Esempio n. 1
0
function vaildateCert($CAX509, $CheckX509)
{
    $x509 = new File_X509();
    $x509->loadCA($CAX509);
    $cert = $x509->loadX509($CheckX509);
    return $x509->validateSignature();
}
Esempio n. 2
0
 public function testBadSignatureSPKAC()
 {
     $test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54' . 'TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgr' . 'a3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJ' . 'ZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweW' . 'Y/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfM' . 'JE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYN' . 'ZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JG' . 'GEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVIN' . 'Uv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5' . 'dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9h' . 'yNtA==';
     $x509 = new File_X509();
     $spkac = $x509->loadSPKAC($test);
     $spkac['publicKeyAndChallenge']['challenge'] = 'zzzz';
     $x509->loadSPKAC($x509->saveSPKAC($spkac));
     $this->assertFalse($x509->validateSignature(), 'Failed asserting that the signature is invalid');
 }
 /**
  * Validate the client certificate with the authority certificate
  *
  * @param String $certificate_client Client certificate
  * @param String $certificate_ca     Authority certificate
  *
  * @return bool
  */
 static function validateCertificate($certificate_client, $certificate_ca)
 {
     $x509 = new File_X509();
     $x509->loadX509($certificate_client);
     $x509->loadCA($certificate_ca);
     return $x509->validateSignature(FILE_X509_VALIDATE_SIGNATURE_BY_CA);
 }
Esempio n. 4
0
 private function verifyIntermediateCert($intermCert, $type = "core")
 {
     //Root Cert revoked?
     if ($this->checkIfRevoked($this->coreRootCert) || $this->checkIfRevoked($this->packagesRootCert)) {
         $this->config->set('rootcert_revoked', 1);
         return false;
     }
     //Intermediate Cert revoked?
     if ($this->checkIfRevoked($intermCert)) {
         return false;
     }
     $rootCert = $type == 'core' ? $this->coreRootCert : $this->packagesRootCert;
     include_once $this->root_path . 'libraries/phpseclib/X509.php';
     $x509 = new File_X509();
     $x509->loadCA($rootCert);
     // see signer.crt
     $cert = $x509->loadX509($intermCert);
     // see google.crt
     if (!$x509->validateSignature(FILE_X509_VALIDATE_SIGNATURE_BY_CA)) {
         return false;
     }
     if (!$x509->validateDate()) {
         return false;
     }
     return true;
 }
 protected static function validate($certPem, $caCertPem, $crlPem = NULL, $crlDistCertPem = NULL)
 {
     $caCertObj = X509Util::loadCACert($caCertPem);
     $certObj = new \File_X509();
     $certObj->loadCA($caCertPem);
     if ($crlPem !== NULL) {
         $crlObj = new \File_X509();
         if ($crlDistCertPem) {
             $crlDistCertObj = X509Util::loadCrlDistCert($crlDistCertPem, NULL, $caCertPem);
             if ($crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING) !== $caCertObj->getSubjectDN(FILE_X509_DN_STRING)) {
                 throw new InvalidCertException(sprintf("CRL distributor (%s) does not act on behalf of this CA (%s)", $crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING), $caCertObj->getSubjectDN(FILE_X509_DN_STRING)));
             }
             try {
                 self::validate($crlDistCertPem, $caCertPem);
             } catch (InvalidCertException $ie) {
                 throw new InvalidCertException("CRL distributor has an invalid certificate", 0, $ie);
             }
             $crlObj->loadCA($crlDistCertPem);
         }
         $crlObj->loadCA($caCertPem);
         $crlObj->loadCRL($crlPem);
         if (!$crlObj->validateSignature()) {
             throw new InvalidCertException("CRL signature is invalid");
         }
     }
     $parsedCert = $certObj->loadX509($certPem);
     if ($crlPem !== NULL) {
         if (empty($parsedCert)) {
             throw new InvalidCertException("Identity is invalid. Empty certificate.");
         }
         if (empty($parsedCert['tbsCertificate']['serialNumber'])) {
             throw new InvalidCertException("Identity is invalid. No serial number.");
         }
         $revoked = $crlObj->getRevoked($parsedCert['tbsCertificate']['serialNumber']->toString());
         if (!empty($revoked)) {
             throw new InvalidCertException("Identity is invalid. Certificate revoked.");
         }
     }
     if (!$certObj->validateSignature()) {
         throw new InvalidCertException("Identity is invalid. Certificate is not signed by proper CA.");
     }
     if (!$certObj->validateDate(Time::getTime())) {
         throw new ExpiredCertException("Identity is invalid. Certificate expired.");
     }
 }