From 4735751bf50278bccb297dff69bef949b0f1abbd Mon Sep 17 00:00:00 2001 From: metaclassing Date: Tue, 26 Jan 2016 17:23:14 -0600 Subject: [PATCH 1/2] Switched out pack/unpack and ip2long/long2ip with inet_pton/ntop for ipv6 encoding support in x509v3 subject alternative names --- phpseclib/File/X509.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 14624c09..c8a0a8ad 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -2198,9 +2198,7 @@ class X509 */ function _decodeIP($ip) { - $ip = base64_decode($ip); - list(, $ip) = unpack('N', $ip); - return long2ip($ip); + return inet_ntop(base64_decode($ip)); } /** @@ -2214,7 +2212,7 @@ class X509 */ function _encodeIP($ip) { - return base64_encode(pack('N', ip2long($ip))); + return base64_encode(inet_pton($ip)); } /** From 88a04862aeeedcd8dd593cea7e284e882f358092 Mon Sep 17 00:00:00 2001 From: metaclassing Date: Wed, 27 Jan 2016 05:13:47 -0600 Subject: [PATCH 2/2] Added unit test for IPv4 and IPv6 address decoding in X509v3 subject alternative names extended attribute --- tests/Unit/File/X509/X509Test.php | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index acbb44a8..d3ddc31b 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -225,4 +225,39 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7 $this->assertEquals($x509->getOID('id-sha256'), '2.16.840.1.101.3.4.2.1'); $this->assertEquals($x509->getOID('zzz'), 'zzz'); } + + public function testIPAddressSubjectAltNamesDecoding() + { + $test = '-----BEGIN CERTIFICATE----- +MIIEcTCCAlmgAwIBAgIBDjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBQuU2Vj +dXJlIElzc3VpbmcgQ0EgMTAeFw0xNjAxMjUyMzIwMjZaFw0yMTAxMjYyMzIwMjZa +MBoxGDAWBgNVBAMMDzIwNC4xNTIuMjAwLjI1MDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAM9lMPiYQ26L5qXR1rlUXM0Z3DeRhDsJ/9NadLFJnvxKCV5L +M9rlrThpK6V5VbgPgEwKVLXGtJoGSEUkLd4roJ25ZTH08GcYszWyp8nLPQRovYnN ++aeE1aefnHcpt524f0Es9NFXh0uwRWV3ZCWSwN+mo9Qo6507KZq+q34if7/q9+De +O5RJumVQWc9OCjCt6pQBnBua9oCAca+SIHftOdgWXqVw+Xvl6/dLeF70jJD43P00 ++bdAnGDgBdgO+p+K+XrOCaCWMcCsRX5xiK4hUG54UM5ayBST+McyfjsKxpO2djPg +FlSL0RLg+Nj8WehANUUuaNU874Pp3FV5GTI0ZbUCAwEAAaOBvDCBuTAMBgNVHRMB +Af8EAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcDATAhBgNVHREE +GjAYhwTMmMj6hxAgAQRw8wkACQAAAAAAAAADMEMGA1UdHwQ8MDowOKA2oDSGMmh0 +dHA6Ly9jcmwuc2VjdXJlb2JzY3VyZS5jb20vP2FjdGlvbj1jcmwmY2E9aXNzdWUx +MB8GA1UdIwQYMBaAFOJWVCX4poZSBzemgihf9dAhFNHJMA0GCSqGSIb3DQEBCwUA +A4ICAQAce9whx4InRtzk1to6oeRxTCbeNDjNFuTkotphSws4hDoaz3nyFLSYyMT4 +aKFnNP9AmMS5nEXphtP4HP9wAluTcAFMuip0rDJjiRA/khIE27KurO6cg1faFWHl +6lh6xnEf9UFZZzTLsXt2miBiMb8olgPrBuVFWjPZ/ConesJRZRFqMd5mfntXC+2V +zRcXdtwp9h/Am/WuvjsG/gBAPdeRNKffCokIcgfvffd2oklSDD0T9baG2MTgaxnX +oG6e5saWjoN8bLWuCJpvjA7aErXQwXUyXx1nrTWQ1TCR2N+M62X7e07jZLKSAECP +v6SqZ9/LDmCacVQbfg4wDC/gbpjDSKaD5fkusH6leXleWQ7X8Z03LsKvVq43a71z +jO61kkiFAh3CegWsY+TSYjZxDq58xGMiE7y/fK+SHQXDLyY7HU4eky2l3DSy8bXQ +p64vTJ/OmAcXVNUASfBCNw0kpxuFjlxers/+6zheowB1RIKo0xvSRC4cEDRl/jFA +b7WUT/MIe6B1r0v1gxHnFG2bFI/MhTT9V+tICOLo7+69z4jf/OFkzjYvqq2QWPgc +sE3f2TNnmKFRJx67bEMoaaWLIR94Yuq/TWB6dTiWwk9meZkGG3OjQg/YbO6vl/Am +NDEuGt30Vl2de7G1glnhaceB6Q9KfH7p2gAwNP9JMTtx3PtEcA== +-----END CERTIFICATE-----'; + + $x509 = new X509(); + $cert = $x509->loadX509($test); + $this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][0]['iPAddress'], '204.152.200.250'); + $this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][1]['iPAddress'], '2001:470:f309:9::3'); + } }