/** * Get signature algorithm identifier of given asymmetric cryptographic type * utilizing given hash algorithm. * * @param AlgorithmIdentifier $crypto_algo Cryptographic algorithm * identifier, eg. RSA or EC * @param HashAlgorithmIdentifier $hash_algo Hash algorithm identifier * @throws \UnexpectedValueException * @return SignatureAlgorithmIdentifier */ public static function algoForAsymmetricCrypto(AlgorithmIdentifier $crypto_algo, HashAlgorithmIdentifier $hash_algo) { switch ($crypto_algo->oid()) { case AlgorithmIdentifier::OID_RSA_ENCRYPTION: $oid = self::_oidForRSA($hash_algo); break; case AlgorithmIdentifier::OID_EC_PUBLIC_KEY: $oid = self::_oidForEC($hash_algo); break; default: throw new \UnexpectedValueException("Crypto algorithm " . $crypto_algo->name() . " not supported."); } $cls = AlgorithmIdentifier::MAP_OID_TO_CLASS[$oid]; return new $cls(); }
/** * Initialize from ASN.1. * * @param Sequence $seq * @throws \UnexpectedValueException * @return self */ public static function fromASN1(Sequence $seq) { $algo = AlgorithmIdentifier::fromASN1($seq->at(0)->asSequence()); if (!$algo instanceof PBEAlgorithmIdentifier) { throw new \UnexpectedValueException("Unsupported algorithm " . $algo->oid() . "."); } $data = $seq->at(1)->asOctetString()->string(); return new self($algo, $data); }
/** * Initialize from ASN.1. * * @param Sequence $seq * @return self */ public static function fromASN1(Sequence $seq) { $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence()); $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence()); if (!$algo instanceof SignatureAlgorithmIdentifier) { throw new \UnexpectedValueException("Unsupported signature algorithm " . $algo->oid() . "."); } $signature = Signature::fromASN1($seq->at(2)->asBitString()); return new self($acinfo, $algo, $signature); }
/** * Initialize from ASN.1. * * @param Sequence $seq * @return self */ public static function fromASN1(Sequence $seq) { $type = $seq->at(0)->asEnumerated()->number(); $oid = null; $idx = 1; if ($seq->has($idx, Element::TYPE_OBJECT_IDENTIFIER)) { $oid = $seq->at($idx++)->asObjectIdentifier()->oid(); } $algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence()); $digest = $seq->at($idx)->asBitString(); $obj = new self($type, $algo, $digest); $obj->_otherObjectTypeID = $oid; return $obj; }
protected static function _fromASN1Params(UnspecifiedType $params = null) { if (!isset($params)) { throw new \UnexpectedValueException("No parameters."); } $seq = $params->asSequence(); $kdf = AlgorithmIdentifier::fromASN1($seq->at(0)->asSequence()); // ensure we got proper key derivation function algorithm if (!$kdf instanceof PBKDF2AlgorithmIdentifier) { throw new \UnexpectedValueException("KDF algorithm " . $kdf->oid() . " not supported."); } $es = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence()); // ensure we got proper encryption algorithm if (!$es instanceof BlockCipherAlgorithmIdentifier) { throw new \UnexpectedValueException("ES algorithm " . $es->oid() . " not supported."); } return new self($kdf, $es); }
/** * Initialize from ASN.1. * * @param Sequence $seq * @throws \UnexpectedValueException * @return self */ public static function fromASN1(Sequence $seq) { $version = $seq->at(0)->asInteger()->number(); if ($version != self::VERSION_2) { throw new \UnexpectedValueException("Version must be 2."); } $holder = Holder::fromASN1($seq->at(1)->asSequence()); $issuer = AttCertIssuer::fromASN1($seq->at(2)); $signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence()); if (!$signature instanceof SignatureAlgorithmIdentifier) { throw new \UnexpectedValueException("Unsupported signature algorithm " . $signature->oid() . "."); } $serial = $seq->at(4)->asInteger()->number(); $validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence()); $attribs = Attributes::fromASN1($seq->at(6)->asSequence()); $obj = new self($holder, $issuer, $validity, $attribs); $obj->_signature = $signature; $obj->_serialNumber = $serial; $idx = 7; if ($seq->has($idx, Element::TYPE_BIT_STRING)) { $obj->_issuerUniqueID = UniqueIdentifier::fromASN1($seq->at($idx++)->asBitString()); } if ($seq->has($idx, Element::TYPE_SEQUENCE)) { $obj->_extensions = Extensions::fromASN1($seq->at($idx++)->asSequence()); } return $obj; }
/** * Initialize from ASN.1. * * @param Sequence $seq * @return self */ public static function fromASN1(Sequence $seq) { $idx = 0; if ($seq->hasTagged(0)) { $idx++; $version = intval($seq->getTagged(0)->asExplicit()->asInteger()->number()); } else { $version = self::VERSION_1; } $serial = $seq->at($idx++)->asInteger()->number(); $algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence()); if (!$algo instanceof SignatureAlgorithmIdentifier) { throw new \UnexpectedValueException("Unsupported signature algorithm " . $algo->oid() . "."); } $issuer = Name::fromASN1($seq->at($idx++)->asSequence()); $validity = Validity::fromASN1($seq->at($idx++)->asSequence()); $subject = Name::fromASN1($seq->at($idx++)->asSequence()); $pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence()); $tbs_cert = new self($subject, $pki, $issuer, $validity); $tbs_cert->_version = $version; $tbs_cert->_serialNumber = $serial; $tbs_cert->_signature = $algo; if ($seq->hasTagged(1)) { $tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1($seq->getTagged(1)->asImplicit(Element::TYPE_BIT_STRING)->asBitString()); } if ($seq->hasTagged(2)) { $tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1($seq->getTagged(2)->asImplicit(Element::TYPE_BIT_STRING)->asBitString()); } if ($seq->hasTagged(3)) { $tbs_cert->_extensions = Extensions::fromASN1($seq->getTagged(3)->asExplicit()->asSequence()); } return $tbs_cert; }
/** * Generate ASN.1 structure. * * @return Sequence */ public function toASN1() { $elements = array(new Integer(0), $this->_algo->toASN1(), new OctetString($this->_privateKeyData)); return new Sequence(...$elements); }
protected static function _fromASN1Params(UnspecifiedType $params = null) { if (!isset($params)) { throw new \UnexpectedValueException("No parameters."); } $seq = $params->asSequence(); $salt = null; $el = $seq->at(0); switch ($el->tag()) { // specified case Element::TYPE_OCTET_STRING: $salt = $el->asOctetString()->string(); break; // otherSource // otherSource case Element::TYPE_SEQUENCE: AlgorithmIdentifier::fromASN1($el->asSequence()); throw new \RuntimeException("otherSource not implemented."); } $iteration_count = $seq->at(1)->asInteger()->number(); $key_length = null; $prf_algo = null; $idx = 2; if ($seq->has($idx, Element::TYPE_INTEGER)) { $key_length = $seq->at($idx++)->asInteger()->number(); } if ($seq->has($idx, Element::TYPE_SEQUENCE)) { $prf_algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence()); if (!$prf_algo instanceof PRFAlgorithmIdentifier) { throw new \UnexpectedValueException($prf_algo->oid() . " is not supported as a pseudorandom function."); } } return new self($salt, $iteration_count, $key_length, $prf_algo); }
/** * Generate ASN.1 structure. * * @return Sequence */ public function toASN1() { return new Sequence($this->_algo->toASN1(), new BitString($this->_publicKeyData)); }
public function supportsKeyAlgorithm(AlgorithmIdentifier $algo) { return $algo->oid() == self::OID_RSA_ENCRYPTION; }
public function supportsKeyAlgorithm(AlgorithmIdentifier $algo) { return $algo->oid() == self::OID_EC_PUBLIC_KEY; }