Merge pull request #1 from underdarknl/main

minor optimizations, quicker results for large trees
minvws · Mar 7, 2021 · da56337 · da56337
2 parents e7a41b6 + dc3c18b
commit da56337
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 20 deletions.
diff --git a/src/UziReader.php b/src/UziReader.php
@@ -24,37 +24,30 @@ class UziReader
     public function getData(): array
     {
         if (!isset($_SERVER['SSL_CLIENT_VERIFY']) || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS') {
-            throw new UziException('Apache client cert check not passed');
+            throw new UziException('Webserver client cert check not passed');
         }
-
-        /** @var string|null $pem */
-        $pem = null;
-        if (isset($_SERVER['SSL_CLIENT_CERT'])) {
-            $pem = $_SERVER['SSL_CLIENT_CERT'];
-        }
-        if (!$pem) {
+        if (!isset($_SERVER['SSL_CLIENT_CERT'])) {
             throw new UziException('No client certificate presented');
         }
         $x509 = new X509();
-        $cert = $x509->loadX509($pem);
+        $cert = $x509->loadX509($_SERVER['SSL_CLIENT_CERT']);
         $surName = null;
         $givenName = null;
-        $user = null;
 
         if (!isset($cert['tbsCertificate']['subject']['rdnSequence'])) {
             throw new UziException('No subject rdnSequence');
         }
         foreach ($cert['tbsCertificate']['subject']['rdnSequence'] as $sequence) {
-            if ($givenName && $surName) {
-                continue;
-            }
             $data = reset($sequence);
             if ($data['type'] === 'id-at-surname') {
                 $surName = $data['value']['utf8String'];
             }
             if ($data['type'] === 'id-at-givenName') {
                 $givenName = $data['value']['utf8String'];
             }
+            if ($givenName && $surName) {
+                break;
+            }
         }
         foreach ($cert['tbsCertificate']['extensions'] as $extension) {
             if ($extension['extnId'] !== "id-ce-subjectAltName") {
@@ -86,7 +79,7 @@ public function getData(): array
                 if (!is_array($data) || count($data) < 6) {
                     throw new UziException('Incorrect SAN found');
                 }
-                $user = [
+                return [
                     'givenName' => $givenName,
                     'surName' => $surName,
                     'OidCa' => $data[0],
@@ -99,9 +92,6 @@ public function getData(): array
                 ];
             }
         }
-        if ($user === null) {
-            throw new UziException('No valid UZI data found');
-        }
-        return $user;
+        throw new UziException('No valid UZI data found');
     }
 }
diff --git a/tests/UziReaderTest.php b/tests/UziReaderTest.php
@@ -16,7 +16,7 @@ public function testCheckRequestHasNoCert(): void
         $uzi = new UziReader();
 
         $this->expectException(UziException::class);
-        $this->expectExceptionMessage("Apache client cert check not passed");
+        $this->expectExceptionMessage("Webserver client cert check not passed");
 
         $uzi->getData();
     }
@@ -26,7 +26,7 @@ public function testCheckSSLClientFailed(): void
         $uzi = new UziReader();
 
         $this->expectException(UziException::class);
-        $this->expectExceptionMessage("Apache client cert check not passed");
+        $this->expectExceptionMessage("Webserver client cert check not passed");
 
         $_SERVER['SSL_CLIENT_VERIFY'] = "failed";
         $uzi->getData();