mirror of
https://github.com/danog/tgseclib.git
synced 2024-11-30 04:39:02 +01:00
X509: ips in nameconstraints ext include netmask
This commit is contained in:
parent
9015d987f7
commit
19ad5d27da
@ -1650,7 +1650,10 @@ class File_X509
|
||||
corresponding to the extension type identified by extnID */
|
||||
$map = $this->_getMapping($id);
|
||||
if (!is_bool($map)) {
|
||||
$mapped = $asn1->asn1map($decoded[0], $map, array('iPAddress' => array($this, '_decodeIP')));
|
||||
$decoder = $id == 'id-ce-nameConstraints' ?
|
||||
array($this, '_decodeNameConstraintIP') :
|
||||
array($this, '_decodeIP');
|
||||
$mapped = $asn1->asn1map($decoded[0], $map, array('iPAddress' => $decoder));
|
||||
$value = $mapped === false ? $decoded[0] : $mapped;
|
||||
|
||||
if ($id == 'id-ce-certificatePolicies') {
|
||||
@ -2555,18 +2558,36 @@ class File_X509
|
||||
return long2ip($ip);
|
||||
}
|
||||
|
||||
/**
|
||||
* Decodes an IP address in a name constraints extension
|
||||
*
|
||||
* Takes in a base64 encoded "blob" and returns a human readable IP address / mask
|
||||
*
|
||||
* @param string $ip
|
||||
* @access private
|
||||
* @return array
|
||||
*/
|
||||
function _decodeNameConstraintIP($ip)
|
||||
{
|
||||
$ip = base64_decode($ip);
|
||||
list(, $ip, $mask) = unpack('N2', $ip);
|
||||
return [long2ip($ip), long2ip($mask)];
|
||||
}
|
||||
|
||||
/**
|
||||
* Encodes an IP address
|
||||
*
|
||||
* Takes a human readable IP address into a base64-encoded "blob"
|
||||
*
|
||||
* @param string $ip
|
||||
* @param string|array $ip
|
||||
* @access private
|
||||
* @return string
|
||||
*/
|
||||
function _encodeIP($ip)
|
||||
{
|
||||
return base64_encode(pack('N', ip2long($ip)));
|
||||
return is_string($ip) ?
|
||||
base64_encode(pack('N', ip2long($ip))) :
|
||||
base64_encode(pack('NN', ip2long($ip[0]), ip2long($ip[1])));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -691,4 +691,46 @@ A9bhRA0cVk7bAEU2c44CYg==
|
||||
|
||||
$this->assertFalse($r);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group github1387
|
||||
*/
|
||||
public function testNameConstraintIP()
|
||||
{
|
||||
$x509 = new File_X509();
|
||||
$r = $x509->loadX509('-----BEGIN CERTIFICATE-----
|
||||
MIIGcDCCBVigAwIBAgIQRUgJC4ec7yFWcqzT3mwbWzANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQG
|
||||
EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy
|
||||
dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCAXDTE1
|
||||
MTIxNzEyMzg0M1oYDzIwMzAxMjE3MjM1OTU5WjBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMg
|
||||
U2VydGlmaXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxFzAVBgNVBAMM
|
||||
DkVTVEVJRC1TSyAyMDE1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0oH61NDxbdW9
|
||||
k8nLA1qGaL4B7vydod2Ewp/STBZB3wEtIJCLdkpEsS8pXfFiRqwDVsgGGbu+Q99trlb5LI7yi7rI
|
||||
kRov5NftBdSNPSU5rAhYPQhvZZQgOwRaHa5Ey+BaLJHmLqYQS9hQvQsCYyws+xVvNFUpK0pGD64i
|
||||
ycqdMuBl/nWq3fLuZppwBh0VFltm4nhr/1S0R9TRJpqFUGbGr4OK/DwebQ5PjhdS40gCUNwmC7fP
|
||||
Q4vIH+x+TCk2aG+u3MoAz0IrpVWqiwzG/vxreuPPAkgXeFCeYf6fXLsGz4WivsZFbph2pMjELu6s
|
||||
ltlBXfAG3fGv43t91VXicyzR/eT5dsB+zFsW1sHV+1ONPr+qzgDxCH2cmuqoZNfIIq+buob3eA8e
|
||||
e+XpJKJQr+1qGrmhggjvAhc7m6cU4x/QfxwRYhIVNhJf+sKVThkQhbJ9XxuKk3c18wymwL1mpDD0
|
||||
PIGJqlssMeiuJ4IzagFbgESGNDUd4icm0hQT8CmQeUm1GbWeBYseqPhMQX97QFBLXJLVy2SCyoAz
|
||||
7Bq1qA43++EcibN+yBc1nQs2Zoq8ck9MK0bCxDMeUkQUz6VeQGp69ImOQrsw46qTz0mtdQrMSbnk
|
||||
XCuLan5dPm284J9HmaqiYi6j6KLcZ2NkUnDQFesBVlMEm+fHa2iR6lnAFYZ06UECAwEAAaOCAgow
|
||||
ggIGMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMB0GA1UdDgQWBBSzq4i8mdVipIUq
|
||||
CM20HXI7g3JHUTAOBgNVHQ8BAf8EBAMCAQYwdwYDVR0gBHAwbjAIBgYEAI96AQIwCQYHBACL7EAB
|
||||
AjAwBgkrBgEEAc4fAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAsGCSsG
|
||||
AQQBzh8BAjALBgkrBgEEAc4fAQMwCwYJKwYBBAHOHwEEMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYD
|
||||
VR0eBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
AAAAAAAAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUH
|
||||
AQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0
|
||||
cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5j
|
||||
cnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvZWVj
|
||||
Y3JjYS5jcmwwDQYJKoZIhvcNAQEMBQADggEBAHRWDGI3P00r2sOnlvLHKk9eE7X93eT+4e5TeaQs
|
||||
OpE5zQRUTtshxN8Bnx2ToQ9rgi18q+MwXm2f0mrGakYYG0bix7ZgDQvCMD/kuRYmwLGdfsTXwh8K
|
||||
uL6uSHF+U/ZTss6qG7mxCHG9YvebkN5Yj/rYRvZ9/uJ9rieByxw4wo7b19p22PXkAkXP5y3+qK/O
|
||||
et98lqwI97kJhiS2zxFYRk+dXbazmoVHnozYKmsZaSUvoYNNH19tpS7BLdsgi9KpbvQLb5ywIMq9
|
||||
ut3+b2Xvzq8yzmHMFtLIJ6Afu1jJpqD82BUAFcvi5vhnP8M7b974R18WCOpgNQvXDI+2/8ZINeU=
|
||||
-----END CERTIFICATE-----');
|
||||
$r = $x509->saveX509($r);
|
||||
$r = $x509->loadX509($r);
|
||||
$this->assertSame($r['tbsCertificate']['extensions'][5]['extnValue']['excludedSubtrees'][1]['base']['iPAddress'], ['0.0.0.0', '0.0.0.0']);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user