terrafrost
dfa583b9ea
X509: Array -> array (CS consistency)
2014-03-29 15:26:50 -05:00
Michael Braun
457f8fbb99
fix certificate date encoding
...
RFC 3280 requires in section
- 4.1.2.5 Validity
- 5.1.2.4 This Update
- 5.1.2.5 Next Update
- 5.1.2.6 Revoked Certificates
that dates are to be encoded as utcTime iff they are before 2050 and
as generalTime otherwise.
Currently, phpseclib does not respect this by always choosing generalTime.
Further, the format used interally to represent dates only keeps two digits,
so dates in 2050 and later cannot be represented in this format.
This patch fixes this by
1. changing the interal format to be capable of unambiguously representing
dates in 2050 or later (i.e. use four digits to represent the year),
2. choosing between utcTime and generalTime accordingly.
Without this patch, openssl_x509_parse complains:
Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp
2014-03-28 15:02:50 +01:00
Andreas Fischer
fb1296bbec
Drop meaningless, outdated, inconsistent version tags in doc blocks.
...
find phpseclib -type f -name "*.php" -exec sed -i '/@version/d' {} \;
2014-03-11 15:58:33 +01:00
Veres Lajos
930a3fb4d2
typofixes - https://github.com/vlajos/misspell_fixer
2014-03-05 23:41:20 +00:00
Graham Campbell
1c2796e3eb
Cleaned up whitespace
2014-01-18 17:29:25 +00:00
terrafrost
b23a693ae5
RSA: update comments for _extractBER
2013-12-26 01:46:58 -06:00
Andreas Fischer
f0f029b2c1
CS: Fix "PEAR.Commenting.ClassComment.WrongTagOrder" sniff.
2013-12-11 18:33:18 +01:00
Andreas Fischer
3db1fbb072
CS: Fix "PEAR.Commenting.FileComment.TagIndent" sniff.
2013-12-10 20:10:37 +01:00
Andreas Fischer
cee0f3343b
CS: Fix "PEAR.Formatting.MultiLineAssignment.EqualSignLine" sniff.
2013-12-07 20:47:30 +01:00
Andreas Fischer
6d1fb9f7db
CS: Fix "PEAR.Files.IncludingFile.UseIncludeOnce" sniff.
2013-12-06 01:03:34 +01:00
Andreas Fischer
bc6ff96292
Fix "PEAR.Files.IncludingFile.BracketsNotRequired" sniff.
2013-12-05 23:17:40 +01:00
Andreas Fischer
161bb7d362
CS: Fix PEAR.ControlStructures.ControlSignature sniff.
2013-12-03 21:04:13 +01:00
Andreas Fischer
9ca5f83dec
CS: Fix Generic.Functions.FunctionCallArgumentSpacing.NoSpaceAfterComma sniff.
2013-12-03 20:52:08 +01:00
Andreas Fischer
e09f1b730e
CodeSniffer: Fix PEAR.Classes.ClassDeclaration.OpenBraceNewLine sniff.
2013-12-03 19:34:41 +01:00
Andreas Fischer
ca9c8b107b
CodeSniffer: Fix Generic.PHP.LowerCaseConstant.Found sniff.
2013-12-03 18:54:43 +01:00
Marc Philip Scholten
3bfd884813
Removed vim comments
...
Reformated files
2013-11-23 19:42:26 +01:00
terrafrost
a577a09a4f
X509: make it so ip addresses and domain names can be used together
2013-10-09 14:51:34 -05:00
terrafrost
9b53c45f04
ASN1,X509: add support for ip addresses in subjaltname
...
(among other places)
2013-10-09 14:25:52 -05:00
terrafrost
d2f6362878
X509: assume anything being passed into setPublicKey() is a public key
2013-10-05 21:28:33 -05:00
terrafrost
7b5542cc8a
X509: re-use existing BER extraction code
2013-08-02 10:52:58 -05:00
terrafrost
73f167e99e
X509: load Math/BigInteger for ASN1 description
2013-07-30 16:07:40 -05:00
terrafrost
d714dd35f0
X509: $csr -> $spkac in loadSPKAC() function
2013-07-26 16:10:34 -05:00
terrafrost
d52f217512
X509: change return value for validateSignature when cert isn't loaded
2013-07-26 15:40:16 -05:00
terrafrost
01bb284119
X509: adjust case of id-at-stateorprovinceName
...
Re: https://github.com/phpseclib/phpseclib/issues/130
2013-07-14 04:40:12 -05:00
terrafrost
fe3765fe17
X509: don't validate self-signed certs by default
2013-06-08 12:40:39 -05:00
Andreas Fischer
727dba5905
[remove-svn-version-lines] Remove useless @version: $Id$ lines.
...
These lines served some purpose on SVN, but are now useless on Git. They
actually do harm as they might make people think their files are older
than they actually are.
2013-06-02 18:50:46 +02:00
Andreas Fischer
aa2e1ff177
[sourceforge-url-typo] {htp:// -> http://}phpseclib.sourceforge.net
2013-06-02 17:56:05 +02:00
Hans-Jürgen Petrich
b242259d17
optimizations
2013-05-13 12:41:52 +07:00
Veres Lajos
dd2a4ddff2
typofixes
2013-05-08 15:34:07 +01:00
terrafrost
fae87be6f5
X509: Revamp base64 handling
2013-04-02 19:36:52 -05:00
Patrick Monnerat
6b49b7d108
X509: Fix private key identifier computation on a File_ASN1_Element
2013-02-21 15:46:10 +01:00
Gemorroj
1e3e44e3c6
revert == instead ===
2013-02-20 17:55:44 +03:00
Gemorroj
cc2c844d0e
some minor fixes
2013-02-20 16:46:13 +03:00
terrafrost
5910f7c14f
Update date format in File/X509.php
...
Update it to be consistent with bdd42c448b
Thanks runaway518!
2013-02-05 07:53:36 -06:00
terrafrost
248e3bb085
Undo last commit
2013-01-30 08:37:50 -06:00
terrafrost
bfb04dcf4d
Add __construct() constructor to make namespace'ing easier for those wishing to do it
2013-01-29 22:09:31 -06:00
terrafrost
e71fc97913
Revamp SSH1 logging and go back to using user_error
...
(_handle_error returned the line number in _handle_error - not the line number triggering the error)
2013-01-08 22:09:27 -06:00
terrafrost
aa3da09747
Add limited SPKAC support
2012-12-19 00:21:55 -06:00
terrafrost
e4ccaef7bf
Make PEM lines be 64 bytes long instead of 72
...
Also, add more notes to Crypt_Random's comments
2012-12-18 07:11:24 -06:00
Patrick Monnerat
18fc6b7712
X509: Fix typo: ';' --> ':'
2012-12-10 12:27:07 +01:00
Patrick Monnerat
06779a92de
Merge branch 'master' of https://github.com/phpseclib/phpseclib into pmexts
2012-12-10 12:10:06 +01:00
Patrick Monnerat
f039a6ebc2
RSA: Allow changing openssl configuration file. X509: process HoldInstructionCode.
...
Also fixes HoldInstruction* OIDs.
2012-12-10 12:07:49 +01:00
terrafrost
27f6012d62
Make it so extension OIDs can be File_ASN1_Elements
2012-12-01 10:52:10 -06:00
terrafrost
d130d2274d
Make the save*() functions save in multiple formats
...
Currently only PEM and DER supported.
Also make fuzzing enhancements
2012-11-30 08:31:16 -06:00
terrafrost
3c6ae4312f
The user_error in _handle_error shouldn't be replaced..
2012-11-29 00:19:09 -06:00
terrafrost
3caaa91160
Replace user_error() with new _handle_error() function
...
To use exceptions do define('PHPSECLIB_USE_EXCEPTIONS', true).
To have the exceptions thrown by phpseclib be of a certain class define PHPSECLIB_EXCEPTION_CLASS.
2012-11-28 23:33:15 -06:00
terrafrost
8ea452ed31
type in comment
...
(testing out github.com's edit via web interface)
2012-11-27 10:11:49 -06:00
terrafrost
0b9f743343
Add getChain() function
...
Also improve loading of raw certs
2012-11-25 23:06:58 -06:00
terrafrost
76cb693d62
CS adjustments, make it so PEM-encoded CRLs can be read (again) and make it so already decoded CSRs and CRLs can be read
2012-11-23 19:04:04 -06:00
terrafrost
7e120a0f30
Make validateSignature() behave more intuitively
2012-11-19 21:10:22 -06:00
terrafrost
406e7e90e9
CS adjustments
2012-11-18 16:16:11 -06:00
Patrick Monnerat
a61d7ba29b
X509: *Attribute() functions may now handle single values.
2012-11-14 16:33:32 +01:00
terrafrost
691f4d1e62
Make it so loadCA() doesn't have to be called before loadX509() or loadCRL()
2012-11-13 00:43:45 -06:00
terrafrost
d492d19748
X509: Missing $
2012-11-13 00:37:54 -06:00
terrafrost
1fd87dcd35
Fix bug in listRevoked() and make it so getSubjectDN() doesn't return issuer DN for CRLs
2012-11-13 00:33:15 -06:00
terrafrost
1abc7e742b
X509: CSRs and CRLs didn't have the signatureSubject variable saved properly
2012-11-12 23:51:41 -06:00
terrafrost
661eb8db3f
Missing ;
2012-11-12 01:05:24 -06:00
terrafrost
0e0eebf456
CS adjustments, make loadXXX() take in binary data, and make getDN() == getIssuerDN() for CRLs
2012-11-12 00:46:03 -06:00
Patrick Monnerat
ac8d0172eb
Merge branch 'master' of https://github.com/phpseclib/phpseclib into pmexts
2012-11-08 12:51:07 +01:00
Patrick Monnerat
7fbf089e32
X509: Do not use memory-wasting create_function()
2012-11-08 12:45:17 +01:00
Patrick Monnerat
dde23464a1
X509: Fix typo.
2012-11-07 16:29:18 +01:00
Patrick Monnerat
5ef4f9900a
X509: Suppress {get|set|remove}CRLExtension() functions: non *CRL* functions are now polymorphic.
2012-11-07 16:23:01 +01:00
Patrick Monnerat
d980a91360
X509: Fix DirectoryString syntax
2012-11-07 16:21:23 +01:00
Patrick Monnerat
9860f020c3
X509: Fix typo.
2012-11-07 15:41:41 +01:00
Patrick Monnerat
9b2a6d68f4
X509: Add CSR attributes handling support and CSR extension requests.
2012-11-07 15:35:10 +01:00
Patrick Monnerat
bf2107eaa8
X509: Suppress {get|set|remove}CRLExtension() functions: non *CRL* functions are now polymorphic.
2012-11-07 15:18:55 +01:00
Patrick Monnerat
1a0ae1ff76
X509: Fix DirectoryString syntax.
2012-11-07 15:03:58 +01:00
Patrick Monnerat
0afed5b65b
X509: adjust comments
2012-11-05 12:08:20 +01:00
Patrick Monnerat
916dcff8a8
ASN1/X509: implement limited string conversion. Add getDN() options.
...
Warning: converted strings must not be used for matching DNs.
2012-11-02 16:53:32 +01:00
Patrick Monnerat
26b842be5b
X509: compute public key identifiers.
...
Force subject public key identifier when signing a CA.
2012-10-29 18:21:25 +01:00
Patrick Monnerat
c1c9c38fe6
X509: Avoid an "undefined" error and define netscape-ca-policy-url OID.
2012-10-24 13:36:18 +02:00
Patrick Monnerat
340ee0cd2d
ASN1/X509: latch effective type of ANY fields as an additional indexing level.
2012-10-23 13:37:51 +02:00
terrafrost
9e803fe374
Return $this->publicKey if it's available in getPublicKey() function
2012-10-22 00:27:26 -05:00
terrafrost
ce250ea546
Rename $keyIdentifier to $currentKeyIdentifier
...
$KeyIdentifier (upper case) is already defined and although it doesn't cause any problems with $keyIdentifier (lower case) I still think it's poor practice
2012-10-18 00:37:48 -05:00
Patrick Monnerat
2c7c7b9679
X509, ASN1: Fix CS and indent. Remove tabs.
2012-10-12 16:17:34 +02:00
monnerat
ef96f777c3
X509: setSerialNumber(): new optional parameter $base
2012-10-12 03:29:25 +01:00
monnerat
711d44f0e5
X509: implement CRLs.
2012-10-12 03:13:39 +01:00
monnerat
6da490d00a
X509: new setExtension() method.
2012-10-12 03:03:21 +01:00
monnerat
bc7a59bc8c
X509: factorize some code in prevision of CRL support.
2012-10-12 02:56:23 +01:00
monnerat
73b0d05ddc
X509: set-up key identifier upon certificate loading.
2012-10-12 02:42:19 +01:00
monnerat
4f634aaca8
X509: avoid some "undefined" errors.
2012-10-12 02:37:55 +01:00
terrafrost
7d1e714a08
Remove extra white space
2012-10-07 09:48:58 -05:00
terrafrost
32857c5e7f
CS adjustment
2012-10-06 10:50:19 -05:00
Patrick Monnerat
f4b03722fd
X509: handle multiple-valued attributes in setDNProp(). Fix setDN().
2012-10-01 12:35:43 +02:00
Patrick Monnerat
45512c7a50
X509: Fix emailAddress attribute name mapping.
2012-09-27 16:50:58 +02:00
Patrick Monnerat
1377d56a4e
X509: fix typo: improve new DN attrs handling.
2012-09-27 15:15:12 +02:00
Patrick Monnerat
29b9642965
X509: Fix 'OU' attribute mapping, add 'SN' (surname) short name, add 'role', 'title', 'description', 'x500UniqueIdentifier' DN attributes.
2012-09-27 14:38:37 +02:00
terrafrost
076050cc19
Ignore white spaces in CSRs and X.509 certs
2012-09-26 00:34:37 -05:00
terrafrost
a3781bd172
Changing the public key format broke File_X509
2012-09-03 01:32:57 -05:00
terrafrost
e2ae5100c2
Fix a few E_NOTICEs
2012-08-28 03:04:15 -05:00
terrafrost
c2850cd36a
- certs couldn't be signed since setDNProp didn't work as it should
2012-08-06 23:00:34 -05:00
terrafrost
8d34cb11e9
- validateDate didn't work
2012-08-05 10:55:47 -05:00
terrafrost
30391fe2b6
- add getSubjectDN and getSubjectDNProp as aliases
2012-08-02 16:04:11 -05:00
terrafrost
8f2994349c
- fix getDNProp(), add getIssuerDNProp()
2012-07-24 08:15:54 -05:00
terrafrost
1417463eba
- make Crypt_RSA use openssl for key generation (if openssl is available) and make it so File_X509 can create CSRs
2012-07-01 12:07:42 -05:00
Rob Loach
7e9a975296
Add Composer support to phpseclib
2012-06-08 15:38:27 -04:00
Andreas Fischer
3e450fa978
[topic/36062] Change unconditional includes to require_once in ASN1 and X509.
2012-06-06 13:14:06 +02:00
Jim Wigginton
5a4595ab56
- when the child is an optional CHOICE it needs to be explicit and not implicit
...
- make asn1map more accurate
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@219 21d32557-59b3-4da0-833f-c5933fad653e
2012-05-13 17:52:12 +00:00
Jim Wigginton
5db0f88218
- add blinded rsa equality test (thanks singpolyma!)
...
- make validateSignature behave more like openssl_verify()
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@218 21d32557-59b3-4da0-833f-c5933fad653e
2012-05-05 23:57:30 +00:00
Jim Wigginton
da8614a511
- add getIssuerDN()
...
- fill in getPublicKey() stub
- add 'lifetime' option to setEndDate()
- fix a bug that'd prevent certs with File_ASN1_Element being saved
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@215 21d32557-59b3-4da0-833f-c5933fad653e
2012-04-23 03:57:34 +00:00
Jim Wigginton
a90bba115c
- make it so certs can be setup as CA's
...
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@214 21d32557-59b3-4da0-833f-c5933fad653e
2012-04-22 17:11:29 +00:00
Jim Wigginton
3dd9e2b318
- id-at-organizationalUnitName was misnamed as id-at-dnQualifier
...
- make it so CA's can't be loaded if the keyusage extension doesn't permit their being loaded
- implement validateURL() function stub
- add support for a few more DN attributes
- add removeDNProp(), getDNProp() and setDomain()
- fixed some issues preventing new certs from being signed
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@213 21d32557-59b3-4da0-833f-c5933fad653e
2012-04-22 06:00:55 +00:00
Jim Wigginton
392ff50c00
- sign() didn't save subjectPublicKeyInfo correctly
...
- sign() could erase the subject's DN from an existing X.509 cert
- setSerialNumber didn't save the serial number correctly
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@212 21d32557-59b3-4da0-833f-c5933fad653e
2012-04-17 06:47:39 +00:00
Jim Wigginton
960dd01fe1
- add full support for the id-ce-authorityKeyIdentifier and id-ce-subjectKeyIdentifier extensions via setKeyIdentifier() function
...
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@210 21d32557-59b3-4da0-833f-c5933fad653e
2012-04-16 04:35:37 +00:00
Jim Wigginton
3f9aa1ad6a
- make it so an array returned by loadX509() can be reloaded by loadX509()
...
- validateDate() didn't work
- add postalCode and streetAddress as supported DN attributes
- add getDN()
- split setKey() out into setPrivateKey() and setPublicKey()
- add sign(), setStartDate(), setEndDate(), setSerialNumber(), removeExtension(), getExtension() and getExtensions()
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@209 21d32557-59b3-4da0-833f-c5933fad653e
2012-04-15 17:17:16 +00:00
Jim Wigginton
09f4bef2f1
- add loadCSR(), setKey(), setDN() and setDNProp()
...
- refactor some code
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@208 21d32557-59b3-4da0-833f-c5933fad653e
2012-04-09 03:13:53 +00:00
Jim Wigginton
42e5ad80f7
- BMPString's should be decoded via decodeBER(), use UTF8 strings for everything but policy qualifiers and make policy qualifiers optional
...
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@207 21d32557-59b3-4da0-833f-c5933fad653e
2012-03-25 00:24:03 +00:00
Jim Wigginton
5cc327e0c3
- fix a bunch of E_NOTICEs, add support for the id-ce-certificatePolicies extension, add limited validation
...
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@206 21d32557-59b3-4da0-833f-c5933fad653e
2012-03-20 05:25:43 +00:00
Jim Wigginton
1b2dde6e7d
- encode the subjectPublicKey in a format Crypt_RSA can use (assuming the algorithm is rsaEncryption)
...
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@203 21d32557-59b3-4da0-833f-c5933fad653e
2012-03-11 19:00:28 +00:00
Jim Wigginton
1b161ece26
- add support for id-ce-nameConstraints
...
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@202 21d32557-59b3-4da0-833f-c5933fad653e
2012-03-11 08:41:06 +00:00
Jim Wigginton
441ada0502
- add an X.509 encoder / decoder
...
git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@201 21d32557-59b3-4da0-833f-c5933fad653e
2012-03-11 07:54:41 +00:00