2017-08-06 19:35:52 +02:00
|
|
|
<?php
|
2022-02-17 03:25:59 +01:00
|
|
|
|
2017-08-06 19:35:52 +02:00
|
|
|
/**
|
|
|
|
* @author Jim Wigginton <terrafrost@php.net>
|
|
|
|
* @copyright 2017 Jim Wigginton
|
|
|
|
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
|
|
|
*/
|
|
|
|
|
2022-02-23 03:48:51 +01:00
|
|
|
namespace phpseclib3\Tests\Unit\File\X509;
|
|
|
|
|
2022-09-23 22:02:44 +02:00
|
|
|
use phpseclib3\Math\BigInteger;
|
|
|
|
use phpseclib3\Crypt\RSA;
|
2019-11-07 06:41:40 +01:00
|
|
|
use phpseclib3\File\X509;
|
2022-02-23 03:48:51 +01:00
|
|
|
use phpseclib3\Tests\PhpseclibTestCase;
|
2017-08-06 19:35:52 +02:00
|
|
|
|
2022-02-23 03:48:51 +01:00
|
|
|
class CRLTest extends PhpseclibTestCase
|
2017-08-06 19:35:52 +02:00
|
|
|
{
|
|
|
|
public function testLoadCRL()
|
|
|
|
{
|
2017-08-08 05:35:29 +02:00
|
|
|
$test = file_get_contents(__DIR__ . '/crl.bin');
|
2017-08-06 19:35:52 +02:00
|
|
|
|
|
|
|
$x509 = new X509();
|
|
|
|
|
|
|
|
$x509->loadCRL($test);
|
|
|
|
|
|
|
|
$reason = $x509->getRevokedCertificateExtension('9048354325167497831898969642461237543', 'id-ce-cRLReasons');
|
|
|
|
|
|
|
|
$this->assertSame('unspecified', $reason);
|
|
|
|
}
|
2022-09-23 22:02:44 +02:00
|
|
|
|
|
|
|
public function testCreateCRL()
|
|
|
|
{
|
|
|
|
// create private key / x.509 cert for signing
|
|
|
|
$CAPrivKey = RSA::createKey(1024);
|
|
|
|
$CAPubKey = $CAPrivKey->getPublicKey();
|
|
|
|
|
|
|
|
$CASubject = new X509();
|
|
|
|
$CASubject->setDNProp('id-at-organizationName', 'phpseclib CA cert');
|
|
|
|
$CASubject->setPublicKey($CAPubKey);
|
|
|
|
|
|
|
|
$CAIssuer = new X509();
|
|
|
|
$CAIssuer->setPrivateKey($CAPrivKey);
|
|
|
|
$CAIssuer->setDN($CASubject->getDN());
|
|
|
|
|
|
|
|
$x509 = new X509();
|
|
|
|
$x509->makeCA();
|
|
|
|
$result = $x509->sign($CAIssuer, $CASubject);
|
|
|
|
$CA = $x509->saveX509($result);
|
|
|
|
|
|
|
|
// create CRL
|
|
|
|
$x509 = new X509();
|
|
|
|
$crl = $x509->loadCRL($x509->saveCRL($x509->signCRL($CAIssuer, new X509())));
|
|
|
|
$x509->revoke(new BigInteger('zzz', 256), '+1 year');
|
|
|
|
$crl = $x509->saveCRL($x509->signCRL($CAIssuer, $x509));
|
|
|
|
|
|
|
|
// validate newly created CRL
|
|
|
|
$x509 = new X509();
|
|
|
|
$x509->loadCA($CA);
|
|
|
|
$r = $x509->loadCRL($crl);
|
|
|
|
$this->assertArrayHasKey('parameters', $r['signatureAlgorithm']);
|
|
|
|
$this->assertTrue($x509->validateSignature());
|
|
|
|
}
|
2017-08-06 19:35:52 +02:00
|
|
|
}
|