Issues in issue-cert.php - New Issues - Inspection of "Update deps" - sop/x509 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8abb02...91afec )

by Joni

created 2017-11-08 09:35 UTC

examples/issue-cert.php (1 issue)

Labels

Compatibility 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Create an end-entity certificate based on CSR and sign using CA certificate.
 *
 * php issue-cert.php <(php create-ca-cert.php) <(php create-csr.php)
 */

use Sop\CryptoEncoding\PEM;
use Sop\CryptoTypes\AlgorithmIdentifier\Hash\SHA512AlgorithmIdentifier;
use Sop\CryptoTypes\AlgorithmIdentifier\Signature\SignatureAlgorithmIdentifierFactory;
use Sop\CryptoTypes\Asymmetric\PrivateKeyInfo;
use X509\Certificate\Certificate;
use X509\Certificate\TBSCertificate;
use X509\Certificate\Validity;
use X509\Certificate\Extension\BasicConstraintsExtension;
use X509\Certificate\Extension\KeyUsageExtension;
use X509\CertificationRequest\CertificationRequest;

require dirname(__DIR__) . "/vendor/autoload.php";

$argc == 3 or printf("Usage: %s <ca-path> <csr-path>\n", $argv[0]) and exit(1);
// load issuer certificate from PEM
$issuer_cert = Certificate::fromPEM(PEM::fromFile($argv[1]));
// load certification request from PEM
$csr = CertificationRequest::fromPEM(PEM::fromFile($argv[2]));
// verify CSR
if (!$csr->verify()) {
    echo "Failed to verify certification request signature.\n";
    exit(1);
}
// load CA's private key from PEM
$private_key_info = PrivateKeyInfo::fromPEM(
    PEM::fromFile(dirname(__DIR__) . "/test/assets/rsa/private_key.pem"));
// initialize certificate from CSR and issuer's certificate
$tbs_cert = TBSCertificate::fromCSR($csr)->withIssuerCertificate($issuer_cert);
// set random serial number
$tbs_cert = $tbs_cert->withRandomSerialNumber();
// set validity period
$tbs_cert = $tbs_cert->withValidity(
    Validity::fromStrings("now", "now + 3 months"));
// add extensions
$tbs_cert = $tbs_cert->withAdditionalExtensions(
    new KeyUsageExtension(true,
        KeyUsageExtension::DIGITAL_SIGNATURE |
             KeyUsageExtension::KEY_ENCIPHERMENT),
    new BasicConstraintsExtension(true, false));
// sign certificate with issuer's private key
$algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
    $private_key_info->algorithmIdentifier(), new SHA512AlgorithmIdentifier());

$cert = $tbs_cert->sign($algo, $private_key_info);
echo $cert;


GitHub Access Token became invalid

Push — master ( 8abb02...91afec )

examples/issue-cert.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Create an end-entity certificate based on CSR and sign using CA certificate.
4			*
5			* php issue-cert.php <(php create-ca-cert.php) <(php create-csr.php)
6			*/
7
8			use Sop\CryptoEncoding\PEM;
9			use Sop\CryptoTypes\AlgorithmIdentifier\Hash\SHA512AlgorithmIdentifier;
10			use Sop\CryptoTypes\AlgorithmIdentifier\Signature\SignatureAlgorithmIdentifierFactory;
11			use Sop\CryptoTypes\Asymmetric\PrivateKeyInfo;
12			use X509\Certificate\Certificate;
13			use X509\Certificate\TBSCertificate;
14			use X509\Certificate\Validity;
15			use X509\Certificate\Extension\BasicConstraintsExtension;
16			use X509\Certificate\Extension\KeyUsageExtension;
17			use X509\CertificationRequest\CertificationRequest;
18
19			require dirname(__DIR__) . "/vendor/autoload.php";
20
21			$argc == 3 or printf("Usage: %s <ca-path> <csr-path>\n", $argv[0]) and exit(1);
22			// load issuer certificate from PEM
23			$issuer_cert = Certificate::fromPEM(PEM::fromFile($argv[1]));
24			// load certification request from PEM
25			$csr = CertificationRequest::fromPEM(PEM::fromFile($argv[2]));
26			// verify CSR
27			if (!$csr->verify()) {
28			echo "Failed to verify certification request signature.\n";
29			exit(1);
30			}
31			// load CA's private key from PEM
32			$private_key_info = PrivateKeyInfo::fromPEM(
33			PEM::fromFile(dirname(__DIR__) . "/test/assets/rsa/private_key.pem"));
34			// initialize certificate from CSR and issuer's certificate
35			$tbs_cert = TBSCertificate::fromCSR($csr)->withIssuerCertificate($issuer_cert);
36			// set random serial number
37			$tbs_cert = $tbs_cert->withRandomSerialNumber();
38			// set validity period
39			$tbs_cert = $tbs_cert->withValidity(
40			Validity::fromStrings("now", "now + 3 months"));
41			// add extensions
42			$tbs_cert = $tbs_cert->withAdditionalExtensions(
43			new KeyUsageExtension(true,
44			KeyUsageExtension::DIGITAL_SIGNATURE \|
45			KeyUsageExtension::KEY_ENCIPHERMENT),
46			new BasicConstraintsExtension(true, false));
47			// sign certificate with issuer's private key
48			$algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
49			$private_key_info->algorithmIdentifier(), new SHA512AlgorithmIdentifier());
			0 ignored issues – show Compatibility introduced 2017-11-08 09:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$private_key_info->algorithmIdentifier()` of type `object<Sop\CryptoTypes\A...lgorithmIdentifierType>` is not a sub-type of `object<Sop\CryptoTypes\A...ptoAlgorithmIdentifier>`. It seems like you assume a child interface of the interface `Sop\CryptoTypes\Algorith...AlgorithmIdentifierType` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
50			$cert = $tbs_cert->sign($algo, $private_key_info);
51			echo $cert;
52

sop / x509

GitHub Access Token became invalid

Push — master ( 8abb02...91afec )

examples/issue-cert.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like