/** * @param CertificateValidatorInterface|NULL $certValidator * @param string $blob * @return AppMetasMessage * Validated message. * @throws InvalidMessageException */ public static function decode($certValidator, $blob) { $parts = explode(Constants::PROTOCOL_DELIM, $blob, 4); if (count($parts) != 4) { throw new InvalidMessageException('Invalid message: insufficient parameters'); } list($wireProt, $wireCert, $wireSig, $wireEnvelope) = $parts; if ($wireProt != self::NAME) { throw new InvalidMessageException('Invalid message: wrong protocol name'); } if ($certValidator !== NULL) { $certValidator->validateCert($wireCert); $wireCertX509 = new \File_X509(); $wireCertX509->loadX509($wireCert); $cn = $wireCertX509->getDNProp('CN'); if (count($cn) != 1 || $cn[0] != Constants::OFFICIAL_APPMETAS_CN) { throw new InvalidMessageException('Invalid message: signed by unauthorized party'); } $isValid = UserError::adapt('Civi\\Cxn\\Rpc\\Exception\\InvalidMessageException', function () use($wireCertX509, $wireEnvelope, $wireSig) { return AppMetasMessage::getRsaFromCert($wireCertX509)->verify($wireEnvelope, base64_decode($wireSig)); }); if (!$isValid) { throw new InvalidMessageException("Invalid message: incorrect signature"); } } $envelope = json_decode($wireEnvelope, TRUE); if (empty($envelope)) { throw new InvalidMessageException("Invalid message: malformed envelope"); } if (Time::getTime() > $envelope['ttl']) { throw new InvalidMessageException("Invalid message: expired"); } return new AppMetasMessage($wireCert, NULL, json_decode($envelope['r'], TRUE)); }
// $CA_Certificate->setExtension( 'id-ce-authorityKeyIdentifier', // $CA_Certificate->setKeyIdentifier ( base64_decode ( // 'sv4hI0SGlWp51YEmjnMQ2KdMjnQ=' ) ), false ); // Get And Store DeviceCertRequest Public Key. $DeviceCertRequest = base64_decode($DeviceCertRequest); $iPhoneDeviceVect = openssl_pkey_get_details(openssl_csr_get_public_key($DeviceCertRequest)); $iPhoneDevicePublicKey = $iPhoneDeviceVect['key']; file_put_contents($DeviceCertRequest_PublicFile, $iPhoneDevicePublicKey); // Load DeviceCertRequest Public Key. $DeviceCertRequest_PublicKey = new Crypt_RSA(); $DeviceCertRequest_PublicKey->loadKey(file_get_contents($DeviceCertRequest_PublicFile)); $DeviceCertRequest_PublicKey->setPublicKey(); // Load CSR And get DN. $DeviceCertRequest_CR = new File_X509(); $DeviceCertRequest_CR->loadCSR($DeviceCertRequest); $doulCi_DN = $DeviceCertRequest_CR->getDNProp('id-at-commonName'); // Build the new Device Certificate. $iPhoneDeviceCA = new File_X509(); // $iPhoneDeviceCA->loadCA ( $iPhoneDeviceCA ); $iPhoneDeviceCA->setPublicKey($DeviceCertRequest_PublicKey); $iPhoneDeviceCA->setDN($DeviceCertRequest_CR->getDN(true)); $iPhoneDeviceCA->removeDNProp('id-at-commonName'); $iPhoneDeviceCA->setDN(array('rdnSequence' => array(array(array('type' => 'id-at-commonName', 'value' => array('ia5String' => $doulCi_DN)))))); $iPhoneDeviceCA->setStartDate('-1 day'); $iPhoneDeviceCA->setEndDate('+ 3 year'); $iPhoneDeviceCA->setSerialNumber('1184677871349854983709', 10); // Sign Device Certificate. $DeviceCertificate = $iPhoneDeviceCA->sign($CA_Certificate, $DeviceCertRequest_CR); // $iPhoneDeviceCA = new File_X509 (); $iPhoneDeviceCA->loadX509($DeviceCertificate); // $iPhoneDeviceCA->setPrivateKey ( $CA_Key );