These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Create certification authority certificate. |
||
4 | * |
||
5 | * php create-ca-cert.php |
||
6 | */ |
||
7 | |||
8 | use Sop\CryptoEncoding\PEM; |
||
9 | use Sop\CryptoTypes\AlgorithmIdentifier\Hash\SHA256AlgorithmIdentifier; |
||
10 | use Sop\CryptoTypes\AlgorithmIdentifier\Signature\SignatureAlgorithmIdentifierFactory; |
||
11 | use Sop\CryptoTypes\Asymmetric\PrivateKeyInfo; |
||
12 | use X501\ASN1\Name; |
||
13 | use X509\Certificate\TBSCertificate; |
||
14 | use X509\Certificate\Validity; |
||
15 | use X509\Certificate\Extension\BasicConstraintsExtension; |
||
16 | use X509\Certificate\Extension\KeyUsageExtension; |
||
17 | use X509\Certificate\Extension\SubjectKeyIdentifierExtension; |
||
18 | |||
19 | require dirname(__DIR__) . "/vendor/autoload.php"; |
||
20 | |||
21 | // load RSA private key from PEM |
||
22 | $private_key_info = PrivateKeyInfo::fromPEM( |
||
23 | PEM::fromFile(dirname(__DIR__) . "/test/assets/rsa/private_key.pem")); |
||
24 | // extract public key from private key |
||
25 | $public_key_info = $private_key_info->publicKeyInfo(); |
||
26 | // DN of the certification authority |
||
27 | $name = Name::fromString("cn=Example CA"); |
||
28 | // validity period |
||
29 | $validity = Validity::fromStrings("now", "now + 10 years"); |
||
30 | // create "to be signed" certificate object with extensions |
||
31 | $tbs_cert = new TBSCertificate($name, $public_key_info, $name, $validity); |
||
32 | $tbs_cert = $tbs_cert->withRandomSerialNumber()->withAdditionalExtensions( |
||
33 | new BasicConstraintsExtension(true, true), |
||
34 | new SubjectKeyIdentifierExtension(false, $public_key_info->keyIdentifier()), |
||
35 | new KeyUsageExtension(true, |
||
36 | KeyUsageExtension::DIGITAL_SIGNATURE | KeyUsageExtension::KEY_CERT_SIGN)); |
||
37 | // sign certificate with private key |
||
38 | $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto( |
||
39 | $private_key_info->algorithmIdentifier(), new SHA256AlgorithmIdentifier()); |
||
0 ignored issues
–
show
|
|||
40 | $cert = $tbs_cert->sign($algo, $private_key_info); |
||
41 | echo $cert; |
||
42 |
This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass.
Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type.