/**
* on older versions of File_ASN1 this would produce a null instead of an array
* @group github275
*/
public function testIncorrectString()
{
$PA_DATA = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('padata-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata-value' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING)));
$PrincipalName = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('name-type' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'name-string' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('type' => FILE_ASN1_TYPE_IA5_STRING))));
$Ticket = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('tkt-vno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'realm' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'sname' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'enc-part' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY)));
$KDC_REP = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('pvno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'msg-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $PA_DATA), 'crealm' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING), 'cname' => array('constant' => 4, 'optional' => true, 'explicit' => true) + $PrincipalName, 'ticket' => array('constant' => 5, 'optional' => true, 'implicit' => true, 'min' => 0, 'max' => 1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $Ticket), 'enc-part' => array('constant' => 6, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY)));
$AS_REP = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 11, 'optional' => true, 'explicit' => true) + $KDC_REP;
$str = 'a4IC3jCCAtqgAwIBBaEDAgELoi8wLTAroQMCAROiJAQiMCAwHqADAgEXoRcbFUNSRUFUVUlUWS5ORVR0ZXN0dXNlcqMPGw' . '1DUkVBVFVJVFkuTkVUpBUwE6ADAgEBoQwwChsIdGVzdHVzZXKlggFOYYIBSjCCAUagAwIBBaEPGw1DUkVBVFVJVFkuTkVU' . 'oiIwIKADAgECoRkwFxsGa3JidGd0Gw1DUkVBVFVJVFkuTkVUo4IBCDCCAQSgAwIBF6EDAgEBooH3BIH0AQlxgm/j4z74Ki' . 'GsJJnROhh8JAiN7pdvlnkxCYKdG6UgdfK/K0NZ+yz+Xg4kgFO1cQ4XYT4Fm3MTmOHzlFmbzlVkUqBI/RnWA9YTREC9Q7Mf' . 'PPYfRxRG/C6FlahxHCOKj9GUj7bXg7Oq3Sm+QsKTS2bZT05biNf1s7tPCkdIOO0AAd7hvTCpTNAKl+OLN4cpA6pwwk5c3h' . '58Ce5/Uri5yBmrfwgkCD5AJUAI/WH56SEEvpifLc6C96w/7y2krAiZm5PyEO0HVhTzUjKGSHoSMb+Z3HI/ul+G9z0Z4qDu' . 'NjvgP0jKdrKiwWN00NjpiQ0byZd4y6aCASEwggEdoAMCAReiggEUBIIBEHyi8DIbdcfw2DpniBJ3Sh8dDaEbQx+gWx3omC' . 'TBEyts4sQGTwgQcqkWfeer8M+SkZs/GGZq2YYkyeF+9b6TxlYuX145NuB3KcyzaS7VNrX37E5nGgG8K6r5gTFOhLCqsjjv' . 'gPXXqLeJo5D1nV+c8BPIEVsu/bbBPgSqpDwUs2mX1WkEg5vfb7kZMC8+LHiRy+sItvIiTtxxEsQ/GEF/ono3hZrEnDa/C+' . '4P3wep6uNMLnLzXJmUaAMaopjE+MOcai/t6T9Vg4pERF5Waqwg5ibAbVGK19HuS4LiKiaY3JsyYBuNkEDwiqM7i1Ekw3V+' . '+zoEIxqgXjGgPdrWkzU/H6rnXiqMtiZZqUXwWY0zkCmy';
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER(base64_decode($str));
$result = $asn1->asn1map($decoded[0], $AS_REP);
$this->assertInternalType('array', $result);
}
/**
* Compute a public key identifier.
*
* Although key identifiers may be set to any unique value, this function
* computes key identifiers from public key according to the two
* recommended methods (4.2.1.2 RFC 3280).
* Highly polymorphic: try to accept all possible forms of key:
* - Key object
* - File_X509 object with public or private key defined
* - Certificate or CSR array
* - File_ASN1_Element object
* - PEM or DER string
*
* @param Mixed $key optional
* @param Integer $method optional
* @access public
* @return String binary key identifier
*/
function computeKeyIdentifier($key = NULL, $method = 1)
{
if (is_null($key)) {
$key = $this;
}
switch (true) {
case is_string($key):
break;
case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method);
case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method);
case !is_object($key):
return false;
case strtolower(get_class($key)) == 'file_asn1_element':
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER($cert);
if (empty($decoded)) {
return false;
}
$key = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING));
break;
case strtolower(get_class($key)) == 'file_x509':
if (isset($key->publicKey)) {
return $this->computeKeyIdentifier($key->publicKey, $method);
}
if (isset($key->privateKey)) {
return $this->computeKeyIdentifier($key->privateKey, $method);
}
if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) {
return $this->computeKeyIdentifier($key->currentCert, $method);
}
return false;
default:
// Should be a key object (i.e.: Crypt_RSA).
$key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW);
break;
}
// If in PEM format, convert to binary.
if (preg_match('#^-----BEGIN #', $key)) {
$key = base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $key));
}
// Now we have the key string: compute its sha-1 sum.
require_once 'Crypt/Hash.php';
$hash = new Crypt_Hash('sha1');
$hash = $hash->hash($key);
if ($method == 2) {
$hash = substr($hash, -8);
$hash[0] = chr(ord($hash[0]) & 0xf | 0x40);
}
return $hash;
}
/**
* Compute a public key identifier.
*
* Although key identifiers may be set to any unique value, this function
* computes key identifiers from public key according to the two
* recommended methods (4.2.1.2 RFC 3280).
* Highly polymorphic: try to accept all possible forms of key:
* - Key object
* - File_X509 object with public or private key defined
* - Certificate or CSR array
* - File_ASN1_Element object
* - PEM or DER string
*
* @param Mixed $key
* optional
* @param Integer $method
* optional
* @access public
* @return String binary key identifier
*/
function computeKeyIdentifier($key = null, $method = 1)
{
if (is_null($key)) {
$key = $this;
}
switch (true) {
case is_string($key):
break;
case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method);
case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method);
case !is_object($key):
return false;
case strtolower(get_class($key)) == 'file_asn1_element':
// Assume the element is a bitstring-packed key.
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER($key->element);
if (empty($decoded)) {
return false;
}
$raw = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING));
if (empty($raw)) {
return false;
}
$raw = base64_decode($raw);
// If the key is private, compute identifier from its
// corresponding public key.
if (!class_exists('Crypt_RSA')) {
include_once 'Crypt/RSA.php';
}
$key = new Crypt_RSA();
if (!$key->loadKey($raw)) {
return false;
// Not an unencrypted RSA key.
}
if ($key->getPrivateKey() !== false) {
// If private.
return $this->computeKeyIdentifier($key, $method);
}
$key = $raw;
// Is a public key.
break;
case strtolower(get_class($key)) == 'file_x509':
if (isset($key->publicKey)) {
return $this->computeKeyIdentifier($key->publicKey, $method);
}
if (isset($key->privateKey)) {
return $this->computeKeyIdentifier($key->privateKey, $method);
}
if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) {
return $this->computeKeyIdentifier($key->currentCert, $method);
}
return false;
default:
// Should be a key object (i.e.: Crypt_RSA).
$key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
break;
}
// If in PEM format, convert to binary.
$key = $this->_extractBER($key);
// Now we have the key string: compute its sha-1 sum.
if (!class_exists('Crypt_Hash')) {
include_once 'Crypt/Hash.php';
}
$hash = new Crypt_Hash('sha1');
$hash = $hash->hash($key);
if ($method == 2) {
$hash = substr($hash, -8);
$hash[0] = chr(ord($hash[0]) & 0xf | 0x40);
}
return $hash;
}
/**
* Load a Certificate Signing Request
*
* @param String $csr
* @access public
* @return Mixed
*/
function loadCSR($csr)
{
// see http://tools.ietf.org/html/rfc2986
$asn1 = new File_ASN1();
$csr = preg_replace('#^(?:[^-].+[\\r\\n]+)+|-.+-|[\\r\\n]#', '', $csr);
$orig = $csr = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $csr) ? base64_decode($csr) : false;
if ($csr === false) {
$this->currentCert = false;
return false;
}
$asn1->loadOIDs($this->oids);
$decoded = $asn1->decodeBER($csr);
$csr = $asn1->asn1map($decoded[0], $this->CertificationRequest);
if (!isset($csr) || $csr === false) {
$this->currentCert = false;
return false;
}
$this->dn = $csr['certificationRequestInfo']['subject'];
$this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
$algorithm =& $csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm'];
$key =& $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'];
$key = $this->_reformatKey($algorithm, $key);
switch ($algorithm) {
case 'rsaEncryption':
if (!class_exists('Crypt_RSA')) {
require_once 'Crypt/RSA.php';
}
$this->publicKey = new Crypt_RSA();
$this->publicKey->loadKey($key);
$this->publicKey->setPublicKey();
break;
default:
$this->publicKey = NULL;
}
$this->currentCert = $csr;
return $csr;
}
/**
* Load a Certificate Revocation List
*
* @param String $crl
*
* @access public
* @return Mixed
*/
function loadCRL($crl)
{
if (is_array($crl) && isset($crl['tbsCertList'])) {
$this->currentCert = $crl;
unset($this->signatureSubject);
return $crl;
}
$asn1 = new File_ASN1();
$crl = $this->_extractBER($crl);
$orig = $crl;
if ($crl === false) {
$this->currentCert = false;
return false;
}
$asn1->loadOIDs($this->oids);
$decoded = $asn1->decodeBER($crl);
if (empty($decoded)) {
$this->currentCert = false;
return false;
}
$crl = $asn1->asn1map($decoded[0], $this->CertificateList);
if (!isset($crl) || $crl === false) {
$this->currentCert = false;
return false;
}
$this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
$this->_mapInExtensions($crl, 'tbsCertList/crlExtensions', $asn1);
$rclist =& $this->_subArray($crl, 'tbsCertList/revokedCertificates');
if (is_array($rclist)) {
foreach ($rclist as $i => $extension) {
$this->_mapInExtensions($rclist, "{$i}/crlEntryExtensions", $asn1);
}
}
$this->currentKeyIdentifier = null;
$this->currentCert = $crl;
return $crl;
}
