mirror of
https://github.com/danog/phpseclib.git
synced 2024-12-12 09:09:39 +01:00
Add getChain() function
Also improve loading of raw certs
This commit is contained in:
parent
76cb693d62
commit
0b9f743343
@ -1352,8 +1352,19 @@ class File_X509 {
|
|||||||
function loadX509($cert)
|
function loadX509($cert)
|
||||||
{
|
{
|
||||||
if (is_array($cert) && isset($cert['tbsCertificate'])) {
|
if (is_array($cert) && isset($cert['tbsCertificate'])) {
|
||||||
|
unset($this->currentCert);
|
||||||
|
unset($this->currentKeyIdentifier);
|
||||||
|
$this->dn = $cert['tbsCertificate']['subject'];
|
||||||
|
if (!isset($this->dn)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$this->currentCert = $cert;
|
$this->currentCert = $cert;
|
||||||
|
|
||||||
|
$currentKeyIdentifier = $this->getExtension('id-ce-subjectKeyIdentifier');
|
||||||
|
$this->currentKeyIdentifier = is_string($currentKeyIdentifier) ? $currentKeyIdentifier : NULL;
|
||||||
|
|
||||||
unset($this->signatureSubject);
|
unset($this->signatureSubject);
|
||||||
|
|
||||||
return $cert;
|
return $cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1663,12 +1674,14 @@ class File_X509 {
|
|||||||
$olddn = $this->dn;
|
$olddn = $this->dn;
|
||||||
$oldcert = $this->currentCert;
|
$oldcert = $this->currentCert;
|
||||||
$oldsigsubj = $this->signatureSubject;
|
$oldsigsubj = $this->signatureSubject;
|
||||||
|
$oldkeyid = $this->currentKeyIdentifier;
|
||||||
|
|
||||||
$cert = $this->loadX509($cert);
|
$cert = $this->loadX509($cert);
|
||||||
if (!$cert) {
|
if (!$cert) {
|
||||||
$this->dn = $olddn;
|
$this->dn = $olddn;
|
||||||
$this->currentCert = $oldcert;
|
$this->currentCert = $oldcert;
|
||||||
$this->signatureSubject = $oldsigsubj;
|
$this->signatureSubject = $oldsigsubj;
|
||||||
|
$this->currentKeyIdentifier = $oldkeyid;
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -2465,6 +2478,51 @@ class File_X509 {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the certificate chain for the current cert
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
* @return Mixed
|
||||||
|
*/
|
||||||
|
function getChain()
|
||||||
|
{
|
||||||
|
$chain = array($this->currentCert);
|
||||||
|
|
||||||
|
if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (empty($this->CAs)) {
|
||||||
|
return $chain;
|
||||||
|
}
|
||||||
|
while (true) {
|
||||||
|
$currentCert = $chain[count($chain) - 1];
|
||||||
|
for ($i = 0; $i < count($this->CAs); $i++) {
|
||||||
|
$ca = $this->CAs[$i];
|
||||||
|
if ($currentCert['tbsCertificate']['issuer'] === $ca['tbsCertificate']['subject']) {
|
||||||
|
$authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier', $currentCert);
|
||||||
|
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
|
||||||
|
switch (true) {
|
||||||
|
case !is_array($authorityKey):
|
||||||
|
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
||||||
|
if ($currentCert === $ca) {
|
||||||
|
break 3;
|
||||||
|
}
|
||||||
|
$chain[] = $ca;
|
||||||
|
break 2;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($i == count($this->CAs)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
foreach ($chain as $key=>$value) {
|
||||||
|
$chain[$key] = new File_X509();
|
||||||
|
$chain[$key]->loadX509($value);
|
||||||
|
}
|
||||||
|
return $chain;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set public key
|
* Set public key
|
||||||
*
|
*
|
||||||
@ -2546,6 +2604,13 @@ class File_X509 {
|
|||||||
function loadCSR($csr)
|
function loadCSR($csr)
|
||||||
{
|
{
|
||||||
if (is_array($csr) && isset($csr['certificationRequestInfo'])) {
|
if (is_array($csr) && isset($csr['certificationRequestInfo'])) {
|
||||||
|
unset($this->currentCert);
|
||||||
|
unset($this->currentKeyIdentifier);
|
||||||
|
$this->dn = $csr['certificationRequestInfo']['subject'];
|
||||||
|
if (!isset($this->dn)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$this->currentCert = $csr;
|
$this->currentCert = $csr;
|
||||||
unset($this->signatureSubject);
|
unset($this->signatureSubject);
|
||||||
return $csr;
|
return $csr;
|
||||||
|
Loading…
Reference in New Issue
Block a user