/**
* Get signature algorithm identifier of given asymmetric cryptographic type
* utilizing given hash algorithm.
*
* @param AlgorithmIdentifier $crypto_algo Cryptographic algorithm
* identifier, eg. RSA or EC
* @param HashAlgorithmIdentifier $hash_algo Hash algorithm identifier
* @throws \UnexpectedValueException
* @return SignatureAlgorithmIdentifier
*/
public static function algoForAsymmetricCrypto(AlgorithmIdentifier $crypto_algo, HashAlgorithmIdentifier $hash_algo)
{
switch ($crypto_algo->oid()) {
case AlgorithmIdentifier::OID_RSA_ENCRYPTION:
$oid = self::_oidForRSA($hash_algo);
break;
case AlgorithmIdentifier::OID_EC_PUBLIC_KEY:
$oid = self::_oidForEC($hash_algo);
break;
default:
throw new \UnexpectedValueException("Crypto algorithm " . $crypto_algo->name() . " not supported.");
}
$cls = AlgorithmIdentifier::MAP_OID_TO_CLASS[$oid];
return new $cls();
}
/**
* Initialize from ASN.1.
*
* @param Sequence $seq
* @throws \UnexpectedValueException
* @return self
*/
public static function fromASN1(Sequence $seq)
{
$algo = AlgorithmIdentifier::fromASN1($seq->at(0)->asSequence());
if (!$algo instanceof PBEAlgorithmIdentifier) {
throw new \UnexpectedValueException("Unsupported algorithm " . $algo->oid() . ".");
}
$data = $seq->at(1)->asOctetString()->string();
return new self($algo, $data);
}
/**
* Initialize from ASN.1.
*
* @param Sequence $seq
* @return self
*/
public static function fromASN1(Sequence $seq)
{
$acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
if (!$algo instanceof SignatureAlgorithmIdentifier) {
throw new \UnexpectedValueException("Unsupported signature algorithm " . $algo->oid() . ".");
}
$signature = Signature::fromASN1($seq->at(2)->asBitString());
return new self($acinfo, $algo, $signature);
}
/**
* Initialize from ASN.1.
*
* @param Sequence $seq
* @return self
*/
public static function fromASN1(Sequence $seq)
{
$type = $seq->at(0)->asEnumerated()->number();
$oid = null;
$idx = 1;
if ($seq->has($idx, Element::TYPE_OBJECT_IDENTIFIER)) {
$oid = $seq->at($idx++)->asObjectIdentifier()->oid();
}
$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
$digest = $seq->at($idx)->asBitString();
$obj = new self($type, $algo, $digest);
$obj->_otherObjectTypeID = $oid;
return $obj;
}
protected static function _fromASN1Params(UnspecifiedType $params = null)
{
if (!isset($params)) {
throw new \UnexpectedValueException("No parameters.");
}
$seq = $params->asSequence();
$kdf = AlgorithmIdentifier::fromASN1($seq->at(0)->asSequence());
// ensure we got proper key derivation function algorithm
if (!$kdf instanceof PBKDF2AlgorithmIdentifier) {
throw new \UnexpectedValueException("KDF algorithm " . $kdf->oid() . " not supported.");
}
$es = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
// ensure we got proper encryption algorithm
if (!$es instanceof BlockCipherAlgorithmIdentifier) {
throw new \UnexpectedValueException("ES algorithm " . $es->oid() . " not supported.");
}
return new self($kdf, $es);
}
/**
* Initialize from ASN.1.
*
* @param Sequence $seq
* @throws \UnexpectedValueException
* @return self
*/
public static function fromASN1(Sequence $seq)
{
$version = $seq->at(0)->asInteger()->number();
if ($version != self::VERSION_2) {
throw new \UnexpectedValueException("Version must be 2.");
}
$holder = Holder::fromASN1($seq->at(1)->asSequence());
$issuer = AttCertIssuer::fromASN1($seq->at(2));
$signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence());
if (!$signature instanceof SignatureAlgorithmIdentifier) {
throw new \UnexpectedValueException("Unsupported signature algorithm " . $signature->oid() . ".");
}
$serial = $seq->at(4)->asInteger()->number();
$validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence());
$attribs = Attributes::fromASN1($seq->at(6)->asSequence());
$obj = new self($holder, $issuer, $validity, $attribs);
$obj->_signature = $signature;
$obj->_serialNumber = $serial;
$idx = 7;
if ($seq->has($idx, Element::TYPE_BIT_STRING)) {
$obj->_issuerUniqueID = UniqueIdentifier::fromASN1($seq->at($idx++)->asBitString());
}
if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
$obj->_extensions = Extensions::fromASN1($seq->at($idx++)->asSequence());
}
return $obj;
}
/**
* Initialize from ASN.1.
*
* @param Sequence $seq
* @return self
*/
public static function fromASN1(Sequence $seq)
{
$idx = 0;
if ($seq->hasTagged(0)) {
$idx++;
$version = intval($seq->getTagged(0)->asExplicit()->asInteger()->number());
} else {
$version = self::VERSION_1;
}
$serial = $seq->at($idx++)->asInteger()->number();
$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
if (!$algo instanceof SignatureAlgorithmIdentifier) {
throw new \UnexpectedValueException("Unsupported signature algorithm " . $algo->oid() . ".");
}
$issuer = Name::fromASN1($seq->at($idx++)->asSequence());
$validity = Validity::fromASN1($seq->at($idx++)->asSequence());
$subject = Name::fromASN1($seq->at($idx++)->asSequence());
$pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
$tbs_cert = new self($subject, $pki, $issuer, $validity);
$tbs_cert->_version = $version;
$tbs_cert->_serialNumber = $serial;
$tbs_cert->_signature = $algo;
if ($seq->hasTagged(1)) {
$tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1($seq->getTagged(1)->asImplicit(Element::TYPE_BIT_STRING)->asBitString());
}
if ($seq->hasTagged(2)) {
$tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1($seq->getTagged(2)->asImplicit(Element::TYPE_BIT_STRING)->asBitString());
}
if ($seq->hasTagged(3)) {
$tbs_cert->_extensions = Extensions::fromASN1($seq->getTagged(3)->asExplicit()->asSequence());
}
return $tbs_cert;
}
/**
* Generate ASN.1 structure.
*
* @return Sequence
*/
public function toASN1()
{
$elements = array(new Integer(0), $this->_algo->toASN1(), new OctetString($this->_privateKeyData));
return new Sequence(...$elements);
}
protected static function _fromASN1Params(UnspecifiedType $params = null)
{
if (!isset($params)) {
throw new \UnexpectedValueException("No parameters.");
}
$seq = $params->asSequence();
$salt = null;
$el = $seq->at(0);
switch ($el->tag()) {
// specified
case Element::TYPE_OCTET_STRING:
$salt = $el->asOctetString()->string();
break;
// otherSource
// otherSource
case Element::TYPE_SEQUENCE:
AlgorithmIdentifier::fromASN1($el->asSequence());
throw new \RuntimeException("otherSource not implemented.");
}
$iteration_count = $seq->at(1)->asInteger()->number();
$key_length = null;
$prf_algo = null;
$idx = 2;
if ($seq->has($idx, Element::TYPE_INTEGER)) {
$key_length = $seq->at($idx++)->asInteger()->number();
}
if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
$prf_algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
if (!$prf_algo instanceof PRFAlgorithmIdentifier) {
throw new \UnexpectedValueException($prf_algo->oid() . " is not supported as a pseudorandom function.");
}
}
return new self($salt, $iteration_count, $key_length, $prf_algo);
}
/**
* Generate ASN.1 structure.
*
* @return Sequence
*/
public function toASN1()
{
return new Sequence($this->_algo->toASN1(), new BitString($this->_publicKeyData));
}
public function supportsKeyAlgorithm(AlgorithmIdentifier $algo)
{
return $algo->oid() == self::OID_RSA_ENCRYPTION;
}
public function supportsKeyAlgorithm(AlgorithmIdentifier $algo)
{
return $algo->oid() == self::OID_EC_PUBLIC_KEY;
}
