mirror of
https://github.com/danog/phpseclib.git
synced 2025-01-22 04:51:19 +01:00
X509: Suppress {get|set|remove}CRLExtension() functions: non *CRL* functions are now polymorphic.
This commit is contained in:
parent
1a0ae1ff76
commit
bf2107eaa8
@ -1853,7 +1853,7 @@ class File_X509 {
|
||||
for ($i = 0; $i < count($this->CAs); $i++) {
|
||||
$ca = $this->CAs[$i];
|
||||
if ($this->currentCert['tbsCertList']['issuer'] === $ca['tbsCertificate']['subject']) {
|
||||
$authorityKey = $this->getCRLExtension('id-ce-authorityKeyIdentifier');
|
||||
$authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier');
|
||||
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
|
||||
switch (true) {
|
||||
case !is_array($authorityKey):
|
||||
@ -2959,12 +2959,12 @@ class File_X509 {
|
||||
$crlNumber = $this->serialNumber;
|
||||
}
|
||||
else {
|
||||
$crlNumber = $this->getCRLExtension('id-ce-cRLNumber');
|
||||
$crlNumber = $this->getExtension('id-ce-cRLNumber');
|
||||
$crlNumber = $crlNumber !== false ? $crlNumber->add(new Math_BigInteger(1)) : NULL;
|
||||
}
|
||||
|
||||
$this->removeCRLExtension('id-ce-authorityKeyIdentifier');
|
||||
$this->removeCRLExtension('id-ce-issuerAltName');
|
||||
$this->removeExtension('id-ce-authorityKeyIdentifier');
|
||||
$this->removeExtension('id-ce-issuerAltName');
|
||||
|
||||
// Be sure version >= v2 if some extension found.
|
||||
$version = isset($tbsCertList['version']) ? $tbsCertList['version'] : 0;
|
||||
@ -2988,11 +2988,11 @@ class File_X509 {
|
||||
// Store additional extensions.
|
||||
if (!empty($tbsCertList['version'])) { // At least v2.
|
||||
if (!empty($crlNumber)) {
|
||||
$this->setCRLExtension('id-ce-cRLNumber', $crlNumber);
|
||||
$this->setExtension('id-ce-cRLNumber', $crlNumber);
|
||||
}
|
||||
|
||||
if (isset($issuer->currentKeyIdentifier)) {
|
||||
$this->setCRLExtension('id-ce-authorityKeyIdentifier', array(
|
||||
$this->setExtension('id-ce-authorityKeyIdentifier', array(
|
||||
//'authorityCertIssuer' => array(
|
||||
// array(
|
||||
// 'directoryName' => $issuer->dn
|
||||
@ -3011,7 +3011,7 @@ class File_X509 {
|
||||
$issuerAltName = $this->getExtension('id-ce-subjectAltName', $issuer->currentCert);
|
||||
|
||||
if ($issuerAltName !== false) {
|
||||
$this->setCRLExtension('id-ce-issuerAltName', $issuerAltName);
|
||||
$this->setExtension('id-ce-issuerAltName', $issuerAltName);
|
||||
}
|
||||
}
|
||||
|
||||
@ -3161,17 +3161,54 @@ class File_X509 {
|
||||
return $root;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a reference to an extension subarray
|
||||
*
|
||||
* @param array $root
|
||||
* @param String $path optional absolute path with / as component separator
|
||||
* @param Boolean $create optional
|
||||
* @access private
|
||||
* @return array ref or false
|
||||
*/
|
||||
function &_extensions(&$root, $path = NULL, $create = false)
|
||||
{
|
||||
if (!isset($root)) {
|
||||
$root = $this->currentCert;
|
||||
}
|
||||
|
||||
switch (true) {
|
||||
case !empty($path):
|
||||
case !is_array($root):
|
||||
break;
|
||||
case isset($root['tbsCertificate']):
|
||||
$path = 'tbsCertificate/extensions';
|
||||
break;
|
||||
case isset($root['tbsCertList']):
|
||||
$path = 'tbsCertList/crlExtensions';
|
||||
break;
|
||||
}
|
||||
|
||||
$extensions = &$this->_subArray($root, $path, $create);
|
||||
|
||||
if (!is_array($extensions)) {
|
||||
$false = false;
|
||||
return $false;
|
||||
}
|
||||
|
||||
return $extensions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove an Extension
|
||||
*
|
||||
* @param String $id
|
||||
* @param String $path optional
|
||||
* @access public
|
||||
* @access private
|
||||
* @return Boolean
|
||||
*/
|
||||
function removeExtension($id, $path = 'tbsCertificate/extensions')
|
||||
function _removeExtension($id, $path = NULL)
|
||||
{
|
||||
$extensions = &$this->_subArray($this->currentCert, $path);
|
||||
$extensions = &$this->_extensions($this->currentCert, $path);
|
||||
|
||||
if (!is_array($extensions)) {
|
||||
return false;
|
||||
@ -3186,22 +3223,9 @@ class File_X509 {
|
||||
}
|
||||
|
||||
$extensions = array_values($extensions);
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove a CRL Extension
|
||||
*
|
||||
* @param String $id
|
||||
* @access public
|
||||
* @return Boolean
|
||||
*/
|
||||
function removeCRLExtension($id)
|
||||
{
|
||||
return $this->removeExtension($id, 'tbsCertList/crlExtensions');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get an Extension
|
||||
*
|
||||
@ -3210,16 +3234,12 @@ class File_X509 {
|
||||
* @param String $id
|
||||
* @param Array $cert optional
|
||||
* @param String $path optional
|
||||
* @access public
|
||||
* @access private
|
||||
* @return Mixed
|
||||
*/
|
||||
function getExtension($id, $cert = NULL, $path = 'tbsCertificate/extensions')
|
||||
function _getExtension($id, $cert = NULL, $path = NULL)
|
||||
{
|
||||
if (!isset($cert)) {
|
||||
$cert = $this->currentCert;
|
||||
}
|
||||
|
||||
$extensions = $this->_subArray($cert, $path);
|
||||
$extensions = $this->_extensions($cert, $path);
|
||||
|
||||
if (!is_array($extensions)) {
|
||||
return false;
|
||||
@ -3234,36 +3254,17 @@ class File_X509 {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a CRL Extension
|
||||
*
|
||||
* Returns the extension if it exists and false if not
|
||||
*
|
||||
* @param String $id
|
||||
* @param Array $crl optional
|
||||
* @access public
|
||||
* @return Mixed
|
||||
*/
|
||||
function getCRLExtension($id, $crl = NULL)
|
||||
{
|
||||
return $this->getExtension($id, $crl, 'tbsCertList/crlExtensions');
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of all extensions in use
|
||||
*
|
||||
* @param array $cert optional
|
||||
* @param String $path optional
|
||||
* @access public
|
||||
* @access private
|
||||
* @return Array
|
||||
*/
|
||||
function getExtensions($cert = NULL, $path = 'tbsCertificate/extensions')
|
||||
function _getExtensions($cert = NULL, $path = NULL)
|
||||
{
|
||||
if (!isset($cert)) {
|
||||
$cert = $this->currentCert;
|
||||
}
|
||||
|
||||
$exts = $this->_subArray($cert, $path);
|
||||
$exts = $this->_extensions($cert, $path);
|
||||
$extensions = array();
|
||||
|
||||
if (is_array($exts)) {
|
||||
@ -3275,18 +3276,6 @@ class File_X509 {
|
||||
return $extensions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of all CRL extensions in use
|
||||
*
|
||||
* @param array $crl optional
|
||||
* @access public
|
||||
* @return Array
|
||||
*/
|
||||
function getCRLExtensions($crl = NULL)
|
||||
{
|
||||
return $this->getExtensions($crl, 'tbsCertList/crlExtensions');
|
||||
}
|
||||
|
||||
/**
|
||||
* Set an Extension
|
||||
*
|
||||
@ -3295,12 +3284,12 @@ class File_X509 {
|
||||
* @param Boolean $critical optional
|
||||
* @param Boolean $replace optional
|
||||
* @param String $path optional
|
||||
* @access public
|
||||
* @access private
|
||||
* @return Boolean
|
||||
*/
|
||||
function setExtension($id, $value, $critical = false, $replace = true, $path = 'tbsCertificate/extensions')
|
||||
function _setExtension($id, $value, $critical = false, $replace = true, $path = NULL)
|
||||
{
|
||||
$extensions = &$this->_subArray($this->currentCert, $path, true);
|
||||
$extensions = &$this->_extensions($this->currentCert, $path, true);
|
||||
|
||||
if (!is_array($extensions)) {
|
||||
return false;
|
||||
@ -3324,18 +3313,57 @@ class File_X509 {
|
||||
}
|
||||
|
||||
/**
|
||||
* Set a CRL Extension
|
||||
* Remove a certificate or CRL Extension
|
||||
*
|
||||
* @param String $id
|
||||
* @access public
|
||||
* @return Boolean
|
||||
*/
|
||||
function removeExtension($id)
|
||||
{
|
||||
return $this->_removeExtension($id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a certificate or CRL Extension
|
||||
*
|
||||
* Returns the extension if it exists and false if not
|
||||
*
|
||||
* @param String $id
|
||||
* @param Array $cert optional
|
||||
* @access public
|
||||
* @return Mixed
|
||||
*/
|
||||
function getExtension($id, $cert = NULL)
|
||||
{
|
||||
return $this->_getExtension($id, $cert);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of all extensions in use in certificate or CRL
|
||||
*
|
||||
* @param array $cert optional
|
||||
* @access public
|
||||
* @return Array
|
||||
*/
|
||||
function getExtensions($cert = NULL)
|
||||
{
|
||||
return $this->_getExtensions($cert);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set a certificate or CRL Extension
|
||||
*
|
||||
* @param String $id
|
||||
* @param Mixed $value
|
||||
* @param Boolean $critical optional
|
||||
* @param Boolean $replace optional
|
||||
* @access public
|
||||
* @access private
|
||||
* @return Boolean
|
||||
*/
|
||||
function setCRLExtension($id, $value, $critical = false, $replace = true)
|
||||
function setExtension($id, $value, $critical = false, $replace = true)
|
||||
{
|
||||
return $this->setExtension($id, $value, $critical, $replace, 'tbsCertList/crlExtensions');
|
||||
return $this->_setExtension($id, $value, $critical, $replace);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -3607,7 +3635,7 @@ class File_X509 {
|
||||
{
|
||||
if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {
|
||||
if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
|
||||
return $this->removeExtension($id, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
return $this->_removeExtension($id, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
}
|
||||
}
|
||||
|
||||
@ -3633,7 +3661,7 @@ class File_X509 {
|
||||
|
||||
if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) {
|
||||
if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
|
||||
return $this->getExtension($id, $crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
return $this->_getExtension($id, $crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
}
|
||||
}
|
||||
|
||||
@ -3656,7 +3684,7 @@ class File_X509 {
|
||||
|
||||
if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) {
|
||||
if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
|
||||
return $this->getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
return $this->_getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
}
|
||||
}
|
||||
|
||||
@ -3679,7 +3707,7 @@ class File_X509 {
|
||||
if (isset($this->currentCert['tbsCertList'])) {
|
||||
if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) {
|
||||
if (($i = $this->_revokedCertificate($rclist, $serial, true)) !== false) {
|
||||
return $this->setExtension($id, $value, $critical, $replace, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
return $this->_setExtension($id, $value, $critical, $replace, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user