예제 #1
0
 /**
  * Get public key id for the certificate.
  *
  * @param Certificate $cert
  * @return string
  */
 private static function _getCertKeyId(Certificate $cert)
 {
     $exts = $cert->tbsCertificate()->extensions();
     if ($exts->hasSubjectKeyIdentifier()) {
         return $exts->subjectKeyIdentifier()->keyIdentifier();
     }
     return $cert->tbsCertificate()->subjectPublicKeyInfo()->keyIdentifier();
 }
예제 #2
0
파일: V2Form.php 프로젝트: sop/x509
 /**
  *
  * @see \X509\AttributeCertificate\AttCertIssuer::identifiesPKC()
  * @return bool
  */
 public function identifiesPKC(Certificate $cert)
 {
     $name = $this->_issuerName->firstDN();
     if (!$cert->tbsCertificate()->subject()->equals($name)) {
         return false;
     }
     return true;
 }
예제 #3
0
파일: TBSCertificate.php 프로젝트: sop/x509
 /**
  * Get self with fields set from the issuer's certificate.
  *
  * Issuer shall be set to issuing certificate's subject.
  * Authority key identifier extensions shall be added with a key identifier
  * set to issuing certificate's public key identifier.
  *
  * @param Certificate $cert Issuing party's certificate
  * @return self
  */
 public function withIssuerCertificate(Certificate $cert)
 {
     $obj = clone $this;
     // set issuer DN from cert's subject
     $obj->_issuer = $cert->tbsCertificate()->subject();
     // add authority key identifier extension
     $key_id = $cert->tbsCertificate()->subjectPublicKeyInfo()->keyIdentifier();
     $obj->_extensions = $obj->_extensions->withExtensions(new AuthorityKeyIdentifierExtension(false, $key_id));
     return $obj;
 }
예제 #4
0
파일: Holder.php 프로젝트: sop/x509
 /**
  * Check whether entityName matches the given certificate.
  *
  * @param Certificate $cert
  * @return boolean
  */
 private function _checkEntityName(Certificate $cert)
 {
     $name = $this->_entityName->firstDN();
     if ($cert->tbsCertificate()->subject()->equals($name)) {
         return true;
     }
     $exts = $cert->tbsCertificate()->extensions();
     if ($exts->hasSubjectAlternativeName()) {
         $ext = $exts->subjectAlternativeName();
         if ($this->_checkEntityAlternativeNames($ext->names())) {
             return true;
         }
     }
     return false;
 }
예제 #5
0
파일: ACValidator.php 프로젝트: sop/x509
 /**
  * Validate AC issuer's profile.
  *
  * @link https://tools.ietf.org/html/rfc5755#section-4.5
  * @param Certificate $cert
  * @throws ACValidationException
  */
 private function _validateIssuerProfile(Certificate $cert)
 {
     $exts = $cert->tbsCertificate()->extensions();
     if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
         throw new ACValidationException("Issuer PKC's Key Usage extension doesn't permit" . " verification of digital signatures.");
     }
     if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
         throw new ACValidationException("Issuer PKC must not be a CA.");
     }
 }
예제 #6
0
파일: ValidatorState.php 프로젝트: sop/x509
 /**
  * Initialize variables according to RFC 5280 6.1.2.
  *
  * @link https://tools.ietf.org/html/rfc5280#section-6.1.2
  * @param PathValidationConfig $config
  * @param Certificate $trust_anchor Trust anchor certificate
  * @param int $n Number of certificates in the certification path
  * @return self
  */
 public static function initialize(PathValidationConfig $config, Certificate $trust_anchor, $n)
 {
     $state = new self();
     $state->_pathLength = $n;
     $state->_index = 1;
     $state->_validPolicyTree = new PolicyTree(PolicyNode::anyPolicyNode());
     $state->_permittedSubtrees = null;
     $state->_excludedSubtrees = null;
     $state->_explicitPolicy = $config->explicitPolicy() ? 0 : $n + 1;
     $state->_inhibitAnyPolicy = $config->anyPolicyInhibit() ? 0 : $n + 1;
     $state->_policyMapping = $config->policyMappingInhibit() ? 0 : $n + 1;
     $state->_workingPublicKeyAlgorithm = $trust_anchor->signatureAlgorithm();
     $tbsCert = $trust_anchor->tbsCertificate();
     $state->_workingPublicKey = $tbsCert->subjectPublicKeyInfo();
     $state->_workingPublicKeyParameters = self::getAlgorithmParameters($state->_workingPublicKey->algorithmIdentifier());
     $state->_workingIssuerName = $tbsCert->issuer();
     $state->_maxPathLength = $config->maxLength();
     return $state;
 }
예제 #7
0
파일: PathValidator.php 프로젝트: sop/x509
 /**
  * Process pathLenConstraint.
  *
  * @param ValidatorState $state
  * @param Certificate $cert
  * @return ValidatorState
  */
 private function _processPathLengthContraint(ValidatorState $state, Certificate $cert)
 {
     $extensions = $cert->tbsCertificate()->extensions();
     if ($extensions->hasBasicConstraints()) {
         $ext = $extensions->basicConstraints();
         if ($ext->hasPathLen()) {
             if ($ext->pathLen() < $state->maxPathLength()) {
                 $state = $state->withMaxPathLength($ext->pathLen());
             }
         }
     }
     return $state;
 }
예제 #8
0
파일: IssuerSerial.php 프로젝트: sop/x509
 /**
  * Check whether issuerUID matches given certificate.
  *
  * @param Certificate $cert
  * @return boolean
  */
 private function _checkUniqueID(Certificate $cert)
 {
     if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
         return false;
     }
     $uid = $cert->tbsCertificate()->issuerUniqueID()->string();
     if ($this->_issuerUID->string() != $uid) {
         return false;
     }
     return true;
 }
예제 #9
0
파일: PolicyTree.php 프로젝트: sop/x509
 /**
  * Delete nodes as specified in 6.1.4 (b)(2).
  *
  * @param Certificate $cert
  * @param ValidatorState $state
  */
 protected function _deleteMappings(Certificate $cert, ValidatorState $state)
 {
     $idps = $cert->tbsCertificate()->extensions()->policyMappings()->issuerDomainPolicies();
     // delete each node of depth i in the valid_policy_tree
     // where ID-P is the valid_policy
     foreach ($this->_nodesAtDepth($state->index()) as $node) {
         if (in_array($node->validPolicy(), $idps)) {
             $node->remove();
         }
     }
     $this->_pruneTree($state->index() - 1);
 }
예제 #10
0
파일: AttCertIssuer.php 프로젝트: sop/x509
 /**
  * Initialize from an issuer's public key certificate.
  *
  * @param Certificate $cert
  * @return self
  */
 public static function fromPKC(Certificate $cert)
 {
     return self::fromName($cert->tbsCertificate()->subject());
 }