PHPSecLib：一个设计目标在于实现极强的兼容效果的php类库

<?php /** * Pure-PHP X.509 Parser * * PHP versions 4 and 5 * * Encode and decode X.509 certificates. * * The extensions are from {@link http://tools.ietf.org/html/rfc5280 RFC5280} and * {@link http://web.archive.org/web/19961027104704/http://www3.netscape.com/eng/security/cert-exts.html Netscape Certificate Extensions}. * * Note that loading an X.509 certificate and resaving it may invalidate the signature. The reason being that the signature is based on a * portion of the certificate that contains optional parameters with default values. ie. if the parameter isn't there the default value is * used. Problem is, if the parameter is there and it just so happens to have the default value there are two ways that that parameter can * be encoded. It can be encoded explicitly or left out all together. This would effect the signature value and thus may invalidate the * the certificate all together unless the certificate is re-signed. * * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @category File * @package File_X509 * @author Jim Wigginton <terrafrost@php.net> * @copyright 2012 Jim Wigginton * @license http://www.opensource.org/licenses/mit-license.html MIT License * @link http://phpseclib.sourceforge.net */ /** * Include File_ASN1 */ if (!class_exists('File_ASN1')) { include_once 'ASN1.php'; } /** * Flag to only accept signatures signed by certificate authorities * * Not really used anymore but retained all the same to suppress E_NOTICEs from old installs * * @access public */ define('FILE_X509_VALIDATE_SIGNATURE_BY_CA', 1); /**#@+ * @access public * @see self::getDN() */ /** * Return internal array representation */ define('FILE_X509_DN_ARRAY', 0); /** * Return string */ define('FILE_X509_DN_STRING', 1); /** * Return ASN.1 name string */ define('FILE_X509_DN_ASN1', 2); /** * Return OpenSSL compatible array */ define('FILE_X509_DN_OPENSSL', 3); /** * Return canonical ASN.1 RDNs string */ define('FILE_X509_DN_CANON', 4); /** * Return name hash for file indexing */ define('FILE_X509_DN_HASH', 5); /**#@-*/ /**#@+ * @access public * @see self::saveX509() * @see self::saveCSR() * @see self::saveCRL() */ /** * Save as PEM * * ie. a base64-encoded PEM with a header and a footer */ define('FILE_X509_FORMAT_PEM', 0); /** * Save as DER */ define('FILE_X509_FORMAT_DER', 1); /** * Save as a SPKAC * * Only works on CSRs. Not currently supported. */ define('FILE_X509_FORMAT_SPKAC', 2); /** * Auto-detect the format * * Used only by the load*() functions */ define('FILE_X509_FORMAT_AUTO_DETECT', 3); /**#@-*/ /** * Attribute value disposition. * If disposition is >= 0, this is the index of the target value. */ define('FILE_X509_ATTR_ALL', -1); // All attribute values (array). define('FILE_X509_ATTR_APPEND', -2); // Add a value. define('FILE_X509_ATTR_REPLACE', -3); // Clear first, then add a value. /** * Pure-PHP X.509 Parser * * @package File_X509 * @author Jim Wigginton <terrafrost@php.net> * @access public */ class File_X509 { /** * ASN.1 syntax for X.509 certificates * * @var array * @access private */ var $Certificate; /**#@+ * ASN.1 syntax for various extensions * * @access private */ var $DirectoryString; var $PKCS9String; var $AttributeValue; var $Extensions; var $KeyUsage; var $ExtKeyUsageSyntax; var $BasicConstraints; var $KeyIdentifier; var $CRLDistributionPoints; var $AuthorityKeyIdentifier; var $CertificatePolicies; var $AuthorityInfoAccessSyntax; var $SubjectAltName; var $SubjectDirectoryAttributes; var $PrivateKeyUsagePeriod; var $IssuerAltName; var $PolicyMappings; var $NameConstraints; var $CPSuri; var $UserNotice; var $netscape_cert_type; var $netscape_comment; var $netscape_ca_policy_url; var $Name; var $RelativeDistinguishedName; var $CRLNumber; var $CRLReason; var $IssuingDistributionPoint; var $InvalidityDate; var $CertificateIssuer; var $HoldInstructionCode; var $SignedPublicKeyAndChallenge; /**#@-*/ /**#@+ * ASN.1 syntax for various DN attributes * * @access private */ var $PostalAddress; /**#@-*/ /** * ASN.1 syntax for Certificate Signing Requests (RFC2986) * * @var array * @access private */ var $CertificationRequest; /** * ASN.1 syntax for Certificate Revocation Lists (RFC5280) * * @var array * @access private */ var $CertificateList; /** * Distinguished Name * * @var array * @access private */ var $dn; /** * Public key * * @var string * @access private */ var $publicKey; /** * Private key * * @var string * @access private */ var $privateKey; /** * Object identifiers for X.509 certificates * * @var array * @access private * @link http://en.wikipedia.org/wiki/Object_identifier */ var $oids; /** * The certificate authorities * * @var array * @access private */ var $CAs; /** * The currently loaded certificate * * @var array * @access private */ var $currentCert; /** * The signature subject * * There's no guarantee File_X509 is going to re-encode an X.509 cert in the same way it was originally * encoded so we take save the portion of the original cert that the signature would have made for. * * @var string * @access private */ var $signatureSubject; /** * Certificate Start Date * * @var string * @access private */ var $startDate; /** * Certificate End Date * * @var string * @access private */ var $endDate; /** * Serial Number * * @var string * @access private */ var $serialNumber; /** * Key Identifier * * See {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.1 RFC5280#section-4.2.1.1} and * {@link http://tools.ietf.org/html/rfc5280#section-4.2.1.2 RFC5280#section-4.2.1.2}. * * @var string * @access private */ var $currentKeyIdentifier; /** * CA Flag * * @var bool * @access private */ var $caFlag = false; /** * SPKAC Challenge * * @var string * @access private */ var $challenge; /** * Default Constructor. * * @return File_X509