/**
* @return string
*/
public function getPublicKey()
{
$pem = (string) $this->file->getPublicKey();
$pem = preg_replace('/\\-+BEGIN PUBLIC KEY\\-+/', '', $pem);
$pem = preg_replace('/\\-+END PUBLIC KEY\\-+/', '', $pem);
$pem = str_replace(array("\n", "\r", "\t"), '', trim($pem));
return $pem;
}
function RSAEncrypt($text, $pem)
{
$x509 = new File_X509();
$rsa = new Crypt_RSA();
$x509->loadX509($pem);
$rsa->loadKey($x509->getPublicKey());
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
return bin2hex($rsa->encrypt($text));
}
public function testLoadSPKAC()
{
$test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54' . 'TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgr' . 'a3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJ' . 'ZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweW' . 'Y/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfM' . 'JE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYN' . 'ZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JG' . 'GEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVIN' . 'Uv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5' . 'dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9h' . 'yNtA==';
$x509 = new File_X509();
$spkac = $x509->loadSPKAC($test);
$this->assertInternalType('array', $spkac);
$spkac = $x509->loadSPKAC('SPKAC=' . $test);
$this->assertInternalType('array', $spkac);
$this->assertTrue($x509->validateSignature(), 'Failed asserting that the signature is valid');
$pubKey = $x509->getPublicKey();
$this->assertInternalType('string', "{$pubKey}");
}
protected function initRsa($publicKeyFile)
{
if (!file_exists($publicKeyFile) || !is_readable($publicKeyFile)) {
throw new \Exception('Public key file does not exist or is not readable.');
}
$public_key = file_get_contents($publicKeyFile);
$this->rsa = new \Crypt_RSA();
$x509 = new \File_X509();
$x509->loadX509($public_key);
$this->rsa->loadKey($x509->getPublicKey());
$this->rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$this->rsa->setHash('sha1');
}
/**
* @param $appMeta
* @param $entity
* @param $action
* @param $params
* @param $cxn
* @return array
* @throws Exception\InvalidMessageException
*/
protected function doCall($appMeta, $entity, $action, $params, $cxn)
{
$appCert = new \File_X509();
$appCert->loadX509($appMeta['appCert']);
$req = new RegistrationMessage($cxn['appId'], $appCert->getPublicKey(), array('cxn' => $cxn, 'entity' => $entity, 'action' => $action, 'params' => $params));
list($respHeaders, $respCiphertext, $respCode) = $this->http->send('POST', $cxn['appUrl'], $req->encode());
$respMessage = $this->decode(array(StdMessage::NAME, InsecureMessage::NAME, GarbledMessage::NAME), $respCiphertext);
if ($respMessage instanceof GarbledMessage) {
return array($respCode, array('is_error' => 1, 'error_message' => 'Received garbled message', 'original_message' => $respMessage->getData()));
} elseif ($respMessage instanceof InsecureMessage) {
return array($respCode, array('is_error' => 1, 'error_message' => 'Received insecure error message', 'original_message' => $respMessage->getData()));
}
if ($respMessage->getCxnId() != $cxn['cxnId']) {
// Tsk, tsk, Mallory!
throw new \RuntimeException('Received response from incorrect connection.');
}
return array($respCode, $respMessage->getData());
}
public function verifyPackage($src, $hash, $signature, $type = "core", $blnDeleteIfWrong = true, $blnAgain = false)
{
if (file_exists($src) && $signature != "" && $hash != "") {
$arrIntermCerts = $this->getIntermediateCerts();
$arrVerified = array();
foreach ($arrIntermCerts as $cert) {
if ($this->verifyIntermediateCert($cert, $type)) {
$arrVerified[] = $cert;
}
}
$strFileHash = sha1_file($src);
include_once 'libraries/phpseclib/X509.php';
include_once 'libraries/phpseclib/RSA.php';
$x509 = new File_X509();
foreach ($arrVerified as $intermCert) {
//Check, if $hash is valid
$cert = $x509->loadX509($intermCert);
$pkey = $x509->getPublicKey()->getPublicKey();
$rsa = new Crypt_RSA();
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->loadKey($pkey);
$blnVerified = $rsa->verify($hash, base64_decode($signature));
//If hashes are eqal, it's a valid package
if ($blnVerified && $strFileHash === $hash) {
return true;
}
}
//We are still here, package not valid
//load new intermediate Cert
$this->loadIntermediateCert();
//do the thing again
if (!$blnAgain) {
$blnResult = $this->verifyPackage($src, $hash, $signature, $type, $blnDeleteIfWrong, true);
return $blnResult;
}
}
return false;
}
function testVerifyWithGoogleIDToken()
{
$id_token_string = file_get_contents($this->fixture_dir . 'google.jwt');
$cert_string = file_get_contents($this->fixture_dir . 'google.crt');
$x509 = new File_X509();
$x509->loadX509($cert_string);
$public_key = $x509->getPublicKey()->getPublicKey();
$jwt = JOSE_JWT::decode($id_token_string);
$jws = new JOSE_JWS($jwt);
$this->assertInstanceOf('JOSE_JWS', $jws->verify($public_key));
}
/**
* Quasi-private - marked public to work-around PHP 5.3 compat.
*
* @param \File_X509 $x509
* @return \Crypt_RSA
*/
public static function getRsaFromCert($x509)
{
$rsa = $x509->getPublicKey();
if (!$rsa) {
throw new InvalidMessageException("Invalid message: certificate missing or does not have public key");
}
$rsa->setEncryptionMode(Constants::RSA_ENC_MODE);
$rsa->setSignatureMode(Constants::RSA_SIG_MODE);
$rsa->setHash(Constants::RSA_HASH);
return $rsa;
}
$Message .= "doulCiTeam Certificate, DEVELOPMENT : " . "\n" . $doulCiTeamCertificate . "\n";
$Message .= "doulCiTeam Certificate PublicKey : " . "\n" . $doulCiTeamCertificatePublikKey . "\n";
$iPhoneActivationOrig = file_get_contents($iPhoneActivationOrigFile);
$iPhoneActivationOrigVect = openssl_pkey_get_details(openssl_pkey_get_public($iPhoneActivationOrig));
$iPhoneActivationOrigPublicKey = $iPhoneActivationOrigVect['key'];
$Message .= "Apple Certificate PRODUCTION : " . "\n" . $iPhoneActivationOrig . "\n";
$Message .= "Apple Certificate PublicKey, Apple Inc. : " . "\n" . $iPhoneActivationOrigPublicKey . "\n";
$iPhoneDeviceCAOrig = file_get_contents($iPhoneDeviceCAOrigFile);
$iPhoneDeviceCAOrigVect = openssl_pkey_get_details(openssl_pkey_get_public($iPhoneDeviceCAOrig));
$iPhoneDeviceCAOrigPublicKey = $iPhoneDeviceCAOrigVect['key'];
$Message .= "Apple Certificate PRODUCTION : " . "\n" . $iPhoneDeviceCAOrig . "\n";
$Message .= "Apple Certificate PublicKey, Apple Inc. : " . "\n" . $iPhoneDeviceCAOrigPublicKey . "\n";
//print $iPhoneDeviceCAOrig;
$DeviceCAOrig = new File_X509();
$DeviceCAOrig->loadX509($iPhoneDeviceCAOrig);
$DeviceCAOrigPublicKey = $DeviceCAOrig->getPublicKey($iPhoneDeviceCAOrig);
$DeviceCAOrigDN = $DeviceCAOrig->getDN(true);
$DeviceCAOrigIssuerDN = $DeviceCAOrig->getIssuerDN(true);
$DeviceCAOrigExtensions = $DeviceCAOrig->getExtensions();
$iPhoneDeviceCANew_x509 = new File_X509();
//$iPhoneDeviceCANew_x509->setPublicKey ( $DeviceCAOrigPublicKey );
//$iPhoneDeviceCANew_x509->setDN ( $DeviceCAOrigDN );
$iPhoneDeviceCANew_x509->setStartDate('-1 day');
$iPhoneDeviceCANew_x509->setEndDate('+ 10 year');
//$iPhoneDeviceCANew_x509->setIssuerDN ( $DeviceCAOrigIssuerDN );
$extensions = array();
$i = 0;
if (is_array($DeviceCAOrigExtensions)) {
foreach ($DeviceCAOrigExtensions as $extension) {
$extensions[] = $extension;
$value = $DeviceCAOrig->getExtension($extension);
