mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-27 19:54:57 +00:00
Merge branch 'master' into Upgrade_to_Php_7.0
# Conflicts: # phpseclib/Crypt/EC/BaseCurves/Prime.php # phpseclib/Crypt/EC/Formats/Keys/XML.php # phpseclib/Crypt/RSA/PrivateKey.php # phpseclib/File/ANSI.php # phpseclib/File/ASN1.php # phpseclib/File/X509.php # phpseclib/Net/SFTP.php # phpseclib/Net/SFTP/Stream.php # phpseclib/Net/SSH2.php # phpseclib/System/SSH/Agent.php # phpseclib/System/SSH/Agent/Identity.php # tests/Unit/Math/BigInteger/TestCase.php
This commit is contained in:
commit
81ffdbc4ef
@ -327,12 +327,15 @@ abstract class PKCS8 extends PKCS
|
|||||||
$meta['meta']['algorithm'] = $algorithm;
|
$meta['meta']['algorithm'] = $algorithm;
|
||||||
|
|
||||||
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
||||||
|
if (!$temp) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
extract(ASN1::asn1map($temp[0], Maps\PBEParameter::MAP));
|
extract(ASN1::asn1map($temp[0], Maps\PBEParameter::MAP));
|
||||||
$iterationCount = (int) $iterationCount->toString();
|
$iterationCount = (int) $iterationCount->toString();
|
||||||
$cipher->setPassword($password, $kdf, $hash, $salt, $iterationCount);
|
$cipher->setPassword($password, $kdf, $hash, $salt, $iterationCount);
|
||||||
$key = $cipher->decrypt($decrypted['encryptedData']);
|
$key = $cipher->decrypt($decrypted['encryptedData']);
|
||||||
$decoded = ASN1::decodeBER($key);
|
$decoded = ASN1::decodeBER($key);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER 2');
|
throw new \RuntimeException('Unable to decode BER 2');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -341,6 +344,9 @@ abstract class PKCS8 extends PKCS
|
|||||||
$meta['meta']['algorithm'] = $algorithm;
|
$meta['meta']['algorithm'] = $algorithm;
|
||||||
|
|
||||||
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
||||||
|
if (!$temp) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
$temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
|
$temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
|
||||||
extract($temp);
|
extract($temp);
|
||||||
|
|
||||||
@ -348,6 +354,9 @@ abstract class PKCS8 extends PKCS
|
|||||||
$meta['meta']['cipher'] = $encryptionScheme['algorithm'];
|
$meta['meta']['cipher'] = $encryptionScheme['algorithm'];
|
||||||
|
|
||||||
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
||||||
|
if (!$temp) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
$temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
|
$temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
|
||||||
extract($temp);
|
extract($temp);
|
||||||
|
|
||||||
@ -355,6 +364,9 @@ abstract class PKCS8 extends PKCS
|
|||||||
$cipher->setIV($encryptionScheme['parameters']['octetString']);
|
$cipher->setIV($encryptionScheme['parameters']['octetString']);
|
||||||
} else {
|
} else {
|
||||||
$temp = ASN1::decodeBER($encryptionScheme['parameters']);
|
$temp = ASN1::decodeBER($encryptionScheme['parameters']);
|
||||||
|
if (!$temp) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
extract(ASN1::asn1map($temp[0], Maps\RC2CBCParameter::MAP));
|
extract(ASN1::asn1map($temp[0], Maps\RC2CBCParameter::MAP));
|
||||||
$effectiveKeyLength = (int) $rc2ParametersVersion->toString();
|
$effectiveKeyLength = (int) $rc2ParametersVersion->toString();
|
||||||
switch ($effectiveKeyLength) {
|
switch ($effectiveKeyLength) {
|
||||||
@ -377,6 +389,9 @@ abstract class PKCS8 extends PKCS
|
|||||||
switch ($keyDerivationFunc['algorithm']) {
|
switch ($keyDerivationFunc['algorithm']) {
|
||||||
case 'id-PBKDF2':
|
case 'id-PBKDF2':
|
||||||
$temp = ASN1::decodeBER($keyDerivationFunc['parameters']);
|
$temp = ASN1::decodeBER($keyDerivationFunc['parameters']);
|
||||||
|
if (!$temp) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
$prf = ['algorithm' => 'id-hmacWithSHA1'];
|
$prf = ['algorithm' => 'id-hmacWithSHA1'];
|
||||||
$params = ASN1::asn1map($temp[0], Maps\PBKDF2params::MAP);
|
$params = ASN1::asn1map($temp[0], Maps\PBKDF2params::MAP);
|
||||||
extract($params);
|
extract($params);
|
||||||
@ -395,7 +410,7 @@ abstract class PKCS8 extends PKCS
|
|||||||
$cipher->setPassword(...$params);
|
$cipher->setPassword(...$params);
|
||||||
$key = $cipher->decrypt($decrypted['encryptedData']);
|
$key = $cipher->decrypt($decrypted['encryptedData']);
|
||||||
$decoded = ASN1::decodeBER($key);
|
$decoded = ASN1::decodeBER($key);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER 3');
|
throw new \RuntimeException('Unable to decode BER 3');
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -619,7 +634,7 @@ abstract class PKCS8 extends PKCS
|
|||||||
}
|
}
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key);
|
$decoded = ASN1::decodeBER($key);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER');
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -640,12 +655,18 @@ abstract class PKCS8 extends PKCS
|
|||||||
|
|
||||||
if ($r['encryptionAlgorithm']['algorithm'] == 'id-PBES2') {
|
if ($r['encryptionAlgorithm']['algorithm'] == 'id-PBES2') {
|
||||||
$decoded = ASN1::decodeBER($r['encryptionAlgorithm']['parameters']->element);
|
$decoded = ASN1::decodeBER($r['encryptionAlgorithm']['parameters']->element);
|
||||||
|
if (!$decoded) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
$r['encryptionAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], ASN1\Maps\PBES2params::MAP);
|
$r['encryptionAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], ASN1\Maps\PBES2params::MAP);
|
||||||
|
|
||||||
$kdf = &$r['encryptionAlgorithm']['parameters']['keyDerivationFunc'];
|
$kdf = &$r['encryptionAlgorithm']['parameters']['keyDerivationFunc'];
|
||||||
switch ($kdf['algorithm']) {
|
switch ($kdf['algorithm']) {
|
||||||
case 'id-PBKDF2':
|
case 'id-PBKDF2':
|
||||||
$decoded = ASN1::decodeBER($kdf['parameters']->element);
|
$decoded = ASN1::decodeBER($kdf['parameters']->element);
|
||||||
|
if (!$decoded) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
$kdf['parameters'] = ASN1::asn1map($decoded[0], Maps\PBKDF2params::MAP);
|
$kdf['parameters'] = ASN1::asn1map($decoded[0], Maps\PBKDF2params::MAP);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,7 @@ abstract class PKCS1 extends Progenitor
|
|||||||
$key = parent::load($key, $password);
|
$key = parent::load($key, $password);
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key);
|
$decoded = ASN1::decodeBER($key);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER');
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -91,8 +91,7 @@ abstract class PKCS8 extends Progenitor
|
|||||||
|
|
||||||
$decoded = ASN1::decodeBER($key[$type]);
|
$decoded = ASN1::decodeBER($key[$type]);
|
||||||
switch (true) {
|
switch (true) {
|
||||||
case empty($decoded):
|
case !isset($decoded):
|
||||||
case !is_array($decoded):
|
|
||||||
case !isset($decoded[0]['content']):
|
case !isset($decoded[0]['content']):
|
||||||
case !$decoded[0]['content'] instanceof BigInteger:
|
case !$decoded[0]['content'] instanceof BigInteger:
|
||||||
throw new \RuntimeException('Unable to decode BER of parameters');
|
throw new \RuntimeException('Unable to decode BER of parameters');
|
||||||
|
@ -53,7 +53,7 @@ abstract class PKCS1 extends Progenitor
|
|||||||
$key = parent::load($key, $password);
|
$key = parent::load($key, $password);
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key);
|
$decoded = ASN1::decodeBER($key);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER');
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ abstract class PKCS8 extends Progenitor
|
|||||||
}
|
}
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element);
|
$decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER of parameters');
|
throw new \RuntimeException('Unable to decode BER of parameters');
|
||||||
}
|
}
|
||||||
$components = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP);
|
$components = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP);
|
||||||
|
@ -68,7 +68,7 @@ abstract class PKCS1 extends Progenitor
|
|||||||
preg_match('#-*BEGIN EC PRIVATE KEY-*[^-]*-*END EC PRIVATE KEY-*#s', $key, $matches);
|
preg_match('#-*BEGIN EC PRIVATE KEY-*[^-]*-*END EC PRIVATE KEY-*#s', $key, $matches);
|
||||||
$decoded = parent::load($matches[0], $password);
|
$decoded = parent::load($matches[0], $password);
|
||||||
$decoded = ASN1::decodeBER($decoded);
|
$decoded = ASN1::decodeBER($decoded);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER');
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -84,7 +84,7 @@ abstract class PKCS1 extends Progenitor
|
|||||||
preg_match('#-*BEGIN EC PARAMETERS-*[^-]*-*END EC PARAMETERS-*#s', $key, $matches);
|
preg_match('#-*BEGIN EC PARAMETERS-*[^-]*-*END EC PARAMETERS-*#s', $key, $matches);
|
||||||
$decoded = parent::load($matches[0], '');
|
$decoded = parent::load($matches[0], '');
|
||||||
$decoded = ASN1::decodeBER($decoded);
|
$decoded = ASN1::decodeBER($decoded);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER');
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
}
|
}
|
||||||
$ecParams = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP);
|
$ecParams = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP);
|
||||||
@ -115,7 +115,7 @@ abstract class PKCS1 extends Progenitor
|
|||||||
$key = parent::load($key, $password);
|
$key = parent::load($key, $password);
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key);
|
$decoded = ASN1::decodeBER($key);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER');
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -100,6 +100,9 @@ abstract class PKCS8 extends Progenitor
|
|||||||
}
|
}
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element);
|
$decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element);
|
||||||
|
if (!$decoded) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
$params = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP);
|
$params = ASN1::asn1map($decoded[0], Maps\ECParameters::MAP);
|
||||||
if (!$params) {
|
if (!$params) {
|
||||||
throw new \RuntimeException('Unable to decode the parameters using Maps\ECParameters');
|
throw new \RuntimeException('Unable to decode the parameters using Maps\ECParameters');
|
||||||
@ -115,6 +118,9 @@ abstract class PKCS8 extends Progenitor
|
|||||||
}
|
}
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key['privateKey']);
|
$decoded = ASN1::decodeBER($key['privateKey']);
|
||||||
|
if (!$decoded) {
|
||||||
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
|
}
|
||||||
$key = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP);
|
$key = ASN1::asn1map($decoded[0], Maps\ECPrivateKey::MAP);
|
||||||
if (isset($key['parameters']) && $params != $key['parameters']) {
|
if (isset($key['parameters']) && $params != $key['parameters']) {
|
||||||
throw new \RuntimeException('The PKCS8 parameter field does not match the private key parameter field');
|
throw new \RuntimeException('The PKCS8 parameter field does not match the private key parameter field');
|
||||||
|
@ -60,7 +60,7 @@ abstract class PKCS1 extends Progenitor
|
|||||||
$key = parent::load($key, $password);
|
$key = parent::load($key, $password);
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($key);
|
$decoded = ASN1::decodeBER($key);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
throw new \RuntimeException('Unable to decode BER');
|
throw new \RuntimeException('Unable to decode BER');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -194,7 +194,7 @@ abstract class ASN1
|
|||||||
*
|
*
|
||||||
* @param Element|string $encoded
|
* @param Element|string $encoded
|
||||||
*/
|
*/
|
||||||
public static function decodeBER($encoded): array
|
public static function decodeBER($encoded): ?array
|
||||||
{
|
{
|
||||||
if ($encoded instanceof Element) {
|
if ($encoded instanceof Element) {
|
||||||
$encoded = $encoded->element;
|
$encoded = $encoded->element;
|
||||||
@ -202,10 +202,12 @@ abstract class ASN1
|
|||||||
|
|
||||||
self::$encoded = $encoded;
|
self::$encoded = $encoded;
|
||||||
|
|
||||||
$decoded = [self::decode_ber($encoded)];
|
$decoded = self::decode_ber($encoded);
|
||||||
|
if ($decoded === false) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
// encapsulate in an array for BC with the old decodeBER
|
return [self::decode_ber($encoded)];
|
||||||
return $decoded;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -512,12 +514,8 @@ abstract class ASN1
|
|||||||
* @param array|bool $decoded
|
* @param array|bool $decoded
|
||||||
* @return array|bool|Element|string|null
|
* @return array|bool|Element|string|null
|
||||||
*/
|
*/
|
||||||
public static function asn1map($decoded, array $mapping, array $special = [])
|
public static function asn1map(array $decoded, array $mapping, array $special = [])
|
||||||
{
|
{
|
||||||
if (!is_array($decoded)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($mapping['explicit']) && is_array($decoded['content'])) {
|
if (isset($mapping['explicit']) && is_array($decoded['content'])) {
|
||||||
$decoded = $decoded['content'][0];
|
$decoded = $decoded['content'][0];
|
||||||
}
|
}
|
||||||
|
@ -426,7 +426,7 @@ class X509
|
|||||||
*
|
*
|
||||||
* Returns an associative array describing the X.509 cert or a false if the cert failed to load
|
* Returns an associative array describing the X.509 cert or a false if the cert failed to load
|
||||||
*
|
*
|
||||||
* @param string|array $cert
|
* @param array|string $cert
|
||||||
*/
|
*/
|
||||||
public function loadX509($cert, int $mode = self::FORMAT_AUTO_DETECT)
|
public function loadX509($cert, int $mode = self::FORMAT_AUTO_DETECT)
|
||||||
{
|
{
|
||||||
@ -462,7 +462,7 @@ class X509
|
|||||||
|
|
||||||
$decoded = ASN1::decodeBER($cert);
|
$decoded = ASN1::decodeBER($cert);
|
||||||
|
|
||||||
if (!empty($decoded)) {
|
if ($decoded) {
|
||||||
$x509 = ASN1::asn1map($decoded[0], Maps\Certificate::MAP);
|
$x509 = ASN1::asn1map($decoded[0], Maps\Certificate::MAP);
|
||||||
}
|
}
|
||||||
if (!isset($x509) || $x509 === false) {
|
if (!isset($x509) || $x509 === false) {
|
||||||
@ -497,8 +497,7 @@ class X509
|
|||||||
/**
|
/**
|
||||||
* Save X.509 certificate
|
* Save X.509 certificate
|
||||||
*
|
*
|
||||||
* @param int $format optional
|
* @return string|false
|
||||||
* @return string
|
|
||||||
*/
|
*/
|
||||||
public function saveX509(array $cert, int $format = self::FORMAT_PEM)
|
public function saveX509(array $cert, int $format = self::FORMAT_PEM)
|
||||||
{
|
{
|
||||||
@ -566,8 +565,6 @@ class X509
|
|||||||
/**
|
/**
|
||||||
* Map extension values from octet string to extension-specific internal
|
* Map extension values from octet string to extension-specific internal
|
||||||
* format.
|
* format.
|
||||||
*
|
|
||||||
* @param array $root (by reference)
|
|
||||||
*/
|
*/
|
||||||
private function mapInExtensions(array &$root, string $path): void
|
private function mapInExtensions(array &$root, string $path): void
|
||||||
{
|
{
|
||||||
@ -585,6 +582,9 @@ class X509
|
|||||||
[static::class, 'decodeNameConstraintIP'] :
|
[static::class, 'decodeNameConstraintIP'] :
|
||||||
[static::class, 'decodeIP'];
|
[static::class, 'decodeIP'];
|
||||||
$decoded = ASN1::decodeBER($value);
|
$decoded = ASN1::decodeBER($value);
|
||||||
|
if (!$decoded) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$mapped = ASN1::asn1map($decoded[0], $map, ['iPAddress' => $decoder]);
|
$mapped = ASN1::asn1map($decoded[0], $map, ['iPAddress' => $decoder]);
|
||||||
$value = $mapped === false ? $decoded[0] : $mapped;
|
$value = $mapped === false ? $decoded[0] : $mapped;
|
||||||
|
|
||||||
@ -599,6 +599,9 @@ class X509
|
|||||||
$subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier'];
|
$subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier'];
|
||||||
if ($map !== false) {
|
if ($map !== false) {
|
||||||
$decoded = ASN1::decodeBER($subvalue);
|
$decoded = ASN1::decodeBER($subvalue);
|
||||||
|
if (!$decoded) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$mapped = ASN1::asn1map($decoded[0], $map);
|
$mapped = ASN1::asn1map($decoded[0], $map);
|
||||||
$subvalue = $mapped === false ? $decoded[0] : $mapped;
|
$subvalue = $mapped === false ? $decoded[0] : $mapped;
|
||||||
}
|
}
|
||||||
@ -613,8 +616,6 @@ class X509
|
|||||||
/**
|
/**
|
||||||
* Map extension values from extension-specific internal format to
|
* Map extension values from extension-specific internal format to
|
||||||
* octet string.
|
* octet string.
|
||||||
*
|
|
||||||
* @param array $root (by reference)
|
|
||||||
*/
|
*/
|
||||||
private function mapOutExtensions(array &$root, string $path): void
|
private function mapOutExtensions(array &$root, string $path): void
|
||||||
{
|
{
|
||||||
@ -712,6 +713,9 @@ class X509
|
|||||||
$value = ASN1::encodeDER($values[$j], Maps\AttributeValue::MAP);
|
$value = ASN1::encodeDER($values[$j], Maps\AttributeValue::MAP);
|
||||||
$decoded = ASN1::decodeBER($value);
|
$decoded = ASN1::decodeBER($value);
|
||||||
if (!is_bool($map)) {
|
if (!is_bool($map)) {
|
||||||
|
if (!$decoded) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$mapped = ASN1::asn1map($decoded[0], $map);
|
$mapped = ASN1::asn1map($decoded[0], $map);
|
||||||
if ($mapped !== false) {
|
if ($mapped !== false) {
|
||||||
$values[$j] = $mapped;
|
$values[$j] = $mapped;
|
||||||
@ -760,6 +764,9 @@ class X509
|
|||||||
if (!is_bool($map)) {
|
if (!is_bool($map)) {
|
||||||
$temp = ASN1::encodeDER($values[$j], $map);
|
$temp = ASN1::encodeDER($values[$j], $map);
|
||||||
$decoded = ASN1::decodeBER($temp);
|
$decoded = ASN1::decodeBER($temp);
|
||||||
|
if (!$decoded) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$values[$j] = ASN1::asn1map($decoded[0], Maps\AttributeValue::MAP);
|
$values[$j] = ASN1::asn1map($decoded[0], Maps\AttributeValue::MAP);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -771,8 +778,6 @@ class X509
|
|||||||
/**
|
/**
|
||||||
* Map DN values from ANY type to DN-specific internal
|
* Map DN values from ANY type to DN-specific internal
|
||||||
* format.
|
* format.
|
||||||
*
|
|
||||||
* @param array $root (by reference)
|
|
||||||
*/
|
*/
|
||||||
private function mapInDNs(array &$root, string $path): void
|
private function mapInDNs(array &$root, string $path): void
|
||||||
{
|
{
|
||||||
@ -787,6 +792,9 @@ class X509
|
|||||||
$map = $this->getMapping($type);
|
$map = $this->getMapping($type);
|
||||||
if (!is_bool($map)) {
|
if (!is_bool($map)) {
|
||||||
$decoded = ASN1::decodeBER($value);
|
$decoded = ASN1::decodeBER($value);
|
||||||
|
if (!$decoded) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$value = ASN1::asn1map($decoded[0], $map);
|
$value = ASN1::asn1map($decoded[0], $map);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1615,9 +1623,6 @@ class X509
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Distinguished Name properties
|
* Get Distinguished Name properties
|
||||||
*
|
|
||||||
* @param array|null $dn optional
|
|
||||||
* @param bool $withType optional
|
|
||||||
*/
|
*/
|
||||||
public function getDNProp(string $propName, array $dn = null, bool $withType = false)
|
public function getDNProp(string $propName, array $dn = null, bool $withType = false)
|
||||||
{
|
{
|
||||||
@ -1661,6 +1666,9 @@ class X509
|
|||||||
$map = $this->getMapping($propName);
|
$map = $this->getMapping($propName);
|
||||||
if (!is_bool($map)) {
|
if (!is_bool($map)) {
|
||||||
$decoded = ASN1::decodeBER($v);
|
$decoded = ASN1::decodeBER($v);
|
||||||
|
if (!$decoded) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$v = ASN1::asn1map($decoded[0], $map);
|
$v = ASN1::asn1map($decoded[0], $map);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2099,7 +2107,7 @@ class X509
|
|||||||
|
|
||||||
$decoded = ASN1::decodeBER($csr);
|
$decoded = ASN1::decodeBER($csr);
|
||||||
|
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
$this->currentCert = false;
|
$this->currentCert = false;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -2136,8 +2144,7 @@ class X509
|
|||||||
/**
|
/**
|
||||||
* Save CSR request
|
* Save CSR request
|
||||||
*
|
*
|
||||||
* @param int $format optional
|
* @return string|false
|
||||||
* @return string
|
|
||||||
*/
|
*/
|
||||||
public function saveCSR(array $csr, int $format = self::FORMAT_PEM)
|
public function saveCSR(array $csr, int $format = self::FORMAT_PEM)
|
||||||
{
|
{
|
||||||
@ -2208,7 +2215,7 @@ class X509
|
|||||||
|
|
||||||
$decoded = ASN1::decodeBER($spkac);
|
$decoded = ASN1::decodeBER($spkac);
|
||||||
|
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
$this->currentCert = false;
|
$this->currentCert = false;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -2242,7 +2249,7 @@ class X509
|
|||||||
* Save a SPKAC CSR request
|
* Save a SPKAC CSR request
|
||||||
*
|
*
|
||||||
* @param int $format optional
|
* @param int $format optional
|
||||||
* @return string
|
* @return string|false
|
||||||
*/
|
*/
|
||||||
public function saveSPKAC(array $spkac, int $format = self::FORMAT_PEM)
|
public function saveSPKAC(array $spkac, int $format = self::FORMAT_PEM)
|
||||||
{
|
{
|
||||||
@ -2301,7 +2308,7 @@ class X509
|
|||||||
|
|
||||||
$decoded = ASN1::decodeBER($crl);
|
$decoded = ASN1::decodeBER($crl);
|
||||||
|
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
$this->currentCert = false;
|
$this->currentCert = false;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -2420,8 +2427,7 @@ class X509
|
|||||||
* $subject can be either an existing X.509 cert (if you want to resign it),
|
* $subject can be either an existing X.509 cert (if you want to resign it),
|
||||||
* a CSR or something with the DN and public key explicitly set.
|
* a CSR or something with the DN and public key explicitly set.
|
||||||
*
|
*
|
||||||
* @param \phpseclib3\File\X509 $issuer
|
* @return mixed
|
||||||
* @param \phpseclib3\File\X509 $subject
|
|
||||||
*/
|
*/
|
||||||
public function sign(X509 $issuer, X509 $subject)
|
public function sign(X509 $issuer, X509 $subject)
|
||||||
{
|
{
|
||||||
@ -2725,8 +2731,7 @@ class X509
|
|||||||
*
|
*
|
||||||
* $issuer's private key needs to be loaded.
|
* $issuer's private key needs to be loaded.
|
||||||
*
|
*
|
||||||
* @param \phpseclib3\File\X509 $issuer
|
* @return mixed
|
||||||
* @param \phpseclib3\File\X509 $crl
|
|
||||||
*/
|
*/
|
||||||
public function signCRL(X509 $issuer, X509 $crl)
|
public function signCRL(X509 $issuer, X509 $crl)
|
||||||
{
|
{
|
||||||
@ -2971,8 +2976,6 @@ class X509
|
|||||||
* This is intended for use in conjunction with _subArrayUnchecked(),
|
* This is intended for use in conjunction with _subArrayUnchecked(),
|
||||||
* implementing the checks included in _subArray() but without copying
|
* implementing the checks included in _subArray() but without copying
|
||||||
* a potentially large array by passing its reference by-value to is_array().
|
* a potentially large array by passing its reference by-value to is_array().
|
||||||
*
|
|
||||||
* @return boolean
|
|
||||||
*/
|
*/
|
||||||
private function isSubArrayValid(array $root, string $path): bool
|
private function isSubArrayValid(array $root, string $path): bool
|
||||||
{
|
{
|
||||||
@ -3474,7 +3477,7 @@ class X509
|
|||||||
case $key instanceof Element:
|
case $key instanceof Element:
|
||||||
// Assume the element is a bitstring-packed key.
|
// Assume the element is a bitstring-packed key.
|
||||||
$decoded = ASN1::decodeBER($key->element);
|
$decoded = ASN1::decodeBER($key->element);
|
||||||
if (empty($decoded)) {
|
if (!$decoded) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$raw = ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_BIT_STRING]);
|
$raw = ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_BIT_STRING]);
|
||||||
@ -3533,6 +3536,9 @@ class X509
|
|||||||
$publicKey = base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->toString($format)));
|
$publicKey = base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->toString($format)));
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($publicKey);
|
$decoded = ASN1::decodeBER($publicKey);
|
||||||
|
if (!$decoded) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$mapped = ASN1::asn1map($decoded[0], Maps\SubjectPublicKeyInfo::MAP);
|
$mapped = ASN1::asn1map($decoded[0], Maps\SubjectPublicKeyInfo::MAP);
|
||||||
if (!is_array($mapped)) {
|
if (!is_array($mapped)) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -38,6 +38,7 @@ use phpseclib3\Common\Functions\Strings;
|
|||||||
use phpseclib3\Crypt\PublicKeyLoader;
|
use phpseclib3\Crypt\PublicKeyLoader;
|
||||||
use phpseclib3\Crypt\RSA;
|
use phpseclib3\Crypt\RSA;
|
||||||
use phpseclib3\Exception\BadConfigurationException;
|
use phpseclib3\Exception\BadConfigurationException;
|
||||||
|
use phpseclib3\Net\SSH2;
|
||||||
use phpseclib3\System\SSH\Agent\Identity;
|
use phpseclib3\System\SSH\Agent\Identity;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -211,7 +212,7 @@ class Agent
|
|||||||
/**
|
/**
|
||||||
* Request agent forwarding of remote server
|
* Request agent forwarding of remote server
|
||||||
*/
|
*/
|
||||||
private function request_forwarding(\phpseclib3\Net\SSH2 $ssh): bool
|
private function request_forwarding(SSH2 $ssh)
|
||||||
{
|
{
|
||||||
if (!$ssh->requestAgentForwarding()) {
|
if (!$ssh->requestAgentForwarding()) {
|
||||||
return false;
|
return false;
|
||||||
@ -229,7 +230,7 @@ class Agent
|
|||||||
* open to give the SSH Agent an opportunity
|
* open to give the SSH Agent an opportunity
|
||||||
* to take further action. i.e. request agent forwarding
|
* to take further action. i.e. request agent forwarding
|
||||||
*/
|
*/
|
||||||
public function registerChannelOpen(\phpseclib3\Net\SSH2 $ssh): void
|
public function registerChannelOpen(SSH2 $ssh)
|
||||||
{
|
{
|
||||||
if ($this->forward_status == self::FORWARD_REQUEST) {
|
if ($this->forward_status == self::FORWARD_REQUEST) {
|
||||||
$this->request_forwarding($ssh);
|
$this->request_forwarding($ssh);
|
||||||
|
@ -409,47 +409,47 @@ class ASN1Test extends PhpseclibTestCase
|
|||||||
{
|
{
|
||||||
$em = pack('H*', '3080305c0609608648016503040201054f8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '3080305c0609608648016503040201054f8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
|
|
||||||
$em = pack('H*', '3080307f0609608648016503040201057288888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca90000');
|
$em = pack('H*', '3080307f0609608648016503040201057288888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca90000');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testOIDGarbage(): void
|
public function testOIDGarbage(): void
|
||||||
{
|
{
|
||||||
$em = pack('H*', '3080305c065860864801650304020188888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '3080305c065860864801650304020188888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
|
|
||||||
$em = pack('H*', '3080307f067d608648016503040201888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '3080307f067d608648016503040201888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testConstructedMismatch(): void
|
public function testConstructedMismatch(): void
|
||||||
{
|
{
|
||||||
$em = pack('H*', '1031300d0609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '1031300d0609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
|
|
||||||
$em = pack('H*', '3031100d0609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '3031100d0609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
|
|
||||||
$em = pack('H*', '3031300d2609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '3031300d2609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
|
|
||||||
$em = pack('H*', '3031300d06096086480165030402012d0004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '3031300d06096086480165030402012d0004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testBadTagSecondOctet(): void
|
public function testBadTagSecondOctet(): void
|
||||||
{
|
{
|
||||||
$em = pack('H*', '3033300f1f808080060960864801650304020104207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
$em = pack('H*', '3033300f1f808080060960864801650304020104207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
|
||||||
$decoded = ASN1::decodeBER($em);
|
$decoded = ASN1::decodeBER($em);
|
||||||
$this->assertFalse($decoded[0]);
|
$this->assertNull($decoded);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -384,9 +384,6 @@ abstract class TestCase extends PhpseclibTestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @requires PHP 5.6
|
|
||||||
*/
|
|
||||||
public function testDebugInfo(): void
|
public function testDebugInfo(): void
|
||||||
{
|
{
|
||||||
$num = $this->getInstance(50);
|
$num = $this->getInstance(50);
|
||||||
|
Loading…
Reference in New Issue
Block a user