309 $this->DirectoryString = array(
320 $this->PKCS9String = array(
324 'directoryString' => $this->DirectoryString
332 $AttributeTypeAndValue = array(
335 'type' => $AttributeType,
336 'value'=> $this->AttributeValue
347 $this->RelativeDistinguishedName = array(
351 'children' => $AttributeTypeAndValue
355 $RDNSequence = array(
360 'children' => $this->RelativeDistinguishedName
366 'rdnSequence' => $RDNSequence
371 $AlgorithmIdentifier = array(
375 'parameters' => array(
402 $this->Extensions = array(
408 'children' => $Extension
411 $SubjectPublicKeyInfo = array(
414 'algorithm' => $AlgorithmIdentifier,
433 'notBefore' => $Time,
442 'mapping' => array(
'v1',
'v2',
'v3')
446 $TBSCertificate = array(
457 'serialNumber' => $CertificateSerialNumber,
458 'signature' => $AlgorithmIdentifier,
459 'issuer' => $this->Name,
460 'validity' => $Validity,
461 'subject' => $this->Name,
462 'subjectPublicKeyInfo' => $SubjectPublicKeyInfo,
464 'issuerUniqueID' => array(
468 ) + $UniqueIdentifier,
469 'subjectUniqueID' => array(
473 ) + $UniqueIdentifier,
476 'extensions' => array(
480 ) + $this->Extensions
484 $this->Certificate = array(
487 'tbsCertificate' => $TBSCertificate,
488 'signatureAlgorithm' => $AlgorithmIdentifier,
493 $this->KeyUsage = array(
508 $this->BasicConstraints = array(
516 'pathLenConstraint' => array(
525 $OrganizationalUnitNames = array(
532 $PersonalName = array(
541 'given-name' => array(
553 'generation-qualifier' => array(
566 $PrivateDomainName = array(
578 $AdministrationDomainName = array(
590 $CountryName = array(
602 $AnotherName = array(
615 $ExtensionAttribute = array(
618 'extension-attribute-type' => array(
624 'extension-attribute-value' => array(
633 $ExtensionAttributes = array(
637 'children' => $ExtensionAttribute
640 $BuiltInDomainDefinedAttribute = array(
648 $BuiltInDomainDefinedAttributes = array(
652 'children' => $BuiltInDomainDefinedAttribute
655 $BuiltInStandardAttributes = array(
658 'country-name' => array(
'optional' =>
true) + $CountryName,
659 'administration-domain-name' => array(
'optional' =>
true) + $AdministrationDomainName,
660 'network-address' => array(
665 'terminal-identifier' => array(
669 ) + $TerminalIdentifier,
670 'private-domain-name' => array(
674 ) + $PrivateDomainName,
675 'organization-name' => array(
679 ) + $OrganizationName,
680 'numeric-user-identifier' => array(
684 ) + $NumericUserIdentifier,
685 'personal-name' => array(
690 'organizational-unit-names' => array(
694 ) + $OrganizationalUnitNames
701 'built-in-standard-attributes' => $BuiltInStandardAttributes,
702 'built-in-domain-defined-attributes' => array(
'optional' =>
true) + $BuiltInDomainDefinedAttributes,
703 'extension-attributes' => array(
'optional' =>
true) + $ExtensionAttributes
707 $EDIPartyName = array(
710 'nameAssigner' => array(
714 ) + $this->DirectoryString,
717 'partyName' => array(
721 ) + $this->DirectoryString
725 $GeneralName = array(
728 'otherName' => array(
733 'rfc822Name' => array(
745 'x400Address' => array(
750 'directoryName' => array(
755 'ediPartyName' => array(
760 'uniformResourceIdentifier' => array(
766 'iPAddress' => array(
772 'registeredID' => array(
781 $GeneralNames = array(
785 'children' => $GeneralName
788 $this->IssuerAltName = $GeneralNames;
790 $ReasonFlags = array(
796 'affiliationChanged',
798 'cessationOfOperation',
800 'privilegeWithdrawn',
805 $DistributionPointName = array(
813 'nameRelativeToCRLIssuer' => array(
817 ) + $this->RelativeDistinguishedName
821 $DistributionPoint = array(
824 'distributionPoint' => array(
828 ) + $DistributionPointName,
834 'cRLIssuer' => array(
842 $this->CRLDistributionPoints = array(
846 'children' => $DistributionPoint
849 $this->AuthorityKeyIdentifier = array(
852 'keyIdentifier' => array(
856 ) + $this->KeyIdentifier,
857 'authorityCertIssuer' => array(
862 'authorityCertSerialNumber' => array(
866 ) + $CertificateSerialNumber
872 $PolicyQualifierInfo = array(
875 'policyQualifierId' => $PolicyQualifierId,
882 $PolicyInformation = array(
885 'policyIdentifier' => $CertPolicyId,
886 'policyQualifiers' => array(
891 'children' => $PolicyQualifierInfo
896 $this->CertificatePolicies = array(
900 'children' => $PolicyInformation
903 $this->PolicyMappings = array(
910 'issuerDomainPolicy' => $CertPolicyId,
911 'subjectDomainPolicy' => $CertPolicyId
918 $this->ExtKeyUsageSyntax = array(
922 'children' => $KeyPurposeId
925 $AccessDescription = array(
929 'accessLocation' => $GeneralName
933 $this->AuthorityInfoAccessSyntax = array(
937 'children' => $AccessDescription
940 $this->SubjectAltName = $GeneralNames;
942 $this->PrivateKeyUsagePeriod = array(
945 'notBefore' => array(
960 $GeneralSubtree = array(
963 'base' => $GeneralName,
978 $GeneralSubtrees = array(
982 'children' => $GeneralSubtree
985 $this->NameConstraints = array(
988 'permittedSubtrees' => array(
992 ) + $GeneralSubtrees,
993 'excludedSubtrees' => array(
1003 $DisplayText = array(
1005 'children' => array(
1013 $NoticeReference = array(
1015 'children' => array(
1016 'organization' => $DisplayText,
1017 'noticeNumbers' => array(
1026 $this->UserNotice = array(
1028 'children' => array(
1029 'noticeRef' => array(
1032 ) + $NoticeReference,
1033 'explicitText' => array(
1041 $this->netscape_cert_type = array(
1062 'children' => array(
1063 'type' => $AttributeType,
1068 'children' => $this->AttributeValue
1075 $Attributes = array(
1079 'children' => $Attribute
1082 $CertificationRequestInfo = array(
1084 'children' => array(
1087 'mapping' => array(
'v1')
1089 'subject' => $this->Name,
1090 'subjectPKInfo' => $SubjectPublicKeyInfo,
1091 'attributes' => array(
1099 $this->CertificationRequest = array(
1101 'children' => array(
1102 'certificationRequestInfo' => $CertificationRequestInfo,
1103 'signatureAlgorithm' => $AlgorithmIdentifier,
1108 $RevokedCertificate = array(
1110 'children' => array(
1111 'userCertificate' => $CertificateSerialNumber,
1112 'revocationDate' => $Time,
1113 'crlEntryExtensions' => array(
1115 ) + $this->Extensions
1119 $TBSCertList = array(
1121 'children' => array(
1126 'signature' => $AlgorithmIdentifier,
1127 'issuer' => $this->Name,
1128 'thisUpdate' => $Time,
1129 'nextUpdate' => array(
1132 'revokedCertificates' => array(
1137 'children' => $RevokedCertificate
1139 'crlExtensions' => array(
1143 ) + $this->Extensions
1147 $this->CertificateList = array(
1149 'children' => array(
1150 'tbsCertList' => $TBSCertList,
1151 'signatureAlgorithm' => $AlgorithmIdentifier,
1163 'affiliationChanged',
1165 'cessationOfOperation',
1168 8 =>
'removeFromCRL',
1169 'privilegeWithdrawn',
1175 'children' => array(
1176 'distributionPoint' => array(
1180 ) + $DistributionPointName,
1181 'onlyContainsUserCerts' => array(
1188 'onlyContainsCACerts' => array(
1195 'onlySomeReasons' => array(
1200 'indirectCRL' => array(
1207 'onlyContainsAttributeCerts' => array(
1219 $this->CertificateIssuer = $GeneralNames;
1223 $PublicKeyAndChallenge = array(
1225 'children' => array(
1226 'spki' => $SubjectPublicKeyInfo,
1231 $this->SignedPublicKeyAndChallenge = array(
1233 'children' => array(
1234 'publicKeyAndChallenge' => $PublicKeyAndChallenge,
1235 'signatureAlgorithm' => $AlgorithmIdentifier,
1241 $this->oids = array(
1242 '1.3.6.1.5.5.7' =>
'id-pkix',
1243 '1.3.6.1.5.5.7.1' =>
'id-pe',
1244 '1.3.6.1.5.5.7.2' =>
'id-qt',
1245 '1.3.6.1.5.5.7.3' =>
'id-kp',
1246 '1.3.6.1.5.5.7.48' =>
'id-ad',
1247 '1.3.6.1.5.5.7.2.1' =>
'id-qt-cps',
1248 '1.3.6.1.5.5.7.2.2' =>
'id-qt-unotice',
1249 '1.3.6.1.5.5.7.48.1' =>
'id-ad-ocsp',
1250 '1.3.6.1.5.5.7.48.2' =>
'id-ad-caIssuers',
1251 '1.3.6.1.5.5.7.48.3' =>
'id-ad-timeStamping',
1252 '1.3.6.1.5.5.7.48.5' =>
'id-ad-caRepository',
1254 '2.5.4.41' =>
'id-at-name',
1255 '2.5.4.4' =>
'id-at-surname',
1256 '2.5.4.42' =>
'id-at-givenName',
1257 '2.5.4.43' =>
'id-at-initials',
1258 '2.5.4.44' =>
'id-at-generationQualifier',
1259 '2.5.4.3' =>
'id-at-commonName',
1260 '2.5.4.7' =>
'id-at-localityName',
1261 '2.5.4.8' =>
'id-at-stateOrProvinceName',
1262 '2.5.4.10' =>
'id-at-organizationName',
1263 '2.5.4.11' =>
'id-at-organizationalUnitName',
1264 '2.5.4.12' =>
'id-at-title',
1265 '2.5.4.13' =>
'id-at-description',
1266 '2.5.4.46' =>
'id-at-dnQualifier',
1267 '2.5.4.6' =>
'id-at-countryName',
1268 '2.5.4.5' =>
'id-at-serialNumber',
1269 '2.5.4.65' =>
'id-at-pseudonym',
1270 '2.5.4.17' =>
'id-at-postalCode',
1271 '2.5.4.9' =>
'id-at-streetAddress',
1272 '2.5.4.45' =>
'id-at-uniqueIdentifier',
1273 '2.5.4.72' =>
'id-at-role',
1275 '0.9.2342.19200300.100.1.25' =>
'id-domainComponent',
1276 '1.2.840.113549.1.9' =>
'pkcs-9',
1277 '1.2.840.113549.1.9.1' =>
'pkcs-9-at-emailAddress',
1278 '2.5.29' =>
'id-ce',
1279 '2.5.29.35' =>
'id-ce-authorityKeyIdentifier',
1280 '2.5.29.14' =>
'id-ce-subjectKeyIdentifier',
1281 '2.5.29.15' =>
'id-ce-keyUsage',
1282 '2.5.29.16' =>
'id-ce-privateKeyUsagePeriod',
1283 '2.5.29.32' =>
'id-ce-certificatePolicies',
1284 '2.5.29.32.0' =>
'anyPolicy',
1286 '2.5.29.33' =>
'id-ce-policyMappings',
1287 '2.5.29.17' =>
'id-ce-subjectAltName',
1288 '2.5.29.18' =>
'id-ce-issuerAltName',
1289 '2.5.29.9' =>
'id-ce-subjectDirectoryAttributes',
1290 '2.5.29.19' =>
'id-ce-basicConstraints',
1291 '2.5.29.30' =>
'id-ce-nameConstraints',
1292 '2.5.29.36' =>
'id-ce-policyConstraints',
1293 '2.5.29.31' =>
'id-ce-cRLDistributionPoints',
1294 '2.5.29.37' =>
'id-ce-extKeyUsage',
1295 '2.5.29.37.0' =>
'anyExtendedKeyUsage',
1296 '1.3.6.1.5.5.7.3.1' =>
'id-kp-serverAuth',
1297 '1.3.6.1.5.5.7.3.2' =>
'id-kp-clientAuth',
1298 '1.3.6.1.5.5.7.3.3' =>
'id-kp-codeSigning',
1299 '1.3.6.1.5.5.7.3.4' =>
'id-kp-emailProtection',
1300 '1.3.6.1.5.5.7.3.8' =>
'id-kp-timeStamping',
1301 '1.3.6.1.5.5.7.3.9' =>
'id-kp-OCSPSigning',
1302 '2.5.29.54' =>
'id-ce-inhibitAnyPolicy',
1303 '2.5.29.46' =>
'id-ce-freshestCRL',
1304 '1.3.6.1.5.5.7.1.1' =>
'id-pe-authorityInfoAccess',
1305 '1.3.6.1.5.5.7.1.11' =>
'id-pe-subjectInfoAccess',
1306 '2.5.29.20' =>
'id-ce-cRLNumber',
1307 '2.5.29.28' =>
'id-ce-issuingDistributionPoint',
1308 '2.5.29.27' =>
'id-ce-deltaCRLIndicator',
1309 '2.5.29.21' =>
'id-ce-cRLReasons',
1310 '2.5.29.29' =>
'id-ce-certificateIssuer',
1311 '2.5.29.23' =>
'id-ce-holdInstructionCode',
1312 '1.2.840.10040.2' =>
'holdInstruction',
1313 '1.2.840.10040.2.1' =>
'id-holdinstruction-none',
1314 '1.2.840.10040.2.2' =>
'id-holdinstruction-callissuer',
1315 '1.2.840.10040.2.3' =>
'id-holdinstruction-reject',
1316 '2.5.29.24' =>
'id-ce-invalidityDate',
1318 '1.2.840.113549.2.2' =>
'md2',
1319 '1.2.840.113549.2.5' =>
'md5',
1320 '1.3.14.3.2.26' =>
'id-sha1',
1321 '1.2.840.10040.4.1' =>
'id-dsa',
1322 '1.2.840.10040.4.3' =>
'id-dsa-with-sha1',
1323 '1.2.840.113549.1.1' =>
'pkcs-1',
1324 '1.2.840.113549.1.1.1' =>
'rsaEncryption',
1325 '1.2.840.113549.1.1.2' =>
'md2WithRSAEncryption',
1326 '1.2.840.113549.1.1.4' =>
'md5WithRSAEncryption',
1327 '1.2.840.113549.1.1.5' =>
'sha1WithRSAEncryption',
1328 '1.2.840.10046.2.1' =>
'dhpublicnumber',
1329 '2.16.840.1.101.2.1.1.22' =>
'id-keyExchangeAlgorithm',
1330 '1.2.840.10045' =>
'ansi-X9-62',
1331 '1.2.840.10045.4' =>
'id-ecSigType',
1332 '1.2.840.10045.4.1' =>
'ecdsa-with-SHA1',
1333 '1.2.840.10045.1' =>
'id-fieldType',
1334 '1.2.840.10045.1.1' =>
'prime-field',
1335 '1.2.840.10045.1.2' =>
'characteristic-two-field',
1336 '1.2.840.10045.1.2.3' =>
'id-characteristic-two-basis',
1337 '1.2.840.10045.1.2.3.1' =>
'gnBasis',
1338 '1.2.840.10045.1.2.3.2' =>
'tpBasis',
1339 '1.2.840.10045.1.2.3.3' =>
'ppBasis',
1340 '1.2.840.10045.2' =>
'id-publicKeyType',
1341 '1.2.840.10045.2.1' =>
'id-ecPublicKey',
1342 '1.2.840.10045.3' =>
'ellipticCurve',
1343 '1.2.840.10045.3.0' =>
'c-TwoCurve',
1344 '1.2.840.10045.3.0.1' =>
'c2pnb163v1',
1345 '1.2.840.10045.3.0.2' =>
'c2pnb163v2',
1346 '1.2.840.10045.3.0.3' =>
'c2pnb163v3',
1347 '1.2.840.10045.3.0.4' =>
'c2pnb176w1',
1348 '1.2.840.10045.3.0.5' =>
'c2pnb191v1',
1349 '1.2.840.10045.3.0.6' =>
'c2pnb191v2',
1350 '1.2.840.10045.3.0.7' =>
'c2pnb191v3',
1351 '1.2.840.10045.3.0.8' =>
'c2pnb191v4',
1352 '1.2.840.10045.3.0.9' =>
'c2pnb191v5',
1353 '1.2.840.10045.3.0.10' =>
'c2pnb208w1',
1354 '1.2.840.10045.3.0.11' =>
'c2pnb239v1',
1355 '1.2.840.10045.3.0.12' =>
'c2pnb239v2',
1356 '1.2.840.10045.3.0.13' =>
'c2pnb239v3',
1357 '1.2.840.10045.3.0.14' =>
'c2pnb239v4',
1358 '1.2.840.10045.3.0.15' =>
'c2pnb239v5',
1359 '1.2.840.10045.3.0.16' =>
'c2pnb272w1',
1360 '1.2.840.10045.3.0.17' =>
'c2pnb304w1',
1361 '1.2.840.10045.3.0.18' =>
'c2pnb359v1',
1362 '1.2.840.10045.3.0.19' =>
'c2pnb368w1',
1363 '1.2.840.10045.3.0.20' =>
'c2pnb431r1',
1364 '1.2.840.10045.3.1' =>
'primeCurve',
1365 '1.2.840.10045.3.1.1' =>
'prime192v1',
1366 '1.2.840.10045.3.1.2' =>
'prime192v2',
1367 '1.2.840.10045.3.1.3' =>
'prime192v3',
1368 '1.2.840.10045.3.1.4' =>
'prime239v1',
1369 '1.2.840.10045.3.1.5' =>
'prime239v2',
1370 '1.2.840.10045.3.1.6' =>
'prime239v3',
1371 '1.2.840.10045.3.1.7' =>
'prime256v1',
1372 '1.2.840.113549.1.1.7' =>
'id-RSAES-OAEP',
1373 '1.2.840.113549.1.1.9' =>
'id-pSpecified',
1374 '1.2.840.113549.1.1.10' =>
'id-RSASSA-PSS',
1375 '1.2.840.113549.1.1.8' =>
'id-mgf1',
1376 '1.2.840.113549.1.1.14' =>
'sha224WithRSAEncryption',
1377 '1.2.840.113549.1.1.11' =>
'sha256WithRSAEncryption',
1378 '1.2.840.113549.1.1.12' =>
'sha384WithRSAEncryption',
1379 '1.2.840.113549.1.1.13' =>
'sha512WithRSAEncryption',
1380 '2.16.840.1.101.3.4.2.4' =>
'id-sha224',
1381 '2.16.840.1.101.3.4.2.1' =>
'id-sha256',
1382 '2.16.840.1.101.3.4.2.2' =>
'id-sha384',
1383 '2.16.840.1.101.3.4.2.3' =>
'id-sha512',
1384 '1.2.643.2.2.4' =>
'id-GostR3411-94-with-GostR3410-94',
1385 '1.2.643.2.2.3' =>
'id-GostR3411-94-with-GostR3410-2001',
1386 '1.2.643.2.2.20' =>
'id-GostR3410-2001',
1387 '1.2.643.2.2.19' =>
'id-GostR3410-94',
1389 '2.16.840.1.113730' =>
'netscape',
1390 '2.16.840.1.113730.1' =>
'netscape-cert-extension',
1391 '2.16.840.1.113730.1.1' =>
'netscape-cert-type',
1392 '2.16.840.1.113730.1.13' =>
'netscape-comment',
1393 '2.16.840.1.113730.1.8' =>
'netscape-ca-policy-url',
1395 '1.3.6.1.5.5.7.1.12' =>
'id-pe-logotype',
1396 '1.2.840.113533.7.65.0' =>
'entrustVersInfo',
1397 '2.16.840.1.113733.1.6.9' =>
'verisignPrivate',
1400 '1.2.840.113549.1.9.2' =>
'pkcs-9-at-unstructuredName',
1401 '1.2.840.113549.1.9.7' =>
'pkcs-9-at-challengePassword',
1402 '1.2.840.113549.1.9.14' =>
'pkcs-9-at-extensionRequest' 1416 function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT)
1418 if (is_array($cert) && isset($cert[
'tbsCertificate'])) {
1419 unset($this->currentCert);
1420 unset($this->currentKeyIdentifier);
1421 $this->dn = $cert[
'tbsCertificate'][
'subject'];
1422 if (!isset($this->dn)) {
1425 $this->currentCert = $cert;
1427 $currentKeyIdentifier = $this->
getExtension(
'id-ce-subjectKeyIdentifier');
1430 unset($this->signatureSubject);
1437 if ($mode != self::FORMAT_DER) {
1439 if ($mode == self::FORMAT_PEM && $cert == $newcert) {
1445 if ($cert ===
false) {
1446 $this->currentCert =
false;
1450 $asn1->loadOIDs($this->oids);
1451 $decoded = $asn1->decodeBER($cert);
1453 if (!empty($decoded)) {
1454 $x509 = $asn1->asn1map($decoded[0], $this->Certificate);
1456 if (!isset($x509) || $x509 ===
false) {
1457 $this->currentCert =
false;
1461 $this->signatureSubject = substr($cert, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
1465 $key = &$x509[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'];
1466 $key = $this->
_reformatKey($x509[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'algorithm'],
$key);
1468 $this->currentCert = $x509;
1469 $this->dn = $x509[
'tbsCertificate'][
'subject'];
1471 $currentKeyIdentifier = $this->
getExtension(
'id-ce-subjectKeyIdentifier');
1487 if (!is_array($cert) || !isset($cert[
'tbsCertificate'])) {
1493 case !($algorithm = $this->
_subArray($cert,
'tbsCertificate/subjectPublicKeyInfo/algorithm/algorithm')):
1494 case is_object($cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey']):
1497 switch ($algorithm) {
1498 case 'rsaEncryption':
1499 $cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey']
1500 = base64_encode(
"\0" . base64_decode(preg_replace(
'#-.+-|[\r\n]#',
'', $cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'])));
1507 $cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'parameters'] = null;
1509 $cert[
'signatureAlgorithm'][
'parameters'] = null;
1510 $cert[
'tbsCertificate'][
'signature'][
'parameters'] = null;
1515 $asn1->loadOIDs($this->oids);
1519 $filters[
'tbsCertificate'][
'signature'][
'parameters'] = $type_utf8_string;
1520 $filters[
'tbsCertificate'][
'signature'][
'issuer'][
'rdnSequence'][
'value'] = $type_utf8_string;
1521 $filters[
'tbsCertificate'][
'issuer'][
'rdnSequence'][
'value'] = $type_utf8_string;
1522 $filters[
'tbsCertificate'][
'subject'][
'rdnSequence'][
'value'] = $type_utf8_string;
1523 $filters[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'parameters'] = $type_utf8_string;
1524 $filters[
'signatureAlgorithm'][
'parameters'] = $type_utf8_string;
1525 $filters[
'authorityCertIssuer'][
'directoryName'][
'rdnSequence'][
'value'] = $type_utf8_string;
1527 $filters[
'distributionPoint'][
'fullName'][
'directoryName'][
'rdnSequence'][
'value'] = $type_utf8_string;
1528 $filters[
'directoryName'][
'rdnSequence'][
'value'] = $type_utf8_string;
1534 $filters[
'policyQualifiers'][
'qualifier']
1537 $asn1->loadFilters($filters);
1541 $cert = $asn1->encodeDER($cert, $this->Certificate);
1544 case self::FORMAT_DER:
1548 return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert), 64) .
'-----END CERTIFICATE-----';
1565 if (is_array($extensions)) {
1566 for (
$i = 0;
$i < count($extensions);
$i++) {
1567 $id = $extensions[
$i][
'extnId'];
1568 $value = &$extensions[
$i][
'extnValue'];
1569 $value = base64_decode($value);
1570 $decoded = $asn1->decodeBER($value);
1574 if (!is_bool(
$map)) {
1575 $mapped = $asn1->asn1map($decoded[0],
$map, array(
'iPAddress' => array($this,
'_decodeIP')));
1576 $value = $mapped ===
false ? $decoded[0] : $mapped;
1578 if (
$id ==
'id-ce-certificatePolicies') {
1579 for ($j = 0; $j < count($value); $j++) {
1580 if (!isset($value[$j][
'policyQualifiers'])) {
1583 for ($k = 0; $k < count($value[$j][
'policyQualifiers']); $k++) {
1584 $subid = $value[$j][
'policyQualifiers'][$k][
'policyQualifierId'];
1586 $subvalue = &$value[$j][
'policyQualifiers'][$k][
'qualifier'];
1587 if (
$map !==
false) {
1588 $decoded = $asn1->decodeBER($subvalue);
1589 $mapped = $asn1->asn1map($decoded[0],
$map);
1590 $subvalue = $mapped ===
false ? $decoded[0] : $mapped;
1596 $value = base64_encode($value);
1615 if (is_array($extensions)) {
1616 $size = count($extensions);
1618 if ($extensions[
$i] instanceof
Element) {
1622 $id = $extensions[
$i][
'extnId'];
1623 $value = &$extensions[
$i][
'extnValue'];
1626 case 'id-ce-certificatePolicies':
1627 for ($j = 0; $j < count($value); $j++) {
1628 if (!isset($value[$j][
'policyQualifiers'])) {
1631 for ($k = 0; $k < count($value[$j][
'policyQualifiers']); $k++) {
1632 $subid = $value[$j][
'policyQualifiers'][$k][
'policyQualifierId'];
1634 $subvalue = &$value[$j][
'policyQualifiers'][$k][
'qualifier'];
1635 if (
$map !==
false) {
1638 $subvalue =
new Element($asn1->encodeDER($subvalue,
$map));
1643 case 'id-ce-authorityKeyIdentifier':
1644 if (isset($value[
'authorityCertSerialNumber'])) {
1645 if ($value[
'authorityCertSerialNumber']->toBytes() ==
'') {
1647 $value[
'authorityCertSerialNumber'] =
new Element($temp);
1655 if (is_bool(
$map)) {
1657 user_error(
$id .
' is not a currently supported extension');
1658 unset($extensions[
$i]);
1661 $temp = $asn1->encodeDER($value,
$map, array(
'iPAddress' => array($this,
'_encodeIP')));
1662 $value = base64_encode($temp);
1689 for ($j = 0; $j < count(
$values); $j++) {
1690 $value = $asn1->encodeDER(
$values[$j], $this->AttributeValue);
1691 $decoded = $asn1->decodeBER($value);
1692 if (!is_bool(
$map)) {
1693 $mapped = $asn1->asn1map($decoded[0],
$map);
1694 if ($mapped !==
false) {
1697 if (
$id ==
'pkcs-9-at-extensionRequest') {
1701 $values[$j] = base64_encode($value);
1729 if (
$map ===
false) {
1730 user_error(
$id .
' is not a currently supported attribute', E_USER_NOTICE);
1734 for ($j = 0; $j < count(
$values); $j++) {
1736 case 'pkcs-9-at-extensionRequest':
1741 if (!is_bool(
$map)) {
1743 $decoded = $asn1->decodeBER($temp);
1744 $values[$j] = $asn1->asn1map($decoded[0], $this->AttributeValue);
1761 if (!is_string($extnId)) {
1766 case 'id-ce-keyUsage':
1768 case 'id-ce-basicConstraints':
1770 case 'id-ce-subjectKeyIdentifier':
1772 case 'id-ce-cRLDistributionPoints':
1774 case 'id-ce-authorityKeyIdentifier':
1776 case 'id-ce-certificatePolicies':
1778 case 'id-ce-extKeyUsage':
1780 case 'id-pe-authorityInfoAccess':
1782 case 'id-ce-subjectAltName':
1784 case 'id-ce-privateKeyUsagePeriod':
1786 case 'id-ce-issuerAltName':
1788 case 'id-ce-policyMappings':
1790 case 'id-ce-nameConstraints':
1793 case 'netscape-cert-type':
1795 case 'netscape-comment':
1797 case 'netscape-ca-policy-url':
1804 case 'id-qt-unotice':
1808 case 'id-pe-logotype':
1809 case 'entrustVersInfo':
1811 case '1.3.6.1.4.1.311.20.2':
1812 case '1.3.6.1.4.1.311.21.1':
1819 case 'pkcs-9-at-unstructuredName':
1821 case 'pkcs-9-at-challengePassword':
1823 case 'pkcs-9-at-extensionRequest':
1827 case 'id-ce-cRLNumber':
1829 case 'id-ce-deltaCRLIndicator':
1831 case 'id-ce-issuingDistributionPoint':
1833 case 'id-ce-freshestCRL':
1835 case 'id-ce-cRLReasons':
1837 case 'id-ce-invalidityDate':
1839 case 'id-ce-certificateIssuer':
1841 case 'id-ce-holdInstructionCode':
1865 $this->currentCert = $oldcert;
1866 $this->signatureSubject = $oldsigsubj;
1867 $this->currentKeyIdentifier = $oldkeyid;
1896 $this->CAs[] = $cert;
1899 $this->currentCert = $oldcert;
1900 $this->signatureSubject = $oldsigsubj;
1924 if (!is_array($this->currentCert) || !isset($this->currentCert[
'tbsCertificate'])) {
1928 $components = parse_url(
$url);
1929 if (!isset($components[
'host'])) {
1933 if ($names = $this->
getExtension(
'id-ce-subjectAltName')) {
1934 foreach ($names as
$key => $value) {
1935 $value = str_replace(array(
'.',
'*'), array(
'\.',
'[^.]*'), $value);
1945 if (preg_match(
'#^' . $value .
'$#', $components[
'host'])) {
1955 if (preg_match(
'#(?:\d{1-3}\.){4}#', $components[
'host'] .
'.') && preg_match(
'#^' . $value .
'$#', $components[
'host'])) {
1963 if ($value = $this->
getDNProp(
'id-at-commonName')) {
1964 $value = str_replace(array(
'.',
'*'), array(
'\.',
'[^.]*'), $value[0]);
1965 return preg_match(
'#^' . $value .
'$#', $components[
'host']);
1981 if (!is_array($this->currentCert) || !isset($this->currentCert[
'tbsCertificate'])) {
1985 if (!isset($date)) {
1989 $notBefore = $this->currentCert[
'tbsCertificate'][
'validity'][
'notBefore'];
1990 $notBefore = isset($notBefore[
'generalTime']) ? $notBefore[
'generalTime'] : $notBefore[
'utcTime'];
1992 $notAfter = $this->currentCert[
'tbsCertificate'][
'validity'][
'notAfter'];
1993 $notAfter = isset($notAfter[
'generalTime']) ? $notAfter[
'generalTime'] : $notAfter[
'utcTime'];
1996 case $date < @strtotime($notBefore):
1997 case $date > @strtotime($notAfter):
2021 if (!is_array($this->currentCert) || !isset($this->signatureSubject)) {
2032 case isset($this->currentCert[
'tbsCertificate']):
2034 if ($this->currentCert[
'tbsCertificate'][
'issuer'] === $this->currentCert[
'tbsCertificate'][
'subject']) {
2035 $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier');
2036 $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier');
2038 case !is_array($authorityKey):
2039 case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
2044 if (!empty($this->CAs)) {
2045 for (
$i = 0;
$i < count($this->CAs);
$i++) {
2048 $ca = $this->CAs[
$i];
2049 if ($this->currentCert[
'tbsCertificate'][
'issuer'] === $ca[
'tbsCertificate'][
'subject']) {
2050 $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier');
2051 $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier', $ca);
2053 case !is_array($authorityKey):
2054 case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
2060 if (count($this->CAs) ==
$i && $caonly) {
2063 } elseif (!isset($signingCert) || $caonly) {
2067 $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'algorithm'],
2068 $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'],
2069 $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
2070 substr(base64_decode($this->currentCert[
'signature']), 1),
2071 $this->signatureSubject
2073 case isset($this->currentCert[
'certificationRequestInfo']):
2075 $this->currentCert[
'certificationRequestInfo'][
'subjectPKInfo'][
'algorithm'][
'algorithm'],
2076 $this->currentCert[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'],
2077 $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
2078 substr(base64_decode($this->currentCert[
'signature']), 1),
2079 $this->signatureSubject
2081 case isset($this->currentCert[
'publicKeyAndChallenge']):
2083 $this->currentCert[
'publicKeyAndChallenge'][
'spki'][
'algorithm'][
'algorithm'],
2084 $this->currentCert[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey'],
2085 $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
2086 substr(base64_decode($this->currentCert[
'signature']), 1),
2087 $this->signatureSubject
2089 case isset($this->currentCert[
'tbsCertList']):
2090 if (!empty($this->CAs)) {
2091 for (
$i = 0;
$i < count($this->CAs);
$i++) {
2092 $ca = $this->CAs[
$i];
2093 if ($this->currentCert[
'tbsCertList'][
'issuer'] === $ca[
'tbsCertificate'][
'subject']) {
2094 $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier');
2095 $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier', $ca);
2097 case !is_array($authorityKey):
2098 case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
2105 if (!isset($signingCert)) {
2109 $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'algorithm'],
2110 $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'],
2111 $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
2112 substr(base64_decode($this->currentCert[
'signature']), 1),
2113 $this->signatureSubject
2133 function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
2135 switch ($publicKeyAlgorithm) {
2136 case 'rsaEncryption':
2138 $rsa->loadKey($publicKey);
2140 switch ($signatureAlgorithm) {
2141 case 'md2WithRSAEncryption':
2142 case 'md5WithRSAEncryption':
2143 case 'sha1WithRSAEncryption':
2144 case 'sha224WithRSAEncryption':
2145 case 'sha256WithRSAEncryption':
2146 case 'sha384WithRSAEncryption':
2147 case 'sha512WithRSAEncryption':
2148 $rsa->setHash(preg_replace(
'#WithRSAEncryption$#',
'', $signatureAlgorithm));
2150 if (!@$rsa->verify($signatureSubject, $signature)) {
2177 switch ($algorithm) {
2178 case 'rsaEncryption':
2180 "-----BEGIN RSA PUBLIC KEY-----\r\n" .
2184 chunk_split(base64_encode(substr(base64_decode(
$key), 1)), 64) .
2185 '-----END RSA PUBLIC KEY-----';
2202 $ip = base64_decode($ip);
2203 list(, $ip) = unpack(
'N', $ip);
2204 return long2ip($ip);
2218 return base64_encode(pack(
'N', ip2long($ip)));
2230 switch (strtolower($propName)) {
2231 case 'id-at-countryname':
2234 return 'id-at-countryName';
2235 case 'id-at-organizationname':
2236 case 'organizationname':
2238 return 'id-at-organizationName';
2239 case 'id-at-dnqualifier':
2241 return 'id-at-dnQualifier';
2242 case 'id-at-commonname':
2245 return 'id-at-commonName';
2246 case 'id-at-stateorprovincename':
2247 case 'stateorprovincename':
2250 case 'provincename':
2252 return 'id-at-stateOrProvinceName';
2253 case 'id-at-localityname':
2254 case 'localityname':
2256 return 'id-at-localityName';
2257 case 'id-emailaddress':
2258 case 'emailaddress':
2259 return 'pkcs-9-at-emailAddress';
2260 case 'id-at-serialnumber':
2261 case 'serialnumber':
2262 return 'id-at-serialNumber';
2263 case 'id-at-postalcode':
2265 return 'id-at-postalCode';
2266 case 'id-at-streetaddress':
2267 case 'streetaddress':
2268 return 'id-at-streetAddress';
2271 return 'id-at-name';
2272 case 'id-at-givenname':
2274 return 'id-at-givenName';
2275 case 'id-at-surname':
2278 return 'id-at-surname';
2279 case 'id-at-initials':
2281 return 'id-at-initials';
2282 case 'id-at-generationqualifier':
2283 case 'generationqualifier':
2284 return 'id-at-generationQualifier';
2285 case 'id-at-organizationalunitname':
2286 case 'organizationalunitname':
2288 return 'id-at-organizationalUnitName';
2289 case 'id-at-pseudonym':
2291 return 'id-at-pseudonym';
2294 return 'id-at-title';
2295 case 'id-at-description':
2297 return 'id-at-description';
2300 return 'id-at-role';
2301 case 'id-at-uniqueidentifier':
2302 case 'uniqueidentifier':
2303 case 'x500uniqueidentifier':
2304 return 'id-at-uniqueIdentifier';
2321 if (empty($this->dn)) {
2322 $this->dn = array(
'rdnSequence' => array());
2329 foreach ((array) $propValue as $v) {
2330 if (!is_array($v) && isset(
$type)) {
2331 $v = array(
$type => $v);
2333 $this->dn[
'rdnSequence'][] = array(
2335 'type' => $propName,
2352 if (empty($this->dn)) {
2360 $dn = &$this->dn[
'rdnSequence'];
2363 if ($dn[
$i][0][
'type'] == $propName) {
2368 $dn = array_values($dn);
2380 function getDNProp($propName, $dn = null, $withType =
false)
2394 $dn = $dn[
'rdnSequence'];
2397 for (
$i = 0;
$i < count($dn);
$i++) {
2398 if ($dn[
$i][0][
'type'] == $propName) {
2399 $v = $dn[
$i][0][
'value'];
2400 if (!$withType && is_array($v)) {
2402 $type = array_search(
$type, $asn1->ANYmap,
true);
2403 if (
$type !==
false && isset($asn1->stringTypeSize[
$type])) {
2437 if (is_array($dn)) {
2438 if (isset($dn[
'rdnSequence'])) {
2444 foreach ($dn as $prop => $value) {
2453 $results = preg_split(
'#((?:^|, *|/)(?:C=|O=|OU=|CN=|L=|ST=|SN=|postalCode=|streetAddress=|emailAddress=|serialNumber=|organizationalUnitName=|title=|description=|role=|x500UniqueIdentifier=))#', $dn, -1, PREG_SPLIT_DELIM_CAPTURE);
2476 $dn = isset($this->currentCert[
'tbsCertList']) ? $this->currentCert[
'tbsCertList'][
'issuer'] :
$this->dn;
2480 case self::DN_ARRAY:
2484 $asn1->loadOIDs($this->oids);
2487 $asn1->loadFilters($filters);
2488 return $asn1->encodeDER($dn, $this->Name);
2489 case self::DN_OPENSSL:
2490 $dn = $this->
getDN(self::DN_STRING, $dn);
2491 if ($dn ===
false) {
2494 $attrs = preg_split(
'#((?:^|, *|/)[a-z][a-z0-9]*=)#i', $dn, -1, PREG_SPLIT_DELIM_CAPTURE);
2496 for (
$i = 1;
$i < count($attrs);
$i += 2) {
2497 $prop = trim($attrs[
$i],
', =/');
2498 $value = $attrs[$i + 1];
2499 if (!isset($dn[$prop])) {
2500 $dn[$prop] = $value;
2502 $dn[$prop] = array_merge((array) $dn[$prop], array($value));
2506 case self::DN_CANON:
2510 $asn1->loadOIDs($this->oids);
2513 $asn1->loadFilters($filters);
2515 foreach ($dn[
'rdnSequence'] as $rdn) {
2516 foreach ($rdn as
$i => $attr) {
2518 if (is_array($attr[
'value'])) {
2519 foreach ($attr[
'value'] as
$type => $v) {
2520 $type = array_search(
$type, $asn1->ANYmap,
true);
2521 if (
$type !==
false && isset($asn1->stringTypeSize[
$type])) {
2522 $v = $asn1->convert($v,
$type);
2524 $v = preg_replace(
'/\s+/',
' ', $v);
2525 $attr[
'value'] = strtolower(trim($v));
2532 $result .= $asn1->encodeDER($rdn, $this->RelativeDistinguishedName);
2536 $dn = $this->
getDN(self::DN_CANON, $dn);
2537 $hash =
new Hash(
'sha1');
2538 $hash = $hash->hash($dn);
2539 extract(unpack(
'Vhash', $hash));
2540 return strtolower(bin2hex(pack(
'N', $hash)));
2547 foreach ($dn[
'rdnSequence'] as $field) {
2548 $prop = $field[0][
'type'];
2549 $value = $field[0][
'value'];
2553 case 'id-at-countryName':
2556 case 'id-at-stateOrProvinceName':
2559 case 'id-at-organizationName':
2562 case 'id-at-organizationalUnitName':
2565 case 'id-at-commonName':
2568 case 'id-at-localityName':
2571 case 'id-at-surname':
2574 case 'id-at-uniqueIdentifier':
2576 $desc =
'x500UniqueIdentifier=';
2580 $desc = preg_replace(
'#.+-([^-]+)$#',
'$1', $prop) .
'=';
2586 if (is_array($value)) {
2587 foreach ($value as
$type => $v) {
2588 $type = array_search(
$type, $asn1->ANYmap,
true);
2589 if (
$type !==
false && isset($asn1->stringTypeSize[
$type])) {
2590 $v = $asn1->convert($v,
$type);
2597 if (is_array($value)) {
2598 $value = array_pop($value);
2618 case !isset($this->currentCert) || !is_array($this->currentCert):
2620 case isset($this->currentCert[
'tbsCertificate']):
2621 return $this->
getDN(
$format, $this->currentCert[
'tbsCertificate'][
'issuer']);
2622 case isset($this->currentCert[
'tbsCertList']):
2623 return $this->
getDN(
$format, $this->currentCert[
'tbsCertList'][
'issuer']);
2640 case !empty($this->dn):
2642 case !isset($this->currentCert) || !is_array($this->currentCert):
2644 case isset($this->currentCert[
'tbsCertificate']):
2645 return $this->
getDN(
$format, $this->currentCert[
'tbsCertificate'][
'subject']);
2646 case isset($this->currentCert[
'certificationRequestInfo']):
2647 return $this->
getDN(
$format, $this->currentCert[
'certificationRequestInfo'][
'subject']);
2664 case !isset($this->currentCert) || !is_array($this->currentCert):
2666 case isset($this->currentCert[
'tbsCertificate']):
2667 return $this->
getDNProp($propName, $this->currentCert[
'tbsCertificate'][
'issuer'], $withType);
2668 case isset($this->currentCert[
'tbsCertList']):
2669 return $this->
getDNProp($propName, $this->currentCert[
'tbsCertList'][
'issuer'], $withType);
2686 case !empty($this->dn):
2687 return $this->
getDNProp($propName, null, $withType);
2688 case !isset($this->currentCert) || !is_array($this->currentCert):
2690 case isset($this->currentCert[
'tbsCertificate']):
2691 return $this->
getDNProp($propName, $this->currentCert[
'tbsCertificate'][
'subject'], $withType);
2692 case isset($this->currentCert[
'certificationRequestInfo']):
2693 return $this->
getDNProp($propName, $this->currentCert[
'certificationRequestInfo'][
'subject'], $withType);
2707 $chain = array($this->currentCert);
2709 if (!is_array($this->currentCert) || !isset($this->currentCert[
'tbsCertificate'])) {
2712 if (empty($this->CAs)) {
2716 $currentCert = $chain[count($chain) - 1];
2717 for (
$i = 0;
$i < count($this->CAs);
$i++) {
2718 $ca = $this->CAs[
$i];
2719 if ($currentCert[
'tbsCertificate'][
'issuer'] === $ca[
'tbsCertificate'][
'subject']) {
2720 $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier', $currentCert);
2721 $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier', $ca);
2723 case !is_array($authorityKey):
2724 case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
2725 if ($currentCert === $ca) {
2733 if (
$i == count($this->CAs)) {
2737 foreach ($chain as
$key => $value) {
2739 $chain[
$key]->loadX509($value);
2755 $key->setPublicKey();
2756 $this->publicKey =
$key;
2769 $this->privateKey =
$key;
2795 if (isset($this->publicKey)) {
2799 if (isset($this->currentCert) && is_array($this->currentCert)) {
2800 foreach (array(
'tbsCertificate/subjectPublicKeyInfo',
'certificationRequestInfo/subjectPKInfo') as
$path) {
2801 $keyinfo = $this->
_subArray($this->currentCert, $path);
2802 if (!empty($keyinfo)) {
2807 if (empty($keyinfo)) {
2811 $key = $keyinfo[
'subjectPublicKey'];
2813 switch ($keyinfo[
'algorithm'][
'algorithm']) {
2814 case 'rsaEncryption':
2815 $publicKey =
new RSA();
2816 $publicKey->loadKey(
$key);
2817 $publicKey->setPublicKey();
2833 function loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT)
2835 if (is_array($csr) && isset($csr[
'certificationRequestInfo'])) {
2836 unset($this->currentCert);
2837 unset($this->currentKeyIdentifier);
2838 unset($this->signatureSubject);
2839 $this->dn = $csr[
'certificationRequestInfo'][
'subject'];
2840 if (!isset($this->dn)) {
2844 $this->currentCert = $csr;
2852 if ($mode != self::FORMAT_DER) {
2854 if ($mode == self::FORMAT_PEM && $csr == $newcsr) {
2861 if ($csr ===
false) {
2862 $this->currentCert =
false;
2866 $asn1->loadOIDs($this->oids);
2867 $decoded = $asn1->decodeBER($csr);
2869 if (empty($decoded)) {
2870 $this->currentCert =
false;
2874 $csr = $asn1->asn1map($decoded[0], $this->CertificationRequest);
2875 if (!isset($csr) || $csr ===
false) {
2876 $this->currentCert =
false;
2880 $this->dn = $csr[
'certificationRequestInfo'][
'subject'];
2881 $this->
_mapInAttributes($csr,
'certificationRequestInfo/attributes', $asn1);
2883 $this->signatureSubject = substr($orig, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
2885 $algorithm = &$csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'algorithm'][
'algorithm'];
2886 $key = &$csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'];
2889 switch ($algorithm) {
2890 case 'rsaEncryption':
2891 $this->publicKey =
new RSA();
2892 $this->publicKey->loadKey(
$key);
2893 $this->publicKey->setPublicKey();
2896 $this->publicKey = null;
2899 $this->currentKeyIdentifier = null;
2900 $this->currentCert = $csr;
2915 if (!is_array($csr) || !isset($csr[
'certificationRequestInfo'])) {
2920 case !($algorithm = $this->
_subArray($csr,
'certificationRequestInfo/subjectPKInfo/algorithm/algorithm')):
2921 case is_object($csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey']):
2924 switch ($algorithm) {
2925 case 'rsaEncryption':
2926 $csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey']
2927 = base64_encode(
"\0" . base64_decode(preg_replace(
'#-.+-|[\r\n]#',
'', $csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'])));
2933 $asn1->loadOIDs($this->oids);
2936 $filters[
'certificationRequestInfo'][
'subject'][
'rdnSequence'][
'value']
2939 $asn1->loadFilters($filters);
2942 $csr = $asn1->encodeDER($csr, $this->CertificationRequest);
2945 case self::FORMAT_DER:
2949 return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr), 64) .
'-----END CERTIFICATE REQUEST-----';
2966 if (is_array($spkac) && isset($spkac[
'publicKeyAndChallenge'])) {
2967 unset($this->currentCert);
2968 unset($this->currentKeyIdentifier);
2969 unset($this->signatureSubject);
2970 $this->currentCert = $spkac;
2979 $temp = preg_replace(
'#(?:SPKAC=)|[ \r\n\\\]#',
'', $spkac);
2980 $temp = preg_match(
'#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) :
false;
2981 if ($temp !=
false) {
2986 if ($spkac ===
false) {
2987 $this->currentCert =
false;
2991 $asn1->loadOIDs($this->oids);
2992 $decoded = $asn1->decodeBER($spkac);
2994 if (empty($decoded)) {
2995 $this->currentCert =
false;
2999 $spkac = $asn1->asn1map($decoded[0], $this->SignedPublicKeyAndChallenge);
3001 if (!isset($spkac) || $spkac ===
false) {
3002 $this->currentCert =
false;
3006 $this->signatureSubject = substr($orig, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
3008 $algorithm = &$spkac[
'publicKeyAndChallenge'][
'spki'][
'algorithm'][
'algorithm'];
3009 $key = &$spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey'];
3012 switch ($algorithm) {
3013 case 'rsaEncryption':
3014 $this->publicKey =
new RSA();
3015 $this->publicKey->loadKey(
$key);
3016 $this->publicKey->setPublicKey();
3019 $this->publicKey = null;
3022 $this->currentKeyIdentifier = null;
3023 $this->currentCert = $spkac;
3038 if (!is_array($spkac) || !isset($spkac[
'publicKeyAndChallenge'])) {
3042 $algorithm = $this->
_subArray($spkac,
'publicKeyAndChallenge/spki/algorithm/algorithm');
3045 case is_object($spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey']):
3048 switch ($algorithm) {
3049 case 'rsaEncryption':
3050 $spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey']
3051 = base64_encode(
"\0" . base64_decode(preg_replace(
'#-.+-|[\r\n]#',
'', $spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey'])));
3057 $asn1->loadOIDs($this->oids);
3058 $spkac = $asn1->encodeDER($spkac, $this->SignedPublicKeyAndChallenge);
3061 case self::FORMAT_DER:
3067 return 'SPKAC=' . base64_encode($spkac);
3078 function loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT)
3080 if (is_array($crl) && isset($crl[
'tbsCertList'])) {
3081 $this->currentCert = $crl;
3082 unset($this->signatureSubject);
3088 if ($mode != self::FORMAT_DER) {
3090 if ($mode == self::FORMAT_PEM && $crl == $newcrl) {
3097 if ($crl ===
false) {
3098 $this->currentCert =
false;
3102 $asn1->loadOIDs($this->oids);
3103 $decoded = $asn1->decodeBER($crl);
3105 if (empty($decoded)) {
3106 $this->currentCert =
false;
3110 $crl = $asn1->asn1map($decoded[0], $this->CertificateList);
3111 if (!isset($crl) || $crl ===
false) {
3112 $this->currentCert =
false;
3116 $this->signatureSubject = substr($orig, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
3119 $rclist = &$this->
_subArray($crl,
'tbsCertList/revokedCertificates');
3120 if (is_array($rclist)) {
3121 foreach ($rclist as
$i => $extension) {
3126 $this->currentKeyIdentifier = null;
3127 $this->currentCert = $crl;
3142 if (!is_array($crl) || !isset($crl[
'tbsCertList'])) {
3148 $asn1->loadOIDs($this->oids);
3151 $filters[
'tbsCertList'][
'issuer'][
'rdnSequence'][
'value']
3153 $filters[
'tbsCertList'][
'signature'][
'parameters']
3155 $filters[
'signatureAlgorithm'][
'parameters']
3158 if (empty($crl[
'tbsCertList'][
'signature'][
'parameters'])) {
3159 $filters[
'tbsCertList'][
'signature'][
'parameters']
3163 if (empty($crl[
'signatureAlgorithm'][
'parameters'])) {
3164 $filters[
'signatureAlgorithm'][
'parameters']
3168 $asn1->loadFilters($filters);
3171 $rclist = &$this->
_subArray($crl,
'tbsCertList/revokedCertificates');
3172 if (is_array($rclist)) {
3173 foreach ($rclist as
$i => $extension) {
3178 $crl = $asn1->encodeDER($crl, $this->CertificateList);
3181 case self::FORMAT_DER:
3185 return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl), 64) .
'-----END X509 CRL-----';
3203 $year = @gmdate(
"Y", @strtotime($date));
3205 return array(
'utcTime' => $date);
3207 return array(
'generalTime' => $date);
3224 function sign(
$issuer, $subject, $signatureAlgorithm =
'sha1WithRSAEncryption')
3230 if (isset($subject->publicKey) && !($subjectPublicKey = $subject->_formatSubjectPublicKey())) {
3234 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
3235 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: null;
3237 if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert[
'tbsCertificate'])) {
3238 $this->currentCert = $subject->currentCert;
3239 $this->currentCert[
'tbsCertificate'][
'signature'][
'algorithm'] = $signatureAlgorithm;
3240 $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
3242 if (!empty($this->startDate)) {
3243 $this->currentCert[
'tbsCertificate'][
'validity'][
'notBefore'] = $this->
_timeField($this->startDate);
3245 if (!empty($this->endDate)) {
3246 $this->currentCert[
'tbsCertificate'][
'validity'][
'notAfter'] = $this->
_timeField($this->endDate);
3248 if (!empty($this->serialNumber)) {
3251 if (!empty($subject->dn)) {
3252 $this->currentCert[
'tbsCertificate'][
'subject'] = $subject->dn;
3254 if (!empty($subject->publicKey)) {
3255 $this->currentCert[
'tbsCertificate'][
'subjectPublicKeyInfo'] = $subjectPublicKey;
3258 if (isset($subject->domains)) {
3261 } elseif (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert[
'tbsCertList'])) {
3264 if (!isset($subject->publicKey)) {
3268 $startDate = !empty($this->startDate) ? $this->startDate : @date(
'D, d M Y H:i:s O');
3269 $endDate = !empty($this->endDate) ? $this->endDate : @date(
'D, d M Y H:i:s O', strtotime(
'+1 year'));
3277 $serialNumber = !empty($this->serialNumber) ?
3278 $this->serialNumber :
3281 $this->currentCert = array(
3285 'serialNumber' => $serialNumber,
3286 'signature' => array(
'algorithm' => $signatureAlgorithm),
3288 'validity' => array(
3289 'notBefore' => $this->
_timeField($startDate),
3292 'subject' => $subject->dn,
3293 'subjectPublicKeyInfo' => $subjectPublicKey
3295 'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
3296 'signature' =>
false 3300 $csrexts = $subject->getAttribute(
'pkcs-9-at-extensionRequest', 0);
3302 if (!empty($csrexts)) {
3303 $this->currentCert[
'tbsCertificate'][
'extensions'] = $csrexts;
3307 $this->currentCert[
'tbsCertificate'][
'issuer'] =
$issuer->dn;
3309 if (isset(
$issuer->currentKeyIdentifier)) {
3310 $this->
setExtension(
'id-ce-authorityKeyIdentifier', array(
3316 'keyIdentifier' =>
$issuer->currentKeyIdentifier
3325 if (isset($subject->currentKeyIdentifier)) {
3326 $this->
setExtension(
'id-ce-subjectKeyIdentifier', $subject->currentKeyIdentifier);
3331 if (isset($subject->domains) && count($subject->domains) > 1) {
3332 $altName = array_map(array(
'X509',
'_dnsName'), $subject->domains);
3335 if (isset($subject->ipAddresses) && count($subject->ipAddresses)) {
3338 $ipAddresses = array();
3339 foreach ($subject->ipAddresses as $ipAddress) {
3340 $encoded = $subject->_ipAddress($ipAddress);
3341 if ($encoded !==
false) {
3342 $ipAddresses[] = $encoded;
3345 if (count($ipAddresses)) {
3346 $altName = array_merge($altName, $ipAddresses);
3350 if (!empty($altName)) {
3354 if ($this->caFlag) {
3357 $keyUsage = array();
3362 array_values(array_unique(array_merge($keyUsage, array(
'cRLSign',
'keyCertSign'))))
3365 $basicConstraints = $this->
getExtension(
'id-ce-basicConstraints');
3366 if (!$basicConstraints) {
3367 $basicConstraints = array();
3371 'id-ce-basicConstraints',
3372 array_unique(array_merge(array(
'cA' =>
true), $basicConstraints)),
3376 if (!isset($subject->currentKeyIdentifier)) {
3383 $tbsCertificate = $this->currentCert[
'tbsCertificate'];
3387 $result[
'tbsCertificate'] = $tbsCertificate;
3401 function signCSR($signatureAlgorithm =
'sha1WithRSAEncryption')
3403 if (!is_object($this->privateKey) || empty($this->dn)) {
3408 $class = get_class($this->privateKey);
3409 $this->publicKey =
new $class();
3410 $this->publicKey->loadKey($this->privateKey->getPublicKey());
3411 $this->publicKey->setPublicKey();
3415 $this->publicKey = $origPublicKey;
3417 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
3418 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: null;
3420 if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert[
'certificationRequestInfo'])) {
3421 $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
3422 if (!empty($this->dn)) {
3423 $this->currentCert[
'certificationRequestInfo'][
'subject'] =
$this->dn;
3425 $this->currentCert[
'certificationRequestInfo'][
'subjectPKInfo'] =
$publicKey;
3427 $this->currentCert = array(
3428 'certificationRequestInfo' =>
3431 'subject' => $this->dn,
3432 'subjectPKInfo' => $publicKey
3434 'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
3435 'signature' =>
false 3441 $certificationRequestInfo = $this->currentCert[
'certificationRequestInfo'];
3444 $result = $this->
_sign($this->privateKey, $signatureAlgorithm);
3445 $result[
'certificationRequestInfo'] = $certificationRequestInfo;
3459 function signSPKAC($signatureAlgorithm =
'sha1WithRSAEncryption')
3461 if (!is_object($this->privateKey)) {
3466 $class = get_class($this->privateKey);
3467 $this->publicKey =
new $class();
3468 $this->publicKey->loadKey($this->privateKey->getPublicKey());
3469 $this->publicKey->setPublicKey();
3474 $this->publicKey = $origPublicKey;
3476 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
3477 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: null;
3480 if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert[
'publicKeyAndChallenge'])) {
3481 $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
3482 $this->currentCert[
'publicKeyAndChallenge'][
'spki'] =
$publicKey;
3483 if (!empty($this->challenge)) {
3485 $this->currentCert[
'publicKeyAndChallenge'][
'challenge'] = $this->challenge & str_repeat(
"\x7F", strlen($this->challenge));
3488 $this->currentCert = array(
3489 'publicKeyAndChallenge' =>
3491 'spki' => $publicKey,
3497 'challenge' => !empty($this->challenge) ? $this->challenge :
'' 3499 'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
3500 'signature' =>
false 3506 $publicKeyAndChallenge = $this->currentCert[
'publicKeyAndChallenge'];
3509 $result = $this->
_sign($this->privateKey, $signatureAlgorithm);
3510 $result[
'publicKeyAndChallenge'] = $publicKeyAndChallenge;
3535 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
3536 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
3537 $thisUpdate = !empty($this->startDate) ? $this->startDate : @date(
'D, d M Y H:i:s O');
3539 if (isset($crl->currentCert) && is_array($crl->currentCert) && isset($crl->currentCert[
'tbsCertList'])) {
3540 $this->currentCert = $crl->currentCert;
3541 $this->currentCert[
'tbsCertList'][
'signature'][
'algorithm'] = $signatureAlgorithm;
3542 $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
3544 $this->currentCert = array(
3548 'signature' => array(
'algorithm' => $signatureAlgorithm),
3550 'thisUpdate' => $this->
_timeField($thisUpdate)
3552 'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
3553 'signature' =>
false 3557 $tbsCertList = &$this->currentCert[
'tbsCertList'];
3558 $tbsCertList[
'issuer'] =
$issuer->dn;
3559 $tbsCertList[
'thisUpdate'] = $this->
_timeField($thisUpdate);
3561 if (!empty($this->endDate)) {
3562 $tbsCertList[
'nextUpdate'] = $this->
_timeField($this->endDate);
3564 unset($tbsCertList[
'nextUpdate']);
3567 if (!empty($this->serialNumber)) {
3576 $crlNumber = $crlNumber !==
false ? $crlNumber->add(
new BigInteger(1)) : null;
3583 $version = isset($tbsCertList[
'version']) ? $tbsCertList[
'version'] : 0;
3585 if (!empty($tbsCertList[
'crlExtensions'])) {
3587 } elseif (!empty($tbsCertList[
'revokedCertificates'])) {
3588 foreach ($tbsCertList[
'revokedCertificates'] as $cert) {
3589 if (!empty($cert[
'crlEntryExtensions'])) {
3596 $tbsCertList[
'version'] =
$version;
3601 if (!empty($tbsCertList[
'version'])) {
3602 if (!empty($crlNumber)) {
3606 if (isset(
$issuer->currentKeyIdentifier)) {
3607 $this->
setExtension(
'id-ce-authorityKeyIdentifier', array(
3613 'keyIdentifier' =>
$issuer->currentKeyIdentifier
3624 if ($issuerAltName !==
false) {
3625 $this->
setExtension(
'id-ce-issuerAltName', $issuerAltName);
3629 if (empty($tbsCertList[
'revokedCertificates'])) {
3630 unset($tbsCertList[
'revokedCertificates']);
3633 unset($tbsCertList);
3637 $tbsCertList = $this->currentCert[
'tbsCertList'];
3641 $result[
'tbsCertList'] = $tbsCertList;
3661 switch ($signatureAlgorithm) {
3662 case 'md2WithRSAEncryption':
3663 case 'md5WithRSAEncryption':
3664 case 'sha1WithRSAEncryption':
3665 case 'sha224WithRSAEncryption':
3666 case 'sha256WithRSAEncryption':
3667 case 'sha384WithRSAEncryption':
3668 case 'sha512WithRSAEncryption':
3669 $key->setHash(preg_replace(
'#WithRSAEncryption$#',
'', $signatureAlgorithm));
3672 $this->currentCert[
'signature'] = base64_encode(
"\0" .
$key->sign($this->signatureSubject));
3688 $this->startDate = @date(
'D, d M Y H:i:s O', @strtotime($date));
3706 if (strtolower($date) ==
'lifetime') {
3707 $temp =
'99991231235959Z';
3710 $this->endDate =
new Element($temp);
3712 $this->endDate = @date(
'D, d M Y H:i:s O', @strtotime($date));
3735 $this->caFlag =
true;
3751 if (!is_array(
$root)) {
3755 foreach (explode(
'/',
$path) as
$i) {
3756 if (!is_array(
$root)) {
3760 if (!isset(
$root[$i])) {
3785 if (!isset(
$root)) {
3791 case !is_array(
$root):
3793 case isset(
$root[
'tbsCertificate']):
3794 $path =
'tbsCertificate/extensions';
3796 case isset(
$root[
'tbsCertList']):
3797 $path =
'tbsCertList/crlExtensions';
3799 case isset(
$root[
'certificationRequestInfo']):
3800 $pth =
'certificationRequestInfo/attributes';
3805 if ($value[
'type'] ==
'pkcs-9-at-extensionRequest') {
3806 $path =
"$pth/$key/value/0";
3812 $attributes[] = array(
'type' =>
'pkcs-9-at-extensionRequest',
'value' => array());
3813 $path =
"$pth/$key/value/0";
3821 if (!is_array($extensions)) {
3841 if (!is_array($extensions)) {
3846 foreach ($extensions as
$key => $value) {
3847 if ($value[
'extnId'] ==
$id) {
3848 unset($extensions[
$key]);
3853 $extensions = array_values($extensions);
3872 if (!is_array($extensions)) {
3876 foreach ($extensions as
$key => $value) {
3877 if ($value[
'extnId'] ==
$id) {
3878 return $value[
'extnValue'];
3896 $extensions = array();
3898 if (is_array($exts)) {
3899 foreach ($exts as $extension) {
3900 $extensions[] = $extension[
'extnId'];
3922 if (!is_array($extensions)) {
3926 $newext = array(
'extnId' =>
$id,
'critical' => $critical,
'extnValue' => $value);
3928 foreach ($extensions as
$key => $value) {
3929 if ($value[
'extnId'] ==
$id) {
3934 $extensions[
$key] = $newext;
3939 $extensions[] = $newext;
4015 if ($attribute[
'type'] ==
$id) {
4016 $n = count($attribute[
'value']);
4018 case $disposition == self::ATTR_APPEND:
4019 case $disposition == self::ATTR_REPLACE:
4021 case $disposition >=
$n:
4024 case $disposition == self::ATTR_ALL:
4035 if (
$result && $disposition != self::ATTR_ALL) {
4069 if ($attribute[
'type'] ==
$id) {
4070 $n = count($attribute[
'value']);
4072 case $disposition == self::ATTR_APPEND:
4073 case $disposition == self::ATTR_REPLACE:
4075 case $disposition == self::ATTR_ALL:
4076 return $attribute[
'value'];
4077 case $disposition >=
$n:
4081 return $attribute[
'value'][$disposition];
4107 $attrs[] = $attribute[
'type'];
4125 $attributes = &$this->
_subArray($this->currentCert,
'certificationRequestInfo/attributes',
true);
4131 switch ($disposition) {
4132 case self::ATTR_REPLACE:
4133 $disposition = self::ATTR_APPEND;
4134 case self::ATTR_ALL:
4140 if ($attribute[
'type'] ==
$id) {
4141 $n = count($attribute[
'value']);
4143 case $disposition == self::ATTR_APPEND:
4146 case $disposition >=
$n:
4157 case $disposition >= 0:
4163 $attributes[] = array(
'type' =>
$id,
'value' => $disposition == self::ATTR_ALL ? $value: array($value));
4180 if (empty($value)) {
4181 unset($this->currentKeyIdentifier);
4183 $this->currentKeyIdentifier = base64_encode($value);
4207 if (is_null(
$key)) {
4212 case is_string(
$key):
4214 case is_array(
$key) && isset(
$key[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey']):
4216 case is_array(
$key) && isset(
$key[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey']):
4217 return $this->
computeKeyIdentifier(
$key[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'], $method);
4218 case !is_object(
$key):
4223 $decoded = $asn1->decodeBER(
$key->element);
4224 if (empty($decoded)) {
4231 $raw = base64_decode($raw);
4234 if (!
$key->loadKey($raw)) {
4237 if (
$key->getPrivateKey() !==
false) {
4243 if (isset(
$key->publicKey)) {
4246 if (isset(
$key->privateKey)) {
4249 if (isset(
$key->currentCert[
'tbsCertificate']) || isset(
$key->currentCert[
'certificationRequestInfo'])) {
4262 $hash =
new Hash(
'sha1');
4263 $hash = $hash->hash(
$key);
4266 $hash = substr($hash, -8);
4267 $hash[0] = chr((ord($hash[0]) & 0x0F) | 0x40);
4281 if ($this->publicKey instanceof
RSA) {
4286 'algorithm' => array(
'algorithm' =>
'rsaEncryption'),
4302 $this->domains = func_get_args();
4304 $this->
setDNProp(
'id-at-commonName', $this->domains[0]);
4315 $this->ipAddresses = func_get_args();
4333 return array(
'dNSName' =>
$domain);
4347 return array(
'iPAddress' => $address);
4363 foreach ($rclist as
$i => $rc) {
4364 if (!($serial->compare($rc[
'userCertificate']))) {
4373 $i = count($rclist);
4374 $rclist[] = array(
'userCertificate' => $serial,
4375 'revocationDate' => $this->
_timeField(@date(
'D, d M Y H:i:s O')));
4389 if (isset($this->currentCert[
'tbsCertList'])) {
4390 if (is_array($rclist = &$this->
_subArray($this->currentCert,
'tbsCertList/revokedCertificates',
true))) {
4393 if (!empty($date)) {
4394 $rclist[
$i][
'revocationDate'] = $this->
_timeField($date);
4415 if (is_array($rclist = &$this->
_subArray($this->currentCert,
'tbsCertList/revokedCertificates'))) {
4418 $rclist = array_values($rclist);
4435 if (is_array($rclist = $this->
_subArray($this->currentCert,
'tbsCertList/revokedCertificates'))) {
4457 if (!isset($crl[
'tbsCertList'])) {
4463 if (is_array($rclist = $this->
_subArray($crl,
'tbsCertList/revokedCertificates'))) {
4464 foreach ($rclist as $rc) {
4465 $result[] = $rc[
'userCertificate']->toString();
4482 if (is_array($rclist = &$this->
_subArray($this->currentCert,
'tbsCertList/revokedCertificates'))) {
4484 return $this->
_removeExtension(
$id,
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
4508 if (is_array($rclist = $this->
_subArray($crl,
'tbsCertList/revokedCertificates'))) {
4510 return $this->
_getExtension(
$id, $crl,
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
4531 if (is_array($rclist = $this->
_subArray($crl,
'tbsCertList/revokedCertificates'))) {
4533 return $this->
_getExtensions($crl,
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
4553 if (isset($this->currentCert[
'tbsCertList'])) {
4554 if (is_array($rclist = &$this->
_subArray($this->currentCert,
'tbsCertList/revokedCertificates',
true))) {
4556 return $this->
_setExtension(
$id, $value, $critical, $replace,
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
4582 $temp = preg_replace(
'#.*?^-+[^-]+-+[\r\n ]*$#ms',
'', $str, 1);
4584 $temp = preg_replace(
'#-+[^-]+-+#',
'', $temp);
4586 $temp = str_replace(array(
"\r",
"\n",
' '),
'', $temp);
4587 $temp = preg_match(
'#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) :
false;
4588 return $temp !=
false ? $temp : $str;
4612 if (!isset($reverseMap)) {
4613 $reverseMap = array_flip($this->oids);
const TYPE_VISIBLE_STRING
const VALIDATE_SIGNATURE_BY_CA
Flag to only accept signatures signed by certificate authorities.
_getExtensions($cert=null, $path=null)
Returns a list of all extensions in use.
_decodeIP($ip)
Decodes an IP address.
const DN_HASH
Return name hash for file indexing.
_extractBER($str)
Extract raw BER from Base64 encoding.
setAttribute($id, $value, $disposition=self::ATTR_ALL)
Set a CSR attribute.
loadSPKAC($spkac)
Load a SPKAC CSR.
setDNProp($propName, $propValue, $type='utf8String')
Set a Distinguished Name property.
$IssuingDistributionPoint
_reformatKey($algorithm, $key)
Reformat public keys.
const CLASS_CONTEXT_SPECIFIC
loadCA($cert)
Load an X.509 certificate as a certificate authority.
$RelativeDistinguishedName
setPrivateKey($key)
Set private key.
validateSignature($caonly=true)
Validate a signature.
const TYPE_NUMERIC_STRING
#-
setIPAddress()
Set the IP Addresses's which the cert is to be valid for.
_sign($key, $signatureAlgorithm)
X.509 certificate signing helper function.
_revokedCertificate(&$rclist, $serial, $create=false)
Get the index of a revoked certificate.
const TYPE_PRINTABLE_STRING
$AuthorityInfoAccessSyntax
getPublicKey()
Gets the public key.
setDomain()
Set the domain name's which the cert is to be valid for.
const FORMAT_DER
Save as DER.
if(!array_key_exists('StateId', $_REQUEST)) $id
getRevoked($serial)
Get a revoked certificate.
_setExtension($id, $value, $critical=false, $replace=true, $path=null)
Set an Extension.
_mapOutExtensions(&$root, $path, $asn1)
Map extension values from extension-specific internal format to octet string.
_mapOutAttributes(&$root, $path, $asn1)
Map attribute values from attribute-specific internal format to ANY type.
getExtension($id, $cert=null)
Get a certificate, CSR or CRL Extension.
getAttribute($id, $disposition=self::ATTR_ALL, $csr=null)
Get a CSR attribute.
_formatSubjectPublicKey()
Format a public key as appropriate.
getRevokedCertificateExtensions($serial, $crl=null)
Returns a list of all extensions in use for a given revoked certificate.
_removeExtension($id, $path=null)
Remove an Extension.
_dnsName($domain)
Helper function to build domain array.
validateURL($url)
Validate an X.509 certificate against a URL.
getDNProp($propName, $dn=null, $withType=false)
Get Distinguished Name properties.
setDN($dn, $merge=false, $type='utf8String')
Set a Distinguished Name.
getSubjectDNProp($propName, $withType=false)
Get an individual Distinguished Name property for a certificate/csr subject.
_mapInExtensions(&$root, $path, $asn1)
Map extension values from octet string to extension-specific internal format.
loadX509($cert, $mode=self::FORMAT_AUTO_DETECT)
Load X.509 certificate.
const FORMAT_AUTO_DETECT
Auto-detect the format.
getAttributes($csr=null)
Returns a list of all CSR attributes in use.
getOID($name)
Returns the OID corresponding to a name.
const TYPE_UNIVERSAL_STRING
makeCA()
Turns the certificate into a certificate authority.
getIssuerDN($format=self::DN_ARRAY)
Get the Distinguished Name for a certificate/crl issuer.
computeKeyIdentifier($key=null, $method=1)
Compute a public key identifier.
unrevoke($serial)
Unrevoke a certificate.
setSerialNumber($serial, $base=-256)
Set Serial Number.
const FORMAT_SPKAC
Save as a SPKAC.
setKeyIdentifier($value)
Sets the subject key identifier.
saveSPKAC($spkac, $format=self::FORMAT_PEM)
Save a SPKAC CSR request.
Pure-PHP PKCS#1 compliant implementation of RSA.
const TYPE_OBJECT_IDENTIFIER
const TYPE_GENERALIZED_TIME
setEndDate($date)
Set certificate end date.
sign($issuer, $subject, $signatureAlgorithm='sha1WithRSAEncryption')
Sign an X.509 certificate.
const DN_STRING
Return string.
validateDate($date=null)
Validate a date.
removeExtension($id)
Remove a certificate, CSR or CRL Extension.
removeRevokedCertificateExtension($serial, $id)
Remove a Revoked Certificate Extension.
Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic...
getRevokedCertificateExtension($serial, $id, $crl=null)
Get a Revoked Certificate Extension.
if(array_key_exists('yes', $_REQUEST)) $attributes
getSubjectDN($format=self::DN_ARRAY)
Get the Distinguished Name for a certificate/csr subject Alias of getDN()
catch(Exception $e) if(!($request instanceof \SAML2\ArtifactResolve)) $issuer
__construct()
Default Constructor.
getChain()
Get the certificate chain for the current cert.
& _extensions(&$root, $path=null, $create=false)
Get a reference to an extension subarray.
_getExtension($id, $cert=null, $path=null)
Get an Extension.
removeDNProp($propName)
Remove Distinguished Name properties.
setStartDate($date)
Set certificate start date.
const SIGNATURE_PKCS1
Use the PKCS#1 scheme by default.
_validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
Validates a signature.
getIssuerDNProp($propName, $withType=false)
Get an individual Distinguished Name property for a certificate/crl issuer.
$DirectoryString
#+ ASN.1 syntax for various extensions
const TYPE_TELETEX_STRING
signCSR($signatureAlgorithm='sha1WithRSAEncryption')
Sign a CSR.
signSPKAC($signatureAlgorithm='sha1WithRSAEncryption')
Sign a SPKAC.
setChallenge($challenge)
Set challenge.
listRevoked($crl=null)
List revoked certificates.
saveCRL($crl, $format=self::FORMAT_PEM)
Save Certificate Revocation List.
Pure-PHP arbitrary precision integer arithmetic library.
_timeField($date)
Helper function to build a time field according to RFC 3280 section.
saveX509($cert, $format=self::FORMAT_PEM)
Save X.509 certificate.
getDN($format=self::DN_ARRAY, $dn=null)
Get the Distinguished Name for a certificates subject.
_mapInAttributes(&$root, $path, $asn1)
Map attribute values from ANY type to attribute-specific internal format.
setExtension($id, $value, $critical=false, $replace=true)
Set a certificate, CSR or CRL Extension.
_iPAddress($address)
Helper function to build IP Address array.
static string($length)
Generate a random string.
const PUBLIC_FORMAT_PKCS1
PKCS#1 formatted public key (raw)
removeAttribute($id, $disposition=self::ATTR_ALL)
Remove a CSR attribute.
getExtensions($cert=null)
Returns a list of all extensions in use in certificate, CSR or CRL.
$SignedPublicKeyAndChallenge
if(!array_key_exists('domain', $_REQUEST)) $domain
signCRL($issuer, $crl, $signatureAlgorithm='sha1WithRSAEncryption')
Sign a CRL.
_translateDNProp($propName)
"Normalizes" a Distinguished Name property
const DN_OPENSSL
Return OpenSSL compatible array.
loadCRL($crl, $mode=self::FORMAT_AUTO_DETECT)
Load a Certificate Revocation List.
_encodeIP($ip)
Encodes an IP address.
revoke($serial, $date=null)
Revoke a certificate.
const DN_CANON
Return canonical ASN.1 RDNs string.
saveCSR($csr, $format=self::FORMAT_PEM)
Save CSR request.
_getMapping($extnId)
Associate an extension ID to an extension mapping.
setPublicKey($key)
Set public key.
& _subArray(&$root, $path, $create=false)
Get a reference to a subarray.
loadCSR($csr, $mode=self::FORMAT_AUTO_DETECT)
Load a Certificate Signing Request.
setRevokedCertificateExtension($serial, $id, $value, $critical=false, $replace=true)
Set a Revoked Certificate Extension.
const DN_ASN1
Return ASN.1 name string.
1.8.13 (using Doxyfile)