WebSVN – oidplus – Diff – /trunk/vendor/phpseclib/phpseclib/phpseclib/File/X509.php



 * portion of the certificate that contains optional parameters with default values.  ie. if the parameter isn't there the default value is
 * used.  Problem is, if the parameter is there and it just so happens to have the default value there are two ways that that parameter can
 * be encoded.  It can be encoded explicitly or left out all together.  This would effect the signature value and thus may invalidate the
 * the certificate all together unless the certificate is re-signed.
 *
 * @category  File
 * @package   X509
 * @author    Jim Wigginton <terrafrost@php.net>
 * @copyright 2012 Jim Wigginton
 * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
 * @link      http://phpseclib.sourceforge.net
 */

use phpseclib3\Math\BigInteger;
 
/**
 * Pure-PHP X.509 Parser
 *
 * @package X509
 * @author  Jim Wigginton <terrafrost@php.net>
 * @access  public
 */
class X509
{
    /**
     * Flag to only accept signatures signed by certificate authorities
     *
     * Not really used anymore but retained all the same to suppress E_NOTICEs from old installs
     *
     * @access public
     */
    const VALIDATE_SIGNATURE_BY_CA = 1;
 
    /**
     * Return internal array representation
     *
     * @access public
     * @see \phpseclib3\File\X509::getDN()
     */
    const DN_ARRAY = 0;
    /**
     * Return string
     *
     * @access public
     * @see \phpseclib3\File\X509::getDN()
     */
    const DN_STRING = 1;
    /**
     * Return ASN.1 name string
     *
     * @access public
     * @see \phpseclib3\File\X509::getDN()
     */
    const DN_ASN1 = 2;
    /**
     * Return OpenSSL compatible array
     *
     * @access public
     * @see \phpseclib3\File\X509::getDN()
     */
    const DN_OPENSSL = 3;
    /**
     * Return canonical ASN.1 RDNs string
     *
     * @access public
     * @see \phpseclib3\File\X509::getDN()
     */
    const DN_CANON = 4;
    /**
     * Return name hash for file indexing
     *
     * @access public
     * @see \phpseclib3\File\X509::getDN()
     */
    const DN_HASH = 5;
 
    /**
     * Save as PEM
     *
     * ie. a base64-encoded PEM with a header and a footer
     *
     * @access public
     * @see \phpseclib3\File\X509::saveX509()
     * @see \phpseclib3\File\X509::saveCSR()
     * @see \phpseclib3\File\X509::saveCRL()
     */
    const FORMAT_PEM = 0;
    /**
     * Save as DER
     *
     * @access public
     * @see \phpseclib3\File\X509::saveX509()
     * @see \phpseclib3\File\X509::saveCSR()
     * @see \phpseclib3\File\X509::saveCRL()
     */
    const FORMAT_DER = 1;
    /**
     * Save as a SPKAC
     *
     * @access public
     * @see \phpseclib3\File\X509::saveX509()
     * @see \phpseclib3\File\X509::saveCSR()
     * @see \phpseclib3\File\X509::saveCRL()
     *
     * Only works on CSRs. Not currently supported.

    /**
     * Auto-detect the format
     *
     * Used only by the load*() functions
     *
     * @access public
     * @see \phpseclib3\File\X509::saveX509()
     * @see \phpseclib3\File\X509::saveCSR()
     * @see \phpseclib3\File\X509::saveCRL()
     */
    const FORMAT_AUTO_DETECT = 3;

 
    /**
     * Distinguished Name
     *
     * @var array
     * @access private
     */
    private $dn;
 
    /**
     * Public key
     *
     * @var string|PublicKey
     * @access private
     */
    private $publicKey;
 
    /**
     * Private key
     *
     * @var string|PrivateKey
     * @access private
     */
    private $privateKey;
 
    /**
     * Object identifiers for X.509 certificates
     *
     * @var array
     * @access private
     * @link http://en.wikipedia.org/wiki/Object_identifier
     */
    private $oids;
 
    /**
     * The certificate authorities
     *
     * @var array
     * @access private
     */
    private $CAs;
 
    /**
     * The currently loaded certificate
     *
     * @var array
     * @access private
     */
    private $currentCert;
 
    /**
     * The signature subject
     *
     * There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally
     * encoded so we take save the portion of the original cert that the signature would have made for.
     *
     * @var string
     * @access private
     */
    private $signatureSubject;
 
    /**
     * Certificate Start Date
     *
     * @var string
     * @access private
     */
    private $startDate;
 
    /**
     * Certificate End Date
     *
     * @var string|Element
     * @access private
     */
    private $endDate;
 
    /**
     * Serial Number
     *
     * @var string
     * @access private
     */
    private $serialNumber;
 
    /**
     * Key Identifier
     *
     * See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and
     * {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}.
     *
     * @var string
     * @access private
     */
    private $currentKeyIdentifier;
 
    /**
     * CA Flag
     *
     * @var bool
     * @access private
     */
    private $caFlag = false;
 
    /**
     * SPKAC Challenge
     *
     * @var string
     * @access private
     */
    private $challenge;
 
    /**
     * @var array
     * @access private
     */
    private $extensionValues = [];
 
    /**
     * OIDs loaded
     *
     * @var bool
     * @access private
     */
    private static $oidsLoaded = false;
 
    /**
     * Recursion Limit
     *
     * @var int
     * @access private
     */
    private static $recur_limit = 5;
 
    /**
     * URL fetch flag
     *
     * @var bool
     * @access private
     */
    private static $disable_url_fetch = false;
 
    /**
     * @var array
     * @access private
     */
    private static $extensions = [];
 
    /**
     * @var ?array
     * @access private
     */
    private $ipAddresses = null;
 
    /**
     * @var ?array
     * @access private
     */
    private $domains = null;
 
    /**
     * Default Constructor.
     *
     * @return \phpseclib3\File\X509
     * @access public
     */
    public function __construct()
    {
        // Explicitly Tagged Module, 1988 Syntax
        // http://tools.ietf.org/html/rfc5280#appendix-A.1

     *
     * Returns an associative array describing the X.509 cert or a false if the cert failed to load
     *
     * @param string $cert
     * @param int $mode
     * @access public
     * @return mixed
     */
    public function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT)
    {
        if (is_array($cert) && isset($cert['tbsCertificate'])) {

    /**
     * Save X.509 certificate
     *
     * @param array $cert
     * @param int $format optional
     * @access public
     * @return string
     */
    public function saveX509($cert, $format = self::FORMAT_PEM)
    {
        if (!is_array($cert) || !isset($cert['tbsCertificate'])) {

     * Map extension values from octet string to extension-specific internal
     *   format.
     *
     * @param array $root (by reference)
     * @param string $path
     * @access private
     */
    private function mapInExtensions(&$root, $path)
    {
        $extensions = &$this->subArrayUnchecked($root, $path);
 

     * Map extension values from extension-specific internal format to
     *   octet string.
     *
     * @param array $root (by reference)
     * @param string $path
     * @access private
     */
    private function mapOutExtensions(&$root, $path)
    {
        $extensions = &$this->subArray($root, $path, !empty($this->extensionValues));
 

     * Map attribute values from ANY type to attribute-specific internal
     *   format.
     *
     * @param array $root (by reference)
     * @param string $path
     * @access private
     */
    private function mapInAttributes(&$root, $path)
    {
        $attributes = &$this->subArray($root, $path);
 

     * Map attribute values from attribute-specific internal format to
     *   ANY type.
     *
     * @param array $root (by reference)
     * @param string $path
     * @access private
     */
    private function mapOutAttributes(&$root, $path)
    {
        $attributes = &$this->subArray($root, $path);
 

     * Map DN values from ANY type to DN-specific internal
     *   format.
     *
     * @param array $root (by reference)
     * @param string $path
     * @access private
     */
    private function mapInDNs(&$root, $path)
    {
        $dns = &$this->subArray($root, $path);
 

     * Map DN values from DN-specific internal format to
     *   ANY type.
     *
     * @param array $root (by reference)
     * @param string $path
     * @access private
     */
    private function mapOutDNs(&$root, $path)
    {
        $dns = &$this->subArray($root, $path);
 

 
    /**
     * Associate an extension ID to an extension mapping
     *
     * @param string $extnId
     * @access private
     * @return mixed
     */
    private function getMapping($extnId)
    {
        if (!is_string($extnId)) { // eg. if it's a \phpseclib3\File\ASN1\Element object

 
    /**
     * Load an X.509 certificate as a certificate authority
     *
     * @param string $cert
     * @access public
     * @return bool
     */
    public function loadCA($cert)
    {
        $olddn = $this->dn;

     * character * which is considered to match any single domain name
     * component or component fragment. E.g., *.a.com matches foo.a.com but
     * not bar.foo.a.com. f*.com matches foo.com but not bar.com.
     *
     * @param string $url
     * @access public
     * @return bool
     */
    public function validateURL($url)
    {
        if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) {

     * Validate a date
     *
     * If $date isn't defined it is assumed to be the current date.
     *
     * @param \DateTimeInterface|string $date optional
     * @access public
     * @return bool
     */
    public function validateDate($date = null)
    {
        if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) {

 
    /**
     * Fetches a URL
     *
     * @param string $url
     * @access private
     * @return bool|string
     */
    private static function fetchURL($url)
    {
        if (self::$disable_url_fetch) {

     *
     * See https://tools.ietf.org/html/rfc4325 for more info
     *
     * @param bool $caonly
     * @param int $count
     * @access private
     * @return bool
     */
    private function testForIntermediate($caonly, $count)
    {
        $opts = $this->getExtension('id-pe-authorityInfoAccess');

     * self-signed.
     *
     * The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}.
     *
     * @param bool $caonly optional
     * @access public
     * @return mixed
     */
    public function validateSignature($caonly = true)
    {
        return $this->validateSignatureCountable($caonly, 0);

     *
     * Performs said validation whilst keeping track of how many times validation method is called
     *
     * @param bool $caonly
     * @param int $count
     * @access private
     * @return mixed
     */
    private function validateSignatureCountable($caonly, $count)
    {
        if (!is_array($this->currentCert) || !isset($this->signatureSubject)) {

     * @param string $publicKeyAlgorithm
     * @param string $publicKey
     * @param string $signatureAlgorithm
     * @param string $signature
     * @param string $signatureSubject
     * @access private
     * @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
     * @return bool
     */
    private function validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
    {

     * When validating a signature it may be necessary to download intermediate certs from URI's.
     * An intermediate cert that linked to itself would result in an infinite loop so to prevent
     * that we set a recursion limit. A negative number means that there is no recursion limit.
     *
     * @param int $count
     * @access public
     */
    public static function setRecurLimit($count)
    {
        self::$recur_limit = $count;
    }
 
    /**
     * Prevents URIs from being automatically retrieved
     *
     * @access public
     */
    public static function disableURLFetch()
    {
        self::$disable_url_fetch = true;
    }
 
    /**
     * Allows URIs to be automatically retrieved
     *
     * @access public
     */
    public static function enableURLFetch()
    {
        self::$disable_url_fetch = false;
    }

     * Decodes an IP address
     *
     * Takes in a base64 encoded "blob" and returns a human readable IP address
     *
     * @param string $ip
     * @access private
     * @return string
     */
    public static function decodeIP($ip)
    {
        return inet_ntop($ip);

     * Decodes an IP address in a name constraints extension
     *
     * Takes in a base64 encoded "blob" and returns a human readable IP address / mask
     *
     * @param string $ip
     * @access private
     * @return array
     */
    public static function decodeNameConstraintIP($ip)
    {
        $size = strlen($ip) >> 1;

     * Encodes an IP address
     *
     * Takes a human readable IP address into a base64-encoded "blob"
     *
     * @param string|array $ip
     * @access private
     * @return string
     */
    public static function encodeIP($ip)
    {
        return is_string($ip) ?

 
    /**
     * "Normalizes" a Distinguished Name property
     *
     * @param string $propName
     * @access private
     * @return mixed
     */
    private function translateDNProp($propName)
    {
        switch (strtolower($propName)) {

     * Set a Distinguished Name property
     *
     * @param string $propName
     * @param mixed $propValue
     * @param string $type optional
     * @access public
     * @return bool
     */
    public function setDNProp($propName, $propValue, $type = 'utf8String')
    {
        if (empty($this->dn)) {

 
    /**
     * Remove Distinguished Name properties
     *
     * @param string $propName
     * @access public
     */
    public function removeDNProp($propName)
    {
        if (empty($this->dn)) {
            return;

     *
     * @param string $propName
     * @param array $dn optional
     * @param bool $withType optional
     * @return mixed
     * @access public
     */
    public function getDNProp($propName, $dn = null, $withType = false)
    {
        if (!isset($dn)) {
            $dn = $this->dn;

     * Set a Distinguished Name
     *
     * @param mixed $dn
     * @param bool $merge optional
     * @param string $type optional
     * @access public
     * @return bool
     */
    public function setDN($dn, $merge = false, $type = 'utf8String')
    {
        if (!$merge) {

    /**
     * Get the Distinguished Name for a certificates subject
     *
     * @param mixed $format optional
     * @param array $dn optional
     * @access public
     * @return array|bool|string
     */
    public function getDN($format = self::DN_ARRAY, $dn = null)
    {
        if (!isset($dn)) {

 
    /**
     * Get the Distinguished Name for a certificate/crl issuer
     *
     * @param int $format optional
     * @access public
     * @return mixed
     */
    public function getIssuerDN($format = self::DN_ARRAY)
    {
        switch (true) {

    /**
     * Get the Distinguished Name for a certificate/csr subject
     * Alias of getDN()
     *
     * @param int $format optional
     * @access public
     * @return mixed
     */
    public function getSubjectDN($format = self::DN_ARRAY)
    {
        switch (true) {

    /**
     * Get an individual Distinguished Name property for a certificate/crl issuer
     *
     * @param string $propName
     * @param bool $withType optional
     * @access public
     * @return mixed
     */
    public function getIssuerDNProp($propName, $withType = false)
    {
        switch (true) {

    /**
     * Get an individual Distinguished Name property for a certificate/csr subject
     *
     * @param string $propName
     * @param bool $withType optional
     * @access public
     * @return mixed
     */
    public function getSubjectDNProp($propName, $withType = false)
    {
        switch (true) {

    }
 
    /**
     * Get the certificate chain for the current cert
     *
     * @access public
     * @return mixed
     */
    public function getChain()
    {
        $chain = [$this->currentCert];

    }
 
    /**
     * Returns the current cert
     *
     * @access public
     * @return array|bool
     */
    public function &getCurrentCert()
    {
        return $this->currentCert;

     * Set public key
     *
     * Key needs to be a \phpseclib3\Crypt\RSA object
     *
     * @param PublicKey $key
     * @access public
     * @return void
     */
    public function setPublicKey(PublicKey $key)
    {
        $this->publicKey = $key;

     * Set private key
     *
     * Key needs to be a \phpseclib3\Crypt\RSA object
     *
     * @param PrivateKey $key
     * @access public
     */
    public function setPrivateKey(PrivateKey $key)
    {
        $this->privateKey = $key;
    }

     * Set challenge
     *
     * Used for SPKAC CSR's
     *
     * @param string $challenge
     * @access public
     */
    public function setChallenge($challenge)
    {
        $this->challenge = $challenge;
    }

    /**
     * Gets the public key
     *
     * Returns a \phpseclib3\Crypt\RSA object or a false.
     *
     * @access public
     * @return mixed
     */
    public function getPublicKey()
    {
        if (isset($this->publicKey)) {

     * Load a Certificate Signing Request
     *
     * @param string $csr
     * @param int $mode
     * @return mixed
     * @access public
     */
    public function loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT)
    {
        if (is_array($csr) && isset($csr['certificationRequestInfo'])) {
            unset($this->currentCert);

    /**
     * Save CSR request
     *
     * @param array $csr
     * @param int $format optional
     * @access public
     * @return string
     */
    public function saveCSR($csr, $format = self::FORMAT_PEM)
    {
        if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) {

     * SPKAC's are produced by the HTML5 keygen element:
     *
     * https://developer.mozilla.org/en-US/docs/HTML/Element/keygen
     *
     * @param string $spkac
     * @access public
     * @return mixed
     */
    public function loadSPKAC($spkac)
    {
        if (is_array($spkac) && isset($spkac['publicKeyAndChallenge'])) {

    /**
     * Save a SPKAC CSR request
     *
     * @param array $spkac
     * @param int $format optional
     * @access public
     * @return string
     */
    public function saveSPKAC($spkac, $format = self::FORMAT_PEM)
    {
        if (!is_array($spkac) || !isset($spkac['publicKeyAndChallenge'])) {

     * Load a Certificate Revocation List
     *
     * @param string $crl
     * @param int $mode
     * @return mixed
     * @access public
     */
    public function loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT)
    {
        if (is_array($crl) && isset($crl['tbsCertList'])) {
            $this->currentCert = $crl;

    /**
     * Save Certificate Revocation List.
     *
     * @param array $crl
     * @param int $format optional
     * @access public
     * @return string
     */
    public function saveCRL($crl, $format = self::FORMAT_PEM)
    {
        if (!is_array($crl) || !isset($crl['tbsCertList'])) {

     *  - 5.1.2.5 Next Update
     *  - 5.1.2.6 Revoked Certificates
     * by choosing utcTime iff year of date given is before 2050 and generalTime else.
     *
     * @param string $date in format date('D, d M Y H:i:s O')
     * @access private
     * @return array|Element
     */
    private function timeField($date)
    {
        if ($date instanceof Element) {

     * $subject can be either an existing X.509 cert (if you want to resign it),
     * a CSR or something with the DN and public key explicitly set.
     *
     * @param \phpseclib3\File\X509 $issuer
     * @param \phpseclib3\File\X509 $subject
     * @access public
     * @return mixed
     */
    public function sign($issuer, $subject)
    {
        if (!is_object($issuer->privateKey) || empty($issuer->dn)) {

    }
 
    /**
     * Sign a CSR
     *
     * @access public
     * @return mixed
     */
    public function signCSR()
    {
        if (!is_object($this->privateKey) || empty($this->dn)) {

    }
 
    /**
     * Sign a SPKAC
     *
     * @access public
     * @return mixed
     */
    public function signSPKAC()
    {
        if (!is_object($this->privateKey)) {

     *
     * $issuer's private key needs to be loaded.
     *
     * @param \phpseclib3\File\X509 $issuer
     * @param \phpseclib3\File\X509 $crl
     * @access public
     * @return mixed
     */
    public function signCRL($issuer, $crl)
    {
        if (!is_object($issuer->privateKey) || empty($issuer->dn)) {

 
    /**
     * Identify signature algorithm from key settings
     *
     * @param PrivateKey $key
     * @access private
     * @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
     * @return string
     */
    private static function identifySignatureAlgorithm(PrivateKey $key)
    {

 
    /**
     * Set certificate start date
     *
     * @param \DateTimeInterface|string $date
     * @access public
     */
    public function setStartDate($date)
    {
        if (!is_object($date) || !($date instanceof \DateTimeInterface)) {
            $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get()));

 
    /**
     * Set certificate end date
     *
     * @param \DateTimeInterface|string $date
     * @access public
     */
    public function setEndDate($date)
    {
        /*
          To indicate that a certificate has no well-defined expiration date,

    /**
     * Set Serial Number
     *
     * @param string $serial
     * @param int $base optional
     * @access public
     */
    public function setSerialNumber($serial, $base = -256)
    {
        $this->serialNumber = new BigInteger($serial, $base);
    }
 
    /**
     * Turns the certificate into a certificate authority
     *
     * @access public
     */
    public function makeCA()
    {
        $this->caFlag = true;
    }

     * a potentially large array by passing its reference by-value to is_array().
     *
     * @param array $root
     * @param string $path
     * @return boolean
     * @access private
     */
    private function isSubArrayValid($root, $path)
    {
        if (!is_array($root)) {
            return false;

     * creates a copy. If $root is an especially large array, this is expensive.
     *
     * @param array $root
     * @param string $path  absolute path with / as component separator
     * @param bool $create optional
     * @access private
     * @return array|false
     */
    private function &subArrayUnchecked(&$root, $path, $create = false)
    {
        $false = false;

     * Get a reference to a subarray
     *
     * @param array $root
     * @param string $path  absolute path with / as component separator
     * @param bool $create optional
     * @access private
     * @return array|false
     */
    private function &subArray(&$root, $path, $create = false)
    {
        $false = false;

     * Get a reference to an extension subarray
     *
     * @param array $root
     * @param string $path optional absolute path with / as component separator
     * @param bool $create optional
     * @access private
     * @return array|false
     */
    private function &extensions(&$root, $path = null, $create = false)
    {
        if (!isset($root)) {

    /**
     * Remove an Extension
     *
     * @param string $id
     * @param string $path optional
     * @access private
     * @return bool
     */
    private function removeExtensionHelper($id, $path = null)
    {
        $extensions = &$this->extensions($this->currentCert, $path);

     * Returns the extension if it exists and false if not
     *
     * @param string $id
     * @param array $cert optional
     * @param string $path optional
     * @access private
     * @return mixed
     */
    private function getExtensionHelper($id, $cert = null, $path = null)
    {
        $extensions = $this->extensions($cert, $path);

    /**
     * Returns a list of all extensions in use
     *
     * @param array $cert optional
     * @param string $path optional
     * @access private
     * @return array
     */
    private function getExtensionsHelper($cert = null, $path = null)
    {
        $exts = $this->extensions($cert, $path);

     * @param string $id
     * @param mixed $value
     * @param bool $critical optional
     * @param bool $replace optional
     * @param string $path optional
     * @access private
     * @return bool
     */
    private function setExtensionHelper($id, $value, $critical = false, $replace = true, $path = null)
    {
        $extensions = &$this->extensions($this->currentCert, $path, true);

 
    /**
     * Remove a certificate, CSR or CRL Extension
     *
     * @param string $id
     * @access public
     * @return bool
     */
    public function removeExtension($id)
    {
        return $this->removeExtensionHelper($id);

     * Returns the extension if it exists and false if not
     *
     * @param string $id
     * @param array $cert optional
     * @param string $path
     * @access public
     * @return mixed
     */
    public function getExtension($id, $cert = null, $path = null)
    {
        return $this->getExtensionHelper($id, $cert, $path);

    /**
     * Returns a list of all extensions in use in certificate, CSR or CRL
     *
     * @param array $cert optional
     * @param string $path optional
     * @access public
     * @return array
     */
    public function getExtensions($cert = null, $path = null)
    {
        return $this->getExtensionsHelper($cert, $path);

     *
     * @param string $id
     * @param mixed $value
     * @param bool $critical optional
     * @param bool $replace optional
     * @access public
     * @return bool
     */
    public function setExtension($id, $value, $critical = false, $replace = true)
    {
        return $this->setExtensionHelper($id, $value, $critical, $replace);

    /**
     * Remove a CSR attribute.
     *
     * @param string $id
     * @param int $disposition optional
     * @access public
     * @return bool
     */
    public function removeAttribute($id, $disposition = self::ATTR_ALL)
    {
        $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes');

     * Returns the attribute if it exists and false if not
     *
     * @param string $id
     * @param int $disposition optional
     * @param array $csr optional
     * @access public
     * @return mixed
     */
    public function getAttribute($id, $disposition = self::ATTR_ALL, $csr = null)
    {
        if (empty($csr)) {

 
    /**
     * Returns a list of all CSR attributes in use
     *
     * @param array $csr optional
     * @access public
     * @return array
     */
    public function getAttributes($csr = null)
    {
        if (empty($csr)) {

     * Set a CSR attribute
     *
     * @param string $id
     * @param mixed $value
     * @param int $disposition optional
     * @access public
     * @return bool
     */
    public function setAttribute($id, $value, $disposition = self::ATTR_ALL)
    {
        $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes', true);

     * Sets the subject key identifier
     *
     * This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.
     *
     * @param string $value
     * @access public
     */
    public function setKeyIdentifier($value)
    {
        if (empty($value)) {
            unset($this->currentKeyIdentifier);

     * - \phpseclib3\File\ASN1\Element object
     * - PEM or DER string
     *
     * @param mixed $key optional
     * @param int $method optional
     * @access public
     * @return string binary key identifier
     */
    public function computeKeyIdentifier($key = null, $method = 1)
    {
        if (is_null($key)) {

    }
 
    /**
     * Format a public key as appropriate
     *
     * @access private
     * @return array|false
     */
    private function formatSubjectPublicKey()
    {
        $format = $this->publicKey instanceof RSA && ($this->publicKey->getPadding() & RSA::SIGNATURE_PSS) ?

 
    /**
     * Set the domain name's which the cert is to be valid for
     *
     * @param mixed ...$domains
     * @access public
     * @return void
     */
    public function setDomain(...$domains)
    {
        $this->domains = $domains;

    }
 
    /**
     * Set the IP Addresses's which the cert is to be valid for
     *
     * @access public
     * @param mixed[] ...$ipAddresses
     */
    public function setIPAddress(...$ipAddresses)
    {
        $this->ipAddresses = $ipAddresses;

    }
 
    /**
     * Helper function to build domain array
     *
     * @access private
     * @param string $domain
     * @return array
     */
    private function dnsName($domain)
    {

    /**
     * Helper function to build IP Address array
     *
     * (IPv6 is not currently supported)
     *
     * @access private
     * @param string $address
     * @return array
     */
    private function iPAddress($address)
    {

     * Get the index of a revoked certificate.
     *
     * @param array $rclist
     * @param string $serial
     * @param bool $create optional
     * @access private
     * @return int|false
     */
    private function revokedCertificate(&$rclist, $serial, $create = false)
    {
        $serial = new BigInteger($serial);

    /**
     * Revoke a certificate.
     *
     * @param string $serial
     * @param string $date optional
     * @access public
     * @return bool
     */
    public function revoke($serial, $date = null)
    {
        if (isset($this->currentCert['tbsCertList'])) {

 
    /**
     * Unrevoke a certificate.
     *
     * @param string $serial
     * @access public
     * @return bool
     */
    public function unrevoke($serial)
    {
        if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {

 
    /**
     * Get a revoked certificate.
     *
     * @param string $serial
     * @access public
     * @return mixed
     */
    public function getRevoked($serial)
    {
        if (is_array($rclist = $this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {

 
    /**
     * List revoked certificates
     *
     * @param array $crl optional
     * @access public
     * @return array|bool
     */
    public function listRevoked($crl = null)
    {
        if (!isset($crl)) {

    /**
     * Remove a Revoked Certificate Extension
     *
     * @param string $serial
     * @param string $id
     * @access public
     * @return bool
     */
    public function removeRevokedCertificateExtension($serial, $id)
    {
        if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {

     * Returns the extension if it exists and false if not
     *
     * @param string $serial
     * @param string $id
     * @param array $crl optional
     * @access public
     * @return mixed
     */
    public function getRevokedCertificateExtension($serial, $id, $crl = null)
    {
        if (!isset($crl)) {

    /**
     * Returns a list of all extensions in use for a given revoked certificate
     *
     * @param string $serial
     * @param array $crl optional
     * @access public
     * @return array|bool
     */
    public function getRevokedCertificateExtensions($serial, $crl = null)
    {
        if (!isset($crl)) {

     * @param string $serial
     * @param string $id
     * @param mixed $value
     * @param bool $critical optional
     * @param bool $replace optional
     * @access public
     * @return bool
     */
    public function setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true)
    {
        if (isset($this->currentCert['tbsCertList'])) {

Rev 846	Rev 874
Line 14...	Line 14...
14	* portion of the certificate that contains optional parameters with default values. ie. if the parameter isn't there the default value is	14	* portion of the certificate that contains optional parameters with default values. ie. if the parameter isn't there the default value is
15	* used. Problem is, if the parameter is there and it just so happens to have the default value there are two ways that that parameter can	15	* used. Problem is, if the parameter is there and it just so happens to have the default value there are two ways that that parameter can
16	* be encoded. It can be encoded explicitly or left out all together. This would effect the signature value and thus may invalidate the	16	* be encoded. It can be encoded explicitly or left out all together. This would effect the signature value and thus may invalidate the
17	* the certificate all together unless the certificate is re-signed.	17	* the certificate all together unless the certificate is re-signed.
18	*	18	*
-		19	* @category File
-		20	* @package X509
19	* @author Jim Wigginton <terrafrost@php.net>	21	* @author Jim Wigginton <terrafrost@php.net>
20	* @copyright 2012 Jim Wigginton	22	* @copyright 2012 Jim Wigginton
21	* @license http://www.opensource.org/licenses/mit-license.html MIT License	23	* @license http://www.opensource.org/licenses/mit-license.html MIT License
22	* @link http://phpseclib.sourceforge.net	24	* @link http://phpseclib.sourceforge.net
23	*/	25	*/
Line 41...	Line 43...
41	use phpseclib3\Math\BigInteger;	43	use phpseclib3\Math\BigInteger;
42		44
43	/**	45	/**
44	* Pure-PHP X.509 Parser	46	* Pure-PHP X.509 Parser
45	*	47	*
-		48	* @package X509
46	* @author Jim Wigginton <terrafrost@php.net>	49	* @author Jim Wigginton <terrafrost@php.net>
-		50	* @access public
47	*/	51	*/
48	class X509	52	class X509
49	{	53	{
50	/**	54	/**
51	* Flag to only accept signatures signed by certificate authorities	55	* Flag to only accept signatures signed by certificate authorities
52	*	56	*
53	* Not really used anymore but retained all the same to suppress E_NOTICEs from old installs	57	* Not really used anymore but retained all the same to suppress E_NOTICEs from old installs
54	*	58	*
-		59	* @access public
55	*/	60	*/
56	const VALIDATE_SIGNATURE_BY_CA = 1;	61	const VALIDATE_SIGNATURE_BY_CA = 1;
57		62
58	/**	63	/**
59	* Return internal array representation	64	* Return internal array representation
60	*	65	*
-		66	* @access public
61	* @see \phpseclib3\File\X509::getDN()	67	* @see \phpseclib3\File\X509::getDN()
62	*/	68	*/
63	const DN_ARRAY = 0;	69	const DN_ARRAY = 0;
64	/**	70	/**
65	* Return string	71	* Return string
66	*	72	*
-		73	* @access public
67	* @see \phpseclib3\File\X509::getDN()	74	* @see \phpseclib3\File\X509::getDN()
68	*/	75	*/
69	const DN_STRING = 1;	76	const DN_STRING = 1;
70	/**	77	/**
71	* Return ASN.1 name string	78	* Return ASN.1 name string
72	*	79	*
-		80	* @access public
73	* @see \phpseclib3\File\X509::getDN()	81	* @see \phpseclib3\File\X509::getDN()
74	*/	82	*/
75	const DN_ASN1 = 2;	83	const DN_ASN1 = 2;
76	/**	84	/**
77	* Return OpenSSL compatible array	85	* Return OpenSSL compatible array
78	*	86	*
-		87	* @access public
79	* @see \phpseclib3\File\X509::getDN()	88	* @see \phpseclib3\File\X509::getDN()
80	*/	89	*/
81	const DN_OPENSSL = 3;	90	const DN_OPENSSL = 3;
82	/**	91	/**
83	* Return canonical ASN.1 RDNs string	92	* Return canonical ASN.1 RDNs string
84	*	93	*
-		94	* @access public
85	* @see \phpseclib3\File\X509::getDN()	95	* @see \phpseclib3\File\X509::getDN()
86	*/	96	*/
87	const DN_CANON = 4;	97	const DN_CANON = 4;
88	/**	98	/**
89	* Return name hash for file indexing	99	* Return name hash for file indexing
90	*	100	*
-		101	* @access public
91	* @see \phpseclib3\File\X509::getDN()	102	* @see \phpseclib3\File\X509::getDN()
92	*/	103	*/
93	const DN_HASH = 5;	104	const DN_HASH = 5;
94		105
95	/**	106	/**
96	* Save as PEM	107	* Save as PEM
97	*	108	*
98	* ie. a base64-encoded PEM with a header and a footer	109	* ie. a base64-encoded PEM with a header and a footer
99	*	110	*
-		111	* @access public
100	* @see \phpseclib3\File\X509::saveX509()	112	* @see \phpseclib3\File\X509::saveX509()
101	* @see \phpseclib3\File\X509::saveCSR()	113	* @see \phpseclib3\File\X509::saveCSR()
102	* @see \phpseclib3\File\X509::saveCRL()	114	* @see \phpseclib3\File\X509::saveCRL()
103	*/	115	*/
104	const FORMAT_PEM = 0;	116	const FORMAT_PEM = 0;
105	/**	117	/**
106	* Save as DER	118	* Save as DER
107	*	119	*
-		120	* @access public
108	* @see \phpseclib3\File\X509::saveX509()	121	* @see \phpseclib3\File\X509::saveX509()
109	* @see \phpseclib3\File\X509::saveCSR()	122	* @see \phpseclib3\File\X509::saveCSR()
110	* @see \phpseclib3\File\X509::saveCRL()	123	* @see \phpseclib3\File\X509::saveCRL()
111	*/	124	*/
112	const FORMAT_DER = 1;	125	const FORMAT_DER = 1;
113	/**	126	/**
114	* Save as a SPKAC	127	* Save as a SPKAC
115	*	128	*
-		129	* @access public
116	* @see \phpseclib3\File\X509::saveX509()	130	* @see \phpseclib3\File\X509::saveX509()
117	* @see \phpseclib3\File\X509::saveCSR()	131	* @see \phpseclib3\File\X509::saveCSR()
118	* @see \phpseclib3\File\X509::saveCRL()	132	* @see \phpseclib3\File\X509::saveCRL()
119	*	133	*
120	* Only works on CSRs. Not currently supported.	134	* Only works on CSRs. Not currently supported.
Line 123...	Line 137...
123	/**	137	/**
124	* Auto-detect the format	138	* Auto-detect the format
125	*	139	*
126	* Used only by the load*() functions	140	* Used only by the load*() functions
127	*	141	*
-		142	* @access public
128	* @see \phpseclib3\File\X509::saveX509()	143	* @see \phpseclib3\File\X509::saveX509()
129	* @see \phpseclib3\File\X509::saveCSR()	144	* @see \phpseclib3\File\X509::saveCSR()
130	* @see \phpseclib3\File\X509::saveCRL()	145	* @see \phpseclib3\File\X509::saveCRL()
131	*/	146	*/
132	const FORMAT_AUTO_DETECT = 3;	147	const FORMAT_AUTO_DETECT = 3;
Line 141...	Line 156...
141		156
142	/**	157	/**
143	* Distinguished Name	158	* Distinguished Name
144	*	159	*
145	* @var array	160	* @var array
-		161	* @access private
146	*/	162	*/
147	private $dn;	163	private $dn;
148		164
149	/**	165	/**
150	* Public key	166	* Public key
151	*	167	*
152	* @var string\|PublicKey	168	* @var string\|PublicKey
-		169	* @access private
153	*/	170	*/
154	private $publicKey;	171	private $publicKey;
155		172
156	/**	173	/**
157	* Private key	174	* Private key
158	*	175	*
159	* @var string\|PrivateKey	176	* @var string\|PrivateKey
-		177	* @access private
160	*/	178	*/
161	private $privateKey;	179	private $privateKey;
162		180
163	/**	181	/**
164	* Object identifiers for X.509 certificates	182	* Object identifiers for X.509 certificates
165	*	183	*
166	* @var array	184	* @var array
-		185	* @access private
167	* @link http://en.wikipedia.org/wiki/Object_identifier	186	* @link http://en.wikipedia.org/wiki/Object_identifier
168	*/	187	*/
169	private $oids;	188	private $oids;
170		189
171	/**	190	/**
172	* The certificate authorities	191	* The certificate authorities
173	*	192	*
174	* @var array	193	* @var array
-		194	* @access private
175	*/	195	*/
176	private $CAs;	196	private $CAs;
177		197
178	/**	198	/**
179	* The currently loaded certificate	199	* The currently loaded certificate
180	*	200	*
181	* @var array	201	* @var array
-		202	* @access private
182	*/	203	*/
183	private $currentCert;	204	private $currentCert;
184		205
185	/**	206	/**
186	* The signature subject	207	* The signature subject
187	*	208	*
188	* There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally	209	* There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally
189	* encoded so we take save the portion of the original cert that the signature would have made for.	210	* encoded so we take save the portion of the original cert that the signature would have made for.
190	*	211	*
191	* @var string	212	* @var string
-		213	* @access private
192	*/	214	*/
193	private $signatureSubject;	215	private $signatureSubject;
194		216
195	/**	217	/**
196	* Certificate Start Date	218	* Certificate Start Date
197	*	219	*
198	* @var string	220	* @var string
-		221	* @access private
199	*/	222	*/
200	private $startDate;	223	private $startDate;
201		224
202	/**	225	/**
203	* Certificate End Date	226	* Certificate End Date
204	*	227	*
205	* @var string\|Element	228	* @var string\|Element
-		229	* @access private
206	*/	230	*/
207	private $endDate;	231	private $endDate;
208		232
209	/**	233	/**
210	* Serial Number	234	* Serial Number
211	*	235	*
212	* @var string	236	* @var string
-		237	* @access private
213	*/	238	*/
214	private $serialNumber;	239	private $serialNumber;
215		240
216	/**	241	/**
217	* Key Identifier	242	* Key Identifier
218	*	243	*
219	* See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and	244	* See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and
220	* {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}.	245	* {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}.
221	*	246	*
222	* @var string	247	* @var string
-		248	* @access private
223	*/	249	*/
224	private $currentKeyIdentifier;	250	private $currentKeyIdentifier;
225		251
226	/**	252	/**
227	* CA Flag	253	* CA Flag
228	*	254	*
229	* @var bool	255	* @var bool
-		256	* @access private
230	*/	257	*/
231	private $caFlag = false;	258	private $caFlag = false;
232		259
233	/**	260	/**
234	* SPKAC Challenge	261	* SPKAC Challenge
235	*	262	*
236	* @var string	263	* @var string
-		264	* @access private
237	*/	265	*/
238	private $challenge;	266	private $challenge;
239		267
240	/**	268	/**
241	* @var array	269	* @var array
-		270	* @access private
242	*/	271	*/
243	private $extensionValues = [];	272	private $extensionValues = [];
244		273
245	/**	274	/**
246	* OIDs loaded	275	* OIDs loaded
247	*	276	*
248	* @var bool	277	* @var bool
-		278	* @access private
249	*/	279	*/
250	private static $oidsLoaded = false;	280	private static $oidsLoaded = false;
251		281
252	/**	282	/**
253	* Recursion Limit	283	* Recursion Limit
254	*	284	*
255	* @var int	285	* @var int
-		286	* @access private
256	*/	287	*/
257	private static $recur_limit = 5;	288	private static $recur_limit = 5;
258		289
259	/**	290	/**
260	* URL fetch flag	291	* URL fetch flag
261	*	292	*
262	* @var bool	293	* @var bool
-		294	* @access private
263	*/	295	*/
264	private static $disable_url_fetch = false;	296	private static $disable_url_fetch = false;
265		297
266	/**	298	/**
267	* @var array	299	* @var array
-		300	* @access private
268	*/	301	*/
269	private static $extensions = [];	302	private static $extensions = [];
270		303
271	/**	304	/**
272	* @var ?array	305	* @var ?array
-		306	* @access private
273	*/	307	*/
274	private $ipAddresses = null;	308	private $ipAddresses = null;
275		309
276	/**	310	/**
277	* @var ?array	311	* @var ?array
-		312	* @access private
278	*/	313	*/
279	private $domains = null;	314	private $domains = null;
280		315
281	/**	316	/**
282	* Default Constructor.	317	* Default Constructor.
283	*	318	*
284	* @return \phpseclib3\File\X509	319	* @return \phpseclib3\File\X509
-		320	* @access public
285	*/	321	*/
286	public function __construct()	322	public function __construct()
287	{	323	{
288	// Explicitly Tagged Module, 1988 Syntax	324	// Explicitly Tagged Module, 1988 Syntax
289	// http://tools.ietf.org/html/rfc5280#appendix-A.1	325	// http://tools.ietf.org/html/rfc5280#appendix-A.1
Line 430...	Line 466...
430	*	466	*
431	* Returns an associative array describing the X.509 cert or a false if the cert failed to load	467	* Returns an associative array describing the X.509 cert or a false if the cert failed to load
432	*	468	*
433	* @param string $cert	469	* @param string $cert
434	* @param int $mode	470	* @param int $mode
-		471	* @access public
435	* @return mixed	472	* @return mixed
436	*/	473	*/
437	public function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT)	474	public function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT)
438	{	475	{
439	if (is_array($cert) && isset($cert['tbsCertificate'])) {	476	if (is_array($cert) && isset($cert['tbsCertificate'])) {
Line 503...	Line 540...
503	/**	540	/**
504	* Save X.509 certificate	541	* Save X.509 certificate
505	*	542	*
506	* @param array $cert	543	* @param array $cert
507	* @param int $format optional	544	* @param int $format optional
-		545	* @access public
508	* @return string	546	* @return string
509	*/	547	*/
510	public function saveX509($cert, $format = self::FORMAT_PEM)	548	public function saveX509($cert, $format = self::FORMAT_PEM)
511	{	549	{
512	if (!is_array($cert) \|\| !isset($cert['tbsCertificate'])) {	550	if (!is_array($cert) \|\| !isset($cert['tbsCertificate'])) {
Line 574...	Line 612...
574	* Map extension values from octet string to extension-specific internal	612	* Map extension values from octet string to extension-specific internal
575	* format.	613	* format.
576	*	614	*
577	* @param array $root (by reference)	615	* @param array $root (by reference)
578	* @param string $path	616	* @param string $path
-		617	* @access private
579	*/	618	*/
580	private function mapInExtensions(&$root, $path)	619	private function mapInExtensions(&$root, $path)
581	{	620	{
582	$extensions = &$this->subArrayUnchecked($root, $path);	621	$extensions = &$this->subArrayUnchecked($root, $path);
583		622
Line 622...	Line 661...
622	* Map extension values from extension-specific internal format to	661	* Map extension values from extension-specific internal format to
623	* octet string.	662	* octet string.
624	*	663	*
625	* @param array $root (by reference)	664	* @param array $root (by reference)
626	* @param string $path	665	* @param string $path
-		666	* @access private
627	*/	667	*/
628	private function mapOutExtensions(&$root, $path)	668	private function mapOutExtensions(&$root, $path)
629	{	669	{
630	$extensions = &$this->subArray($root, $path, !empty($this->extensionValues));	670	$extensions = &$this->subArray($root, $path, !empty($this->extensionValues));
631		671
Line 703...	Line 743...
703	* Map attribute values from ANY type to attribute-specific internal	743	* Map attribute values from ANY type to attribute-specific internal
704	* format.	744	* format.
705	*	745	*
706	* @param array $root (by reference)	746	* @param array $root (by reference)
707	* @param string $path	747	* @param string $path
-		748	* @access private
708	*/	749	*/
709	private function mapInAttributes(&$root, $path)	750	private function mapInAttributes(&$root, $path)
710	{	751	{
711	$attributes = &$this->subArray($root, $path);	752	$attributes = &$this->subArray($root, $path);
712		753
Line 742...	Line 783...
742	* Map attribute values from attribute-specific internal format to	783	* Map attribute values from attribute-specific internal format to
743	* ANY type.	784	* ANY type.
744	*	785	*
745	* @param array $root (by reference)	786	* @param array $root (by reference)
746	* @param string $path	787	* @param string $path
-		788	* @access private
747	*/	789	*/
748	private function mapOutAttributes(&$root, $path)	790	private function mapOutAttributes(&$root, $path)
749	{	791	{
750	$attributes = &$this->subArray($root, $path);	792	$attributes = &$this->subArray($root, $path);
751		793
Line 783...	Line 825...
783	* Map DN values from ANY type to DN-specific internal	825	* Map DN values from ANY type to DN-specific internal
784	* format.	826	* format.
785	*	827	*
786	* @param array $root (by reference)	828	* @param array $root (by reference)
787	* @param string $path	829	* @param string $path
-		830	* @access private
788	*/	831	*/
789	private function mapInDNs(&$root, $path)	832	private function mapInDNs(&$root, $path)
790	{	833	{
791	$dns = &$this->subArray($root, $path);	834	$dns = &$this->subArray($root, $path);
792		835
Line 811...	Line 854...
811	* Map DN values from DN-specific internal format to	854	* Map DN values from DN-specific internal format to
812	* ANY type.	855	* ANY type.
813	*	856	*
814	* @param array $root (by reference)	857	* @param array $root (by reference)
815	* @param string $path	858	* @param string $path
-		859	* @access private
816	*/	860	*/
817	private function mapOutDNs(&$root, $path)	861	private function mapOutDNs(&$root, $path)
818	{	862	{
819	$dns = &$this->subArray($root, $path);	863	$dns = &$this->subArray($root, $path);
820		864
Line 839...	Line 883...
839		883
840	/**	884	/**
841	* Associate an extension ID to an extension mapping	885	* Associate an extension ID to an extension mapping
842	*	886	*
843	* @param string $extnId	887	* @param string $extnId
-		888	* @access private
844	* @return mixed	889	* @return mixed
845	*/	890	*/
846	private function getMapping($extnId)	891	private function getMapping($extnId)
847	{	892	{
848	if (!is_string($extnId)) { // eg. if it's a \phpseclib3\File\ASN1\Element object	893	if (!is_string($extnId)) { // eg. if it's a \phpseclib3\File\ASN1\Element object
Line 948...	Line 993...
948		993
949	/**	994	/**
950	* Load an X.509 certificate as a certificate authority	995	* Load an X.509 certificate as a certificate authority
951	*	996	*
952	* @param string $cert	997	* @param string $cert
-		998	* @access public
953	* @return bool	999	* @return bool
954	*/	1000	*/
955	public function loadCA($cert)	1001	public function loadCA($cert)
956	{	1002	{
957	$olddn = $this->dn;	1003	$olddn = $this->dn;
Line 1014...	Line 1060...
1014	* character * which is considered to match any single domain name	1060	* character * which is considered to match any single domain name
1015	* component or component fragment. E.g., *.a.com matches foo.a.com but	1061	* component or component fragment. E.g., *.a.com matches foo.a.com but
1016	* not bar.foo.a.com. f*.com matches foo.com but not bar.com.	1062	* not bar.foo.a.com. f*.com matches foo.com but not bar.com.
1017	*	1063	*
1018	* @param string $url	1064	* @param string $url
-		1065	* @access public
1019	* @return bool	1066	* @return bool
1020	*/	1067	*/
1021	public function validateURL($url)	1068	public function validateURL($url)
1022	{	1069	{
1023	if (!is_array($this->currentCert) \|\| !isset($this->currentCert['tbsCertificate'])) {	1070	if (!is_array($this->currentCert) \|\| !isset($this->currentCert['tbsCertificate'])) {
Line 1073...	Line 1120...
1073	* Validate a date	1120	* Validate a date
1074	*	1121	*
1075	* If $date isn't defined it is assumed to be the current date.	1122	* If $date isn't defined it is assumed to be the current date.
1076	*	1123	*
1077	* @param \DateTimeInterface\|string $date optional	1124	* @param \DateTimeInterface\|string $date optional
-		1125	* @access public
1078	* @return bool	1126	* @return bool
1079	*/	1127	*/
1080	public function validateDate($date = null)	1128	public function validateDate($date = null)
1081	{	1129	{
1082	if (!is_array($this->currentCert) \|\| !isset($this->currentCert['tbsCertificate'])) {	1130	if (!is_array($this->currentCert) \|\| !isset($this->currentCert['tbsCertificate'])) {
Line 1105...	Line 1153...
1105		1153
1106	/**	1154	/**
1107	* Fetches a URL	1155	* Fetches a URL
1108	*	1156	*
1109	* @param string $url	1157	* @param string $url
-		1158	* @access private
1110	* @return bool\|string	1159	* @return bool\|string
1111	*/	1160	*/
1112	private static function fetchURL($url)	1161	private static function fetchURL($url)
1113	{	1162	{
1114	if (self::$disable_url_fetch) {	1163	if (self::$disable_url_fetch) {
Line 1160...	Line 1209...
1160	*	1209	*
1161	* See https://tools.ietf.org/html/rfc4325 for more info	1210	* See https://tools.ietf.org/html/rfc4325 for more info
1162	*	1211	*
1163	* @param bool $caonly	1212	* @param bool $caonly
1164	* @param int $count	1213	* @param int $count
-		1214	* @access private
1165	* @return bool	1215	* @return bool
1166	*/	1216	*/
1167	private function testForIntermediate($caonly, $count)	1217	private function testForIntermediate($caonly, $count)
1168	{	1218	{
1169	$opts = $this->getExtension('id-pe-authorityInfoAccess');	1219	$opts = $this->getExtension('id-pe-authorityInfoAccess');
Line 1226...	Line 1276...
1226	* self-signed.	1276	* self-signed.
1227	*	1277	*
1228	* The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}.	1278	* The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}.
1229	*	1279	*
1230	* @param bool $caonly optional	1280	* @param bool $caonly optional
-		1281	* @access public
1231	* @return mixed	1282	* @return mixed
1232	*/	1283	*/
1233	public function validateSignature($caonly = true)	1284	public function validateSignature($caonly = true)
1234	{	1285	{
1235	return $this->validateSignatureCountable($caonly, 0);	1286	return $this->validateSignatureCountable($caonly, 0);
Line 1240...	Line 1291...
1240	*	1291	*
1241	* Performs said validation whilst keeping track of how many times validation method is called	1292	* Performs said validation whilst keeping track of how many times validation method is called
1242	*	1293	*
1243	* @param bool $caonly	1294	* @param bool $caonly
1244	* @param int $count	1295	* @param int $count
-		1296	* @access private
1245	* @return mixed	1297	* @return mixed
1246	*/	1298	*/
1247	private function validateSignatureCountable($caonly, $count)	1299	private function validateSignatureCountable($caonly, $count)
1248	{	1300	{
1249	if (!is_array($this->currentCert) \|\| !isset($this->signatureSubject)) {	1301	if (!is_array($this->currentCert) \|\| !isset($this->signatureSubject)) {
Line 1373...	Line 1425...
1373	* @param string $publicKeyAlgorithm	1425	* @param string $publicKeyAlgorithm
1374	* @param string $publicKey	1426	* @param string $publicKey
1375	* @param string $signatureAlgorithm	1427	* @param string $signatureAlgorithm
1376	* @param string $signature	1428	* @param string $signature
1377	* @param string $signatureSubject	1429	* @param string $signatureSubject
-		1430	* @access private
1378	* @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported	1431	* @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
1379	* @return bool	1432	* @return bool
1380	*/	1433	*/
1381	private function validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)	1434	private function validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
1382	{	1435	{
Line 1447...	Line 1500...
1447	* When validating a signature it may be necessary to download intermediate certs from URI's.	1500	* When validating a signature it may be necessary to download intermediate certs from URI's.
1448	* An intermediate cert that linked to itself would result in an infinite loop so to prevent	1501	* An intermediate cert that linked to itself would result in an infinite loop so to prevent
1449	* that we set a recursion limit. A negative number means that there is no recursion limit.	1502	* that we set a recursion limit. A negative number means that there is no recursion limit.
1450	*	1503	*
1451	* @param int $count	1504	* @param int $count
-		1505	* @access public

Subversion Repositories oidplus

oidplus/trunk/vendor/phpseclib/phpseclib/phpseclib/File/X509.php – Rev 846 → 874