Rev 846 | Rev 1042 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 846 | Rev 874 | ||
---|---|---|---|
Line 14... | Line 14... | ||
14 | * portion of the certificate that contains optional parameters with default values. ie. if the parameter isn't there the default value is |
14 | * portion of the certificate that contains optional parameters with default values. ie. if the parameter isn't there the default value is |
15 | * used. Problem is, if the parameter is there and it just so happens to have the default value there are two ways that that parameter can |
15 | * used. Problem is, if the parameter is there and it just so happens to have the default value there are two ways that that parameter can |
16 | * be encoded. It can be encoded explicitly or left out all together. This would effect the signature value and thus may invalidate the |
16 | * be encoded. It can be encoded explicitly or left out all together. This would effect the signature value and thus may invalidate the |
17 | * the certificate all together unless the certificate is re-signed. |
17 | * the certificate all together unless the certificate is re-signed. |
18 | * |
18 | * |
- | 19 | * @category File |
|
- | 20 | * @package X509 |
|
19 | * @author Jim Wigginton <terrafrost@php.net> |
21 | * @author Jim Wigginton <terrafrost@php.net> |
20 | * @copyright 2012 Jim Wigginton |
22 | * @copyright 2012 Jim Wigginton |
21 | * @license http://www.opensource.org/licenses/mit-license.html MIT License |
23 | * @license http://www.opensource.org/licenses/mit-license.html MIT License |
22 | * @link http://phpseclib.sourceforge.net |
24 | * @link http://phpseclib.sourceforge.net |
23 | */ |
25 | */ |
Line 41... | Line 43... | ||
41 | use phpseclib3\Math\BigInteger; |
43 | use phpseclib3\Math\BigInteger; |
42 | 44 | ||
43 | /** |
45 | /** |
44 | * Pure-PHP X.509 Parser |
46 | * Pure-PHP X.509 Parser |
45 | * |
47 | * |
- | 48 | * @package X509 |
|
46 | * @author Jim Wigginton <terrafrost@php.net> |
49 | * @author Jim Wigginton <terrafrost@php.net> |
- | 50 | * @access public |
|
47 | */ |
51 | */ |
48 | class X509 |
52 | class X509 |
49 | { |
53 | { |
50 | /** |
54 | /** |
51 | * Flag to only accept signatures signed by certificate authorities |
55 | * Flag to only accept signatures signed by certificate authorities |
52 | * |
56 | * |
53 | * Not really used anymore but retained all the same to suppress E_NOTICEs from old installs |
57 | * Not really used anymore but retained all the same to suppress E_NOTICEs from old installs |
54 | * |
58 | * |
- | 59 | * @access public |
|
55 | */ |
60 | */ |
56 | const VALIDATE_SIGNATURE_BY_CA = 1; |
61 | const VALIDATE_SIGNATURE_BY_CA = 1; |
57 | 62 | ||
58 | /** |
63 | /** |
59 | * Return internal array representation |
64 | * Return internal array representation |
60 | * |
65 | * |
- | 66 | * @access public |
|
61 | * @see \phpseclib3\File\X509::getDN() |
67 | * @see \phpseclib3\File\X509::getDN() |
62 | */ |
68 | */ |
63 | const DN_ARRAY = 0; |
69 | const DN_ARRAY = 0; |
64 | /** |
70 | /** |
65 | * Return string |
71 | * Return string |
66 | * |
72 | * |
- | 73 | * @access public |
|
67 | * @see \phpseclib3\File\X509::getDN() |
74 | * @see \phpseclib3\File\X509::getDN() |
68 | */ |
75 | */ |
69 | const DN_STRING = 1; |
76 | const DN_STRING = 1; |
70 | /** |
77 | /** |
71 | * Return ASN.1 name string |
78 | * Return ASN.1 name string |
72 | * |
79 | * |
- | 80 | * @access public |
|
73 | * @see \phpseclib3\File\X509::getDN() |
81 | * @see \phpseclib3\File\X509::getDN() |
74 | */ |
82 | */ |
75 | const DN_ASN1 = 2; |
83 | const DN_ASN1 = 2; |
76 | /** |
84 | /** |
77 | * Return OpenSSL compatible array |
85 | * Return OpenSSL compatible array |
78 | * |
86 | * |
- | 87 | * @access public |
|
79 | * @see \phpseclib3\File\X509::getDN() |
88 | * @see \phpseclib3\File\X509::getDN() |
80 | */ |
89 | */ |
81 | const DN_OPENSSL = 3; |
90 | const DN_OPENSSL = 3; |
82 | /** |
91 | /** |
83 | * Return canonical ASN.1 RDNs string |
92 | * Return canonical ASN.1 RDNs string |
84 | * |
93 | * |
- | 94 | * @access public |
|
85 | * @see \phpseclib3\File\X509::getDN() |
95 | * @see \phpseclib3\File\X509::getDN() |
86 | */ |
96 | */ |
87 | const DN_CANON = 4; |
97 | const DN_CANON = 4; |
88 | /** |
98 | /** |
89 | * Return name hash for file indexing |
99 | * Return name hash for file indexing |
90 | * |
100 | * |
- | 101 | * @access public |
|
91 | * @see \phpseclib3\File\X509::getDN() |
102 | * @see \phpseclib3\File\X509::getDN() |
92 | */ |
103 | */ |
93 | const DN_HASH = 5; |
104 | const DN_HASH = 5; |
94 | 105 | ||
95 | /** |
106 | /** |
96 | * Save as PEM |
107 | * Save as PEM |
97 | * |
108 | * |
98 | * ie. a base64-encoded PEM with a header and a footer |
109 | * ie. a base64-encoded PEM with a header and a footer |
99 | * |
110 | * |
- | 111 | * @access public |
|
100 | * @see \phpseclib3\File\X509::saveX509() |
112 | * @see \phpseclib3\File\X509::saveX509() |
101 | * @see \phpseclib3\File\X509::saveCSR() |
113 | * @see \phpseclib3\File\X509::saveCSR() |
102 | * @see \phpseclib3\File\X509::saveCRL() |
114 | * @see \phpseclib3\File\X509::saveCRL() |
103 | */ |
115 | */ |
104 | const FORMAT_PEM = 0; |
116 | const FORMAT_PEM = 0; |
105 | /** |
117 | /** |
106 | * Save as DER |
118 | * Save as DER |
107 | * |
119 | * |
- | 120 | * @access public |
|
108 | * @see \phpseclib3\File\X509::saveX509() |
121 | * @see \phpseclib3\File\X509::saveX509() |
109 | * @see \phpseclib3\File\X509::saveCSR() |
122 | * @see \phpseclib3\File\X509::saveCSR() |
110 | * @see \phpseclib3\File\X509::saveCRL() |
123 | * @see \phpseclib3\File\X509::saveCRL() |
111 | */ |
124 | */ |
112 | const FORMAT_DER = 1; |
125 | const FORMAT_DER = 1; |
113 | /** |
126 | /** |
114 | * Save as a SPKAC |
127 | * Save as a SPKAC |
115 | * |
128 | * |
- | 129 | * @access public |
|
116 | * @see \phpseclib3\File\X509::saveX509() |
130 | * @see \phpseclib3\File\X509::saveX509() |
117 | * @see \phpseclib3\File\X509::saveCSR() |
131 | * @see \phpseclib3\File\X509::saveCSR() |
118 | * @see \phpseclib3\File\X509::saveCRL() |
132 | * @see \phpseclib3\File\X509::saveCRL() |
119 | * |
133 | * |
120 | * Only works on CSRs. Not currently supported. |
134 | * Only works on CSRs. Not currently supported. |
Line 123... | Line 137... | ||
123 | /** |
137 | /** |
124 | * Auto-detect the format |
138 | * Auto-detect the format |
125 | * |
139 | * |
126 | * Used only by the load*() functions |
140 | * Used only by the load*() functions |
127 | * |
141 | * |
- | 142 | * @access public |
|
128 | * @see \phpseclib3\File\X509::saveX509() |
143 | * @see \phpseclib3\File\X509::saveX509() |
129 | * @see \phpseclib3\File\X509::saveCSR() |
144 | * @see \phpseclib3\File\X509::saveCSR() |
130 | * @see \phpseclib3\File\X509::saveCRL() |
145 | * @see \phpseclib3\File\X509::saveCRL() |
131 | */ |
146 | */ |
132 | const FORMAT_AUTO_DETECT = 3; |
147 | const FORMAT_AUTO_DETECT = 3; |
Line 141... | Line 156... | ||
141 | 156 | ||
142 | /** |
157 | /** |
143 | * Distinguished Name |
158 | * Distinguished Name |
144 | * |
159 | * |
145 | * @var array |
160 | * @var array |
- | 161 | * @access private |
|
146 | */ |
162 | */ |
147 | private $dn; |
163 | private $dn; |
148 | 164 | ||
149 | /** |
165 | /** |
150 | * Public key |
166 | * Public key |
151 | * |
167 | * |
152 | * @var string|PublicKey |
168 | * @var string|PublicKey |
- | 169 | * @access private |
|
153 | */ |
170 | */ |
154 | private $publicKey; |
171 | private $publicKey; |
155 | 172 | ||
156 | /** |
173 | /** |
157 | * Private key |
174 | * Private key |
158 | * |
175 | * |
159 | * @var string|PrivateKey |
176 | * @var string|PrivateKey |
- | 177 | * @access private |
|
160 | */ |
178 | */ |
161 | private $privateKey; |
179 | private $privateKey; |
162 | 180 | ||
163 | /** |
181 | /** |
164 | * Object identifiers for X.509 certificates |
182 | * Object identifiers for X.509 certificates |
165 | * |
183 | * |
166 | * @var array |
184 | * @var array |
- | 185 | * @access private |
|
167 | * @link http://en.wikipedia.org/wiki/Object_identifier |
186 | * @link http://en.wikipedia.org/wiki/Object_identifier |
168 | */ |
187 | */ |
169 | private $oids; |
188 | private $oids; |
170 | 189 | ||
171 | /** |
190 | /** |
172 | * The certificate authorities |
191 | * The certificate authorities |
173 | * |
192 | * |
174 | * @var array |
193 | * @var array |
- | 194 | * @access private |
|
175 | */ |
195 | */ |
176 | private $CAs; |
196 | private $CAs; |
177 | 197 | ||
178 | /** |
198 | /** |
179 | * The currently loaded certificate |
199 | * The currently loaded certificate |
180 | * |
200 | * |
181 | * @var array |
201 | * @var array |
- | 202 | * @access private |
|
182 | */ |
203 | */ |
183 | private $currentCert; |
204 | private $currentCert; |
184 | 205 | ||
185 | /** |
206 | /** |
186 | * The signature subject |
207 | * The signature subject |
187 | * |
208 | * |
188 | * There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally |
209 | * There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally |
189 | * encoded so we take save the portion of the original cert that the signature would have made for. |
210 | * encoded so we take save the portion of the original cert that the signature would have made for. |
190 | * |
211 | * |
191 | * @var string |
212 | * @var string |
- | 213 | * @access private |
|
192 | */ |
214 | */ |
193 | private $signatureSubject; |
215 | private $signatureSubject; |
194 | 216 | ||
195 | /** |
217 | /** |
196 | * Certificate Start Date |
218 | * Certificate Start Date |
197 | * |
219 | * |
198 | * @var string |
220 | * @var string |
- | 221 | * @access private |
|
199 | */ |
222 | */ |
200 | private $startDate; |
223 | private $startDate; |
201 | 224 | ||
202 | /** |
225 | /** |
203 | * Certificate End Date |
226 | * Certificate End Date |
204 | * |
227 | * |
205 | * @var string|Element |
228 | * @var string|Element |
- | 229 | * @access private |
|
206 | */ |
230 | */ |
207 | private $endDate; |
231 | private $endDate; |
208 | 232 | ||
209 | /** |
233 | /** |
210 | * Serial Number |
234 | * Serial Number |
211 | * |
235 | * |
212 | * @var string |
236 | * @var string |
- | 237 | * @access private |
|
213 | */ |
238 | */ |
214 | private $serialNumber; |
239 | private $serialNumber; |
215 | 240 | ||
216 | /** |
241 | /** |
217 | * Key Identifier |
242 | * Key Identifier |
218 | * |
243 | * |
219 | * See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and |
244 | * See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and |
220 | * {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}. |
245 | * {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}. |
221 | * |
246 | * |
222 | * @var string |
247 | * @var string |
- | 248 | * @access private |
|
223 | */ |
249 | */ |
224 | private $currentKeyIdentifier; |
250 | private $currentKeyIdentifier; |
225 | 251 | ||
226 | /** |
252 | /** |
227 | * CA Flag |
253 | * CA Flag |
228 | * |
254 | * |
229 | * @var bool |
255 | * @var bool |
- | 256 | * @access private |
|
230 | */ |
257 | */ |
231 | private $caFlag = false; |
258 | private $caFlag = false; |
232 | 259 | ||
233 | /** |
260 | /** |
234 | * SPKAC Challenge |
261 | * SPKAC Challenge |
235 | * |
262 | * |
236 | * @var string |
263 | * @var string |
- | 264 | * @access private |
|
237 | */ |
265 | */ |
238 | private $challenge; |
266 | private $challenge; |
239 | 267 | ||
240 | /** |
268 | /** |
241 | * @var array |
269 | * @var array |
- | 270 | * @access private |
|
242 | */ |
271 | */ |
243 | private $extensionValues = []; |
272 | private $extensionValues = []; |
244 | 273 | ||
245 | /** |
274 | /** |
246 | * OIDs loaded |
275 | * OIDs loaded |
247 | * |
276 | * |
248 | * @var bool |
277 | * @var bool |
- | 278 | * @access private |
|
249 | */ |
279 | */ |
250 | private static $oidsLoaded = false; |
280 | private static $oidsLoaded = false; |
251 | 281 | ||
252 | /** |
282 | /** |
253 | * Recursion Limit |
283 | * Recursion Limit |
254 | * |
284 | * |
255 | * @var int |
285 | * @var int |
- | 286 | * @access private |
|
256 | */ |
287 | */ |
257 | private static $recur_limit = 5; |
288 | private static $recur_limit = 5; |
258 | 289 | ||
259 | /** |
290 | /** |
260 | * URL fetch flag |
291 | * URL fetch flag |
261 | * |
292 | * |
262 | * @var bool |
293 | * @var bool |
- | 294 | * @access private |
|
263 | */ |
295 | */ |
264 | private static $disable_url_fetch = false; |
296 | private static $disable_url_fetch = false; |
265 | 297 | ||
266 | /** |
298 | /** |
267 | * @var array |
299 | * @var array |
- | 300 | * @access private |
|
268 | */ |
301 | */ |
269 | private static $extensions = []; |
302 | private static $extensions = []; |
270 | 303 | ||
271 | /** |
304 | /** |
272 | * @var ?array |
305 | * @var ?array |
- | 306 | * @access private |
|
273 | */ |
307 | */ |
274 | private $ipAddresses = null; |
308 | private $ipAddresses = null; |
275 | 309 | ||
276 | /** |
310 | /** |
277 | * @var ?array |
311 | * @var ?array |
- | 312 | * @access private |
|
278 | */ |
313 | */ |
279 | private $domains = null; |
314 | private $domains = null; |
280 | 315 | ||
281 | /** |
316 | /** |
282 | * Default Constructor. |
317 | * Default Constructor. |
283 | * |
318 | * |
284 | * @return \phpseclib3\File\X509 |
319 | * @return \phpseclib3\File\X509 |
- | 320 | * @access public |
|
285 | */ |
321 | */ |
286 | public function __construct() |
322 | public function __construct() |
287 | { |
323 | { |
288 | // Explicitly Tagged Module, 1988 Syntax |
324 | // Explicitly Tagged Module, 1988 Syntax |
289 | // http://tools.ietf.org/html/rfc5280#appendix-A.1 |
325 | // http://tools.ietf.org/html/rfc5280#appendix-A.1 |
Line 430... | Line 466... | ||
430 | * |
466 | * |
431 | * Returns an associative array describing the X.509 cert or a false if the cert failed to load |
467 | * Returns an associative array describing the X.509 cert or a false if the cert failed to load |
432 | * |
468 | * |
433 | * @param string $cert |
469 | * @param string $cert |
434 | * @param int $mode |
470 | * @param int $mode |
- | 471 | * @access public |
|
435 | * @return mixed |
472 | * @return mixed |
436 | */ |
473 | */ |
437 | public function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT) |
474 | public function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT) |
438 | { |
475 | { |
439 | if (is_array($cert) && isset($cert['tbsCertificate'])) { |
476 | if (is_array($cert) && isset($cert['tbsCertificate'])) { |
Line 503... | Line 540... | ||
503 | /** |
540 | /** |
504 | * Save X.509 certificate |
541 | * Save X.509 certificate |
505 | * |
542 | * |
506 | * @param array $cert |
543 | * @param array $cert |
507 | * @param int $format optional |
544 | * @param int $format optional |
- | 545 | * @access public |
|
508 | * @return string |
546 | * @return string |
509 | */ |
547 | */ |
510 | public function saveX509($cert, $format = self::FORMAT_PEM) |
548 | public function saveX509($cert, $format = self::FORMAT_PEM) |
511 | { |
549 | { |
512 | if (!is_array($cert) || !isset($cert['tbsCertificate'])) { |
550 | if (!is_array($cert) || !isset($cert['tbsCertificate'])) { |
Line 574... | Line 612... | ||
574 | * Map extension values from octet string to extension-specific internal |
612 | * Map extension values from octet string to extension-specific internal |
575 | * format. |
613 | * format. |
576 | * |
614 | * |
577 | * @param array $root (by reference) |
615 | * @param array $root (by reference) |
578 | * @param string $path |
616 | * @param string $path |
- | 617 | * @access private |
|
579 | */ |
618 | */ |
580 | private function mapInExtensions(&$root, $path) |
619 | private function mapInExtensions(&$root, $path) |
581 | { |
620 | { |
582 | $extensions = &$this->subArrayUnchecked($root, $path); |
621 | $extensions = &$this->subArrayUnchecked($root, $path); |
583 | 622 | ||
Line 622... | Line 661... | ||
622 | * Map extension values from extension-specific internal format to |
661 | * Map extension values from extension-specific internal format to |
623 | * octet string. |
662 | * octet string. |
624 | * |
663 | * |
625 | * @param array $root (by reference) |
664 | * @param array $root (by reference) |
626 | * @param string $path |
665 | * @param string $path |
- | 666 | * @access private |
|
627 | */ |
667 | */ |
628 | private function mapOutExtensions(&$root, $path) |
668 | private function mapOutExtensions(&$root, $path) |
629 | { |
669 | { |
630 | $extensions = &$this->subArray($root, $path, !empty($this->extensionValues)); |
670 | $extensions = &$this->subArray($root, $path, !empty($this->extensionValues)); |
631 | 671 | ||
Line 703... | Line 743... | ||
703 | * Map attribute values from ANY type to attribute-specific internal |
743 | * Map attribute values from ANY type to attribute-specific internal |
704 | * format. |
744 | * format. |
705 | * |
745 | * |
706 | * @param array $root (by reference) |
746 | * @param array $root (by reference) |
707 | * @param string $path |
747 | * @param string $path |
- | 748 | * @access private |
|
708 | */ |
749 | */ |
709 | private function mapInAttributes(&$root, $path) |
750 | private function mapInAttributes(&$root, $path) |
710 | { |
751 | { |
711 | $attributes = &$this->subArray($root, $path); |
752 | $attributes = &$this->subArray($root, $path); |
712 | 753 | ||
Line 742... | Line 783... | ||
742 | * Map attribute values from attribute-specific internal format to |
783 | * Map attribute values from attribute-specific internal format to |
743 | * ANY type. |
784 | * ANY type. |
744 | * |
785 | * |
745 | * @param array $root (by reference) |
786 | * @param array $root (by reference) |
746 | * @param string $path |
787 | * @param string $path |
- | 788 | * @access private |
|
747 | */ |
789 | */ |
748 | private function mapOutAttributes(&$root, $path) |
790 | private function mapOutAttributes(&$root, $path) |
749 | { |
791 | { |
750 | $attributes = &$this->subArray($root, $path); |
792 | $attributes = &$this->subArray($root, $path); |
751 | 793 | ||
Line 783... | Line 825... | ||
783 | * Map DN values from ANY type to DN-specific internal |
825 | * Map DN values from ANY type to DN-specific internal |
784 | * format. |
826 | * format. |
785 | * |
827 | * |
786 | * @param array $root (by reference) |
828 | * @param array $root (by reference) |
787 | * @param string $path |
829 | * @param string $path |
- | 830 | * @access private |
|
788 | */ |
831 | */ |
789 | private function mapInDNs(&$root, $path) |
832 | private function mapInDNs(&$root, $path) |
790 | { |
833 | { |
791 | $dns = &$this->subArray($root, $path); |
834 | $dns = &$this->subArray($root, $path); |
792 | 835 | ||
Line 811... | Line 854... | ||
811 | * Map DN values from DN-specific internal format to |
854 | * Map DN values from DN-specific internal format to |
812 | * ANY type. |
855 | * ANY type. |
813 | * |
856 | * |
814 | * @param array $root (by reference) |
857 | * @param array $root (by reference) |
815 | * @param string $path |
858 | * @param string $path |
- | 859 | * @access private |
|
816 | */ |
860 | */ |
817 | private function mapOutDNs(&$root, $path) |
861 | private function mapOutDNs(&$root, $path) |
818 | { |
862 | { |
819 | $dns = &$this->subArray($root, $path); |
863 | $dns = &$this->subArray($root, $path); |
820 | 864 | ||
Line 839... | Line 883... | ||
839 | 883 | ||
840 | /** |
884 | /** |
841 | * Associate an extension ID to an extension mapping |
885 | * Associate an extension ID to an extension mapping |
842 | * |
886 | * |
843 | * @param string $extnId |
887 | * @param string $extnId |
- | 888 | * @access private |
|
844 | * @return mixed |
889 | * @return mixed |
845 | */ |
890 | */ |
846 | private function getMapping($extnId) |
891 | private function getMapping($extnId) |
847 | { |
892 | { |
848 | if (!is_string($extnId)) { // eg. if it's a \phpseclib3\File\ASN1\Element object |
893 | if (!is_string($extnId)) { // eg. if it's a \phpseclib3\File\ASN1\Element object |
Line 948... | Line 993... | ||
948 | 993 | ||
949 | /** |
994 | /** |
950 | * Load an X.509 certificate as a certificate authority |
995 | * Load an X.509 certificate as a certificate authority |
951 | * |
996 | * |
952 | * @param string $cert |
997 | * @param string $cert |
- | 998 | * @access public |
|
953 | * @return bool |
999 | * @return bool |
954 | */ |
1000 | */ |
955 | public function loadCA($cert) |
1001 | public function loadCA($cert) |
956 | { |
1002 | { |
957 | $olddn = $this->dn; |
1003 | $olddn = $this->dn; |
Line 1014... | Line 1060... | ||
1014 | * character * which is considered to match any single domain name |
1060 | * character * which is considered to match any single domain name |
1015 | * component or component fragment. E.g., *.a.com matches foo.a.com but |
1061 | * component or component fragment. E.g., *.a.com matches foo.a.com but |
1016 | * not bar.foo.a.com. f*.com matches foo.com but not bar.com. |
1062 | * not bar.foo.a.com. f*.com matches foo.com but not bar.com. |
1017 | * |
1063 | * |
1018 | * @param string $url |
1064 | * @param string $url |
- | 1065 | * @access public |
|
1019 | * @return bool |
1066 | * @return bool |
1020 | */ |
1067 | */ |
1021 | public function validateURL($url) |
1068 | public function validateURL($url) |
1022 | { |
1069 | { |
1023 | if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { |
1070 | if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { |
Line 1073... | Line 1120... | ||
1073 | * Validate a date |
1120 | * Validate a date |
1074 | * |
1121 | * |
1075 | * If $date isn't defined it is assumed to be the current date. |
1122 | * If $date isn't defined it is assumed to be the current date. |
1076 | * |
1123 | * |
1077 | * @param \DateTimeInterface|string $date optional |
1124 | * @param \DateTimeInterface|string $date optional |
- | 1125 | * @access public |
|
1078 | * @return bool |
1126 | * @return bool |
1079 | */ |
1127 | */ |
1080 | public function validateDate($date = null) |
1128 | public function validateDate($date = null) |
1081 | { |
1129 | { |
1082 | if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { |
1130 | if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) { |
Line 1105... | Line 1153... | ||
1105 | 1153 | ||
1106 | /** |
1154 | /** |
1107 | * Fetches a URL |
1155 | * Fetches a URL |
1108 | * |
1156 | * |
1109 | * @param string $url |
1157 | * @param string $url |
- | 1158 | * @access private |
|
1110 | * @return bool|string |
1159 | * @return bool|string |
1111 | */ |
1160 | */ |
1112 | private static function fetchURL($url) |
1161 | private static function fetchURL($url) |
1113 | { |
1162 | { |
1114 | if (self::$disable_url_fetch) { |
1163 | if (self::$disable_url_fetch) { |
Line 1160... | Line 1209... | ||
1160 | * |
1209 | * |
1161 | * See https://tools.ietf.org/html/rfc4325 for more info |
1210 | * See https://tools.ietf.org/html/rfc4325 for more info |
1162 | * |
1211 | * |
1163 | * @param bool $caonly |
1212 | * @param bool $caonly |
1164 | * @param int $count |
1213 | * @param int $count |
- | 1214 | * @access private |
|
1165 | * @return bool |
1215 | * @return bool |
1166 | */ |
1216 | */ |
1167 | private function testForIntermediate($caonly, $count) |
1217 | private function testForIntermediate($caonly, $count) |
1168 | { |
1218 | { |
1169 | $opts = $this->getExtension('id-pe-authorityInfoAccess'); |
1219 | $opts = $this->getExtension('id-pe-authorityInfoAccess'); |
Line 1226... | Line 1276... | ||
1226 | * self-signed. |
1276 | * self-signed. |
1227 | * |
1277 | * |
1228 | * The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}. |
1278 | * The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}. |
1229 | * |
1279 | * |
1230 | * @param bool $caonly optional |
1280 | * @param bool $caonly optional |
- | 1281 | * @access public |
|
1231 | * @return mixed |
1282 | * @return mixed |
1232 | */ |
1283 | */ |
1233 | public function validateSignature($caonly = true) |
1284 | public function validateSignature($caonly = true) |
1234 | { |
1285 | { |
1235 | return $this->validateSignatureCountable($caonly, 0); |
1286 | return $this->validateSignatureCountable($caonly, 0); |
Line 1240... | Line 1291... | ||
1240 | * |
1291 | * |
1241 | * Performs said validation whilst keeping track of how many times validation method is called |
1292 | * Performs said validation whilst keeping track of how many times validation method is called |
1242 | * |
1293 | * |
1243 | * @param bool $caonly |
1294 | * @param bool $caonly |
1244 | * @param int $count |
1295 | * @param int $count |
- | 1296 | * @access private |
|
1245 | * @return mixed |
1297 | * @return mixed |
1246 | */ |
1298 | */ |
1247 | private function validateSignatureCountable($caonly, $count) |
1299 | private function validateSignatureCountable($caonly, $count) |
1248 | { |
1300 | { |
1249 | if (!is_array($this->currentCert) || !isset($this->signatureSubject)) { |
1301 | if (!is_array($this->currentCert) || !isset($this->signatureSubject)) { |
Line 1373... | Line 1425... | ||
1373 | * @param string $publicKeyAlgorithm |
1425 | * @param string $publicKeyAlgorithm |
1374 | * @param string $publicKey |
1426 | * @param string $publicKey |
1375 | * @param string $signatureAlgorithm |
1427 | * @param string $signatureAlgorithm |
1376 | * @param string $signature |
1428 | * @param string $signature |
1377 | * @param string $signatureSubject |
1429 | * @param string $signatureSubject |
- | 1430 | * @access private |
|
1378 | * @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported |
1431 | * @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported |
1379 | * @return bool |
1432 | * @return bool |
1380 | */ |
1433 | */ |
1381 | private function validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) |
1434 | private function validateSignatureHelper($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) |
1382 | { |
1435 | { |
Line 1447... | Line 1500... | ||
1447 | * When validating a signature it may be necessary to download intermediate certs from URI's. |
1500 | * When validating a signature it may be necessary to download intermediate certs from URI's. |
1448 | * An intermediate cert that linked to itself would result in an infinite loop so to prevent |
1501 | * An intermediate cert that linked to itself would result in an infinite loop so to prevent |
1449 | * that we set a recursion limit. A negative number means that there is no recursion limit. |
1502 | * that we set a recursion limit. A negative number means that there is no recursion limit. |
1450 | * |
1503 | * |
1451 | * @param int $count |
1504 | * @param int $count |
- | 1505 | * @access public |
|
1452 | */ |
1506 | */ |
1453 | public static function setRecurLimit($count) |
1507 | public static function setRecurLimit($count) |
1454 | { |
1508 | { |
1455 | self::$recur_limit = $count; |
1509 | self::$recur_limit = $count; |
1456 | } |
1510 | } |
1457 | 1511 | ||
1458 | /** |
1512 | /** |
1459 | * Prevents URIs from being automatically retrieved |
1513 | * Prevents URIs from being automatically retrieved |
1460 | * |
1514 | * |
- | 1515 | * @access public |
|
1461 | */ |
1516 | */ |
1462 | public static function disableURLFetch() |
1517 | public static function disableURLFetch() |
1463 | { |
1518 | { |
1464 | self::$disable_url_fetch = true; |
1519 | self::$disable_url_fetch = true; |
1465 | } |
1520 | } |
1466 | 1521 | ||
1467 | /** |
1522 | /** |
1468 | * Allows URIs to be automatically retrieved |
1523 | * Allows URIs to be automatically retrieved |
1469 | * |
1524 | * |
- | 1525 | * @access public |
|
1470 | */ |
1526 | */ |
1471 | public static function enableURLFetch() |
1527 | public static function enableURLFetch() |
1472 | { |
1528 | { |
1473 | self::$disable_url_fetch = false; |
1529 | self::$disable_url_fetch = false; |
1474 | } |
1530 | } |
Line 1477... | Line 1533... | ||
1477 | * Decodes an IP address |
1533 | * Decodes an IP address |
1478 | * |
1534 | * |
1479 | * Takes in a base64 encoded "blob" and returns a human readable IP address |
1535 | * Takes in a base64 encoded "blob" and returns a human readable IP address |
1480 | * |
1536 | * |
1481 | * @param string $ip |
1537 | * @param string $ip |
- | 1538 | * @access private |
|
1482 | * @return string |
1539 | * @return string |
1483 | */ |
1540 | */ |
1484 | public static function decodeIP($ip) |
1541 | public static function decodeIP($ip) |
1485 | { |
1542 | { |
1486 | return inet_ntop($ip); |
1543 | return inet_ntop($ip); |
Line 1490... | Line 1547... | ||
1490 | * Decodes an IP address in a name constraints extension |
1547 | * Decodes an IP address in a name constraints extension |
1491 | * |
1548 | * |
1492 | * Takes in a base64 encoded "blob" and returns a human readable IP address / mask |
1549 | * Takes in a base64 encoded "blob" and returns a human readable IP address / mask |
1493 | * |
1550 | * |
1494 | * @param string $ip |
1551 | * @param string $ip |
- | 1552 | * @access private |
|
1495 | * @return array |
1553 | * @return array |
1496 | */ |
1554 | */ |
1497 | public static function decodeNameConstraintIP($ip) |
1555 | public static function decodeNameConstraintIP($ip) |
1498 | { |
1556 | { |
1499 | $size = strlen($ip) >> 1; |
1557 | $size = strlen($ip) >> 1; |
Line 1506... | Line 1564... | ||
1506 | * Encodes an IP address |
1564 | * Encodes an IP address |
1507 | * |
1565 | * |
1508 | * Takes a human readable IP address into a base64-encoded "blob" |
1566 | * Takes a human readable IP address into a base64-encoded "blob" |
1509 | * |
1567 | * |
1510 | * @param string|array $ip |
1568 | * @param string|array $ip |
- | 1569 | * @access private |
|
1511 | * @return string |
1570 | * @return string |
1512 | */ |
1571 | */ |
1513 | public static function encodeIP($ip) |
1572 | public static function encodeIP($ip) |
1514 | { |
1573 | { |
1515 | return is_string($ip) ? |
1574 | return is_string($ip) ? |
Line 1519... | Line 1578... | ||
1519 | 1578 | ||
1520 | /** |
1579 | /** |
1521 | * "Normalizes" a Distinguished Name property |
1580 | * "Normalizes" a Distinguished Name property |
1522 | * |
1581 | * |
1523 | * @param string $propName |
1582 | * @param string $propName |
- | 1583 | * @access private |
|
1524 | * @return mixed |
1584 | * @return mixed |
1525 | */ |
1585 | */ |
1526 | private function translateDNProp($propName) |
1586 | private function translateDNProp($propName) |
1527 | { |
1587 | { |
1528 | switch (strtolower($propName)) { |
1588 | switch (strtolower($propName)) { |
Line 1612... | Line 1672... | ||
1612 | * Set a Distinguished Name property |
1672 | * Set a Distinguished Name property |
1613 | * |
1673 | * |
1614 | * @param string $propName |
1674 | * @param string $propName |
1615 | * @param mixed $propValue |
1675 | * @param mixed $propValue |
1616 | * @param string $type optional |
1676 | * @param string $type optional |
- | 1677 | * @access public |
|
1617 | * @return bool |
1678 | * @return bool |
1618 | */ |
1679 | */ |
1619 | public function setDNProp($propName, $propValue, $type = 'utf8String') |
1680 | public function setDNProp($propName, $propValue, $type = 'utf8String') |
1620 | { |
1681 | { |
1621 | if (empty($this->dn)) { |
1682 | if (empty($this->dn)) { |
Line 1643... | Line 1704... | ||
1643 | 1704 | ||
1644 | /** |
1705 | /** |
1645 | * Remove Distinguished Name properties |
1706 | * Remove Distinguished Name properties |
1646 | * |
1707 | * |
1647 | * @param string $propName |
1708 | * @param string $propName |
- | 1709 | * @access public |
|
1648 | */ |
1710 | */ |
1649 | public function removeDNProp($propName) |
1711 | public function removeDNProp($propName) |
1650 | { |
1712 | { |
1651 | if (empty($this->dn)) { |
1713 | if (empty($this->dn)) { |
1652 | return; |
1714 | return; |
Line 1676... | Line 1738... | ||
1676 | * |
1738 | * |
1677 | * @param string $propName |
1739 | * @param string $propName |
1678 | * @param array $dn optional |
1740 | * @param array $dn optional |
1679 | * @param bool $withType optional |
1741 | * @param bool $withType optional |
1680 | * @return mixed |
1742 | * @return mixed |
- | 1743 | * @access public |
|
1681 | */ |
1744 | */ |
1682 | public function getDNProp($propName, $dn = null, $withType = false) |
1745 | public function getDNProp($propName, $dn = null, $withType = false) |
1683 | { |
1746 | { |
1684 | if (!isset($dn)) { |
1747 | if (!isset($dn)) { |
1685 | $dn = $this->dn; |
1748 | $dn = $this->dn; |
Line 1736... | Line 1799... | ||
1736 | * Set a Distinguished Name |
1799 | * Set a Distinguished Name |
1737 | * |
1800 | * |
1738 | * @param mixed $dn |
1801 | * @param mixed $dn |
1739 | * @param bool $merge optional |
1802 | * @param bool $merge optional |
1740 | * @param string $type optional |
1803 | * @param string $type optional |
- | 1804 | * @access public |
|
1741 | * @return bool |
1805 | * @return bool |
1742 | */ |
1806 | */ |
1743 | public function setDN($dn, $merge = false, $type = 'utf8String') |
1807 | public function setDN($dn, $merge = false, $type = 'utf8String') |
1744 | { |
1808 | { |
1745 | if (!$merge) { |
1809 | if (!$merge) { |
Line 1777... | Line 1841... | ||
1777 | /** |
1841 | /** |
1778 | * Get the Distinguished Name for a certificates subject |
1842 | * Get the Distinguished Name for a certificates subject |
1779 | * |
1843 | * |
1780 | * @param mixed $format optional |
1844 | * @param mixed $format optional |
1781 | * @param array $dn optional |
1845 | * @param array $dn optional |
- | 1846 | * @access public |
|
1782 | * @return array|bool|string |
1847 | * @return array|bool|string |
1783 | */ |
1848 | */ |
1784 | public function getDN($format = self::DN_ARRAY, $dn = null) |
1849 | public function getDN($format = self::DN_ARRAY, $dn = null) |
1785 | { |
1850 | { |
1786 | if (!isset($dn)) { |
1851 | if (!isset($dn)) { |
Line 1918... | Line 1983... | ||
1918 | 1983 | ||
1919 | /** |
1984 | /** |
1920 | * Get the Distinguished Name for a certificate/crl issuer |
1985 | * Get the Distinguished Name for a certificate/crl issuer |
1921 | * |
1986 | * |
1922 | * @param int $format optional |
1987 | * @param int $format optional |
- | 1988 | * @access public |
|
1923 | * @return mixed |
1989 | * @return mixed |
1924 | */ |
1990 | */ |
1925 | public function getIssuerDN($format = self::DN_ARRAY) |
1991 | public function getIssuerDN($format = self::DN_ARRAY) |
1926 | { |
1992 | { |
1927 | switch (true) { |
1993 | switch (true) { |
Line 1939... | Line 2005... | ||
1939 | /** |
2005 | /** |
1940 | * Get the Distinguished Name for a certificate/csr subject |
2006 | * Get the Distinguished Name for a certificate/csr subject |
1941 | * Alias of getDN() |
2007 | * Alias of getDN() |
1942 | * |
2008 | * |
1943 | * @param int $format optional |
2009 | * @param int $format optional |
- | 2010 | * @access public |
|
1944 | * @return mixed |
2011 | * @return mixed |
1945 | */ |
2012 | */ |
1946 | public function getSubjectDN($format = self::DN_ARRAY) |
2013 | public function getSubjectDN($format = self::DN_ARRAY) |
1947 | { |
2014 | { |
1948 | switch (true) { |
2015 | switch (true) { |
Line 1962... | Line 2029... | ||
1962 | /** |
2029 | /** |
1963 | * Get an individual Distinguished Name property for a certificate/crl issuer |
2030 | * Get an individual Distinguished Name property for a certificate/crl issuer |
1964 | * |
2031 | * |
1965 | * @param string $propName |
2032 | * @param string $propName |
1966 | * @param bool $withType optional |
2033 | * @param bool $withType optional |
- | 2034 | * @access public |
|
1967 | * @return mixed |
2035 | * @return mixed |
1968 | */ |
2036 | */ |
1969 | public function getIssuerDNProp($propName, $withType = false) |
2037 | public function getIssuerDNProp($propName, $withType = false) |
1970 | { |
2038 | { |
1971 | switch (true) { |
2039 | switch (true) { |
Line 1983... | Line 2051... | ||
1983 | /** |
2051 | /** |
1984 | * Get an individual Distinguished Name property for a certificate/csr subject |
2052 | * Get an individual Distinguished Name property for a certificate/csr subject |
1985 | * |
2053 | * |
1986 | * @param string $propName |
2054 | * @param string $propName |
1987 | * @param bool $withType optional |
2055 | * @param bool $withType optional |
- | 2056 | * @access public |
|
1988 | * @return mixed |
2057 | * @return mixed |
1989 | */ |
2058 | */ |
1990 | public function getSubjectDNProp($propName, $withType = false) |
2059 | public function getSubjectDNProp($propName, $withType = false) |
1991 | { |
2060 | { |
1992 | switch (true) { |
2061 | switch (true) { |
Line 2004... | Line 2073... | ||
2004 | } |
2073 | } |
2005 | 2074 | ||
2006 | /** |
2075 | /** |
2007 | * Get the certificate chain for the current cert |
2076 | * Get the certificate chain for the current cert |
2008 | * |
2077 | * |
- | 2078 | * @access public |
|
2009 | * @return mixed |
2079 | * @return mixed |
2010 | */ |
2080 | */ |
2011 | public function getChain() |
2081 | public function getChain() |
2012 | { |
2082 | { |
2013 | $chain = [$this->currentCert]; |
2083 | $chain = [$this->currentCert]; |
Line 2048... | Line 2118... | ||
2048 | } |
2118 | } |
2049 | 2119 | ||
2050 | /** |
2120 | /** |
2051 | * Returns the current cert |
2121 | * Returns the current cert |
2052 | * |
2122 | * |
- | 2123 | * @access public |
|
2053 | * @return array|bool |
2124 | * @return array|bool |
2054 | */ |
2125 | */ |
2055 | public function &getCurrentCert() |
2126 | public function &getCurrentCert() |
2056 | { |
2127 | { |
2057 | return $this->currentCert; |
2128 | return $this->currentCert; |
Line 2061... | Line 2132... | ||
2061 | * Set public key |
2132 | * Set public key |
2062 | * |
2133 | * |
2063 | * Key needs to be a \phpseclib3\Crypt\RSA object |
2134 | * Key needs to be a \phpseclib3\Crypt\RSA object |
2064 | * |
2135 | * |
2065 | * @param PublicKey $key |
2136 | * @param PublicKey $key |
- | 2137 | * @access public |
|
2066 | * @return void |
2138 | * @return void |
2067 | */ |
2139 | */ |
2068 | public function setPublicKey(PublicKey $key) |
2140 | public function setPublicKey(PublicKey $key) |
2069 | { |
2141 | { |
2070 | $this->publicKey = $key; |
2142 | $this->publicKey = $key; |
Line 2074... | Line 2146... | ||
2074 | * Set private key |
2146 | * Set private key |
2075 | * |
2147 | * |
2076 | * Key needs to be a \phpseclib3\Crypt\RSA object |
2148 | * Key needs to be a \phpseclib3\Crypt\RSA object |
2077 | * |
2149 | * |
2078 | * @param PrivateKey $key |
2150 | * @param PrivateKey $key |
- | 2151 | * @access public |
|
2079 | */ |
2152 | */ |
2080 | public function setPrivateKey(PrivateKey $key) |
2153 | public function setPrivateKey(PrivateKey $key) |
2081 | { |
2154 | { |
2082 | $this->privateKey = $key; |
2155 | $this->privateKey = $key; |
2083 | } |
2156 | } |
Line 2086... | Line 2159... | ||
2086 | * Set challenge |
2159 | * Set challenge |
2087 | * |
2160 | * |
2088 | * Used for SPKAC CSR's |
2161 | * Used for SPKAC CSR's |
2089 | * |
2162 | * |
2090 | * @param string $challenge |
2163 | * @param string $challenge |
- | 2164 | * @access public |
|
2091 | */ |
2165 | */ |
2092 | public function setChallenge($challenge) |
2166 | public function setChallenge($challenge) |
2093 | { |
2167 | { |
2094 | $this->challenge = $challenge; |
2168 | $this->challenge = $challenge; |
2095 | } |
2169 | } |
Line 2097... | Line 2171... | ||
2097 | /** |
2171 | /** |
2098 | * Gets the public key |
2172 | * Gets the public key |
2099 | * |
2173 | * |
2100 | * Returns a \phpseclib3\Crypt\RSA object or a false. |
2174 | * Returns a \phpseclib3\Crypt\RSA object or a false. |
2101 | * |
2175 | * |
- | 2176 | * @access public |
|
2102 | * @return mixed |
2177 | * @return mixed |
2103 | */ |
2178 | */ |
2104 | public function getPublicKey() |
2179 | public function getPublicKey() |
2105 | { |
2180 | { |
2106 | if (isset($this->publicKey)) { |
2181 | if (isset($this->publicKey)) { |
Line 2146... | Line 2221... | ||
2146 | * Load a Certificate Signing Request |
2221 | * Load a Certificate Signing Request |
2147 | * |
2222 | * |
2148 | * @param string $csr |
2223 | * @param string $csr |
2149 | * @param int $mode |
2224 | * @param int $mode |
2150 | * @return mixed |
2225 | * @return mixed |
- | 2226 | * @access public |
|
2151 | */ |
2227 | */ |
2152 | public function loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT) |
2228 | public function loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT) |
2153 | { |
2229 | { |
2154 | if (is_array($csr) && isset($csr['certificationRequestInfo'])) { |
2230 | if (is_array($csr) && isset($csr['certificationRequestInfo'])) { |
2155 | unset($this->currentCert); |
2231 | unset($this->currentCert); |
Line 2219... | Line 2295... | ||
2219 | /** |
2295 | /** |
2220 | * Save CSR request |
2296 | * Save CSR request |
2221 | * |
2297 | * |
2222 | * @param array $csr |
2298 | * @param array $csr |
2223 | * @param int $format optional |
2299 | * @param int $format optional |
- | 2300 | * @access public |
|
2224 | * @return string |
2301 | * @return string |
2225 | */ |
2302 | */ |
2226 | public function saveCSR($csr, $format = self::FORMAT_PEM) |
2303 | public function saveCSR($csr, $format = self::FORMAT_PEM) |
2227 | { |
2304 | { |
2228 | if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) { |
2305 | if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) { |
Line 2264... | Line 2341... | ||
2264 | * SPKAC's are produced by the HTML5 keygen element: |
2341 | * SPKAC's are produced by the HTML5 keygen element: |
2265 | * |
2342 | * |
2266 | * https://developer.mozilla.org/en-US/docs/HTML/Element/keygen |
2343 | * https://developer.mozilla.org/en-US/docs/HTML/Element/keygen |
2267 | * |
2344 | * |
2268 | * @param string $spkac |
2345 | * @param string $spkac |
- | 2346 | * @access public |
|
2269 | * @return mixed |
2347 | * @return mixed |
2270 | */ |
2348 | */ |
2271 | public function loadSPKAC($spkac) |
2349 | public function loadSPKAC($spkac) |
2272 | { |
2350 | { |
2273 | if (is_array($spkac) && isset($spkac['publicKeyAndChallenge'])) { |
2351 | if (is_array($spkac) && isset($spkac['publicKeyAndChallenge'])) { |
Line 2328... | Line 2406... | ||
2328 | /** |
2406 | /** |
2329 | * Save a SPKAC CSR request |
2407 | * Save a SPKAC CSR request |
2330 | * |
2408 | * |
2331 | * @param array $spkac |
2409 | * @param array $spkac |
2332 | * @param int $format optional |
2410 | * @param int $format optional |
- | 2411 | * @access public |
|
2333 | * @return string |
2412 | * @return string |
2334 | */ |
2413 | */ |
2335 | public function saveSPKAC($spkac, $format = self::FORMAT_PEM) |
2414 | public function saveSPKAC($spkac, $format = self::FORMAT_PEM) |
2336 | { |
2415 | { |
2337 | if (!is_array($spkac) || !isset($spkac['publicKeyAndChallenge'])) { |
2416 | if (!is_array($spkac) || !isset($spkac['publicKeyAndChallenge'])) { |
Line 2366... | Line 2445... | ||
2366 | * Load a Certificate Revocation List |
2445 | * Load a Certificate Revocation List |
2367 | * |
2446 | * |
2368 | * @param string $crl |
2447 | * @param string $crl |
2369 | * @param int $mode |
2448 | * @param int $mode |
2370 | * @return mixed |
2449 | * @return mixed |
- | 2450 | * @access public |
|
2371 | */ |
2451 | */ |
2372 | public function loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT) |
2452 | public function loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT) |
2373 | { |
2453 | { |
2374 | if (is_array($crl) && isset($crl['tbsCertList'])) { |
2454 | if (is_array($crl) && isset($crl['tbsCertList'])) { |
2375 | $this->currentCert = $crl; |
2455 | $this->currentCert = $crl; |
Line 2431... | Line 2511... | ||
2431 | /** |
2511 | /** |
2432 | * Save Certificate Revocation List. |
2512 | * Save Certificate Revocation List. |
2433 | * |
2513 | * |
2434 | * @param array $crl |
2514 | * @param array $crl |
2435 | * @param int $format optional |
2515 | * @param int $format optional |
- | 2516 | * @access public |
|
2436 | * @return string |
2517 | * @return string |
2437 | */ |
2518 | */ |
2438 | public function saveCRL($crl, $format = self::FORMAT_PEM) |
2519 | public function saveCRL($crl, $format = self::FORMAT_PEM) |
2439 | { |
2520 | { |
2440 | if (!is_array($crl) || !isset($crl['tbsCertList'])) { |
2521 | if (!is_array($crl) || !isset($crl['tbsCertList'])) { |
Line 2488... | Line 2569... | ||
2488 | * - 5.1.2.5 Next Update |
2569 | * - 5.1.2.5 Next Update |
2489 | * - 5.1.2.6 Revoked Certificates |
2570 | * - 5.1.2.6 Revoked Certificates |
2490 | * by choosing utcTime iff year of date given is before 2050 and generalTime else. |
2571 | * by choosing utcTime iff year of date given is before 2050 and generalTime else. |
2491 | * |
2572 | * |
2492 | * @param string $date in format date('D, d M Y H:i:s O') |
2573 | * @param string $date in format date('D, d M Y H:i:s O') |
- | 2574 | * @access private |
|
2493 | * @return array|Element |
2575 | * @return array|Element |
2494 | */ |
2576 | */ |
2495 | private function timeField($date) |
2577 | private function timeField($date) |
2496 | { |
2578 | { |
2497 | if ($date instanceof Element) { |
2579 | if ($date instanceof Element) { |
Line 2513... | Line 2595... | ||
2513 | * $subject can be either an existing X.509 cert (if you want to resign it), |
2595 | * $subject can be either an existing X.509 cert (if you want to resign it), |
2514 | * a CSR or something with the DN and public key explicitly set. |
2596 | * a CSR or something with the DN and public key explicitly set. |
2515 | * |
2597 | * |
2516 | * @param \phpseclib3\File\X509 $issuer |
2598 | * @param \phpseclib3\File\X509 $issuer |
2517 | * @param \phpseclib3\File\X509 $subject |
2599 | * @param \phpseclib3\File\X509 $subject |
- | 2600 | * @access public |
|
2518 | * @return mixed |
2601 | * @return mixed |
2519 | */ |
2602 | */ |
2520 | public function sign($issuer, $subject) |
2603 | public function sign($issuer, $subject) |
2521 | { |
2604 | { |
2522 | if (!is_object($issuer->privateKey) || empty($issuer->dn)) { |
2605 | if (!is_object($issuer->privateKey) || empty($issuer->dn)) { |
Line 2705... | Line 2788... | ||
2705 | } |
2788 | } |
2706 | 2789 | ||
2707 | /** |
2790 | /** |
2708 | * Sign a CSR |
2791 | * Sign a CSR |
2709 | * |
2792 | * |
- | 2793 | * @access public |
|
2710 | * @return mixed |
2794 | * @return mixed |
2711 | */ |
2795 | */ |
2712 | public function signCSR() |
2796 | public function signCSR() |
2713 | { |
2797 | { |
2714 | if (!is_object($this->privateKey) || empty($this->dn)) { |
2798 | if (!is_object($this->privateKey) || empty($this->dn)) { |
Line 2759... | Line 2843... | ||
2759 | } |
2843 | } |
2760 | 2844 | ||
2761 | /** |
2845 | /** |
2762 | * Sign a SPKAC |
2846 | * Sign a SPKAC |
2763 | * |
2847 | * |
- | 2848 | * @access public |
|
2764 | * @return mixed |
2849 | * @return mixed |
2765 | */ |
2850 | */ |
2766 | public function signSPKAC() |
2851 | public function signSPKAC() |
2767 | { |
2852 | { |
2768 | if (!is_object($this->privateKey)) { |
2853 | if (!is_object($this->privateKey)) { |
Line 2823... | Line 2908... | ||
2823 | * |
2908 | * |
2824 | * $issuer's private key needs to be loaded. |
2909 | * $issuer's private key needs to be loaded. |
2825 | * |
2910 | * |
2826 | * @param \phpseclib3\File\X509 $issuer |
2911 | * @param \phpseclib3\File\X509 $issuer |
2827 | * @param \phpseclib3\File\X509 $crl |
2912 | * @param \phpseclib3\File\X509 $crl |
- | 2913 | * @access public |
|
2828 | * @return mixed |
2914 | * @return mixed |
2829 | */ |
2915 | */ |
2830 | public function signCRL($issuer, $crl) |
2916 | public function signCRL($issuer, $crl) |
2831 | { |
2917 | { |
2832 | if (!is_object($issuer->privateKey) || empty($issuer->dn)) { |
2918 | if (!is_object($issuer->privateKey) || empty($issuer->dn)) { |
Line 2953... | Line 3039... | ||
2953 | 3039 | ||
2954 | /** |
3040 | /** |
2955 | * Identify signature algorithm from key settings |
3041 | * Identify signature algorithm from key settings |
2956 | * |
3042 | * |
2957 | * @param PrivateKey $key |
3043 | * @param PrivateKey $key |
- | 3044 | * @access private |
|
2958 | * @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported |
3045 | * @throws \phpseclib3\Exception\UnsupportedAlgorithmException if the algorithm is unsupported |
2959 | * @return string |
3046 | * @return string |
2960 | */ |
3047 | */ |
2961 | private static function identifySignatureAlgorithm(PrivateKey $key) |
3048 | private static function identifySignatureAlgorithm(PrivateKey $key) |
2962 | { |
3049 | { |
Line 3009... | Line 3096... | ||
3009 | 3096 | ||
3010 | /** |
3097 | /** |
3011 | * Set certificate start date |
3098 | * Set certificate start date |
3012 | * |
3099 | * |
3013 | * @param \DateTimeInterface|string $date |
3100 | * @param \DateTimeInterface|string $date |
- | 3101 | * @access public |
|
3014 | */ |
3102 | */ |
3015 | public function setStartDate($date) |
3103 | public function setStartDate($date) |
3016 | { |
3104 | { |
3017 | if (!is_object($date) || !($date instanceof \DateTimeInterface)) { |
3105 | if (!is_object($date) || !($date instanceof \DateTimeInterface)) { |
3018 | $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); |
3106 | $date = new \DateTimeImmutable($date, new \DateTimeZone(@date_default_timezone_get())); |
Line 3023... | Line 3111... | ||
3023 | 3111 | ||
3024 | /** |
3112 | /** |
3025 | * Set certificate end date |
3113 | * Set certificate end date |
3026 | * |
3114 | * |
3027 | * @param \DateTimeInterface|string $date |
3115 | * @param \DateTimeInterface|string $date |
- | 3116 | * @access public |
|
3028 | */ |
3117 | */ |
3029 | public function setEndDate($date) |
3118 | public function setEndDate($date) |
3030 | { |
3119 | { |
3031 | /* |
3120 | /* |
3032 | To indicate that a certificate has no well-defined expiration date, |
3121 | To indicate that a certificate has no well-defined expiration date, |
Line 3051... | Line 3140... | ||
3051 | /** |
3140 | /** |
3052 | * Set Serial Number |
3141 | * Set Serial Number |
3053 | * |
3142 | * |
3054 | * @param string $serial |
3143 | * @param string $serial |
3055 | * @param int $base optional |
3144 | * @param int $base optional |
- | 3145 | * @access public |
|
3056 | */ |
3146 | */ |
3057 | public function setSerialNumber($serial, $base = -256) |
3147 | public function setSerialNumber($serial, $base = -256) |
3058 | { |
3148 | { |
3059 | $this->serialNumber = new BigInteger($serial, $base); |
3149 | $this->serialNumber = new BigInteger($serial, $base); |
3060 | } |
3150 | } |
3061 | 3151 | ||
3062 | /** |
3152 | /** |
3063 | * Turns the certificate into a certificate authority |
3153 | * Turns the certificate into a certificate authority |
3064 | * |
3154 | * |
- | 3155 | * @access public |
|
3065 | */ |
3156 | */ |
3066 | public function makeCA() |
3157 | public function makeCA() |
3067 | { |
3158 | { |
3068 | $this->caFlag = true; |
3159 | $this->caFlag = true; |
3069 | } |
3160 | } |
Line 3076... | Line 3167... | ||
3076 | * a potentially large array by passing its reference by-value to is_array(). |
3167 | * a potentially large array by passing its reference by-value to is_array(). |
3077 | * |
3168 | * |
3078 | * @param array $root |
3169 | * @param array $root |
3079 | * @param string $path |
3170 | * @param string $path |
3080 | * @return boolean |
3171 | * @return boolean |
- | 3172 | * @access private |
|
3081 | */ |
3173 | */ |
3082 | private function isSubArrayValid($root, $path) |
3174 | private function isSubArrayValid($root, $path) |
3083 | { |
3175 | { |
3084 | if (!is_array($root)) { |
3176 | if (!is_array($root)) { |
3085 | return false; |
3177 | return false; |
Line 3111... | Line 3203... | ||
3111 | * creates a copy. If $root is an especially large array, this is expensive. |
3203 | * creates a copy. If $root is an especially large array, this is expensive. |
3112 | * |
3204 | * |
3113 | * @param array $root |
3205 | * @param array $root |
3114 | * @param string $path absolute path with / as component separator |
3206 | * @param string $path absolute path with / as component separator |
3115 | * @param bool $create optional |
3207 | * @param bool $create optional |
- | 3208 | * @access private |
|
3116 | * @return array|false |
3209 | * @return array|false |
3117 | */ |
3210 | */ |
3118 | private function &subArrayUnchecked(&$root, $path, $create = false) |
3211 | private function &subArrayUnchecked(&$root, $path, $create = false) |
3119 | { |
3212 | { |
3120 | $false = false; |
3213 | $false = false; |
Line 3138... | Line 3231... | ||
3138 | * Get a reference to a subarray |
3231 | * Get a reference to a subarray |
3139 | * |
3232 | * |
3140 | * @param array $root |
3233 | * @param array $root |
3141 | * @param string $path absolute path with / as component separator |
3234 | * @param string $path absolute path with / as component separator |
3142 | * @param bool $create optional |
3235 | * @param bool $create optional |
- | 3236 | * @access private |
|
3143 | * @return array|false |
3237 | * @return array|false |
3144 | */ |
3238 | */ |
3145 | private function &subArray(&$root, $path, $create = false) |
3239 | private function &subArray(&$root, $path, $create = false) |
3146 | { |
3240 | { |
3147 | $false = false; |
3241 | $false = false; |
Line 3173... | Line 3267... | ||
3173 | * Get a reference to an extension subarray |
3267 | * Get a reference to an extension subarray |
3174 | * |
3268 | * |
3175 | * @param array $root |
3269 | * @param array $root |
3176 | * @param string $path optional absolute path with / as component separator |
3270 | * @param string $path optional absolute path with / as component separator |
3177 | * @param bool $create optional |
3271 | * @param bool $create optional |
- | 3272 | * @access private |
|
3178 | * @return array|false |
3273 | * @return array|false |
3179 | */ |
3274 | */ |
3180 | private function &extensions(&$root, $path = null, $create = false) |
3275 | private function &extensions(&$root, $path = null, $create = false) |
3181 | { |
3276 | { |
3182 | if (!isset($root)) { |
3277 | if (!isset($root)) { |
Line 3226... | Line 3321... | ||
3226 | /** |
3321 | /** |
3227 | * Remove an Extension |
3322 | * Remove an Extension |
3228 | * |
3323 | * |
3229 | * @param string $id |
3324 | * @param string $id |
3230 | * @param string $path optional |
3325 | * @param string $path optional |
- | 3326 | * @access private |
|
3231 | * @return bool |
3327 | * @return bool |
3232 | */ |
3328 | */ |
3233 | private function removeExtensionHelper($id, $path = null) |
3329 | private function removeExtensionHelper($id, $path = null) |
3234 | { |
3330 | { |
3235 | $extensions = &$this->extensions($this->currentCert, $path); |
3331 | $extensions = &$this->extensions($this->currentCert, $path); |
Line 3260... | Line 3356... | ||
3260 | * Returns the extension if it exists and false if not |
3356 | * Returns the extension if it exists and false if not |
3261 | * |
3357 | * |
3262 | * @param string $id |
3358 | * @param string $id |
3263 | * @param array $cert optional |
3359 | * @param array $cert optional |
3264 | * @param string $path optional |
3360 | * @param string $path optional |
- | 3361 | * @access private |
|
3265 | * @return mixed |
3362 | * @return mixed |
3266 | */ |
3363 | */ |
3267 | private function getExtensionHelper($id, $cert = null, $path = null) |
3364 | private function getExtensionHelper($id, $cert = null, $path = null) |
3268 | { |
3365 | { |
3269 | $extensions = $this->extensions($cert, $path); |
3366 | $extensions = $this->extensions($cert, $path); |
Line 3284... | Line 3381... | ||
3284 | /** |
3381 | /** |
3285 | * Returns a list of all extensions in use |
3382 | * Returns a list of all extensions in use |
3286 | * |
3383 | * |
3287 | * @param array $cert optional |
3384 | * @param array $cert optional |
3288 | * @param string $path optional |
3385 | * @param string $path optional |
- | 3386 | * @access private |
|
3289 | * @return array |
3387 | * @return array |
3290 | */ |
3388 | */ |
3291 | private function getExtensionsHelper($cert = null, $path = null) |
3389 | private function getExtensionsHelper($cert = null, $path = null) |
3292 | { |
3390 | { |
3293 | $exts = $this->extensions($cert, $path); |
3391 | $exts = $this->extensions($cert, $path); |
Line 3308... | Line 3406... | ||
3308 | * @param string $id |
3406 | * @param string $id |
3309 | * @param mixed $value |
3407 | * @param mixed $value |
3310 | * @param bool $critical optional |
3408 | * @param bool $critical optional |
3311 | * @param bool $replace optional |
3409 | * @param bool $replace optional |
3312 | * @param string $path optional |
3410 | * @param string $path optional |
- | 3411 | * @access private |
|
3313 | * @return bool |
3412 | * @return bool |
3314 | */ |
3413 | */ |
3315 | private function setExtensionHelper($id, $value, $critical = false, $replace = true, $path = null) |
3414 | private function setExtensionHelper($id, $value, $critical = false, $replace = true, $path = null) |
3316 | { |
3415 | { |
3317 | $extensions = &$this->extensions($this->currentCert, $path, true); |
3416 | $extensions = &$this->extensions($this->currentCert, $path, true); |
Line 3339... | Line 3438... | ||
3339 | 3438 | ||
3340 | /** |
3439 | /** |
3341 | * Remove a certificate, CSR or CRL Extension |
3440 | * Remove a certificate, CSR or CRL Extension |
3342 | * |
3441 | * |
3343 | * @param string $id |
3442 | * @param string $id |
- | 3443 | * @access public |
|
3344 | * @return bool |
3444 | * @return bool |
3345 | */ |
3445 | */ |
3346 | public function removeExtension($id) |
3446 | public function removeExtension($id) |
3347 | { |
3447 | { |
3348 | return $this->removeExtensionHelper($id); |
3448 | return $this->removeExtensionHelper($id); |
Line 3354... | Line 3454... | ||
3354 | * Returns the extension if it exists and false if not |
3454 | * Returns the extension if it exists and false if not |
3355 | * |
3455 | * |
3356 | * @param string $id |
3456 | * @param string $id |
3357 | * @param array $cert optional |
3457 | * @param array $cert optional |
3358 | * @param string $path |
3458 | * @param string $path |
- | 3459 | * @access public |
|
3359 | * @return mixed |
3460 | * @return mixed |
3360 | */ |
3461 | */ |
3361 | public function getExtension($id, $cert = null, $path = null) |
3462 | public function getExtension($id, $cert = null, $path = null) |
3362 | { |
3463 | { |
3363 | return $this->getExtensionHelper($id, $cert, $path); |
3464 | return $this->getExtensionHelper($id, $cert, $path); |
Line 3366... | Line 3467... | ||
3366 | /** |
3467 | /** |
3367 | * Returns a list of all extensions in use in certificate, CSR or CRL |
3468 | * Returns a list of all extensions in use in certificate, CSR or CRL |
3368 | * |
3469 | * |
3369 | * @param array $cert optional |
3470 | * @param array $cert optional |
3370 | * @param string $path optional |
3471 | * @param string $path optional |
- | 3472 | * @access public |
|
3371 | * @return array |
3473 | * @return array |
3372 | */ |
3474 | */ |
3373 | public function getExtensions($cert = null, $path = null) |
3475 | public function getExtensions($cert = null, $path = null) |
3374 | { |
3476 | { |
3375 | return $this->getExtensionsHelper($cert, $path); |
3477 | return $this->getExtensionsHelper($cert, $path); |
Line 3380... | Line 3482... | ||
3380 | * |
3482 | * |
3381 | * @param string $id |
3483 | * @param string $id |
3382 | * @param mixed $value |
3484 | * @param mixed $value |
3383 | * @param bool $critical optional |
3485 | * @param bool $critical optional |
3384 | * @param bool $replace optional |
3486 | * @param bool $replace optional |
- | 3487 | * @access public |
|
3385 | * @return bool |
3488 | * @return bool |
3386 | */ |
3489 | */ |
3387 | public function setExtension($id, $value, $critical = false, $replace = true) |
3490 | public function setExtension($id, $value, $critical = false, $replace = true) |
3388 | { |
3491 | { |
3389 | return $this->setExtensionHelper($id, $value, $critical, $replace); |
3492 | return $this->setExtensionHelper($id, $value, $critical, $replace); |
Line 3392... | Line 3495... | ||
3392 | /** |
3495 | /** |
3393 | * Remove a CSR attribute. |
3496 | * Remove a CSR attribute. |
3394 | * |
3497 | * |
3395 | * @param string $id |
3498 | * @param string $id |
3396 | * @param int $disposition optional |
3499 | * @param int $disposition optional |
- | 3500 | * @access public |
|
3397 | * @return bool |
3501 | * @return bool |
3398 | */ |
3502 | */ |
3399 | public function removeAttribute($id, $disposition = self::ATTR_ALL) |
3503 | public function removeAttribute($id, $disposition = self::ATTR_ALL) |
3400 | { |
3504 | { |
3401 | $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes'); |
3505 | $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes'); |
Line 3442... | Line 3546... | ||
3442 | * Returns the attribute if it exists and false if not |
3546 | * Returns the attribute if it exists and false if not |
3443 | * |
3547 | * |
3444 | * @param string $id |
3548 | * @param string $id |
3445 | * @param int $disposition optional |
3549 | * @param int $disposition optional |
3446 | * @param array $csr optional |
3550 | * @param array $csr optional |
- | 3551 | * @access public |
|
3447 | * @return mixed |
3552 | * @return mixed |
3448 | */ |
3553 | */ |
3449 | public function getAttribute($id, $disposition = self::ATTR_ALL, $csr = null) |
3554 | public function getAttribute($id, $disposition = self::ATTR_ALL, $csr = null) |
3450 | { |
3555 | { |
3451 | if (empty($csr)) { |
3556 | if (empty($csr)) { |
Line 3481... | Line 3586... | ||
3481 | 3586 | ||
3482 | /** |
3587 | /** |
3483 | * Returns a list of all CSR attributes in use |
3588 | * Returns a list of all CSR attributes in use |
3484 | * |
3589 | * |
3485 | * @param array $csr optional |
3590 | * @param array $csr optional |
- | 3591 | * @access public |
|
3486 | * @return array |
3592 | * @return array |
3487 | */ |
3593 | */ |
3488 | public function getAttributes($csr = null) |
3594 | public function getAttributes($csr = null) |
3489 | { |
3595 | { |
3490 | if (empty($csr)) { |
3596 | if (empty($csr)) { |
Line 3507... | Line 3613... | ||
3507 | * Set a CSR attribute |
3613 | * Set a CSR attribute |
3508 | * |
3614 | * |
3509 | * @param string $id |
3615 | * @param string $id |
3510 | * @param mixed $value |
3616 | * @param mixed $value |
3511 | * @param int $disposition optional |
3617 | * @param int $disposition optional |
- | 3618 | * @access public |
|
3512 | * @return bool |
3619 | * @return bool |
3513 | */ |
3620 | */ |
3514 | public function setAttribute($id, $value, $disposition = self::ATTR_ALL) |
3621 | public function setAttribute($id, $value, $disposition = self::ATTR_ALL) |
3515 | { |
3622 | { |
3516 | $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes', true); |
3623 | $attributes = &$this->subArray($this->currentCert, 'certificationRequestInfo/attributes', true); |
Line 3563... | Line 3670... | ||
3563 | * Sets the subject key identifier |
3670 | * Sets the subject key identifier |
3564 | * |
3671 | * |
3565 | * This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions. |
3672 | * This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions. |
3566 | * |
3673 | * |
3567 | * @param string $value |
3674 | * @param string $value |
- | 3675 | * @access public |
|
3568 | */ |
3676 | */ |
3569 | public function setKeyIdentifier($value) |
3677 | public function setKeyIdentifier($value) |
3570 | { |
3678 | { |
3571 | if (empty($value)) { |
3679 | if (empty($value)) { |
3572 | unset($this->currentKeyIdentifier); |
3680 | unset($this->currentKeyIdentifier); |
Line 3588... | Line 3696... | ||
3588 | * - \phpseclib3\File\ASN1\Element object |
3696 | * - \phpseclib3\File\ASN1\Element object |
3589 | * - PEM or DER string |
3697 | * - PEM or DER string |
3590 | * |
3698 | * |
3591 | * @param mixed $key optional |
3699 | * @param mixed $key optional |
3592 | * @param int $method optional |
3700 | * @param int $method optional |
- | 3701 | * @access public |
|
3593 | * @return string binary key identifier |
3702 | * @return string binary key identifier |
3594 | */ |
3703 | */ |
3595 | public function computeKeyIdentifier($key = null, $method = 1) |
3704 | public function computeKeyIdentifier($key = null, $method = 1) |
3596 | { |
3705 | { |
3597 | if (is_null($key)) { |
3706 | if (is_null($key)) { |
Line 3656... | Line 3765... | ||
3656 | } |
3765 | } |
3657 | 3766 | ||
3658 | /** |
3767 | /** |
3659 | * Format a public key as appropriate |
3768 | * Format a public key as appropriate |
3660 | * |
3769 | * |
- | 3770 | * @access private |
|
3661 | * @return array|false |
3771 | * @return array|false |
3662 | */ |
3772 | */ |
3663 | private function formatSubjectPublicKey() |
3773 | private function formatSubjectPublicKey() |
3664 | { |
3774 | { |
3665 | $format = $this->publicKey instanceof RSA && ($this->publicKey->getPadding() & RSA::SIGNATURE_PSS) ? |
3775 | $format = $this->publicKey instanceof RSA && ($this->publicKey->getPadding() & RSA::SIGNATURE_PSS) ? |
Line 3681... | Line 3791... | ||
3681 | 3791 | ||
3682 | /** |
3792 | /** |
3683 | * Set the domain name's which the cert is to be valid for |
3793 | * Set the domain name's which the cert is to be valid for |
3684 | * |
3794 | * |
3685 | * @param mixed ...$domains |
3795 | * @param mixed ...$domains |
- | 3796 | * @access public |
|
3686 | * @return void |
3797 | * @return void |
3687 | */ |
3798 | */ |
3688 | public function setDomain(...$domains) |
3799 | public function setDomain(...$domains) |
3689 | { |
3800 | { |
3690 | $this->domains = $domains; |
3801 | $this->domains = $domains; |
Line 3693... | Line 3804... | ||
3693 | } |
3804 | } |
3694 | 3805 | ||
3695 | /** |
3806 | /** |
3696 | * Set the IP Addresses's which the cert is to be valid for |
3807 | * Set the IP Addresses's which the cert is to be valid for |
3697 | * |
3808 | * |
- | 3809 | * @access public |
|
3698 | * @param mixed[] ...$ipAddresses |
3810 | * @param mixed[] ...$ipAddresses |
3699 | */ |
3811 | */ |
3700 | public function setIPAddress(...$ipAddresses) |
3812 | public function setIPAddress(...$ipAddresses) |
3701 | { |
3813 | { |
3702 | $this->ipAddresses = $ipAddresses; |
3814 | $this->ipAddresses = $ipAddresses; |
Line 3709... | Line 3821... | ||
3709 | } |
3821 | } |
3710 | 3822 | ||
3711 | /** |
3823 | /** |
3712 | * Helper function to build domain array |
3824 | * Helper function to build domain array |
3713 | * |
3825 | * |
- | 3826 | * @access private |
|
3714 | * @param string $domain |
3827 | * @param string $domain |
3715 | * @return array |
3828 | * @return array |
3716 | */ |
3829 | */ |
3717 | private function dnsName($domain) |
3830 | private function dnsName($domain) |
3718 | { |
3831 | { |
Line 3722... | Line 3835... | ||
3722 | /** |
3835 | /** |
3723 | * Helper function to build IP Address array |
3836 | * Helper function to build IP Address array |
3724 | * |
3837 | * |
3725 | * (IPv6 is not currently supported) |
3838 | * (IPv6 is not currently supported) |
3726 | * |
3839 | * |
- | 3840 | * @access private |
|
3727 | * @param string $address |
3841 | * @param string $address |
3728 | * @return array |
3842 | * @return array |
3729 | */ |
3843 | */ |
3730 | private function iPAddress($address) |
3844 | private function iPAddress($address) |
3731 | { |
3845 | { |
Line 3736... | Line 3850... | ||
3736 | * Get the index of a revoked certificate. |
3850 | * Get the index of a revoked certificate. |
3737 | * |
3851 | * |
3738 | * @param array $rclist |
3852 | * @param array $rclist |
3739 | * @param string $serial |
3853 | * @param string $serial |
3740 | * @param bool $create optional |
3854 | * @param bool $create optional |
- | 3855 | * @access private |
|
3741 | * @return int|false |
3856 | * @return int|false |
3742 | */ |
3857 | */ |
3743 | private function revokedCertificate(&$rclist, $serial, $create = false) |
3858 | private function revokedCertificate(&$rclist, $serial, $create = false) |
3744 | { |
3859 | { |
3745 | $serial = new BigInteger($serial); |
3860 | $serial = new BigInteger($serial); |
Line 3764... | Line 3879... | ||
3764 | /** |
3879 | /** |
3765 | * Revoke a certificate. |
3880 | * Revoke a certificate. |
3766 | * |
3881 | * |
3767 | * @param string $serial |
3882 | * @param string $serial |
3768 | * @param string $date optional |
3883 | * @param string $date optional |
- | 3884 | * @access public |
|
3769 | * @return bool |
3885 | * @return bool |
3770 | */ |
3886 | */ |
3771 | public function revoke($serial, $date = null) |
3887 | public function revoke($serial, $date = null) |
3772 | { |
3888 | { |
3773 | if (isset($this->currentCert['tbsCertList'])) { |
3889 | if (isset($this->currentCert['tbsCertList'])) { |
Line 3789... | Line 3905... | ||
3789 | 3905 | ||
3790 | /** |
3906 | /** |
3791 | * Unrevoke a certificate. |
3907 | * Unrevoke a certificate. |
3792 | * |
3908 | * |
3793 | * @param string $serial |
3909 | * @param string $serial |
- | 3910 | * @access public |
|
3794 | * @return bool |
3911 | * @return bool |
3795 | */ |
3912 | */ |
3796 | public function unrevoke($serial) |
3913 | public function unrevoke($serial) |
3797 | { |
3914 | { |
3798 | if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { |
3915 | if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { |
Line 3808... | Line 3925... | ||
3808 | 3925 | ||
3809 | /** |
3926 | /** |
3810 | * Get a revoked certificate. |
3927 | * Get a revoked certificate. |
3811 | * |
3928 | * |
3812 | * @param string $serial |
3929 | * @param string $serial |
- | 3930 | * @access public |
|
3813 | * @return mixed |
3931 | * @return mixed |
3814 | */ |
3932 | */ |
3815 | public function getRevoked($serial) |
3933 | public function getRevoked($serial) |
3816 | { |
3934 | { |
3817 | if (is_array($rclist = $this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { |
3935 | if (is_array($rclist = $this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { |
Line 3825... | Line 3943... | ||
3825 | 3943 | ||
3826 | /** |
3944 | /** |
3827 | * List revoked certificates |
3945 | * List revoked certificates |
3828 | * |
3946 | * |
3829 | * @param array $crl optional |
3947 | * @param array $crl optional |
- | 3948 | * @access public |
|
3830 | * @return array|bool |
3949 | * @return array|bool |
3831 | */ |
3950 | */ |
3832 | public function listRevoked($crl = null) |
3951 | public function listRevoked($crl = null) |
3833 | { |
3952 | { |
3834 | if (!isset($crl)) { |
3953 | if (!isset($crl)) { |
Line 3853... | Line 3972... | ||
3853 | /** |
3972 | /** |
3854 | * Remove a Revoked Certificate Extension |
3973 | * Remove a Revoked Certificate Extension |
3855 | * |
3974 | * |
3856 | * @param string $serial |
3975 | * @param string $serial |
3857 | * @param string $id |
3976 | * @param string $id |
- | 3977 | * @access public |
|
3858 | * @return bool |
3978 | * @return bool |
3859 | */ |
3979 | */ |
3860 | public function removeRevokedCertificateExtension($serial, $id) |
3980 | public function removeRevokedCertificateExtension($serial, $id) |
3861 | { |
3981 | { |
3862 | if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { |
3982 | if (is_array($rclist = &$this->subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { |
Line 3874... | Line 3994... | ||
3874 | * Returns the extension if it exists and false if not |
3994 | * Returns the extension if it exists and false if not |
3875 | * |
3995 | * |
3876 | * @param string $serial |
3996 | * @param string $serial |
3877 | * @param string $id |
3997 | * @param string $id |
3878 | * @param array $crl optional |
3998 | * @param array $crl optional |
- | 3999 | * @access public |
|
3879 | * @return mixed |
4000 | * @return mixed |
3880 | */ |
4001 | */ |
3881 | public function getRevokedCertificateExtension($serial, $id, $crl = null) |
4002 | public function getRevokedCertificateExtension($serial, $id, $crl = null) |
3882 | { |
4003 | { |
3883 | if (!isset($crl)) { |
4004 | if (!isset($crl)) { |
Line 3896... | Line 4017... | ||
3896 | /** |
4017 | /** |
3897 | * Returns a list of all extensions in use for a given revoked certificate |
4018 | * Returns a list of all extensions in use for a given revoked certificate |
3898 | * |
4019 | * |
3899 | * @param string $serial |
4020 | * @param string $serial |
3900 | * @param array $crl optional |
4021 | * @param array $crl optional |
- | 4022 | * @access public |
|
3901 | * @return array|bool |
4023 | * @return array|bool |
3902 | */ |
4024 | */ |
3903 | public function getRevokedCertificateExtensions($serial, $crl = null) |
4025 | public function getRevokedCertificateExtensions($serial, $crl = null) |
3904 | { |
4026 | { |
3905 | if (!isset($crl)) { |
4027 | if (!isset($crl)) { |
Line 3921... | Line 4043... | ||
3921 | * @param string $serial |
4043 | * @param string $serial |
3922 | * @param string $id |
4044 | * @param string $id |
3923 | * @param mixed $value |
4045 | * @param mixed $value |
3924 | * @param bool $critical optional |
4046 | * @param bool $critical optional |
3925 | * @param bool $replace optional |
4047 | * @param bool $replace optional |
- | 4048 | * @access public |
|
3926 | * @return bool |
4049 | * @return bool |
3927 | */ |
4050 | */ |
3928 | public function setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true) |
4051 | public function setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true) |
3929 | { |
4052 | { |
3930 | if (isset($this->currentCert['tbsCertList'])) { |
4053 | if (isset($this->currentCert['tbsCertList'])) { |