sop /
x509
| @@ 19-174 (lines=156) @@ | ||
| 16 | * |
|
| 17 | * @link https://tools.ietf.org/html/rfc5755#section-4.1 |
|
| 18 | */ |
|
| 19 | class AttributeCertificate |
|
| 20 | { |
|
| 21 | /** |
|
| 22 | * Attribute certificate info. |
|
| 23 | * |
|
| 24 | * @var AttributeCertificateInfo $_acinfo |
|
| 25 | */ |
|
| 26 | protected $_acinfo; |
|
| 27 | ||
| 28 | /** |
|
| 29 | * Signature algorithm identifier. |
|
| 30 | * |
|
| 31 | * @var SignatureAlgorithmIdentifier $_signatureAlgorithm |
|
| 32 | */ |
|
| 33 | protected $_signatureAlgorithm; |
|
| 34 | ||
| 35 | /** |
|
| 36 | * Signature value. |
|
| 37 | * |
|
| 38 | * @var Signature $_signatureValue |
|
| 39 | */ |
|
| 40 | protected $_signatureValue; |
|
| 41 | ||
| 42 | /** |
|
| 43 | * Constructor |
|
| 44 | * |
|
| 45 | * @param AttributeCertificateInfo $acinfo |
|
| 46 | * @param SignatureAlgorithmIdentifier $algo |
|
| 47 | * @param Signature $signature |
|
| 48 | */ |
|
| 49 | public function __construct(AttributeCertificateInfo $acinfo, |
|
| 50 | SignatureAlgorithmIdentifier $algo, Signature $signature) { |
|
| 51 | $this->_acinfo = $acinfo; |
|
| 52 | $this->_signatureAlgorithm = $algo; |
|
| 53 | $this->_signatureValue = $signature; |
|
| 54 | } |
|
| 55 | ||
| 56 | /** |
|
| 57 | * Initialize from ASN.1. |
|
| 58 | * |
|
| 59 | * @param Sequence $seq |
|
| 60 | * @return self |
|
| 61 | */ |
|
| 62 | public static function fromASN1(Sequence $seq) { |
|
| 63 | $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence()); |
|
| 64 | $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence()); |
|
| 65 | if (!$algo instanceof SignatureAlgorithmIdentifier) { |
|
| 66 | throw new \UnexpectedValueException( |
|
| 67 | "Unsupported signature algorithm " . $algo->oid() . "."); |
|
| 68 | } |
|
| 69 | $signature = Signature::fromASN1($seq->at(2)->asBitString()); |
|
| 70 | return new self($acinfo, $algo, $signature); |
|
| 71 | } |
|
| 72 | ||
| 73 | /** |
|
| 74 | * Initialize from DER data. |
|
| 75 | * |
|
| 76 | * @param string $data |
|
| 77 | * @return self |
|
| 78 | */ |
|
| 79 | public static function fromDER($data) { |
|
| 80 | return self::fromASN1(Sequence::fromDER($data)); |
|
| 81 | } |
|
| 82 | ||
| 83 | /** |
|
| 84 | * Initialize from PEM. |
|
| 85 | * |
|
| 86 | * @param PEM $pem |
|
| 87 | * @throws \UnexpectedValueException |
|
| 88 | * @return self |
|
| 89 | */ |
|
| 90 | public static function fromPEM(PEM $pem) { |
|
| 91 | if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) { |
|
| 92 | throw new \UnexpectedValueException("Invalid PEM type."); |
|
| 93 | } |
|
| 94 | return self::fromDER($pem->data()); |
|
| 95 | } |
|
| 96 | ||
| 97 | /** |
|
| 98 | * Get attribute certificate info. |
|
| 99 | * |
|
| 100 | * @return AttributeCertificateInfo |
|
| 101 | */ |
|
| 102 | public function acinfo() { |
|
| 103 | return $this->_acinfo; |
|
| 104 | } |
|
| 105 | ||
| 106 | /** |
|
| 107 | * Get signature algorithm identifier. |
|
| 108 | * |
|
| 109 | * @return SignatureAlgorithmIdentifier |
|
| 110 | */ |
|
| 111 | public function signatureAlgorithm() { |
|
| 112 | return $this->_signatureAlgorithm; |
|
| 113 | } |
|
| 114 | ||
| 115 | /** |
|
| 116 | * Get signature value. |
|
| 117 | * |
|
| 118 | * @return Signature |
|
| 119 | */ |
|
| 120 | public function signatureValue() { |
|
| 121 | return $this->_signatureValue; |
|
| 122 | } |
|
| 123 | ||
| 124 | /** |
|
| 125 | * Get ASN.1 structure. |
|
| 126 | * |
|
| 127 | * @return Sequence |
|
| 128 | */ |
|
| 129 | public function toASN1() { |
|
| 130 | return new Sequence($this->_acinfo->toASN1(), |
|
| 131 | $this->_signatureAlgorithm->toASN1(), |
|
| 132 | $this->_signatureValue->toBitString()); |
|
| 133 | } |
|
| 134 | ||
| 135 | /** |
|
| 136 | * Get attribute certificate as a DER. |
|
| 137 | * |
|
| 138 | * @return string |
|
| 139 | */ |
|
| 140 | public function toDER() { |
|
| 141 | return $this->toASN1()->toDER(); |
|
| 142 | } |
|
| 143 | ||
| 144 | /** |
|
| 145 | * Get attribute certificate as a PEM. |
|
| 146 | * |
|
| 147 | * @return PEM |
|
| 148 | */ |
|
| 149 | public function toPEM() { |
|
| 150 | return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER()); |
|
| 151 | } |
|
| 152 | ||
| 153 | /** |
|
| 154 | * Verify signature. |
|
| 155 | * |
|
| 156 | * @param Crypto $crypto |
|
| 157 | * @param PublicKeyInfo $pubkey_info Signer's public key |
|
| 158 | * @return bool |
|
| 159 | */ |
|
| 160 | public function verify(Crypto $crypto, PublicKeyInfo $pubkey_info) { |
|
| 161 | $data = $this->_acinfo->toASN1()->toDER(); |
|
| 162 | return $crypto->verify($data, $this->_signatureValue, $pubkey_info, |
|
| 163 | $this->_signatureAlgorithm); |
|
| 164 | } |
|
| 165 | ||
| 166 | /** |
|
| 167 | * Get attribute certificate as a PEM formatted string. |
|
| 168 | * |
|
| 169 | * @return string |
|
| 170 | */ |
|
| 171 | public function __toString() { |
|
| 172 | return $this->toPEM()->string(); |
|
| 173 | } |
|
| 174 | } |
|
| 175 | ||
| @@ 18-173 (lines=156) @@ | ||
| 15 | * |
|
| 16 | * @link https://tools.ietf.org/html/rfc2986#section-4 |
|
| 17 | */ |
|
| 18 | class CertificationRequest |
|
| 19 | { |
|
| 20 | /** |
|
| 21 | * Certification request info. |
|
| 22 | * |
|
| 23 | * @var CertificationRequestInfo $_certificationRequestInfo |
|
| 24 | */ |
|
| 25 | protected $_certificationRequestInfo; |
|
| 26 | ||
| 27 | /** |
|
| 28 | * Signature algorithm. |
|
| 29 | * |
|
| 30 | * @var SignatureAlgorithmIdentifier $_signatureAlgorithm |
|
| 31 | */ |
|
| 32 | protected $_signatureAlgorithm; |
|
| 33 | ||
| 34 | /** |
|
| 35 | * Signature. |
|
| 36 | * |
|
| 37 | * @var Signature $_signature |
|
| 38 | */ |
|
| 39 | protected $_signature; |
|
| 40 | ||
| 41 | /** |
|
| 42 | * Constructor |
|
| 43 | * |
|
| 44 | * @param CertificationRequestInfo $info |
|
| 45 | * @param SignatureAlgorithmIdentifier $algo |
|
| 46 | * @param Signature $signature |
|
| 47 | */ |
|
| 48 | public function __construct(CertificationRequestInfo $info, |
|
| 49 | SignatureAlgorithmIdentifier $algo, Signature $signature) { |
|
| 50 | $this->_certificationRequestInfo = $info; |
|
| 51 | $this->_signatureAlgorithm = $algo; |
|
| 52 | $this->_signature = $signature; |
|
| 53 | } |
|
| 54 | ||
| 55 | /** |
|
| 56 | * Initialize from ASN.1. |
|
| 57 | * |
|
| 58 | * @param Sequence $seq |
|
| 59 | * @return self |
|
| 60 | */ |
|
| 61 | public static function fromASN1(Sequence $seq) { |
|
| 62 | $info = CertificationRequestInfo::fromASN1($seq->at(0)->asSequence()); |
|
| 63 | $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence()); |
|
| 64 | if (!$algo instanceof SignatureAlgorithmIdentifier) { |
|
| 65 | throw new \UnexpectedValueException( |
|
| 66 | "Unsupported signature algorithm " . $algo->oid() . "."); |
|
| 67 | } |
|
| 68 | $signature = Signature::fromASN1($seq->at(2)->asBitString()); |
|
| 69 | return new self($info, $algo, $signature); |
|
| 70 | } |
|
| 71 | ||
| 72 | /** |
|
| 73 | * Initialize from DER. |
|
| 74 | * |
|
| 75 | * @param string $data |
|
| 76 | * @return self |
|
| 77 | */ |
|
| 78 | public static function fromDER($data) { |
|
| 79 | return self::fromASN1(Sequence::fromDER($data)); |
|
| 80 | } |
|
| 81 | ||
| 82 | /** |
|
| 83 | * Initialize from PEM. |
|
| 84 | * |
|
| 85 | * @param PEM $pem |
|
| 86 | * @throws \UnexpectedValueException |
|
| 87 | * @return self |
|
| 88 | */ |
|
| 89 | public static function fromPEM(PEM $pem) { |
|
| 90 | if ($pem->type() !== PEM::TYPE_CERTIFICATE_REQUEST) { |
|
| 91 | throw new \UnexpectedValueException("Invalid PEM type."); |
|
| 92 | } |
|
| 93 | return self::fromDER($pem->data()); |
|
| 94 | } |
|
| 95 | ||
| 96 | /** |
|
| 97 | * Get certification request info. |
|
| 98 | * |
|
| 99 | * @return CertificationRequestInfo |
|
| 100 | */ |
|
| 101 | public function certificationRequestInfo() { |
|
| 102 | return $this->_certificationRequestInfo; |
|
| 103 | } |
|
| 104 | ||
| 105 | /** |
|
| 106 | * Get signature algorithm. |
|
| 107 | * |
|
| 108 | * @return SignatureAlgorithmIdentifier |
|
| 109 | */ |
|
| 110 | public function signatureAlgorithm() { |
|
| 111 | return $this->_signatureAlgorithm; |
|
| 112 | } |
|
| 113 | ||
| 114 | /** |
|
| 115 | * Get signature. |
|
| 116 | * |
|
| 117 | * @return Signature |
|
| 118 | */ |
|
| 119 | public function signature() { |
|
| 120 | return $this->_signature; |
|
| 121 | } |
|
| 122 | ||
| 123 | /** |
|
| 124 | * Generate ASN.1 structure. |
|
| 125 | * |
|
| 126 | * @return Sequence |
|
| 127 | */ |
|
| 128 | public function toASN1() { |
|
| 129 | return new Sequence($this->_certificationRequestInfo->toASN1(), |
|
| 130 | $this->_signatureAlgorithm->toASN1(), |
|
| 131 | $this->_signature->toBitString()); |
|
| 132 | } |
|
| 133 | ||
| 134 | /** |
|
| 135 | * Get certification request as a DER. |
|
| 136 | * |
|
| 137 | * @return string |
|
| 138 | */ |
|
| 139 | public function toDER() { |
|
| 140 | return $this->toASN1()->toDER(); |
|
| 141 | } |
|
| 142 | ||
| 143 | /** |
|
| 144 | * Get certification request as a PEM. |
|
| 145 | * |
|
| 146 | * @return PEM |
|
| 147 | */ |
|
| 148 | public function toPEM() { |
|
| 149 | return new PEM(PEM::TYPE_CERTIFICATE_REQUEST, $this->toDER()); |
|
| 150 | } |
|
| 151 | ||
| 152 | /** |
|
| 153 | * Verify certification request signature. |
|
| 154 | * |
|
| 155 | * @param Crypto $crypto |
|
| 156 | * @return bool True if signature matches |
|
| 157 | */ |
|
| 158 | public function verify(Crypto $crypto) { |
|
| 159 | $data = $this->_certificationRequestInfo->toASN1()->toDER(); |
|
| 160 | $pk_info = $this->_certificationRequestInfo->subjectPKInfo(); |
|
| 161 | return $crypto->verify($data, $this->_signature, $pk_info, |
|
| 162 | $this->_signatureAlgorithm); |
|
| 163 | } |
|
| 164 | ||
| 165 | /** |
|
| 166 | * Get certification request as a PEM formatted string. |
|
| 167 | * |
|
| 168 | * @return string |
|
| 169 | */ |
|
| 170 | public function __toString() { |
|
| 171 | return $this->toPEM()->string(); |
|
| 172 | } |
|
| 173 | } |
|
| 174 | ||
