PHP phpseclib\File X509::getDN Examples

Example #1

File: X509Test.php Project: BozzaCoon/SPHERE-Framework

    /**
     * @group github705
     */
    public function testSaveNullRSAParam()
    {
        $privKey = new RSA();
        $privKey->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDMswfEpAgnUDWA74zZw5XcPsWh1ly1Vk99tsqwoFDkLF7jvXy1
dDLHYfuquvfxCgcp8k/4fQhx4ubR8bbGgEq9B05YRnViK0R0iBB5Ui4IaxWYYhKE
8xqAEH2fL+/7nsqqNFKkEN9KeFwc7WbMY49U2adlMrpBdRjk1DqIEW3QTwIDAQAB
AoGBAJ+83cT/1DUJjJcPWLTeweVbPtJp+3Ku5d1OdaGbmURVs764scbP5Ihe2AuF
V9LLZoe/RdS9jYeB72nJ3D3PA4JVYYgqMOnJ8nlUMNQ+p0yGl5TqQk6EKLI8MbX5
kQEazNqFXsiWVQXubAd5wjtb6g0n0KD3zoT/pWLES7dtUFexAkEA89h5+vbIIl2P
H/NnkPie2NWYDZ1YiMGHFYxPDwsd9KCZMSbrLwAhPg9bPgqIeVNfpwxrzeksS6D9
P98tJt335QJBANbnCe+LhDSrkpHMy9aOG2IdbLGG63MSRUCPz8v2gKPq3kYXDxq6
Y1iqF8N5g0k5iirHD2qlWV5Q+nuGvFTafCMCQQC1wQiC0IkyXEw/Q31RqI82Dlcs
5rhEDwQyQof3LZEhcsdcxKaOPOmKSYX4A3/f9w4YBIEiVQfoQ1Ig1qfgDZklAkAT
TQDJcOBY0qgBTEFqbazr7PScJR/0X8m0eLYS/XqkPi3kYaHLpr3RcsVbmwg9hVtx
aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt
-----END RSA PRIVATE KEY-----');
        $pubKey = new RSA();
        $pubKey->loadKey($privKey->getPublicKey());
        $pubKey->setPublicKey();
        $subject = new X509();
        $subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
        $subject->setPublicKey($pubKey);
        $issuer = new X509();
        $issuer->setPrivateKey($privKey);
        $issuer->setDN($subject->getDN());
        $x509 = new X509();
        $result = $x509->sign($issuer, $subject);
        $cert = $x509->saveX509($result);
        $cert = $x509->loadX509($cert);
        $this->assertArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']);
        $this->assertArrayHasKey('parameters', $cert['signatureAlgorithm']);
        $this->assertArrayHasKey('parameters', $cert['tbsCertificate']['signature']);
    }

Example #2

File: checker.php Project: farukuzun/core-1

 /**
  * Verifies the signature for the specified path.
  *
  * @param string $signaturePath
  * @param string $basePath
  * @param string $certificateCN
  * @return array
  * @throws InvalidSignatureException
  * @throws \Exception
  */
 private function verify($signaturePath, $basePath, $certificateCN)
 {
     if (!$this->isCodeCheckEnforced()) {
         return [];
     }
     $signatureData = json_decode($this->fileAccessHelper->file_get_contents($signaturePath), true);
     if (!is_array($signatureData)) {
         throw new InvalidSignatureException('Signature data not found.');
     }
     $expectedHashes = $signatureData['hashes'];
     ksort($expectedHashes);
     $signature = base64_decode($signatureData['signature']);
     $certificate = $signatureData['certificate'];
     // Check if certificate is signed by ownCloud Root Authority
     $x509 = new \phpseclib\File\X509();
     $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt');
     $x509->loadCA($rootCertificatePublicKey);
     $x509->loadX509($certificate);
     if (!$x509->validateSignature()) {
         throw new InvalidSignatureException('Certificate is not valid.');
     }
     // Verify if certificate has proper CN. "core" CN is always trusted.
     if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
         throw new InvalidSignatureException(sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true)));
     }
     // Check if the signature of the files is valid
     $rsa = new \phpseclib\Crypt\RSA();
     $rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
     $rsa->setSignatureMode(RSA::SIGNATURE_PSS);
     $rsa->setMGFHash('sha512');
     if (!$rsa->verify(json_encode($expectedHashes), $signature)) {
         throw new InvalidSignatureException('Signature could not get verified.');
     }
     // Compare the list of files which are not identical
     $currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
     $differencesA = array_diff($expectedHashes, $currentInstanceHashes);
     $differencesB = array_diff($currentInstanceHashes, $expectedHashes);
     $differences = array_unique(array_merge($differencesA, $differencesB));
     $differenceArray = [];
     foreach ($differences as $filename => $hash) {
         // Check if file should not exist in the new signature table
         if (!array_key_exists($filename, $expectedHashes)) {
             $differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
             $differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
             continue;
         }
         // Check if file is missing
         if (!array_key_exists($filename, $currentInstanceHashes)) {
             $differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
             $differenceArray['FILE_MISSING'][$filename]['current'] = '';
             continue;
         }
         // Check if hash does mismatch
         if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
             $differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
             $differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
             continue;
         }
         // Should never happen.
         throw new \Exception('Invalid behaviour in file hash comparison experienced. Please report this error to the developers.');
     }
     return $differenceArray;
 }