function vaildateCert($CAX509, $CheckX509) { $x509 = new File_X509(); $x509->loadCA($CAX509); $cert = $x509->loadX509($CheckX509); return $x509->validateSignature(); }
/** * @param string $certPem * @param array $keyPairPems * Pair of PEM-encoded keys. * @param string $caCertPem * @return \File_X509 */ public static function loadCert($certPem, $keyPairPems = NULL, $caCertPem = NULL) { $certObj = new \File_X509(); if (isset($caCertPem)) { $certObj->loadCA($caCertPem); } if ($certPem) { $certObj->loadX509($certPem); } if (isset($keyPairPems['privatekey'])) { $privKey = new \Crypt_RSA(); $privKey->loadKey($keyPairPems['privatekey']); $certObj->setPrivateKey($privKey); } if (isset($keyPairPems['publickey'])) { $pubKey = new \Crypt_RSA(); $pubKey->loadKey($keyPairPems['publickey']); $pubKey->setPublicKey(); $certObj->setPublicKey($pubKey); } return $certObj; }
/** * Validate the client certificate with the authority certificate * * @param String $certificate_client Client certificate * @param String $certificate_ca Authority certificate * * @return bool */ static function validateCertificate($certificate_client, $certificate_ca) { $x509 = new File_X509(); $x509->loadX509($certificate_client); $x509->loadCA($certificate_ca); return $x509->validateSignature(FILE_X509_VALIDATE_SIGNATURE_BY_CA); }
// Load the certificate public key. $pubkey = new Crypt_RSA(); $pubkey->loadKey(file_get_contents('certs/pubkey.pem')); $pubkey->setPublicKey(); // Build the new certificate. $iPhoneDeviceCA = new File_X509(); $iPhoneDeviceCA->loadCA($pemca); $iPhoneDeviceCA->setPublicKey($pubkey); $iPhoneDeviceCA->setDN('C=US, ST=Some-State, L=Cupertino, O=Apple Inc., OU=Apple iPhone, CN=Apple iPhone Device CA'); $iPhoneDeviceCA->setStartDate('-1 day'); $iPhoneDeviceCA->setEndDate('+ 1 year'); $iPhoneDeviceCA->setSerialNumber('10134611745959375605', 10); // Sign new certificate. $iPhoneDeviceCA_Result = $iPhoneDeviceCA->sign($ca, $iPhoneDeviceCA); // Output it. echo $iPhoneDeviceCA->saveX509($iPhoneDeviceCA_Result) . "\n"; // subject=/C=US/O=Apple Inc./OU=Apple iPhone/CN=Apple iPhone Device CA // issuer=/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple iPhone // Certification Authority // Build the new certificate. $iPhoneActivation = new File_X509(); $iPhoneActivation->loadCA($pemca); $iPhoneActivation->setPublicKey($pubkey); $iPhoneActivation->setDN('C=US, ST=Some-State, L=Cupertino, O=Apple Inc., OU=Apple iPhone, CN=Apple iPhone Activation'); $iPhoneActivation->setStartDate('-1 day'); $iPhoneActivation->setEndDate('+ 1 year'); $iPhoneActivation->setSerialNumber('2', 10); // Sign new certificate. $iPhoneActivation_Result = $iPhoneActivation->sign($ca, $iPhoneActivation); // Output it. echo $iPhoneActivation->saveX509($iPhoneActivation_Result) . "\n";
private function verifyIntermediateCert($intermCert, $type = "core") { //Root Cert revoked? if ($this->checkIfRevoked($this->coreRootCert) || $this->checkIfRevoked($this->packagesRootCert)) { $this->config->set('rootcert_revoked', 1); return false; } //Intermediate Cert revoked? if ($this->checkIfRevoked($intermCert)) { return false; } $rootCert = $type == 'core' ? $this->coreRootCert : $this->packagesRootCert; include_once $this->root_path . 'libraries/phpseclib/X509.php'; $x509 = new File_X509(); $x509->loadCA($rootCert); // see signer.crt $cert = $x509->loadX509($intermCert); // see google.crt if (!$x509->validateSignature(FILE_X509_VALIDATE_SIGNATURE_BY_CA)) { return false; } if (!$x509->validateDate()) { return false; } return true; }
protected static function validate($certPem, $caCertPem, $crlPem = NULL, $crlDistCertPem = NULL) { $caCertObj = X509Util::loadCACert($caCertPem); $certObj = new \File_X509(); $certObj->loadCA($caCertPem); if ($crlPem !== NULL) { $crlObj = new \File_X509(); if ($crlDistCertPem) { $crlDistCertObj = X509Util::loadCrlDistCert($crlDistCertPem, NULL, $caCertPem); if ($crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING) !== $caCertObj->getSubjectDN(FILE_X509_DN_STRING)) { throw new InvalidCertException(sprintf("CRL distributor (%s) does not act on behalf of this CA (%s)", $crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING), $caCertObj->getSubjectDN(FILE_X509_DN_STRING))); } try { self::validate($crlDistCertPem, $caCertPem); } catch (InvalidCertException $ie) { throw new InvalidCertException("CRL distributor has an invalid certificate", 0, $ie); } $crlObj->loadCA($crlDistCertPem); } $crlObj->loadCA($caCertPem); $crlObj->loadCRL($crlPem); if (!$crlObj->validateSignature()) { throw new InvalidCertException("CRL signature is invalid"); } } $parsedCert = $certObj->loadX509($certPem); if ($crlPem !== NULL) { if (empty($parsedCert)) { throw new InvalidCertException("Identity is invalid. Empty certificate."); } if (empty($parsedCert['tbsCertificate']['serialNumber'])) { throw new InvalidCertException("Identity is invalid. No serial number."); } $revoked = $crlObj->getRevoked($parsedCert['tbsCertificate']['serialNumber']->toString()); if (!empty($revoked)) { throw new InvalidCertException("Identity is invalid. Certificate revoked."); } } if (!$certObj->validateSignature()) { throw new InvalidCertException("Identity is invalid. Certificate is not signed by proper CA."); } if (!$certObj->validateDate(Time::getTime())) { throw new ExpiredCertException("Identity is invalid. Certificate expired."); } }
$ca->setPrivateKey($cakey); // csr public key $vectxq = openssl_pkey_get_details(openssl_csr_get_public_key($deviceCertRequest)); $pkeyxq = $vectxq['key']; file_put_contents('certs/pubkey.pem', $pkeyxq); // Load the certificate public key. $pubkey = new Crypt_RSA(); $pubkey->loadKey($pkeyxq); $pubkey->setPublicKey(); $x509 = new File_X509(); $csr = $x509->loadCSR($deviceCertRequest); // see csr.csr $dn = $x509->getDN(true); // Build the new certificate. $iPhoneDeviceCA = new File_X509(); $iPhoneDeviceCA->loadCA($pemca); $iPhoneDeviceCA->setPublicKey($pubkey); $iPhoneDeviceCA->setDN($dn); $iPhoneDeviceCA->setStartDate('-1 day'); $iPhoneDeviceCA->setEndDate('+ 1 year'); $iPhoneDeviceCA->setSerialNumber('10134611745959375605', 10); // Sign new certificate. $iPhoneDeviceCA_Result = $iPhoneDeviceCA->sign($ca, $iPhoneDeviceCA); // Output it. $deviceCertificate = base64_encode($iPhoneDeviceCA->saveX509($iPhoneDeviceCA_Result) . "<br>"); $responseAlbert = '<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="iTunes Store" /><meta name="description" content="iTunes Store" /><title>iPhone Activation</title><link href="http://static.ips.apple.com/ipa_itunes/stylesheets/shared/common-min.css" charset="utf-8" rel="stylesheet" /><link href="http://static.ips.apple.com/deviceservices/stylesheets/styles.css" charset="utf-8" rel="stylesheet" /><link href="http://static.ips.apple.com/ipa_itunes/stylesheets/pages/IPAJingleEndPointErrorPage-min.css" charset="utf-8" rel="stylesheet" /><script id="protocol" type="text/x-apple-plist"><plist version="1.0"> <dict> <key>iphone-activation</key> <dict> <key>activation-record</key> <dict>