[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/vendor/phpseclib/phpseclib/phpseclib/File/ -> X509.php (summary)

Pure-PHP X.509 Parser PHP version 5

Author: Jim Wigginton
Copyright: 2012 Jim Wigginton
License: http://www.opensource.org/licenses/mit-license.html MIT License
Link: http://phpseclib.sourceforge.net
File Size: 4006 lines (143 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

X509:: (91 methods):
  __construct()
  loadX509()
  saveX509()
  mapInExtensions()
  mapOutExtensions()
  mapInAttributes()
  mapOutAttributes()
  mapInDNs()
  mapOutDNs()
  getMapping()
  loadCA()
  validateURL()
  validateDate()
  fetchURL()
  testForIntermediate()
  validateSignature()
  validateSignatureCountable()
  validateSignatureHelper()
  setRecurLimit()
  disableURLFetch()
  enableURLFetch()
  decodeIP()
  decodeNameConstraintIP()
  encodeIP()
  translateDNProp()
  setDNProp()
  removeDNProp()
  getDNProp()
  setDN()
  getDN()
  getIssuerDN()
  getSubjectDN()
  getIssuerDNProp()
  getSubjectDNProp()
  getChain()
  getCurrentCert()
  setPublicKey()
  setPrivateKey()
  setChallenge()
  getPublicKey()
  loadCSR()
  saveCSR()
  loadSPKAC()
  saveSPKAC()
  loadCRL()
  saveCRL()
  timeField()
  sign()
  signCSR()
  signSPKAC()
  signCRL()
  identifySignatureAlgorithm()
  setStartDate()
  setEndDate()
  setSerialNumber()
  makeCA()
  isSubArrayValid()
  subArrayUnchecked()
  subArray()
  extensions()
  removeExtensionHelper()
  getExtensionHelper()
  getExtensionsHelper()
  setExtensionHelper()
  removeExtension()
  getExtension()
  getExtensions()
  setExtension()
  removeAttribute()
  getAttribute()
  getAttributes()
  setAttribute()
  setKeyIdentifier()
  computeKeyIdentifier()
  formatSubjectPublicKey()
  setDomain()
  setIPAddress()
  dnsName()
  iPAddress()
  revokedCertificate()
  revoke()
  unrevoke()
  getRevoked()
  listRevoked()
  removeRevokedCertificateExtension()
  getRevokedCertificateExtension()
  getRevokedCertificateExtensions()
  setRevokedCertificateExtension()
  registerExtension()
  getRegisteredExtension()
  setExtensionValue()


Class: X509  - X-Ref

Pure-PHP X.509 Parser

__construct()   X-Ref
Default Constructor.

return: \phpseclib3\File\X509

loadX509($cert, $mode = self::FORMAT_AUTO_DETECT)   X-Ref
Load X.509 certificate

Returns an associative array describing the X.509 cert or a false if the cert failed to load

param: array|string $cert
param: int $mode
return: mixed

saveX509(array $cert, $format = self::FORMAT_PEM)   X-Ref
Save X.509 certificate

param: array $cert
param: int $format optional
return: string

mapInExtensions(array &$root, $path)   X-Ref
Map extension values from octet string to extension-specific internal
format.

param: array $root (by reference)
param: string $path

mapOutExtensions(array &$root, $path)   X-Ref
Map extension values from extension-specific internal format to
octet string.

param: array $root (by reference)
param: string $path

mapInAttributes(&$root, $path)   X-Ref
Map attribute values from ANY type to attribute-specific internal
format.

param: array $root (by reference)
param: string $path

mapOutAttributes(&$root, $path)   X-Ref
Map attribute values from attribute-specific internal format to
ANY type.

param: array $root (by reference)
param: string $path

mapInDNs(array &$root, $path)   X-Ref
Map DN values from ANY type to DN-specific internal
format.

param: array $root (by reference)
param: string $path

mapOutDNs(array &$root, $path)   X-Ref
Map DN values from DN-specific internal format to
ANY type.

param: array $root (by reference)
param: string $path

getMapping($extnId)   X-Ref
Associate an extension ID to an extension mapping

param: string $extnId
return: mixed

loadCA($cert)   X-Ref
Load an X.509 certificate as a certificate authority

param: string $cert
return: bool

validateURL($url)   X-Ref
Validate an X.509 certificate against a URL

From RFC2818 "HTTP over TLS":

Matching is performed using the matching rules specified by
[RFC2459].  If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.

param: string $url
return: bool

validateDate($date = null)   X-Ref
Validate a date

If $date isn't defined it is assumed to be the current date.

param: \DateTimeInterface|string $date optional
return: bool

fetchURL($url)   X-Ref
Fetches a URL

param: string $url
return: bool|string

testForIntermediate($caonly, $count)   X-Ref
Validates an intermediate cert as identified via authority info access extension

See https://tools.ietf.org/html/rfc4325 for more info

param: bool $caonly
param: int $count
return: bool

validateSignature($caonly = true)   X-Ref
Validate a signature

Works on X.509 certs, CSR's and CRL's.
Returns true if the signature is verified, false if it is not correct or null on error

By default returns false for self-signed certs. Call validateSignature(false) to make this support
self-signed.

The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}.

param: bool $caonly optional
return: mixed

validateSignatureCountable($caonly, $count)   X-Ref
Validate a signature

Performs said validation whilst keeping track of how many times validation method is called

param: bool $caonly
param: int $count
return: mixed

validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)   X-Ref
Validates a signature

Returns true if the signature is verified and false if it is not correct.
If the algorithms are unsupposed an exception is thrown.

param: string $publicKeyAlgorithm
param: string $publicKey
param: string $signatureAlgorithm
param: string $signature
param: string $signatureSubject
return: bool

setRecurLimit($count)   X-Ref
Sets the recursion limit

When validating a signature it may be necessary to download intermediate certs from URI's.
An intermediate cert that linked to itself would result in an infinite loop so to prevent
that we set a recursion limit. A negative number means that there is no recursion limit.

param: int $count

disableURLFetch()   X-Ref
Prevents URIs from being automatically retrieved


enableURLFetch()   X-Ref
Allows URIs to be automatically retrieved


decodeIP($ip)   X-Ref
Decodes an IP address

Takes in a base64 encoded "blob" and returns a human readable IP address

param: string $ip
return: string

decodeNameConstraintIP($ip)   X-Ref
Decodes an IP address in a name constraints extension

Takes in a base64 encoded "blob" and returns a human readable IP address / mask

param: string $ip
return: array

encodeIP($ip)   X-Ref
Encodes an IP address

Takes a human readable IP address into a base64-encoded "blob"

param: string|array $ip
return: string

translateDNProp($propName)   X-Ref
"Normalizes" a Distinguished Name property

param: string $propName
return: mixed

setDNProp($propName, $propValue, $type = 'utf8String')   X-Ref
Set a Distinguished Name property

param: string $propName
param: mixed $propValue
param: string $type optional
return: bool

removeDNProp($propName)   X-Ref
Remove Distinguished Name properties

param: string $propName

getDNProp($propName, array $dn = null, $withType = false)   X-Ref
Get Distinguished Name properties

param: string $propName
param: array $dn optional
param: bool $withType optional
return: mixed

setDN($dn, $merge = false, $type = 'utf8String')   X-Ref
Set a Distinguished Name

param: mixed $dn
param: bool $merge optional
param: string $type optional
return: bool

getDN($format = self::DN_ARRAY, array $dn = null)   X-Ref
Get the Distinguished Name for a certificates subject

param: mixed $format optional
param: array $dn optional
return: array|bool|string

getIssuerDN($format = self::DN_ARRAY)   X-Ref
Get the Distinguished Name for a certificate/crl issuer

param: int $format optional
return: mixed

getSubjectDN($format = self::DN_ARRAY)   X-Ref
Get the Distinguished Name for a certificate/csr subject
Alias of getDN()

param: int $format optional
return: mixed

getIssuerDNProp($propName, $withType = false)   X-Ref
Get an individual Distinguished Name property for a certificate/crl issuer

param: string $propName
param: bool $withType optional
return: mixed

getSubjectDNProp($propName, $withType = false)   X-Ref
Get an individual Distinguished Name property for a certificate/csr subject

param: string $propName
param: bool $withType optional
return: mixed

getChain()   X-Ref
Get the certificate chain for the current cert

return: mixed

getCurrentCert()   X-Ref
Returns the current cert

return: array|bool

setPublicKey(PublicKey $key)   X-Ref
Set public key

Key needs to be a \phpseclib3\Crypt\RSA object

param: PublicKey $key
return: void

setPrivateKey(PrivateKey $key)   X-Ref
Set private key

Key needs to be a \phpseclib3\Crypt\RSA object

param: PrivateKey $key

setChallenge($challenge)   X-Ref
Set challenge

Used for SPKAC CSR's

param: string $challenge

getPublicKey()   X-Ref
Gets the public key

Returns a \phpseclib3\Crypt\RSA object or a false.

return: mixed

loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT)   X-Ref
Load a Certificate Signing Request

param: string $csr
param: int $mode
return: mixed

saveCSR(array $csr, $format = self::FORMAT_PEM)   X-Ref
Save CSR request

param: array $csr
param: int $format optional
return: string

loadSPKAC($spkac)   X-Ref
Load a SPKAC CSR

SPKAC's are produced by the HTML5 keygen element:

https://developer.mozilla.org/en-US/docs/HTML/Element/keygen

param: string $spkac
return: mixed

saveSPKAC(array $spkac, $format = self::FORMAT_PEM)   X-Ref
Save a SPKAC CSR request

param: array $spkac
param: int $format optional
return: string

loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT)   X-Ref
Load a Certificate Revocation List

param: string $crl
param: int $mode
return: mixed

saveCRL(array $crl, $format = self::FORMAT_PEM)   X-Ref
Save Certificate Revocation List.

param: array $crl
param: int $format optional
return: string

timeField($date)   X-Ref
Helper function to build a time field according to RFC 3280 section
- 4.1.2.5 Validity
- 5.1.2.4 This Update
- 5.1.2.5 Next Update
- 5.1.2.6 Revoked Certificates
by choosing utcTime iff year of date given is before 2050 and generalTime else.

param: string $date in format date('D, d M Y H:i:s O')
return: array|Element

sign(X509 $issuer, X509 $subject)   X-Ref
Sign an X.509 certificate

$issuer's private key needs to be loaded.
$subject can be either an existing X.509 cert (if you want to resign it),
a CSR or something with the DN and public key explicitly set.

return: mixed

signCSR()   X-Ref
Sign a CSR

return: mixed

signSPKAC()   X-Ref
Sign a SPKAC

return: mixed

signCRL(X509 $issuer, X509 $crl)   X-Ref
Sign a CRL

$issuer's private key needs to be loaded.

return: mixed

identifySignatureAlgorithm(PrivateKey $key)   X-Ref
Identify signature algorithm from key settings

param: PrivateKey $key
return: array

setStartDate($date)   X-Ref
Set certificate start date

param: \DateTimeInterface|string $date

setEndDate($date)   X-Ref
Set certificate end date

param: \DateTimeInterface|string $date

setSerialNumber($serial, $base = -256)   X-Ref
Set Serial Number

param: string $serial
param: int $base optional

makeCA()   X-Ref
Turns the certificate into a certificate authority


isSubArrayValid(array $root, $path)   X-Ref
Check for validity of subarray

This is intended for use in conjunction with _subArrayUnchecked(),
implementing the checks included in _subArray() but without copying
a potentially large array by passing its reference by-value to is_array().

param: array $root
param: string $path
return: boolean

subArrayUnchecked(array &$root, $path, $create = false)   X-Ref
Get a reference to a subarray

This variant of _subArray() does no is_array() checking,
so $root should be checked with _isSubArrayValid() first.

This is here for performance reasons:
Passing a reference (i.e. $root) by-value (i.e. to is_array())
creates a copy. If $root is an especially large array, this is expensive.

param: array $root
param: string $path  absolute path with / as component separator
param: bool $create optional
return: array|false

subArray(array &$root = null, $path, $create = false)   X-Ref
Get a reference to a subarray

param: array $root
param: string $path  absolute path with / as component separator
param: bool $create optional
return: array|false

extensions(array &$root = null, $path = null, $create = false)   X-Ref
Get a reference to an extension subarray

param: array $root
param: string $path optional absolute path with / as component separator
param: bool $create optional
return: array|false

removeExtensionHelper($id, $path = null)   X-Ref
Remove an Extension

param: string $id
param: string $path optional
return: bool

getExtensionHelper($id, array $cert = null, $path = null)   X-Ref
Get an Extension

Returns the extension if it exists and false if not

param: string $id
param: array $cert optional
param: string $path optional
return: mixed

getExtensionsHelper(array $cert = null, $path = null)   X-Ref
Returns a list of all extensions in use

param: array $cert optional
param: string $path optional
return: array

setExtensionHelper($id, $value, $critical = false, $replace = true, $path = null)   X-Ref
Set an Extension

param: string $id
param: mixed $value
param: bool $critical optional
param: bool $replace optional
param: string $path optional
return: bool

removeExtension($id)   X-Ref
Remove a certificate, CSR or CRL Extension

param: string $id
return: bool

getExtension($id, array $cert = null, $path = null)   X-Ref
Get a certificate, CSR or CRL Extension

Returns the extension if it exists and false if not

param: string $id
param: array $cert optional
param: string $path
return: mixed

getExtensions(array $cert = null, $path = null)   X-Ref
Returns a list of all extensions in use in certificate, CSR or CRL

param: array $cert optional
param: string $path optional
return: array

setExtension($id, $value, $critical = false, $replace = true)   X-Ref
Set a certificate, CSR or CRL Extension

param: string $id
param: mixed $value
param: bool $critical optional
param: bool $replace optional
return: bool

removeAttribute($id, $disposition = self::ATTR_ALL)   X-Ref
Remove a CSR attribute.

param: string $id
param: int $disposition optional
return: bool

getAttribute($id, $disposition = self::ATTR_ALL, array $csr = null)   X-Ref
Get a CSR attribute

Returns the attribute if it exists and false if not

param: string $id
param: int $disposition optional
param: array $csr optional
return: mixed

getAttributes(array $csr = null)   X-Ref
Returns a list of all CSR attributes in use

param: array $csr optional
return: array

setAttribute($id, $value, $disposition = self::ATTR_ALL)   X-Ref
Set a CSR attribute

param: string $id
param: mixed $value
param: int $disposition optional
return: bool

setKeyIdentifier($value)   X-Ref
Sets the subject key identifier

This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.

param: string $value

computeKeyIdentifier($key = null, $method = 1)   X-Ref
Compute a public key identifier.

Although key identifiers may be set to any unique value, this function
computes key identifiers from public key according to the two
recommended methods (4.2.1.2 RFC 3280).
Highly polymorphic: try to accept all possible forms of key:
- Key object
- \phpseclib3\File\X509 object with public or private key defined
- Certificate or CSR array
- \phpseclib3\File\ASN1\Element object
- PEM or DER string

param: mixed $key optional
param: int $method optional
return: string binary key identifier

formatSubjectPublicKey()   X-Ref
Format a public key as appropriate

return: array|false

setDomain(...$domains)   X-Ref
Set the domain name's which the cert is to be valid for

param: mixed ...$domains
return: void

setIPAddress(...$ipAddresses)   X-Ref
Set the IP Addresses's which the cert is to be valid for

param: mixed[] ...$ipAddresses

dnsName($domain)   X-Ref
Helper function to build domain array

param: string $domain
return: array

iPAddress($address)   X-Ref
Helper function to build IP Address array

(IPv6 is not currently supported)

param: string $address
return: array

revokedCertificate(array &$rclist, $serial, $create = false)   X-Ref
Get the index of a revoked certificate.

param: array $rclist
param: string $serial
param: bool $create optional
return: int|false

revoke($serial, $date = null)   X-Ref
Revoke a certificate.

param: string $serial
param: string $date optional
return: bool

unrevoke($serial)   X-Ref
Unrevoke a certificate.

param: string $serial
return: bool

getRevoked($serial)   X-Ref
Get a revoked certificate.

param: string $serial
return: mixed

listRevoked(array $crl = null)   X-Ref
List revoked certificates

param: array $crl optional
return: array|bool

removeRevokedCertificateExtension($serial, $id)   X-Ref
Remove a Revoked Certificate Extension

param: string $serial
param: string $id
return: bool

getRevokedCertificateExtension($serial, $id, array $crl = null)   X-Ref
Get a Revoked Certificate Extension

Returns the extension if it exists and false if not

param: string $serial
param: string $id
param: array $crl optional
return: mixed

getRevokedCertificateExtensions($serial, array $crl = null)   X-Ref
Returns a list of all extensions in use for a given revoked certificate

param: string $serial
param: array $crl optional
return: array|bool

setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true)   X-Ref
Set a Revoked Certificate Extension

param: string $serial
param: string $id
param: mixed $value
param: bool $critical optional
param: bool $replace optional
return: bool

registerExtension($id, array $mapping)   X-Ref
Register the mapping for a custom/unsupported extension.

param: string $id
param: array $mapping

getRegisteredExtension($id)   X-Ref
Register the mapping for a custom/unsupported extension.

param: string $id
return: array|null

setExtensionValue($id, $value, $critical = false, $replace = false)   X-Ref
Register the mapping for a custom/unsupported extension.

param: string $id
param: mixed $value
param: bool $critical
param: bool $replace