Pure-PHP X.509 Parser
author | Jim Wigginton terrafrost@php.net |
---|---|
package | Default |
computeKeyIdentifier(mixed $key = null,integer $method = 1): string
Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key:
mixed
optional
integer
optional
string
binary key identifier
decodeIP(string $ip): string
Takes in a base64 encoded "blob" and returns a human readable IP address
string
string
decodeNameConstraintIP(string $ip): array
Takes in a base64 encoded "blob" and returns a human readable IP address / mask
string
array
disableURLFetch()
dnsName(string $domain): array
string
array
enableURLFetch()
encodeIP(string|array $ip): string
Takes a human readable IP address into a base64-encoded "blob"
string|array
string
extensions(array &$root = null,string $path = null,boolean $create = false): array|false
array
string
optional absolute path with / as component separator
boolean
optional
array|false
fetchURL(string $url): boolean|string
string
boolean|string
formatSubjectPublicKey(): array|false
array|false
getAttribute(string $id,integer $disposition = self::ATTR_ALL,array $csr = null): mixed
Returns the attribute if it exists and false if not
string
integer
optional
array
optional
mixed
getAttributes(array $csr = null): array
array
optional
array
getChain(): mixed
mixed
getCurrentCert(): array|boolean
array|boolean
getDN(mixed $format = self::DN_ARRAY,array $dn = null): array|boolean|string
mixed
optional
array
optional
array|boolean|string
getDNProp(string $propName,array $dn = null,boolean $withType = false): mixed
string
array
optional
boolean
optional
mixed
getExtension(string $id,array $cert = null,string $path = null): mixed
Returns the extension if it exists and false if not
string
array
optional
string
mixed
getExtensionHelper(string $id,array $cert = null,string $path = null): mixed
Returns the extension if it exists and false if not
string
array
optional
string
optional
mixed
getExtensions(array $cert = null,string $path = null): array
array
optional
string
optional
array
getExtensionsHelper(array $cert = null,string $path = null): array
array
optional
string
optional
array
getIssuerDN(integer $format = self::DN_ARRAY): mixed
integer
optional
mixed
getIssuerDNProp(string $propName,boolean $withType = false): mixed
string
boolean
optional
mixed
getMapping(string $extnId): mixed
string
mixed
getPublicKey(): mixed
Returns a \phpseclib3\Crypt\RSA object or a false.
mixed
getRegisteredExtension(string $id): array|null
string
array|null
getRevoked(string $serial): mixed
string
mixed
getRevokedCertificateExtension(string $serial,string $id,array $crl = null): mixed
Returns the extension if it exists and false if not
string
string
array
optional
mixed
getRevokedCertificateExtensions(string $serial,array $crl = null): array|boolean
string
array
optional
array|boolean
getSubjectDN(integer $format = self::DN_ARRAY): mixed
integer
optional
mixed
getSubjectDNProp(string $propName,boolean $withType = false): mixed
string
boolean
optional
mixed
identifySignatureAlgorithm(\phpseclib3\Crypt\Common\PrivateKey $key): string
Throws |
|
---|
string
iPAddress(string $address): array
(IPv6 is not currently supported)
string
array
isSubArrayValid(array $root,string $path): boolean
This is intended for use in conjunction with _subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to is_array().
array
string
boolean
listRevoked(array $crl = null): array|boolean
array
optional
array|boolean
loadCA(string $cert): boolean
string
boolean
loadCRL(string $crl,integer $mode = self::FORMAT_AUTO_DETECT): mixed
string
integer
mixed
loadCSR(string $csr,integer $mode = self::FORMAT_AUTO_DETECT): mixed
string
integer
mixed
loadSPKAC(string $spkac): mixed
SPKAC's are produced by the HTML5 keygen element:
https://developer.mozilla.org/en-US/docs/HTML/Element/keygen
string
mixed
loadX509(array|string $cert,integer $mode = self::FORMAT_AUTO_DETECT): mixed
Returns an associative array describing the X.509 cert or a false if the cert failed to load
array|string
integer
mixed
makeCA()
mapInAttributes(array &$root,string $path)
array
(by reference)
string
mapInDNs(array &$root,string $path)
array
(by reference)
string
mapInExtensions(array &$root,string $path)
array
(by reference)
string
mapOutAttributes(array &$root,string $path)
array
(by reference)
string
mapOutDNs(array &$root,string $path)
array
(by reference)
string
mapOutExtensions(array &$root,string $path)
array
(by reference)
string
registerExtension(string $id,array $mapping)
string
array
removeAttribute(string $id,integer $disposition = self::ATTR_ALL): boolean
string
integer
optional
boolean
removeDNProp(string $propName)
string
removeExtension(string $id): boolean
string
boolean
removeExtensionHelper(string $id,string $path = null): boolean
string
string
optional
boolean
removeRevokedCertificateExtension(string $serial,string $id): boolean
string
string
boolean
revoke(string $serial,string $date = null): boolean
string
string
optional
boolean
revokedCertificate(array &$rclist,string $serial,boolean $create = false): integer|false
array
string
boolean
optional
integer|false
saveCRL(array $crl,integer $format = self::FORMAT_PEM): string
array
integer
optional
string
saveCSR(array $csr,integer $format = self::FORMAT_PEM): string
array
integer
optional
string
saveSPKAC(array $spkac,integer $format = self::FORMAT_PEM): string
array
integer
optional
string
saveX509(array $cert,integer $format = self::FORMAT_PEM): string
array
integer
optional
string
setAttribute(string $id,mixed $value,integer $disposition = self::ATTR_ALL): boolean
string
mixed
integer
optional
boolean
setChallenge(string $challenge)
Used for SPKAC CSR's
string
setDN(mixed $dn,boolean $merge = false,string $type = 'utf8String'): boolean
mixed
boolean
optional
string
optional
boolean
setDNProp(string $propName,mixed $propValue,string $type = 'utf8String'): boolean
string
mixed
string
optional
boolean
setDomain(mixed $domains): void
mixed
setEndDate(\DateTimeInterface|string $date)
\DateTimeInterface|string
setExtension(string $id,mixed $value,boolean $critical = false,boolean $replace = true): boolean
string
mixed
boolean
optional
boolean
optional
boolean
setExtensionHelper(string $id,mixed $value,boolean $critical = false,boolean $replace = true,string $path = null): boolean
string
mixed
boolean
optional
boolean
optional
string
optional
boolean
setExtensionValue(string $id,mixed $value,boolean $critical = false,boolean $replace = false)
string
mixed
boolean
boolean
setIPAddress(array<mixed,mixed> $ipAddresses)
array<mixed,mixed>
setKeyIdentifier(string $value)
This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.
string
setPrivateKey(\phpseclib3\Crypt\Common\PrivateKey $key)
setPublicKey(\phpseclib3\Crypt\Common\PublicKey $key): void
setRecurLimit(integer $count)
When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit.
integer
setRevokedCertificateExtension(string $serial,string $id,mixed $value,boolean $critical = false,boolean $replace = true): boolean
string
string
mixed
boolean
optional
boolean
optional
boolean
setSerialNumber(string $serial,integer $base = -256)
string
integer
optional
setStartDate(\DateTimeInterface|string $date)
\DateTimeInterface|string
sign(\phpseclib3\File\X509 $issuer,\phpseclib3\File\X509 $subject): mixed
$issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set.
\phpseclib3\File\X509
\phpseclib3\File\X509
mixed
signCRL(\phpseclib3\File\X509 $issuer,\phpseclib3\File\X509 $crl): mixed
signCSR(): mixed
mixed
signSPKAC(): mixed
mixed
subArray(array &$root = null,string $path,boolean $create = false): array|false
array
string
absolute path with / as component separator
boolean
optional
array|false
subArrayUnchecked(array &$root,string $path,boolean $create = false): array|false
This variant of _subArray() does no is_array() checking, so $root should be checked with _isSubArrayValid() first.
This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive.
array
string
absolute path with / as component separator
boolean
optional
array|false
testForIntermediate(boolean $caonly,integer $count): boolean
See https://tools.ietf.org/html/rfc4325 for more info
boolean
integer
boolean
timeField(string $date): array|\phpseclib3\File\ASN1\Element
string
in format date('D, d M Y H:i:s O')
array|\phpseclib3\File\ASN1\Element
translateDNProp(string $propName): mixed
string
mixed
unrevoke(string $serial): boolean
string
boolean
validateDate(\DateTimeInterface|string $date = null): boolean
If $date isn't defined it is assumed to be the current date.
\DateTimeInterface|string
optional
boolean
validateSignature(boolean $caonly = true): mixed
Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error
By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed.
The behavior of this function is inspired by openssl_verify.
boolean
optional
mixed
validateSignatureCountable(boolean $caonly,integer $count): mixed
Performs said validation whilst keeping track of how many times validation method is called
boolean
integer
mixed
validateSignatureHelper(string $publicKeyAlgorithm,string $publicKey,string $signatureAlgorithm,string $signature,string $signatureSubject): boolean
Returns true if the signature is verified and false if it is not correct. If the algorithms are unsupposed an exception is thrown.
Throws |
|
---|
string
string
string
string
string
boolean
validateURL(string $url): boolean
From RFC2818 "HTTP over TLS":
Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
string
boolean
VALIDATE_SIGNATURE_BY_CA
Not really used anymore but retained all the same to suppress E_NOTICEs from old installs
DN_ARRAY
see | |
---|---|
DN_STRING
see | |
---|---|
DN_ASN1
see | |
---|---|
DN_OPENSSL
see | |
---|---|
DN_CANON
see | |
---|---|
DN_HASH
see | |
---|---|
FORMAT_PEM
ie. a base64-encoded PEM with a header and a footer
see | |
---|---|
FORMAT_DER
see | |
---|---|
FORMAT_SPKAC
see | Only works on CSRs. Not currently supported. |
---|---|
FORMAT_AUTO_DETECT
Used only by the load*() functions
see | |
---|---|
ATTR_ALL
If disposition is >= 0, this is the index of the target value.
ATTR_APPEND
ATTR_REPLACE
dn :array
var |
---|
array
publicKey :string|\phpseclib3\Crypt\Common\PublicKey
privateKey :string|\phpseclib3\Crypt\Common\PrivateKey
CAs :array
var |
---|
array
currentCert :array
var |
---|
array
signatureSubject :string
There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally encoded so we take save the portion of the original cert that the signature would have made for.
var |
---|
string
startDate :string
var |
---|
string
endDate :string|\phpseclib3\File\ASN1\Element
serialNumber :string
var |
---|
string
currentKeyIdentifier :string
caFlag :boolean
var |
---|
boolean
challenge :string
var |
---|
string
extensionValues :array
var |
---|
array
oidsLoaded :boolean
var |
---|
boolean
recur_limit :integer
var |
---|
integer
disable_url_fetch :boolean
var |
---|
boolean
extensions :array
var |
---|
array
ipAddresses :\phpseclib3\File\?array
var |
---|
\phpseclib3\File\?array
domains :\phpseclib3\File\?array
var |
---|
\phpseclib3\File\?array