1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace NFePHP\Common; |
4
|
|
|
|
5
|
|
|
/** |
6
|
|
|
* Certificate class for management and use of digital certificates A1 (PKCS # 12) |
7
|
|
|
* @category NFePHP |
8
|
|
|
* @package NFePHP\Common\Certificate |
9
|
|
|
* @copyright Copyright (c) 2008-2017 |
10
|
|
|
* @license http://www.gnu.org/licenses/lesser.html LGPL v3 |
11
|
|
|
* @author Antonio Spinelli <tonicospinelli85 at gmail dot com> |
12
|
|
|
* @link http://github.com/nfephp-org/sped-common for the canonical source repository |
13
|
|
|
*/ |
14
|
|
|
|
15
|
|
|
use NFePHP\Common\Certificate\PrivateKey; |
16
|
|
|
use NFePHP\Common\Certificate\PublicKey; |
17
|
|
|
use NFePHP\Common\Certificate\CertificationChain; |
18
|
|
|
use NFePHP\Common\Certificate\SignatureInterface; |
19
|
|
|
use NFePHP\Common\Certificate\VerificationInterface; |
20
|
|
|
use NFePHP\Common\Exception\CertificateException; |
21
|
|
|
|
22
|
|
|
class Certificate implements SignatureInterface, VerificationInterface |
23
|
|
|
{ |
24
|
|
|
/** |
25
|
|
|
* @var \NFePHP\Common\Certificate\PrivateKey |
26
|
|
|
*/ |
27
|
|
|
public $privateKey; |
28
|
|
|
|
29
|
|
|
/** |
30
|
|
|
* @var \NFePHP\Common\Certificate\PublicKey |
31
|
|
|
*/ |
32
|
|
|
public $publicKey; |
33
|
|
|
|
34
|
|
|
/** |
35
|
|
|
* @var \NFePHP\Common\Certificate\CertificationChain |
36
|
|
|
*/ |
37
|
|
|
public $chainKeys; |
38
|
|
|
|
39
|
|
|
/** |
40
|
|
|
* Constructor |
41
|
|
|
* @param \NFePHP\Common\Certificate\PrivateKey $privateKey |
42
|
|
|
* @param \NFePHP\Common\Certificate\PublicKey $publicKey |
43
|
|
|
* @param \NFePHP\Common\Certificate\CertificationChain $chainKeys |
44
|
|
|
*/ |
45
|
7 |
|
public function __construct(PrivateKey $privateKey, PublicKey $publicKey, CertificationChain $chainKeys) |
46
|
|
|
{ |
47
|
7 |
|
$this->privateKey = $privateKey; |
48
|
7 |
|
$this->publicKey = $publicKey; |
49
|
7 |
|
$this->chainKeys = $chainKeys; |
50
|
7 |
|
} |
51
|
|
|
|
52
|
|
|
/** |
53
|
|
|
* Read PFX and return this class |
54
|
|
|
* @param string $content |
55
|
|
|
* @param string $password |
56
|
|
|
* @return \NFePHP\Common\Certificate |
57
|
|
|
* @throws CertificateException |
58
|
|
|
*/ |
59
|
6 |
|
public static function readPfx($content, $password) |
60
|
|
|
{ |
61
|
6 |
|
$certs = []; |
62
|
6 |
|
if (!openssl_pkcs12_read($content, $certs, $password)) { |
63
|
1 |
|
throw CertificateException::unableToRead(); |
64
|
|
|
} |
65
|
5 |
|
$chain = ''; |
66
|
5 |
|
if (!empty($certs['extracerts'])) { |
67
|
5 |
|
foreach ($certs['extracerts'] as $ec) { |
68
|
5 |
|
$chain .= $ec; |
69
|
|
|
} |
70
|
|
|
} |
71
|
5 |
|
return new static( |
72
|
5 |
|
new PrivateKey($certs['pkey']), |
73
|
5 |
|
new PublicKey($certs['cert']), |
74
|
5 |
|
new CertificationChain($chain) |
75
|
|
|
); |
76
|
|
|
} |
77
|
|
|
|
78
|
|
|
/** |
79
|
|
|
* Returns a PFX string with certification chain if exists |
80
|
|
|
* @param string $password |
81
|
|
|
* @return string |
82
|
|
|
*/ |
83
|
|
|
public function writePfx($password) |
84
|
|
|
{ |
85
|
|
|
$password = trim($password); |
86
|
|
|
if (empty($password)) { |
87
|
|
|
return ''; |
88
|
|
|
} |
89
|
|
|
$x509_cert = openssl_x509_read("{$this->publicKey}"); |
90
|
|
|
$privateKey_resource = openssl_pkey_get_private("{$this->privateKey}"); |
91
|
|
|
$pfxstring = ''; |
92
|
|
|
openssl_pkcs12_export( |
93
|
|
|
$x509_cert, |
94
|
|
|
$pfxstring, |
95
|
|
|
$privateKey_resource, |
96
|
|
|
$password, |
97
|
|
|
$this->chainKeys->getExtraCertsForPFX() |
98
|
|
|
); |
99
|
|
|
return $pfxstring; |
100
|
|
|
} |
101
|
|
|
|
102
|
|
|
/** |
103
|
|
|
* Gets company name. |
104
|
|
|
* @return string |
105
|
|
|
*/ |
106
|
2 |
|
public function getCompanyName() |
107
|
|
|
{ |
108
|
2 |
|
return $this->publicKey->commonName; |
109
|
|
|
} |
110
|
|
|
|
111
|
|
|
/** |
112
|
|
|
* Gets start date. |
113
|
|
|
* @return \DateTime Returns start date. |
114
|
|
|
*/ |
115
|
3 |
|
public function getValidFrom() |
116
|
|
|
{ |
117
|
3 |
|
return $this->publicKey->validFrom; |
118
|
|
|
} |
119
|
|
|
|
120
|
|
|
/** |
121
|
|
|
* Gets end date. |
122
|
|
|
* @return \DateTime Returns end date. |
123
|
|
|
*/ |
124
|
2 |
|
public function getValidTo() |
125
|
|
|
{ |
126
|
2 |
|
return $this->publicKey->validTo; |
127
|
|
|
} |
128
|
|
|
|
129
|
|
|
/** |
130
|
|
|
* Check if certificate has been expired. |
131
|
|
|
* @return bool Returns true when it is truth, otherwise false. |
132
|
|
|
*/ |
133
|
3 |
|
public function isExpired() |
134
|
|
|
{ |
135
|
3 |
|
return $this->publicKey->isExpired(); |
136
|
|
|
} |
137
|
|
|
|
138
|
|
|
/** |
139
|
|
|
* Gets CNPJ by OID '2.16.76.1.3.3' from ASN.1 certificate struture |
140
|
|
|
* @return string |
141
|
|
|
*/ |
142
|
|
|
public function getCnpj() |
143
|
|
|
{ |
144
|
|
|
return $this->publicKey->cnpj(); |
145
|
|
|
} |
146
|
|
|
|
147
|
|
|
/** |
148
|
|
|
* Gets CPF by OID '2.16.76.1.3.1' from ASN.1 certificate struture |
149
|
|
|
* @return string |
150
|
|
|
*/ |
151
|
|
|
public function getCpf() |
152
|
|
|
{ |
153
|
|
|
return $this->publicKey->cpf(); |
154
|
|
|
} |
155
|
|
|
|
156
|
|
|
/** |
157
|
|
|
* {@inheritdoc} |
158
|
|
|
*/ |
159
|
3 |
|
public function sign($content, $algorithm = OPENSSL_ALGO_SHA1) |
160
|
|
|
{ |
161
|
3 |
|
return $this->privateKey->sign($content, $algorithm); |
162
|
|
|
} |
163
|
|
|
|
164
|
|
|
/** |
165
|
|
|
* {@inheritdoc} |
166
|
|
|
*/ |
167
|
2 |
|
public function verify($data, $signature, $algorithm = OPENSSL_ALGO_SHA1) |
168
|
|
|
{ |
169
|
2 |
|
return $this->publicKey->verify($data, $signature, $algorithm); |
170
|
|
|
} |
171
|
|
|
|
172
|
|
|
/** |
173
|
|
|
* Returns public key and chain in PEM format |
174
|
|
|
* @return string |
175
|
|
|
*/ |
176
|
1 |
|
public function __toString() |
177
|
|
|
{ |
178
|
1 |
|
$chainKeys = ''; |
179
|
1 |
|
if ($this->chainKeys != null) { |
180
|
1 |
|
$chainKeys = "{$this->chainKeys}"; |
181
|
|
|
} |
182
|
1 |
|
return "{$this->publicKey}{$chainKeys}"; |
183
|
|
|
} |
184
|
|
|
} |
185
|
|
|
|