public static function fromBinary(&$binaryData, &$offsetIndex = 0) { self::parseIdentifier($binaryData[$offsetIndex], Identifier::OCTETSTRING, $offsetIndex++); $contentLength = self::parseContentLength($binaryData, $offsetIndex); if ($contentLength < 2) { throw new ParserException('Can not parse Subject Alternative Names: The Sequence within the octet string after the Object identifier ' . OID::CERT_EXT_SUBJECT_ALT_NAME . " is too short ({$contentLength} octets)", $offsetIndex); } $offsetOfSequence = $offsetIndex; $sequence = Sequence::fromBinary($binaryData, $offsetIndex); $offsetOfSequence += $sequence->getNumberOfLengthOctets() + 1; if ($sequence->getObjectLength() != $contentLength) { throw new ParserException('Can not parse Subject Alternative Names: The Sequence length does not match the length of the surrounding octet string', $offsetIndex); } $parsedObject = new self(); /** @var \FG\ASN1\Object $object */ foreach ($sequence as $object) { if ($object->getType() == DNSName::IDENTIFIER) { $domainName = DNSName::fromBinary($binaryData, $offsetOfSequence); $parsedObject->addDomainName($domainName); } elseif ($object->getType() == IPAddress::IDENTIFIER) { $ip = IPAddress::fromBinary($binaryData, $offsetOfSequence); $parsedObject->addIP($ip); } else { throw new ParserException('Could not parse Subject Alternative Name: Only DNSName and IP SANs are currently supported', $offsetIndex); } } $parsedObject->getBinary(); // Determine the number of content octets and object sizes once (just to let the equality unit tests pass :/ ) return $parsedObject; }
public static function fromBinary(&$binaryData, &$offsetIndex = 0) { self::parseIdentifier($binaryData[$offsetIndex], Identifier::SET, $offsetIndex++); self::parseContentLength($binaryData, $offsetIndex); $tmpOffset = $offsetIndex; $extensions = Sequence::fromBinary($binaryData, $offsetIndex); $tmpOffset += 1 + $extensions->getNumberOfLengthOctets(); $parsedObject = new self(); foreach ($extensions as $extension) { if ($extension->getType() != Identifier::SEQUENCE) { //FIXME wrong offset index throw new ParserException('Could not parse Certificate Extensions: Expected ASN.1 Sequence but got ' . $extension->getTypeName(), $offsetIndex); } $tmpOffset += 1 + $extension->getNumberOfLengthOctets(); $children = $extension->getChildren(); if (count($children) < 2) { throw new ParserException('Could not parse Certificate Extensions: Needs at least two child elements per extension sequence (object identifier and octet string)', $tmpOffset); } /** @var \FG\ASN1\Object $objectIdentifier */ $objectIdentifier = $children[0]; /** @var OctetString $octetString */ $octetString = $children[1]; if ($objectIdentifier->getType() != Identifier::OBJECT_IDENTIFIER) { throw new ParserException('Could not parse Certificate Extensions: Expected ASN.1 Object Identifier but got ' . $extension->getTypeName(), $tmpOffset); } $tmpOffset += $objectIdentifier->getObjectLength(); if ($objectIdentifier->getContent() == OID::CERT_EXT_SUBJECT_ALT_NAME) { $sans = SubjectAlternativeNames::fromBinary($binaryData, $tmpOffset); $parsedObject->addSubjectAlternativeNames($sans); } else { // can now only parse SANs. There might be more in the future $tmpOffset += $octetString->getObjectLength(); } } $parsedObject->getBinary(); // Determine the number of content octets and object sizes once (just to let the equality unit tests pass :/ ) return $parsedObject; }
/** * @depends testFromBinary */ public function testFromBinaryWithOffset() { $originalObject1 = new Sequence(new Boolean(true), new Integer(123)); $originalObject2 = new Sequence(new Integer(64), new Boolean(false)); $binaryData = $originalObject1->getBinary(); $binaryData .= $originalObject2->getBinary(); $offset = 0; $parsedObject = Sequence::fromBinary($binaryData, $offset); $this->assertEquals($originalObject1, $parsedObject); $this->assertEquals(8, $offset); $parsedObject = Sequence::fromBinary($binaryData, $offset); $this->assertEquals($originalObject2, $parsedObject); $this->assertEquals(16, $offset); }
// this should contain a sequence of extensions $certExtensions = $certExtensions->getFirstChild(); assert($certExtensions->getType() == Identifier::SEQUENCE); // now check all extensions and search for the SAN /** @var Object $extensionSequence */ foreach ($certExtensions as $extensionSequence) { assert($extensionSequence->getType() == Identifier::SEQUENCE); assert($extensionSequence->getNumberofChildren() >= 2); $extensionSequenceChildren = $extensionSequence->getChildren(); $objectIdentifier = $extensionSequenceChildren[0]; /* @var ObjectIdentifier $objectIdentifier */ assert($objectIdentifier->getType() == Identifier::OBJECT_IDENTIFIER); if ($objectIdentifier->getContent() == OID::CERT_EXT_SUBJECT_ALT_NAME) { // now we have the wanted octet string $octetString = $extensionSequenceChildren[1]; /* @var OctetString $octetString */ $octetStringBinary = $octetString->getBinaryContent(); // At this point you may want to create the sequence from the binary value of // the octet string and parse its structure like we did so far. // However a more general approach would be to understand the format of the // contained SAN fields and implement them in SubjectAlternativeNames. $sequence = Sequence::fromBinary($octetStringBinary); echo 'This is the parsed content of the SAN certificate extension field so far:' . PHP_EOL; printObject($sequence); // The following does not work yet because PHPASN1 SAn does only support DNS and IP //SubjectAlternativeNames::fromBinary($octetStringBinary); } } } catch (\Exception $exception) { echo '[ERROR] Caught exception:' . PHP_EOL . $exception->getMessage() . PHP_EOL; }
/** * @param string $binaryData * @param int $offsetIndex * * @throws ParserException * * @return \FG\ASN1\Object */ public static function fromBinary(&$binaryData, &$offsetIndex = 0) { if (strlen($binaryData) <= $offsetIndex) { throw new ParserException('Can not parse binary from data: Offset index larger than input size', $offsetIndex); } $identifierOctet = ord($binaryData[$offsetIndex]); if (Identifier::isContextSpecificClass($identifierOctet) && Identifier::isConstructed($identifierOctet)) { return ExplicitlyTaggedObject::fromBinary($binaryData, $offsetIndex); } switch ($identifierOctet) { case Identifier::BITSTRING: return BitString::fromBinary($binaryData, $offsetIndex); case Identifier::BOOLEAN: return Boolean::fromBinary($binaryData, $offsetIndex); case Identifier::ENUMERATED: return Enumerated::fromBinary($binaryData, $offsetIndex); case Identifier::INTEGER: return Integer::fromBinary($binaryData, $offsetIndex); case Identifier::NULL: return NullObject::fromBinary($binaryData, $offsetIndex); case Identifier::OBJECT_IDENTIFIER: return ObjectIdentifier::fromBinary($binaryData, $offsetIndex); case Identifier::RELATIVE_OID: return RelativeObjectIdentifier::fromBinary($binaryData, $offsetIndex); case Identifier::OCTETSTRING: return OctetString::fromBinary($binaryData, $offsetIndex); case Identifier::SEQUENCE: return Sequence::fromBinary($binaryData, $offsetIndex); case Identifier::SET: return Set::fromBinary($binaryData, $offsetIndex); case Identifier::UTC_TIME: return UTCTime::fromBinary($binaryData, $offsetIndex); case Identifier::GENERALIZED_TIME: return GeneralizedTime::fromBinary($binaryData, $offsetIndex); case Identifier::IA5_STRING: return IA5String::fromBinary($binaryData, $offsetIndex); case Identifier::PRINTABLE_STRING: return PrintableString::fromBinary($binaryData, $offsetIndex); case Identifier::NUMERIC_STRING: return NumericString::fromBinary($binaryData, $offsetIndex); case Identifier::UTF8_STRING: return UTF8String::fromBinary($binaryData, $offsetIndex); case Identifier::UNIVERSAL_STRING: return UniversalString::fromBinary($binaryData, $offsetIndex); case Identifier::CHARACTER_STRING: return CharacterString::fromBinary($binaryData, $offsetIndex); case Identifier::GENERAL_STRING: return GeneralString::fromBinary($binaryData, $offsetIndex); case Identifier::VISIBLE_STRING: return VisibleString::fromBinary($binaryData, $offsetIndex); case Identifier::GRAPHIC_STRING: return GraphicString::fromBinary($binaryData, $offsetIndex); case Identifier::BMP_STRING: return BMPString::fromBinary($binaryData, $offsetIndex); case Identifier::T61_STRING: return T61String::fromBinary($binaryData, $offsetIndex); case Identifier::OBJECT_DESCRIPTOR: return ObjectDescriptor::fromBinary($binaryData, $offsetIndex); default: // At this point the identifier may be >1 byte. if (Identifier::isConstructed($identifierOctet)) { return new UnknownConstructedObject($binaryData, $offsetIndex); } else { $identifier = self::parseBinaryIdentifier($binaryData, $offsetIndex); $lengthOfUnknownObject = self::parseContentLength($binaryData, $offsetIndex); $offsetIndex += $lengthOfUnknownObject; return new UnknownObject($identifier, $lengthOfUnknownObject); } } }
mk+8uP4/x61UWBliqW08/1jMA83Qj2yuCAvhMhmuq8BvyWP4jnXoxTy3iTZFDXIj 5Vg2FlHWna0TMsU5jlmv8W/mu9U3+q7i1+339JrEZkrDLNDpJ23gqKBgC1OaNH7+ vicBRmoP5kj2X62XMaKT5TMFBZzTtSF7IaUjt9SVXQjG3aHIy7D1mOypvEw4LSS+ RvvJTezSQeCoLpX7HziRnoVUNkJWZHL2wG5rb/SJzpXwHkRa7R250vN8TFtSSsp4 YXzK6aks/qkxRJ1UkBLUAZlRasUD+zu8gyTIz0sNgFrOtx8EOzjZRiJ/vBiVOn88 Brf4i0D+fVXmJQIDAQABow8wDTALBgNVHQ8EBAMCAAIwCwYJKoZIhvcNAQEFA4IB AQBfubKPTvmDGrDxoqCbPwFoPRC0STwPL2GV8f5sD/Sbyc0NoJdygUO2DvquGGn5 6UJCfLo1u6Dn4zuuDs3m6if86HTpAf9Z3a72ok2Tor/NFwYt+vDOrFY5F4bXDZkf u4zuDLmjpj26Dk4te3BVohsLTXbvJ5a/TT2VanwNOyx85lXPxy3V8Rr1AwlmHZoz DDbUGbe/noUDJCgMjvaKKvLykIhIcW+g6W7SOcKRflw5H8kzDv816XFODSC3X1Uw o3aVy9du/0mH+g4HvyVVplO90tdoHD1gHUMZwuen4dbTzhWv4dtLFelWM5lGWbLE Wn7kJghclgIxv10nkGyfrowt'; // OCSP response status according to // https://tools.ietf.org/html/rfc6960#section-4.2.1 $validResponseStatuses = array(0 => 'Response has valid confirmations', 1 => 'Illegal confirmation request', 2 => 'Internal error in issuer', 3 => 'Try again later', 5 => 'Must sign the request', 6 => 'Request unauthorized'); $ocspResponse = Sequence::fromBinary(base64_decode($data)); /* @var Enumerated $responseStatus */ $elements = $ocspResponse->getChildren(); $responseStatus = $elements[0]; $responseStatusCode = $responseStatus->getContent(); echo PHP_EOL; echo "OCSP response status: {$responseStatusCode} ({$validResponseStatuses[$responseStatusCode]})" . PHP_EOL; /** @var ExplicitlyTaggedObject $responseBytes */ $responseBytes = $elements[1]; /** @var Sequence $responseBytesSequence */ $responseBytesSequence = $responseBytes->getContent(); /** @var ObjectIdentifier $responseType */ $responseType = $responseBytesSequence->getChildren()[0]; echo "ResponseType: {$responseType}" . PHP_EOL; $response = $responseBytesSequence->getChildren()[1]; echo "Response (octet string): {$response}" . PHP_EOL;