/**
* Save CSR request
*
* @param Array $csr
* @access public
* @return String
*/
function saveCSR($csr)
{
if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) {
return false;
}
switch ($csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm']) {
case 'rsaEncryption':
$csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'] = base64_encode("" . base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])));
}
$asn1 = new File_ASN1();
$asn1->loadOIDs($this->oids);
$filters = array();
$filters['certificationRequestInfo']['subject']['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
$asn1->loadFilters($filters);
$csr = $asn1->encodeDER($csr, $this->CertificationRequest);
return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr)) . '-----END CERTIFICATE REQUEST-----';
}
/**
* Save Certificate Revocation List.
*
* @param Array $crl
* @access public
* @return String
*/
function saveCRL($crl)
{
if (!is_array($crl) || !isset($crl['tbsCertList'])) {
return false;
}
$asn1 = new File_ASN1();
$asn1->loadOIDs($this->oids);
$filters = array();
$filters['tbsCertList']['issuer']['rdnSequence']['value'] = $filters['tbsCertList']['signature']['parameters'] = $filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
if (empty($crl['tbsCertList']['signature']['parameters'])) {
$filters['tbsCertList']['signature']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL);
}
if (empty($crl['signatureAlgorithm']['parameters'])) {
$filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL);
}
$asn1->loadFilters($filters);
$this->_mapOutExtensions($crl, 'tbsCertList/crlExtensions', $asn1);
$rclist =& $this->_subArray($crl, 'tbsCertList/revokedCertificates');
if (is_array($rclist)) {
foreach ($rclist as $i => $extension) {
$this->_mapOutExtensions($rclist, "{$i}/crlEntryExtensions", $asn1);
}
}
$crl = $asn1->encodeDER($crl, $this->CertificateList);
return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl)) . '-----END X509 CRL-----';
}
/**
* Save X.509 certificate
*
* @param optional Array $cert
* @access public
* @return String
*/
function saveX509($cert)
{
if (!is_array($cert) || !isset($cert['tbsCertificate'])) {
return false;
}
switch ($cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm']) {
case 'rsaEncryption':
$cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'] = base64_encode("" . base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])));
}
$asn1 = new File_ASN1();
$asn1->loadOIDs($this->oids);
$filters = array();
$filters['tbsCertificate']['signature']['parameters'] = $filters['tbsCertificate']['signature']['issuer']['rdnSequence']['value'] = $filters['tbsCertificate']['issuer']['rdnSequence']['value'] = $filters['tbsCertificate']['subject']['rdnSequence']['value'] = $filters['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = $filters['signatureAlgorithm']['parameters'] = $filters['authorityCertIssuer']['directoryName']['rdnSequence']['value'] = $filters['distributionPoint']['fullName']['directoryName']['rdnSequence']['value'] = $filters['directoryName']['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
/* in the case of policyQualifiers/qualifier, the type has to be FILE_ASN1_TYPE_IA5_STRING.
FILE_ASN1_TYPE_PRINTABLE_STRING will cause OpenSSL's X.509 parser to spit out random
characters.
*/
$filters['policyQualifiers']['qualifier'] = array('type' => FILE_ASN1_TYPE_IA5_STRING);
$asn1->loadFilters($filters);
if (isset($cert['tbsCertificate']['extensions'])) {
$size = count($cert['tbsCertificate']['extensions']);
for ($i = 0; $i < $size; $i++) {
$id = $cert['tbsCertificate']['extensions'][$i]['extnId'];
$value =& $cert['tbsCertificate']['extensions'][$i]['extnValue'];
switch ($id) {
case 'id-ce-certificatePolicies':
for ($j = 0; $j < count($value); $j++) {
if (!isset($value[$j]['policyQualifiers'])) {
continue;
}
for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) {
$subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId'];
$map = $this->_getMapping($subid);
$subvalue =& $value[$j]['policyQualifiers'][$k]['qualifier'];
if ($map !== false) {
// by default File_ASN1 will try to render qualifier as a FILE_ASN1_TYPE_IA5_STRING since it's
// actual type is FILE_ASN1_TYPE_ANY
$subvalue = new File_ASN1_Element($asn1->encodeDER($subvalue, $map));
}
}
}
break;
case 'id-ce-authorityKeyIdentifier':
// use 00 as the serial number instead of an empty string
if (isset($value['authorityCertSerialNumber'])) {
if ($value['authorityCertSerialNumber']->toBytes() == '') {
$temp = chr(FILE_ASN1_CLASS_CONTEXT_SPECIFIC << 6 | 2) . "";
$value['authorityCertSerialNumber'] = new File_ASN1_Element($temp);
}
}
}
/* [extnValue] contains the DER encoding of an ASN.1 value
corresponding to the extension type identified by extnID */
$map = $this->_getMapping($id);
if (is_bool($map)) {
if (!$map) {
user_error($id . ' is not a currently supported extension', E_USER_NOTICE);
unset($cert['tbsCertificate']['extensions'][$i]);
}
} else {
$temp = $asn1->encodeDER($value, $map);
$value = base64_encode($temp);
}
}
}
$cert = $asn1->encodeDER($cert, $this->Certificate);
return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert)) . '-----END CERTIFICATE-----';
}
