/** * Save CSR request * * @param Array $csr * @access public * @return String */ function saveCSR($csr) { if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) { return false; } switch ($csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm']) { case 'rsaEncryption': $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'] = base64_encode("" . base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']))); } $asn1 = new File_ASN1(); $asn1->loadOIDs($this->oids); $filters = array(); $filters['certificationRequestInfo']['subject']['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING); $asn1->loadFilters($filters); $csr = $asn1->encodeDER($csr, $this->CertificationRequest); return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr)) . '-----END CERTIFICATE REQUEST-----'; }
/** * Save Certificate Revocation List. * * @param Array $crl * @access public * @return String */ function saveCRL($crl) { if (!is_array($crl) || !isset($crl['tbsCertList'])) { return false; } $asn1 = new File_ASN1(); $asn1->loadOIDs($this->oids); $filters = array(); $filters['tbsCertList']['issuer']['rdnSequence']['value'] = $filters['tbsCertList']['signature']['parameters'] = $filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING); if (empty($crl['tbsCertList']['signature']['parameters'])) { $filters['tbsCertList']['signature']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL); } if (empty($crl['signatureAlgorithm']['parameters'])) { $filters['signatureAlgorithm']['parameters'] = array('type' => FILE_ASN1_TYPE_NULL); } $asn1->loadFilters($filters); $this->_mapOutExtensions($crl, 'tbsCertList/crlExtensions', $asn1); $rclist =& $this->_subArray($crl, 'tbsCertList/revokedCertificates'); if (is_array($rclist)) { foreach ($rclist as $i => $extension) { $this->_mapOutExtensions($rclist, "{$i}/crlEntryExtensions", $asn1); } } $crl = $asn1->encodeDER($crl, $this->CertificateList); return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl)) . '-----END X509 CRL-----'; }
/** * Save X.509 certificate * * @param optional Array $cert * @access public * @return String */ function saveX509($cert) { if (!is_array($cert) || !isset($cert['tbsCertificate'])) { return false; } switch ($cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm']) { case 'rsaEncryption': $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'] = base64_encode("" . base64_decode(preg_replace('#-.+-|[\\r\\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']))); } $asn1 = new File_ASN1(); $asn1->loadOIDs($this->oids); $filters = array(); $filters['tbsCertificate']['signature']['parameters'] = $filters['tbsCertificate']['signature']['issuer']['rdnSequence']['value'] = $filters['tbsCertificate']['issuer']['rdnSequence']['value'] = $filters['tbsCertificate']['subject']['rdnSequence']['value'] = $filters['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = $filters['signatureAlgorithm']['parameters'] = $filters['authorityCertIssuer']['directoryName']['rdnSequence']['value'] = $filters['distributionPoint']['fullName']['directoryName']['rdnSequence']['value'] = $filters['directoryName']['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING); /* in the case of policyQualifiers/qualifier, the type has to be FILE_ASN1_TYPE_IA5_STRING. FILE_ASN1_TYPE_PRINTABLE_STRING will cause OpenSSL's X.509 parser to spit out random characters. */ $filters['policyQualifiers']['qualifier'] = array('type' => FILE_ASN1_TYPE_IA5_STRING); $asn1->loadFilters($filters); if (isset($cert['tbsCertificate']['extensions'])) { $size = count($cert['tbsCertificate']['extensions']); for ($i = 0; $i < $size; $i++) { $id = $cert['tbsCertificate']['extensions'][$i]['extnId']; $value =& $cert['tbsCertificate']['extensions'][$i]['extnValue']; switch ($id) { case 'id-ce-certificatePolicies': for ($j = 0; $j < count($value); $j++) { if (!isset($value[$j]['policyQualifiers'])) { continue; } for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) { $subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId']; $map = $this->_getMapping($subid); $subvalue =& $value[$j]['policyQualifiers'][$k]['qualifier']; if ($map !== false) { // by default File_ASN1 will try to render qualifier as a FILE_ASN1_TYPE_IA5_STRING since it's // actual type is FILE_ASN1_TYPE_ANY $subvalue = new File_ASN1_Element($asn1->encodeDER($subvalue, $map)); } } } break; case 'id-ce-authorityKeyIdentifier': // use 00 as the serial number instead of an empty string if (isset($value['authorityCertSerialNumber'])) { if ($value['authorityCertSerialNumber']->toBytes() == '') { $temp = chr(FILE_ASN1_CLASS_CONTEXT_SPECIFIC << 6 | 2) . ""; $value['authorityCertSerialNumber'] = new File_ASN1_Element($temp); } } } /* [extnValue] contains the DER encoding of an ASN.1 value corresponding to the extension type identified by extnID */ $map = $this->_getMapping($id); if (is_bool($map)) { if (!$map) { user_error($id . ' is not a currently supported extension', E_USER_NOTICE); unset($cert['tbsCertificate']['extensions'][$i]); } } else { $temp = $asn1->encodeDER($value, $map); $value = base64_encode($temp); } } } $cert = $asn1->encodeDER($cert, $this->Certificate); return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert)) . '-----END CERTIFICATE-----'; }