[ Index ] |
PHP Cross Reference of DokuWiki |
[Source view] [Print] [Project Stats]
Pure-PHP X.509 Parser PHP version 5
Author: | Jim Wigginton |
Copyright: | 2012 Jim Wigginton |
License: | http://www.opensource.org/licenses/mit-license.html MIT License |
Link: | http://phpseclib.sourceforge.net |
File Size: | 4006 lines (143 kb) |
Included or required: | 0 times |
Referenced: | 0 times |
Includes or requires: | 0 files |
X509:: (91 methods):
__construct()
loadX509()
saveX509()
mapInExtensions()
mapOutExtensions()
mapInAttributes()
mapOutAttributes()
mapInDNs()
mapOutDNs()
getMapping()
loadCA()
validateURL()
validateDate()
fetchURL()
testForIntermediate()
validateSignature()
validateSignatureCountable()
validateSignatureHelper()
setRecurLimit()
disableURLFetch()
enableURLFetch()
decodeIP()
decodeNameConstraintIP()
encodeIP()
translateDNProp()
setDNProp()
removeDNProp()
getDNProp()
setDN()
getDN()
getIssuerDN()
getSubjectDN()
getIssuerDNProp()
getSubjectDNProp()
getChain()
getCurrentCert()
setPublicKey()
setPrivateKey()
setChallenge()
getPublicKey()
loadCSR()
saveCSR()
loadSPKAC()
saveSPKAC()
loadCRL()
saveCRL()
timeField()
sign()
signCSR()
signSPKAC()
signCRL()
identifySignatureAlgorithm()
setStartDate()
setEndDate()
setSerialNumber()
makeCA()
isSubArrayValid()
subArrayUnchecked()
subArray()
extensions()
removeExtensionHelper()
getExtensionHelper()
getExtensionsHelper()
setExtensionHelper()
removeExtension()
getExtension()
getExtensions()
setExtension()
removeAttribute()
getAttribute()
getAttributes()
setAttribute()
setKeyIdentifier()
computeKeyIdentifier()
formatSubjectPublicKey()
setDomain()
setIPAddress()
dnsName()
iPAddress()
revokedCertificate()
revoke()
unrevoke()
getRevoked()
listRevoked()
removeRevokedCertificateExtension()
getRevokedCertificateExtension()
getRevokedCertificateExtensions()
setRevokedCertificateExtension()
registerExtension()
getRegisteredExtension()
setExtensionValue()
__construct() X-Ref |
Default Constructor. return: \phpseclib3\File\X509 |
loadX509($cert, $mode = self::FORMAT_AUTO_DETECT) X-Ref |
Load X.509 certificate Returns an associative array describing the X.509 cert or a false if the cert failed to load param: array|string $cert param: int $mode return: mixed |
saveX509(array $cert, $format = self::FORMAT_PEM) X-Ref |
Save X.509 certificate param: array $cert param: int $format optional return: string |
mapInExtensions(array &$root, $path) X-Ref |
Map extension values from octet string to extension-specific internal format. param: array $root (by reference) param: string $path |
mapOutExtensions(array &$root, $path) X-Ref |
Map extension values from extension-specific internal format to octet string. param: array $root (by reference) param: string $path |
mapInAttributes(&$root, $path) X-Ref |
Map attribute values from ANY type to attribute-specific internal format. param: array $root (by reference) param: string $path |
mapOutAttributes(&$root, $path) X-Ref |
Map attribute values from attribute-specific internal format to ANY type. param: array $root (by reference) param: string $path |
mapInDNs(array &$root, $path) X-Ref |
Map DN values from ANY type to DN-specific internal format. param: array $root (by reference) param: string $path |
mapOutDNs(array &$root, $path) X-Ref |
Map DN values from DN-specific internal format to ANY type. param: array $root (by reference) param: string $path |
getMapping($extnId) X-Ref |
Associate an extension ID to an extension mapping param: string $extnId return: mixed |
loadCA($cert) X-Ref |
Load an X.509 certificate as a certificate authority param: string $cert return: bool |
validateURL($url) X-Ref |
Validate an X.509 certificate against a URL From RFC2818 "HTTP over TLS": Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com. param: string $url return: bool |
validateDate($date = null) X-Ref |
Validate a date If $date isn't defined it is assumed to be the current date. param: \DateTimeInterface|string $date optional return: bool |
fetchURL($url) X-Ref |
Fetches a URL param: string $url return: bool|string |
testForIntermediate($caonly, $count) X-Ref |
Validates an intermediate cert as identified via authority info access extension See https://tools.ietf.org/html/rfc4325 for more info param: bool $caonly param: int $count return: bool |
validateSignature($caonly = true) X-Ref |
Validate a signature Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed. The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}. param: bool $caonly optional return: mixed |
validateSignatureCountable($caonly, $count) X-Ref |
Validate a signature Performs said validation whilst keeping track of how many times validation method is called param: bool $caonly param: int $count return: mixed |
validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) X-Ref |
Validates a signature Returns true if the signature is verified and false if it is not correct. If the algorithms are unsupposed an exception is thrown. param: string $publicKeyAlgorithm param: string $publicKey param: string $signatureAlgorithm param: string $signature param: string $signatureSubject return: bool |
setRecurLimit($count) X-Ref |
Sets the recursion limit When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit. param: int $count |
disableURLFetch() X-Ref |
Prevents URIs from being automatically retrieved |
enableURLFetch() X-Ref |
Allows URIs to be automatically retrieved |
decodeIP($ip) X-Ref |
Decodes an IP address Takes in a base64 encoded "blob" and returns a human readable IP address param: string $ip return: string |
decodeNameConstraintIP($ip) X-Ref |
Decodes an IP address in a name constraints extension Takes in a base64 encoded "blob" and returns a human readable IP address / mask param: string $ip return: array |
encodeIP($ip) X-Ref |
Encodes an IP address Takes a human readable IP address into a base64-encoded "blob" param: string|array $ip return: string |
translateDNProp($propName) X-Ref |
"Normalizes" a Distinguished Name property param: string $propName return: mixed |
setDNProp($propName, $propValue, $type = 'utf8String') X-Ref |
Set a Distinguished Name property param: string $propName param: mixed $propValue param: string $type optional return: bool |
removeDNProp($propName) X-Ref |
Remove Distinguished Name properties param: string $propName |
getDNProp($propName, array $dn = null, $withType = false) X-Ref |
Get Distinguished Name properties param: string $propName param: array $dn optional param: bool $withType optional return: mixed |
setDN($dn, $merge = false, $type = 'utf8String') X-Ref |
Set a Distinguished Name param: mixed $dn param: bool $merge optional param: string $type optional return: bool |
getDN($format = self::DN_ARRAY, array $dn = null) X-Ref |
Get the Distinguished Name for a certificates subject param: mixed $format optional param: array $dn optional return: array|bool|string |
getIssuerDN($format = self::DN_ARRAY) X-Ref |
Get the Distinguished Name for a certificate/crl issuer param: int $format optional return: mixed |
getSubjectDN($format = self::DN_ARRAY) X-Ref |
Get the Distinguished Name for a certificate/csr subject Alias of getDN() param: int $format optional return: mixed |
getIssuerDNProp($propName, $withType = false) X-Ref |
Get an individual Distinguished Name property for a certificate/crl issuer param: string $propName param: bool $withType optional return: mixed |
getSubjectDNProp($propName, $withType = false) X-Ref |
Get an individual Distinguished Name property for a certificate/csr subject param: string $propName param: bool $withType optional return: mixed |
getChain() X-Ref |
Get the certificate chain for the current cert return: mixed |
getCurrentCert() X-Ref |
Returns the current cert return: array|bool |
setPublicKey(PublicKey $key) X-Ref |
Set public key Key needs to be a \phpseclib3\Crypt\RSA object param: PublicKey $key return: void |
setPrivateKey(PrivateKey $key) X-Ref |
Set private key Key needs to be a \phpseclib3\Crypt\RSA object param: PrivateKey $key |
setChallenge($challenge) X-Ref |
Set challenge Used for SPKAC CSR's param: string $challenge |
getPublicKey() X-Ref |
Gets the public key Returns a \phpseclib3\Crypt\RSA object or a false. return: mixed |
loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT) X-Ref |
Load a Certificate Signing Request param: string $csr param: int $mode return: mixed |
saveCSR(array $csr, $format = self::FORMAT_PEM) X-Ref |
Save CSR request param: array $csr param: int $format optional return: string |
loadSPKAC($spkac) X-Ref |
Load a SPKAC CSR SPKAC's are produced by the HTML5 keygen element: https://developer.mozilla.org/en-US/docs/HTML/Element/keygen param: string $spkac return: mixed |
saveSPKAC(array $spkac, $format = self::FORMAT_PEM) X-Ref |
Save a SPKAC CSR request param: array $spkac param: int $format optional return: string |
loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT) X-Ref |
Load a Certificate Revocation List param: string $crl param: int $mode return: mixed |
saveCRL(array $crl, $format = self::FORMAT_PEM) X-Ref |
Save Certificate Revocation List. param: array $crl param: int $format optional return: string |
timeField($date) X-Ref |
Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else. param: string $date in format date('D, d M Y H:i:s O') return: array|Element |
sign(X509 $issuer, X509 $subject) X-Ref |
Sign an X.509 certificate $issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set. return: mixed |
signCSR() X-Ref |
Sign a CSR return: mixed |
signSPKAC() X-Ref |
Sign a SPKAC return: mixed |
signCRL(X509 $issuer, X509 $crl) X-Ref |
Sign a CRL $issuer's private key needs to be loaded. return: mixed |
identifySignatureAlgorithm(PrivateKey $key) X-Ref |
Identify signature algorithm from key settings param: PrivateKey $key return: array |
setStartDate($date) X-Ref |
Set certificate start date param: \DateTimeInterface|string $date |
setEndDate($date) X-Ref |
Set certificate end date param: \DateTimeInterface|string $date |
setSerialNumber($serial, $base = -256) X-Ref |
Set Serial Number param: string $serial param: int $base optional |
makeCA() X-Ref |
Turns the certificate into a certificate authority |
isSubArrayValid(array $root, $path) X-Ref |
Check for validity of subarray This is intended for use in conjunction with _subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to is_array(). param: array $root param: string $path return: boolean |
subArrayUnchecked(array &$root, $path, $create = false) X-Ref |
Get a reference to a subarray This variant of _subArray() does no is_array() checking, so $root should be checked with _isSubArrayValid() first. This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive. param: array $root param: string $path absolute path with / as component separator param: bool $create optional return: array|false |
subArray(array &$root = null, $path, $create = false) X-Ref |
Get a reference to a subarray param: array $root param: string $path absolute path with / as component separator param: bool $create optional return: array|false |
extensions(array &$root = null, $path = null, $create = false) X-Ref |
Get a reference to an extension subarray param: array $root param: string $path optional absolute path with / as component separator param: bool $create optional return: array|false |
removeExtensionHelper($id, $path = null) X-Ref |
Remove an Extension param: string $id param: string $path optional return: bool |
getExtensionHelper($id, array $cert = null, $path = null) X-Ref |
Get an Extension Returns the extension if it exists and false if not param: string $id param: array $cert optional param: string $path optional return: mixed |
getExtensionsHelper(array $cert = null, $path = null) X-Ref |
Returns a list of all extensions in use param: array $cert optional param: string $path optional return: array |
setExtensionHelper($id, $value, $critical = false, $replace = true, $path = null) X-Ref |
Set an Extension param: string $id param: mixed $value param: bool $critical optional param: bool $replace optional param: string $path optional return: bool |
removeExtension($id) X-Ref |
Remove a certificate, CSR or CRL Extension param: string $id return: bool |
getExtension($id, array $cert = null, $path = null) X-Ref |
Get a certificate, CSR or CRL Extension Returns the extension if it exists and false if not param: string $id param: array $cert optional param: string $path return: mixed |
getExtensions(array $cert = null, $path = null) X-Ref |
Returns a list of all extensions in use in certificate, CSR or CRL param: array $cert optional param: string $path optional return: array |
setExtension($id, $value, $critical = false, $replace = true) X-Ref |
Set a certificate, CSR or CRL Extension param: string $id param: mixed $value param: bool $critical optional param: bool $replace optional return: bool |
removeAttribute($id, $disposition = self::ATTR_ALL) X-Ref |
Remove a CSR attribute. param: string $id param: int $disposition optional return: bool |
getAttribute($id, $disposition = self::ATTR_ALL, array $csr = null) X-Ref |
Get a CSR attribute Returns the attribute if it exists and false if not param: string $id param: int $disposition optional param: array $csr optional return: mixed |
getAttributes(array $csr = null) X-Ref |
Returns a list of all CSR attributes in use param: array $csr optional return: array |
setAttribute($id, $value, $disposition = self::ATTR_ALL) X-Ref |
Set a CSR attribute param: string $id param: mixed $value param: int $disposition optional return: bool |
setKeyIdentifier($value) X-Ref |
Sets the subject key identifier This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions. param: string $value |
computeKeyIdentifier($key = null, $method = 1) X-Ref |
Compute a public key identifier. Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key: - Key object - \phpseclib3\File\X509 object with public or private key defined - Certificate or CSR array - \phpseclib3\File\ASN1\Element object - PEM or DER string param: mixed $key optional param: int $method optional return: string binary key identifier |
formatSubjectPublicKey() X-Ref |
Format a public key as appropriate return: array|false |
setDomain(...$domains) X-Ref |
Set the domain name's which the cert is to be valid for param: mixed ...$domains return: void |
setIPAddress(...$ipAddresses) X-Ref |
Set the IP Addresses's which the cert is to be valid for param: mixed[] ...$ipAddresses |
dnsName($domain) X-Ref |
Helper function to build domain array param: string $domain return: array |
iPAddress($address) X-Ref |
Helper function to build IP Address array (IPv6 is not currently supported) param: string $address return: array |
revokedCertificate(array &$rclist, $serial, $create = false) X-Ref |
Get the index of a revoked certificate. param: array $rclist param: string $serial param: bool $create optional return: int|false |
revoke($serial, $date = null) X-Ref |
Revoke a certificate. param: string $serial param: string $date optional return: bool |
unrevoke($serial) X-Ref |
Unrevoke a certificate. param: string $serial return: bool |
getRevoked($serial) X-Ref |
Get a revoked certificate. param: string $serial return: mixed |
listRevoked(array $crl = null) X-Ref |
List revoked certificates param: array $crl optional return: array|bool |
removeRevokedCertificateExtension($serial, $id) X-Ref |
Remove a Revoked Certificate Extension param: string $serial param: string $id return: bool |
getRevokedCertificateExtension($serial, $id, array $crl = null) X-Ref |
Get a Revoked Certificate Extension Returns the extension if it exists and false if not param: string $serial param: string $id param: array $crl optional return: mixed |
getRevokedCertificateExtensions($serial, array $crl = null) X-Ref |
Returns a list of all extensions in use for a given revoked certificate param: string $serial param: array $crl optional return: array|bool |
setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true) X-Ref |
Set a Revoked Certificate Extension param: string $serial param: string $id param: mixed $value param: bool $critical optional param: bool $replace optional return: bool |
registerExtension($id, array $mapping) X-Ref |
Register the mapping for a custom/unsupported extension. param: string $id param: array $mapping |
getRegisteredExtension($id) X-Ref |
Register the mapping for a custom/unsupported extension. param: string $id return: array|null |
setExtensionValue($id, $value, $critical = false, $replace = false) X-Ref |
Register the mapping for a custom/unsupported extension. param: string $id param: mixed $value param: bool $critical param: bool $replace |