当前位置: 首页>>代码示例>>PHP>>正文


PHP openssl_x509_checkpurpose函数代码示例

本文整理汇总了PHP中openssl_x509_checkpurpose函数的典型用法代码示例。如果您正苦于以下问题:PHP openssl_x509_checkpurpose函数的具体用法?PHP openssl_x509_checkpurpose怎么用?PHP openssl_x509_checkpurpose使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了openssl_x509_checkpurpose函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: check_certificate_purpose

 function check_certificate_purpose($purpose)
 {
     //$this->clear_debug_buffer();
     $ok = openssl_x509_checkpurpose($this->certificate_resource, $purpose);
     //$this->debug("check_certificate_purpose");
     return $ok;
 }
开发者ID:robotamer,项目名称:oldstuff,代码行数:7,代码来源:Openssl.php

示例2: __construct

 /**
  * Archive creator for phar, tar, tgz and zip archives.
  *
  * @param string path to primary archive
  * @param string|false stub or false to use default stub of phar archives
  * @param int one of Phar::TAR, Phar::PHAR, or Phar::ZIP
  * @param int if the archive can be compressed (phar and tar), one of Phar::GZ, Phar::BZ2 or Phar::NONE
  *            for no compression
  * @param array an array of arrays containing information on additional archives to create.  The indices are:
  *
  *               0. extension (tar/tgz/zip)
  *               1. format (Phar::TAR, Phar::ZIP, Phar::PHAR)
  *               2. compression (Phar::GZ, Phar::BZ2, Phar::NONE)
  * @param string PKCS12 certificate to be used to sign the archive.  This must be a certificate issued
  *               by a certificate authority, self-signed certs will not be accepted by Pyrus
  * @param string passphrase, if any, for the PKCS12 certificate.
  */
 function __construct($path, $stub = false, $fileformat = \Phar::TAR, $compression = \Phar::GZ, array $others = null, $releaser = null, \PEAR2\Pyrus\Package $new = null, $pkcs12 = null, $passphrase = '')
 {
     if (!class_exists('Phar')) {
         throw new \PEAR2\Pyrus\Developer\Creator\Exception('Phar extension is not available');
     }
     if (!\Phar::canWrite() || !\Phar::isValidPharFilename($path, true)) {
         $this->_classname = 'PharData';
     }
     $this->path = $path;
     $this->compression = $compression;
     $this->format = $fileformat;
     $this->others = $others;
     $this->stub = $stub;
     if ($pkcs12 && !extension_loaded('openssl')) {
         throw new \PEAR2\Pyrus\Developer\Creator\Exception('Unable to use ' . 'OpenSSL signing of phars, enable the openssl PHP extension');
     }
     $this->pkcs12 = $pkcs12;
     $this->passphrase = $passphrase;
     if (null !== $this->pkcs12) {
         $cert = array();
         $pkcs = openssl_pkcs12_read(file_get_contents($this->pkcs12), $cert, $this->passphrase);
         if (!$pkcs) {
             throw new \PEAR2\Pyrus\Developer\Creator\Exception('Unable to process openssl key');
         }
         $private = openssl_pkey_get_private($cert['pkey']);
         if (!$private) {
             throw new \PEAR2\Pyrus\Developer\Creator\Exception('Unable to extract private openssl key');
         }
         $pub = openssl_pkey_get_public($cert['cert']);
         $info = openssl_x509_parse($cert['cert']);
         $details = openssl_pkey_get_details($pub);
         if (true !== openssl_x509_checkpurpose($cert['cert'], X509_PURPOSE_SSL_SERVER, \PEAR2\Pyrus\Channel\RemotePackage::authorities())) {
             throw new \PEAR2\Pyrus\Developer\Creator\Exception('releasing maintainer\'s certificate is invalid');
         }
         // now verify that this cert is in fact the releasing maintainer's certificate
         // by verifying that alternate name is the releaser's email address
         if (!isset($info['subject']) || !isset($info['subject']['emailAddress'])) {
             throw new \PEAR2\Pyrus\Developer\Creator\Exception('releasing maintainer\'s certificate does not contain' . ' an alternate name corresponding to the releaser\'s email address');
         }
         if ($info['subject']['emailAddress'] != $new->maintainer[$releaser]->email) {
             throw new \PEAR2\Pyrus\Developer\Creator\Exception('releasing maintainer\'s certificate ' . 'alternate name does not match the releaser\'s email address ' . $new->maintainer[$releaser]->email);
         }
         $pkey = '';
         openssl_pkey_export($private, $pkey);
         $this->x509cert = $cert['cert'];
         $this->publickey = $details['key'];
         $this->privatekey = $pkey;
     }
 }
开发者ID:rosstuck,项目名称:PEAR2_Pyrus,代码行数:66,代码来源:Phar.php

示例3: Handle

 /**
  * Handles the ValidateCert command
  *
  * @param int       $commandCode
  *
  * @access public
  * @return boolean
  */
 public function Handle($commandCode)
 {
     // Parse input
     if (!self::$decoder->getElementStartTag(SYNC_VALIDATECERT_VALIDATECERT)) {
         return false;
     }
     $validateCert = new SyncValidateCert();
     $validateCert->Decode(self::$decoder);
     $cert_der = base64_decode($validateCert->certificates[0]);
     $cert_pem = "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($cert_der), 64, "\n") . "-----END CERTIFICATE-----\n";
     $checkpurpose = defined('CAINFO') && CAINFO ? openssl_x509_checkpurpose($cert_pem, X509_PURPOSE_SMIME_SIGN, array(CAINFO)) : openssl_x509_checkpurpose($cert_pem, X509_PURPOSE_SMIME_SIGN);
     if ($checkpurpose === true) {
         $status = SYNC_VALIDATECERTSTATUS_SUCCESS;
     } else {
         $status = SYNC_VALIDATECERTSTATUS_CANTVALIDATESIG;
     }
     if (!self::$decoder->getElementEndTag()) {
         return false;
     }
     // SYNC_VALIDATECERT_VALIDATECERT
     self::$encoder->startWBXML();
     self::$encoder->startTag(SYNC_VALIDATECERT_VALIDATECERT);
     self::$encoder->startTag(SYNC_VALIDATECERT_STATUS);
     self::$encoder->content($status);
     self::$encoder->endTag();
     // SYNC_VALIDATECERT_STATUS
     self::$encoder->startTag(SYNC_VALIDATECERT_CERTIFICATE);
     self::$encoder->startTag(SYNC_VALIDATECERT_STATUS);
     self::$encoder->content($status);
     self::$encoder->endTag();
     // SYNC_VALIDATECERT_STATUS
     self::$encoder->endTag();
     // SYNC_VALIDATECERT_CERTIFICATE
     self::$encoder->endTag();
     // SYNC_VALIDATECERT_VALIDATECERT
     return true;
 }
开发者ID:SvKn,项目名称:Z-Push-contrib,代码行数:45,代码来源:validatecert.php

示例4: HandleValidateCert

function HandleValidateCert($backend, $devid, $protocolversion)
{
    global $zpushdtd;
    global $input, $output;
    $decoder = new WBXMLDecoder($input, $zpushdtd);
    $encoder = new WBXMLEncoder($output, $zpushdtd);
    if (!$decoder->getElementStartTag(SYNC_VALIDATECERT_VALIDATECERT)) {
        return false;
    }
    while (($field = $decoder->getElementStartTag(SYNC_VALIDATECERT_CERTIFICATES) ? SYNC_VALIDATECERT_CERTIFICATES : ($decoder->getElementStartTag(SYNC_VALIDATECERT_CERTIFICATECHAIN) ? SYNC_VALIDATECERT_CERTIFICATECHAIN : ($decoder->getElementStartTag(SYNC_VALIDATECERT_CHECKCRL) ? SYNC_VALIDATECERT_CHECKCRL : -1))) != -1) {
        if ($field == SYNC_VALIDATECERT_CERTIFICATES) {
            while ($decoder->getElementStartTag(SYNC_VALIDATECERT_CERTIFICATE)) {
                $certificates[] = $decoder->getElementContent();
                if (!$decoder->getElementEndTag()) {
                    return false;
                }
            }
            if (!$decoder->getElementEndTag()) {
                return false;
            }
        } else {
            if ($field == SYNC_VALIDATECERT_CERTIFICATECHAIN) {
                while ($decoder->getElementStartTag(SYNC_VALIDATECERT_CERTIFICATE)) {
                    $chain_certificates[] = $decoder->getElementContent();
                    if (!$decoder->getElementEndTag()) {
                        return false;
                    }
                }
                if (!$decoder->getElementEndTag()) {
                    return false;
                }
            } else {
                if ($field == SYNC_VALIDATECERT_CHECKCRL) {
                    $checkcrl = $decoder->getElementContent();
                    if (!$decoder->getElementEndTag()) {
                        return false;
                    }
                }
            }
        }
    }
    if (isset($checkcrl)) {
        debugLog("validatecert: checkcrl: " . $checkcrl);
    }
    if (isset($chain_certificates)) {
        foreach ($chain_certificates as $certificate) {
            debugLog("validatecert: certificatechain: " . print_r($certificate, true));
        }
    }
    foreach ($certificates as $certificate) {
        $cert_der = base64_decode($certificate);
        $cert_pem = "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($cert_der), 64, "\n") . "-----END CERTIFICATE-----\n";
        $cert_fn = VERIFYCERT_TEMP . "validatecert" . rand(1000, 99999) . ".pem";
        file_put_contents($cert_fn, $cert_pem);
        $now = time();
        if (!($cert_content = openssl_x509_parse($cert_pem))) {
            $status = 10;
        } else {
            if ($cert_content['validFrom_time_t'] >= $now || $cert_content['validTo_time_t'] <= $now) {
                $status = 7;
            } else {
                if (openssl_x509_checkpurpose($cert_pem, X509_PURPOSE_SMIME_SIGN, array(VERIFYCERT_CERTSTORE)) != 1) {
                    $status = 9;
                } else {
                    if ($checkcrl == 1) {
                        if (isset($cert_content['extensions']['crlDistributionPoints'])) {
                            $crlDistributionPoints = explode("\n", str_replace("\r", '', $cert_content['extensions']['crlDistributionPoints']));
                            foreach ($crlDistributionPoints as $entry) {
                                $line = explode("URI:", $entry);
                                if (isset($line[1]) && substr($line[1], 0, 5) == "http:") {
                                    $crl_urls[] = $line[1];
                                }
                            }
                        }
                        if (isset($cert_content['extensions']['authorityInfoAccess'])) {
                            $authorityInfoAccess = explode("\n", str_replace("\r", '', $cert_content['extensions']['authorityInfoAccess']));
                            foreach ($authorityInfoAccess as $entry) {
                                $line = explode(" - URI:", $entry);
                                if (strtolower(trim($line[0])) == 'ocsp') {
                                    $ocsp_urls[] = $line[1];
                                }
                                if (strtolower(trim($line[0])) == 'ca issuers') {
                                    $ca_issuers[] = $line[1];
                                }
                            }
                        }
                        $result = preg_split('/[\\r\\n]/', shell_exec(VERIFYCERT_SSLBIN . " x509 -in " . $cert_fn . " -issuer_hash -noout"));
                        $issuer_cer_name = $result[0] . '.0';
                        $issuer_crl_name = $result[0] . '.r0';
                        if (!file_exists(VERIFYCERT_CERTSTORE . $issuer_cer_name)) {
                            if (isset($ca_issuers)) {
                                foreach ($ca_issuers as $ca_issuer) {
                                    $ca_cert = file_get_contents($ca_issuer);
                                    if (strpos($ca_cert, '----BEGIN CERTIFICATE-----') == false) {
                                        $ca_cert = der2pem($ca_cert);
                                    }
                                    if (!openssl_x509_parse($ca_cert)) {
                                        $status = 5;
                                    } else {
                                        file_put_contents(VERIFYCERT_CERTSTORE . $issuer_cer_name, $ca_cert);
//.........这里部分代码省略.........
开发者ID:BackupTheBerlios,项目名称:z-push-svn,代码行数:101,代码来源:request.php

示例5: transparent

 /**
  * Automatic authentication: checks if the username is set in the
  * configured header.
  *
  * @return boolean  Whether or not the client is allowed.
  */
 public function transparent()
 {
     if (!is_callable('openssl_x509_parse')) {
         throw new Horde_Auth_Exception('SSL not enabled on server.');
     }
     if (empty($_SERVER[$this->_params['username_field']]) || empty($_SERVER[$this->_params['certificate_field']])) {
         return false;
     }
     // Valid for client auth?
     $cert = openssl_x509_read($_SERVER[$this->_params['certificate_field']]);
     if (!$this->_params['ignore_purpose'] && !openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT) && !openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY)) {
         return false;
     }
     $c_parsed = openssl_x509_parse($cert);
     foreach ($this->_params['filter'] as $key => $value) {
         $keys = explode(':', $key);
         $c = $c_parsed;
         foreach ($keys as $k) {
             $c = $c[$k];
         }
         if ($c != $value) {
             return false;
         }
     }
     // Handle any custom validation added by sub classes.
     if (!$this->_validate($cert)) {
         return false;
     }
     // Free resources.
     openssl_x509_free($cert);
     // Set credentials
     $this->setCredential('userId', $_SERVER[$this->_params['username_field']]);
     $cred = array('certificate_id' => $c_parsed['hash']);
     if (!empty($this->_params['password'])) {
         $cred['password'] = $this->_params['password'];
     }
     $this->setCredential('credentials', $cred);
     return true;
 }
开发者ID:raz0rsdge,项目名称:horde,代码行数:45,代码来源:X509.php

示例6: addSniServerCert

 /**
  * Adds a server ssl certificate for specific domain using the sni feature
  *
  * @param string $domain    The domain for the certificate to use
  * @param string $certPath  The path to the bundled certificate file
  * @param bool   $overwrite If an existing domain entry should be overwritten or not
  *
  * @return bool true on success or false on failure
  */
 public function addSniServerCert($domain, $certPath, $overwrite = true)
 {
     // get existing server certs
     $sniServerCerts = $this->getOption('ssl', 'SNI_server_certs');
     // check if sni server certs are set already or new should be started
     if (!is_array($sniServerCerts)) {
         $sniServerCerts = array();
     }
     // check if domain key exists and no overwrite is wanted
     if (isset($sniServerCerts[$domain]) && $overwrite === false) {
         return false;
     }
     // check if cert exists
     if (!is_file($certPath)) {
         throw new ServerException(sprintf("SSL certificate '%s' does not exist for domain '%s'.", $certPath, $domain));
     }
     // check if cert is valid for server usage
     $x509_res = openssl_x509_read(file_get_contents($certPath));
     $valid = openssl_x509_checkpurpose($x509_res, X509_PURPOSE_SSL_SERVER, array($certPath));
     if ($valid === true) {
         // if its valid, add it to sni server certs
         $sniServerCerts[$domain] = $certPath;
     } else {
         throw new ServerException(sprintf("SSL certificate '%s' is not valid for domain '%s'.", $certPath, $domain));
     }
     // add it to array
     $sniServerCerts[$domain] = $certPath;
     // add sni server certs array back to stream context resource instance
     return $this->setOption('ssl', 'SNI_server_certs', $sniServerCerts);
 }
开发者ID:appserver-io,项目名称:server,代码行数:39,代码来源:StreamContext.php

示例7: client_addSslCert

/**
 * Add or update an SSL certificate
 *
 * @throws iMSCP_Exception
 * @throws iMSCP_Exception_Database
 * @param int $domainId domain unique identifier
 * @param string $domainType Domain type (dmn|als|sub|alssub)
 * @return void
 */
function client_addSslCert($domainId, $domainType)
{
    $config = iMSCP_Registry::get('config');
    $domainName = _client_getDomainName($domainId, $domainType);
    $selfSigned = isset($_POST['selfsigned']);
    if ($domainName === false) {
        showBadRequestErrorPage();
    }
    if ($selfSigned && !client_generateSelfSignedCert($domainName)) {
        set_page_message(tr('Could not generate SSL certificate. An unexpected error occurred.'), 'error');
        return;
    }
    if (!isset($_POST['passphrase']) || !isset($_POST['private_key']) || !isset($_POST['certificate']) || !isset($_POST['ca_bundle']) || !isset($_POST['cert_id'])) {
        showBadRequestErrorPage();
    }
    $passPhrase = clean_input($_POST['passphrase']);
    $privateKey = clean_input($_POST['private_key']);
    $certificate = clean_input($_POST['certificate']);
    $caBundle = clean_input($_POST['ca_bundle']);
    $certId = intval($_POST['cert_id']);
    if (!$selfSigned) {
        // Validate SSL certificate (private key, SSL certificate and certificate chain)
        $privateKey = @openssl_pkey_get_private($privateKey, $passPhrase);
        if (!is_resource($privateKey)) {
            set_page_message(tr('Invalid private key or passphrase.'), 'error');
            return;
        }
        $certificateStr = $certificate;
        $certificate = @openssl_x509_read($certificate);
        if (!is_resource($certificate)) {
            set_page_message(tr('Invalid SSL certificate.'), 'error');
            return;
        }
        if (!@openssl_x509_check_private_key($certificate, $privateKey)) {
            set_page_message(tr("The private key doesn't belong to the provided SSL certificate."), 'error');
            return;
        }
        if (!($tmpfname = @tempnam(sys_get_temp_dir(), intval($_SESSION['user_id']) . 'ssl-ca'))) {
            write_log('Could not create temporary file for CA bundle..', E_USER_ERROR);
            set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
            return;
        }
        register_shutdown_function(function ($file) {
            @unlink($file);
        }, $tmpfname);
        if ($caBundle !== '') {
            if (!@file_put_contents($tmpfname, $caBundle)) {
                write_log('Could not export customer CA bundle in temporary file.', E_USER_ERROR);
                set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
                return;
            }
            // Note: Here we also add the CA bundle in the trusted chain to support self-signed certificates
            if (@openssl_x509_checkpurpose($certificate, X509_PURPOSE_SSL_SERVER, array($config['DISTRO_CA_BUNDLE'], $tmpfname), $tmpfname)) {
                set_page_message(tr('At least one intermediate certificate is invalid or missing.'), 'error');
                return;
            }
        } else {
            @file_put_contents($tmpfname, $certificateStr);
            // Note: Here we also add the certificate in the trusted chain to support self-signed certificates
            if (!@openssl_x509_checkpurpose($certificate, X509_PURPOSE_SSL_SERVER, array($config['DISTRO_CA_BUNDLE'], $tmpfname))) {
                set_page_message(tr('At least one intermediate certificate is invalid or missing.'), 'error');
                return;
            }
        }
    }
    // Preparing data for insertion in database
    if (!$selfSigned) {
        if (!@openssl_pkey_export($privateKey, $privateKeyStr)) {
            write_log('Could not export private key.', E_USER_ERROR);
            set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
            return;
        }
        @openssl_pkey_free($privateKey);
        if (!@openssl_x509_export($certificate, $certificateStr)) {
            write_log('Could not export SSL certificate.', E_USER_ERROR);
            set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
            return;
        }
        @openssl_x509_free($certificate);
        $caBundleStr = str_replace("\r\n", "\n", $caBundle);
    } else {
        $privateKeyStr = $privateKey;
        $certificateStr = $certificate;
        $caBundleStr = $caBundle;
    }
    $db = iMSCP_Database::getInstance();
    try {
        $db->beginTransaction();
        if ($certId == 0) {
            // Add new certificate
            exec_query('
//.........这里部分代码省略.........
开发者ID:svenjantzen,项目名称:imscp,代码行数:101,代码来源:cert_view.php

示例8: __checkSignatureAndGetSigner

 /**
  * __checkSignatureAndGetSigner - Checks the signature and extracts the signer certificate and it's serialnumber
  * #params     string    Base64 encoded signature
  * #params     string    verification of the message that should have been signed
  * #params     string    location of Certificate Authority file that should be used during verificaton
  * @return     boolean   
  */
 private function __checkSignatureAndGetSigner($signature, $message, $cafile)
 {
     assert('is_string($signature)');
     assert('is_string($message)');
     assert('is_string($cafile)');
     /* Check for provided file existence */
     if (!file_exists($cafile)) {
         trigger_error('mobileid::__checkSignatureAndGetSigner: file not found ' . $cafile, E_USER_WARNING);
     }
     /* Define temporary files */
     $tmpfile = tempnam(sys_get_temp_dir(), '_mid_');
     $file_sig = $tmpfile . '.sig';
     $file_sig_cert = $tmpfile . '.crt';
     $file_sig_msg = $tmpfile . '.msg';
     /* Chunk spliting the signature */
     $signature = chunk_split($signature, 64, "\n");
     /* This because the openssl_pkcs7_verify() function needs some mime headers to make it work */
     $signature = "MIME-Version: 1.0\nContent-Disposition: attachment;\n        filename=\"dummy.p7m\"\nContent-Type: application/x-pkcs7-mime;\n        name=\"dummy.p7m\"\nContent-Transfer-Encoding: base64\n\n" . $signature;
     /* Write the signature into temp files */
     file_put_contents($file_sig, $signature);
     /* Signature checks must explicitly succeed */
     $ok = false;
     /* Get the signer certificate */
     $status = openssl_pkcs7_verify($file_sig, PKCS7_NOVERIFY, $file_sig_cert);
     if ($status == true && file_exists($file_sig_cert)) {
         /* Get the signer certificate and details */
         $this->mid_certificate = file_get_contents($file_sig_cert);
         $certificate = openssl_x509_parse($this->mid_certificate);
         $this->mid_serialnumber = $certificate['subject']['serialNumber'];
         /* Verify message has been signed */
         $data = '';
         $status = openssl_pkcs7_verify($file_sig, PKCS7_NOVERIFY, $file_sig_cert, array($cafile), $file_sig_cert, $file_sig_msg);
         if (file_exists($file_sig_msg)) {
             $data = file_get_contents($file_sig_msg);
             if ($data === $message) {
                 $ok = true;
             }
         } else {
             trigger_error('mobileid::__checkSignatureAndGetSigner: signed message ' . openssl_error_string(), E_USER_NOTICE);
         }
         /* Verify signer issued by trusted CA */
         $status = openssl_x509_checkpurpose($this->mid_certificate, X509_PURPOSE_SSL_CLIENT, array($cafile));
         if ($status != true) {
             $ok = false;
             trigger_error('mobileid::__checkSignatureAndGetSigner: certificate check ' . openssl_error_string(), E_USER_NOTICE);
         }
     } else {
         trigger_error('mobileid::__checkSignatureAndGetSigner: signer certificate ' . openssl_error_string(), E_USER_NOTICE);
     }
     /* Cleanup of temporary files */
     if (file_exists($tmpfile)) {
         unlink($tmpfile);
     }
     if (file_exists($file_sig)) {
         unlink($file_sig);
     }
     if (file_exists($file_sig_cert)) {
         unlink($file_sig_cert);
     }
     if (file_exists($file_sig_msg)) {
         unlink($file_sig_msg);
     }
     /* Signature checks failed? */
     if (!$ok) {
         $this->statuscode = '503';
         $this->statusmessage = 'INVALID_SIGNATURE';
     }
     return $ok;
 }
开发者ID:mehulsbhatt,项目名称:mobileid,代码行数:76,代码来源:mobileid.php

示例9: checkPurpose

 /**
  * Checks the purpose of this certificate. If using PURPOSE_ANY, make sure openssl is on the PATH.
  * A bug in PHP prevents the certificate from being checked via the api for that specific purpose.
  * @param int $purpose The purpose to check the certificate for.
  * @param array $caInfo List of files and directories that contain root certificates.
  * @return boolean
  */
 public function checkPurpose($purpose, array $caInfo)
 {
     if ($purpose == self::PURPOSE_ANY) {
         $caPathDirsArray = array();
         $caPathFilesArray = array();
         foreach ($caInfo as $caPath) {
             if (is_dir($caPath)) {
                 $caPathDirsArray[] = $caPath;
             } else {
                 $caPathFilesArray[] = $caPath;
             }
         }
         $caPathDirs = implode(PATH_SEPARATOR, $caPathDirsArray);
         if (!empty($caPathDirs)) {
             $caPathDirs = " -CApath {$caPathDirs}";
         }
         $caPathFiles = implode(PATH_SEPARATOR, $caPathFilesArray);
         if (!empty($caPathFiles)) {
             $caPathFiles = " -CAfile {$caPathFiles}";
         }
         $tempCrt = tempnam(sys_get_temp_dir(), 'crt');
         file_put_contents($tempCrt, $this->clearText);
         exec("openssl verify{$caPathDirs}{$caPathFiles} -purpose any {$tempCrt}", $output);
         unlink($tempCrt);
         // return code of openssl is always 0, so we need to check the actual output
         return $output[0] == "{$tempCrt}: OK";
     }
     return openssl_x509_checkpurpose($this->certResource, $purpose, $caInfo);
 }
开发者ID:ntthanh,项目名称:crypto,代码行数:36,代码来源:X509Certificate.class.php

示例10: download

 function download()
 {
     $url = $this->getDownloadURL();
     $errs = new \PEAR2\MultiErrors();
     $certdownloaded = false;
     if (extension_loaded('openssl')) {
         // try to download openssl x509 signature certificate for our release
         try {
             $cert = \PEAR2\Pyrus\Main::download($url . '.pem');
             $cert = $cert->body;
             $certdownloaded = true;
         } catch (\PEAR2\Pyrus\HTTPException $e) {
             // file does not exist, ignore
         }
         if ($certdownloaded) {
             $info = openssl_x509_parse($cert);
             if (!$info) {
                 throw new \PEAR2\Pyrus\Package\Exception('Invalid abstract package ' . $this->channel . '/' . $this->name . ' - releasing maintainer\'s certificate is not a certificate');
             }
             if (true !== openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_SERVER, self::authorities())) {
                 throw new \PEAR2\Pyrus\Package\Exception('Invalid abstract package ' . $this->channel . '/' . $this->name . ' - releasing maintainer\'s certificate is invalid');
             }
             // now verify that this cert is in fact the releasing maintainer's certificate
             // by verifying that alternate name is the releaser's email address
             if (!isset($info['subject']) || !isset($info['subject']['emailAddress'])) {
                 throw new \PEAR2\Pyrus\Package\Exception('Invalid abstract package ' . $this->channel . '/' . $this->name . ' - releasing maintainer\'s certificate does not contain' . ' an alternate name corresponding to the releaser\'s email address');
             }
             // retrieve releaser's email address
             if ($info['subject']['emailAddress'] != $this->maintainer[$this->remoteAbridgedInfo['m']]->email) {
                 throw new \PEAR2\Pyrus\Package\Exception('Invalid abstract package ' . $this->channel . '/' . $this->name . ' - releasing maintainer\'s certificate ' . 'alternate name does not match the releaser\'s email address ' . $this->maintainer[$this->remoteAbridgedInfo['m']]->email);
             }
             $key = openssl_pkey_get_public($cert);
             $key = openssl_pkey_get_details($key);
             $key = $key['key'];
         }
     }
     // first try to download .phar, then .tgz, then .tar, then .zip
     // if a public key was downloaded, save it where ext/phar will
     // look to validate the openssl signature
     foreach (array('.phar', '.tgz', '.tar') as $ext) {
         try {
             if ($certdownloaded) {
                 if (!file_exists(Config::current()->download_dir)) {
                     mkdir(Config::current()->download_dir, 0755, true);
                 }
                 file_put_contents($pubkey = Config::current()->download_dir . DIRECTORY_SEPARATOR . basename($url) . $ext . '.pubkey', $key);
             }
             $ret = new \PEAR2\Pyrus\Package\Remote($url . $ext);
             if ($certdownloaded) {
                 if ($ext == '.tar' || $ext == '.tgz') {
                     if (phpversion() == '5.3.0') {
                         Logger::log(0, 'WARNING: ' . $url . $ext . ' may not be installable ' . 'with PHP version 5.3.0, the PHP extension phar ' . 'has a bug verifying openssl signatures for ' . 'tar and tgz files.  Either upgrade to PHP 5.3.1 ' . 'or install the .zip version');
                     }
                 }
             }
             return $ret;
         } catch (\PEAR2\Pyrus\HTTPException $e) {
             if ($certdownloaded && file_exists($pubkey)) {
                 unlink($pubkey);
             }
             $errs->E_ERROR[] = $e;
         } catch (\Exception $e) {
             if ($certdownloaded && file_exists($pubkey)) {
                 unlink($pubkey);
             }
             $errs->E_ERROR[] = $e;
             throw new \PEAR2\Pyrus\Package\Exception('Invalid abstract package ' . $this->channel . '/' . $this->name, $errs);
         }
     }
     try {
         // phar does not support signatures for zip archives
         $ret = new \PEAR2\Pyrus\Package\Remote($url . '.zip');
         return $ret;
     } catch (\PEAR2\Pyrus\HTTPException $e) {
         $errs->E_ERROR[] = $e;
         throw new \PEAR2\Pyrus\Package\Exception('Could not download abstract package ' . $this->channel . '/' . $this->name, $errs);
     } catch (\Exception $e) {
         $errs->E_ERROR[] = $e;
         throw new \PEAR2\Pyrus\Package\Exception('Invalid abstract package ' . $this->channel . '/' . $this->name, $errs);
     }
 }
开发者ID:rosstuck,项目名称:PEAR2_Pyrus,代码行数:81,代码来源:RemotePackage.php

示例11: checkPurpose

 /**
  * @param int $purpose X509_PURPOSE_*
  * @param array $cainfo
  * @param string $untrusted
  *
  * @return bool
  */
 public function checkPurpose(int $purpose, array $cainfo = [], string $untrusted = NULL) : bool
 {
     if ($untrusted === NULL) {
         $status = openssl_x509_checkpurpose($this->getHandle(), $purpose, $cainfo);
     } else {
         $status = openssl_x509_checkpurpose($this->getHandle(), $purpose, $cainfo, $untrusted);
     }
     if (!is_bool($status)) {
         throw new RuntimeException('Failed to check purpose');
     }
     return $status;
 }
开发者ID:blar,项目名称:openssl,代码行数:19,代码来源:Certificate.php

示例12: validateCABuiltIn

 /**
  * Validate a certificate against a CA file, by using the builtin
  * openssl_x509_checkpurpose function
  *
  * @param string $certificate  The certificate, in PEM format.
  * @param string $caFile  File with trusted certificates, in PEM-format.
  * @return boolean|string TRUE on success, or a string with error messages if it failed.
  * @deprecated
  */
 private static function validateCABuiltIn($certificate, $caFile)
 {
     assert('is_string($certificate)');
     assert('is_string($caFile)');
     /* Clear openssl errors. */
     while (openssl_error_string() !== FALSE) {
     }
     $res = openssl_x509_checkpurpose($certificate, X509_PURPOSE_ANY, array($caFile));
     $errors = '';
     /* Log errors. */
     while (($error = openssl_error_string()) !== FALSE) {
         $errors .= ' [' . $error . ']';
     }
     if ($res !== TRUE) {
         return $errors;
     }
     return TRUE;
 }
开发者ID:shirlei,项目名称:simplesaml,代码行数:27,代码来源:Utilities.php

示例13: checkAttest

 /**
  * @param string $certificate
  * @return boolean
  */
 private function checkAttest($certificate)
 {
     if (!$this->config->getAttestDir()) {
         return TRUE;
     }
     // @todo Original purpose is -1 which is undocumented. Is ANY ok to use here?
     // https://github.com/Yubico/php-u2flib-server/blob/cd49f97017c8415be3e190397565719b5319d2d6/src/u2flib_server/U2F.php#L192
     return openssl_x509_checkpurpose($certificate, X509_PURPOSE_ANY, array_map(function ($file) {
         return $file->getPathName();
     }, iterator_to_array(Finder::findFiles('*.pem')->from($this->config->getAttestDir()), FALSE))) === TRUE;
 }
开发者ID:lookyman,项目名称:u2f,代码行数:15,代码来源:Server.php

示例14: test_openssl_x509_checkpurpose

function test_openssl_x509_checkpurpose()
{
    $fcert = file_get_contents(__DIR__ . "/test_x509.crt");
    $cert = openssl_x509_read($fcert);
    VS(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT), 0);
    VS(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_SERVER), 0);
}
开发者ID:ezoic,项目名称:hhvm,代码行数:7,代码来源:ext_openssl.php

示例15: validate_chain

 function validate_chain($certs)
 {
     // Since we may have multiple certs in the XML, save the chain to a temp file
     // so we an pass as a list of untrusted certs to verify.
     $cert = array_shift($certs);
     $untrusted_file = $this->save_cert_chain($certs);
     $trusted = openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY, $this->trust_roots, $untrusted_file);
     unlink($untrusted_file);
     return $trusted > 0;
 }
开发者ID:remotelearner,项目名称:elis.openid,代码行数:10,代码来源:google_discovery.php


注:本文中的openssl_x509_checkpurpose函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。