octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-11-06 05:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

X509: Suppress {get|set|remove}CRLExtension() functions: non *CRL* functions are now polymorphic.

Browse Source
This commit is contained in:
Patrick Monnerat 2012-11-07 16:23:01 +01:00
parent d980a91360
commit 5ef4f9900a
1 changed files with 103 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
phpseclib/File/X509.php
View File

@ -1853,7 +1853,7 @@ class File_X509 {
for ($i = 0; $i < count($this->CAs); $i++) { for ($i = 0; $i < count($this->CAs); $i++) {
$ca = $this->CAs[$i]; $ca = $this->CAs[$i];
if ($this->currentCert['tbsCertList']['issuer'] === $ca['tbsCertificate']['subject']) { if ($this->currentCert['tbsCertList']['issuer'] === $ca['tbsCertificate']['subject']) {
$authorityKey = $this->getCRLExtension('id-ce-authorityKeyIdentifier'); $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier');
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca); $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
switch (true) { switch (true) {
case !is_array($authorityKey): case !is_array($authorityKey):
@ -2959,12 +2959,12 @@ class File_X509 {
$crlNumber = $this->serialNumber; $crlNumber = $this->serialNumber;
} }
else { else {
$crlNumber = $this->getCRLExtension('id-ce-cRLNumber'); $crlNumber = $this->getExtension('id-ce-cRLNumber');
$crlNumber = $crlNumber !== false ? $crlNumber->add(new Math_BigInteger(1)) : NULL; $crlNumber = $crlNumber !== false ? $crlNumber->add(new Math_BigInteger(1)) : NULL;
} }
$this->removeCRLExtension('id-ce-authorityKeyIdentifier'); $this->removeExtension('id-ce-authorityKeyIdentifier');
$this->removeCRLExtension('id-ce-issuerAltName'); $this->removeExtension('id-ce-issuerAltName');
// Be sure version >= v2 if some extension found. // Be sure version >= v2 if some extension found.
$version = isset($tbsCertList['version']) ? $tbsCertList['version'] : 0; $version = isset($tbsCertList['version']) ? $tbsCertList['version'] : 0;
@ -2988,11 +2988,11 @@ class File_X509 {
// Store additional extensions. // Store additional extensions.
if (!empty($tbsCertList['version'])) { // At least v2. if (!empty($tbsCertList['version'])) { // At least v2.
if (!empty($crlNumber)) { if (!empty($crlNumber)) {
$this->setCRLExtension('id-ce-cRLNumber', $crlNumber); $this->setExtension('id-ce-cRLNumber', $crlNumber);
} }
if (isset($issuer->currentKeyIdentifier)) { if (isset($issuer->currentKeyIdentifier)) {
$this->setCRLExtension('id-ce-authorityKeyIdentifier', array( $this->setExtension('id-ce-authorityKeyIdentifier', array(
//'authorityCertIssuer' => array( //'authorityCertIssuer' => array(
// array( // array(
// 'directoryName' => $issuer->dn // 'directoryName' => $issuer->dn
@ -3011,7 +3011,7 @@ class File_X509 {
$issuerAltName = $this->getExtension('id-ce-subjectAltName', $issuer->currentCert); $issuerAltName = $this->getExtension('id-ce-subjectAltName', $issuer->currentCert);
if ($issuerAltName !== false) { if ($issuerAltName !== false) {
$this->setCRLExtension('id-ce-issuerAltName', $issuerAltName); $this->setExtension('id-ce-issuerAltName', $issuerAltName);
} }
} }
@ -3161,17 +3161,54 @@ class File_X509 {
return $root; return $root;
} }
/**
* Get a reference to an extension subarray
*
* @param array $root
* @param String $path optional absolute path with / as component separator
* @param Boolean $create optional
* @access private
* @return array ref or false
*/
function &_extensions(&$root, $path = NULL, $create = false)
{
if (!isset($root)) {
$root = $this->currentCert;
}
switch (true) {
case !empty($path):
case !is_array($root):
break;
case isset($root['tbsCertificate']):
$path = 'tbsCertificate/extensions';
break;
case isset($root['tbsCertList']):
$path = 'tbsCertList/crlExtensions';
break;
}
$extensions = &$this->_subArray($root, $path, $create);
if (!is_array($extensions)) {
$false = false;
return $false;
}
return $extensions;
}
/** /**
* Remove an Extension * Remove an Extension
* *
* @param String $id * @param String $id
* @param String $path optional * @param String $path optional
* @access public * @access private
* @return Boolean * @return Boolean
*/ */
function removeExtension($id, $path = 'tbsCertificate/extensions') function _removeExtension($id, $path = NULL)
{ {
$extensions = &$this->_subArray($this->currentCert, $path); $extensions = &$this->_extensions($this->currentCert, $path);
if (!is_array($extensions)) { if (!is_array($extensions)) {
return false; return false;
@ -3186,22 +3223,9 @@ class File_X509 {
} }
$extensions = array_values($extensions); $extensions = array_values($extensions);
return $result; return $result;
} }
/**
* Remove a CRL Extension
*
* @param String $id
* @access public
* @return Boolean
*/
function removeCRLExtension($id)
{
return $this->removeExtension($id, 'tbsCertList/crlExtensions');
}
/** /**
* Get an Extension * Get an Extension
* *
@ -3210,16 +3234,12 @@ class File_X509 {
* @param String $id * @param String $id
* @param Array $cert optional * @param Array $cert optional
* @param String $path optional * @param String $path optional
* @access public * @access private
* @return Mixed * @return Mixed
*/ */
function getExtension($id, $cert = NULL, $path = 'tbsCertificate/extensions') function _getExtension($id, $cert = NULL, $path = NULL)
{ {
if (!isset($cert)) { $extensions = $this->_extensions($cert, $path);
$cert = $this->currentCert;
}
$extensions = $this->_subArray($cert, $path);
if (!is_array($extensions)) { if (!is_array($extensions)) {
return false; return false;
@ -3234,36 +3254,17 @@ class File_X509 {
return false; return false;
} }
/**
* Get a CRL Extension
*
* Returns the extension if it exists and false if not
*
* @param String $id
* @param Array $crl optional
* @access public
* @return Mixed
*/
function getCRLExtension($id, $crl = NULL)
{
return $this->getExtension($id, $crl, 'tbsCertList/crlExtensions');
}
/** /**
* Returns a list of all extensions in use * Returns a list of all extensions in use
* *
* @param array $cert optional * @param array $cert optional
* @param String $path optional * @param String $path optional
* @access public * @access private
* @return Array * @return Array
*/ */
function getExtensions($cert = NULL, $path = 'tbsCertificate/extensions') function _getExtensions($cert = NULL, $path = NULL)
{ {
if (!isset($cert)) { $exts = $this->_extensions($cert, $path);
$cert = $this->currentCert;
}
$exts = $this->_subArray($cert, $path);
$extensions = array(); $extensions = array();
if (is_array($exts)) { if (is_array($exts)) {
@ -3275,18 +3276,6 @@ class File_X509 {
return $extensions; return $extensions;
} }
/**
* Returns a list of all CRL extensions in use
*
* @param array $crl optional
* @access public
* @return Array
*/
function getCRLExtensions($crl = NULL)
{
return $this->getExtensions($crl, 'tbsCertList/crlExtensions');
}
/** /**
* Set an Extension * Set an Extension
* *
@ -3295,12 +3284,12 @@ class File_X509 {
* @param Boolean $critical optional * @param Boolean $critical optional
* @param Boolean $replace optional * @param Boolean $replace optional
* @param String $path optional * @param String $path optional
* @access public * @access private
* @return Boolean * @return Boolean
*/ */
function setExtension($id, $value, $critical = false, $replace = true, $path = 'tbsCertificate/extensions') function _setExtension($id, $value, $critical = false, $replace = true, $path = NULL)
{ {
$extensions = &$this->_subArray($this->currentCert, $path, true); $extensions = &$this->_extensions($this->currentCert, $path, true);
if (!is_array($extensions)) { if (!is_array($extensions)) {
return false; return false;
@ -3324,18 +3313,57 @@ class File_X509 {
} }
/** /**
* Set a CRL Extension * Remove a certificate or CRL Extension
*
* @param String $id
* @access public
* @return Boolean
*/
function removeExtension($id)
{
return $this->_removeExtension($id);
}
/**
* Get a certificate or CRL Extension
*
* Returns the extension if it exists and false if not
*
* @param String $id
* @param Array $cert optional
* @access public
* @return Mixed
*/
function getExtension($id, $cert = NULL)
{
return $this->_getExtension($id, $cert);
}
/**
* Returns a list of all extensions in use in certificate or CRL
*
* @param array $cert optional
* @access public
* @return Array
*/
function getExtensions($cert = NULL)
{
return $this->_getExtensions($cert);
}
/**
* Set a certificate or CRL Extension
* *
* @param String $id * @param String $id
* @param Mixed $value * @param Mixed $value
* @param Boolean $critical optional * @param Boolean $critical optional
* @param Boolean $replace optional * @param Boolean $replace optional
* @access public * @access private
* @return Boolean * @return Boolean
*/ */
function setCRLExtension($id, $value, $critical = false, $replace = true) function setExtension($id, $value, $critical = false, $replace = true)
{ {
return $this->setExtension($id, $value, $critical, $replace, 'tbsCertList/crlExtensions'); return $this->_setExtension($id, $value, $critical, $replace);
} }
/** /**
@ -3607,7 +3635,7 @@ class File_X509 {
{ {
if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) { if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {
if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) { if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
return $this->removeExtension($id, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); return $this->_removeExtension($id, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
} }
} }
@ -3633,7 +3661,7 @@ class File_X509 {
if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) { if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) {
if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) { if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
return $this->getExtension($id, $crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); return $this->_getExtension($id, $crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
} }
} }
@ -3656,7 +3684,7 @@ class File_X509 {
if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) { if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) {
if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) { if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
return $this->getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); return $this->_getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
} }
} }
@ -3679,7 +3707,7 @@ class File_X509 {
if (isset($this->currentCert['tbsCertList'])) { if (isset($this->currentCert['tbsCertList'])) {
if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) { if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) {
if (($i = $this->_revokedCertificate($rclist, $serial, true)) !== false) { if (($i = $this->_revokedCertificate($rclist, $serial, true)) !== false) {
return $this->setExtension($id, $value, $critical, $replace, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); return $this->_setExtension($id, $value, $critical, $replace, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
} }
} }
} }