/** * Save CSR request * * @param Array $csr * @access public * @return String */ function saveCSR($csr) { if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) { return false; } switch ($csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm']) { case 'rsaEncryption': $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'] = base64_encode("" . base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']))); } $asn1 = new File_ASN1(); $asn1->loadOIDs($this->oids); $filters = array(); $filters['certificationRequestInfo']['subject']['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING); $asn1->loadFilters($filters); $csr = $asn1->encodeDER($csr, $this->CertificationRequest); return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr)) . '-----END CERTIFICATE REQUEST-----'; }
/** * Save Certificate Revocation List. * * @param Array $crl * @access public * @return String */ function saveCRL($crl) { if (!is_array($crl) || !isset($crl['tbsCertList'])) { return false; } $asn1 = new File_ASN1(); $asn1->loadOIDs($this->oids); $filters = array(); $filters['tbsCertList']['issuer']['rdnSequence']['value'] = $filters['tbsCertList']['signature']['parameters'] = $filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING); if (empty($crl['tbsCertList']['signature']['parameters'])) { $filters['tbsCertList']['signature']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL); } if (empty($crl['signatureAlgorithm']['parameters'])) { $filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL); } $asn1->loadFilters($filters); $this->_mapOutExtensions($crl, 'tbsCertList/crlExtensions', $asn1); $rclist =& $this->_subArray($crl, 'tbsCertList/revokedCertificates'); if (is_array($rclist)) { foreach ($rclist as $i => $extension) { $this->_mapOutExtensions($rclist, "{$i}/crlEntryExtensions", $asn1); } } $crl = $asn1->encodeDER($crl, $this->CertificateList); return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl)) . '-----END X509 CRL-----'; }
/** * Load a Certificate Signing Request * * @param String $csr * @access public * @return Mixed */ function loadCSR($csr) { // see http://tools.ietf.org/html/rfc2986 $asn1 = new File_ASN1(); $csr = preg_replace('#^(?:[^-].+[\\r\\n]+)+|-.+-|[\\r\\n]#', '', $csr); $orig = $csr = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $csr) ? base64_decode($csr) : false; if ($csr === false) { return false; } $asn1->loadOIDs($this->oids); $decoded = $asn1->decodeBER($csr); $csr = $asn1->asn1map($decoded[0], $this->CertificationRequest); if (!isset($csr) || $csr === false) { return false; } $this->dn = $csr['certificationRequestInfo']['subject']; $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); $algorithm =& $csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm']; $key =& $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']; $key = $this->_reformatKey($algorithm, $key); switch ($algorithm) { case 'rsaEncryption': if (!class_exists('Crypt_RSA')) { require_once 'Crypt/RSA.php'; } $this->publicKey = new Crypt_RSA(); $this->publicKey->loadKey($key); $this->publicKey->setPublicKey(); break; default: $this->publicKey = NULL; } $this->currentCert = $csr; return $csr; }