/**
* Save CSR request
*
* @param Array $csr
* @access public
* @return String
*/
function saveCSR($csr)
{
if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) {
return false;
}
switch ($csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm']) {
case 'rsaEncryption':
$csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'] = base64_encode("" . base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])));
}
$asn1 = new File_ASN1();
$asn1->loadOIDs($this->oids);
$filters = array();
$filters['certificationRequestInfo']['subject']['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
$asn1->loadFilters($filters);
$csr = $asn1->encodeDER($csr, $this->CertificationRequest);
return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr)) . '-----END CERTIFICATE REQUEST-----';
}
/**
* Save Certificate Revocation List.
*
* @param Array $crl
* @access public
* @return String
*/
function saveCRL($crl)
{
if (!is_array($crl) || !isset($crl['tbsCertList'])) {
return false;
}
$asn1 = new File_ASN1();
$asn1->loadOIDs($this->oids);
$filters = array();
$filters['tbsCertList']['issuer']['rdnSequence']['value'] = $filters['tbsCertList']['signature']['parameters'] = $filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
if (empty($crl['tbsCertList']['signature']['parameters'])) {
$filters['tbsCertList']['signature']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL);
}
if (empty($crl['signatureAlgorithm']['parameters'])) {
$filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL);
}
$asn1->loadFilters($filters);
$this->_mapOutExtensions($crl, 'tbsCertList/crlExtensions', $asn1);
$rclist =& $this->_subArray($crl, 'tbsCertList/revokedCertificates');
if (is_array($rclist)) {
foreach ($rclist as $i => $extension) {
$this->_mapOutExtensions($rclist, "{$i}/crlEntryExtensions", $asn1);
}
}
$crl = $asn1->encodeDER($crl, $this->CertificateList);
return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl)) . '-----END X509 CRL-----';
}
/**
* Load a Certificate Signing Request
*
* @param String $csr
* @access public
* @return Mixed
*/
function loadCSR($csr)
{
// see http://tools.ietf.org/html/rfc2986
$asn1 = new File_ASN1();
$csr = preg_replace('#^(?:[^-].+[\\r\\n]+)+|-.+-|[\\r\\n]#', '', $csr);
$orig = $csr = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $csr) ? base64_decode($csr) : false;
if ($csr === false) {
return false;
}
$asn1->loadOIDs($this->oids);
$decoded = $asn1->decodeBER($csr);
$csr = $asn1->asn1map($decoded[0], $this->CertificationRequest);
if (!isset($csr) || $csr === false) {
return false;
}
$this->dn = $csr['certificationRequestInfo']['subject'];
$this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
$algorithm =& $csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm'];
$key =& $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'];
$key = $this->_reformatKey($algorithm, $key);
switch ($algorithm) {
case 'rsaEncryption':
if (!class_exists('Crypt_RSA')) {
require_once 'Crypt/RSA.php';
}
$this->publicKey = new Crypt_RSA();
$this->publicKey->loadKey($key);
$this->publicKey->setPublicKey();
break;
default:
$this->publicKey = NULL;
}
$this->currentCert = $csr;
return $csr;
}
