From c8829e7865f5422e6e68876dd8fa719c32e0278a Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Sun, 21 Jan 2018 12:09:23 -0600
Subject: [PATCH 1/3] Tests/X509: add unit test for #1243

---
 tests/Unit/File/X509/X509Test.php | 73 +++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php
index bcabefbf..db965520 100644
--- a/tests/Unit/File/X509/X509Test.php
+++ b/tests/Unit/File/X509/X509Test.php
@@ -500,4 +500,77 @@ HI8pYRZmT7tKW3HxlZLJGGVo5CgBawdiWngK5v+LwWiNRTqxJA==
 
         $this->assertTrue($x509->validateSignature(false));
     }
+
+    /**
+     * @group github1243
+     */
+    public function testExtensionRemoval()
+    {
+        // Load the CA and its private key.
+        $pemcakey = '-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCpKtNFBdtRd8eFcq7L7RxvkeeUFcc4QDY6rLDJUpPGp1qL9L7p
+l+rK0L66TGSs+wZTM4awDP2d75HZG2/9LOX5Xy4oAb7aS2PiLDQmVa81t1sA42bs
+3UBxak9w4jcj623gesDG6dN1sFpqVq9/Z4JOnPJu1PXzwcuj3t7J5QLFSwIDAQAB
+AoGBAI8/vHeOZhGupD3Uxz/YIWQ44Sj86B4yAbnd0jYovwpRXNN3BNM52ZC1A00u
+s3Hnf4uk7kDWP00mORLnsQVqp7IKMznTHyvBJ/uA5vipXc0fmpmmPLjy6Sh071Co
+0iTYFUDu3dlPi6UEgQ6ZjgXmHdeTRA/YuH/70sqKjLjkYRbBAkEA3oRoMdJjJAm4
++XY3+1Ulc2qTHkecsTOON0Reta9THws4ibtKIP89aBUthz1XGLm9mUtWu49kQXht
+o1FtFLhLtQJBAMKfUurb075FQIRl6KsRJilCWVJSplf0szvKWm40uDXYmFlj7D7J
+bEdbVBWdfBi9SNzZrLAThjfxwdBsr+DjbP8CQQCeft+cxUfazpYUErHTcxXG/R2n
+jsi8q4VcNnXjoetqDFsMN/yYPlYmAhe44edc9EhpnXE9DekSfU5S61fwT0mVAkAm
+keSg3sfr4VWT545guJlTe+6vvelxbPFIXCXnyVLoePBYZtEe8FQhIBxd3EQHsxuJ
+iSoMCxKCa8r5P1DrxKaJAkBBP87OdahRq0CBQjTFg0wmPs66PoTXA4hZvSxV77CO
+tMPj6Pas7Muejogm6JkmxXC/uT6Tzfknd0B3XSmtDzGL
+-----END RSA PRIVATE KEY-----';
+        $cakey = new Crypt_RSA();
+        $cakey->loadKey($pemcakey);
+        $pemca = '-----BEGIN CERTIFICATE-----
+MIICADCCAWmgAwIBAgIUJXQulcz5xkTam8UGC/yn6iVaiWwwDQYJKoZIhvcNAQEF
+BQAwHDEaMBgGA1UECgwRcGhwc2VjbGliIGRlbW8gQ0EwHhcNMTgwMTIxMTc0NzM0
+WhcNMTkwMTIxMTc0NzM0WjAcMRowGAYDVQQKDBFwaHBzZWNsaWIgZGVtbyBDQTCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqSrTRQXbUXfHhXKuy+0cb5HnlBXH
+OEA2OqywyVKTxqdai/S+6ZfqytC+ukxkrPsGUzOGsAz9ne+R2Rtv/Szl+V8uKAG+
+2ktj4iw0JlWvNbdbAONm7N1AcWpPcOI3I+tt4HrAxunTdbBaalavf2eCTpzybtT1
+88HLo97eyeUCxUsCAwEAAaM/MD0wCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFCS1BJ12nN8ObQWE4OgOOSH9DxTRMA0GCSqGSIb3DQEBBQUA
+A4GBAHkSnlJnlkwDEUcENKWFZpfNgZu9HUvEuLDVOnhvsdd2MDr8EbVbgMHYNWnV
++ZOS/dqbuCd9Vd27JsBC2YHklaq9/V5zMbrEBiMLo5P5WL9qrz0qbmK/aruP+VX7
+cKVMm1WnOQd4aQgCvzv2r7/gsdX++496vRpBMTfwa1qLBjG6
+-----END CERTIFICATE-----';
+        $ca = new File_X509();
+        $ca->loadX509($pemca);
+        $ca->setPrivateKey($cakey);
+
+        // Read the old certificate.
+        $oldcert = new File_X509();
+        $oldcert->loadCA($pemca);
+        $oldcert->loadX509('-----BEGIN CERTIFICATE-----
+MIIB+TCCAWKgAwIBAgIUW+D7X27oKXHaD6WqFjelccV+D4YwDQYJKoZIhvcNAQEF
+BQAwHDEaMBgGA1UECgwRcGhwc2VjbGliIGRlbW8gQ0EwHhcNMTgwMTIxMTc0NzM0
+WhcNMTkwMTIxMTc0NzM0WjA3MRwwGgYDVQQKDBNwaHBzZWNsaWIgZGVtbyBjZXJ0
+MRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAqnB0IyO+O6RcZdZooFaMKY/ggeNPXW/EaLXdciHEnzxgbsVb1I5m5pwy
+nZIf6RCHUsfOYdhTX/xQE8JOSkbDEYtKmrySxu+JpmR3qZPhL+4rJUJKCdI+9YbM
+z1wiqQeHhVUTPiEvgdAzkzPXcrkLmpb1KV7VhKoQ4Z3swmJX528CAwEAAaMdMBsw
+GQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wDQYJKoZIhvcNAQEFBQADgYEAV5W5
+G9eY1SJiwIHMcd5Eo41w+bN69EqOJhTY28LQc/m9i+Fuc1J6nkwDMKCtEeEUyhjl
+bEbVUszdgPQWON7Y2nS5OCb2BevxW8Xdf6gnf/PRRYmlZJgygwf0KpgSm5CxxsZW
+Fqfy+n5VpXOdrjic4yZ52yS5sUaq05s6ZZvnmdU=
+-----END CERTIFICATE-----');
+        $this->assertTrue($oldcert->validateSignature());
+
+        // Set new dates and serial number.
+        $newcert = new File_X509();
+        $newcert->setStartDate('-1 day');
+        $newcert->setEndDate('+2 years');
+        //$newcert->setSerialNumber('1234', 10);
+
+        $oldcert->setDomain('www.google.com');
+
+        // Produce the new certificate by signing the old one.
+        $crt = $newcert->loadX509($newcert->saveX509($newcert->sign($ca, $oldcert)));
+
+        // Output new certificate.
+        $newcert->saveX509($crt);
+    }
 }

From 8aecafc92fc229f50ec8f9d34ca272fbc6a73f2a Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Sun, 21 Jan 2018 12:23:47 -0600
Subject: [PATCH 2/3] X509: fix 7.2 error when extensions were removed and new
 ones added

---
 phpseclib/File/X509.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php
index ba04e08e..ab3bd2bf 100644
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@@ -2530,6 +2530,10 @@ class File_X509
         }
 
         $dn = array_values($dn);
+        // fix for https://bugs.php.net/75433 affecting PHP 7.2
+        if (!isset($dn[0])) {
+            $dn = array_splice($dn, 0, 0);
+        }
     }
 
     /**
@@ -4166,6 +4170,10 @@ class File_X509
         }
 
         $extensions = array_values($extensions);
+        // fix for https://bugs.php.net/75433 affecting PHP 7.2
+        if (!isset($extensions[0])) {
+            $extensions = array_splice($extensions, 0, 0);
+        }
         return $result;
     }
 

From bb3798c731b800de67f6921bd2e4357ae9ce52b3 Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Sun, 21 Jan 2018 12:39:38 -0600
Subject: [PATCH 3/3] Tests/X509: update tests for 2.0 branch

---
 tests/Unit/File/X509/X509Test.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php
index 05a71bfe..478ddff6 100644
--- a/tests/Unit/File/X509/X509Test.php
+++ b/tests/Unit/File/X509/X509Test.php
@@ -586,7 +586,7 @@ keSg3sfr4VWT545guJlTe+6vvelxbPFIXCXnyVLoePBYZtEe8FQhIBxd3EQHsxuJ
 iSoMCxKCa8r5P1DrxKaJAkBBP87OdahRq0CBQjTFg0wmPs66PoTXA4hZvSxV77CO
 tMPj6Pas7Muejogm6JkmxXC/uT6Tzfknd0B3XSmtDzGL
 -----END RSA PRIVATE KEY-----';
-        $cakey = new Crypt_RSA();
+        $cakey = new RSA();
         $cakey->loadKey($pemcakey);
         $pemca = '-----BEGIN CERTIFICATE-----
 MIICADCCAWmgAwIBAgIUJXQulcz5xkTam8UGC/yn6iVaiWwwDQYJKoZIhvcNAQEF
@@ -601,12 +601,12 @@ A4GBAHkSnlJnlkwDEUcENKWFZpfNgZu9HUvEuLDVOnhvsdd2MDr8EbVbgMHYNWnV
 +ZOS/dqbuCd9Vd27JsBC2YHklaq9/V5zMbrEBiMLo5P5WL9qrz0qbmK/aruP+VX7
 cKVMm1WnOQd4aQgCvzv2r7/gsdX++496vRpBMTfwa1qLBjG6
 -----END CERTIFICATE-----';
-        $ca = new File_X509();
+        $ca = new X509();
         $ca->loadX509($pemca);
         $ca->setPrivateKey($cakey);
 
         // Read the old certificate.
-        $oldcert = new File_X509();
+        $oldcert = new X509();
         $oldcert->loadCA($pemca);
         $oldcert->loadX509('-----BEGIN CERTIFICATE-----
 MIIB+TCCAWKgAwIBAgIUW+D7X27oKXHaD6WqFjelccV+D4YwDQYJKoZIhvcNAQEF
@@ -624,7 +624,7 @@ Fqfy+n5VpXOdrjic4yZ52yS5sUaq05s6ZZvnmdU=
         $this->assertTrue($oldcert->validateSignature());
 
         // Set new dates and serial number.
-        $newcert = new File_X509();
+        $newcert = new X509();
         $newcert->setStartDate('-1 day');
         $newcert->setEndDate('+2 years');
         //$newcert->setSerialNumber('1234', 10);