawStatus = $certificateData['crl_validation'];
52+
$status = $this->normalizeRevocationStatus($rawStatus);
5253
if ($status === CrlValidationStatus::VALID) {
5354
return;
5455
}
@@ -59,10 +60,20 @@ private function validateCertificateRevocation(array $certificateData): void {
5960
if ($status === CrlValidationStatus::DISABLED) {
6061
return;
6162
}
62-
$this->logRevocationBlockedSigning($status);
63+
$this->logRevocationBlockedSigning($rawStatus);
6364
throw new LibresignException($this->getRevocationErrorMessage($status), 422);
6465
}
6566

67+
private function normalizeRevocationStatus(mixed $status): ?CrlValidationStatus {
68+
if ($status instanceof CrlValidationStatus) {
69+
return $status;
70+
}
71+
if (is_string($status)) {
72+
return CrlValidationStatus::tryFrom($status);
73+
}
74+
return null;
75+
}
76+
6677
private function logRevocationBlockedSigning(mixed $status): void {
6778
$statusValue = $status instanceof CrlValidationStatus ? $status->value : (is_scalar($status) ? (string)$status : get_debug_type($status));
6879
$this->identifyService->getLogger()->warning('Signing blocked due to CRL validation status', [
@@ -71,7 +82,7 @@ private function logRevocationBlockedSigning(mixed $status): void {
7182
]);
7283
}
7384

74-
private function getRevocationErrorMessage(mixed $status): string {
85+
private function getRevocationErrorMessage(?CrlValidationStatus $status): string {
7586
return match ($status) {
7687
CrlValidationStatus::URLS_INACCESSIBLE => $this->identifyService->getL10n()->t('Cannot reach the certificate revocation service. Signing is not allowed.'),
7788
CrlValidationStatus::VALIDATION_ERROR => $this->identifyService->getL10n()->t('An error occurred during certificate validation. Signing is not allowed.'),

0 commit comments

Comments
 (0)