/**
* @param CertificateValidatorInterface|NULL $certValidator
* @param string $blob
* @return AppMetasMessage
* Validated message.
* @throws InvalidMessageException
*/
public static function decode($certValidator, $blob)
{
$parts = explode(Constants::PROTOCOL_DELIM, $blob, 4);
if (count($parts) != 4) {
throw new InvalidMessageException('Invalid message: insufficient parameters');
}
list($wireProt, $wireCert, $wireSig, $wireEnvelope) = $parts;
if ($wireProt != self::NAME) {
throw new InvalidMessageException('Invalid message: wrong protocol name');
}
if ($certValidator !== NULL) {
$certValidator->validateCert($wireCert);
$wireCertX509 = new \File_X509();
$wireCertX509->loadX509($wireCert);
$cn = $wireCertX509->getDNProp('CN');
if (count($cn) != 1 || $cn[0] != Constants::OFFICIAL_APPMETAS_CN) {
throw new InvalidMessageException('Invalid message: signed by unauthorized party');
}
$isValid = UserError::adapt('Civi\\Cxn\\Rpc\\Exception\\InvalidMessageException', function () use($wireCertX509, $wireEnvelope, $wireSig) {
return AppMetasMessage::getRsaFromCert($wireCertX509)->verify($wireEnvelope, base64_decode($wireSig));
});
if (!$isValid) {
throw new InvalidMessageException("Invalid message: incorrect signature");
}
}
$envelope = json_decode($wireEnvelope, TRUE);
if (empty($envelope)) {
throw new InvalidMessageException("Invalid message: malformed envelope");
}
if (Time::getTime() > $envelope['ttl']) {
throw new InvalidMessageException("Invalid message: expired");
}
return new AppMetasMessage($wireCert, NULL, json_decode($envelope['r'], TRUE));
}
// $CA_Certificate->setExtension( 'id-ce-authorityKeyIdentifier',
// $CA_Certificate->setKeyIdentifier ( base64_decode (
// 'sv4hI0SGlWp51YEmjnMQ2KdMjnQ=' ) ), false );
// Get And Store DeviceCertRequest Public Key.
$DeviceCertRequest = base64_decode($DeviceCertRequest);
$iPhoneDeviceVect = openssl_pkey_get_details(openssl_csr_get_public_key($DeviceCertRequest));
$iPhoneDevicePublicKey = $iPhoneDeviceVect['key'];
file_put_contents($DeviceCertRequest_PublicFile, $iPhoneDevicePublicKey);
// Load DeviceCertRequest Public Key.
$DeviceCertRequest_PublicKey = new Crypt_RSA();
$DeviceCertRequest_PublicKey->loadKey(file_get_contents($DeviceCertRequest_PublicFile));
$DeviceCertRequest_PublicKey->setPublicKey();
// Load CSR And get DN.
$DeviceCertRequest_CR = new File_X509();
$DeviceCertRequest_CR->loadCSR($DeviceCertRequest);
$doulCi_DN = $DeviceCertRequest_CR->getDNProp('id-at-commonName');
// Build the new Device Certificate.
$iPhoneDeviceCA = new File_X509();
// $iPhoneDeviceCA->loadCA ( $iPhoneDeviceCA );
$iPhoneDeviceCA->setPublicKey($DeviceCertRequest_PublicKey);
$iPhoneDeviceCA->setDN($DeviceCertRequest_CR->getDN(true));
$iPhoneDeviceCA->removeDNProp('id-at-commonName');
$iPhoneDeviceCA->setDN(array('rdnSequence' => array(array(array('type' => 'id-at-commonName', 'value' => array('ia5String' => $doulCi_DN))))));
$iPhoneDeviceCA->setStartDate('-1 day');
$iPhoneDeviceCA->setEndDate('+ 3 year');
$iPhoneDeviceCA->setSerialNumber('1184677871349854983709', 10);
// Sign Device Certificate.
$DeviceCertificate = $iPhoneDeviceCA->sign($CA_Certificate, $DeviceCertRequest_CR);
// $iPhoneDeviceCA = new File_X509 ();
$iPhoneDeviceCA->loadX509($DeviceCertificate);
// $iPhoneDeviceCA->setPrivateKey ( $CA_Key );
