function vaildateCert($CAX509, $CheckX509)
{
$x509 = new File_X509();
$x509->loadCA($CAX509);
$cert = $x509->loadX509($CheckX509);
return $x509->validateSignature();
}
/**
* @param string $certPem
* @param array $keyPairPems
* Pair of PEM-encoded keys.
* @param string $caCertPem
* @return \File_X509
*/
public static function loadCert($certPem, $keyPairPems = NULL, $caCertPem = NULL)
{
$certObj = new \File_X509();
if (isset($caCertPem)) {
$certObj->loadCA($caCertPem);
}
if ($certPem) {
$certObj->loadX509($certPem);
}
if (isset($keyPairPems['privatekey'])) {
$privKey = new \Crypt_RSA();
$privKey->loadKey($keyPairPems['privatekey']);
$certObj->setPrivateKey($privKey);
}
if (isset($keyPairPems['publickey'])) {
$pubKey = new \Crypt_RSA();
$pubKey->loadKey($keyPairPems['publickey']);
$pubKey->setPublicKey();
$certObj->setPublicKey($pubKey);
}
return $certObj;
}
/**
* Validate the client certificate with the authority certificate
*
* @param String $certificate_client Client certificate
* @param String $certificate_ca Authority certificate
*
* @return bool
*/
static function validateCertificate($certificate_client, $certificate_ca)
{
$x509 = new File_X509();
$x509->loadX509($certificate_client);
$x509->loadCA($certificate_ca);
return $x509->validateSignature(FILE_X509_VALIDATE_SIGNATURE_BY_CA);
}
// Load the certificate public key.
$pubkey = new Crypt_RSA();
$pubkey->loadKey(file_get_contents('certs/pubkey.pem'));
$pubkey->setPublicKey();
// Build the new certificate.
$iPhoneDeviceCA = new File_X509();
$iPhoneDeviceCA->loadCA($pemca);
$iPhoneDeviceCA->setPublicKey($pubkey);
$iPhoneDeviceCA->setDN('C=US, ST=Some-State, L=Cupertino, O=Apple Inc., OU=Apple iPhone, CN=Apple iPhone Device CA');
$iPhoneDeviceCA->setStartDate('-1 day');
$iPhoneDeviceCA->setEndDate('+ 1 year');
$iPhoneDeviceCA->setSerialNumber('10134611745959375605', 10);
// Sign new certificate.
$iPhoneDeviceCA_Result = $iPhoneDeviceCA->sign($ca, $iPhoneDeviceCA);
// Output it.
echo $iPhoneDeviceCA->saveX509($iPhoneDeviceCA_Result) . "\n";
// subject=/C=US/O=Apple Inc./OU=Apple iPhone/CN=Apple iPhone Device CA
// issuer=/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple iPhone
// Certification Authority
// Build the new certificate.
$iPhoneActivation = new File_X509();
$iPhoneActivation->loadCA($pemca);
$iPhoneActivation->setPublicKey($pubkey);
$iPhoneActivation->setDN('C=US, ST=Some-State, L=Cupertino, O=Apple Inc., OU=Apple iPhone, CN=Apple iPhone Activation');
$iPhoneActivation->setStartDate('-1 day');
$iPhoneActivation->setEndDate('+ 1 year');
$iPhoneActivation->setSerialNumber('2', 10);
// Sign new certificate.
$iPhoneActivation_Result = $iPhoneActivation->sign($ca, $iPhoneActivation);
// Output it.
echo $iPhoneActivation->saveX509($iPhoneActivation_Result) . "\n";
private function verifyIntermediateCert($intermCert, $type = "core")
{
//Root Cert revoked?
if ($this->checkIfRevoked($this->coreRootCert) || $this->checkIfRevoked($this->packagesRootCert)) {
$this->config->set('rootcert_revoked', 1);
return false;
}
//Intermediate Cert revoked?
if ($this->checkIfRevoked($intermCert)) {
return false;
}
$rootCert = $type == 'core' ? $this->coreRootCert : $this->packagesRootCert;
include_once $this->root_path . 'libraries/phpseclib/X509.php';
$x509 = new File_X509();
$x509->loadCA($rootCert);
// see signer.crt
$cert = $x509->loadX509($intermCert);
// see google.crt
if (!$x509->validateSignature(FILE_X509_VALIDATE_SIGNATURE_BY_CA)) {
return false;
}
if (!$x509->validateDate()) {
return false;
}
return true;
}
protected static function validate($certPem, $caCertPem, $crlPem = NULL, $crlDistCertPem = NULL)
{
$caCertObj = X509Util::loadCACert($caCertPem);
$certObj = new \File_X509();
$certObj->loadCA($caCertPem);
if ($crlPem !== NULL) {
$crlObj = new \File_X509();
if ($crlDistCertPem) {
$crlDistCertObj = X509Util::loadCrlDistCert($crlDistCertPem, NULL, $caCertPem);
if ($crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING) !== $caCertObj->getSubjectDN(FILE_X509_DN_STRING)) {
throw new InvalidCertException(sprintf("CRL distributor (%s) does not act on behalf of this CA (%s)", $crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING), $caCertObj->getSubjectDN(FILE_X509_DN_STRING)));
}
try {
self::validate($crlDistCertPem, $caCertPem);
} catch (InvalidCertException $ie) {
throw new InvalidCertException("CRL distributor has an invalid certificate", 0, $ie);
}
$crlObj->loadCA($crlDistCertPem);
}
$crlObj->loadCA($caCertPem);
$crlObj->loadCRL($crlPem);
if (!$crlObj->validateSignature()) {
throw new InvalidCertException("CRL signature is invalid");
}
}
$parsedCert = $certObj->loadX509($certPem);
if ($crlPem !== NULL) {
if (empty($parsedCert)) {
throw new InvalidCertException("Identity is invalid. Empty certificate.");
}
if (empty($parsedCert['tbsCertificate']['serialNumber'])) {
throw new InvalidCertException("Identity is invalid. No serial number.");
}
$revoked = $crlObj->getRevoked($parsedCert['tbsCertificate']['serialNumber']->toString());
if (!empty($revoked)) {
throw new InvalidCertException("Identity is invalid. Certificate revoked.");
}
}
if (!$certObj->validateSignature()) {
throw new InvalidCertException("Identity is invalid. Certificate is not signed by proper CA.");
}
if (!$certObj->validateDate(Time::getTime())) {
throw new ExpiredCertException("Identity is invalid. Certificate expired.");
}
}
$ca->setPrivateKey($cakey);
// csr public key
$vectxq = openssl_pkey_get_details(openssl_csr_get_public_key($deviceCertRequest));
$pkeyxq = $vectxq['key'];
file_put_contents('certs/pubkey.pem', $pkeyxq);
// Load the certificate public key.
$pubkey = new Crypt_RSA();
$pubkey->loadKey($pkeyxq);
$pubkey->setPublicKey();
$x509 = new File_X509();
$csr = $x509->loadCSR($deviceCertRequest);
// see csr.csr
$dn = $x509->getDN(true);
// Build the new certificate.
$iPhoneDeviceCA = new File_X509();
$iPhoneDeviceCA->loadCA($pemca);
$iPhoneDeviceCA->setPublicKey($pubkey);
$iPhoneDeviceCA->setDN($dn);
$iPhoneDeviceCA->setStartDate('-1 day');
$iPhoneDeviceCA->setEndDate('+ 1 year');
$iPhoneDeviceCA->setSerialNumber('10134611745959375605', 10);
// Sign new certificate.
$iPhoneDeviceCA_Result = $iPhoneDeviceCA->sign($ca, $iPhoneDeviceCA);
// Output it.
$deviceCertificate = base64_encode($iPhoneDeviceCA->saveX509($iPhoneDeviceCA_Result) . "<br>");
$responseAlbert = '<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="iTunes Store" /><meta name="description" content="iTunes Store" /><title>iPhone Activation</title><link href="http://static.ips.apple.com/ipa_itunes/stylesheets/shared/common-min.css" charset="utf-8" rel="stylesheet" /><link href="http://static.ips.apple.com/deviceservices/stylesheets/styles.css" charset="utf-8" rel="stylesheet" /><link href="http://static.ips.apple.com/ipa_itunes/stylesheets/pages/IPAJingleEndPointErrorPage-min.css" charset="utf-8" rel="stylesheet" /><script id="protocol" type="text/x-apple-plist"><plist version="1.0">
<dict>
<key>iphone-activation</key>
<dict>
<key>activation-record</key>
<dict>
