本文整理汇总了PHP中openssl_x509_parse函数的典型用法代码示例。如果您正苦于以下问题:PHP openssl_x509_parse函数的具体用法?PHP openssl_x509_parse怎么用?PHP openssl_x509_parse使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了openssl_x509_parse函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: field_private_certificate
public function field_private_certificate($field)
{
$certificate = get_post_meta(get_the_ID(), '_pronamic_gateway_ideal_private_certificate', true);
if (!empty($certificate)) {
$fingerprint = Pronamic_WP_Pay_Gateways_IDealAdvanced_Security::getShaFingerprint($certificate);
$fingerprint = str_split($fingerprint, 2);
$fingerprint = implode(':', $fingerprint);
echo '<dl>';
echo '<dt>', esc_html__('SHA Fingerprint', 'pronamic_ideal'), '</dt>';
echo '<dd>', esc_html($fingerprint), '</dd>';
$info = openssl_x509_parse($certificate);
if ($info) {
$date_format = __('M j, Y @ G:i', 'pronamic_ideal');
if (isset($info['validFrom_time_t'])) {
echo '<dt>', esc_html__('Valid From', 'pronamic_ideal'), '</dt>';
echo '<dd>', esc_html(date_i18n($date_format, $info['validFrom_time_t'])), '</dd>';
}
if (isset($info['validTo_time_t'])) {
echo '<dt>', esc_html__('Valid To', 'pronamic_ideal'), '</dt>';
echo '<dd>', esc_html(date_i18n($date_format, $info['validTo_time_t'])), '</dd>';
}
}
echo '</dl>';
}
echo '<div>';
submit_button(__('Download Private Certificate', 'pronamic_ideal'), 'secondary', 'download_private_certificate', false);
echo ' ';
echo '<input type="file" name="_pronamic_gateway_ideal_private_certificate_file" />';
echo '</div>';
}示例2: __construct
public function __construct($certificate, $dontSkip = FALSE)
{
$config = Tinebase_Config::getInstance()->get('modssl');
if (is_object($config)) {
$this->casfile = $config->casfile;
$this->crlspath = $config->crlspath;
}
$this->status = array('isValid' => true, 'errors' => array());
$this->certificate = self::_fixPemCertificate($certificate);
$c = openssl_x509_parse($this->certificate);
// define certificate properties
$this->serialNumber = $c['serialNumber'];
$this->version = $c['version'];
$this->subject = $c['subject'];
$this->cn = $c['subject']['CN'];
$this->issuer = $c['issuer'];
$this->issuerCn = $c['issuer']['CN'];
$this->hash = $this->_calcHash();
// $dateTimezone = new DateTimeZone(Tinebase_Core::getUserTimezone());
// $locale = new Zend_Locale($_translation->getAdapter()->getLocale());
// Date valid from
$this->validFrom = Tinebase_Translation::dateToStringInTzAndLocaleFormat(new Tinebase_DateTime($c['validFrom_time_t']));
// Date valid to
$this->validTo = Tinebase_Translation::dateToStringInTzAndLocaleFormat(new Tinebase_DateTime($c['validTo_time_t']));
$this->_parsePurpose($c['purposes']);
$this->_parseExtensions($c['extensions']);
if (strtolower($this->casfile) != 'skip') {
$this->_validityCheck();
// skip validation, we trust the server's result
}
if (strtolower($this->crlspath) != 'skip' | $dontSkip) {
$this->_testRevoked();
// skip test,
}
}示例3: EncryptedPin
function EncryptedPin($sPin, $sCardNo, $sPubKeyURL)
{
global $log;
$sPubKeyURL = trim(SDK_ENCRYPT_CERT_PATH, " ");
/**
* [WeEngine System] Copyright (c) 2014 WE7.CC
* WeEngine is NOT a free software, it under the license terms, visited http://www.we7.cc/ for more details.
*/
$fp = fopen($sPubKeyURL, "r");
if ($fp != NULL) {
$sCrt = fread($fp, 8192);
fclose($fp);
}
$sPubCrt = openssl_x509_read($sCrt);
if ($sPubCrt === FALSE) {
print "openssl_x509_read in false!";
return -1;
}
$sPubKey = openssl_x509_parse($sPubCrt);
$sInput = Pin2PinBlockWithCardNO($sPin, $sCardNo);
if ($sInput == 1) {
print "Pin2PinBlockWithCardNO Error ! : " . $sInput;
return 1;
}
$iRet = openssl_public_encrypt($sInput, $sOutData, $sCrt, OPENSSL_PKCS1_PADDING);
if ($iRet === TRUE) {
$sBase64EncodeOutData = base64_encode($sOutData);
return $sBase64EncodeOutData;
} else {
print "openssl_public_encrypt Error !";
return -1;
}
}示例4: EncryptedPin
function EncryptedPin($sPin, $sCardNo, $sPubKeyURL)
{
global $log;
$sPubKeyURL = trim(SDK_ENCRYPT_CERT_PATH, " ");
$fp = fopen($sPubKeyURL, "r");
if ($fp != NULL) {
$sCrt = fread($fp, 8192);
fclose($fp);
}
$sPubCrt = openssl_x509_read($sCrt);
if ($sPubCrt === FALSE) {
print "openssl_x509_read in false!";
return -1;
}
$sPubKey = openssl_x509_parse($sPubCrt);
$sInput = Pin2PinBlockWithCardNO($sPin, $sCardNo);
if ($sInput == 1) {
print "Pin2PinBlockWithCardNO Error ! : " . $sInput;
return 1;
}
$iRet = openssl_public_encrypt($sInput, $sOutData, $sCrt, OPENSSL_PKCS1_PADDING);
if ($iRet === TRUE) {
$sBase64EncodeOutData = base64_encode($sOutData);
return $sBase64EncodeOutData;
} else {
print "openssl_public_encrypt Error !";
return -1;
}
}示例5: _getSignatureData
/**
* Get signature data from a single signature container.
*
* @param string $signature
* @return array
* @throws SetaPDF_Signer_Asn1_Exception
*/
private static function _getSignatureData($signature)
{
$data = array('certificates' => array(), 'signerCertificate' => null, 'subject' => null, 'MIDSN' => null);
$asn1 = SetaPDF_Signer_Asn1_Element::parse($signature);
$certificates = SetaPDF_Signer_Asn1_Element::findByPath('1/0/3', $asn1);
$certificates = $certificates->getChildren();
$lastValidToTime = PHP_INT_MAX;
for ($no = 0; $no < count($certificates); $no++) {
$certificate = $certificates[$no];
$certificate = $certificate->__toString();
$certificate = "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($certificate)) . "-----END CERTIFICATE-----";
$certificateInfo = openssl_x509_parse($certificate);
$data['certificates'][] = $certificateInfo;
if (isset($certificateInfo['validTo_time_t']) && $certificateInfo['validTo_time_t'] <= $lastValidToTime) {
$lastValidToTime = $certificateInfo['validTo_time_t'];
$data['signerCertificate'] = $certificateInfo;
}
}
$data['subject'] = $data['signerCertificate']['name'];
// extract MIDSN
if (isset($data['signerCertificate']['extensions']['subjectAltName'])) {
$subjectAltName = $data['signerCertificate']['extensions']['subjectAltName'];
// Format: 'DirName: serialNumber = ID-16981fa2-8998-4125-9a93-5fecbff74515, name = "+41798...", description = test.ch: Signer le document?, pseudonym = MIDCHEGU8GSH6K83'
if (preg_match("/pseudonym = ([^,]*)/", $subjectAltName, $match)) {
$data['MIDSN'] = $match[1];
}
}
return $data;
}示例6: __construct
protected function __construct($developerCert)
{
$this->setSchema($this->getSchema());
$ocsprequest = $this->OCSPRequest->tbsRequest->requestListSeq->reqCert;
$ocsprequest->hashAlgorithm->algorithm = '1.3.14.3.2.26'; // SHA-1
$ocsprequest->hashAlgorithm->parameters = null;
if (!file_exists($developerCert)) {
throw new Exception('Developer certificate ' . $developerCert . ' does not exist');
}
$info = openssl_x509_parse(file_get_contents($developerCert));
if (!isset($info['serialNumber']) || !isset($info['issuer']) || !isset($info['issuer']['OU'])) {
throw new Exception('Cannot process developer Certificate ' . $developerCert .
', missing key fields');
}
if ($info['issuer']['OU'] != 'http://www.cacert.org') {
// other issuers are picky about who they allow to verify,
// so we only accept certs from cacert
throw new Exception('Cannot verify certificate, ' .
'it is not from cacert.org');
}
$ocsprequest->issuerNameHash =
pack('C*', '8ba4c9cb172919453ebb8e730991b925f2832265');
$ocsprequest->issuerKeyHash =
pack('C*', '16b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d1');
$ocsprequest->serialNumber = $info['serialNumber'];
$this->requestExtensions->Inner->Extension->extnID = '1.3.6.1.5.5.7.48.1.2'; // OCSP nonce
$this->requestExtensions->Inner->Extension->extnValue = md5($info['serialNumber'] . time(), true);
echo $this;
}示例7: getCertIdByCerPath
protected static function getCertIdByCerPath($certPath)
{
$x509data = file_get_contents($certPath);
openssl_x509_read($x509data);
$certData = openssl_x509_parse($x509data);
return $certData['serialNumber'];
}示例8: verify_certificate_hostname
function verify_certificate_hostname($raw_cert, $host)
{
$cert_data = openssl_x509_parse($raw_cert);
if ($cert_data['subject']['CN']) {
$cert_host_names = [];
$cert_host_names[] = $cert_data['subject']['CN'];
if ($cert_data['extensions']['subjectAltName']) {
foreach (explode("DNS:", $cert_data['extensions']['subjectAltName']) as $altName) {
foreach (explode(",", $altName) as $key => $value) {
if (!empty(str_replace(',', "", "{$value}"))) {
$cert_host_names[] = str_replace(" ", "", str_replace(',', "", "{$value}"));
}
}
}
}
foreach ($cert_host_names as $key => $hostname) {
if (strpos($hostname, "*.") === 0) {
// wildcard hostname from cert
if (explode(".", $host, 2)[1] == explode(".", $hostname, 2)[1]) {
// split cert name and host name on . and compare everything after the first dot
return true;
}
}
// no wildcard, just regular match
if ($host == $hostname) {
return true;
}
}
// no match
return false;
}
}示例9: autoAuth
/**
* This function returns false if the used auth method cannot be
* done without user action (ie fill login/password in the form...).
* If it can be done automatically (SSL, CAS, etc...), then try to
* authenticate the user, and return true if it succeeds, false
* otherwise).
*
* @returns the username if the authentification succeeds, false if it fails
* or is not applicable.
* @todo Error handling !!!
* @todo return something better than "Unknown user" !!!
*/
function autoAuth()
{
include "config.php";
// $certAttributeToDisplay
if (isset($_SERVER['SSL_CLIENT_VERIFY']) && $_SERVER['SSL_CLIENT_VERIFY'] == "SUCCESS") {
$cert = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
if ($cert) {
$dn_cert = $cert["name"];
$pattern = "/{$certAttributeToDisplay}=([^\\/=]+)/";
preg_match($pattern, $dn_cert, $matches);
// Debug
/*echo "<p>You are : $matches[1]</p>\n";
print "certificate: ".$dn_cert."<br />\n";
echo "<p>pattern=$pattern</p>\n";
print_r($matches);
echo "<pre>\n";
var_dump($cert);
echo "</pre>\n";
*/
}
// Return the name to display !
return !empty($matches[1]) ? $matches[1] : "Unknown user";
} else {
echo "<p>No certificate received from the web server</p>\n";
return false;
}
}示例10: parse
/**
* Parse the certificate.
*
* @param Certificate $certificate
*
* @return ParsedCertificate
*/
public function parse(Certificate $certificate)
{
$rawData = openssl_x509_parse($certificate->getPEM());
if (!is_array($rawData)) {
throw new CertificateParsingException(sprintf('Fail to parse certificate with error: %s', openssl_error_string()));
}
if (!isset($rawData['subject']['CN'])) {
throw new CertificateParsingException('Missing expected key "subject.cn" in certificate');
}
if (!isset($rawData['issuer']['CN'])) {
throw new CertificateParsingException('Missing expected key "issuer.cn" in certificate');
}
if (!isset($rawData['serialNumber'])) {
throw new CertificateParsingException('Missing expected key "serialNumber" in certificate');
}
if (!isset($rawData['validFrom_time_t'])) {
throw new CertificateParsingException('Missing expected key "validFrom_time_t" in certificate');
}
if (!isset($rawData['validTo_time_t'])) {
throw new CertificateParsingException('Missing expected key "validTo_time_t" in certificate');
}
$subjectAlternativeName = [];
if (isset($rawData['extensions']['subjectAltName'])) {
$subjectAlternativeName = array_map(function ($item) {
return explode(':', trim($item), 2)[1];
}, array_filter(explode(',', $rawData['extensions']['subjectAltName']), function ($item) {
return false !== strpos($item, ':');
}));
}
return new ParsedCertificate($certificate, $rawData['subject']['CN'], $rawData['issuer']['CN'], $rawData['subject'] === $rawData['issuer'], new \DateTime('@' . $rawData['validFrom_time_t']), new \DateTime('@' . $rawData['validTo_time_t']), $rawData['serialNumber'], $subjectAlternativeName);
}示例11: webid_claim
function webid_claim()
{
$r = array('uri' => array());
if (isset($_SERVER['SSL_CLIENT_CERT'])) {
$pem = $_SERVER['SSL_CLIENT_CERT'];
if ($pem) {
$x509 = openssl_x509_read($pem);
$pubKey = openssl_pkey_get_public($x509);
$keyData = openssl_pkey_get_details($pubKey);
if (isset($keyData['rsa'])) {
if (isset($keyData['rsa']['n'])) {
$r['m'] = strtolower(array_pop(unpack("H*", $keyData['rsa']['n'])));
}
if (isset($keyData['rsa']['e'])) {
$r['e'] = hexdec(array_shift(unpack("H*", $keyData['rsa']['e'])));
}
}
$d = openssl_x509_parse($x509);
if (isset($d['extensions']) && isset($d['extensions']['subjectAltName'])) {
foreach (explode(', ', $d['extensions']['subjectAltName']) as $elt) {
if (substr($elt, 0, 4) == 'URI:') {
$r['uri'][] = substr($elt, 4);
}
}
}
}
}
return $r;
}示例12: getCertData
/**
* @return array x509 certificate. Result of "openssl_x509_parse()"
*/
public function getCertData()
{
if (!$this->certData) {
$this->certData = openssl_x509_parse($this->raw_cert['cert']);
}
return $this->certData;
}示例13: make_request
public function make_request()
{
$g = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
set_error_handler(function () {
return true;
});
$r = stream_socket_client("ssl://{$this->target}:{$this->target_port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $g);
restore_error_handler();
if (!$r) {
return true;
} else {
$cont = stream_context_get_params($r);
$cert = openssl_x509_read($cont["options"]["ssl"]["peer_certificate"]);
$cert_data = openssl_x509_parse($cert);
openssl_x509_export($cert, $out, FALSE);
$signature_algorithm = null;
if (preg_match('/^\\s+Signature Algorithm:\\s*(.*)\\s*$/m', $out, $match)) {
$signature_algorithm = $match[1];
}
$this->sha_type = $signature_algorithm;
$this->common_name = $cert_data['subject']['CN'];
$this->alternative_names = $cert_data['extensions']['subjectAltName'];
$this->issuer = $cert_data['issuer']['O'];
$this->valid_from = date('m-d-Y H:i:s', strval($cert_data['validFrom_time_t']));
$this->valid_to = date('m-d-Y H:i:s', strval($cert_data['validTo_time_t']));
$this->parse_alternative_names();
}
}示例14: process
/**
* Process an authentication response.
*
* This function saves the state, and if necessary redirects the user to the page where the user
* is informed about the expiry date of his/her certificate.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
// We have a passive request. Skip the warning
return;
}
if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') {
return;
}
$client_cert = $_SERVER['SSL_CLIENT_CERT'];
$client_cert_data = openssl_x509_parse($client_cert);
if ($client_cert_data == FALSE) {
SimpleSAML\Logger::error('authX509: invalid cert');
return;
}
$validTo = $client_cert_data['validTo_time_t'];
$now = time();
$daysleft = (int) (($validTo - $now) / (24 * 60 * 60));
if ($daysleft > $this->warndaysbefore) {
// We have a certificate that will be valid for some time. Skip the warning
return;
}
SimpleSAML\Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
$state['daysleft'] = $daysleft;
$state['renewurl'] = $this->renewurl;
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
$url = SimpleSAML\Module::getModuleURL('authX509/expirywarning.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}示例15: __construct
public function __construct($pemData)
{
$this->_pemData = $pemData;
$this->_parsed = openssl_x509_parse($pemData);
if ($this->_parsed === false) {
throw new sspmod_janus_OpenSsl_Certificate_Exception_NotAValidPem("Data '{$pemData}' is not a valid X.509 PEM certificate");
}
}