mirror of
https://github.com/phpseclib/phpseclib.git
synced 2025-01-24 15:48:26 +00:00
validateSignature if subjectKeyIdentifier is not set and check serial number if is set
This commit is contained in:
mdelikat
terrafrost
parent
b25681beeb
commit
d9195ea5bd
@ -2181,6 +2181,7 @@ class File_X509
|
|||||||
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier');
|
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier');
|
||||||
switch (true) {
|
switch (true) {
|
||||||
case !is_array($authorityKey):
|
case !is_array($authorityKey):
|
||||||
|
case !$subjectKeyID:
|
||||||
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
||||||
$signingCert = $this->currentCert; // working cert
|
$signingCert = $this->currentCert; // working cert
|
||||||
}
|
}
|
||||||
@ -2198,7 +2199,11 @@ class File_X509
|
|||||||
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
|
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
|
||||||
switch (true) {
|
switch (true) {
|
||||||
case !is_array($authorityKey):
|
case !is_array($authorityKey):
|
||||||
|
case !$subjectKeyID:
|
||||||
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
||||||
|
if (isset($authorityKey['authorityCertSerialNumber']) && $authorityKey['authorityCertSerialNumber'] != $ca['tbsCertificate']['serialNumber']) {
|
||||||
|
break 2; // serial mismatch - check other ca
|
||||||
|
}
|
||||||
$signingCert = $ca; // working cert
|
$signingCert = $ca; // working cert
|
||||||
break 3;
|
break 3;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -495,4 +495,84 @@ C47x9g==
|
|||||||
|
|
||||||
$this->assertTrue($x509->validateURL('https://www.google.com'));
|
$this->assertTrue($x509->validateURL('https://www.google.com'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testValidateSignatureWithoutKeyIdentifier()
|
||||||
|
{
|
||||||
|
$x509 = new X509();
|
||||||
|
$x509->loadX509('-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDATCCAmqgAwIBAgICApowDQYJKoZIhvcNAQEFBQAwdzELMAkGA1UEBhMCVUsx
|
||||||
|
DzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQwwCgYDVQQKDANNUFMx
|
||||||
|
DDAKBgNVBAsMA0RldjENMAsGA1UEAwwEdGVzdDEbMBkGCSqGSIb3DQEJARYMZGVr
|
||||||
|
aUBtcHMuY29tMB4XDTE3MTEyNDE4MzE0MFoXDTE4MTEyNDE4MzE0MFowYTELMAkG
|
||||||
|
A1UEBhMCVUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQwwCgYD
|
||||||
|
VQQKDANNUFMxETAPBgNVBAsMCERldi90ZXN0MQ8wDQYDVQQDDAZ0ZXN0MDEwgZ8w
|
||||||
|
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6+ydLXtjwbKhUBIodrm9Zq5yhhfMUM
|
||||||
|
IDhpcEZ2PAWWUiwKZOo9eyXGAv4LnpvDcX5GzThqI1g3/rcPjgBMOB8bcuQA6RE0
|
||||||
|
I9Jcf3YHbg/ednp7Q2X/zqUW+QUd01VfG8OJiRvO/4WKJTdQMU7/DKAv5WScIa4c
|
||||||
|
0b11X4iiLUVvAgMBAAGjgbEwga4wgZMGA1UdIwSBizCBiKF7pHkwdzELMAkGA1UE
|
||||||
|
BhMCVUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQwwCgYDVQQK
|
||||||
|
DANNUFMxDDAKBgNVBAsMA0RldjENMAsGA1UEAwwEdGVzdDEbMBkGCSqGSIb3DQEJ
|
||||||
|
ARYMZGVraUBtcHMuY29tggkA+Fj4n7pGuRMwCQYDVR0TBAIwADALBgNVHQ8EBAMC
|
||||||
|
BPAwDQYJKoZIhvcNAQEFBQADgYEAK0s83KbLM0OSj93/aly7UZHKGY3R/XhBNcsQ
|
||||||
|
3fcxzX6VX8naJpqfK9kM5Ry9IBnqu6LwCnk18kqt6V6PSjqQ3gj9S3x8znTMdus1
|
||||||
|
xraMNBOqRrn9quWCGEQt/iBrXHZ8zCdb4a+Eb5Jhz6/qK00KVufxw67fhuvhsjjv
|
||||||
|
nnA8of4=
|
||||||
|
-----END CERTIFICATE-----');
|
||||||
|
|
||||||
|
$authorityKeyIdentifier = $x509->getExtension('id-ce-authorityKeyIdentifier');
|
||||||
|
$this->assertNotNull($authorityKeyIdentifier);
|
||||||
|
$this->assertFalse(isset($authorityKeyIdentifier['keyIdentifier']));
|
||||||
|
|
||||||
|
$x509->loadCA('-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDITCCAoqgAwIBAgIJAPhY+J+6RrkTMA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNV
|
||||||
|
BAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEMMAoGA1UE
|
||||||
|
CgwDTVBTMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBHRlc3QxGzAZBgkqhkiG9w0B
|
||||||
|
CQEWDGRla2lAbXBzLmNvbTAeFw0xNzExMjQxODI3NDlaFw0xODExMjQxODI3NDla
|
||||||
|
MHcxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRv
|
||||||
|
bjEMMAoGA1UECgwDTVBTMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBHRlc3QxGzAZ
|
||||||
|
BgkqhkiG9w0BCQEWDGRla2lAbXBzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
|
||||||
|
gYkCgYEA022CwduFLxKCwwKp2WTTpBu1vhcVywOAW0rNIfuSa7XsYyX5rCSScE4d
|
||||||
|
YW8hUgWbZSoJMk1s1omZarmwMAIeknpigZSKWUhEJF3IVnc1tW3mGaSAEvKg6r4g
|
||||||
|
unKttJV2aDW8w3Ew2qzP0G8sJwMX7y49XQumG5IgpuVXkiydTwsCAwEAAaOBtDCB
|
||||||
|
sTCBkwYDVR0jBIGLMIGIoXukeTB3MQswCQYDVQQGEwJVSzEPMA0GA1UECAwGTG9u
|
||||||
|
ZG9uMQ8wDQYDVQQHDAZMb25kb24xDDAKBgNVBAoMA01QUzEMMAoGA1UECwwDRGV2
|
||||||
|
MQ0wCwYDVQQDDAR0ZXN0MRswGQYJKoZIhvcNAQkBFgxkZWtpQG1wcy5jb22CCQD4
|
||||||
|
WPifuka5EzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQUF
|
||||||
|
AAOBgQBNhIESJpRiYBPDdIsdfOyuclzmN+5KHXicAXN4WXFiYgVQhML44Vb7Macb
|
||||||
|
X5ZBGsa3olRvoKrhg8ian7NyfRviAk0iO8EAAFCeeYHPN6bbloGfUcuf72P8576w
|
||||||
|
HI8pYRZmT7tKW3HxlZLJGGVo5CgBawdiWngK5v+LwWiNRTqxJA==
|
||||||
|
-----END CERTIFICATE-----');
|
||||||
|
|
||||||
|
$this->assertTrue($x509->validateSignature());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testValidateSignatureSelfSignedWithoutKeyIdentifier()
|
||||||
|
{
|
||||||
|
$x509 = new X509();
|
||||||
|
$x509->loadX509('-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDITCCAoqgAwIBAgIJAPhY+J+6RrkTMA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNV
|
||||||
|
BAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEMMAoGA1UE
|
||||||
|
CgwDTVBTMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBHRlc3QxGzAZBgkqhkiG9w0B
|
||||||
|
CQEWDGRla2lAbXBzLmNvbTAeFw0xNzExMjQxODI3NDlaFw0xODExMjQxODI3NDla
|
||||||
|
MHcxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRv
|
||||||
|
bjEMMAoGA1UECgwDTVBTMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBHRlc3QxGzAZ
|
||||||
|
BgkqhkiG9w0BCQEWDGRla2lAbXBzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
|
||||||
|
gYkCgYEA022CwduFLxKCwwKp2WTTpBu1vhcVywOAW0rNIfuSa7XsYyX5rCSScE4d
|
||||||
|
YW8hUgWbZSoJMk1s1omZarmwMAIeknpigZSKWUhEJF3IVnc1tW3mGaSAEvKg6r4g
|
||||||
|
unKttJV2aDW8w3Ew2qzP0G8sJwMX7y49XQumG5IgpuVXkiydTwsCAwEAAaOBtDCB
|
||||||
|
sTCBkwYDVR0jBIGLMIGIoXukeTB3MQswCQYDVQQGEwJVSzEPMA0GA1UECAwGTG9u
|
||||||
|
ZG9uMQ8wDQYDVQQHDAZMb25kb24xDDAKBgNVBAoMA01QUzEMMAoGA1UECwwDRGV2
|
||||||
|
MQ0wCwYDVQQDDAR0ZXN0MRswGQYJKoZIhvcNAQkBFgxkZWtpQG1wcy5jb22CCQD4
|
||||||
|
WPifuka5EzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQUF
|
||||||
|
AAOBgQBNhIESJpRiYBPDdIsdfOyuclzmN+5KHXicAXN4WXFiYgVQhML44Vb7Macb
|
||||||
|
X5ZBGsa3olRvoKrhg8ian7NyfRviAk0iO8EAAFCeeYHPN6bbloGfUcuf72P8576w
|
||||||
|
HI8pYRZmT7tKW3HxlZLJGGVo5CgBawdiWngK5v+LwWiNRTqxJA==
|
||||||
|
-----END CERTIFICATE-----');
|
||||||
|
|
||||||
|
$authorityKeyIdentifier = $x509->getExtension('id-ce-authorityKeyIdentifier');
|
||||||
|
$this->assertNotNull($authorityKeyIdentifier);
|
||||||
|
$this->assertFalse(isset($authorityKeyIdentifier['keyIdentifier']));
|
||||||
|
|
||||||
|
$this->assertTrue($x509->validateSignature(false));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user