mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-27 11:52:48 +00:00
X509: rm $signatureAlgorithm parameter from signature methods
This commit is contained in:
parent
640e3788f4
commit
d7abfaadbc
@ -356,6 +356,16 @@ abstract class AsymmetricKey
|
|||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the hash algorithm currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getHash()
|
||||||
|
{
|
||||||
|
return $this->hash->getHash();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compute the pseudorandom k for signature generation,
|
* Compute the pseudorandom k for signature generation,
|
||||||
* using the process specified for deterministic DSA.
|
* using the process specified for deterministic DSA.
|
||||||
|
@ -338,4 +338,14 @@ abstract class DSA extends AsymmetricKey
|
|||||||
$new->format = self::validatePlugin('Signature', $format);
|
$new->format = self::validatePlugin('Signature', $format);
|
||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the signature format currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getSignatureFormat()
|
||||||
|
{
|
||||||
|
return $this->shortFormat;
|
||||||
|
}
|
||||||
}
|
}
|
@ -352,6 +352,16 @@ abstract class ECDSA extends AsymmetricKey
|
|||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the signature format currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getSignatureFormat()
|
||||||
|
{
|
||||||
|
return $this->shortFormat;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the context
|
* Sets the context
|
||||||
*
|
*
|
||||||
@ -383,6 +393,16 @@ abstract class ECDSA extends AsymmetricKey
|
|||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the signature format currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getContext()
|
||||||
|
{
|
||||||
|
return $this->context;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determines which hashing function should be used
|
* Determines which hashing function should be used
|
||||||
*
|
*
|
||||||
|
@ -51,8 +51,8 @@ use phpseclib\Crypt\Common\AsymmetricKey;
|
|||||||
use phpseclib\Crypt\RSA\PrivateKey;
|
use phpseclib\Crypt\RSA\PrivateKey;
|
||||||
use phpseclib\Crypt\RSA\PublicKey;
|
use phpseclib\Crypt\RSA\PublicKey;
|
||||||
use phpseclib\Math\BigInteger;
|
use phpseclib\Math\BigInteger;
|
||||||
use phpseclib\Exceptions\UnsupportedAlgorithmException;
|
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||||
use phpseclib\Exceptions\InconsistentSetupException;
|
use phpseclib\Exception\InconsistentSetupException;
|
||||||
use phpseclib\Crypt\RSA\Keys\PSS;
|
use phpseclib\Crypt\RSA\Keys\PSS;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -415,7 +415,14 @@ abstract class RSA extends AsymmetricKey
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($components['format'] == PSS::class) {
|
if ($components['format'] == PSS::class) {
|
||||||
$key = $key->withPadding(self::SIGNATURE_PSS);
|
// in the X509 world RSA keys are assumed to use PKCS1 padding by default. only if the key is
|
||||||
|
// explicitly a PSS key is the use of PSS assumed. phpseclib does not work like this. phpseclib
|
||||||
|
// uses PSS padding by default. it assumes the more secure method by default and altho it provides
|
||||||
|
// for the less secure PKCS1 method you have to go out of your way to use it. this is consistent
|
||||||
|
// with the latest trends in crypto. libsodium (NaCl) is actually a little more extreme in that
|
||||||
|
// not only does it defaults to the most secure methods - it doesn't even let you choose less
|
||||||
|
// secure methods
|
||||||
|
//$key = $key->withPadding(self::SIGNATURE_PSS);
|
||||||
if (isset($components['hash'])) {
|
if (isset($components['hash'])) {
|
||||||
$key = $key->withHash($components['hash']);
|
$key = $key->withHash($components['hash']);
|
||||||
}
|
}
|
||||||
@ -648,6 +655,16 @@ abstract class RSA extends AsymmetricKey
|
|||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the MGF hash algorithm currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getHash()
|
||||||
|
{
|
||||||
|
return $this->mgfHash->getHash();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determines the salt length
|
* Determines the salt length
|
||||||
*
|
*
|
||||||
@ -668,6 +685,16 @@ abstract class RSA extends AsymmetricKey
|
|||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the salt length currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getSaltLength()
|
||||||
|
{
|
||||||
|
return $this->sLen;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determines the label
|
* Determines the label
|
||||||
*
|
*
|
||||||
@ -690,6 +717,16 @@ abstract class RSA extends AsymmetricKey
|
|||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the label currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getLabel()
|
||||||
|
{
|
||||||
|
return $this->label;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determines the padding modes
|
* Determines the padding modes
|
||||||
*
|
*
|
||||||
@ -743,6 +780,16 @@ abstract class RSA extends AsymmetricKey
|
|||||||
return $new;
|
return $new;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the padding currently being used
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
public function getPadding()
|
||||||
|
{
|
||||||
|
return $this->signaturePadding | $this->encryptionPadding;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the current engine being used
|
* Returns the current engine being used
|
||||||
*
|
*
|
||||||
|
@ -187,6 +187,8 @@ abstract class PSS extends Progenitor
|
|||||||
*/
|
*/
|
||||||
public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = [])
|
public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = [])
|
||||||
{
|
{
|
||||||
|
self::initialize_static_variables();
|
||||||
|
|
||||||
$key = PKCS1::savePublicKey($n, $e);
|
$key = PKCS1::savePublicKey($n, $e);
|
||||||
$key = ASN1::extractBER($key);
|
$key = ASN1::extractBER($key);
|
||||||
$params = self::savePSSParams($options);
|
$params = self::savePSSParams($options);
|
||||||
|
@ -18,7 +18,8 @@ use phpseclib\Math\BigInteger;
|
|||||||
use phpseclib\File\ASN1;
|
use phpseclib\File\ASN1;
|
||||||
use phpseclib\Common\Functions\Strings;
|
use phpseclib\Common\Functions\Strings;
|
||||||
use phpseclib\Crypt\Hash;
|
use phpseclib\Crypt\Hash;
|
||||||
use phpseclib\Exceptions\NoKeyLoadedException;
|
use phpseclib\Exception\NoKeyLoadedException;
|
||||||
|
use phpseclib\Exception\UnsupportedFormatException;
|
||||||
use phpseclib\Crypt\Random;
|
use phpseclib\Crypt\Random;
|
||||||
use phpseclib\Crypt\Common;
|
use phpseclib\Crypt\Common;
|
||||||
use phpseclib\File\ASN1\Maps\DigestInfo;
|
use phpseclib\File\ASN1\Maps\DigestInfo;
|
||||||
|
@ -2485,7 +2485,7 @@ class X509
|
|||||||
* @access public
|
* @access public
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function sign($issuer, $subject, $signatureAlgorithm = 'sha256WithRSAEncryption')
|
public function sign($issuer, $subject)
|
||||||
{
|
{
|
||||||
if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
|
if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
|
||||||
return false;
|
return false;
|
||||||
@ -2497,6 +2497,7 @@ class X509
|
|||||||
|
|
||||||
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
||||||
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
||||||
|
$signatureAlgorithm = self::identifySignatureAlgorithm($issuer->privateKey);
|
||||||
|
|
||||||
if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) {
|
if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) {
|
||||||
$this->currentCert = $subject->currentCert;
|
$this->currentCert = $subject->currentCert;
|
||||||
@ -2651,7 +2652,8 @@ class X509
|
|||||||
$tbsCertificate = $this->currentCert['tbsCertificate'];
|
$tbsCertificate = $this->currentCert['tbsCertificate'];
|
||||||
$this->loadX509($this->saveX509($this->currentCert));
|
$this->loadX509($this->saveX509($this->currentCert));
|
||||||
|
|
||||||
$result = $this->signHelper($issuer->privateKey, $signatureAlgorithm);
|
$result = $this->currentCert;
|
||||||
|
$this->currentCert['signature'] = $result['signature'] = "\0" . $issuer->privateKey->sign($this->signatureSubject);
|
||||||
$result['tbsCertificate'] = $tbsCertificate;
|
$result['tbsCertificate'] = $tbsCertificate;
|
||||||
|
|
||||||
$this->currentCert = $currentCert;
|
$this->currentCert = $currentCert;
|
||||||
@ -2667,7 +2669,7 @@ class X509
|
|||||||
* @param string $signatureAlgorithm
|
* @param string $signatureAlgorithm
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function signCSR($signatureAlgorithm = 'sha1WithRSAEncryption')
|
public function signCSR()
|
||||||
{
|
{
|
||||||
if (!is_object($this->privateKey) || empty($this->dn)) {
|
if (!is_object($this->privateKey) || empty($this->dn)) {
|
||||||
return false;
|
return false;
|
||||||
@ -2680,6 +2682,7 @@ class X509
|
|||||||
|
|
||||||
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
||||||
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
||||||
|
$signatureAlgorithm = self::identifySignatureAlgorithm($this->privateKey);
|
||||||
|
|
||||||
if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['certificationRequestInfo'])) {
|
if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['certificationRequestInfo'])) {
|
||||||
$this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm;
|
$this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm;
|
||||||
@ -2705,7 +2708,8 @@ class X509
|
|||||||
$certificationRequestInfo = $this->currentCert['certificationRequestInfo'];
|
$certificationRequestInfo = $this->currentCert['certificationRequestInfo'];
|
||||||
$this->loadCSR($this->saveCSR($this->currentCert));
|
$this->loadCSR($this->saveCSR($this->currentCert));
|
||||||
|
|
||||||
$result = $this->signHelper($this->privateKey, $signatureAlgorithm);
|
$result = $this->currentCert;
|
||||||
|
$this->currentCert['signature'] = $result['signature'] = "\0" . $this->privateKey->sign($this->signatureSubject);
|
||||||
$result['certificationRequestInfo'] = $certificationRequestInfo;
|
$result['certificationRequestInfo'] = $certificationRequestInfo;
|
||||||
|
|
||||||
$this->currentCert = $currentCert;
|
$this->currentCert = $currentCert;
|
||||||
@ -2721,7 +2725,7 @@ class X509
|
|||||||
* @param string $signatureAlgorithm
|
* @param string $signatureAlgorithm
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption')
|
public function signSPKAC()
|
||||||
{
|
{
|
||||||
if (!is_object($this->privateKey)) {
|
if (!is_object($this->privateKey)) {
|
||||||
return false;
|
return false;
|
||||||
@ -2734,6 +2738,7 @@ class X509
|
|||||||
|
|
||||||
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
||||||
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
||||||
|
$signatureAlgorithm = self::identifySignatureAlgorithm($this->privateKey);
|
||||||
|
|
||||||
// re-signing a SPKAC seems silly but since everything else supports re-signing why not?
|
// re-signing a SPKAC seems silly but since everything else supports re-signing why not?
|
||||||
if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['publicKeyAndChallenge'])) {
|
if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['publicKeyAndChallenge'])) {
|
||||||
@ -2765,7 +2770,8 @@ class X509
|
|||||||
$publicKeyAndChallenge = $this->currentCert['publicKeyAndChallenge'];
|
$publicKeyAndChallenge = $this->currentCert['publicKeyAndChallenge'];
|
||||||
$this->loadSPKAC($this->saveSPKAC($this->currentCert));
|
$this->loadSPKAC($this->saveSPKAC($this->currentCert));
|
||||||
|
|
||||||
$result = $this->signHelper($this->privateKey, $signatureAlgorithm);
|
$result = $this->currentCert;
|
||||||
|
$this->currentCert['signature'] = $result['signature'] = "\0" . $this->privateKey->sign($this->signatureSubject);
|
||||||
$result['publicKeyAndChallenge'] = $publicKeyAndChallenge;
|
$result['publicKeyAndChallenge'] = $publicKeyAndChallenge;
|
||||||
|
|
||||||
$this->currentCert = $currentCert;
|
$this->currentCert = $currentCert;
|
||||||
@ -2785,7 +2791,7 @@ class X509
|
|||||||
* @access public
|
* @access public
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function signCRL($issuer, $crl, $signatureAlgorithm = 'sha1WithRSAEncryption')
|
public function signCRL($issuer, $crl)
|
||||||
{
|
{
|
||||||
if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
|
if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
|
||||||
return false;
|
return false;
|
||||||
@ -2793,6 +2799,7 @@ class X509
|
|||||||
|
|
||||||
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
||||||
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
||||||
|
$signatureAlgorithm = self::identifySignatureAlgorithm($issuer->privateKey);
|
||||||
|
|
||||||
$thisUpdate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
|
$thisUpdate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
|
||||||
$thisUpdate = !empty($this->startDate) ? $this->startDate : $thisUpdate->format('D, d M Y H:i:s O');
|
$thisUpdate = !empty($this->startDate) ? $this->startDate : $thisUpdate->format('D, d M Y H:i:s O');
|
||||||
@ -2898,7 +2905,8 @@ class X509
|
|||||||
$tbsCertList = $this->currentCert['tbsCertList'];
|
$tbsCertList = $this->currentCert['tbsCertList'];
|
||||||
$this->loadCRL($this->saveCRL($this->currentCert));
|
$this->loadCRL($this->saveCRL($this->currentCert));
|
||||||
|
|
||||||
$result = $this->signHelper($issuer->privateKey, $signatureAlgorithm);
|
$result = $this->currentCert;
|
||||||
|
$this->currentCert['signature'] = $result['signature'] = "\0" . $issuer->privateKey->sign($this->signatureSubject);
|
||||||
$result['tbsCertList'] = $tbsCertList;
|
$result['tbsCertList'] = $tbsCertList;
|
||||||
|
|
||||||
$this->currentCert = $currentCert;
|
$this->currentCert = $currentCert;
|
||||||
@ -2908,82 +2916,60 @@ class X509
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* X.509 certificate signing helper function.
|
* Identify signature algorithm from key settings
|
||||||
*
|
*
|
||||||
* @param object $key
|
* @param object $key
|
||||||
* @param string $signatureAlgorithm
|
* @access private
|
||||||
* @access public
|
|
||||||
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
|
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
|
||||||
* @return mixed
|
* @return string
|
||||||
*/
|
*/
|
||||||
private function signHelper(PrivateKey $key, $signatureAlgorithm)
|
private static function identifySignatureAlgorithm(PrivateKey $key)
|
||||||
{
|
{
|
||||||
if ($key instanceof RSA) {
|
if ($key instanceof RSA) {
|
||||||
switch ($signatureAlgorithm) {
|
if ($key->getPadding() | RSA::SIGNATURE_PSS) {
|
||||||
case 'id-RSASSA-PSS':
|
return 'id-RSASSA-PSS';
|
||||||
$key = $key->withPadding(RSA::SIGNATURE_PSS);
|
|
||||||
break;
|
|
||||||
case 'md2WithRSAEncryption':
|
|
||||||
case 'md5WithRSAEncryption':
|
|
||||||
case 'sha1WithRSAEncryption':
|
|
||||||
case 'sha224WithRSAEncryption':
|
|
||||||
case 'sha256WithRSAEncryption':
|
|
||||||
case 'sha384WithRSAEncryption':
|
|
||||||
case 'sha512WithRSAEncryption':
|
|
||||||
$key = $key
|
|
||||||
->withHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm))
|
|
||||||
->withPadding(RSA::SIGNATURE_PKCS1);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
throw new UnsupportedAlgorithmException('Signature algorithm unsupported');
|
|
||||||
}
|
}
|
||||||
$this->currentCert['signature'] = "\0" . $key->sign($this->signatureSubject);
|
switch ($key->getHash()) {
|
||||||
return $this->currentCert;
|
case 'md2':
|
||||||
|
case 'md5':
|
||||||
|
case 'sha1':
|
||||||
|
case 'sha224':
|
||||||
|
case 'sha256':
|
||||||
|
case 'sha384':
|
||||||
|
case 'sha512':
|
||||||
|
return $key->getHash() . 'WithRSAEncryption';
|
||||||
|
}
|
||||||
|
throw new UnsupportedAlgorithmException('The only supported hash algorithms for RSA are: md2, md5, sha1, sha224, sha256, sha384, sha512');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($key instanceof DSA) {
|
if ($key instanceof DSA) {
|
||||||
switch ($signatureAlgorithm) {
|
switch ($key->getHash()) {
|
||||||
case 'id-dsa-with-sha1':
|
case 'sha1':
|
||||||
case 'id-dsa-with-sha224':
|
case 'sha224':
|
||||||
case 'id-dsa-with-sha256':
|
case 'sha256':
|
||||||
$key = $key
|
return 'id-dsa-with-' . $key->getHash();
|
||||||
->withHash(preg_replace('#^id-dsa-with-#', '', strtolower($signatureAlgorithm)));
|
|
||||||
$this->currentCert['signature'] = "\0" . $key->sign($this->signatureSubject);
|
|
||||||
return $this->currentCert;
|
|
||||||
default:
|
|
||||||
throw new UnsupportedAlgorithmException('Signature algorithm unsupported');
|
|
||||||
}
|
}
|
||||||
|
throw new UnsupportedAlgorithmException('The only supported hash algorithms for DSA are: sha1, sha224, sha256');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($key instanceof ECDSA) {
|
if ($key instanceof ECDSA) {
|
||||||
switch ($signatureAlgorithm) {
|
switch ($key->getCurve()) {
|
||||||
case 'id-Ed25519':
|
case 'Ed25519':
|
||||||
if ($key->getCurve() !== 'Ed25519') {
|
case 'Ed448':
|
||||||
throw new UnsupportedAlgorithmException('Loaded ECDSA does not use the Ed25519 key and yet that is the signature algorithm that has been chosen');
|
return 'id-' . $key->getCurve();
|
||||||
}
|
|
||||||
$this->currentCert['signature'] = "\0" . $key->sign($this->signatureSubject);
|
|
||||||
return $this->currentCert;
|
|
||||||
case 'id-Ed448':
|
|
||||||
if ($key->getCurve() !== 'Ed448') {
|
|
||||||
throw new UnsupportedAlgorithmException('Loaded ECDSA does not use the Ed448 key and yet that is the signature algorithm that has been chosen');
|
|
||||||
}
|
|
||||||
$this->currentCert['signature'] = "\0" . $key->sign($this->signatureSubject);
|
|
||||||
return $this->currentCert;
|
|
||||||
case 'ecdsa-with-SHA1':
|
|
||||||
case 'ecdsa-with-SHA224':
|
|
||||||
case 'ecdsa-with-SHA256':
|
|
||||||
case 'ecdsa-with-SHA384':
|
|
||||||
case 'ecdsa-with-SHA512':
|
|
||||||
$key = $key
|
|
||||||
->withHash(preg_replace('#^ecdsa-with-#', '', strtolower($signatureAlgorithm)));
|
|
||||||
$this->currentCert['signature'] = "\0" . $key->sign($this->signatureSubject);
|
|
||||||
return $this->currentCert;
|
|
||||||
default:
|
|
||||||
throw new UnsupportedAlgorithmException('Signature algorithm unsupported');
|
|
||||||
}
|
}
|
||||||
|
switch ($key->getHash()) {
|
||||||
|
case 'sha1':
|
||||||
|
case 'sha224':
|
||||||
|
case 'sha256':
|
||||||
|
case 'sha384':
|
||||||
|
case 'sha512':
|
||||||
|
return 'ecdsa-with-' . strtoupper($key->getHash());
|
||||||
|
}
|
||||||
|
throw new UnsupportedAlgorithmException('The only supported hash algorithms for ECDSA are: sha1, sha224, sha256, sha384, sha512');
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new UnsupportedAlgorithmException('Unsupported public key algorithm');
|
throw new UnsupportedAlgorithmException('The only supported public key classes are: RSA, DSA, ECDSA');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -3666,12 +3652,16 @@ class X509
|
|||||||
*/
|
*/
|
||||||
private function formatSubjectPublicKey()
|
private function formatSubjectPublicKey()
|
||||||
{
|
{
|
||||||
$publicKey = base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey));
|
$format = $this->publicKey instanceof RSA && ($this->publicKey->getPadding() & RSA::SIGNATURE_PSS) ?
|
||||||
|
'PSS' :
|
||||||
|
'PKCS8';
|
||||||
|
|
||||||
|
$publicKey = base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->toString($format)));
|
||||||
|
|
||||||
$decoded = ASN1::decodeBER($publicKey);
|
$decoded = ASN1::decodeBER($publicKey);
|
||||||
$mapped = ASN1::asn1map($decoded[0], Maps\SubjectPublicKeyInfo::MAP);
|
$mapped = ASN1::asn1map($decoded[0], Maps\SubjectPublicKeyInfo::MAP);
|
||||||
|
|
||||||
$mapped['subjectPublicKey'] = (string) $this->publicKey;
|
$mapped['subjectPublicKey'] = $this->publicKey->toString($format);
|
||||||
|
|
||||||
return $mapped;
|
return $mapped;
|
||||||
}
|
}
|
||||||
|
@ -113,9 +113,11 @@ L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
|
|||||||
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
|
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
|
||||||
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
|
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
|
||||||
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
|
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
|
||||||
-----END RSA PRIVATE KEY-----');
|
-----END RSA PRIVATE KEY-----')
|
||||||
|
->withPadding(RSA::SIGNATURE_PKCS1)
|
||||||
|
->withHash('sha1');
|
||||||
$x509->setPrivateKey($rsa);
|
$x509->setPrivateKey($rsa);
|
||||||
$x509->setDN(['cn' => 'website.com']);
|
$x509->setDN(['cn' => 'website.com']);
|
||||||
$x509->saveCSR($x509->signCSR('sha256WithRSAEncryption'), X509::FORMAT_DER);
|
$x509->saveCSR($x509->signCSR(), X509::FORMAT_DER);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,9 @@ class Unit_File_X509_SPKACTest extends PhpseclibTestCase
|
|||||||
|
|
||||||
public function testSaveSPKAC()
|
public function testSaveSPKAC()
|
||||||
{
|
{
|
||||||
$privatekey = RSA::createKey();
|
$privatekey = RSA::createKey(512)
|
||||||
|
->withPadding(RSA::SIGNATURE_PKCS1)
|
||||||
|
->withHash('sha1');
|
||||||
|
|
||||||
$x509 = new X509();
|
$x509 = new X509();
|
||||||
$x509->setPrivateKey($privatekey);
|
$x509->setPrivateKey($privatekey);
|
||||||
|
@ -167,6 +167,9 @@ TQDJcOBY0qgBTEFqbazr7PScJR/0X8m0eLYS/XqkPi3kYaHLpr3RcsVbmwg9hVtx
|
|||||||
aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
|
aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
|
||||||
4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt
|
4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt
|
||||||
-----END RSA PRIVATE KEY-----');
|
-----END RSA PRIVATE KEY-----');
|
||||||
|
$privKey = $privKey
|
||||||
|
->withPadding(RSA::SIGNATURE_PKCS1)
|
||||||
|
->withHash('sha1');
|
||||||
|
|
||||||
$pubKey = $privKey->getPublicKey();
|
$pubKey = $privKey->getPublicKey();
|
||||||
|
|
||||||
@ -356,7 +359,9 @@ Mj93S
|
|||||||
// fixed by #1104
|
// fixed by #1104
|
||||||
public function testMultipleDomainNames()
|
public function testMultipleDomainNames()
|
||||||
{
|
{
|
||||||
$privatekey = RSA::createKey(512);
|
$privatekey = RSA::createKey(512)
|
||||||
|
->withPadding(RSA::SIGNATURE_PKCS1)
|
||||||
|
->withHash('sha1');
|
||||||
$publickey = $privatekey->getPublicKey();
|
$publickey = $privatekey->getPublicKey();
|
||||||
|
|
||||||
$subject = new X509();
|
$subject = new X509();
|
||||||
@ -552,7 +557,9 @@ keSg3sfr4VWT545guJlTe+6vvelxbPFIXCXnyVLoePBYZtEe8FQhIBxd3EQHsxuJ
|
|||||||
iSoMCxKCa8r5P1DrxKaJAkBBP87OdahRq0CBQjTFg0wmPs66PoTXA4hZvSxV77CO
|
iSoMCxKCa8r5P1DrxKaJAkBBP87OdahRq0CBQjTFg0wmPs66PoTXA4hZvSxV77CO
|
||||||
tMPj6Pas7Muejogm6JkmxXC/uT6Tzfknd0B3XSmtDzGL
|
tMPj6Pas7Muejogm6JkmxXC/uT6Tzfknd0B3XSmtDzGL
|
||||||
-----END RSA PRIVATE KEY-----';
|
-----END RSA PRIVATE KEY-----';
|
||||||
$cakey = PublicKeyLoader::load($pemcakey);
|
$cakey = PublicKeyLoader::load($pemcakey)
|
||||||
|
->withPadding(RSA::SIGNATURE_PKCS1)
|
||||||
|
->withHash('sha1');
|
||||||
$pemca = '-----BEGIN CERTIFICATE-----
|
$pemca = '-----BEGIN CERTIFICATE-----
|
||||||
MIICADCCAWmgAwIBAgIUJXQulcz5xkTam8UGC/yn6iVaiWwwDQYJKoZIhvcNAQEF
|
MIICADCCAWmgAwIBAgIUJXQulcz5xkTam8UGC/yn6iVaiWwwDQYJKoZIhvcNAQEF
|
||||||
BQAwHDEaMBgGA1UECgwRcGhwc2VjbGliIGRlbW8gQ0EwHhcNMTgwMTIxMTc0NzM0
|
BQAwHDEaMBgGA1UECgwRcGhwc2VjbGliIGRlbW8gQ0EwHhcNMTgwMTIxMTc0NzM0
|
||||||
@ -855,13 +862,15 @@ uhPlgkgknwIgdDqqKIAF60ouiynsbU53ERS0TwpjeFiYGA48SwYW3Nk=
|
|||||||
|
|
||||||
$x509 = new X509();
|
$x509 = new X509();
|
||||||
|
|
||||||
$result = $x509->sign($issuer, $subject, 'id-dsa-with-sha256');
|
$result = $x509->sign($issuer, $subject);
|
||||||
$result = $x509->saveX509($result);
|
$result = $x509->saveX509($result);
|
||||||
|
|
||||||
$this->assertInternalType('string', $result);
|
$this->assertInternalType('string', $result);
|
||||||
|
|
||||||
$r = $x509->loadX509($result);
|
$r = $x509->loadX509($result);
|
||||||
$this->assertArrayHasKey('tbsCertificate', $r);
|
$this->assertSame('id-dsa-with-sha256', $r['tbsCertificate']['signature']['algorithm']);
|
||||||
|
$this->assertSame('id-dsa', $r['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm']);
|
||||||
|
$this->assertSame('id-dsa-with-sha256', $r['signatureAlgorithm']['algorithm']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testECDSASave()
|
public function testECDSASave()
|
||||||
@ -884,13 +893,15 @@ wkwhE/JaQAEHq2PHnEmvwyBiJcHSdLXkcLzYlg19Ho0BPqVKdulx8GAk
|
|||||||
|
|
||||||
$x509 = new X509();
|
$x509 = new X509();
|
||||||
|
|
||||||
$result = $x509->sign($issuer, $subject, 'ecdsa-with-SHA256');
|
$result = $x509->sign($issuer, $subject);
|
||||||
$result = $x509->saveX509($result);
|
$result = $x509->saveX509($result);
|
||||||
|
|
||||||
$this->assertInternalType('string', $result);
|
$this->assertInternalType('string', $result);
|
||||||
|
|
||||||
$r = $x509->loadX509($result);
|
$r = $x509->loadX509($result);
|
||||||
$this->assertArrayHasKey('tbsCertificate', $r);
|
$this->assertSame('ecdsa-with-SHA256', $r['tbsCertificate']['signature']['algorithm']);
|
||||||
|
$this->assertSame('id-ecPublicKey', $r['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm']);
|
||||||
|
$this->assertSame('ecdsa-with-SHA256', $r['signatureAlgorithm']['algorithm']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testPSSSave()
|
public function testPSSSave()
|
||||||
@ -921,13 +932,15 @@ U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
|
|||||||
|
|
||||||
$x509 = new X509();
|
$x509 = new X509();
|
||||||
|
|
||||||
$result = $x509->sign($issuer, $subject, 'id-RSASSA-PSS');
|
$result = $x509->sign($issuer, $subject);
|
||||||
$result = $x509->saveX509($result);
|
$result = $x509->saveX509($result);
|
||||||
|
|
||||||
$this->assertInternalType('string', $result);
|
$this->assertInternalType('string', $result);
|
||||||
|
|
||||||
$r = $x509->loadX509($result);
|
$r = $x509->loadX509($result);
|
||||||
$this->assertArrayHasKey('tbsCertificate', $r);
|
$this->assertSame('id-RSASSA-PSS', $r['tbsCertificate']['signature']['algorithm']);
|
||||||
|
$this->assertSame('id-RSASSA-PSS', $r['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm']);
|
||||||
|
$this->assertSame('id-RSASSA-PSS', $r['signatureAlgorithm']['algorithm']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testLongTagOnBadCert()
|
public function testLongTagOnBadCert()
|
||||||
|
Loading…
Reference in New Issue
Block a user