|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace X509\Certificate; |
|
4
|
|
|
|
|
5
|
|
|
use ASN1\Type\Constructed\Sequence; |
|
6
|
|
|
use CryptoUtil\ASN1\AlgorithmIdentifier; |
|
7
|
|
|
use CryptoUtil\ASN1\AlgorithmIdentifier\Feature\SignatureAlgorithmIdentifier; |
|
8
|
|
|
use CryptoUtil\ASN1\PublicKeyInfo; |
|
9
|
|
|
use CryptoUtil\Crypto\Crypto; |
|
10
|
|
|
use CryptoUtil\Crypto\Signature; |
|
11
|
|
|
use CryptoUtil\PEM\PEM; |
|
12
|
|
|
use X509\Certificate\TBSCertificate; |
|
13
|
|
|
|
|
14
|
|
|
|
|
15
|
|
|
/** |
|
16
|
|
|
* Implements <i>Certificate</i> ASN.1 type. |
|
17
|
|
|
* |
|
18
|
|
|
* @link https://tools.ietf.org/html/rfc5280#section-4.1 |
|
19
|
|
|
*/ |
|
20
|
|
|
class Certificate |
|
21
|
|
|
{ |
|
22
|
|
|
/** |
|
23
|
|
|
* "To be signed" certificate information. |
|
24
|
|
|
* |
|
25
|
|
|
* @var TBSCertificate $_tbsCertificate |
|
26
|
|
|
*/ |
|
27
|
|
|
protected $_tbsCertificate; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* Signature algorithm. |
|
31
|
|
|
* |
|
32
|
|
|
* @var SignatureAlgorithmIdentifier $_signatureAlgorithm |
|
33
|
|
|
*/ |
|
34
|
|
|
protected $_signatureAlgorithm; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* Signature value. |
|
38
|
|
|
* |
|
39
|
|
|
* @var Signature $_signatureValue |
|
40
|
|
|
*/ |
|
41
|
|
|
protected $_signatureValue; |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* Constructor |
|
45
|
|
|
* |
|
46
|
|
|
* @param TBSCertificate $tbsCert |
|
47
|
|
|
* @param SignatureAlgorithmIdentifier $algo |
|
48
|
|
|
* @param Signature $signature |
|
49
|
|
|
*/ |
|
50
|
20 |
|
public function __construct(TBSCertificate $tbsCert, |
|
51
|
|
|
SignatureAlgorithmIdentifier $algo, Signature $signature) { |
|
52
|
20 |
|
$this->_tbsCertificate = $tbsCert; |
|
53
|
20 |
|
$this->_signatureAlgorithm = $algo; |
|
54
|
20 |
|
$this->_signatureValue = $signature; |
|
55
|
20 |
|
} |
|
56
|
|
|
|
|
57
|
|
|
/** |
|
58
|
|
|
* Initialize from ASN.1. |
|
59
|
|
|
* |
|
60
|
|
|
* @param Sequence $seq |
|
61
|
|
|
* @return self |
|
62
|
|
|
*/ |
|
63
|
10 |
View Code Duplication |
public static function fromASN1(Sequence $seq) { |
|
|
|
|
|
|
64
|
10 |
|
$tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence()); |
|
65
|
10 |
|
$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence()); |
|
66
|
10 |
|
if (!$algo instanceof SignatureAlgorithmIdentifier) { |
|
67
|
|
|
throw new \UnexpectedValueException( |
|
68
|
|
|
"Unsupported signature algorithm " . $algo->oid() . "."); |
|
69
|
|
|
} |
|
70
|
10 |
|
$signature = Signature::fromASN1($seq->at(2)->asBitString()); |
|
71
|
10 |
|
return new self($tbsCert, $algo, $signature); |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
/** |
|
75
|
|
|
* Initialize from DER. |
|
76
|
|
|
* |
|
77
|
|
|
* @param string $data |
|
78
|
|
|
* @return self |
|
79
|
|
|
*/ |
|
80
|
9 |
|
public static function fromDER($data) { |
|
81
|
9 |
|
return self::fromASN1(Sequence::fromDER($data)); |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
/** |
|
85
|
|
|
* Initialize from PEM. |
|
86
|
|
|
* |
|
87
|
|
|
* @param PEM $pem |
|
88
|
|
|
* @throws \UnexpectedValueException |
|
89
|
|
|
* @return self |
|
90
|
|
|
*/ |
|
91
|
10 |
|
public static function fromPEM(PEM $pem) { |
|
92
|
10 |
|
if ($pem->type() != PEM::TYPE_CERTIFICATE) { |
|
93
|
1 |
|
throw new \UnexpectedValueException("Invalid PEM type."); |
|
94
|
|
|
} |
|
95
|
9 |
|
return self::fromDER($pem->data()); |
|
96
|
|
|
} |
|
97
|
|
|
|
|
98
|
|
|
/** |
|
99
|
|
|
* Get certificate information. |
|
100
|
|
|
* |
|
101
|
|
|
* @return TBSCertificate |
|
102
|
|
|
*/ |
|
103
|
47 |
|
public function tbsCertificate() { |
|
104
|
47 |
|
return $this->_tbsCertificate; |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* Get signature algorithm. |
|
109
|
|
|
* |
|
110
|
|
|
* @return SignatureAlgorithmIdentifier |
|
111
|
|
|
*/ |
|
112
|
26 |
|
public function signatureAlgorithm() { |
|
113
|
26 |
|
return $this->_signatureAlgorithm; |
|
114
|
|
|
} |
|
115
|
|
|
|
|
116
|
|
|
/** |
|
117
|
|
|
* Get signature value. |
|
118
|
|
|
* |
|
119
|
|
|
* @return Signature |
|
120
|
|
|
*/ |
|
121
|
2 |
|
public function signatureValue() { |
|
122
|
2 |
|
return $this->_signatureValue; |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
/** |
|
126
|
|
|
* Check whether certificate is self-issued. |
|
127
|
|
|
* |
|
128
|
|
|
* @return bool |
|
129
|
|
|
*/ |
|
130
|
27 |
|
public function isSelfIssued() { |
|
131
|
27 |
|
return $this->_tbsCertificate->subject()->equals( |
|
132
|
27 |
|
$this->_tbsCertificate->issuer()); |
|
|
|
|
|
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
/** |
|
136
|
|
|
* Check whether certificate is semantically equal to another. |
|
137
|
|
|
* |
|
138
|
|
|
* @param Certificate $cert Certificate to compare to |
|
139
|
|
|
* @return bool |
|
140
|
|
|
*/ |
|
141
|
11 |
|
public function equals(Certificate $cert) { |
|
142
|
|
|
// if subjects differ |
|
143
|
11 |
|
$s1 = $this->_tbsCertificate->subject(); |
|
144
|
11 |
|
$s2 = $cert->_tbsCertificate->subject(); |
|
145
|
11 |
|
if (!$s1->equals($s2)) { |
|
|
|
|
|
|
146
|
8 |
|
return false; |
|
147
|
|
|
} |
|
148
|
|
|
// if public keys differ |
|
149
|
3 |
|
$kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier(); |
|
150
|
3 |
|
$kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier(); |
|
151
|
3 |
|
if ($kid1 != $kid2) { |
|
152
|
1 |
|
return false; |
|
153
|
|
|
} |
|
154
|
2 |
|
return true; |
|
155
|
|
|
} |
|
156
|
|
|
|
|
157
|
|
|
/** |
|
158
|
|
|
* Generate ASN.1 structure. |
|
159
|
|
|
* |
|
160
|
|
|
* @return Sequence |
|
161
|
|
|
*/ |
|
162
|
3 |
|
public function toASN1() { |
|
163
|
3 |
|
return new Sequence($this->_tbsCertificate->toASN1(), |
|
164
|
3 |
|
$this->_signatureAlgorithm->toASN1(), |
|
165
|
3 |
|
$this->_signatureValue->toBitString()); |
|
166
|
|
|
} |
|
167
|
|
|
|
|
168
|
|
|
/** |
|
169
|
|
|
* Get certificate as a DER. |
|
170
|
|
|
* |
|
171
|
|
|
* @return string |
|
172
|
|
|
*/ |
|
173
|
2 |
|
public function toDER() { |
|
174
|
2 |
|
return $this->toASN1()->toDER(); |
|
175
|
|
|
} |
|
176
|
|
|
|
|
177
|
|
|
/** |
|
178
|
|
|
* Get certificate as a PEM. |
|
179
|
|
|
* |
|
180
|
|
|
* @return PEM |
|
181
|
|
|
*/ |
|
182
|
2 |
|
public function toPEM() { |
|
183
|
2 |
|
return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER()); |
|
184
|
|
|
} |
|
185
|
|
|
|
|
186
|
|
|
/** |
|
187
|
|
|
* Verify certificate signature. |
|
188
|
|
|
* |
|
189
|
|
|
* @param Crypto $crypto |
|
190
|
|
|
* @param PublicKeyInfo $pubkey_info Issuer's public key |
|
191
|
|
|
* @return bool True if certificate signature is valid |
|
192
|
|
|
*/ |
|
193
|
23 |
|
public function verify(Crypto $crypto, PublicKeyInfo $pubkey_info) { |
|
194
|
23 |
|
$data = $this->_tbsCertificate->toASN1()->toDER(); |
|
195
|
23 |
|
return $crypto->verify($data, $this->_signatureValue, $pubkey_info, |
|
196
|
23 |
|
$this->_signatureAlgorithm); |
|
197
|
|
|
} |
|
198
|
|
|
|
|
199
|
|
|
/** |
|
200
|
|
|
* Get certificate as a PEM formatted string. |
|
201
|
|
|
* |
|
202
|
|
|
* @return string |
|
203
|
|
|
*/ |
|
204
|
1 |
|
public function __toString() { |
|
205
|
1 |
|
return $this->toPEM()->string(); |
|
206
|
|
|
} |
|
207
|
|
|
} |
|
208
|
|
|
|
sop /
x509
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.