| [ Index ] |
PHP Cross Reference of DokuWiki |
[Source view] [Print] [Project Stats]
Pure-PHP X.509 Parser PHP version 5
| Author: | Jim Wigginton |
| Copyright: | 2012 Jim Wigginton |
| License: | http://www.opensource.org/licenses/mit-license.html MIT License |
| Link: | http://phpseclib.sourceforge.net |
| File Size: | 5102 lines (188 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
X509:: (90 methods):
__construct()
loadX509()
saveX509()
_mapInExtensions()
_mapOutExtensions()
_mapInAttributes()
_mapOutAttributes()
_mapInDNs()
_mapOutDNs()
_getMapping()
loadCA()
validateURL()
validateDate()
_fetchURL()
_testForIntermediate()
validateSignature()
_validateSignatureCountable()
_validateSignature()
setRecurLimit()
disableURLFetch()
enableURLFetch()
_reformatKey()
_decodeIP()
_decodeNameConstraintIP()
_encodeIP()
_translateDNProp()
setDNProp()
removeDNProp()
getDNProp()
setDN()
getDN()
getIssuerDN()
getSubjectDN()
getIssuerDNProp()
getSubjectDNProp()
getChain()
setPublicKey()
setPrivateKey()
setChallenge()
getPublicKey()
loadCSR()
saveCSR()
loadSPKAC()
saveSPKAC()
loadCRL()
saveCRL()
_timeField()
sign()
signCSR()
signSPKAC()
signCRL()
_sign()
setStartDate()
setEndDate()
setSerialNumber()
makeCA()
_isSubArrayValid()
_subArrayUnchecked()
_subArray()
_extensions()
_removeExtension()
_getExtension()
_getExtensions()
_setExtension()
removeExtension()
getExtension()
getExtensions()
setExtension()
removeAttribute()
getAttribute()
getAttributes()
setAttribute()
setKeyIdentifier()
computeKeyIdentifier()
_formatSubjectPublicKey()
setDomain()
setIPAddress()
_dnsName()
_iPAddress()
_revokedCertificate()
revoke()
unrevoke()
getRevoked()
listRevoked()
removeRevokedCertificateExtension()
getRevokedCertificateExtension()
getRevokedCertificateExtensions()
setRevokedCertificateExtension()
_extractBER()
getOID()
| __construct() X-Ref |
| Default Constructor. return: \phpseclib\File\X509 |
| loadX509($cert, $mode = self::FORMAT_AUTO_DETECT) X-Ref |
| Load X.509 certificate Returns an associative array describing the X.509 cert or a false if the cert failed to load return: mixed param: string $cert param: int $mode |
| saveX509($cert, $format = self::FORMAT_PEM) X-Ref |
| Save X.509 certificate return: string param: array $cert param: int $format optional |
| _mapInExtensions(&$root, $path, $asn1) X-Ref |
| Map extension values from octet string to extension-specific internal format. param: array $root (by reference) param: string $path param: object $asn1 |
| _mapOutExtensions(&$root, $path, $asn1) X-Ref |
| Map extension values from extension-specific internal format to octet string. param: array $root (by reference) param: string $path param: object $asn1 |
| _mapInAttributes(&$root, $path, $asn1) X-Ref |
| Map attribute values from ANY type to attribute-specific internal format. param: array $root (by reference) param: string $path param: object $asn1 |
| _mapOutAttributes(&$root, $path, $asn1) X-Ref |
| Map attribute values from attribute-specific internal format to ANY type. param: array $root (by reference) param: string $path param: object $asn1 |
| _mapInDNs(&$root, $path, $asn1) X-Ref |
| Map DN values from ANY type to DN-specific internal format. param: array $root (by reference) param: string $path param: object $asn1 |
| _mapOutDNs(&$root, $path, $asn1) X-Ref |
| Map DN values from DN-specific internal format to ANY type. param: array $root (by reference) param: string $path param: object $asn1 |
| _getMapping($extnId) X-Ref |
| Associate an extension ID to an extension mapping return: mixed param: string $extnId |
| loadCA($cert) X-Ref |
| Load an X.509 certificate as a certificate authority return: bool param: string $cert |
| validateURL($url) X-Ref |
| Validate an X.509 certificate against a URL From RFC2818 "HTTP over TLS": Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com. return: bool param: string $url |
| validateDate($date = null) X-Ref |
| Validate a date If $date isn't defined it is assumed to be the current date. param: \DateTime|string $date optional |
| _fetchURL($url) X-Ref |
| Fetches a URL return: bool|string param: string $url |
| _testForIntermediate($caonly, $count) X-Ref |
| Validates an intermediate cert as identified via authority info access extension See https://tools.ietf.org/html/rfc4325 for more info return: bool param: bool $caonly param: int $count |
| validateSignature($caonly = true) X-Ref |
| Validate a signature Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed. The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}. return: mixed param: bool $caonly optional |
| _validateSignatureCountable($caonly, $count) X-Ref |
| Validate a signature Performs said validation whilst keeping track of how many times validation method is called return: mixed param: bool $caonly param: int $count |
| _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) X-Ref |
| Validates a signature Returns true if the signature is verified, false if it is not correct or null on error return: int param: string $publicKeyAlgorithm param: string $publicKey param: string $signatureAlgorithm param: string $signature param: string $signatureSubject |
| setRecurLimit($count) X-Ref |
| Sets the recursion limit When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit. param: int $count |
| disableURLFetch() X-Ref |
| Prevents URIs from being automatically retrieved |
| enableURLFetch() X-Ref |
| Allows URIs to be automatically retrieved |
| _reformatKey($algorithm, $key) X-Ref |
| Reformat public keys Reformats a public key to a format supported by phpseclib (if applicable) return: string param: string $algorithm param: string $key |
| _decodeIP($ip) X-Ref |
| Decodes an IP address Takes in a base64 encoded "blob" and returns a human readable IP address return: string param: string $ip |
| _decodeNameConstraintIP($ip) X-Ref |
| Decodes an IP address in a name constraints extension Takes in a base64 encoded "blob" and returns a human readable IP address / mask return: array param: string $ip |
| _encodeIP($ip) X-Ref |
| Encodes an IP address Takes a human readable IP address into a base64-encoded "blob" return: string param: string|array $ip |
| _translateDNProp($propName) X-Ref |
| "Normalizes" a Distinguished Name property return: mixed param: string $propName |
| setDNProp($propName, $propValue, $type = 'utf8String') X-Ref |
| Set a Distinguished Name property return: bool param: string $propName param: mixed $propValue param: string $type optional |
| removeDNProp($propName) X-Ref |
| Remove Distinguished Name properties param: string $propName |
| getDNProp($propName, $dn = null, $withType = false) X-Ref |
| Get Distinguished Name properties return: mixed param: string $propName param: array $dn optional param: bool $withType optional |
| setDN($dn, $merge = false, $type = 'utf8String') X-Ref |
| Set a Distinguished Name return: bool param: mixed $dn param: bool $merge optional param: string $type optional |
| getDN($format = self::DN_ARRAY, $dn = null) X-Ref |
| Get the Distinguished Name for a certificates subject return: bool param: mixed $format optional param: array $dn optional |
| getIssuerDN($format = self::DN_ARRAY) X-Ref |
| Get the Distinguished Name for a certificate/crl issuer return: mixed param: int $format optional |
| getSubjectDN($format = self::DN_ARRAY) X-Ref |
| Get the Distinguished Name for a certificate/csr subject Alias of getDN() return: mixed param: int $format optional |
| getIssuerDNProp($propName, $withType = false) X-Ref |
| Get an individual Distinguished Name property for a certificate/crl issuer return: mixed param: string $propName param: bool $withType optional |
| getSubjectDNProp($propName, $withType = false) X-Ref |
| Get an individual Distinguished Name property for a certificate/csr subject return: mixed param: string $propName param: bool $withType optional |
| getChain() X-Ref |
| Get the certificate chain for the current cert return: mixed |
| setPublicKey($key) X-Ref |
| Set public key Key needs to be a \phpseclib\Crypt\RSA object return: bool param: object $key |
| setPrivateKey($key) X-Ref |
| Set private key Key needs to be a \phpseclib\Crypt\RSA object param: object $key |
| setChallenge($challenge) X-Ref |
| Set challenge Used for SPKAC CSR's param: string $challenge |
| getPublicKey() X-Ref |
| Gets the public key Returns a \phpseclib\Crypt\RSA object or a false. return: mixed |
| loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT) X-Ref |
| Load a Certificate Signing Request return: mixed param: string|array $csr param: int $mode |
| saveCSR($csr, $format = self::FORMAT_PEM) X-Ref |
| Save CSR request return: string param: array $csr param: int $format optional |
| loadSPKAC($spkac) X-Ref |
| Load a SPKAC CSR SPKAC's are produced by the HTML5 keygen element: https://developer.mozilla.org/en-US/docs/HTML/Element/keygen return: mixed param: string|array $spkac |
| saveSPKAC($spkac, $format = self::FORMAT_PEM) X-Ref |
| Save a SPKAC CSR request return: string param: string|array $spkac param: int $format optional |
| loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT) X-Ref |
| Load a Certificate Revocation List return: mixed param: string $crl param: int $mode |
| saveCRL($crl, $format = self::FORMAT_PEM) X-Ref |
| Save Certificate Revocation List. return: string param: array $crl param: int $format optional |
| _timeField($date) X-Ref |
| Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else. return: array param: string $date in format date('D, d M Y H:i:s O') |
| sign($issuer, $subject, $signatureAlgorithm = 'sha1WithRSAEncryption') X-Ref |
| Sign an X.509 certificate $issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set. return: mixed param: \phpseclib\File\X509 $issuer param: \phpseclib\File\X509 $subject param: string $signatureAlgorithm optional |
| signCSR($signatureAlgorithm = 'sha1WithRSAEncryption') X-Ref |
| Sign a CSR return: mixed |
| signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption') X-Ref |
| Sign a SPKAC return: mixed |
| signCRL($issuer, $crl, $signatureAlgorithm = 'sha1WithRSAEncryption') X-Ref |
| Sign a CRL $issuer's private key needs to be loaded. return: mixed param: \phpseclib\File\X509 $issuer param: \phpseclib\File\X509 $crl param: string $signatureAlgorithm optional |
| _sign($key, $signatureAlgorithm) X-Ref |
| X.509 certificate signing helper function. return: mixed param: \phpseclib\File\X509 $key param: string $signatureAlgorithm |
| setStartDate($date) X-Ref |
| Set certificate start date param: string $date |
| setEndDate($date) X-Ref |
| Set certificate end date param: string $date |
| setSerialNumber($serial, $base = -256) X-Ref |
| Set Serial Number param: string $serial param: int $base optional |
| makeCA() X-Ref |
| Turns the certificate into a certificate authority |
| _isSubArrayValid($root, $path) X-Ref |
| Check for validity of subarray This is intended for use in conjunction with _subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to is_array(). return: boolean param: array $root param: string $path |
| _subArrayUnchecked(&$root, $path, $create = false) X-Ref |
| Get a reference to a subarray This variant of _subArray() does no is_array() checking, so $root should be checked with _isSubArrayValid() first. This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive. return: array|false param: array $root param: string $path absolute path with / as component separator param: bool $create optional |
| _subArray(&$root, $path, $create = false) X-Ref |
| Get a reference to a subarray return: array|false param: array $root param: string $path absolute path with / as component separator param: bool $create optional |
| _extensions(&$root, $path = null, $create = false) X-Ref |
| Get a reference to an extension subarray return: array|false param: array $root param: string $path optional absolute path with / as component separator param: bool $create optional |
| _removeExtension($id, $path = null) X-Ref |
| Remove an Extension return: bool param: string $id param: string $path optional |
| _getExtension($id, $cert = null, $path = null) X-Ref |
| Get an Extension Returns the extension if it exists and false if not return: mixed param: string $id param: array $cert optional param: string $path optional |
| _getExtensions($cert = null, $path = null) X-Ref |
| Returns a list of all extensions in use return: array param: array $cert optional param: string $path optional |
| _setExtension($id, $value, $critical = false, $replace = true, $path = null) X-Ref |
| Set an Extension return: bool param: string $id param: mixed $value param: bool $critical optional param: bool $replace optional param: string $path optional |
| removeExtension($id) X-Ref |
| Remove a certificate, CSR or CRL Extension return: bool param: string $id |
| getExtension($id, $cert = null) X-Ref |
| Get a certificate, CSR or CRL Extension Returns the extension if it exists and false if not return: mixed param: string $id param: array $cert optional |
| getExtensions($cert = null) X-Ref |
| Returns a list of all extensions in use in certificate, CSR or CRL return: array param: array $cert optional |
| setExtension($id, $value, $critical = false, $replace = true) X-Ref |
| Set a certificate, CSR or CRL Extension return: bool param: string $id param: mixed $value param: bool $critical optional param: bool $replace optional |
| removeAttribute($id, $disposition = self::ATTR_ALL) X-Ref |
| Remove a CSR attribute. return: bool param: string $id param: int $disposition optional |
| getAttribute($id, $disposition = self::ATTR_ALL, $csr = null) X-Ref |
| Get a CSR attribute Returns the attribute if it exists and false if not return: mixed param: string $id param: int $disposition optional param: array $csr optional |
| getAttributes($csr = null) X-Ref |
| Returns a list of all CSR attributes in use return: array param: array $csr optional |
| setAttribute($id, $value, $disposition = self::ATTR_ALL) X-Ref |
| Set a CSR attribute return: bool param: string $id param: mixed $value param: bool $disposition optional |
| setKeyIdentifier($value) X-Ref |
| Sets the subject key identifier This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions. param: string $value |
| computeKeyIdentifier($key = null, $method = 1) X-Ref |
| Compute a public key identifier. Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key: - Key object - \phpseclib\File\X509 object with public or private key defined - Certificate or CSR array - \phpseclib\File\ASN1\Element object - PEM or DER string return: string binary key identifier param: mixed $key optional param: int $method optional |
| _formatSubjectPublicKey() X-Ref |
| Format a public key as appropriate return: array |
| setDomain() X-Ref |
| Set the domain name's which the cert is to be valid for return: array |
| setIPAddress() X-Ref |
| Set the IP Addresses's which the cert is to be valid for |
| _dnsName($domain) X-Ref |
| Helper function to build domain array return: array param: string $domain |
| _iPAddress($address) X-Ref |
| Helper function to build IP Address array (IPv6 is not currently supported) return: array param: string $address |
| _revokedCertificate(&$rclist, $serial, $create = false) X-Ref |
| Get the index of a revoked certificate. return: int|false param: array $rclist param: string $serial param: bool $create optional |
| revoke($serial, $date = null) X-Ref |
| Revoke a certificate. return: bool param: string $serial param: string $date optional |
| unrevoke($serial) X-Ref |
| Unrevoke a certificate. return: bool param: string $serial |
| getRevoked($serial) X-Ref |
| Get a revoked certificate. return: mixed param: string $serial |
| listRevoked($crl = null) X-Ref |
| List revoked certificates return: array param: array $crl optional |
| removeRevokedCertificateExtension($serial, $id) X-Ref |
| Remove a Revoked Certificate Extension return: bool param: string $serial param: string $id |
| getRevokedCertificateExtension($serial, $id, $crl = null) X-Ref |
| Get a Revoked Certificate Extension Returns the extension if it exists and false if not return: mixed param: string $serial param: string $id param: array $crl optional |
| getRevokedCertificateExtensions($serial, $crl = null) X-Ref |
| Returns a list of all extensions in use for a given revoked certificate return: array param: string $serial param: array $crl optional |
| setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true) X-Ref |
| Set a Revoked Certificate Extension return: bool param: string $serial param: string $id param: mixed $value param: bool $critical optional param: bool $replace optional |
| _extractBER($str) X-Ref |
| Extract raw BER from Base64 encoding return: string param: string $str |
| getOID($name) X-Ref |
| Returns the OID corresponding to a name What's returned in the associative array returned by loadX509() (or load*()) is either a name or an OID if no OID to name mapping is available. The problem with this is that what may be an unmapped OID in one version of phpseclib may not be unmapped in the next version, so apps that are looking at this OID may not be able to work from version to version. This method will return the OID if a name is passed to it and if no mapping is avialable it'll assume that what's being passed to it already is an OID and return that instead. A few examples. getOID('2.16.840.1.101.3.4.2.1') == '2.16.840.1.101.3.4.2.1' getOID('id-sha256') == '2.16.840.1.101.3.4.2.1' getOID('zzz') == 'zzz' return: string |