X509: fix issue with explicit time tags whose maps expect implicit

This commit is contained in:
terrafrost 2019-08-02 21:51:06 -05:00
parent 19ad5d27da
commit 511f55de3d
3 changed files with 50 additions and 2 deletions

View File

@ -787,7 +787,14 @@ class File_ASN1
case FILE_ASN1_TYPE_UTC_TIME: case FILE_ASN1_TYPE_UTC_TIME:
case FILE_ASN1_TYPE_GENERALIZED_TIME: case FILE_ASN1_TYPE_GENERALIZED_TIME:
if (class_exists('DateTime')) { if (class_exists('DateTime')) {
if (isset($mapping['implicit'])) { // for explicitly tagged optional stuff
if (is_array($decoded['content'])) {
$decoded['content'] = $decoded['content'][0]['content'];
}
// for implicitly tagged optional stuff
// in theory, doing isset($mapping['implicit']) would work but malformed certs do exist
// in the wild that OpenSSL decodes without issue so we'll support them as well
if (!is_object($decoded['content'])) {
$decoded['content'] = $this->_decodeDateTime($decoded['content'], $decoded['type']); $decoded['content'] = $this->_decodeDateTime($decoded['content'], $decoded['type']);
} }
if (!$decoded['content']) { if (!$decoded['content']) {
@ -795,7 +802,10 @@ class File_ASN1
} }
return $decoded['content']->format($this->format); return $decoded['content']->format($this->format);
} else { } else {
if (isset($mapping['implicit'])) { if (is_array($decoded['content'])) {
$decoded['content'] = $decoded['content'][0]['content'];
}
if (!is_int($decoded['content'])) {
$decoded['content'] = $this->_decodeUnixTime($decoded['content'], $decoded['type']); $decoded['content'] = $this->_decodeUnixTime($decoded['content'], $decoded['type']);
} }
return @date($this->format, $decoded['content']); return @date($this->format, $decoded['content']);

View File

@ -982,6 +982,13 @@ class File_X509
'children' => $AccessDescription 'children' => $AccessDescription
); );
$this->SubjectInfoAccessSyntax = array(
'type' => FILE_ASN1_TYPE_SEQUENCE,
'min' => 1,
'max' => -1,
'children' => $AccessDescription
);
$this->SubjectAltName = $GeneralNames; $this->SubjectAltName = $GeneralNames;
$this->PrivateKeyUsagePeriod = array( $this->PrivateKeyUsagePeriod = array(
@ -1922,6 +1929,8 @@ class File_X509
return $this->ExtKeyUsageSyntax; return $this->ExtKeyUsageSyntax;
case 'id-pe-authorityInfoAccess': case 'id-pe-authorityInfoAccess':
return $this->AuthorityInfoAccessSyntax; return $this->AuthorityInfoAccessSyntax;
case 'id-pe-subjectInfoAccess':
return $this->SubjectInfoAccessSyntax;
case 'id-ce-subjectAltName': case 'id-ce-subjectAltName':
return $this->SubjectAltName; return $this->SubjectAltName;
case 'id-ce-subjectDirectoryAttributes': case 'id-ce-subjectDirectoryAttributes':

View File

@ -363,4 +363,33 @@ class Unit_File_ASN1Test extends PhpseclibTestCase
$this->assertSame(pack('H*', '6983f09da7ebcfdee0c7a1a7b2c0948cc8f9d776'), $new); $this->assertSame(pack('H*', '6983f09da7ebcfdee0c7a1a7b2c0948cc8f9d776'), $new);
$this->assertSame($orig, $asn1->_decodeOID($new)); $this->assertSame($orig, $asn1->_decodeOID($new));
} }
/**
* @group github1388
*/
public function testExplicitImplicitDate()
{
$map = [
'type' => FILE_ASN1_TYPE_SEQUENCE,
'children' => [
'notBefore' => [
'constant' => 0,
'optional' => true,
'implicit' => true,
'type' => FILE_ASN1_TYPE_GENERALIZED_TIME],
'notAfter' => [
'constant' => 1,
'optional' => true,
'implicit' => true,
'type' => FILE_ASN1_TYPE_GENERALIZED_TIME]
]
];
$asn1 = new File_ASN1();
$a = pack('H*', '3026a011180f32303137303432313039303535305aa111180f32303138303432313230353935395a');
$a = $asn1->decodeBER($a);
$a = $asn1->asn1map($a[0], $map);
$this->assertInternalType('array', $a);
}
} }