@@ -187,11 +187,7 @@ private function pkcs12Read(JSignParam $params): array
187187 }
188188 file_put_contents ($ tempPassword$ password
189189 file_put_contents ($ tempEncriptedOriginal$ certificate
190- shell_exec (<<<REPACK_COMMAND
191- cat $ tempPassword | openssl pkcs12 -legacy -in $ tempEncriptedOriginal -nodes -out $ tempDecrypted -passin stdin &&
192- cat $ tempPassword | openssl pkcs12 -in $ tempDecrypted -export -out $ tempEncriptedRepacked -passout stdin
193- REPACK_COMMAND
194- );
190+ $ this safeShellExec ($ tempPassword$ tempEncriptedOriginal$ tempDecrypted$ tempEncriptedRepacked
195191 $ certificateRepackedfile_get_contents ($ tempEncriptedRepacked
196192 if ($ certificateRepackedfalse ) {
197193 return [];
@@ -208,6 +204,25 @@ private function pkcs12Read(JSignParam $params): array
208204 return [];
209205 }
210206
207+ private function safeShellExec (
208+ string $ tempPassword
209+ string $ tempEncriptedOriginal
210+ string $ tempDecrypted
211+ string $ tempEncriptedRepacked
212+ ): void
213+ {
214+ $ tempPasswordescapeshellarg ($ tempPassword
215+ $ tempEncriptedOriginalescapeshellarg ($ tempEncriptedOriginal
216+ $ tempDecryptedescapeshellarg ($ tempDecrypted
217+ $ tempEncriptedRepackedescapeshellarg ($ tempEncriptedRepacked
218+
219+ shell_exec (<<<REPACK_COMMAND
220+ cat $ tempPassword | openssl pkcs12 -legacy -in $ tempEncriptedOriginal -nodes -out $ tempDecrypted -passin stdin &&
221+ cat $ tempPassword | openssl pkcs12 -in $ tempDecrypted -export -out $ tempEncriptedRepacked -passout stdin
222+ REPACK_COMMAND
223+ );
224+ }
225+
211226 private function exportToPkcs12 (\OpenSSLCertificate |string $ certificate\OpenSSLAsymmetricKey |\OpenSSLCertificate |string $ privateKeystring $ passwordstring
212227 {
213228 $ certContentnull ;
0 commit comments