309        $this->DirectoryString = array(
 
  320        $this->PKCS9String = array(
 
  324                'directoryString' => $this->DirectoryString
 
  332        $AttributeTypeAndValue = array(
 
  335                'type' => $AttributeType,
 
  336                'value'=> $this->AttributeValue
 
  347        $this->RelativeDistinguishedName = array(
 
  351            'children' => $AttributeTypeAndValue
 
  355        $RDNSequence = array(
 
  360            'children' => $this->RelativeDistinguishedName
 
  366                'rdnSequence' => $RDNSequence
 
  371        $AlgorithmIdentifier = array(
 
  375                'parameters' => array(
 
  402        $this->Extensions = array(
 
  408            'children' => $Extension
 
  411        $SubjectPublicKeyInfo = array(
 
  414                'algorithm'        => $AlgorithmIdentifier,
 
  433                'notBefore' => $Time,
 
  442            'mapping' => array(
'v1', 
'v2', 
'v3')
 
  446        $TBSCertificate = array(
 
  457                'serialNumber'         => $CertificateSerialNumber,
 
  458                'signature'            => $AlgorithmIdentifier,
 
  459                'issuer'               => $this->Name,
 
  460                'validity'             => $Validity,
 
  461                'subject'              => $this->Name,
 
  462                'subjectPublicKeyInfo' => $SubjectPublicKeyInfo,
 
  464                'issuerUniqueID'       => array(
 
  468                                           ) + $UniqueIdentifier,
 
  469                'subjectUniqueID'       => array(
 
  473                                           ) + $UniqueIdentifier,
 
  476                'extensions'            => array(
 
  480                                           ) + $this->Extensions
 
  484        $this->Certificate = array(
 
  487                 'tbsCertificate'     => $TBSCertificate,
 
  488                 'signatureAlgorithm' => $AlgorithmIdentifier,
 
  493        $this->KeyUsage = array(
 
  508        $this->BasicConstraints = array(
 
  516                'pathLenConstraint' => array(
 
  525        $OrganizationalUnitNames = array(
 
  532        $PersonalName = array(
 
  541                'given-name'           => array(
 
  553                'generation-qualifier' => array(
 
  566        $PrivateDomainName = array(
 
  578        $AdministrationDomainName = array(
 
  590        $CountryName = array(
 
  602        $AnotherName = array(
 
  615        $ExtensionAttribute = array(
 
  618                 'extension-attribute-type'  => array(
 
  624                 'extension-attribute-value' => array(
 
  633        $ExtensionAttributes = array(
 
  637            'children' => $ExtensionAttribute
 
  640        $BuiltInDomainDefinedAttribute = array(
 
  648        $BuiltInDomainDefinedAttributes = array(
 
  652            'children' => $BuiltInDomainDefinedAttribute
 
  655        $BuiltInStandardAttributes =  array(
 
  658                'country-name'               => array(
'optional' => 
true) + $CountryName,
 
  659                'administration-domain-name' => array(
'optional' => 
true) + $AdministrationDomainName,
 
  660                'network-address'            => array(
 
  665                'terminal-identifier'        => array(
 
  669                                               ) + $TerminalIdentifier,
 
  670                'private-domain-name'        => array(
 
  674                                               ) + $PrivateDomainName,
 
  675                'organization-name'          => array(
 
  679                                               ) + $OrganizationName,
 
  680                'numeric-user-identifier'    => array(
 
  684                                               ) + $NumericUserIdentifier,
 
  685                'personal-name'              => array(
 
  690                'organizational-unit-names'  => array(
 
  694                                               ) + $OrganizationalUnitNames
 
  701                 'built-in-standard-attributes'       => $BuiltInStandardAttributes,
 
  702                 'built-in-domain-defined-attributes' => array(
'optional' => 
true) + $BuiltInDomainDefinedAttributes,
 
  703                 'extension-attributes'               => array(
'optional' => 
true) + $ExtensionAttributes
 
  707        $EDIPartyName = array(
 
  710                 'nameAssigner' => array(
 
  714                                ) + $this->DirectoryString,
 
  717                 'partyName'    => array(
 
  721                                ) + $this->DirectoryString
 
  725        $GeneralName = array(
 
  728                'otherName'                 => array(
 
  733                'rfc822Name'                => array(
 
  745                'x400Address'               => array(
 
  750                'directoryName'             => array(
 
  755                'ediPartyName'              => array(
 
  760                'uniformResourceIdentifier' => array(
 
  766                'iPAddress'                 => array(
 
  772                'registeredID'              => array(
 
  781        $GeneralNames = array(
 
  785            'children' => $GeneralName
 
  788        $this->IssuerAltName = $GeneralNames;
 
  790        $ReasonFlags = array(
 
  796                'affiliationChanged',
 
  798                'cessationOfOperation',
 
  800                'privilegeWithdrawn',
 
  805        $DistributionPointName = array(
 
  813                'nameRelativeToCRLIssuer' => array(
 
  817                                       ) + $this->RelativeDistinguishedName
 
  821        $DistributionPoint = array(
 
  824                'distributionPoint' => array(
 
  828                                       ) + $DistributionPointName,
 
  834                'cRLIssuer'         => array(
 
  842        $this->CRLDistributionPoints = array(
 
  846            'children' => $DistributionPoint
 
  849        $this->AuthorityKeyIdentifier = array(
 
  852                'keyIdentifier'             => array(
 
  856                                               ) + $this->KeyIdentifier,
 
  857                'authorityCertIssuer'       => array(
 
  862                'authorityCertSerialNumber' => array(
 
  866                                               ) + $CertificateSerialNumber
 
  872        $PolicyQualifierInfo = array(
 
  875                'policyQualifierId' => $PolicyQualifierId,
 
  882        $PolicyInformation = array(
 
  885                'policyIdentifier' => $CertPolicyId,
 
  886                'policyQualifiers' => array(
 
  891                                          'children' => $PolicyQualifierInfo
 
  896        $this->CertificatePolicies = array(
 
  900            'children' => $PolicyInformation
 
  903        $this->PolicyMappings = array(
 
  910                                  'issuerDomainPolicy' => $CertPolicyId,
 
  911                                  'subjectDomainPolicy' => $CertPolicyId
 
  918        $this->ExtKeyUsageSyntax = array(
 
  922            'children' => $KeyPurposeId
 
  925        $AccessDescription = array(
 
  929                'accessLocation' => $GeneralName
 
  933        $this->AuthorityInfoAccessSyntax = array(
 
  937            'children' => $AccessDescription
 
  940        $this->SubjectAltName = $GeneralNames;
 
  942        $this->PrivateKeyUsagePeriod = array(
 
  945                'notBefore' => array(
 
  960        $GeneralSubtree = array(
 
  963                'base'    => $GeneralName,
 
  978        $GeneralSubtrees = array(
 
  982            'children' => $GeneralSubtree
 
  985        $this->NameConstraints = array(
 
  988                'permittedSubtrees' => array(
 
  992                                       ) + $GeneralSubtrees,
 
  993                'excludedSubtrees'  => array(
 
 1003        $DisplayText = array(
 
 1005            'children' => array(
 
 1013        $NoticeReference = array(
 
 1015            'children' => array(
 
 1016                'organization'  => $DisplayText,
 
 1017                'noticeNumbers' => array(
 
 1026        $this->UserNotice = array(
 
 1028            'children' => array(
 
 1029                'noticeRef' => array(
 
 1032                                       ) + $NoticeReference,
 
 1033                'explicitText'  => array(
 
 1041        $this->netscape_cert_type = array(
 
 1062            'children' => array(
 
 1063                'type' => $AttributeType,
 
 1068                              'children' => $this->AttributeValue
 
 1075        $Attributes = array(
 
 1079            'children' => $Attribute
 
 1082        $CertificationRequestInfo = array(
 
 1084            'children' => array(
 
 1087                                       'mapping' => array(
'v1')
 
 1089                'subject'       => $this->Name,
 
 1090                'subjectPKInfo' => $SubjectPublicKeyInfo,
 
 1091                'attributes'    => array(
 
 1099        $this->CertificationRequest = array(
 
 1101            'children' => array(
 
 1102                'certificationRequestInfo' => $CertificationRequestInfo,
 
 1103                'signatureAlgorithm'       => $AlgorithmIdentifier,
 
 1108        $RevokedCertificate = array(
 
 1110            'children' => array(
 
 1111                              'userCertificate'    => $CertificateSerialNumber,
 
 1112                              'revocationDate'     => $Time,
 
 1113                              'crlEntryExtensions' => array(
 
 1115                                                      ) + $this->Extensions
 
 1119        $TBSCertList = array(
 
 1121            'children' => array(
 
 1126                'signature'           => $AlgorithmIdentifier,
 
 1127                'issuer'              => $this->Name,
 
 1128                'thisUpdate'          => $Time,
 
 1129                'nextUpdate'          => array(
 
 1132                'revokedCertificates' => array(
 
 1137                                             'children' => $RevokedCertificate
 
 1139                'crlExtensions'       => array(
 
 1143                                         ) + $this->Extensions
 
 1147        $this->CertificateList = array(
 
 1149            'children' => array(
 
 1150                'tbsCertList'        => $TBSCertList,
 
 1151                'signatureAlgorithm' => $AlgorithmIdentifier,
 
 1163                            'affiliationChanged',
 
 1165                            'cessationOfOperation',
 
 1168                            8 => 
'removeFromCRL',
 
 1169                            'privilegeWithdrawn',
 
 1175            'children' => array(
 
 1176                'distributionPoint'          => array(
 
 1180                                                ) + $DistributionPointName,
 
 1181                'onlyContainsUserCerts'      => array(
 
 1188                'onlyContainsCACerts'        => array(
 
 1195                'onlySomeReasons'           => array(
 
 1200                'indirectCRL'               => array(
 
 1207                'onlyContainsAttributeCerts' => array(
 
 1219        $this->CertificateIssuer = $GeneralNames;
 
 1223        $PublicKeyAndChallenge = array(
 
 1225            'children' => array(
 
 1226                'spki'      => $SubjectPublicKeyInfo,
 
 1231        $this->SignedPublicKeyAndChallenge = array(
 
 1233            'children' => array(
 
 1234                'publicKeyAndChallenge' => $PublicKeyAndChallenge,
 
 1235                'signatureAlgorithm'    => $AlgorithmIdentifier,
 
 1241        $this->oids = array(
 
 1242            '1.3.6.1.5.5.7' => 
'id-pkix',
 
 1243            '1.3.6.1.5.5.7.1' => 
'id-pe',
 
 1244            '1.3.6.1.5.5.7.2' => 
'id-qt',
 
 1245            '1.3.6.1.5.5.7.3' => 
'id-kp',
 
 1246            '1.3.6.1.5.5.7.48' => 
'id-ad',
 
 1247            '1.3.6.1.5.5.7.2.1' => 
'id-qt-cps',
 
 1248            '1.3.6.1.5.5.7.2.2' => 
'id-qt-unotice',
 
 1249            '1.3.6.1.5.5.7.48.1' =>
'id-ad-ocsp',
 
 1250            '1.3.6.1.5.5.7.48.2' => 
'id-ad-caIssuers',
 
 1251            '1.3.6.1.5.5.7.48.3' => 
'id-ad-timeStamping',
 
 1252            '1.3.6.1.5.5.7.48.5' => 
'id-ad-caRepository',
 
 1254            '2.5.4.41' => 
'id-at-name',
 
 1255            '2.5.4.4' => 
'id-at-surname',
 
 1256            '2.5.4.42' => 
'id-at-givenName',
 
 1257            '2.5.4.43' => 
'id-at-initials',
 
 1258            '2.5.4.44' => 
'id-at-generationQualifier',
 
 1259            '2.5.4.3' => 
'id-at-commonName',
 
 1260            '2.5.4.7' => 
'id-at-localityName',
 
 1261            '2.5.4.8' => 
'id-at-stateOrProvinceName',
 
 1262            '2.5.4.10' => 
'id-at-organizationName',
 
 1263            '2.5.4.11' => 
'id-at-organizationalUnitName',
 
 1264            '2.5.4.12' => 
'id-at-title',
 
 1265            '2.5.4.13' => 
'id-at-description',
 
 1266            '2.5.4.46' => 
'id-at-dnQualifier',
 
 1267            '2.5.4.6' => 
'id-at-countryName',
 
 1268            '2.5.4.5' => 
'id-at-serialNumber',
 
 1269            '2.5.4.65' => 
'id-at-pseudonym',
 
 1270            '2.5.4.17' => 
'id-at-postalCode',
 
 1271            '2.5.4.9' => 
'id-at-streetAddress',
 
 1272            '2.5.4.45' => 
'id-at-uniqueIdentifier',
 
 1273            '2.5.4.72' => 
'id-at-role',
 
 1275            '0.9.2342.19200300.100.1.25' => 
'id-domainComponent',
 
 1276            '1.2.840.113549.1.9' => 
'pkcs-9',
 
 1277            '1.2.840.113549.1.9.1' => 
'pkcs-9-at-emailAddress',
 
 1278            '2.5.29' => 
'id-ce',
 
 1279            '2.5.29.35' => 
'id-ce-authorityKeyIdentifier',
 
 1280            '2.5.29.14' => 
'id-ce-subjectKeyIdentifier',
 
 1281            '2.5.29.15' => 
'id-ce-keyUsage',
 
 1282            '2.5.29.16' => 
'id-ce-privateKeyUsagePeriod',
 
 1283            '2.5.29.32' => 
'id-ce-certificatePolicies',
 
 1284            '2.5.29.32.0' => 
'anyPolicy',
 
 1286            '2.5.29.33' => 
'id-ce-policyMappings',
 
 1287            '2.5.29.17' => 
'id-ce-subjectAltName',
 
 1288            '2.5.29.18' => 
'id-ce-issuerAltName',
 
 1289            '2.5.29.9' => 
'id-ce-subjectDirectoryAttributes',
 
 1290            '2.5.29.19' => 
'id-ce-basicConstraints',
 
 1291            '2.5.29.30' => 
'id-ce-nameConstraints',
 
 1292            '2.5.29.36' => 
'id-ce-policyConstraints',
 
 1293            '2.5.29.31' => 
'id-ce-cRLDistributionPoints',
 
 1294            '2.5.29.37' => 
'id-ce-extKeyUsage',
 
 1295            '2.5.29.37.0' => 
'anyExtendedKeyUsage',
 
 1296            '1.3.6.1.5.5.7.3.1' => 
'id-kp-serverAuth',
 
 1297            '1.3.6.1.5.5.7.3.2' => 
'id-kp-clientAuth',
 
 1298            '1.3.6.1.5.5.7.3.3' => 
'id-kp-codeSigning',
 
 1299            '1.3.6.1.5.5.7.3.4' => 
'id-kp-emailProtection',
 
 1300            '1.3.6.1.5.5.7.3.8' => 
'id-kp-timeStamping',
 
 1301            '1.3.6.1.5.5.7.3.9' => 
'id-kp-OCSPSigning',
 
 1302            '2.5.29.54' => 
'id-ce-inhibitAnyPolicy',
 
 1303            '2.5.29.46' => 
'id-ce-freshestCRL',
 
 1304            '1.3.6.1.5.5.7.1.1' => 
'id-pe-authorityInfoAccess',
 
 1305            '1.3.6.1.5.5.7.1.11' => 
'id-pe-subjectInfoAccess',
 
 1306            '2.5.29.20' => 
'id-ce-cRLNumber',
 
 1307            '2.5.29.28' => 
'id-ce-issuingDistributionPoint',
 
 1308            '2.5.29.27' => 
'id-ce-deltaCRLIndicator',
 
 1309            '2.5.29.21' => 
'id-ce-cRLReasons',
 
 1310            '2.5.29.29' => 
'id-ce-certificateIssuer',
 
 1311            '2.5.29.23' => 
'id-ce-holdInstructionCode',
 
 1312            '1.2.840.10040.2' => 
'holdInstruction',
 
 1313            '1.2.840.10040.2.1' => 
'id-holdinstruction-none',
 
 1314            '1.2.840.10040.2.2' => 
'id-holdinstruction-callissuer',
 
 1315            '1.2.840.10040.2.3' => 
'id-holdinstruction-reject',
 
 1316            '2.5.29.24' => 
'id-ce-invalidityDate',
 
 1318            '1.2.840.113549.2.2' => 
'md2',
 
 1319            '1.2.840.113549.2.5' => 
'md5',
 
 1320            '1.3.14.3.2.26' => 
'id-sha1',
 
 1321            '1.2.840.10040.4.1' => 
'id-dsa',
 
 1322            '1.2.840.10040.4.3' => 
'id-dsa-with-sha1',
 
 1323            '1.2.840.113549.1.1' => 
'pkcs-1',
 
 1324            '1.2.840.113549.1.1.1' => 
'rsaEncryption',
 
 1325            '1.2.840.113549.1.1.2' => 
'md2WithRSAEncryption',
 
 1326            '1.2.840.113549.1.1.4' => 
'md5WithRSAEncryption',
 
 1327            '1.2.840.113549.1.1.5' => 
'sha1WithRSAEncryption',
 
 1328            '1.2.840.10046.2.1' => 
'dhpublicnumber',
 
 1329            '2.16.840.1.101.2.1.1.22' => 
'id-keyExchangeAlgorithm',
 
 1330            '1.2.840.10045' => 
'ansi-X9-62',
 
 1331            '1.2.840.10045.4' => 
'id-ecSigType',
 
 1332            '1.2.840.10045.4.1' => 
'ecdsa-with-SHA1',
 
 1333            '1.2.840.10045.1' => 
'id-fieldType',
 
 1334            '1.2.840.10045.1.1' => 
'prime-field',
 
 1335            '1.2.840.10045.1.2' => 
'characteristic-two-field',
 
 1336            '1.2.840.10045.1.2.3' => 
'id-characteristic-two-basis',
 
 1337            '1.2.840.10045.1.2.3.1' => 
'gnBasis',
 
 1338            '1.2.840.10045.1.2.3.2' => 
'tpBasis',
 
 1339            '1.2.840.10045.1.2.3.3' => 
'ppBasis',
 
 1340            '1.2.840.10045.2' => 
'id-publicKeyType',
 
 1341            '1.2.840.10045.2.1' => 
'id-ecPublicKey',
 
 1342            '1.2.840.10045.3' => 
'ellipticCurve',
 
 1343            '1.2.840.10045.3.0' => 
'c-TwoCurve',
 
 1344            '1.2.840.10045.3.0.1' => 
'c2pnb163v1',
 
 1345            '1.2.840.10045.3.0.2' => 
'c2pnb163v2',
 
 1346            '1.2.840.10045.3.0.3' => 
'c2pnb163v3',
 
 1347            '1.2.840.10045.3.0.4' => 
'c2pnb176w1',
 
 1348            '1.2.840.10045.3.0.5' => 
'c2pnb191v1',
 
 1349            '1.2.840.10045.3.0.6' => 
'c2pnb191v2',
 
 1350            '1.2.840.10045.3.0.7' => 
'c2pnb191v3',
 
 1351            '1.2.840.10045.3.0.8' => 
'c2pnb191v4',
 
 1352            '1.2.840.10045.3.0.9' => 
'c2pnb191v5',
 
 1353            '1.2.840.10045.3.0.10' => 
'c2pnb208w1',
 
 1354            '1.2.840.10045.3.0.11' => 
'c2pnb239v1',
 
 1355            '1.2.840.10045.3.0.12' => 
'c2pnb239v2',
 
 1356            '1.2.840.10045.3.0.13' => 
'c2pnb239v3',
 
 1357            '1.2.840.10045.3.0.14' => 
'c2pnb239v4',
 
 1358            '1.2.840.10045.3.0.15' => 
'c2pnb239v5',
 
 1359            '1.2.840.10045.3.0.16' => 
'c2pnb272w1',
 
 1360            '1.2.840.10045.3.0.17' => 
'c2pnb304w1',
 
 1361            '1.2.840.10045.3.0.18' => 
'c2pnb359v1',
 
 1362            '1.2.840.10045.3.0.19' => 
'c2pnb368w1',
 
 1363            '1.2.840.10045.3.0.20' => 
'c2pnb431r1',
 
 1364            '1.2.840.10045.3.1' => 
'primeCurve',
 
 1365            '1.2.840.10045.3.1.1' => 
'prime192v1',
 
 1366            '1.2.840.10045.3.1.2' => 
'prime192v2',
 
 1367            '1.2.840.10045.3.1.3' => 
'prime192v3',
 
 1368            '1.2.840.10045.3.1.4' => 
'prime239v1',
 
 1369            '1.2.840.10045.3.1.5' => 
'prime239v2',
 
 1370            '1.2.840.10045.3.1.6' => 
'prime239v3',
 
 1371            '1.2.840.10045.3.1.7' => 
'prime256v1',
 
 1372            '1.2.840.113549.1.1.7' => 
'id-RSAES-OAEP',
 
 1373            '1.2.840.113549.1.1.9' => 
'id-pSpecified',
 
 1374            '1.2.840.113549.1.1.10' => 
'id-RSASSA-PSS',
 
 1375            '1.2.840.113549.1.1.8' => 
'id-mgf1',
 
 1376            '1.2.840.113549.1.1.14' => 
'sha224WithRSAEncryption',
 
 1377            '1.2.840.113549.1.1.11' => 
'sha256WithRSAEncryption',
 
 1378            '1.2.840.113549.1.1.12' => 
'sha384WithRSAEncryption',
 
 1379            '1.2.840.113549.1.1.13' => 
'sha512WithRSAEncryption',
 
 1380            '2.16.840.1.101.3.4.2.4' => 
'id-sha224',
 
 1381            '2.16.840.1.101.3.4.2.1' => 
'id-sha256',
 
 1382            '2.16.840.1.101.3.4.2.2' => 
'id-sha384',
 
 1383            '2.16.840.1.101.3.4.2.3' => 
'id-sha512',
 
 1384            '1.2.643.2.2.4' => 
'id-GostR3411-94-with-GostR3410-94',
 
 1385            '1.2.643.2.2.3' => 
'id-GostR3411-94-with-GostR3410-2001',
 
 1386            '1.2.643.2.2.20' => 
'id-GostR3410-2001',
 
 1387            '1.2.643.2.2.19' => 
'id-GostR3410-94',
 
 1389            '2.16.840.1.113730' => 
'netscape',
 
 1390            '2.16.840.1.113730.1' => 
'netscape-cert-extension',
 
 1391            '2.16.840.1.113730.1.1' => 
'netscape-cert-type',
 
 1392            '2.16.840.1.113730.1.13' => 
'netscape-comment',
 
 1393            '2.16.840.1.113730.1.8' => 
'netscape-ca-policy-url',
 
 1395            '1.3.6.1.5.5.7.1.12' => 
'id-pe-logotype',
 
 1396            '1.2.840.113533.7.65.0' => 
'entrustVersInfo',
 
 1397            '2.16.840.1.113733.1.6.9' => 
'verisignPrivate',
 
 1400            '1.2.840.113549.1.9.2' => 
'pkcs-9-at-unstructuredName', 
 
 1401            '1.2.840.113549.1.9.7' => 
'pkcs-9-at-challengePassword', 
 
 1402            '1.2.840.113549.1.9.14' => 
'pkcs-9-at-extensionRequest'  
 1416    function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT)
 
 1418        if (is_array($cert) && isset($cert[
'tbsCertificate'])) {
 
 1419            unset($this->currentCert);
 
 1420            unset($this->currentKeyIdentifier);
 
 1421            $this->dn = $cert[
'tbsCertificate'][
'subject'];
 
 1422            if (!isset($this->dn)) {
 
 1425            $this->currentCert = $cert;
 
 1430            unset($this->signatureSubject);
 
 1437        if ($mode != self::FORMAT_DER) {
 
 1439            if ($mode == self::FORMAT_PEM && $cert == $newcert) {
 
 1445        if ($cert === 
false) {
 
 1446            $this->currentCert = 
false;
 
 1450        $asn1->loadOIDs($this->oids);
 
 1451        $decoded = $asn1->decodeBER($cert);
 
 1453        if (!empty($decoded)) {
 
 1454            $x509 = $asn1->asn1map($decoded[0], $this->Certificate);
 
 1456        if (!isset($x509) || $x509 === 
false) {
 
 1457            $this->currentCert = 
false;
 
 1461        $this->signatureSubject = substr($cert, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
 
 1465        $key = &$x509[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'];
 
 1466        $key = $this->
_reformatKey($x509[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'algorithm'], 
$key);
 
 1468        $this->currentCert = $x509;
 
 1469        $this->dn = $x509[
'tbsCertificate'][
'subject'];
 
 1487        if (!is_array($cert) || !isset($cert[
'tbsCertificate'])) {
 
 1493            case !($algorithm = $this->
_subArray($cert, 
'tbsCertificate/subjectPublicKeyInfo/algorithm/algorithm')):
 
 1494            case is_object($cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey']):
 
 1497                switch ($algorithm) {
 
 1498                    case 'rsaEncryption':
 
 1499                        $cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey']
 
 1500                            = base64_encode(
"\0" . base64_decode(preg_replace(
'#-.+-|[\r\n]#', 
'', $cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'])));
 
 1507                        $cert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'parameters'] = 
null;
 
 1509                        $cert[
'signatureAlgorithm'][
'parameters'] = 
null;
 
 1510                        $cert[
'tbsCertificate'][
'signature'][
'parameters'] = 
null;
 
 1515        $asn1->loadOIDs($this->oids);
 
 1519        $filters[
'tbsCertificate'][
'signature'][
'parameters'] = $type_utf8_string;
 
 1520        $filters[
'tbsCertificate'][
'signature'][
'issuer'][
'rdnSequence'][
'value'] = $type_utf8_string;
 
 1521        $filters[
'tbsCertificate'][
'issuer'][
'rdnSequence'][
'value'] = $type_utf8_string;
 
 1522        $filters[
'tbsCertificate'][
'subject'][
'rdnSequence'][
'value'] = $type_utf8_string;
 
 1523        $filters[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'parameters'] = $type_utf8_string;
 
 1524        $filters[
'signatureAlgorithm'][
'parameters'] = $type_utf8_string;
 
 1525        $filters[
'authorityCertIssuer'][
'directoryName'][
'rdnSequence'][
'value'] = $type_utf8_string;
 
 1527        $filters[
'distributionPoint'][
'fullName'][
'directoryName'][
'rdnSequence'][
'value'] = $type_utf8_string;
 
 1528        $filters[
'directoryName'][
'rdnSequence'][
'value'] = $type_utf8_string;
 
 1534        $filters[
'policyQualifiers'][
'qualifier']
 
 1537        $asn1->loadFilters($filters);
 
 1541        $cert = $asn1->encodeDER($cert, $this->Certificate);
 
 1548                return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert), 64) . 
'-----END CERTIFICATE-----';
 
 1565        if (is_array($extensions)) {
 
 1566            for (
$i = 0; 
$i < count($extensions); 
$i++) {
 
 1567                $id = $extensions[
$i][
'extnId'];
 
 1568                $value = &$extensions[
$i][
'extnValue'];
 
 1569                $value = base64_decode($value);
 
 1570                $decoded = $asn1->decodeBER($value);
 
 1574                if (!is_bool(
$map)) {
 
 1575                    $mapped = $asn1->asn1map($decoded[0], 
$map, array(
'iPAddress' => array($this, 
'_decodeIP')));
 
 1576                    $value = $mapped === 
false ? $decoded[0] : $mapped;
 
 1578                    if (
$id == 
'id-ce-certificatePolicies') {
 
 1579                        for ($j = 0; $j < count($value); $j++) {
 
 1580                            if (!isset($value[$j][
'policyQualifiers'])) {
 
 1583                            for ($k = 0; $k < count($value[$j][
'policyQualifiers']); $k++) {
 
 1584                                $subid = $value[$j][
'policyQualifiers'][$k][
'policyQualifierId'];
 
 1586                                $subvalue = &$value[$j][
'policyQualifiers'][$k][
'qualifier'];
 
 1587                                if (
$map !== 
false) {
 
 1588                                    $decoded = $asn1->decodeBER($subvalue);
 
 1589                                    $mapped = $asn1->asn1map($decoded[0], 
$map);
 
 1590                                    $subvalue = $mapped === 
false ? $decoded[0] : $mapped;
 
 1596                    $value = base64_encode($value);
 
 1615        if (is_array($extensions)) {
 
 1616            $size = count($extensions);
 
 1618                if ($extensions[
$i] instanceof 
Element) {
 
 1622                $id = $extensions[
$i][
'extnId'];
 
 1623                $value = &$extensions[
$i][
'extnValue'];
 
 1626                    case 'id-ce-certificatePolicies':
 
 1627                        for ($j = 0; $j < count($value); $j++) {
 
 1628                            if (!isset($value[$j][
'policyQualifiers'])) {
 
 1631                            for ($k = 0; $k < count($value[$j][
'policyQualifiers']); $k++) {
 
 1632                                $subid = $value[$j][
'policyQualifiers'][$k][
'policyQualifierId'];
 
 1634                                $subvalue = &$value[$j][
'policyQualifiers'][$k][
'qualifier'];
 
 1635                                if (
$map !== 
false) {
 
 1638                                    $subvalue = 
new Element($asn1->encodeDER($subvalue, 
$map));
 
 1643                    case 'id-ce-authorityKeyIdentifier': 
 
 1644                        if (isset($value[
'authorityCertSerialNumber'])) {
 
 1645                            if ($value[
'authorityCertSerialNumber']->toBytes() == 
'') {
 
 1647                                $value[
'authorityCertSerialNumber'] = 
new Element($temp);
 
 1655                if (is_bool(
$map)) {
 
 1657                        user_error(
$id . 
' is not a currently supported extension');
 
 1658                        unset($extensions[
$i]);
 
 1661                    $temp = $asn1->encodeDER($value, 
$map, array(
'iPAddress' => array($this, 
'_encodeIP')));
 
 1662                    $value = base64_encode($temp);
 
 1689                    for ($j = 0; $j < count(
$values); $j++) {
 
 1690                        $value = $asn1->encodeDER(
$values[$j], $this->AttributeValue);
 
 1691                        $decoded = $asn1->decodeBER($value);
 
 1692                        if (!is_bool(
$map)) {
 
 1693                            $mapped = $asn1->asn1map($decoded[0], 
$map);
 
 1694                            if ($mapped !== 
false) {
 
 1697                            if (
$id == 
'pkcs-9-at-extensionRequest') {
 
 1701                            $values[$j] = base64_encode($value);
 
 1729                if (
$map === 
false) {
 
 1730                    user_error(
$id . 
' is not a currently supported attribute', E_USER_NOTICE);
 
 1734                    for ($j = 0; $j < count(
$values); $j++) {
 
 1736                            case 'pkcs-9-at-extensionRequest':
 
 1741                        if (!is_bool(
$map)) {
 
 1743                            $decoded = $asn1->decodeBER($temp);
 
 1744                            $values[$j] = $asn1->asn1map($decoded[0], $this->AttributeValue);
 
 1761        if (!is_string($extnId)) { 
 
 1766            case 'id-ce-keyUsage':
 
 1768            case 'id-ce-basicConstraints':
 
 1770            case 'id-ce-subjectKeyIdentifier':
 
 1772            case 'id-ce-cRLDistributionPoints':
 
 1774            case 'id-ce-authorityKeyIdentifier':
 
 1776            case 'id-ce-certificatePolicies':
 
 1778            case 'id-ce-extKeyUsage':
 
 1780            case 'id-pe-authorityInfoAccess':
 
 1782            case 'id-ce-subjectAltName':
 
 1784            case 'id-ce-privateKeyUsagePeriod':
 
 1786            case 'id-ce-issuerAltName':
 
 1788            case 'id-ce-policyMappings':
 
 1790            case 'id-ce-nameConstraints':
 
 1793            case 'netscape-cert-type':
 
 1795            case 'netscape-comment':
 
 1797            case 'netscape-ca-policy-url':
 
 1804            case 'id-qt-unotice':
 
 1808            case 'id-pe-logotype': 
 
 1809            case 'entrustVersInfo':
 
 1811            case '1.3.6.1.4.1.311.20.2': 
 
 1812            case '1.3.6.1.4.1.311.21.1': 
 
 1819            case 'pkcs-9-at-unstructuredName':
 
 1821            case 'pkcs-9-at-challengePassword':
 
 1823            case 'pkcs-9-at-extensionRequest':
 
 1827            case 'id-ce-cRLNumber':
 
 1829            case 'id-ce-deltaCRLIndicator':
 
 1831            case 'id-ce-issuingDistributionPoint':
 
 1833            case 'id-ce-freshestCRL':
 
 1835            case 'id-ce-cRLReasons':
 
 1837            case 'id-ce-invalidityDate':
 
 1839            case 'id-ce-certificateIssuer':
 
 1841            case 'id-ce-holdInstructionCode':
 
 1865            $this->currentCert = $oldcert;
 
 1866            $this->signatureSubject = $oldsigsubj;
 
 1867            $this->currentKeyIdentifier = $oldkeyid;
 
 1896        $this->CAs[] = $cert;
 
 1899        $this->currentCert = $oldcert;
 
 1900        $this->signatureSubject = $oldsigsubj;
 
 1924        if (!is_array($this->currentCert) || !isset($this->currentCert[
'tbsCertificate'])) {
 
 1928        $components = parse_url(
$url);
 
 1929        if (!isset($components[
'host'])) {
 
 1933        if ($names = $this->
getExtension(
'id-ce-subjectAltName')) {
 
 1934            foreach ($names as 
$key => $value) {
 
 1935                $value = str_replace(array(
'.', 
'*'), array(
'\.', 
'[^.]*'), $value);
 
 1945                        if (preg_match(
'#^' . $value . 
'$#', $components[
'host'])) {
 
 1955                        if (preg_match(
'#(?:\d{1-3}\.){4}#', $components[
'host'] . 
'.') && preg_match(
'#^' . $value . 
'$#', $components[
'host'])) {
 
 1963        if ($value = $this->
getDNProp(
'id-at-commonName')) {
 
 1964            $value = str_replace(array(
'.', 
'*'), array(
'\.', 
'[^.]*'), $value[0]);
 
 1965            return preg_match(
'#^' . $value . 
'$#', $components[
'host']);
 
 1981        if (!is_array($this->currentCert) || !isset($this->currentCert[
'tbsCertificate'])) {
 
 1985        if (!isset($date)) {
 
 1989        $notBefore = $this->currentCert[
'tbsCertificate'][
'validity'][
'notBefore'];
 
 1990        $notBefore = isset($notBefore[
'generalTime']) ? $notBefore[
'generalTime'] : $notBefore[
'utcTime'];
 
 1992        $notAfter = $this->currentCert[
'tbsCertificate'][
'validity'][
'notAfter'];
 
 1993        $notAfter = isset($notAfter[
'generalTime']) ? $notAfter[
'generalTime'] : $notAfter[
'utcTime'];
 
 1996            case $date < @strtotime($notBefore):
 
 1997            case $date > @strtotime($notAfter):
 
 2021        if (!is_array($this->currentCert) || !isset($this->signatureSubject)) {
 
 2032            case isset($this->currentCert[
'tbsCertificate']):
 
 2034                if ($this->currentCert[
'tbsCertificate'][
'issuer'] === $this->currentCert[
'tbsCertificate'][
'subject']) {
 
 2035                    $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier');
 
 2036                    $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier');
 
 2038                        case !is_array($authorityKey):
 
 2039                        case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
 
 2044                if (!empty($this->CAs)) {
 
 2045                    for (
$i = 0; 
$i < count($this->CAs); 
$i++) {
 
 2048                        $ca = $this->CAs[
$i];
 
 2049                        if ($this->currentCert[
'tbsCertificate'][
'issuer'] === $ca[
'tbsCertificate'][
'subject']) {
 
 2050                            $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier');
 
 2051                            $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier', $ca);
 
 2053                                case !is_array($authorityKey):
 
 2054                                case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
 
 2060                    if (count($this->CAs) == 
$i && $caonly) {
 
 2063                } elseif (!isset($signingCert) || $caonly) {
 
 2067                    $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'algorithm'],
 
 2068                    $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'],
 
 2069                    $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
 
 2070                    substr(base64_decode($this->currentCert[
'signature']), 1),
 
 2071                    $this->signatureSubject
 
 2073            case isset($this->currentCert[
'certificationRequestInfo']):
 
 2075                    $this->currentCert[
'certificationRequestInfo'][
'subjectPKInfo'][
'algorithm'][
'algorithm'],
 
 2076                    $this->currentCert[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'],
 
 2077                    $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
 
 2078                    substr(base64_decode($this->currentCert[
'signature']), 1),
 
 2079                    $this->signatureSubject
 
 2081            case isset($this->currentCert[
'publicKeyAndChallenge']):
 
 2083                    $this->currentCert[
'publicKeyAndChallenge'][
'spki'][
'algorithm'][
'algorithm'],
 
 2084                    $this->currentCert[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey'],
 
 2085                    $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
 
 2086                    substr(base64_decode($this->currentCert[
'signature']), 1),
 
 2087                    $this->signatureSubject
 
 2089            case isset($this->currentCert[
'tbsCertList']):
 
 2090                if (!empty($this->CAs)) {
 
 2091                    for (
$i = 0; 
$i < count($this->CAs); 
$i++) {
 
 2092                        $ca = $this->CAs[
$i];
 
 2093                        if ($this->currentCert[
'tbsCertList'][
'issuer'] === $ca[
'tbsCertificate'][
'subject']) {
 
 2094                            $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier');
 
 2095                            $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier', $ca);
 
 2097                                case !is_array($authorityKey):
 
 2098                                case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
 
 2105                if (!isset($signingCert)) {
 
 2109                    $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'algorithm'][
'algorithm'],
 
 2110                    $signingCert[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey'],
 
 2111                    $this->currentCert[
'signatureAlgorithm'][
'algorithm'],
 
 2112                    substr(base64_decode($this->currentCert[
'signature']), 1),
 
 2113                    $this->signatureSubject
 
 2135        switch ($publicKeyAlgorithm) {
 
 2136            case 'rsaEncryption':
 
 2140                switch ($signatureAlgorithm) {
 
 2141                    case 'md2WithRSAEncryption':
 
 2142                    case 'md5WithRSAEncryption':
 
 2143                    case 'sha1WithRSAEncryption':
 
 2144                    case 'sha224WithRSAEncryption':
 
 2145                    case 'sha256WithRSAEncryption':
 
 2146                    case 'sha384WithRSAEncryption':
 
 2147                    case 'sha512WithRSAEncryption':
 
 2148                        $rsa->setHash(preg_replace(
'#WithRSAEncryption$#', 
'', $signatureAlgorithm));
 
 2177        switch ($algorithm) {
 
 2178            case 'rsaEncryption':
 
 2180                    "-----BEGIN RSA PUBLIC KEY-----\r\n" .
 
 2184                    chunk_split(base64_encode(substr(base64_decode(
$key), 1)), 64) .
 
 2185                    '-----END RSA PUBLIC KEY-----';
 
 2202        $ip = base64_decode($ip);
 
 2203        list(, $ip) = unpack(
'N', $ip);
 
 2204        return long2ip($ip);
 
 2218        return base64_encode(pack(
'N', ip2long($ip)));
 
 2230        switch (strtolower($propName)) {
 
 2231            case 'id-at-countryname':
 
 2234                return 'id-at-countryName';
 
 2235            case 'id-at-organizationname':
 
 2236            case 'organizationname':
 
 2238                return 'id-at-organizationName';
 
 2239            case 'id-at-dnqualifier':
 
 2241                return 'id-at-dnQualifier';
 
 2242            case 'id-at-commonname':
 
 2245                return 'id-at-commonName';
 
 2246            case 'id-at-stateorprovincename':
 
 2247            case 'stateorprovincename':
 
 2250            case 'provincename':
 
 2252                return 'id-at-stateOrProvinceName';
 
 2253            case 'id-at-localityname':
 
 2254            case 'localityname':
 
 2256                return 'id-at-localityName';
 
 2257            case 'id-emailaddress':
 
 2258            case 'emailaddress':
 
 2259                return 'pkcs-9-at-emailAddress';
 
 2260            case 'id-at-serialnumber':
 
 2261            case 'serialnumber':
 
 2262                return 'id-at-serialNumber';
 
 2263            case 'id-at-postalcode':
 
 2265                return 'id-at-postalCode';
 
 2266            case 'id-at-streetaddress':
 
 2267            case 'streetaddress':
 
 2268                return 'id-at-streetAddress';
 
 2271                return 'id-at-name';
 
 2272            case 'id-at-givenname':
 
 2274                return 'id-at-givenName';
 
 2275            case 'id-at-surname':
 
 2278                return 'id-at-surname';
 
 2279            case 'id-at-initials':
 
 2281                return 'id-at-initials';
 
 2282            case 'id-at-generationqualifier':
 
 2283            case 'generationqualifier':
 
 2284                return 'id-at-generationQualifier';
 
 2285            case 'id-at-organizationalunitname':
 
 2286            case 'organizationalunitname':
 
 2288                return 'id-at-organizationalUnitName';
 
 2289            case 'id-at-pseudonym':
 
 2291                return 'id-at-pseudonym';
 
 2294                return 'id-at-title';
 
 2295            case 'id-at-description':
 
 2297                return 'id-at-description';
 
 2300                return 'id-at-role';
 
 2301            case 'id-at-uniqueidentifier':
 
 2302            case 'uniqueidentifier':
 
 2303            case 'x500uniqueidentifier':
 
 2304                return 'id-at-uniqueIdentifier';
 
 2321        if (empty($this->dn)) {
 
 2322            $this->dn = array(
'rdnSequence' => array());
 
 2329        foreach ((array) $propValue as $v) {
 
 2330            if (!is_array($v) && isset(
$type)) {
 
 2331                $v = array(
$type => $v);
 
 2333            $this->dn[
'rdnSequence'][] = array(
 
 2335                    'type' => $propName,
 
 2352        if (empty($this->dn)) {
 
 2360        $dn = &$this->dn[
'rdnSequence'];
 
 2363            if (
$dn[
$i][0][
'type'] == $propName) {
 
 2394        $dn = 
$dn[
'rdnSequence'];
 
 2398            if (
$dn[
$i][0][
'type'] == $propName) {
 
 2399                $v = 
$dn[
$i][0][
'value'];
 
 2400                if (!$withType && is_array($v)) {
 
 2402                        $type = array_search(
$type, $asn1->ANYmap, 
true);
 
 2403                        if (
$type !== 
false && isset($asn1->stringTypeSize[
$type])) {
 
 2437        if (is_array(
$dn)) {
 
 2438            if (isset(
$dn[
'rdnSequence'])) {
 
 2444            foreach (
$dn as $prop => $value) {
 
 2453        $results = preg_split(
'#((?:^|, *|/)(?:C=|O=|OU=|CN=|L=|ST=|SN=|postalCode=|streetAddress=|emailAddress=|serialNumber=|organizationalUnitName=|title=|description=|role=|x500UniqueIdentifier=))#', 
$dn, -1, 
PREG_SPLIT_DELIM_CAPTURE);
 
 2476            $dn = isset($this->currentCert[
'tbsCertList']) ? $this->currentCert[
'tbsCertList'][
'issuer'] : 
$this->dn;
 
 2484                $asn1->loadOIDs($this->oids);
 
 2487                $asn1->loadFilters($filters);
 
 2488                return $asn1->encodeDER(
$dn, $this->Name);
 
 2491                if (
$dn === 
false) {
 
 2496                for (
$i = 1; 
$i < count($attrs); 
$i += 2) {
 
 2497                    $prop = trim($attrs[
$i], 
', =/');
 
 2498                    $value = $attrs[
$i + 1];
 
 2499                    if (!isset(
$dn[$prop])) {
 
 2500                        $dn[$prop] = $value;
 
 2502                        $dn[$prop] = array_merge((array) 
$dn[$prop], array($value));
 
 2510                $asn1->loadOIDs($this->oids);
 
 2513                $asn1->loadFilters($filters);
 
 2515                foreach (
$dn[
'rdnSequence'] as $rdn) {
 
 2516                    foreach ($rdn as 
$i => $attr) {
 
 2518                        if (is_array($attr[
'value'])) {
 
 2519                            foreach ($attr[
'value'] as 
$type => $v) {
 
 2520                                $type = array_search(
$type, $asn1->ANYmap, 
true);
 
 2521                                if (
$type !== 
false && isset($asn1->stringTypeSize[
$type])) {
 
 2522                                    $v = $asn1->convert($v, 
$type);
 
 2524                                        $v = preg_replace(
'/\s+/', 
' ', $v);
 
 2525                                        $attr[
'value'] = strtolower(trim($v));
 
 2532                    $result .= $asn1->encodeDER($rdn, $this->RelativeDistinguishedName);
 
 2537                $hash = 
new Hash(
'sha1');
 
 2538                $hash = $hash->hash(
$dn);
 
 2539                extract(unpack(
'Vhash', $hash));
 
 2540                return strtolower(bin2hex(pack(
'N', $hash)));
 
 2547        foreach (
$dn[
'rdnSequence'] as $field) {
 
 2548            $prop = $field[0][
'type'];
 
 2549            $value = $field[0][
'value'];
 
 2553                case 'id-at-countryName':
 
 2556                case 'id-at-stateOrProvinceName':
 
 2559                case 'id-at-organizationName':
 
 2562                case 'id-at-organizationalUnitName':
 
 2565                case 'id-at-commonName':
 
 2568                case 'id-at-localityName':
 
 2571                case 'id-at-surname':
 
 2574                case 'id-at-uniqueIdentifier':
 
 2576                    $desc = 
'x500UniqueIdentifier=';
 
 2580                    $desc = preg_replace(
'#.+-([^-]+)$#', 
'$1',  $prop) . 
'=';
 
 2586            if (is_array($value)) {
 
 2587                foreach ($value as 
$type => $v) {
 
 2588                    $type = array_search(
$type, $asn1->ANYmap, 
true);
 
 2589                    if (
$type !== 
false && isset($asn1->stringTypeSize[
$type])) {
 
 2590                        $v = $asn1->convert($v, 
$type);
 
 2597                if (is_array($value)) {
 
 2598                    $value = array_pop($value); 
 
 2618            case !isset($this->currentCert) || !is_array($this->currentCert):
 
 2620            case isset($this->currentCert[
'tbsCertificate']):
 
 2621                return $this->
getDN(
$format, $this->currentCert[
'tbsCertificate'][
'issuer']);
 
 2622            case isset($this->currentCert[
'tbsCertList']):
 
 2623                return $this->
getDN(
$format, $this->currentCert[
'tbsCertList'][
'issuer']);
 
 2640            case !empty($this->dn):
 
 2642            case !isset($this->currentCert) || !is_array($this->currentCert):
 
 2644            case isset($this->currentCert[
'tbsCertificate']):
 
 2645                return $this->
getDN(
$format, $this->currentCert[
'tbsCertificate'][
'subject']);
 
 2646            case isset($this->currentCert[
'certificationRequestInfo']):
 
 2647                return $this->
getDN(
$format, $this->currentCert[
'certificationRequestInfo'][
'subject']);
 
 2664            case !isset($this->currentCert) || !is_array($this->currentCert):
 
 2666            case isset($this->currentCert[
'tbsCertificate']):
 
 2667                return $this->
getDNProp($propName, $this->currentCert[
'tbsCertificate'][
'issuer'], $withType);
 
 2668            case isset($this->currentCert[
'tbsCertList']):
 
 2669                return $this->
getDNProp($propName, $this->currentCert[
'tbsCertList'][
'issuer'], $withType);
 
 2686            case !empty($this->dn):
 
 2687                return $this->
getDNProp($propName, 
null, $withType);
 
 2688            case !isset($this->currentCert) || !is_array($this->currentCert):
 
 2690            case isset($this->currentCert[
'tbsCertificate']):
 
 2691                return $this->
getDNProp($propName, $this->currentCert[
'tbsCertificate'][
'subject'], $withType);
 
 2692            case isset($this->currentCert[
'certificationRequestInfo']):
 
 2693                return $this->
getDNProp($propName, $this->currentCert[
'certificationRequestInfo'][
'subject'], $withType);
 
 2707        $chain = array($this->currentCert);
 
 2709        if (!is_array($this->currentCert) || !isset($this->currentCert[
'tbsCertificate'])) {
 
 2712        if (empty($this->CAs)) {
 
 2717            for (
$i = 0; 
$i < count($this->CAs); 
$i++) {
 
 2718                $ca = $this->CAs[
$i];
 
 2719                if (
$currentCert[
'tbsCertificate'][
'issuer'] === $ca[
'tbsCertificate'][
'subject']) {
 
 2720                    $authorityKey = $this->
getExtension(
'id-ce-authorityKeyIdentifier', $currentCert);
 
 2721                    $subjectKeyID = $this->
getExtension(
'id-ce-subjectKeyIdentifier', $ca);
 
 2723                        case !is_array($authorityKey):
 
 2724                        case is_array($authorityKey) && isset($authorityKey[
'keyIdentifier']) && $authorityKey[
'keyIdentifier'] === $subjectKeyID:
 
 2733            if (
$i == count($this->CAs)) {
 
 2737        foreach ($chain as 
$key => $value) {
 
 2739            $chain[
$key]->loadX509($value);
 
 2755        $key->setPublicKey();
 
 2756        $this->publicKey = 
$key;
 
 2769        $this->privateKey = 
$key;
 
 2795        if (isset($this->publicKey)) {
 
 2799        if (isset($this->currentCert) && is_array($this->currentCert)) {
 
 2800            foreach (array(
'tbsCertificate/subjectPublicKeyInfo', 
'certificationRequestInfo/subjectPKInfo') as 
$path) {
 
 2802                if (!empty($keyinfo)) {
 
 2807        if (empty($keyinfo)) {
 
 2811        $key = $keyinfo[
'subjectPublicKey'];
 
 2813        switch ($keyinfo[
'algorithm'][
'algorithm']) {
 
 2814            case 'rsaEncryption':
 
 2833    function loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT)
 
 2835        if (is_array($csr) && isset($csr[
'certificationRequestInfo'])) {
 
 2836            unset($this->currentCert);
 
 2837            unset($this->currentKeyIdentifier);
 
 2838            unset($this->signatureSubject);
 
 2839            $this->dn = $csr[
'certificationRequestInfo'][
'subject'];
 
 2840            if (!isset($this->dn)) {
 
 2844            $this->currentCert = $csr;
 
 2852        if ($mode != self::FORMAT_DER) {
 
 2854            if ($mode == self::FORMAT_PEM && $csr == $newcsr) {
 
 2861        if ($csr === 
false) {
 
 2862            $this->currentCert = 
false;
 
 2866        $asn1->loadOIDs($this->oids);
 
 2867        $decoded = $asn1->decodeBER($csr);
 
 2869        if (empty($decoded)) {
 
 2870            $this->currentCert = 
false;
 
 2874        $csr = $asn1->asn1map($decoded[0], $this->CertificationRequest);
 
 2875        if (!isset($csr) || $csr === 
false) {
 
 2876            $this->currentCert = 
false;
 
 2880        $this->dn = $csr[
'certificationRequestInfo'][
'subject'];
 
 2881        $this->
_mapInAttributes($csr, 
'certificationRequestInfo/attributes', $asn1);
 
 2883        $this->signatureSubject = substr($orig, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
 
 2885        $algorithm = &$csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'algorithm'][
'algorithm'];
 
 2886        $key = &$csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'];
 
 2889        switch ($algorithm) {
 
 2890            case 'rsaEncryption':
 
 2891                $this->publicKey = 
new RSA();
 
 2892                $this->publicKey->loadKey(
$key);
 
 2893                $this->publicKey->setPublicKey();
 
 2896                $this->publicKey = 
null;
 
 2899        $this->currentKeyIdentifier = 
null;
 
 2900        $this->currentCert = $csr;
 
 2915        if (!is_array($csr) || !isset($csr[
'certificationRequestInfo'])) {
 
 2920            case !($algorithm = $this->
_subArray($csr, 
'certificationRequestInfo/subjectPKInfo/algorithm/algorithm')):
 
 2921            case is_object($csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey']):
 
 2924                switch ($algorithm) {
 
 2925                    case 'rsaEncryption':
 
 2926                        $csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey']
 
 2927                            = base64_encode(
"\0" . base64_decode(preg_replace(
'#-.+-|[\r\n]#', 
'', $csr[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'])));
 
 2933        $asn1->loadOIDs($this->oids);
 
 2936        $filters[
'certificationRequestInfo'][
'subject'][
'rdnSequence'][
'value']
 
 2939        $asn1->loadFilters($filters);
 
 2942        $csr = $asn1->encodeDER($csr, $this->CertificationRequest);
 
 2949                return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr), 64) . 
'-----END CERTIFICATE REQUEST-----';
 
 2966        if (is_array($spkac) && isset($spkac[
'publicKeyAndChallenge'])) {
 
 2967            unset($this->currentCert);
 
 2968            unset($this->currentKeyIdentifier);
 
 2969            unset($this->signatureSubject);
 
 2970            $this->currentCert = $spkac;
 
 2979        $temp = preg_replace(
'#(?:SPKAC=)|[ \r\n\\\]#', 
'', $spkac);
 
 2980        $temp = preg_match(
'#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : 
false;
 
 2981        if ($temp != 
false) {
 
 2986        if ($spkac === 
false) {
 
 2987            $this->currentCert = 
false;
 
 2991        $asn1->loadOIDs($this->oids);
 
 2992        $decoded = $asn1->decodeBER($spkac);
 
 2994        if (empty($decoded)) {
 
 2995            $this->currentCert = 
false;
 
 2999        $spkac = $asn1->asn1map($decoded[0], $this->SignedPublicKeyAndChallenge);
 
 3001        if (!isset($spkac) || $spkac === 
false) {
 
 3002            $this->currentCert = 
false;
 
 3006        $this->signatureSubject = substr($orig, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
 
 3008        $algorithm = &$spkac[
'publicKeyAndChallenge'][
'spki'][
'algorithm'][
'algorithm'];
 
 3009        $key = &$spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey'];
 
 3012        switch ($algorithm) {
 
 3013            case 'rsaEncryption':
 
 3014                $this->publicKey = 
new RSA();
 
 3015                $this->publicKey->loadKey(
$key);
 
 3016                $this->publicKey->setPublicKey();
 
 3019                $this->publicKey = 
null;
 
 3022        $this->currentKeyIdentifier = 
null;
 
 3023        $this->currentCert = $spkac;
 
 3038        if (!is_array($spkac) || !isset($spkac[
'publicKeyAndChallenge'])) {
 
 3042        $algorithm = $this->
_subArray($spkac, 
'publicKeyAndChallenge/spki/algorithm/algorithm');
 
 3045            case is_object($spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey']):
 
 3048                switch ($algorithm) {
 
 3049                    case 'rsaEncryption':
 
 3050                        $spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey']
 
 3051                            = base64_encode(
"\0" . base64_decode(preg_replace(
'#-.+-|[\r\n]#', 
'', $spkac[
'publicKeyAndChallenge'][
'spki'][
'subjectPublicKey'])));
 
 3057        $asn1->loadOIDs($this->oids);
 
 3058        $spkac = $asn1->encodeDER($spkac, $this->SignedPublicKeyAndChallenge);
 
 3067                return 'SPKAC=' . base64_encode($spkac);
 
 3078    function loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT)
 
 3080        if (is_array($crl) && isset($crl[
'tbsCertList'])) {
 
 3081            $this->currentCert = $crl;
 
 3082            unset($this->signatureSubject);
 
 3088        if ($mode != self::FORMAT_DER) {
 
 3090            if ($mode == self::FORMAT_PEM && $crl == $newcrl) {
 
 3097        if ($crl === 
false) {
 
 3098            $this->currentCert = 
false;
 
 3102        $asn1->loadOIDs($this->oids);
 
 3103        $decoded = $asn1->decodeBER($crl);
 
 3105        if (empty($decoded)) {
 
 3106            $this->currentCert = 
false;
 
 3110        $crl = $asn1->asn1map($decoded[0], $this->CertificateList);
 
 3111        if (!isset($crl) || $crl === 
false) {
 
 3112            $this->currentCert = 
false;
 
 3116        $this->signatureSubject = substr($orig, $decoded[0][
'content'][0][
'start'], $decoded[0][
'content'][0][
'length']);
 
 3119        $rclist = &$this->
_subArray($crl, 
'tbsCertList/revokedCertificates');
 
 3120        if (is_array($rclist)) {
 
 3121            foreach ($rclist as 
$i => $extension) {
 
 3126        $this->currentKeyIdentifier = 
null;
 
 3127        $this->currentCert = $crl;
 
 3142        if (!is_array($crl) || !isset($crl[
'tbsCertList'])) {
 
 3148        $asn1->loadOIDs($this->oids);
 
 3151        $filters[
'tbsCertList'][
'issuer'][
'rdnSequence'][
'value']
 
 3153        $filters[
'tbsCertList'][
'signature'][
'parameters']
 
 3155        $filters[
'signatureAlgorithm'][
'parameters']
 
 3158        if (empty($crl[
'tbsCertList'][
'signature'][
'parameters'])) {
 
 3159            $filters[
'tbsCertList'][
'signature'][
'parameters']
 
 3163        if (empty($crl[
'signatureAlgorithm'][
'parameters'])) {
 
 3164            $filters[
'signatureAlgorithm'][
'parameters']
 
 3168        $asn1->loadFilters($filters);
 
 3171        $rclist = &$this->
_subArray($crl, 
'tbsCertList/revokedCertificates');
 
 3172        if (is_array($rclist)) {
 
 3173            foreach ($rclist as 
$i => $extension) {
 
 3178        $crl = $asn1->encodeDER($crl, $this->CertificateList);
 
 3185                return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl), 64) . 
'-----END X509 CRL-----';
 
 3203        $year = @gmdate(
"Y", @strtotime($date)); 
 
 3205            return array(
'utcTime' => $date);
 
 3207            return array(
'generalTime' => $date);
 
 3224    function sign(
$issuer, $subject, $signatureAlgorithm = 
'sha1WithRSAEncryption')
 
 3230        if (isset($subject->publicKey) && !($subjectPublicKey = $subject->_formatSubjectPublicKey())) {
 
 3234        $currentCert = isset($this->currentCert) ? $this->currentCert : 
null;
 
 3235        $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: 
null;
 
 3237        if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert[
'tbsCertificate'])) {
 
 3238            $this->currentCert = $subject->currentCert;
 
 3239            $this->currentCert[
'tbsCertificate'][
'signature'][
'algorithm'] = $signatureAlgorithm;
 
 3240            $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
 
 3242            if (!empty($this->startDate)) {
 
 3243                $this->currentCert[
'tbsCertificate'][
'validity'][
'notBefore'] = $this->
_timeField($this->startDate);
 
 3245            if (!empty($this->endDate)) {
 
 3246                $this->currentCert[
'tbsCertificate'][
'validity'][
'notAfter'] = $this->
_timeField($this->endDate);
 
 3248            if (!empty($this->serialNumber)) {
 
 3251            if (!empty($subject->dn)) {
 
 3252                $this->currentCert[
'tbsCertificate'][
'subject'] = $subject->dn;
 
 3254            if (!empty($subject->publicKey)) {
 
 3255                $this->currentCert[
'tbsCertificate'][
'subjectPublicKeyInfo'] = $subjectPublicKey;
 
 3258            if (isset($subject->domains)) {
 
 3261        } elseif (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert[
'tbsCertList'])) {
 
 3264            if (!isset($subject->publicKey)) {
 
 3268            $startDate = !empty($this->startDate) ? $this->startDate : @date(
'D, d M Y H:i:s O');
 
 3269            $endDate = !empty($this->endDate) ? $this->endDate : @date(
'D, d M Y H:i:s O', strtotime(
'+1 year'));
 
 3278                $this->serialNumber :
 
 3281            $this->currentCert = array(
 
 3286                        'signature' => array(
'algorithm' => $signatureAlgorithm),
 
 3288                        'validity' => array(
 
 3289                            'notBefore' => $this->
_timeField($startDate), 
 
 3292                        'subject' => $subject->dn,
 
 3293                        'subjectPublicKeyInfo' => $subjectPublicKey
 
 3295                    'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
 
 3296                    'signature'          => 
false  
 3300            $csrexts = $subject->getAttribute(
'pkcs-9-at-extensionRequest', 0);
 
 3302            if (!empty($csrexts)) {
 
 3303                $this->currentCert[
'tbsCertificate'][
'extensions'] = $csrexts;
 
 3307        $this->currentCert[
'tbsCertificate'][
'issuer'] = 
$issuer->dn;
 
 3309        if (isset(
$issuer->currentKeyIdentifier)) {
 
 3310            $this->
setExtension(
'id-ce-authorityKeyIdentifier', array(
 
 3316                    'keyIdentifier' => 
$issuer->currentKeyIdentifier
 
 3325        if (isset($subject->currentKeyIdentifier)) {
 
 3326            $this->
setExtension(
'id-ce-subjectKeyIdentifier', $subject->currentKeyIdentifier);
 
 3331        if (isset($subject->domains) && count($subject->domains) > 1) {
 
 3332            $altName = array_map(array(
'X509', 
'_dnsName'), $subject->domains);
 
 3335        if (isset($subject->ipAddresses) && count($subject->ipAddresses)) {
 
 3338            $ipAddresses = array();
 
 3339            foreach ($subject->ipAddresses as $ipAddress) {
 
 3340                $encoded = $subject->_ipAddress($ipAddress);
 
 3341                if ($encoded !== 
false) {
 
 3342                    $ipAddresses[] = $encoded;
 
 3345            if (count($ipAddresses)) {
 
 3346                $altName = array_merge($altName, $ipAddresses);
 
 3350        if (!empty($altName)) {
 
 3354        if ($this->caFlag) {
 
 3357                $keyUsage = array();
 
 3362                array_values(array_unique(array_merge($keyUsage, array(
'cRLSign', 
'keyCertSign'))))
 
 3365            $basicConstraints = $this->
getExtension(
'id-ce-basicConstraints');
 
 3366            if (!$basicConstraints) {
 
 3367                $basicConstraints = array();
 
 3371                'id-ce-basicConstraints',
 
 3372                array_unique(array_merge(array(
'cA' => 
true), $basicConstraints)),
 
 3376            if (!isset($subject->currentKeyIdentifier)) {
 
 3383        $tbsCertificate = $this->currentCert[
'tbsCertificate'];
 
 3387        $result[
'tbsCertificate'] = $tbsCertificate;
 
 3401    function signCSR($signatureAlgorithm = 
'sha1WithRSAEncryption')
 
 3403        if (!is_object($this->privateKey) || empty($this->dn)) {
 
 3408        $class = get_class($this->privateKey);
 
 3409        $this->publicKey = 
new $class();
 
 3410        $this->publicKey->loadKey($this->privateKey->getPublicKey());
 
 3411        $this->publicKey->setPublicKey();
 
 3415        $this->publicKey = $origPublicKey;
 
 3417        $currentCert = isset($this->currentCert) ? $this->currentCert : 
null;
 
 3418        $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: 
null;
 
 3420        if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert[
'certificationRequestInfo'])) {
 
 3421            $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
 
 3422            if (!empty($this->dn)) {
 
 3423                $this->currentCert[
'certificationRequestInfo'][
'subject'] = 
$this->dn;
 
 3425            $this->currentCert[
'certificationRequestInfo'][
'subjectPKInfo'] = 
$publicKey;
 
 3427            $this->currentCert = array(
 
 3428                'certificationRequestInfo' =>
 
 3431                        'subject' => $this->dn,
 
 3434                    'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
 
 3435                    'signature'          => 
false  
 3441        $certificationRequestInfo = $this->currentCert[
'certificationRequestInfo'];
 
 3444        $result = $this->
_sign($this->privateKey, $signatureAlgorithm);
 
 3445        $result[
'certificationRequestInfo'] = $certificationRequestInfo;
 
 3459    function signSPKAC($signatureAlgorithm = 
'sha1WithRSAEncryption')
 
 3461        if (!is_object($this->privateKey)) {
 
 3466        $class = get_class($this->privateKey);
 
 3467        $this->publicKey = 
new $class();
 
 3468        $this->publicKey->loadKey($this->privateKey->getPublicKey());
 
 3469        $this->publicKey->setPublicKey();
 
 3474        $this->publicKey = $origPublicKey;
 
 3476        $currentCert = isset($this->currentCert) ? $this->currentCert : 
null;
 
 3477        $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: 
null;
 
 3480        if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert[
'publicKeyAndChallenge'])) {
 
 3481            $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
 
 3482            $this->currentCert[
'publicKeyAndChallenge'][
'spki'] = 
$publicKey;
 
 3483            if (!empty($this->challenge)) {
 
 3485                $this->currentCert[
'publicKeyAndChallenge'][
'challenge'] = $this->challenge & str_repeat(
"\x7F", strlen($this->challenge));
 
 3488            $this->currentCert = array(
 
 3489                'publicKeyAndChallenge' =>
 
 3497                        'challenge' => !empty($this->challenge) ? $this->challenge : 
'' 
 3499                    'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
 
 3500                    'signature'          => 
false  
 3506        $publicKeyAndChallenge = $this->currentCert[
'publicKeyAndChallenge'];
 
 3509        $result = $this->
_sign($this->privateKey, $signatureAlgorithm);
 
 3510        $result[
'publicKeyAndChallenge'] = $publicKeyAndChallenge;
 
 3535        $currentCert = isset($this->currentCert) ? $this->currentCert : 
null;
 
 3536        $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : 
null;
 
 3537        $thisUpdate = !empty($this->startDate) ? $this->startDate : @date(
'D, d M Y H:i:s O');
 
 3539        if (isset($crl->currentCert) && is_array($crl->currentCert) && isset($crl->currentCert[
'tbsCertList'])) {
 
 3540            $this->currentCert = $crl->currentCert;
 
 3541            $this->currentCert[
'tbsCertList'][
'signature'][
'algorithm'] = $signatureAlgorithm;
 
 3542            $this->currentCert[
'signatureAlgorithm'][
'algorithm'] = $signatureAlgorithm;
 
 3544            $this->currentCert = array(
 
 3548                        'signature' => array(
'algorithm' => $signatureAlgorithm),
 
 3550                        'thisUpdate' => $this->
_timeField($thisUpdate) 
 
 3552                    'signatureAlgorithm' => array(
'algorithm' => $signatureAlgorithm),
 
 3553                    'signature'          => 
false  
 3557        $tbsCertList = &$this->currentCert[
'tbsCertList'];
 
 3558        $tbsCertList[
'issuer'] = 
$issuer->dn;
 
 3559        $tbsCertList[
'thisUpdate'] = $this->
_timeField($thisUpdate);
 
 3561        if (!empty($this->endDate)) {
 
 3562            $tbsCertList[
'nextUpdate'] = $this->
_timeField($this->endDate); 
 
 3564            unset($tbsCertList[
'nextUpdate']);
 
 3567        if (!empty($this->serialNumber)) {
 
 3576            $crlNumber = $crlNumber !== 
false ? $crlNumber->add(
new BigInteger(1)) : 
null;
 
 3583        $version = isset($tbsCertList[
'version']) ? $tbsCertList[
'version'] : 0;
 
 3585            if (!empty($tbsCertList[
'crlExtensions'])) {
 
 3587            } elseif (!empty($tbsCertList[
'revokedCertificates'])) {
 
 3588                foreach ($tbsCertList[
'revokedCertificates'] as $cert) {
 
 3589                    if (!empty($cert[
'crlEntryExtensions'])) {
 
 3596                $tbsCertList[
'version'] = 
$version;
 
 3601        if (!empty($tbsCertList[
'version'])) { 
 
 3602            if (!empty($crlNumber)) {
 
 3606            if (isset(
$issuer->currentKeyIdentifier)) {
 
 3607                $this->
setExtension(
'id-ce-authorityKeyIdentifier', array(
 
 3613                        'keyIdentifier' => 
$issuer->currentKeyIdentifier
 
 3624            if ($issuerAltName !== 
false) {
 
 3625                $this->
setExtension(
'id-ce-issuerAltName', $issuerAltName);
 
 3629        if (empty($tbsCertList[
'revokedCertificates'])) {
 
 3630            unset($tbsCertList[
'revokedCertificates']);
 
 3633        unset($tbsCertList);
 
 3637        $tbsCertList = $this->currentCert[
'tbsCertList'];
 
 3641        $result[
'tbsCertList'] = $tbsCertList;
 
 3661            switch ($signatureAlgorithm) {
 
 3662                case 'md2WithRSAEncryption':
 
 3663                case 'md5WithRSAEncryption':
 
 3664                case 'sha1WithRSAEncryption':
 
 3665                case 'sha224WithRSAEncryption':
 
 3666                case 'sha256WithRSAEncryption':
 
 3667                case 'sha384WithRSAEncryption':
 
 3668                case 'sha512WithRSAEncryption':
 
 3669                    $key->setHash(preg_replace(
'#WithRSAEncryption$#', 
'', $signatureAlgorithm));
 
 3672                    $this->currentCert[
'signature'] = base64_encode(
"\0" . 
$key->sign($this->signatureSubject));
 
 3688        $this->startDate = @date(
'D, d M Y H:i:s O', @strtotime($date));
 
 3706        if (strtolower($date) == 
'lifetime') {
 
 3707            $temp = 
'99991231235959Z';
 
 3710            $this->endDate = 
new Element($temp);
 
 3712            $this->endDate = @date(
'D, d M Y H:i:s O', @strtotime($date));
 
 3735        $this->caFlag = 
true;
 
 3751        if (!is_array(
$root)) {
 
 3755        foreach (explode(
'/', 
$path) as 
$i) {
 
 3756            if (!is_array(
$root)) {
 
 3785        if (!isset(
$root)) {
 
 3791            case !is_array(
$root):
 
 3793            case isset(
$root[
'tbsCertificate']):
 
 3794                $path = 
'tbsCertificate/extensions';
 
 3796            case isset(
$root[
'tbsCertList']):
 
 3797                $path = 
'tbsCertList/crlExtensions';
 
 3799            case isset(
$root[
'certificationRequestInfo']):
 
 3800                $pth = 
'certificationRequestInfo/attributes';
 
 3805                        if ($value[
'type'] == 
'pkcs-9-at-extensionRequest') {
 
 3806                            $path = 
"$pth/$key/value/0";
 
 3812                        $attributes[] = array(
'type' => 
'pkcs-9-at-extensionRequest', 
'value' => array());
 
 3813                        $path = 
"$pth/$key/value/0";
 
 3821        if (!is_array($extensions)) {
 
 3841        if (!is_array($extensions)) {
 
 3846        foreach ($extensions as 
$key => $value) {
 
 3847            if ($value[
'extnId'] == 
$id) {
 
 3848                unset($extensions[
$key]);
 
 3853        $extensions = array_values($extensions);
 
 3872        if (!is_array($extensions)) {
 
 3876        foreach ($extensions as 
$key => $value) {
 
 3877            if ($value[
'extnId'] == 
$id) {
 
 3878                return $value[
'extnValue'];
 
 3896        $extensions = array();
 
 3898        if (is_array($exts)) {
 
 3899            foreach ($exts as $extension) {
 
 3900                $extensions[] = $extension[
'extnId'];
 
 3922        if (!is_array($extensions)) {
 
 3926        $newext = array(
'extnId'  => 
$id, 
'critical' => $critical, 
'extnValue' => $value);
 
 3928        foreach ($extensions as 
$key => $value) {
 
 3929            if ($value[
'extnId'] == 
$id) {
 
 3934                $extensions[
$key] = $newext;
 
 3939        $extensions[] = $newext;
 
 4015            if ($attribute[
'type'] == 
$id) {
 
 4016                $n = count($attribute[
'value']);
 
 4021                    case $disposition >= 
$n:
 
 4035                if (
$result && $disposition != self::ATTR_ALL) {
 
 4069            if ($attribute[
'type'] == 
$id) {
 
 4070                $n = count($attribute[
'value']);
 
 4076                        return $attribute[
'value'];
 
 4077                    case $disposition >= 
$n:
 
 4081                        return $attribute[
'value'][$disposition];
 
 4107                $attrs[] = $attribute[
'type'];
 
 4125        $attributes = &$this->
_subArray($this->currentCert, 
'certificationRequestInfo/attributes', 
true);
 
 4131        switch ($disposition) {
 
 4140            if ($attribute[
'type'] == 
$id) {
 
 4141                $n = count($attribute[
'value']);
 
 4146                    case $disposition >= 
$n:
 
 4157            case $disposition >= 0:
 
 4163                $attributes[] = array(
'type' => 
$id, 
'value' => $disposition == self::ATTR_ALL ? $value: array($value));
 
 4180        if (empty($value)) {
 
 4181            unset($this->currentKeyIdentifier);
 
 4183            $this->currentKeyIdentifier = base64_encode($value);
 
 4207        if (is_null(
$key)) {
 
 4212            case is_string(
$key):
 
 4214            case is_array(
$key) && isset(
$key[
'tbsCertificate'][
'subjectPublicKeyInfo'][
'subjectPublicKey']):
 
 4216            case is_array(
$key) && isset(
$key[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey']):
 
 4217                return $this->
computeKeyIdentifier(
$key[
'certificationRequestInfo'][
'subjectPKInfo'][
'subjectPublicKey'], $method);
 
 4218            case !is_object(
$key):
 
 4223                $decoded = $asn1->decodeBER(
$key->element);
 
 4224                if (empty($decoded)) {
 
 4231                $raw = base64_decode($raw);
 
 4234                if (!
$key->loadKey($raw)) {
 
 4237                if (
$key->getPrivateKey() !== 
false) {  
 
 4243                if (isset(
$key->publicKey)) {
 
 4246                if (isset(
$key->privateKey)) {
 
 4249                if (isset(
$key->currentCert[
'tbsCertificate']) || isset(
$key->currentCert[
'certificationRequestInfo'])) {
 
 4262        $hash = 
new Hash(
'sha1');
 
 4263        $hash = $hash->hash(
$key);
 
 4266            $hash = substr($hash, -8);
 
 4267            $hash[0] = chr((ord($hash[0]) & 0x0F) | 0x40);
 
 4281        if ($this->publicKey instanceof 
RSA) {
 
 4286                'algorithm' => array(
'algorithm' => 
'rsaEncryption'),
 
 4302        $this->domains = func_get_args();
 
 4304        $this->
setDNProp(
'id-at-commonName', $this->domains[0]);
 
 4315        $this->ipAddresses = func_get_args();
 
 4333        return array(
'dNSName' => 
$domain);
 
 4347        return array(
'iPAddress' => $address);
 
 4363        foreach ($rclist as 
$i => $rc) {
 
 4364            if (!($serial->compare($rc[
'userCertificate']))) {
 
 4373        $i = count($rclist);
 
 4374        $rclist[] = array(
'userCertificate' => $serial,
 
 4375                          'revocationDate'  => $this->
_timeField(@date(
'D, d M Y H:i:s O')));
 
 4389        if (isset($this->currentCert[
'tbsCertList'])) {
 
 4390            if (is_array($rclist = &$this->
_subArray($this->currentCert, 
'tbsCertList/revokedCertificates', 
true))) {
 
 4393                        if (!empty($date)) {
 
 4394                            $rclist[
$i][
'revocationDate'] = $this->
_timeField($date);
 
 4415        if (is_array($rclist = &$this->
_subArray($this->currentCert, 
'tbsCertList/revokedCertificates'))) {
 
 4418                $rclist = array_values($rclist);
 
 4435        if (is_array($rclist = $this->
_subArray($this->currentCert, 
'tbsCertList/revokedCertificates'))) {
 
 4457        if (!isset($crl[
'tbsCertList'])) {
 
 4463        if (is_array($rclist = $this->
_subArray($crl, 
'tbsCertList/revokedCertificates'))) {
 
 4464            foreach ($rclist as $rc) {
 
 4465                $result[] = $rc[
'userCertificate']->toString();
 
 4482        if (is_array($rclist = &$this->
_subArray($this->currentCert, 
'tbsCertList/revokedCertificates'))) {
 
 4484                return $this->
_removeExtension(
$id, 
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
 
 4508        if (is_array($rclist = $this->
_subArray($crl, 
'tbsCertList/revokedCertificates'))) {
 
 4510                return $this->
_getExtension(
$id, $crl,  
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
 
 4531        if (is_array($rclist = $this->
_subArray($crl, 
'tbsCertList/revokedCertificates'))) {
 
 4533                return $this->
_getExtensions($crl, 
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
 
 4553        if (isset($this->currentCert[
'tbsCertList'])) {
 
 4554            if (is_array($rclist = &$this->
_subArray($this->currentCert, 
'tbsCertList/revokedCertificates', 
true))) {
 
 4556                    return $this->
_setExtension(
$id, $value, $critical, $replace, 
"tbsCertList/revokedCertificates/$i/crlEntryExtensions");
 
 4582        $temp = preg_replace(
'#.*?^-+[^-]+-+[\r\n ]*$#ms', 
'', $str, 1);
 
 4584        $temp = preg_replace(
'#-+[^-]+-+#', 
'', $temp);
 
 4586        $temp = str_replace(array(
"\r", 
"\n", 
' '), 
'', $temp);
 
 4587        $temp = preg_match(
'#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : 
false;
 
 4588        return $temp != 
false ? $temp : $str;
 
 4612        if (!isset($reverseMap)) {
 
 4613            $reverseMap = array_flip($this->oids);
 
catch(Exception $e) if(!($request instanceof \SAML2\ArtifactResolve)) $issuer
if(!array_key_exists('domain', $_REQUEST)) $domain
An exception for terminatinating execution or to throw for unit testing.
const PUBLIC_FORMAT_PKCS1
PKCS#1 formatted public key (raw)
const SIGNATURE_PKCS1
Use the PKCS#1 scheme by default.
static string($length)
Generate a random string.
const TYPE_PRINTABLE_STRING
const TYPE_OBJECT_IDENTIFIER
const TYPE_TELETEX_STRING
const TYPE_GENERALIZED_TIME
const TYPE_UNIVERSAL_STRING
const TYPE_VISIBLE_STRING
const CLASS_CONTEXT_SPECIFIC
const TYPE_NUMERIC_STRING
#-
setStartDate($date)
Set certificate start date.
& _extensions(&$root, $path=null, $create=false)
Get a reference to an extension subarray.
_getMapping($extnId)
Associate an extension ID to an extension mapping.
$IssuingDistributionPoint
const FORMAT_AUTO_DETECT
Auto-detect the format.
setKeyIdentifier($value)
Sets the subject key identifier.
getChain()
Get the certificate chain for the current cert.
setRevokedCertificateExtension($serial, $id, $value, $critical=false, $replace=true)
Set a Revoked Certificate Extension.
$DirectoryString
#+ ASN.1 syntax for various extensions
validateDate($date=null)
Validate a date.
getOID($name)
Returns the OID corresponding to a name.
setDNProp($propName, $propValue, $type='utf8String')
Set a Distinguished Name property.
getDNProp($propName, $dn=null, $withType=false)
Get Distinguished Name properties.
_mapInExtensions(&$root, $path, $asn1)
Map extension values from octet string to extension-specific internal format.
_sign($key, $signatureAlgorithm)
X.509 certificate signing helper function.
getAttribute($id, $disposition=self::ATTR_ALL, $csr=null)
Get a CSR attribute.
setPrivateKey($key)
Set private key.
_formatSubjectPublicKey()
Format a public key as appropriate.
_setExtension($id, $value, $critical=false, $replace=true, $path=null)
Set an Extension.
const DN_CANON
Return canonical ASN.1 RDNs string.
getExtensions($cert=null)
Returns a list of all extensions in use in certificate, CSR or CRL.
_validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
Validates a signature.
getPublicKey()
Gets the public key.
& _subArray(&$root, $path, $create=false)
Get a reference to a subarray.
saveX509($cert, $format=self::FORMAT_PEM)
Save X.509 certificate.
setPublicKey($key)
Set public key.
_revokedCertificate(&$rclist, $serial, $create=false)
Get the index of a revoked certificate.
signSPKAC($signatureAlgorithm='sha1WithRSAEncryption')
Sign a SPKAC.
__construct()
Default Constructor.
const DN_OPENSSL
Return OpenSSL compatible array.
setSerialNumber($serial, $base=-256)
Set Serial Number.
loadCA($cert)
Load an X.509 certificate as a certificate authority.
makeCA()
Turns the certificate into a certificate authority.
listRevoked($crl=null)
List revoked certificates.
setIPAddress()
Set the IP Addresses's which the cert is to be valid for.
computeKeyIdentifier($key=null, $method=1)
Compute a public key identifier.
setAttribute($id, $value, $disposition=self::ATTR_ALL)
Set a CSR attribute.
saveCRL($crl, $format=self::FORMAT_PEM)
Save Certificate Revocation List.
sign($issuer, $subject, $signatureAlgorithm='sha1WithRSAEncryption')
Sign an X.509 certificate.
loadCRL($crl, $mode=self::FORMAT_AUTO_DETECT)
Load a Certificate Revocation List.
getRevokedCertificateExtensions($serial, $crl=null)
Returns a list of all extensions in use for a given revoked certificate.
const DN_STRING
Return string.
_dnsName($domain)
Helper function to build domain array.
getExtension($id, $cert=null)
Get a certificate, CSR or CRL Extension.
getAttributes($csr=null)
Returns a list of all CSR attributes in use.
$AuthorityInfoAccessSyntax
unrevoke($serial)
Unrevoke a certificate.
saveSPKAC($spkac, $format=self::FORMAT_PEM)
Save a SPKAC CSR request.
const DN_ASN1
Return ASN.1 name string.
setDomain()
Set the domain name's which the cert is to be valid for.
revoke($serial, $date=null)
Revoke a certificate.
_encodeIP($ip)
Encodes an IP address.
_getExtensions($cert=null, $path=null)
Returns a list of all extensions in use.
_iPAddress($address)
Helper function to build IP Address array.
removeDNProp($propName)
Remove Distinguished Name properties.
signCSR($signatureAlgorithm='sha1WithRSAEncryption')
Sign a CSR.
const VALIDATE_SIGNATURE_BY_CA
Flag to only accept signatures signed by certificate authorities.
getSubjectDN($format=self::DN_ARRAY)
Get the Distinguished Name for a certificate/csr subject Alias of getDN()
removeExtension($id)
Remove a certificate, CSR or CRL Extension.
getSubjectDNProp($propName, $withType=false)
Get an individual Distinguished Name property for a certificate/csr subject.
getIssuerDNProp($propName, $withType=false)
Get an individual Distinguished Name property for a certificate/crl issuer.
setEndDate($date)
Set certificate end date.
_removeExtension($id, $path=null)
Remove an Extension.
setChallenge($challenge)
Set challenge.
loadSPKAC($spkac)
Load a SPKAC CSR.
const FORMAT_DER
Save as DER.
_reformatKey($algorithm, $key)
Reformat public keys.
validateURL($url)
Validate an X.509 certificate against a URL.
const DN_ARRAY
#+ @access public
loadX509($cert, $mode=self::FORMAT_AUTO_DETECT)
Load X.509 certificate.
getIssuerDN($format=self::DN_ARRAY)
Get the Distinguished Name for a certificate/crl issuer.
setDN($dn, $merge=false, $type='utf8String')
Set a Distinguished Name.
_getExtension($id, $cert=null, $path=null)
Get an Extension.
_mapOutExtensions(&$root, $path, $asn1)
Map extension values from extension-specific internal format to octet string.
const FORMAT_SPKAC
Save as a SPKAC.
validateSignature($caonly=true)
Validate a signature.
getRevoked($serial)
Get a revoked certificate.
removeRevokedCertificateExtension($serial, $id)
Remove a Revoked Certificate Extension.
_timeField($date)
Helper function to build a time field according to RFC 3280 section.
_decodeIP($ip)
Decodes an IP address.
$RelativeDistinguishedName
getRevokedCertificateExtension($serial, $id, $crl=null)
Get a Revoked Certificate Extension.
getDN($format=self::DN_ARRAY, $dn=null)
Get the Distinguished Name for a certificates subject.
_mapOutAttributes(&$root, $path, $asn1)
Map attribute values from attribute-specific internal format to ANY type.
$SignedPublicKeyAndChallenge
_extractBER($str)
Extract raw BER from Base64 encoding.
loadCSR($csr, $mode=self::FORMAT_AUTO_DETECT)
Load a Certificate Signing Request.
const DN_HASH
Return name hash for file indexing.
_translateDNProp($propName)
"Normalizes" a Distinguished Name property
saveCSR($csr, $format=self::FORMAT_PEM)
Save CSR request.
setExtension($id, $value, $critical=false, $replace=true)
Set a certificate, CSR or CRL Extension.
_mapInAttributes(&$root, $path, $asn1)
Map attribute values from ANY type to attribute-specific internal format.
removeAttribute($id, $disposition=self::ATTR_ALL)
Remove a CSR attribute.
signCRL($issuer, $crl, $signatureAlgorithm='sha1WithRSAEncryption')
Sign a CRL.
if(!array_key_exists('StateId', $_REQUEST)) $id
if(array_key_exists('yes', $_REQUEST)) $attributes
Pure-PHP arbitrary precision integer arithmetic library.
Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic...
Pure-PHP PKCS#1 compliant implementation of RSA.
echo;exit;}function LogoutNotification($SessionID){ global $ilDB;$q="SELECT session_id, data FROM usr_session WHERE expires > (\w+)\|/" PREG_SPLIT_NO_EMPTY PREG_SPLIT_DELIM_CAPTURE