From dce03bb003542a09ca8bb98c2623606c31d97f40 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 3 Jun 2014 23:44:09 -0500 Subject: [PATCH 1/8] X509: add signSPKAC() and saveSPKAC() methods --- phpseclib/File/X509.php | 130 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 129 insertions(+), 1 deletion(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index e8c001aa..73e7a113 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -297,6 +297,14 @@ class File_X509 */ var $caFlag = false; + /** + * SPKAC Challenge + * + * @var String + * @access private + */ + var $challenge; + /** * Default Constructor. * @@ -2759,6 +2767,19 @@ class File_X509 $this->privateKey = $key; } + /** + * Set challenge + * + * Used for SPKAC CSR's + * + * @param String $challenge + * @access public + */ + function setChallenge($challenge) + { + $this->challenge = $challenge; + } + /** * Gets the public key * @@ -2952,7 +2973,8 @@ class File_X509 $asn1 = new File_ASN1(); - $temp = preg_replace('#(?:^[^=]+=)|[\r\n\\\]#', '', $spkac); + // OpenSSL produces SPKAC's that are preceeded by the string SPKAC= + $temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac); $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; if ($temp != false) { $spkac = $temp; @@ -3004,6 +3026,48 @@ class File_X509 return $spkac; } + /** + * Save a SPKAC CSR request + * + * @param Array $csr + * @param Integer $format optional + * @access public + * @return String + */ + function saveSPKAC($spkac, $format = FILE_X509_FORMAT_PEM) + { + if (!is_array($spkac) || !isset($spkac['publicKeyAndChallenge'])) { + return false; + } + + switch (true) { + case !($algorithm = $this->_subArray($spkac, 'publicKeyAndChallenge/spki/algorithm/algorithm')): + case is_object($spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']); + break; + default: + switch ($algorithm) { + case 'rsaEncryption': + $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'] + = base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']))); + } + } + + $asn1 = new File_ASN1(); + + $asn1->loadOIDs($this->oids); + $spkac = $asn1->encodeDER($spkac, $this->SignedPublicKeyAndChallenge); + + switch ($format) { + case FILE_X509_FORMAT_DER: + return $spkac; + // case FILE_X509_FORMAT_PEM: + default: + // OpenSSL's implementation of SPKAC requires the SPKAC be preceeded by SPKAC= and since there are pretty much + // no other SPKAC decoders phpseclib will use that same format + return 'SPKAC=' . base64_encode($spkac); + } + } + /** * Load a Certificate Revocation List * @@ -3368,6 +3432,70 @@ class File_X509 return $result; } + /** + * Sign a SPKAC + * + * @access public + * @return Mixed + */ + function signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption') + { + if (!is_object($this->privateKey)) { + return false; + } + + $origPublicKey = $this->publicKey; + $class = get_class($this->privateKey); + $this->publicKey = new $class(); + $this->publicKey->loadKey($this->privateKey->getPublicKey()); + $this->publicKey->setPublicKey(); + if (!($publicKey = $this->_formatSubjectPublicKey())) { + return false; + } + $this->publicKey = $origPublicKey; + + $currentCert = isset($this->currentCert) ? $this->currentCert : null; + $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: null; + + // re-signing a SPKAC seems silly but since everything else supports re-signing why not? + if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['publicKeyAndChallenge'])) { + $this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm; + $this->currentCert['publicKeyAndChallenge']['spki'] = $publicKey; + if (!empty($this->challenge)) { + // the bitwise AND ensures that the output is a valid IA5String + $this->currentCert['publicKeyAndChallenge']['challenge'] = $this->challenge & str_repeat("\x7F", strlen($this->challenge)); + } + } else { + $this->currentCert = array( + 'publicKeyAndChallenge' => + array( + 'spki' => $publicKey, + // quoting , + // "A challenge string that is submitted along with the public key. Defaults to an empty string if not specified." + // both Firefox and OpenSSL ("openssl spkac -key private.key") behave this way + // we could alternatively do this instead if we ignored the specs: + // crypt_random_string(8) & str_repeat("\x7F", 8) + 'challenge' => !empty($this->challenge) ? $this->challenge : '' + ), + 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm), + 'signature' => false // this is going to be overwritten later + ); + } + + // resync $this->signatureSubject + // save $publicKeyAndChallenge in case there are any File_ASN1_Element objects in it + $publicKeyAndChallenge = $this->currentCert['publicKeyAndChallenge']; + $this->loadSPKAC($this->saveSPKAC($this->currentCert)); + + $result = $this->_sign($this->privateKey, $signatureAlgorithm); + $result['publicKeyAndChallenge'] = $publicKeyAndChallenge; + + $this->currentCert = $currentCert; + $this->signatureSubject = $signatureSubject; + + return $result; + } + /** * Sign a CRL * From 75a045bec4c6908b9b2b6503de2143864acbb3c1 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 4 Jun 2014 00:11:57 -0500 Subject: [PATCH 2/8] X509: add SPKAC unit test --- tests/File/X509/SPKACTest.php | 79 +++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 tests/File/X509/SPKACTest.php diff --git a/tests/File/X509/SPKACTest.php b/tests/File/X509/SPKACTest.php new file mode 100644 index 00000000..da0171b1 --- /dev/null +++ b/tests/File/X509/SPKACTest.php @@ -0,0 +1,79 @@ + + * @copyright MMXIV Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +require_once 'File/X509.php'; +require_once 'Crypt/RSA.php'; + +class File_X509_SPKACTest extends PhpseclibTestCase +{ + public function testLoadSPKAC() + { + $test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgra3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweWY/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfMJE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYNZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JGGEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVINUv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9hyNtA=='; + + $x509 = new File_X509(); + + $spkac = $x509->loadSPKAC($test); + + $this->assertInternalType('array', $spkac); + + $spkac = $x509->loadSPKAC('SPKAC=' . $test); + + $this->assertInternalType('array', $spkac); + + $this->assertTrue( + $x509->validateSignature(), + 'Failed asserting that the signature is valid' + ); + + $pubKey = $x509->getPublicKey(); + + $this->assertInternalType('string', "$pubKey"); + } + + public function testSaveSPKAC() + { + $privKey = new Crypt_RSA(); + extract($privKey->createKey()); + $privKey->loadKey($privatekey); + + $x509 = new File_X509(); + $x509->setPrivateKey($privKey); + $x509->setChallenge('...'); + + $spkac = $x509->signSPKAC(); + $this->assertInternalType('array', $spkac); + + $this->assertInternalType('string', $x509->saveSPKAC($spkac)); + + $x509 = new File_X509(); + $x509->setPrivateKey($privKey); + + $spkac = $x509->signSPKAC(); + $this->assertInternalType('array', $spkac); + + $this->assertInternalType('string', $x509->saveSPKAC($spkac)); + } + + public function testBadSignatureSPKAC() + { + $test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgra3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweWY/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfMJE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYNZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JGGEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVINUv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9hyNtA=='; + + $x509 = new File_X509(); + + $spkac = $x509->loadSPKAC($test); + + $spkac['publicKeyAndChallenge']['challenge'] = 'zzzz'; + + $x509->loadSPKAC($x509->saveSPKAC($spkac)); + + $this->assertFalse( + $x509->validateSignature(), + 'Failed asserting that the signature is invalid' + ); + + } +} From 0cc6383c327a0f86dad6dd2527bc39cf070b2392 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 4 Jun 2014 00:22:46 -0500 Subject: [PATCH 3/8] X509: rm trailing white space from unit test --- tests/File/X509/SPKACTest.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/File/X509/SPKACTest.php b/tests/File/X509/SPKACTest.php index da0171b1..cfd17b48 100644 --- a/tests/File/X509/SPKACTest.php +++ b/tests/File/X509/SPKACTest.php @@ -36,11 +36,11 @@ class File_X509_SPKACTest extends PhpseclibTestCase public function testSaveSPKAC() { - $privKey = new Crypt_RSA(); - extract($privKey->createKey()); + $privKey = new Crypt_RSA(); + extract($privKey->createKey()); $privKey->loadKey($privatekey); - $x509 = new File_X509(); + $x509 = new File_X509(); $x509->setPrivateKey($privKey); $x509->setChallenge('...'); @@ -50,7 +50,7 @@ class File_X509_SPKACTest extends PhpseclibTestCase $this->assertInternalType('string', $x509->saveSPKAC($spkac)); $x509 = new File_X509(); - $x509->setPrivateKey($privKey); + $x509->setPrivateKey($privKey); $spkac = $x509->signSPKAC(); $this->assertInternalType('array', $spkac); From af0040b813b00448cfb2744cc685177e8281753f Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 5 Jun 2014 08:10:20 -0500 Subject: [PATCH 4/8] RSA: PHP4 compat changes --- phpseclib/Crypt/RSA.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 58fba1d6..3a1ddf1e 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -474,6 +474,10 @@ class Crypt_RSA } switch ( !defined('CRYPT_RSA_MODE') ) { // ie. only run this if the above didn't set CRYPT_RSA_MODE already + // openssl_pkey_get_details - which is used in the only place Crypt/RSA.php uses OpenSSL - was introduced in PHP 5.2.0 + case !function_exists('openssl_pkey_get_details'): + define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_INTERNAL); + break; case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>=') && file_exists($this->configFile): // some versions of XAMPP have mismatched versions of OpenSSL which causes it not to work ob_start(); From aabc5cf822221bf1ace80189ff2e4b90e2c7e26e Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 5 Jun 2014 08:10:52 -0500 Subject: [PATCH 5/8] X509: PHP4 compat changes --- phpseclib/File/X509.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 73e7a113..af596807 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -2509,7 +2509,8 @@ class File_X509 $asn1->loadFilters($filters); $result = ''; foreach ($dn['rdnSequence'] as $rdn) { - foreach ($rdn as &$attr) { + foreach ($rdn as $i=>$attr) { + $attr = &$rdn[$i]; if (is_array($attr['value'])) { foreach ($attr['value'] as $type => $v) { $type = array_search($type, $asn1->ANYmap, true); From b1ad911d20e54071701d4d5b09e5b7eefbb27a9e Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 5 Jun 2014 08:33:27 -0500 Subject: [PATCH 6/8] X509: CS adjustments --- phpseclib/File/X509.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index af596807..6a715739 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -3041,8 +3041,9 @@ class File_X509 return false; } + $algorithm = $this->_subArray($spkac, 'publicKeyAndChallenge/spki/algorithm/algorithm'); switch (true) { - case !($algorithm = $this->_subArray($spkac, 'publicKeyAndChallenge/spki/algorithm/algorithm')): + case !$algorithm: case is_object($spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']); break; default: @@ -3450,7 +3451,8 @@ class File_X509 $this->publicKey = new $class(); $this->publicKey->loadKey($this->privateKey->getPublicKey()); $this->publicKey->setPublicKey(); - if (!($publicKey = $this->_formatSubjectPublicKey())) { + $publicKey = $this->_formatSubjectPublicKey(); + if (!$publicKey) { return false; } $this->publicKey = $origPublicKey; From 4a9867951995a7884a45140a47fb079bc4c50711 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 5 Jun 2014 09:03:17 -0500 Subject: [PATCH 7/8] X509: move location of SPKAC unit test --- tests/{ => Unit}/File/X509/SPKACTest.php | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/{ => Unit}/File/X509/SPKACTest.php (100%) diff --git a/tests/File/X509/SPKACTest.php b/tests/Unit/File/X509/SPKACTest.php similarity index 100% rename from tests/File/X509/SPKACTest.php rename to tests/Unit/File/X509/SPKACTest.php From 231566c1fb51d8309501f20bd3d112af9c456bb4 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 5 Jun 2014 09:23:22 -0500 Subject: [PATCH 8/8] X509: Unit test CS changes --- tests/Unit/File/X509/SPKACTest.php | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/tests/Unit/File/X509/SPKACTest.php b/tests/Unit/File/X509/SPKACTest.php index cfd17b48..3690d773 100644 --- a/tests/Unit/File/X509/SPKACTest.php +++ b/tests/Unit/File/X509/SPKACTest.php @@ -8,11 +8,21 @@ require_once 'File/X509.php'; require_once 'Crypt/RSA.php'; -class File_X509_SPKACTest extends PhpseclibTestCase +class Unit_File_X509_SPKACTest extends PhpseclibTestCase { public function testLoadSPKAC() { - $test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgra3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweWY/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfMJE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYNZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JGGEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVINUv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9hyNtA=='; + $test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54' . + 'TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgr' . + 'a3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJ' . + 'ZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweW' . + 'Y/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfM' . + 'JE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYN' . + 'ZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JG' . + 'GEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVIN' . + 'Uv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5' . + 'dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9h' . + 'yNtA=='; $x509 = new File_X509(); @@ -60,7 +70,17 @@ class File_X509_SPKACTest extends PhpseclibTestCase public function testBadSignatureSPKAC() { - $test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgra3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweWY/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfMJE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYNZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JGGEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVINUv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9hyNtA=='; + $test = 'MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChgo9mWzQm3TSwGgpZnIc54' . + 'TZ8gYpfAO/AI0etvyWDqnFfdNCUQsqxTdSi6/rtrJdLGBsszRGrRIc/0JqmjM+jCHGYutLeo4xwgr' . + 'a3HAZrWDypL5IlRWnLmLA4U/qGXCXNSk+9NrJl39X3IDA8o/aOJyr9iMUJMvswcWjVjPom3NhAgmJ' . + 'ZwW0vUEMw9zszExpiRnGSO5XXntQW2qvfzo+J3NzS3BBbKxEmTsfOLHextcXeFQUaBQHXB/WOtweW' . + 'Y/Bd4iZ8ETmhal28g1HWVcTFPD+V+KPRFeARlVEW6JmcJucW2WdJlBGKXXXPEfdHrDS3OgD/eDWfM' . + 'JE4mChZ/icxAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAUMvIKhlSgEgbC081b/FJwh6mbuVgYN' . + 'ZV37Ts2WjrHoDFlabu9WXU8xzgaXct3sO51vJM5I36rY4UPyc6w3y9dLaamEwKUoWnpHG8mlXs2JG' . + 'GEUOvxh5z9yfk/2ZmdCVBlKnU1LDB+ZDyNyNh5B0YULrJKw9e0jV+ymP7srwUSBcdUfZh1KEKGVIN' . + 'Uv4J3GuL8V63E2unWCHGRPw4EmFVTbWpgMx96XR7p/pMavu6/pVKgYQqWLOmEeOK+dmT/QVon28d5' . + 'dmeL7aWrpP+3x3L0A9cATksracQX676XogdAEXJ59fcr/S5AGw1TFErbyBbfyeAWvzDZIXeMXpb9h' . + 'yNtA=='; $x509 = new File_X509();