Lines Matching defs:cert
11 * {@link http://web.archive.org/web/19961027104704/http://www3.netscape.com/eng/security/cert-exts.html Netscape Certificate Extensions}.
179 * There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally
180 * encoded so we take save the portion of the original cert that the signature would have made for.
406 'netscape-cert-extension' => '2.16.840.1.113730.1',
407 'netscape-cert-type' => '2.16.840.1.113730.1.1',
426 * Returns an associative array describing the X.509 cert or a false if the cert failed to load
428 * @param array|string $cert
432 public function loadX509($cert, $mode = self::FORMAT_AUTO_DETECT)
434 if (is_array($cert) && isset($cert['tbsCertificate'])) {
437 $this->dn = $cert['tbsCertificate']['subject'];
441 $this->currentCert = $cert;
448 return $cert;
452 $newcert = ASN1::extractBER($cert);
453 if ($mode == self::FORMAT_PEM && $cert == $newcert) {
456 $cert = $newcert;
459 if ($cert === false) {
464 $decoded = ASN1::decodeBER($cert);
474 $this->signatureSubject = substr($cert, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
501 * @param array $cert
505 public function saveX509(array $cert, $format = self::FORMAT_PEM)
507 if (!is_array($cert) || !isset($cert['tbsCertificate'])) {
513 case !($algorithm = $this->subArray($cert, 'tbsCertificate/subjectPublicKeyInfo/algorithm/algorithm')):
514 case is_object($cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
517 $cert['tbsCertificate']['subjectPublicKeyInfo'] = new Element(
518 base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']))
523 $cert['signatureAlgorithm']['parameters'] = null;
524 $cert['tbsCertificate']['signature']['parameters'] = null;
553 $this->mapOutExtensions($cert, 'tbsCertificate/extensions');
554 $this->mapOutDNs($cert, 'tbsCertificate/issuer/rdnSequence');
555 $this->mapOutDNs($cert, 'tbsCertificate/subject/rdnSequence');
557 $cert = ASN1::encodeDER($cert, Maps\Certificate::MAP);
561 return $cert;
564 return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(Strings::base64_encode($cert), 64) . '-----END CERTIFICATE-----';
896 case 'netscape-cert-type':
962 * @param string $cert
965 public function loadCA($cert)
972 $cert = $this->loadX509($cert);
973 if (!$cert) {
1006 $this->CAs[] = $cert;
1174 * Validates an intermediate cert as identified via authority info access extension
1204 $cert = static::fetchURL($url);
1205 if (!is_string($cert)) {
1220 if (!is_array($parent->loadX509($cert))) {
1229 //$this->loadCA($cert);
1280 // self-signed cert
1290 $signingCert = $this->currentCert; // working cert
1296 // even if the cert is a self-signed one we still want to see if it's a CA;
1311 $signingCert = $ca; // working cert
1361 $signingCert = $ca; // working cert
1465 * An intermediate cert that linked to itself would result in an infinite loop so to prevent
2041 * Get the certificate chain for the current cert
2082 * Returns the current cert
2544 * $subject can be either an existing X.509 cert (if you want to resign it),
2909 foreach ($tbsCertList['revokedCertificates'] as $cert) {
2910 if (!empty($cert['crlEntryExtensions'])) {
3284 * @param array $cert optional
3288 private function getExtensionHelper($id, array $cert = null, $path = null)
3290 $extensions = $this->extensions($cert, $path);
3308 * @param array $cert optional
3312 private function getExtensionsHelper(array $cert = null, $path = null)
3314 $exts = $this->extensions($cert, $path);
3378 * @param array $cert optional
3382 public function getExtension($id, array $cert = null, $path = null)
3384 return $this->getExtensionHelper($id, $cert, $path);
3390 * @param array $cert optional
3394 public function getExtensions(array $cert = null, $path = null)
3396 return $this->getExtensionsHelper($cert, $path);
3707 * Set the domain name's which the cert is to be valid for
3720 * Set the IP Addresses's which the cert is to be valid for