コード例 #1
ファイル: CertificateChain.php プロジェクト: sop/x509
  * Initialize from a list of PEMs.
  * @param PEM ...$pems
  * @return self
 public static function fromPEMs(PEM ...$pems)
     $certs = array_map(function (PEM $pem) {
         return Certificate::fromPEM($pem);
     }, $pems);
     return new self(...$certs);
コード例 #2
ファイル: CertificateBundle.php プロジェクト: sop/x509
  * Get public key id for the certificate.
  * @param Certificate $cert
  * @return string
 private static function _getCertKeyId(Certificate $cert)
     $exts = $cert->tbsCertificate()->extensions();
     if ($exts->hasSubjectKeyIdentifier()) {
         return $exts->subjectKeyIdentifier()->keyIdentifier();
     return $cert->tbsCertificate()->subjectPublicKeyInfo()->keyIdentifier();
コード例 #3
ファイル: V2Form.php プロジェクト: sop/x509
  * @see \X509\AttributeCertificate\AttCertIssuer::identifiesPKC()
  * @return bool
 public function identifiesPKC(Certificate $cert)
     $name = $this->_issuerName->firstDN();
     if (!$cert->tbsCertificate()->subject()->equals($name)) {
         return false;
     return true;
コード例 #4
ファイル: TBSCertificate.php プロジェクト: sop/x509
  * Get self with fields set from the issuer's certificate.
  * Issuer shall be set to issuing certificate's subject.
  * Authority key identifier extensions shall be added with a key identifier
  * set to issuing certificate's public key identifier.
  * @param Certificate $cert Issuing party's certificate
  * @return self
 public function withIssuerCertificate(Certificate $cert)
     $obj = clone $this;
     // set issuer DN from cert's subject
     $obj->_issuer = $cert->tbsCertificate()->subject();
     // add authority key identifier extension
     $key_id = $cert->tbsCertificate()->subjectPublicKeyInfo()->keyIdentifier();
     $obj->_extensions = $obj->_extensions->withExtensions(new AuthorityKeyIdentifierExtension(false, $key_id));
     return $obj;
コード例 #5
ファイル: Holder.php プロジェクト: sop/x509
  * Check whether entityName matches the given certificate.
  * @param Certificate $cert
  * @return boolean
 private function _checkEntityName(Certificate $cert)
     $name = $this->_entityName->firstDN();
     if ($cert->tbsCertificate()->subject()->equals($name)) {
         return true;
     $exts = $cert->tbsCertificate()->extensions();
     if ($exts->hasSubjectAlternativeName()) {
         $ext = $exts->subjectAlternativeName();
         if ($this->_checkEntityAlternativeNames($ext->names())) {
             return true;
     return false;
コード例 #6
ファイル: ACValidator.php プロジェクト: sop/x509
  * Validate AC issuer's profile.
  * @link https://tools.ietf.org/html/rfc5755#section-4.5
  * @param Certificate $cert
  * @throws ACValidationException
 private function _validateIssuerProfile(Certificate $cert)
     $exts = $cert->tbsCertificate()->extensions();
     if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
         throw new ACValidationException("Issuer PKC's Key Usage extension doesn't permit" . " verification of digital signatures.");
     if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
         throw new ACValidationException("Issuer PKC must not be a CA.");
コード例 #7
ファイル: ValidatorState.php プロジェクト: sop/x509
  * Initialize variables according to RFC 5280 6.1.2.
  * @link https://tools.ietf.org/html/rfc5280#section-6.1.2
  * @param PathValidationConfig $config
  * @param Certificate $trust_anchor Trust anchor certificate
  * @param int $n Number of certificates in the certification path
  * @return self
 public static function initialize(PathValidationConfig $config, Certificate $trust_anchor, $n)
     $state = new self();
     $state->_pathLength = $n;
     $state->_index = 1;
     $state->_validPolicyTree = new PolicyTree(PolicyNode::anyPolicyNode());
     $state->_permittedSubtrees = null;
     $state->_excludedSubtrees = null;
     $state->_explicitPolicy = $config->explicitPolicy() ? 0 : $n + 1;
     $state->_inhibitAnyPolicy = $config->anyPolicyInhibit() ? 0 : $n + 1;
     $state->_policyMapping = $config->policyMappingInhibit() ? 0 : $n + 1;
     $state->_workingPublicKeyAlgorithm = $trust_anchor->signatureAlgorithm();
     $tbsCert = $trust_anchor->tbsCertificate();
     $state->_workingPublicKey = $tbsCert->subjectPublicKeyInfo();
     $state->_workingPublicKeyParameters = self::getAlgorithmParameters($state->_workingPublicKey->algorithmIdentifier());
     $state->_workingIssuerName = $tbsCert->issuer();
     $state->_maxPathLength = $config->maxLength();
     return $state;
コード例 #8
ファイル: PathValidator.php プロジェクト: sop/x509
  * Process pathLenConstraint.
  * @param ValidatorState $state
  * @param Certificate $cert
  * @return ValidatorState
 private function _processPathLengthContraint(ValidatorState $state, Certificate $cert)
     $extensions = $cert->tbsCertificate()->extensions();
     if ($extensions->hasBasicConstraints()) {
         $ext = $extensions->basicConstraints();
         if ($ext->hasPathLen()) {
             if ($ext->pathLen() < $state->maxPathLength()) {
                 $state = $state->withMaxPathLength($ext->pathLen());
     return $state;
コード例 #9
ファイル: IssuerSerial.php プロジェクト: sop/x509
  * Check whether issuerUID matches given certificate.
  * @param Certificate $cert
  * @return boolean
 private function _checkUniqueID(Certificate $cert)
     if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
         return false;
     $uid = $cert->tbsCertificate()->issuerUniqueID()->string();
     if ($this->_issuerUID->string() != $uid) {
         return false;
     return true;
コード例 #10
ファイル: PolicyTree.php プロジェクト: sop/x509
  * Delete nodes as specified in 6.1.4 (b)(2).
  * @param Certificate $cert
  * @param ValidatorState $state
 protected function _deleteMappings(Certificate $cert, ValidatorState $state)
     $idps = $cert->tbsCertificate()->extensions()->policyMappings()->issuerDomainPolicies();
     // delete each node of depth i in the valid_policy_tree
     // where ID-P is the valid_policy
     foreach ($this->_nodesAtDepth($state->index()) as $node) {
         if (in_array($node->validPolicy(), $idps)) {
     $this->_pruneTree($state->index() - 1);
コード例 #11
ファイル: AttCertIssuer.php プロジェクト: sop/x509
  * Initialize from an issuer's public key certificate.
  * @param Certificate $cert
  * @return self
 public static function fromPKC(Certificate $cert)
     return self::fromName($cert->tbsCertificate()->subject());