From 7e2dd901404cfdaf00b713071923821d5329d45c Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 1 Mar 2015 11:57:36 -0600 Subject: [PATCH 1/2] X509: make it so you can use File_ASN1_Element for custom X.509 extensions --- phpseclib/File/X509.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 36a6287b..75579b5d 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -1612,6 +1612,10 @@ class File_X509 if (is_array($extensions)) { $size = count($extensions); for ($i = 0; $i < $size; $i++) { + if (is_object($extensions[$i]) && strtolower(get_class($extensions[$i])) == 'file_asn1_element') { + continue; + } + $id = $extensions[$i]['extnId']; $value = &$extensions[$i]['extnValue']; From dad8a9ef37ace0867296ddbbdbc32cde672e9d11 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 10 Mar 2015 01:39:13 -0500 Subject: [PATCH 2/2] Tests/X509: add unit test --- tests/Unit/File/X509/X509Test.php | 63 +++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index 03d37096..ff53001c 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -57,4 +57,67 @@ k6m17mi63YW/+iPCGOWZ2qXmY5HPEyyF2L4L4IDryFJ+8xLyw3pH9/yp5aHZDtp6 $this->assertEquals('MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBw==', $cert['tbsCertificate']['extensions'][8]['extnValue']); } + + public function testSaveUnsupportedExtension() + { + $x509 = new File_X509(); + $cert = $x509->loadX509('-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM +MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg +THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x +MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw +FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy +wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B +d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM +BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl +LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF +BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw +Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0 +ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF +AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp +ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le +IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q== +-----END CERTIFICATE-----'); + + $asn1 = new File_ASN1(); + + $value = $this->encodeOID('1.2.3.4'); + $ext = chr(FILE_ASN1_TYPE_OBJECT_IDENTIFIER) . $asn1->_encodeLength(strlen($value)) . $value; + $value = 'zzzzzzzzz'; + $ext.= chr(FILE_ASN1_TYPE_OCTET_STRING) . $asn1->_encodeLength(strlen($value)) . $value; + $ext = chr(FILE_ASN1_TYPE_SEQUENCE | 0x20) . $asn1->_encodeLength(strlen($ext)) . $ext; + + $cert['tbsCertificate']['extensions'][4] = new File_ASN1_Element($ext); + + $result = $x509->loadX509($x509->saveX509($cert)); + + $this->assertCount(5, $result['tbsCertificate']['extensions']); + } + + function encodeOID($oid) + { + if ($oid === false) { + user_error('Invalid OID'); + return false; + } + $value = ''; + $parts = explode('.', $oid); + $value = chr(40 * $parts[0] + $parts[1]); + for ($i = 2; $i < count($parts); $i++) { + $temp = ''; + if (!$parts[$i]) { + $temp = "\0"; + } else { + while ($parts[$i]) { + $temp = chr(0x80 | ($parts[$i] & 0x7F)) . $temp; + $parts[$i] >>= 7; + } + $temp[strlen($temp) - 1] = $temp[strlen($temp) - 1] & chr(0x7F); + } + $value.= $temp; + } + return $value; + } }