예제 #1
0
파일: X509Test.php 프로젝트: SysBind/saml2
 /**
  * @group certificate
  *
  * @test
  */
 public function x509_certificate_contents_must_be_stripped_of_whitespace()
 {
     $toTest = array('X509Certificate' => ' Should   No Longer  Have Whitespaces');
     $viaConstructor = new X509($toTest);
     $viaSetting = new X509(array());
     $viaSetting['X509Certificate'] = $toTest['X509Certificate'];
     $viaFactory = X509::createFromCertificateData($toTest['X509Certificate']);
     $this->assertEquals($viaConstructor['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
     $this->assertEquals($viaSetting['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
     $this->assertEquals($viaFactory['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
 }
예제 #2
0
파일: Debug.php 프로젝트: rnaga/php-tls
 public function getCertificates()
 {
     $crtDers = $this->core->getCrtDers();
     if (!count($crtDers)) {
         return '';
     }
     $output = [];
     foreach ($crtDers as $der) {
         $output[] = X509::crtDerToPem($der);
     }
     return implode("\n", $output) . "\n";
 }
예제 #3
0
 /**
  * Sign an X.509 certificate
  *
  * $issuer's private key needs to be loaded.
  * $subject can be either an existing X.509 cert (if you want to resign it),
  * a CSR or something with the DN and public key explicitly set.
  *
  * @param X509 $issuer
  * @param X509 $subject
  * @param String $signatureAlgorithm optional
  * @access public
  * @return Mixed
  */
 function sign($issuer, $subject, $signatureAlgorithm = 'sha1WithRSAEncryption')
 {
     if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
         return false;
     }
     if (isset($subject->publicKey) && !($subjectPublicKey = $subject->_formatSubjectPublicKey())) {
         return false;
     }
     $currentCert = isset($this->currentCert) ? $this->currentCert : null;
     $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
     if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) {
         $this->currentCert = $subject->currentCert;
         $this->currentCert['tbsCertificate']['signature']['algorithm'] = $signatureAlgorithm;
         $this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm;
         if (!empty($this->startDate)) {
             $this->currentCert['tbsCertificate']['validity']['notBefore'] = $this->_timeField($this->startDate);
         }
         if (!empty($this->endDate)) {
             $this->currentCert['tbsCertificate']['validity']['notAfter'] = $this->_timeField($this->endDate);
         }
         if (!empty($this->serialNumber)) {
             $this->currentCert['tbsCertificate']['serialNumber'] = $this->serialNumber;
         }
         if (!empty($subject->dn)) {
             $this->currentCert['tbsCertificate']['subject'] = $subject->dn;
         }
         if (!empty($subject->publicKey)) {
             $this->currentCert['tbsCertificate']['subjectPublicKeyInfo'] = $subjectPublicKey;
         }
         $this->removeExtension('id-ce-authorityKeyIdentifier');
         if (isset($subject->domains)) {
             $this->removeExtension('id-ce-subjectAltName');
         }
     } else {
         if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertList'])) {
             return false;
         } else {
             if (!isset($subject->publicKey)) {
                 return false;
             }
             $startDate = !empty($this->startDate) ? $this->startDate : @date('D, d M Y H:i:s O');
             $endDate = !empty($this->endDate) ? $this->endDate : @date('D, d M Y H:i:s O', strtotime('+1 year'));
             $serialNumber = !empty($this->serialNumber) ? $this->serialNumber : new BigInteger();
             $this->currentCert = array('tbsCertificate' => array('version' => 'v3', 'serialNumber' => $serialNumber, 'signature' => array('algorithm' => $signatureAlgorithm), 'issuer' => false, 'validity' => array('notBefore' => $this->_timeField($startDate), 'notAfter' => $this->_timeField($endDate)), 'subject' => $subject->dn, 'subjectPublicKeyInfo' => $subjectPublicKey), 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm), 'signature' => false);
             // Copy extensions from CSR.
             $csrexts = $subject->getAttribute('pkcs-9-at-extensionRequest', 0);
             if (!empty($csrexts)) {
                 $this->currentCert['tbsCertificate']['extensions'] = $csrexts;
             }
         }
     }
     $this->currentCert['tbsCertificate']['issuer'] = $issuer->dn;
     if (isset($issuer->currentKeyIdentifier)) {
         $this->setExtension('id-ce-authorityKeyIdentifier', array('keyIdentifier' => $issuer->currentKeyIdentifier));
         //$extensions = &$this->currentCert['tbsCertificate']['extensions'];
         //if (isset($issuer->serialNumber)) {
         //    $extensions[count($extensions) - 1]['authorityCertSerialNumber'] = $issuer->serialNumber;
         //}
         //unset($extensions);
     }
     if (isset($subject->currentKeyIdentifier)) {
         $this->setExtension('id-ce-subjectKeyIdentifier', $subject->currentKeyIdentifier);
     }
     $altName = array();
     if (isset($subject->domains) && count($subject->domains) > 1) {
         $altName = array_map(array('X509', '_dnsName'), $subject->domains);
     }
     if (isset($subject->ipAddresses) && count($subject->ipAddresses)) {
         // should an IP address appear as the CN if no domain name is specified? idk
         //$ips = count($subject->domains) ? $subject->ipAddresses : array_slice($subject->ipAddresses, 1);
         $ipAddresses = array();
         foreach ($subject->ipAddresses as $ipAddress) {
             $encoded = $subject->_ipAddress($ipAddress);
             if ($encoded !== false) {
                 $ipAddresses[] = $encoded;
             }
         }
         if (count($ipAddresses)) {
             $altName = array_merge($altName, $ipAddresses);
         }
     }
     if (!empty($altName)) {
         $this->setExtension('id-ce-subjectAltName', $altName);
     }
     if ($this->caFlag) {
         $keyUsage = $this->getExtension('id-ce-keyUsage');
         if (!$keyUsage) {
             $keyUsage = array();
         }
         $this->setExtension('id-ce-keyUsage', array_values(array_unique(array_merge($keyUsage, array('cRLSign', 'keyCertSign')))));
         $basicConstraints = $this->getExtension('id-ce-basicConstraints');
         if (!$basicConstraints) {
             $basicConstraints = array();
         }
         $this->setExtension('id-ce-basicConstraints', array_unique(array_merge(array('cA' => true), $basicConstraints)), true);
         if (!isset($subject->currentKeyIdentifier)) {
             $this->setExtension('id-ce-subjectKeyIdentifier', base64_encode($this->computeKeyIdentifier($this->currentCert)), false, false);
         }
     }
     // resync $this->signatureSubject
     // save $tbsCertificate in case there are any ASN1_Element objects in it
     $tbsCertificate = $this->currentCert['tbsCertificate'];
     $this->loadX509($this->saveX509($this->currentCert));
     $result = $this->_sign($issuer->privateKey, $signatureAlgorithm);
     $result['tbsCertificate'] = $tbsCertificate;
     $this->currentCert = $currentCert;
     $this->signatureSubject = $signatureSubject;
     return $result;
 }
예제 #4
0
파일: Ocsp.php 프로젝트: moffe42/nemid-php
 protected function ocspBasic($der)
 {
     $this->xtns->init($der);
     $this->xtns->beginsequence();
     $res['tbsResponseData_der'] = $this->xtns->der();
     $res['tbsResponseData'] = $this->tbsResponseData();
     $res['signatureAlgorithm'] = $this->xtns->signatureAlgorithm();
     $res['signature'] = $this->xtns->next(3);
     if ($this->xtns->peek() == 0) {
         $this->xtns->next(0);
         $this->xtns->beginsequence();
         $x = new X509();
         while ($this->xtns->in()) {
             $res['certs'][] = $x->certificate($this->xtns->der(null, true));
             # get and continue past ...
         }
         $this->xtns->end();
     }
     $this->xtns->end();
     return $res;
 }
예제 #5
0
 static function staticGet509XInfo($certs, $isPEMFormat = TRUE)
 {
     if ($isPEMFormat) {
         $beginCertificate = '-----BEGIN CERTIFICATE-----';
         $endCertificate = '-----END CERTIFICATE-----';
         $data = '';
         $certlist = array();
         $arCert = explode("\n", $certs);
         $inData = FALSE;
         $i = 0;
         foreach ($arCert as $curData) {
             if (!$inData) {
                 if (strncmp($curData, $beginCertificate, 27) === 0) {
                     $inData = true;
                 }
             } else {
                 if (strncmp($curData, $endCertificate, 25) === 0) {
                     $inData = false;
                     $certlist[$i]['Certificate'] = $data;
                     $data = '';
                     $i++;
                     continue;
                 }
                 $data .= trim($curData) . PHP_EOL;
             }
             if (strncmp($curData, 'issuer=', 7) == 0) {
                 $issuerData = str_replace('issuer=', '', trim($curData));
                 $issuerTmp = explode('/', $issuerData);
                 $issuer = '';
                 krsort($issuerTmp);
                 foreach ($issuerTmp as $issuerValue) {
                     if (!empty($issuerValue)) {
                         $issuer .= $issuerValue . ',';
                     }
                 }
                 $issuerLen = strlen($issuer);
                 $issuer = substr($issuer, 0, $issuerLen - 1);
                 $certlist[$i]['z_IssuerName'] = $issuer;
             }
             if (strncmp($curData, 'subject=', 7) == 0) {
                 $issuerData = str_replace('subject=', '', trim($curData));
                 $issuerTmp = explode('/', $issuerData);
                 $issuer = '';
                 krsort($issuerTmp);
                 foreach ($issuerTmp as $issuerValue) {
                     if (!empty($issuerValue)) {
                         $issuer .= $issuerValue . ',';
                     }
                 }
                 $issuerLen = strlen($issuer);
                 $issuer = substr($issuer, 0, $issuerLen - 1);
                 $certlist[$i]['SubjectName'] = $issuer;
             }
         }
         foreach ($certlist as $key => $certificateData) {
             if (empty($certificateData['Certificate'])) {
                 unset($certlist[$key]);
                 continue;
             }
             $certicate = $beginCertificate . PHP_EOL . $certificateData['Certificate'] . $endCertificate;
             $objX509 = new X509();
             $cert = $objX509->loadX509($certicate);
             $certlist[$key]['z_SerialNumber'] = $cert['tbsCertificate']['serialNumber']->toString();
             ksort($certlist[$key]);
             $certlist[$key]['IssuerName'] = $certlist[$key]['z_IssuerName'];
             $certlist[$key]['SerialNumber'] = $certlist[$key]['z_SerialNumber'];
             unset($certlist[$key]['z_IssuerName']);
             unset($certlist[$key]['z_SerialNumber']);
         }
         return $certlist;
     } else {
         return array($certs);
     }
 }