Pure-PHP X.509 Parser
| author | Jim Wigginton terrafrost@php.net |
|---|---|
| package | Default |
computeKeyIdentifier(mixed $key = null,integer $method = 1): string
Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key:
mixedoptional
integeroptional
stringbinary key identifier
decodeIP(string $ip): string
Takes in a base64 encoded "blob" and returns a human readable IP address
string
string decodeNameConstraintIP(string $ip): array
Takes in a base64 encoded "blob" and returns a human readable IP address / mask
string
array disableURLFetch()
dnsName(string $domain): array
string
array enableURLFetch()
encodeIP(string|array $ip): string
Takes a human readable IP address into a base64-encoded "blob"
string|array
string extensions(array &$root = null,string $path = null,boolean $create = false): array|false
array
stringoptional absolute path with / as component separator
booleanoptional
array|false fetchURL(string $url): boolean|string
string
boolean|string formatSubjectPublicKey(): array|false
array|false getAttribute(string $id,integer $disposition = self::ATTR_ALL,array $csr = null): mixed
Returns the attribute if it exists and false if not
string
integeroptional
arrayoptional
mixed getAttributes(array $csr = null): array
arrayoptional
array getChain(): mixed
mixed getCurrentCert(): array|boolean
array|boolean getDN(mixed $format = self::DN_ARRAY,array $dn = null): array|boolean|string
mixedoptional
arrayoptional
array|boolean|string getDNProp(string $propName,array $dn = null,boolean $withType = false): mixed
string
arrayoptional
booleanoptional
mixed getExtension(string $id,array $cert = null,string $path = null): mixed
Returns the extension if it exists and false if not
string
arrayoptional
string
mixed getExtensionHelper(string $id,array $cert = null,string $path = null): mixed
Returns the extension if it exists and false if not
string
arrayoptional
stringoptional
mixed getExtensions(array $cert = null,string $path = null): array
arrayoptional
stringoptional
array getExtensionsHelper(array $cert = null,string $path = null): array
arrayoptional
stringoptional
array getIssuerDN(integer $format = self::DN_ARRAY): mixed
integeroptional
mixed getIssuerDNProp(string $propName,boolean $withType = false): mixed
string
booleanoptional
mixed getMapping(string $extnId): mixed
string
mixed getPublicKey(): mixed
Returns a \phpseclib3\Crypt\RSA object or a false.
mixed getRegisteredExtension(string $id): array|null
string
array|null getRevoked(string $serial): mixed
string
mixed getRevokedCertificateExtension(string $serial,string $id,array $crl = null): mixed
Returns the extension if it exists and false if not
string
string
arrayoptional
mixed getRevokedCertificateExtensions(string $serial,array $crl = null): array|boolean
string
arrayoptional
array|boolean getSubjectDN(integer $format = self::DN_ARRAY): mixed
integeroptional
mixed getSubjectDNProp(string $propName,boolean $withType = false): mixed
string
booleanoptional
mixed identifySignatureAlgorithm(\phpseclib3\Crypt\Common\PrivateKey $key): string
| Throws |
|
|---|
string iPAddress(string $address): array
(IPv6 is not currently supported)
string
array isSubArrayValid(array $root,string $path): boolean
This is intended for use in conjunction with _subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to is_array().
array
string
boolean listRevoked(array $crl = null): array|boolean
arrayoptional
array|boolean loadCA(string $cert): boolean
string
boolean loadCRL(string $crl,integer $mode = self::FORMAT_AUTO_DETECT): mixed
string
integer
mixed loadCSR(string $csr,integer $mode = self::FORMAT_AUTO_DETECT): mixed
string
integer
mixed loadSPKAC(string $spkac): mixed
SPKAC's are produced by the HTML5 keygen element:
https://developer.mozilla.org/en-US/docs/HTML/Element/keygen
string
mixed loadX509(array|string $cert,integer $mode = self::FORMAT_AUTO_DETECT): mixed
Returns an associative array describing the X.509 cert or a false if the cert failed to load
array|string
integer
mixed makeCA()
mapInAttributes(array &$root,string $path)
array(by reference)
string
mapInDNs(array &$root,string $path)
array(by reference)
string
mapInExtensions(array &$root,string $path)
array(by reference)
string
mapOutAttributes(array &$root,string $path)
array(by reference)
string
mapOutDNs(array &$root,string $path)
array(by reference)
string
mapOutExtensions(array &$root,string $path)
array(by reference)
string
registerExtension(string $id,array $mapping)
string
array
removeAttribute(string $id,integer $disposition = self::ATTR_ALL): boolean
string
integeroptional
boolean removeDNProp(string $propName)
string
removeExtension(string $id): boolean
string
boolean removeExtensionHelper(string $id,string $path = null): boolean
string
stringoptional
boolean removeRevokedCertificateExtension(string $serial,string $id): boolean
string
string
boolean revoke(string $serial,string $date = null): boolean
string
stringoptional
boolean revokedCertificate(array &$rclist,string $serial,boolean $create = false): integer|false
array
string
booleanoptional
integer|false saveCRL(array $crl,integer $format = self::FORMAT_PEM): string
array
integeroptional
string saveCSR(array $csr,integer $format = self::FORMAT_PEM): string
array
integeroptional
string saveSPKAC(array $spkac,integer $format = self::FORMAT_PEM): string
array
integeroptional
string saveX509(array $cert,integer $format = self::FORMAT_PEM): string
array
integeroptional
string setAttribute(string $id,mixed $value,integer $disposition = self::ATTR_ALL): boolean
string
mixed
integeroptional
boolean setChallenge(string $challenge)
Used for SPKAC CSR's
string
setDN(mixed $dn,boolean $merge = false,string $type = 'utf8String'): boolean
mixed
booleanoptional
stringoptional
boolean setDNProp(string $propName,mixed $propValue,string $type = 'utf8String'): boolean
string
mixed
stringoptional
boolean setDomain(mixed $domains): void
mixed
setEndDate(\DateTimeInterface|string $date)
\DateTimeInterface|string
setExtension(string $id,mixed $value,boolean $critical = false,boolean $replace = true): boolean
string
mixed
booleanoptional
booleanoptional
boolean setExtensionHelper(string $id,mixed $value,boolean $critical = false,boolean $replace = true,string $path = null): boolean
string
mixed
booleanoptional
booleanoptional
stringoptional
boolean setExtensionValue(string $id,mixed $value,boolean $critical = false,boolean $replace = false)
string
mixed
boolean
boolean
setIPAddress(array<mixed,mixed> $ipAddresses)
array<mixed,mixed>
setKeyIdentifier(string $value)
This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.
string
setPrivateKey(\phpseclib3\Crypt\Common\PrivateKey $key)
setPublicKey(\phpseclib3\Crypt\Common\PublicKey $key): void
setRecurLimit(integer $count)
When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit.
integer
setRevokedCertificateExtension(string $serial,string $id,mixed $value,boolean $critical = false,boolean $replace = true): boolean
string
string
mixed
booleanoptional
booleanoptional
boolean setSerialNumber(string $serial,integer $base = -256)
string
integeroptional
setStartDate(\DateTimeInterface|string $date)
\DateTimeInterface|string
sign(\phpseclib3\File\X509 $issuer,\phpseclib3\File\X509 $subject): mixed
$issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set.
\phpseclib3\File\X509
\phpseclib3\File\X509
mixed signCRL(\phpseclib3\File\X509 $issuer,\phpseclib3\File\X509 $crl): mixed
signCSR(): mixed
mixed signSPKAC(): mixed
mixed subArray(array &$root = null,string $path,boolean $create = false): array|false
array
stringabsolute path with / as component separator
booleanoptional
array|false subArrayUnchecked(array &$root,string $path,boolean $create = false): array|false
This variant of _subArray() does no is_array() checking, so $root should be checked with _isSubArrayValid() first.
This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive.
array
stringabsolute path with / as component separator
booleanoptional
array|false testForIntermediate(boolean $caonly,integer $count): boolean
See https://tools.ietf.org/html/rfc4325 for more info
boolean
integer
boolean timeField(string $date): array|\phpseclib3\File\ASN1\Element
stringin format date('D, d M Y H:i:s O')
array|\phpseclib3\File\ASN1\Element translateDNProp(string $propName): mixed
string
mixed unrevoke(string $serial): boolean
string
boolean validateDate(\DateTimeInterface|string $date = null): boolean
If $date isn't defined it is assumed to be the current date.
\DateTimeInterface|stringoptional
boolean validateSignature(boolean $caonly = true): mixed
Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error
By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed.
The behavior of this function is inspired by openssl_verify.
booleanoptional
mixed validateSignatureCountable(boolean $caonly,integer $count): mixed
Performs said validation whilst keeping track of how many times validation method is called
boolean
integer
mixed validateSignatureHelper(string $publicKeyAlgorithm,string $publicKey,string $signatureAlgorithm,string $signature,string $signatureSubject): boolean
Returns true if the signature is verified and false if it is not correct. If the algorithms are unsupposed an exception is thrown.
| Throws |
|
|---|
string
string
string
string
string
boolean validateURL(string $url): boolean
From RFC2818 "HTTP over TLS":
Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
string
boolean VALIDATE_SIGNATURE_BY_CA
Not really used anymore but retained all the same to suppress E_NOTICEs from old installs
DN_ARRAY
| see | |
|---|---|
DN_STRING
| see | |
|---|---|
DN_ASN1
| see | |
|---|---|
DN_OPENSSL
| see | |
|---|---|
DN_CANON
| see | |
|---|---|
DN_HASH
| see | |
|---|---|
FORMAT_PEM
ie. a base64-encoded PEM with a header and a footer
| see | |
|---|---|
FORMAT_DER
| see | |
|---|---|
FORMAT_SPKAC
| see | Only works on CSRs. Not currently supported. |
|---|---|
FORMAT_AUTO_DETECT
Used only by the load*() functions
| see | |
|---|---|
ATTR_ALL
If disposition is >= 0, this is the index of the target value.
ATTR_APPEND
ATTR_REPLACE
dn :array
| var |
|---|
array publicKey :string|\phpseclib3\Crypt\Common\PublicKey
privateKey :string|\phpseclib3\Crypt\Common\PrivateKey
CAs :array
| var |
|---|
array currentCert :array
| var |
|---|
array signatureSubject :string
There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally encoded so we take save the portion of the original cert that the signature would have made for.
| var |
|---|
string startDate :string
| var |
|---|
string endDate :string|\phpseclib3\File\ASN1\Element
serialNumber :string
| var |
|---|
string currentKeyIdentifier :string
caFlag :boolean
| var |
|---|
boolean challenge :string
| var |
|---|
string extensionValues :array
| var |
|---|
array oidsLoaded :boolean
| var |
|---|
boolean recur_limit :integer
| var |
|---|
integer disable_url_fetch :boolean
| var |
|---|
boolean extensions :array
| var |
|---|
array ipAddresses :\phpseclib3\File\?array
| var |
|---|
\phpseclib3\File\?array domains :\phpseclib3\File\?array
| var |
|---|
\phpseclib3\File\?array