/** * on older versions of File_ASN1 this would produce a null instead of an array * @group github275 */ public function testIncorrectString() { $PA_DATA = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('padata-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata-value' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING))); $PrincipalName = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('name-type' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'name-string' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('type' => FILE_ASN1_TYPE_IA5_STRING)))); $Ticket = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('tkt-vno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'realm' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'sname' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY), 'enc-part' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY))); $KDC_REP = array('type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => array('pvno' => array('constant' => 0, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'msg-type' => array('constant' => 1, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_INTEGER), 'padata' => array('constant' => 2, 'optional' => true, 'explicit' => true, 'min' => 0, 'max' => -1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $PA_DATA), 'crealm' => array('constant' => 3, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_OCTET_STRING), 'cname' => array('constant' => 4, 'optional' => true, 'explicit' => true) + $PrincipalName, 'ticket' => array('constant' => 5, 'optional' => true, 'implicit' => true, 'min' => 0, 'max' => 1, 'type' => FILE_ASN1_TYPE_SEQUENCE, 'children' => $Ticket), 'enc-part' => array('constant' => 6, 'optional' => true, 'explicit' => true, 'type' => FILE_ASN1_TYPE_ANY))); $AS_REP = array('class' => FILE_ASN1_CLASS_APPLICATION, 'cast' => 11, 'optional' => true, 'explicit' => true) + $KDC_REP; $str = 'a4IC3jCCAtqgAwIBBaEDAgELoi8wLTAroQMCAROiJAQiMCAwHqADAgEXoRcbFUNSRUFUVUlUWS5ORVR0ZXN0dXNlcqMPGw' . '1DUkVBVFVJVFkuTkVUpBUwE6ADAgEBoQwwChsIdGVzdHVzZXKlggFOYYIBSjCCAUagAwIBBaEPGw1DUkVBVFVJVFkuTkVU' . 'oiIwIKADAgECoRkwFxsGa3JidGd0Gw1DUkVBVFVJVFkuTkVUo4IBCDCCAQSgAwIBF6EDAgEBooH3BIH0AQlxgm/j4z74Ki' . 'GsJJnROhh8JAiN7pdvlnkxCYKdG6UgdfK/K0NZ+yz+Xg4kgFO1cQ4XYT4Fm3MTmOHzlFmbzlVkUqBI/RnWA9YTREC9Q7Mf' . 'PPYfRxRG/C6FlahxHCOKj9GUj7bXg7Oq3Sm+QsKTS2bZT05biNf1s7tPCkdIOO0AAd7hvTCpTNAKl+OLN4cpA6pwwk5c3h' . '58Ce5/Uri5yBmrfwgkCD5AJUAI/WH56SEEvpifLc6C96w/7y2krAiZm5PyEO0HVhTzUjKGSHoSMb+Z3HI/ul+G9z0Z4qDu' . 'NjvgP0jKdrKiwWN00NjpiQ0byZd4y6aCASEwggEdoAMCAReiggEUBIIBEHyi8DIbdcfw2DpniBJ3Sh8dDaEbQx+gWx3omC' . 'TBEyts4sQGTwgQcqkWfeer8M+SkZs/GGZq2YYkyeF+9b6TxlYuX145NuB3KcyzaS7VNrX37E5nGgG8K6r5gTFOhLCqsjjv' . 'gPXXqLeJo5D1nV+c8BPIEVsu/bbBPgSqpDwUs2mX1WkEg5vfb7kZMC8+LHiRy+sItvIiTtxxEsQ/GEF/ono3hZrEnDa/C+' . '4P3wep6uNMLnLzXJmUaAMaopjE+MOcai/t6T9Vg4pERF5Waqwg5ibAbVGK19HuS4LiKiaY3JsyYBuNkEDwiqM7i1Ekw3V+' . '+zoEIxqgXjGgPdrWkzU/H6rnXiqMtiZZqUXwWY0zkCmy'; $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER(base64_decode($str)); $result = $asn1->asn1map($decoded[0], $AS_REP); $this->assertInternalType('array', $result); }
/** * Compute a public key identifier. * * Although key identifiers may be set to any unique value, this function * computes key identifiers from public key according to the two * recommended methods (4.2.1.2 RFC 3280). * Highly polymorphic: try to accept all possible forms of key: * - Key object * - File_X509 object with public or private key defined * - Certificate or CSR array * - File_ASN1_Element object * - PEM or DER string * * @param Mixed $key optional * @param Integer $method optional * @access public * @return String binary key identifier */ function computeKeyIdentifier($key = NULL, $method = 1) { if (is_null($key)) { $key = $this; } switch (true) { case is_string($key): break; case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method); case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method); case !is_object($key): return false; case strtolower(get_class($key)) == 'file_asn1_element': $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER($cert); if (empty($decoded)) { return false; } $key = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING)); break; case strtolower(get_class($key)) == 'file_x509': if (isset($key->publicKey)) { return $this->computeKeyIdentifier($key->publicKey, $method); } if (isset($key->privateKey)) { return $this->computeKeyIdentifier($key->privateKey, $method); } if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) { return $this->computeKeyIdentifier($key->currentCert, $method); } return false; default: // Should be a key object (i.e.: Crypt_RSA). $key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW); break; } // If in PEM format, convert to binary. if (preg_match('#^-----BEGIN #', $key)) { $key = base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $key)); } // Now we have the key string: compute its sha-1 sum. require_once 'Crypt/Hash.php'; $hash = new Crypt_Hash('sha1'); $hash = $hash->hash($key); if ($method == 2) { $hash = substr($hash, -8); $hash[0] = chr(ord($hash[0]) & 0xf | 0x40); } return $hash; }
/** * Compute a public key identifier. * * Although key identifiers may be set to any unique value, this function * computes key identifiers from public key according to the two * recommended methods (4.2.1.2 RFC 3280). * Highly polymorphic: try to accept all possible forms of key: * - Key object * - File_X509 object with public or private key defined * - Certificate or CSR array * - File_ASN1_Element object * - PEM or DER string * * @param Mixed $key * optional * @param Integer $method * optional * @access public * @return String binary key identifier */ function computeKeyIdentifier($key = null, $method = 1) { if (is_null($key)) { $key = $this; } switch (true) { case is_string($key): break; case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method); case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']): return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method); case !is_object($key): return false; case strtolower(get_class($key)) == 'file_asn1_element': // Assume the element is a bitstring-packed key. $asn1 = new File_ASN1(); $decoded = $asn1->decodeBER($key->element); if (empty($decoded)) { return false; } $raw = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING)); if (empty($raw)) { return false; } $raw = base64_decode($raw); // If the key is private, compute identifier from its // corresponding public key. if (!class_exists('Crypt_RSA')) { include_once 'Crypt/RSA.php'; } $key = new Crypt_RSA(); if (!$key->loadKey($raw)) { return false; // Not an unencrypted RSA key. } if ($key->getPrivateKey() !== false) { // If private. return $this->computeKeyIdentifier($key, $method); } $key = $raw; // Is a public key. break; case strtolower(get_class($key)) == 'file_x509': if (isset($key->publicKey)) { return $this->computeKeyIdentifier($key->publicKey, $method); } if (isset($key->privateKey)) { return $this->computeKeyIdentifier($key->privateKey, $method); } if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) { return $this->computeKeyIdentifier($key->currentCert, $method); } return false; default: // Should be a key object (i.e.: Crypt_RSA). $key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1); break; } // If in PEM format, convert to binary. $key = $this->_extractBER($key); // Now we have the key string: compute its sha-1 sum. if (!class_exists('Crypt_Hash')) { include_once 'Crypt/Hash.php'; } $hash = new Crypt_Hash('sha1'); $hash = $hash->hash($key); if ($method == 2) { $hash = substr($hash, -8); $hash[0] = chr(ord($hash[0]) & 0xf | 0x40); } return $hash; }
/** * Load a Certificate Signing Request * * @param String $csr * @access public * @return Mixed */ function loadCSR($csr) { // see http://tools.ietf.org/html/rfc2986 $asn1 = new File_ASN1(); $csr = preg_replace('#^(?:[^-].+[\\r\\n]+)+|-.+-|[\\r\\n]#', '', $csr); $orig = $csr = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $csr) ? base64_decode($csr) : false; if ($csr === false) { $this->currentCert = false; return false; } $asn1->loadOIDs($this->oids); $decoded = $asn1->decodeBER($csr); $csr = $asn1->asn1map($decoded[0], $this->CertificationRequest); if (!isset($csr) || $csr === false) { $this->currentCert = false; return false; } $this->dn = $csr['certificationRequestInfo']['subject']; $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); $algorithm =& $csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm']; $key =& $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']; $key = $this->_reformatKey($algorithm, $key); switch ($algorithm) { case 'rsaEncryption': if (!class_exists('Crypt_RSA')) { require_once 'Crypt/RSA.php'; } $this->publicKey = new Crypt_RSA(); $this->publicKey->loadKey($key); $this->publicKey->setPublicKey(); break; default: $this->publicKey = NULL; } $this->currentCert = $csr; return $csr; }
/** * Load a Certificate Revocation List * * @param String $crl * * @access public * @return Mixed */ function loadCRL($crl) { if (is_array($crl) && isset($crl['tbsCertList'])) { $this->currentCert = $crl; unset($this->signatureSubject); return $crl; } $asn1 = new File_ASN1(); $crl = $this->_extractBER($crl); $orig = $crl; if ($crl === false) { $this->currentCert = false; return false; } $asn1->loadOIDs($this->oids); $decoded = $asn1->decodeBER($crl); if (empty($decoded)) { $this->currentCert = false; return false; } $crl = $asn1->asn1map($decoded[0], $this->CertificateList); if (!isset($crl) || $crl === false) { $this->currentCert = false; return false; } $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); $this->_mapInExtensions($crl, 'tbsCertList/crlExtensions', $asn1); $rclist =& $this->_subArray($crl, 'tbsCertList/revokedCertificates'); if (is_array($rclist)) { foreach ($rclist as $i => $extension) { $this->_mapInExtensions($rclist, "{$i}/crlEntryExtensions", $asn1); } } $this->currentKeyIdentifier = null; $this->currentCert = $crl; return $crl; }