From 037e6c59781450a6896a5fcecabc1c280848c821 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9B=D0=B5=D0=B2=20=D0=A2=D0=B0=D1=80=D0=B0=D1=81=D0=BE?=
 =?UTF-8?q?=D0=B2?= <l.tarasov@itcomgk.ru>
Date: Fri, 21 Aug 2020 11:54:35 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?=
 =?UTF-8?q?=D0=BD=D1=8B=20=D1=81=D0=BE=D0=BE=D0=B1=D1=89=D0=B5=D0=BD=D0=B8?=
 =?UTF-8?q?=D1=8F=20=D0=BA=20=D0=BD=D0=B5=D0=BA=D0=BE=D1=82=D0=BE=D1=80?=
 =?UTF-8?q?=D1=8B=D0=BC=20=D0=BA=D0=BE=D0=B4=D0=B0=D0=BC=20=D0=BE=D1=88?=
 =?UTF-8?q?=D0=B8=D0=B1=D0=BE=D0=BA;?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                   |  1 +
 CryptoProCli.php             | 29 ++++++++++++++++++++++-------
 Exception/SignatureError.php | 12 ++++++++++++
 3 files changed, 35 insertions(+), 7 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 Exception/SignatureError.php

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..723ef36
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
\ No newline at end of file
diff --git a/CryptoProCli.php b/CryptoProCli.php
index 39460f2..0b3829e 100644
--- a/CryptoProCli.php
+++ b/CryptoProCli.php
@@ -3,6 +3,7 @@
 namespace nikserg\cryptoprocli;
 
 use nikserg\cryptoprocli\Exception\Cli;
+use nikserg\cryptoprocli\Exception\SignatureError;
 
 /**
  * Class CryptoProCli
@@ -33,7 +34,7 @@ private static function getCryptcpExec()
      * @param string $file
      * @param string $thumbprint
      * @param null   $toFile
-     * @throws \Exception
+     * @throws Cli
      */
     public static function signFile($file, $thumbprint, $toFile = null)
     {
@@ -43,7 +44,7 @@ public static function signFile($file, $thumbprint, $toFile = null)
 
         if (strpos($result, "Signed message is created.") <= 0 && strpos($result,
                 "Подписанное сообщение успешно создано") <= 0) {
-            throw new \Exception('В ответе Cryptcp не найдена строка "Signed message is created" или "Подписанное сообщение успешно создано": ' . $result . ' команда ' . $shellCommand);
+            throw new Cli('В ответе Cryptcp не найдена строка "Signed message is created" или "Подписанное сообщение успешно создано": ' . $result . ' команда ' . $shellCommand);
         }
     }
 
@@ -54,6 +55,7 @@ public static function signFile($file, $thumbprint, $toFile = null)
      * @param $data
      * @param $thumbprint
      * @return bool|string
+     * @throws Cli
      */
     public static function signData($data, $thumbprint)
     {
@@ -73,16 +75,15 @@ public static function signData($data, $thumbprint)
      *
      * @param string $file Путь к файлу
      * @param string $thumbprint SHA1 отпечаток, например, bb959544444d8d9e13ca3b8801d5f7a52f91fe97
-     * @throws \Exception
+     * @throws Cli
      */
     public static function addSignToFile($file, $thumbprint)
     {
         $shellCommand = self::getCryptcpExec() .
             ' -addsign -thumbprint ' . $thumbprint . ' ' . $file;
         $result = shell_exec($shellCommand);
-
         if (strpos($result, "Signed message is created.") <= 0) {
-            throw new \Exception('В ответе Cryptcp не найдена строка Signed message is created: ' . $result . ' команда ' . $shellCommand);
+            throw new Cli('В ответе Cryptcp не найдена строка Signed message is created: ' . $result . ' команда ' . $shellCommand);
         }
     }
 
@@ -91,6 +92,8 @@ public static function addSignToFile($file, $thumbprint)
      *
      *
      * @param $fileContent
+     * @throws Cli
+     * @throws SignatureError
      */
     public static function verifyFileContent($fileContent)
     {
@@ -111,20 +114,32 @@ private static function getDevNull()
         return '/dev/null';
     }
 
+    const ERROR_CODE_MESSAGE = [
+        '0x20000133' => 'Цепочка сертификатов не проверена',
+        '0x200001f9' => 'Подпись не верна',
+        '0x2000012d' => 'Сетификаты не найдены',
+        '0x2000012e' => 'Более одного сертификата',
+    ];
+
     /**
      * Проверить, что файл подписан правильной подписью
      *
      *
      * @param $file
      * @throws Cli
+     * @throws SignatureError
      */
     public static function verifyFile($file)
     {
         $shellCommand = 'yes "n" 2> '.self::getDevNull().' | ' . escapeshellarg(self::$cryptcpExec) . ' -verify -verall ' . escapeshellarg($file);
         $result = shell_exec($shellCommand);
         if (strpos($result, "[ErrorCode: 0x00000000]") === false && strpos($result, "[ReturnCode: 0]") === false) {
-            //Проверка неуспешна
-            throw new Cli('В ответе Cryptcp не найдена строка [ErrorCode: 0x00000000] и [ReturnCode: 0]: ' . $result . ' команда ' . $shellCommand);
+            preg_match('#\[ErrorCode: (.+)\]#', $result, $matches);
+            $code = strtolower($matches[1]);
+            if (isset(self::ERROR_CODE_MESSAGE[$code])) {
+                throw new SignatureError(self::ERROR_CODE_MESSAGE[$code]);
+            }
+            throw new Cli("Неожиданный результат $shellCommand: \n$result");
         }
     }
 }
diff --git a/Exception/SignatureError.php b/Exception/SignatureError.php
new file mode 100644
index 0000000..c14d20f
--- /dev/null
+++ b/Exception/SignatureError.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace nikserg\cryptoprocli\Exception;
+
+/**
+ * Ошибка в подписи
+ *
+ * @package nikserg\cryptoprocli\Exception
+ */
+class SignatureError extends \Exception
+{
+}