mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-09-29 07:39:00 +00:00
- sign() didn't save subjectPublicKeyInfo correctly
- sign() could erase the subject's DN from an existing X.509 cert - setSerialNumber didn't save the serial number correctly git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@212 21d32557-59b3-4da0-833f-c5933fad653e
This commit is contained in:
parent
6d60fa63e5
commit
392ff50c00
@ -114,7 +114,7 @@ class File_X509 {
|
|||||||
* @var Array
|
* @var Array
|
||||||
* @access private
|
* @access private
|
||||||
*/
|
*/
|
||||||
var $dn = array('rdnSequence' => array());
|
var $dn;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Public key
|
* Public key
|
||||||
@ -1481,6 +1481,10 @@ class File_X509 {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* TODO:
|
||||||
|
"emailAddress attribute values are not case-sensitive (e.g., "subscriber@example.com" is the same as "SUBSCRIBER@EXAMPLE.COM")."
|
||||||
|
-- http://tools.ietf.org/html/rfc5280#section-4.1.2.6 */
|
||||||
|
|
||||||
switch (true) {
|
switch (true) {
|
||||||
case isset($this->currentCert['tbsCertificate']):
|
case isset($this->currentCert['tbsCertificate']):
|
||||||
// self-signed cert
|
// self-signed cert
|
||||||
@ -1622,6 +1626,9 @@ class File_X509 {
|
|||||||
*/
|
*/
|
||||||
function setDNProp($propName, $propValue)
|
function setDNProp($propName, $propValue)
|
||||||
{
|
{
|
||||||
|
if (empty($this->dn)) {
|
||||||
|
$this->dn = array('rdnSequence' => array());
|
||||||
|
}
|
||||||
|
|
||||||
switch (strtolower($propName)) {
|
switch (strtolower($propName)) {
|
||||||
case 'id-at-countryname':
|
case 'id-at-countryname':
|
||||||
@ -1889,14 +1896,18 @@ class File_X509 {
|
|||||||
*/
|
*/
|
||||||
function sign($issuer, $subject, $signatureAlgorithm = 'sha1WithRSAEncryption')
|
function sign($issuer, $subject, $signatureAlgorithm = 'sha1WithRSAEncryption')
|
||||||
{
|
{
|
||||||
if (!is_object($issuer->privateKey) || !is_array($issuer->dn)) {
|
if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($subject->publicKey) && !($subjectPublicKey = $subject->_formatSubjectPublicKey())) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$currentCert = $this->currentCert;
|
$currentCert = $this->currentCert;
|
||||||
$signatureSubject = $this->signatureSubject;
|
$signatureSubject = $this->signatureSubject;
|
||||||
|
|
||||||
if (is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) {
|
if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) {
|
||||||
$this->currentCert = $subject->currentCert;
|
$this->currentCert = $subject->currentCert;
|
||||||
if (!empty($this->startDate)) {
|
if (!empty($this->startDate)) {
|
||||||
$this->currentCert['tbsCertificate']['validity']['notBefore']['utcTime'] = $this->startDate;
|
$this->currentCert['tbsCertificate']['validity']['notBefore']['utcTime'] = $this->startDate;
|
||||||
@ -1906,11 +1917,21 @@ class File_X509 {
|
|||||||
$this->currentCert['tbsCertificate']['validity']['notAfter']['utcTime'] = $this->endDate;
|
$this->currentCert['tbsCertificate']['validity']['notAfter']['utcTime'] = $this->endDate;
|
||||||
unset($this->currentCert['tbsCertificate']['validity']['notAfter']['generalTime']);
|
unset($this->currentCert['tbsCertificate']['validity']['notAfter']['generalTime']);
|
||||||
}
|
}
|
||||||
|
if (!empty($this->serialNumber)) {
|
||||||
|
$this->currentCert['tbsCertificate']['serialNumber'] = $this->serialNumber;
|
||||||
|
}
|
||||||
if (!empty($subject->dn)) {
|
if (!empty($subject->dn)) {
|
||||||
$this->currentCert['tbsCertificate']['subject'] = $subject->dn;
|
$this->currentCert['tbsCertificate']['subject'] = $subject->dn;
|
||||||
}
|
}
|
||||||
|
if (!empty($subject->publicKey)) {
|
||||||
|
$this->currentCert['tbsCertificate']['subjectPublicKeyInfo'] = $subjectPublicKey;
|
||||||
|
}
|
||||||
$this->removeExtension('id-ce-authorityKeyIdentifier');
|
$this->removeExtension('id-ce-authorityKeyIdentifier');
|
||||||
} else {
|
} else {
|
||||||
|
if (!isset($subject->publicKey)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$startDate = empty($this->startDate) ? $this->startDate : @date('M j H:i:s Y T');
|
$startDate = empty($this->startDate) ? $this->startDate : @date('M j H:i:s Y T');
|
||||||
$endDate = empty($this->endDate) ? $this->endDate : @date('M j H:i:s Y T', strtotime('+1 year'));
|
$endDate = empty($this->endDate) ? $this->endDate : @date('M j H:i:s Y T', strtotime('+1 year'));
|
||||||
$serialNumber = empty($this->serialNumber) ? $this->serialNumber : "\0";
|
$serialNumber = empty($this->serialNumber) ? $this->serialNumber : "\0";
|
||||||
@ -1927,7 +1948,7 @@ class File_X509 {
|
|||||||
'notAfter' => array('utcTime' => $endDate) // $this->setEndDate()
|
'notAfter' => array('utcTime' => $endDate) // $this->setEndDate()
|
||||||
),
|
),
|
||||||
'subject' => $subject->dn,
|
'subject' => $subject->dn,
|
||||||
'subjectPublicKeyInfo' => $subject->publicKey->getPublicKey()
|
'subjectPublicKeyInfo' => $subjectPublicKey
|
||||||
),
|
),
|
||||||
'signatureAlgorithm' => $signatureAlgorithm,
|
'signatureAlgorithm' => $signatureAlgorithm,
|
||||||
'signature' => false // this is going to be overwritten later
|
'signature' => false // this is going to be overwritten later
|
||||||
@ -2039,7 +2060,7 @@ class File_X509 {
|
|||||||
*/
|
*/
|
||||||
function setSerialNumber($serial)
|
function setSerialNumber($serial)
|
||||||
{
|
{
|
||||||
$this->serialNumber = $serial;
|
$this->serialNumber = new Math_BigInteger($serial, -256);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -2143,4 +2164,27 @@ class File_X509 {
|
|||||||
$this->keyIdentifier = base64_encode($value);
|
$this->keyIdentifier = base64_encode($value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Format a public key as appropriate
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
* @return Array
|
||||||
|
*/
|
||||||
|
function _formatSubjectPublicKey()
|
||||||
|
{
|
||||||
|
if (!isset($this->publicKey) || !is_object($this->publicKey)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (strtolower(get_class($this->publicKey))) {
|
||||||
|
case 'crypt_rsa':
|
||||||
|
return array(
|
||||||
|
'algorithm' => array('algorithm' => 'rsaEncryption'),
|
||||||
|
'subjectPublicKey' => $this->publicKey->getPublicKey()
|
||||||
|
);
|
||||||
|
default:
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user