/** * @group github602 */ public function testEmptyContextTag() { $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER("�"); $this->assertInternalType('array', $decoded); $this->assertCount(0, $decoded[0]['content']); }
public function testDefiniteLength() { // the following base64-encoded string is the X.509 cert from <http://phpseclib.sourceforge.net/x509/decoder.php> $str = 'MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM' . 'MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg' . 'THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x' . 'MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh' . 'MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw' . 'FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC' . 'gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy' . 'wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B' . 'd3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM' . 'BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl' . 'LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF' . 'BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw' . 'Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0' . 'ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF' . 'AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp' . 'ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le' . 'IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q=='; $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER(base64_decode($str)); $this->assertCount(3, $decoded[0]['content']); }
/** * on older versions of File_ASN1 this would produce a null instead of an array * @group github275 */ public function testIncorrectString() { $PA_DATA = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('padata-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata-value' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING))); $PrincipalName = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('name-type' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'name-string' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('type' => FILE_ASN1_TYPE_IA5_STRING)))); $Ticket = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('tkt-vno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'realm' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'sname' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'enc-part' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY))); $KDC_REP = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('pvno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'msg-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $PA_DATA), 'crealm' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING), 'cname' => array('constant' => 4, 'optional' => true, 'explicit' => true) + $PrincipalName, 'ticket' => array('constant' => 5, 'optional' => true, 'implicit' => true, 'min' => 0, 'max' => 1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $Ticket), 'enc-part' => array('constant' => 6, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY))); $AS_REP = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 11, 'optional' => true, 'explicit' => true) + $KDC_REP; $str = 'a4IC3jCCAtqgAwIBBaEDAgELoi8wLTAroQMCAROiJAQiMCAwHqADAgEXoRcbFUNSRUFUVUlUWS5ORVR0ZXN0dXNlcqMPGw' . '1DUkVBVFVJVFkuTkVUpBUwE6ADAgEBoQwwChsIdGVzdHVzZXKlggFOYYIBSjCCAUagAwIBBaEPGw1DUkVBVFVJVFkuTkVU' . 'oiIwIKADAgECoRkwFxsGa3JidGd0Gw1DUkVBVFVJVFkuTkVUo4IBCDCCAQSgAwIBF6EDAgEBooH3BIH0AQlxgm/j4z74Ki' . 'GsJJnROhh8JAiN7pdvlnkxCYKdG6UgdfK/K0NZ+yz+Xg4kgFO1cQ4XYT4Fm3MTmOHzlFmbzlVkUqBI/RnWA9YTREC9Q7Mf' . 'PPYfRxRG/C6FlahxHCOKj9GUj7bXg7Oq3Sm+QsKTS2bZT05biNf1s7tPCkdIOO0AAd7hvTCpTNAKl+OLN4cpA6pwwk5c3h' . '58Ce5/Uri5yBmrfwgkCD5AJUAI/WH56SEEvpifLc6C96w/7y2krAiZm5PyEO0HVhTzUjKGSHoSMb+Z3HI/ul+G9z0Z4qDu' . 'NjvgP0jKdrKiwWN00NjpiQ0byZd4y6aCASEwggEdoAMCAReiggEUBIIBEHyi8DIbdcfw2DpniBJ3Sh8dDaEbQx+gWx3omC' . 'TBEyts4sQGTwgQcqkWfeer8M+SkZs/GGZq2YYkyeF+9b6TxlYuX145NuB3KcyzaS7VNrX37E5nGgG8K6r5gTFOhLCqsjjv' . 'gPXXqLeJo5D1nV+c8BPIEVsu/bbBPgSqpDwUs2mX1WkEg5vfb7kZMC8+LHiRy+sItvIiTtxxEsQ/GEF/ono3hZrEnDa/C+' . '4P3wep6uNMLnLzXJmUaAMaopjE+MOcai/t6T9Vg4pERF5Waqwg5ibAbVGK19HuS4LiKiaY3JsyYBuNkEDwiqM7i1Ekw3V+' . '+zoEIxqgXjGgPdrWkzU/H6rnXiqMtiZZqUXwWY0zkCmy'; $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER(base64_decode($str)); $result = $asn1->asn1map($decoded[0], $AS_REP); $this->assertInternalType('array', $result); }
/** * Compute a public key identifier. * * Although key identifiers may be set to any unique value, this function * computes key identifiers from public key according to the two * recommended methods (4.2.1.2 RFC 3280). * Highly polymorphic: try to accept all possible forms of key: * - Key object * - File_X509 object with public or private key defined * - Certificate or CSR array * - File_ASN1_Element object * - PEM or DER string * * @param Mixed $key optional * @param Integer $method optional * @access public * @return String binary key identifier */ function computeKeyIdentifier($key = NULL, $method = 1) { if (is_null($key)) { $key = $this; } switch (true) { case is_string($key): break; case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method); case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method); case !is_object($key): return false; case strtolower(get_class($key)) == 'file_asn1_element': $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER($cert); if (empty($decoded)) { return false; } $key = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING)); break; case strtolower(get_class($key)) == 'file_x509': if (isset($key->publicKey)) { return $this->computeKeyIdentifier($key->publicKey, $method); } if (isset($key->privateKey)) { return $this->computeKeyIdentifier($key->privateKey, $method); } if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) { return $this->computeKeyIdentifier($key->currentCert, $method); } return false; default: // Should be a key object (i.e.: Crypt_RSA). $key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW); break; } // If in PEM format, convert to binary. if (preg_match('#^-----BEGIN #', $key)) { $key = base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $key)); } // Now we have the key string: compute its sha-1 sum. require_once 'Crypt/Hash.php'; $hash = new Crypt_Hash('sha1'); $hash = $hash->hash($key); if ($method == 2) { $hash = substr($hash, -8); $hash[0] = chr(ord($hash[0]) & 0xf | 0x40); } return $hash; }
/** * Compute a public key identifier. * * Although key identifiers may be set to any unique value, this function * computes key identifiers from public key according to the two * recommended methods (4.2.1.2 RFC 3280). * Highly polymorphic: try to accept all possible forms of key: * - Key object * - File_X509 object with public or private key defined * - Certificate or CSR array * - File_ASN1_Element object * - PEM or DER string * * @param Mixed $key * optional * @param Integer $method * optional * @access public * @return String binary key identifier */ function computeKeyIdentifier($key = null, $method = 1) { if (is_null($key)) { $key = $this; } switch (true) { case is_string($key): break; case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method); case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method); case !is_object($key): return false; case strtolower(get_class($key)) == 'file_asn1_element': // Assume the element is a bitstring-packed key. $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER($key->element); if (empty($decoded)) { return false; } $raw = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING)); if (empty($raw)) { return false; } $raw = base64_decode($raw); // If the key is private, compute identifier from its // corresponding public key. if (!class_exists('Crypt_RSA')) { include_once 'Crypt/RSA.php'; } $key = new Crypt_RSA(); if (!$key->loadKey($raw)) { return false; // Not an unencrypted RSA key. } if ($key->getPrivateKey() !== false) { // If private. return $this->computeKeyIdentifier($key, $method); } $key = $raw; // Is a public key. break; case strtolower(get_class($key)) == 'file_x509': if (isset($key->publicKey)) { return $this->computeKeyIdentifier($key->publicKey, $method); } if (isset($key->privateKey)) { return $this->computeKeyIdentifier($key->privateKey, $method); } if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) { return $this->computeKeyIdentifier($key->currentCert, $method); } return false; default: // Should be a key object (i.e.: Crypt_RSA). $key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1); break; } // If in PEM format, convert to binary. $key = $this->_extractBER($key); // Now we have the key string: compute its sha-1 sum. if (!class_exists('Crypt_Hash')) { include_once 'Crypt/Hash.php'; } $hash = new Crypt_Hash('sha1'); $hash = $hash->hash($key); if ($method == 2) { $hash = substr($hash, -8); $hash[0] = chr(ord($hash[0]) & 0xf | 0x40); } return $hash; }
/** * Set certificate end date * * @param String $date * @access public */ function setEndDate($date) { /* To indicate that a certificate has no well-defined expiration date, the notAfter SHOULD be assigned the GeneralizedTime value of 99991231235959Z. -- http://tools.ietf.org/html/rfc5280#section-4.1.2.5 */ if (strtolower($date) == 'lifetime') { $temp = '99991231235959Z'; $asn1 = new File_ASN1(); $temp = chr(FILE_ASN1_TYPE_GENERALIZED_TIME) . $asn1->_encodeLength(strlen($temp)) . $temp; $this->endDate = new File_ASN1_Element($temp); } else { $this->endDate = @date('M j H:i:s Y T', @strtotime($date)); } }
BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0 ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q== -----END CERTIFICATE-----</textarea><br /> Upload certificate:<br /> <input name="pem" type="file" /><br /> <input type="submit" value="Decode" /> </form> <?php } else { echo '<pre style="whitespace: nowrap">'; include_once 'File/ASN1.php'; $asn1 = new File_ASN1(); $str = !strlen($_FILES['pem']['tmp_name']) ? $_POST['cert'] : file_get_contents($_FILES['pem']['tmp_name']); /* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie. some may have the following preceeding the -----BEGIN CERTIFICATE----- line: Bag Attributes localKeyID: 01 00 00 00 subject=/O=organization/OU=org unit/CN=common name issuer=/O=organization/CN=common name */ $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1); // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff $temp = preg_replace('#-+[^-]+-+#', '', $temp); // remove new lines $temp = str_replace(array("\r", "\n", ' '), '', $temp);
/** * @group github477 */ public function testContextSpecificNonConstructed() { $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER(base64_decode('MBaAFJtUo7c00HsI5EPZ4bkICfkOY2Pv')); $this->assertInternalType('string', $decoded[0]['content'][0]['content']); }
/** * Determines the S/MIME type of a part. Uses the smime-type content * parameter (if it exists), and falls back to ASN.1 parsing of data if * it doesn't exist. * * @param Horde_Mime_Part $part MIME part with S/MIME data. * * @return string 'signed-data', 'enveloped-data', or null. */ protected function _getSmimeType(Horde_Mime_Part $part) { if ($type = $part->getContentTypeParameter('smime-type')) { return strtolower($type); } if (!class_exists('File_ASN1')) { return null; } $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER($part->getContents()); foreach ($decoded as $val) { if ($val['type'] == FILE_ASN1_TYPE_SEQUENCE) { foreach ($val['content'] as $val2) { if ($val2['type'] == FILE_ASN1_TYPE_OBJECT_IDENTIFIER) { /* ASN.1 values from STD 70/RFC 5652 - CMS syntax */ switch ($val2['content']) { case '1.2.840.113549.1.7.2': return 'signed-data'; case '1.2.840.113549.1.7.3': return 'enveloped-data'; default: // Other types not supported as of now. return null; } } } } } return null; }