mirror of
https://github.com/danog/phpseclib.git
synced 2024-12-12 09:09:39 +01:00
RSA: Allow changing openssl configuration file. X509: process HoldInstructionCode.
Also fixes HoldInstruction* OIDs.
This commit is contained in:
parent
8f6cd4f91f
commit
f039a6ebc2
@ -176,6 +176,12 @@ define('CRYPT_RSA_MODE_INTERNAL', 1);
|
|||||||
define('CRYPT_RSA_MODE_OPENSSL', 2);
|
define('CRYPT_RSA_MODE_OPENSSL', 2);
|
||||||
/**#@-*/
|
/**#@-*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Default openSSL configuration file.
|
||||||
|
*/
|
||||||
|
define('CRYPT_RSA_OPENSSL_CONFIG', dirname(__FILE__) . '/../openssl.cnf');
|
||||||
|
|
||||||
|
|
||||||
/**#@+
|
/**#@+
|
||||||
* @access public
|
* @access public
|
||||||
* @see Crypt_RSA::createKey()
|
* @see Crypt_RSA::createKey()
|
||||||
@ -433,6 +439,16 @@ class Crypt_RSA {
|
|||||||
*/
|
*/
|
||||||
var $current;
|
var $current;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* OpenSSL configuration file name.
|
||||||
|
*
|
||||||
|
* Set to NULL to use system configuration file.
|
||||||
|
* @see Crypt_RSA::createKey()
|
||||||
|
* @var Mixed
|
||||||
|
* @Access public
|
||||||
|
*/
|
||||||
|
var $configFile;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The constructor
|
* The constructor
|
||||||
*
|
*
|
||||||
@ -445,6 +461,8 @@ class Crypt_RSA {
|
|||||||
*/
|
*/
|
||||||
function Crypt_RSA()
|
function Crypt_RSA()
|
||||||
{
|
{
|
||||||
|
$this->configFile = CRYPT_RSA_OPENSSL_CONFIG;
|
||||||
|
|
||||||
if ( !defined('CRYPT_RSA_MODE') ) {
|
if ( !defined('CRYPT_RSA_MODE') ) {
|
||||||
switch (true) {
|
switch (true) {
|
||||||
case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='):
|
case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='):
|
||||||
@ -501,12 +519,12 @@ class Crypt_RSA {
|
|||||||
|
|
||||||
// OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum
|
// OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum
|
||||||
if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) {
|
if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) {
|
||||||
$rsa = openssl_pkey_new(array(
|
$config = array();
|
||||||
'private_key_bits' => $bits,
|
if (isset($this->configFile)) {
|
||||||
'config' => dirname(__FILE__) . '/../openssl.cnf'
|
$config['config'] = $this->configFile;
|
||||||
));
|
}
|
||||||
|
$rsa = openssl_pkey_new(array('private_key_bits' => $bits) + $config);
|
||||||
openssl_pkey_export($rsa, $privatekey, NULL, array('config' => dirname(__FILE__) . '/../openssl.cnf'));
|
openssl_pkey_export($rsa, $privatekey, NULL, $config);
|
||||||
$publickey = openssl_pkey_get_details($rsa);
|
$publickey = openssl_pkey_get_details($rsa);
|
||||||
$publickey = $publickey['key'];
|
$publickey = $publickey['key'];
|
||||||
|
|
||||||
|
@ -131,6 +131,7 @@ class File_X509 {
|
|||||||
var $IssuingDistributionPoint;
|
var $IssuingDistributionPoint;
|
||||||
var $InvalidityDate;
|
var $InvalidityDate;
|
||||||
var $CertificateIssuer;
|
var $CertificateIssuer;
|
||||||
|
var $HoldInstructionCode;
|
||||||
/**#@-*/
|
/**#@-*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1175,6 +1176,8 @@ class File_X509 {
|
|||||||
|
|
||||||
$this->CertificateIssuer = $GeneralNames;
|
$this->CertificateIssuer = $GeneralNames;
|
||||||
|
|
||||||
|
$this->HoldInstructionCode = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
|
||||||
|
|
||||||
// OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2
|
// OIDs from RFC5280 and those RFCs mentioned in RFC5280#section-4.1.1.2
|
||||||
$this->oids = array(
|
$this->oids = array(
|
||||||
'1.3.6.1.5.5.7' => 'id-pkix',
|
'1.3.6.1.5.5.7' => 'id-pkix',
|
||||||
@ -1247,10 +1250,10 @@ class File_X509 {
|
|||||||
'2.5.29.21' => 'id-ce-cRLReasons',
|
'2.5.29.21' => 'id-ce-cRLReasons',
|
||||||
'2.5.29.29' => 'id-ce-certificateIssuer',
|
'2.5.29.29' => 'id-ce-certificateIssuer',
|
||||||
'2.5.29.23' => 'id-ce-holdInstructionCode',
|
'2.5.29.23' => 'id-ce-holdInstructionCode',
|
||||||
'2.2.840.10040.2' => 'holdInstruction',
|
'1.2.840.10040.2' => 'holdInstruction',
|
||||||
'2.2.840.10040.2.1' => 'id-holdinstruction-none',
|
'1.2.840.10040.2.1' => 'id-holdinstruction-none',
|
||||||
'2.2.840.10040.2.2' => 'id-holdinstruction-callissuer',
|
'1.2.840.10040.2.2' => 'id-holdinstruction-callissuer',
|
||||||
'2.2.840.10040.2.3' => 'id-holdinstruction-reject',
|
'1.2.840.10040.2.3' => 'id-holdinstruction-reject',
|
||||||
'2.5.29.24' => 'id-ce-invalidityDate',
|
'2.5.29.24' => 'id-ce-invalidityDate',
|
||||||
|
|
||||||
'1.2.840.113549.2.2' => 'md2',
|
'1.2.840.113549.2.2' => 'md2',
|
||||||
@ -1737,6 +1740,8 @@ class File_X509 {
|
|||||||
return $this->InvalidityDate;
|
return $this->InvalidityDate;
|
||||||
case 'id-ce-certificateIssuer':
|
case 'id-ce-certificateIssuer':
|
||||||
return $this->CertificateIssuer;
|
return $this->CertificateIssuer;
|
||||||
|
case 'id-ce-holdInstructionCode':
|
||||||
|
return $this->HoldInstructionCode;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
Loading…
Reference in New Issue
Block a user