/**
* @group github602
*/
public function testEmptyContextTag()
{
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER("�");
$this->assertInternalType('array', $decoded);
$this->assertCount(0, $decoded[0]['content']);
}
public function testDefiniteLength()
{
// the following base64-encoded string is the X.509 cert from <http://phpseclib.sourceforge.net/x509/decoder.php>
$str = 'MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM' . 'MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg' . 'THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x' . 'MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh' . 'MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw' . 'FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC' . 'gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy' . 'wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B' . 'd3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM' . 'BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl' . 'LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF' . 'BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw' . 'Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0' . 'ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF' . 'AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp' . 'ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le' . 'IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==';
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER(base64_decode($str));
$this->assertCount(3, $decoded[0]['content']);
}
/**
* on older versions of File_ASN1 this would produce a null instead of an array
* @group github275
*/
public function testIncorrectString()
{
$PA_DATA = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('padata-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata-value' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING)));
$PrincipalName = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('name-type' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'name-string' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('type' => FILE_ASN1_TYPE_IA5_STRING))));
$Ticket = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('tkt-vno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'realm' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'sname' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'enc-part' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY)));
$KDC_REP = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('pvno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'msg-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $PA_DATA), 'crealm' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING), 'cname' => array('constant' => 4, 'optional' => true, 'explicit' => true) + $PrincipalName, 'ticket' => array('constant' => 5, 'optional' => true, 'implicit' => true, 'min' => 0, 'max' => 1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $Ticket), 'enc-part' => array('constant' => 6, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY)));
$AS_REP = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 11, 'optional' => true, 'explicit' => true) + $KDC_REP;
$str = 'a4IC3jCCAtqgAwIBBaEDAgELoi8wLTAroQMCAROiJAQiMCAwHqADAgEXoRcbFUNSRUFUVUlUWS5ORVR0ZXN0dXNlcqMPGw' . '1DUkVBVFVJVFkuTkVUpBUwE6ADAgEBoQwwChsIdGVzdHVzZXKlggFOYYIBSjCCAUagAwIBBaEPGw1DUkVBVFVJVFkuTkVU' . 'oiIwIKADAgECoRkwFxsGa3JidGd0Gw1DUkVBVFVJVFkuTkVUo4IBCDCCAQSgAwIBF6EDAgEBooH3BIH0AQlxgm/j4z74Ki' . 'GsJJnROhh8JAiN7pdvlnkxCYKdG6UgdfK/K0NZ+yz+Xg4kgFO1cQ4XYT4Fm3MTmOHzlFmbzlVkUqBI/RnWA9YTREC9Q7Mf' . 'PPYfRxRG/C6FlahxHCOKj9GUj7bXg7Oq3Sm+QsKTS2bZT05biNf1s7tPCkdIOO0AAd7hvTCpTNAKl+OLN4cpA6pwwk5c3h' . '58Ce5/Uri5yBmrfwgkCD5AJUAI/WH56SEEvpifLc6C96w/7y2krAiZm5PyEO0HVhTzUjKGSHoSMb+Z3HI/ul+G9z0Z4qDu' . 'NjvgP0jKdrKiwWN00NjpiQ0byZd4y6aCASEwggEdoAMCAReiggEUBIIBEHyi8DIbdcfw2DpniBJ3Sh8dDaEbQx+gWx3omC' . 'TBEyts4sQGTwgQcqkWfeer8M+SkZs/GGZq2YYkyeF+9b6TxlYuX145NuB3KcyzaS7VNrX37E5nGgG8K6r5gTFOhLCqsjjv' . 'gPXXqLeJo5D1nV+c8BPIEVsu/bbBPgSqpDwUs2mX1WkEg5vfb7kZMC8+LHiRy+sItvIiTtxxEsQ/GEF/ono3hZrEnDa/C+' . '4P3wep6uNMLnLzXJmUaAMaopjE+MOcai/t6T9Vg4pERF5Waqwg5ibAbVGK19HuS4LiKiaY3JsyYBuNkEDwiqM7i1Ekw3V+' . '+zoEIxqgXjGgPdrWkzU/H6rnXiqMtiZZqUXwWY0zkCmy';
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER(base64_decode($str));
$result = $asn1->asn1map($decoded[0], $AS_REP);
$this->assertInternalType('array', $result);
}
/**
* Compute a public key identifier.
*
* Although key identifiers may be set to any unique value, this function
* computes key identifiers from public key according to the two
* recommended methods (4.2.1.2 RFC 3280).
* Highly polymorphic: try to accept all possible forms of key:
* - Key object
* - File_X509 object with public or private key defined
* - Certificate or CSR array
* - File_ASN1_Element object
* - PEM or DER string
*
* @param Mixed $key optional
* @param Integer $method optional
* @access public
* @return String binary key identifier
*/
function computeKeyIdentifier($key = NULL, $method = 1)
{
if (is_null($key)) {
$key = $this;
}
switch (true) {
case is_string($key):
break;
case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method);
case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method);
case !is_object($key):
return false;
case strtolower(get_class($key)) == 'file_asn1_element':
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER($cert);
if (empty($decoded)) {
return false;
}
$key = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING));
break;
case strtolower(get_class($key)) == 'file_x509':
if (isset($key->publicKey)) {
return $this->computeKeyIdentifier($key->publicKey, $method);
}
if (isset($key->privateKey)) {
return $this->computeKeyIdentifier($key->privateKey, $method);
}
if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) {
return $this->computeKeyIdentifier($key->currentCert, $method);
}
return false;
default:
// Should be a key object (i.e.: Crypt_RSA).
$key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW);
break;
}
// If in PEM format, convert to binary.
if (preg_match('#^-----BEGIN #', $key)) {
$key = base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $key));
}
// Now we have the key string: compute its sha-1 sum.
require_once 'Crypt/Hash.php';
$hash = new Crypt_Hash('sha1');
$hash = $hash->hash($key);
if ($method == 2) {
$hash = substr($hash, -8);
$hash[0] = chr(ord($hash[0]) & 0xf | 0x40);
}
return $hash;
}
/**
* Compute a public key identifier.
*
* Although key identifiers may be set to any unique value, this function
* computes key identifiers from public key according to the two
* recommended methods (4.2.1.2 RFC 3280).
* Highly polymorphic: try to accept all possible forms of key:
* - Key object
* - File_X509 object with public or private key defined
* - Certificate or CSR array
* - File_ASN1_Element object
* - PEM or DER string
*
* @param Mixed $key
* optional
* @param Integer $method
* optional
* @access public
* @return String binary key identifier
*/
function computeKeyIdentifier($key = null, $method = 1)
{
if (is_null($key)) {
$key = $this;
}
switch (true) {
case is_string($key):
break;
case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method);
case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']):
return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method);
case !is_object($key):
return false;
case strtolower(get_class($key)) == 'file_asn1_element':
// Assume the element is a bitstring-packed key.
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER($key->element);
if (empty($decoded)) {
return false;
}
$raw = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING));
if (empty($raw)) {
return false;
}
$raw = base64_decode($raw);
// If the key is private, compute identifier from its
// corresponding public key.
if (!class_exists('Crypt_RSA')) {
include_once 'Crypt/RSA.php';
}
$key = new Crypt_RSA();
if (!$key->loadKey($raw)) {
return false;
// Not an unencrypted RSA key.
}
if ($key->getPrivateKey() !== false) {
// If private.
return $this->computeKeyIdentifier($key, $method);
}
$key = $raw;
// Is a public key.
break;
case strtolower(get_class($key)) == 'file_x509':
if (isset($key->publicKey)) {
return $this->computeKeyIdentifier($key->publicKey, $method);
}
if (isset($key->privateKey)) {
return $this->computeKeyIdentifier($key->privateKey, $method);
}
if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) {
return $this->computeKeyIdentifier($key->currentCert, $method);
}
return false;
default:
// Should be a key object (i.e.: Crypt_RSA).
$key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
break;
}
// If in PEM format, convert to binary.
$key = $this->_extractBER($key);
// Now we have the key string: compute its sha-1 sum.
if (!class_exists('Crypt_Hash')) {
include_once 'Crypt/Hash.php';
}
$hash = new Crypt_Hash('sha1');
$hash = $hash->hash($key);
if ($method == 2) {
$hash = substr($hash, -8);
$hash[0] = chr(ord($hash[0]) & 0xf | 0x40);
}
return $hash;
}
/**
* Set certificate end date
*
* @param String $date
* @access public
*/
function setEndDate($date)
{
/*
To indicate that a certificate has no well-defined expiration date,
the notAfter SHOULD be assigned the GeneralizedTime value of
99991231235959Z.
-- http://tools.ietf.org/html/rfc5280#section-4.1.2.5
*/
if (strtolower($date) == 'lifetime') {
$temp = '99991231235959Z';
$asn1 = new File_ASN1();
$temp = chr(FILE_ASN1_TYPE_GENERALIZED_TIME) . $asn1->_encodeLength(strlen($temp)) . $temp;
$this->endDate = new File_ASN1_Element($temp);
} else {
$this->endDate = @date('M j H:i:s Y T', @strtotime($date));
}
}
BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw
Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0
ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF
AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp
ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le
IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==
-----END CERTIFICATE-----</textarea><br />
Upload certificate:<br />
<input name="pem" type="file" /><br />
<input type="submit" value="Decode" />
</form>
<?php
} else {
echo '<pre style="whitespace: nowrap">';
include_once 'File/ASN1.php';
$asn1 = new File_ASN1();
$str = !strlen($_FILES['pem']['tmp_name']) ? $_POST['cert'] : file_get_contents($_FILES['pem']['tmp_name']);
/*
X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie.
some may have the following preceeding the -----BEGIN CERTIFICATE----- line:
Bag Attributes
localKeyID: 01 00 00 00
subject=/O=organization/OU=org unit/CN=common name
issuer=/O=organization/CN=common name
*/
$temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
// remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
$temp = preg_replace('#-+[^-]+-+#', '', $temp);
// remove new lines
$temp = str_replace(array("\r", "\n", ' '), '', $temp);
/**
* @group github477
*/
public function testContextSpecificNonConstructed()
{
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER(base64_decode('MBaAFJtUo7c00HsI5EPZ4bkICfkOY2Pv'));
$this->assertInternalType('string', $decoded[0]['content'][0]['content']);
}
/**
* Determines the S/MIME type of a part. Uses the smime-type content
* parameter (if it exists), and falls back to ASN.1 parsing of data if
* it doesn't exist.
*
* @param Horde_Mime_Part $part MIME part with S/MIME data.
*
* @return string 'signed-data', 'enveloped-data', or null.
*/
protected function _getSmimeType(Horde_Mime_Part $part)
{
if ($type = $part->getContentTypeParameter('smime-type')) {
return strtolower($type);
}
if (!class_exists('File_ASN1')) {
return null;
}
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER($part->getContents());
foreach ($decoded as $val) {
if ($val['type'] == FILE_ASN1_TYPE_SEQUENCE) {
foreach ($val['content'] as $val2) {
if ($val2['type'] == FILE_ASN1_TYPE_OBJECT_IDENTIFIER) {
/* ASN.1 values from STD 70/RFC 5652 - CMS syntax */
switch ($val2['content']) {
case '1.2.840.113549.1.7.2':
return 'signed-data';
case '1.2.840.113549.1.7.3':
return 'enveloped-data';
default:
// Other types not supported as of now.
return null;
}
}
}
}
}
return null;
}
