X509
in package
Pure-PHP X.509 Parser
Tags
Table of Contents
Constants
- ATTR_ALL = -1
- Attribute value disposition.
- ATTR_APPEND = -2
- ATTR_REPLACE = -3
- DN_ARRAY = 0
- Return internal array representation
- DN_ASN1 = 2
- Return ASN.1 name string
- DN_CANON = 4
- Return canonical ASN.1 RDNs string
- DN_HASH = 5
- Return name hash for file indexing
- DN_OPENSSL = 3
- Return OpenSSL compatible array
- DN_STRING = 1
- Return string
- FORMAT_AUTO_DETECT = 3
- Auto-detect the format
- FORMAT_DER = 1
- Save as DER
- FORMAT_PEM = 0
- Save as PEM
- FORMAT_SPKAC = 2
- Save as a SPKAC
- VALIDATE_SIGNATURE_BY_CA = 1
- Flag to only accept signatures signed by certificate authorities
Properties
- $caFlag : bool
- CA Flag
- $CAs : array<string|int, mixed>
- The certificate authorities
- $challenge : string
- SPKAC Challenge
- $currentCert : array<string|int, mixed>
- The currently loaded certificate
- $currentKeyIdentifier : string
- Key Identifier
- $disable_url_fetch : bool
- URL fetch flag
- $dn : array<string|int, mixed>
- Distinguished Name
- $domains : array<string|int, mixed>|null
- $endDate : string
- Certificate End Date
- $extensions : array<string|int, mixed>
- $extensionValues : array<string|int, mixed>
- $ipAddresses : array<string|int, mixed>|null
- $oids : array<string|int, mixed>
- Object identifiers for X.509 certificates
- $oidsLoaded : bool
- OIDs loaded
- $privateKey : string
- Private key
- $publicKey : string
- Public key
- $recur_limit : int
- Recursion Limit
- $serialNumber : string
- Serial Number
- $signatureSubject : string
- The signature subject
- $startDate : string
- Certificate Start Date
Methods
- __construct() : X509
- Default Constructor.
- computeKeyIdentifier() : string
- Compute a public key identifier.
- decodeIP() : string
- Decodes an IP address
- decodeNameConstraintIP() : array<string|int, mixed>
- Decodes an IP address in a name constraints extension
- disableURLFetch() : mixed
- Prevents URIs from being automatically retrieved
- enableURLFetch() : mixed
- Allows URIs to be automatically retrieved
- encodeIP() : string
- Encodes an IP address
- getAttribute() : mixed
- Get a CSR attribute
- getAttributes() : array<string|int, mixed>
- Returns a list of all CSR attributes in use
- getChain() : mixed
- Get the certificate chain for the current cert
- getCurrentCert() : array<string|int, mixed>|bool
- Returns the current cert
- getDN() : array<string|int, mixed>|bool
- Get the Distinguished Name for a certificates subject
- getDNProp() : mixed
- Get Distinguished Name properties
- getExtension() : mixed
- Get a certificate, CSR or CRL Extension
- getExtensions() : array<string|int, mixed>
- Returns a list of all extensions in use in certificate, CSR or CRL
- getIssuerDN() : mixed
- Get the Distinguished Name for a certificate/crl issuer
- getIssuerDNProp() : mixed
- Get an individual Distinguished Name property for a certificate/crl issuer
- getPublicKey() : mixed
- Gets the public key
- getRegisteredExtension() : array<string|int, mixed>|null
- Register the mapping for a custom/unsupported extension.
- getRevoked() : mixed
- Get a revoked certificate.
- getRevokedCertificateExtension() : mixed
- Get a Revoked Certificate Extension
- getRevokedCertificateExtensions() : array<string|int, mixed>|bool
- Returns a list of all extensions in use for a given revoked certificate
- getSubjectDN() : mixed
- Get the Distinguished Name for a certificate/csr subject Alias of getDN()
- getSubjectDNProp() : mixed
- Get an individual Distinguished Name property for a certificate/csr subject
- listRevoked() : array<string|int, mixed>|bool
- List revoked certificates
- loadCA() : bool
- Load an X.509 certificate as a certificate authority
- loadCRL() : mixed
- Load a Certificate Revocation List
- loadCSR() : mixed
- Load a Certificate Signing Request
- loadSPKAC() : mixed
- Load a SPKAC CSR
- loadX509() : mixed
- Load X.509 certificate
- makeCA() : mixed
- Turns the certificate into a certificate authority
- registerExtension() : mixed
- Register the mapping for a custom/unsupported extension.
- removeAttribute() : bool
- Remove a CSR attribute.
- removeDNProp() : mixed
- Remove Distinguished Name properties
- removeExtension() : bool
- Remove a certificate, CSR or CRL Extension
- removeRevokedCertificateExtension() : bool
- Remove a Revoked Certificate Extension
- revoke() : bool
- Revoke a certificate.
- saveCRL() : string
- Save Certificate Revocation List.
- saveCSR() : string
- Save CSR request
- saveSPKAC() : string
- Save a SPKAC CSR request
- saveX509() : string
- Save X.509 certificate
- setAttribute() : bool
- Set a CSR attribute
- setChallenge() : mixed
- Set challenge
- setDN() : bool
- Set a Distinguished Name
- setDNProp() : bool
- Set a Distinguished Name property
- setDomain() : array<string|int, mixed>
- Set the domain name's which the cert is to be valid for
- setEndDate() : mixed
- Set certificate end date
- setExtension() : bool
- Set a certificate, CSR or CRL Extension
- setExtensionValue() : mixed
- Register the mapping for a custom/unsupported extension.
- setIPAddress() : mixed
- Set the IP Addresses's which the cert is to be valid for
- setKeyIdentifier() : mixed
- Sets the subject key identifier
- setPrivateKey() : mixed
- Set private key
- setPublicKey() : bool
- Set public key
- setRecurLimit() : mixed
- Sets the recursion limit
- setRevokedCertificateExtension() : bool
- Set a Revoked Certificate Extension
- setSerialNumber() : mixed
- Set Serial Number
- setStartDate() : mixed
- Set certificate start date
- sign() : mixed
- Sign an X.509 certificate
- signCRL() : mixed
- Sign a CRL
- signCSR() : mixed
- Sign a CSR
- signSPKAC() : mixed
- Sign a SPKAC
- unrevoke() : bool
- Unrevoke a certificate.
- validateDate() : bool
- Validate a date
- validateSignature() : mixed
- Validate a signature
- validateURL() : bool
- Validate an X.509 certificate against a URL
- dnsName() : array<string|int, mixed>
- Helper function to build domain array
- extensions() : array<string|int, mixed>|false
- Get a reference to an extension subarray
- fetchURL() : bool|string
- Fetches a URL
- formatSubjectPublicKey() : array<string|int, mixed>|bool
- Format a public key as appropriate
- getExtensionHelper() : mixed
- Get an Extension
- getExtensionsHelper() : array<string|int, mixed>
- Returns a list of all extensions in use
- getMapping() : mixed
- Associate an extension ID to an extension mapping
- identifySignatureAlgorithm() : string
- Identify signature algorithm from key settings
- iPAddress() : array<string|int, mixed>
- Helper function to build IP Address array
- isSubArrayValid() : bool
- Check for validity of subarray
- mapInAttributes() : mixed
- Map attribute values from ANY type to attribute-specific internal format.
- mapInDNs() : mixed
- Map DN values from ANY type to DN-specific internal format.
- mapInExtensions() : mixed
- Map extension values from octet string to extension-specific internal format.
- mapOutAttributes() : mixed
- Map attribute values from attribute-specific internal format to ANY type.
- mapOutDNs() : mixed
- Map DN values from DN-specific internal format to ANY type.
- mapOutExtensions() : mixed
- Map extension values from extension-specific internal format to octet string.
- removeExtensionHelper() : bool
- Remove an Extension
- revokedCertificate() : int|false
- Get the index of a revoked certificate.
- setExtensionHelper() : bool
- Set an Extension
- subArray() : array<string|int, mixed>|false
- Get a reference to a subarray
- subArrayUnchecked() : array<string|int, mixed>|false
- Get a reference to a subarray
- testForIntermediate() : bool
- Validates an intermediate cert as identified via authority info access extension
- timeField() : array<string|int, mixed>|Element
- Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.
- translateDNProp() : mixed
- "Normalizes" a Distinguished Name property
- validateSignatureCountable() : mixed
- Validate a signature
- validateSignatureHelper() : bool
- Validates a signature
Constants
ATTR_ALL
Attribute value disposition.
public
mixed
ATTR_ALL
= -1
If disposition is >= 0, this is the index of the target value.
ATTR_APPEND
public
mixed
ATTR_APPEND
= -2
ATTR_REPLACE
public
mixed
ATTR_REPLACE
= -3
DN_ARRAY
Return internal array representation
public
mixed
DN_ARRAY
= 0
Tags
DN_ASN1
Return ASN.1 name string
public
mixed
DN_ASN1
= 2
Tags
DN_CANON
Return canonical ASN.1 RDNs string
public
mixed
DN_CANON
= 4
Tags
DN_HASH
Return name hash for file indexing
public
mixed
DN_HASH
= 5
Tags
DN_OPENSSL
Return OpenSSL compatible array
public
mixed
DN_OPENSSL
= 3
Tags
DN_STRING
Return string
public
mixed
DN_STRING
= 1
Tags
FORMAT_AUTO_DETECT
Auto-detect the format
public
mixed
FORMAT_AUTO_DETECT
= 3
Used only by the load*() functions
Tags
FORMAT_DER
Save as DER
public
mixed
FORMAT_DER
= 1
Tags
FORMAT_PEM
Save as PEM
public
mixed
FORMAT_PEM
= 0
ie. a base64-encoded PEM with a header and a footer
Tags
FORMAT_SPKAC
Save as a SPKAC
public
mixed
FORMAT_SPKAC
= 2
Tags
VALIDATE_SIGNATURE_BY_CA
Flag to only accept signatures signed by certificate authorities
public
mixed
VALIDATE_SIGNATURE_BY_CA
= 1
Not really used anymore but retained all the same to suppress E_NOTICEs from old installs
Tags
Properties
$caFlag
CA Flag
private
bool
$caFlag
= false
Tags
$CAs
The certificate authorities
private
array<string|int, mixed>
$CAs
Tags
$challenge
SPKAC Challenge
private
string
$challenge
Tags
$currentCert
The currently loaded certificate
private
array<string|int, mixed>
$currentCert
Tags
$currentKeyIdentifier
Key Identifier
private
string
$currentKeyIdentifier
Tags
$disable_url_fetch
URL fetch flag
private
static bool
$disable_url_fetch
= false
Tags
$dn
Distinguished Name
private
array<string|int, mixed>
$dn
Tags
$domains
private
array<string|int, mixed>|null
$domains
= null
Tags
$endDate
Certificate End Date
private
string
$endDate
Tags
$extensions
private
static array<string|int, mixed>
$extensions
= []
Tags
$extensionValues
private
array<string|int, mixed>
$extensionValues
= []
Tags
$ipAddresses
private
array<string|int, mixed>|null
$ipAddresses
= null
Tags
$oids
Object identifiers for X.509 certificates
private
array<string|int, mixed>
$oids
Tags
$oidsLoaded
OIDs loaded
private
static bool
$oidsLoaded
= false
Tags
$privateKey
Private key
private
string
$privateKey
Tags
$publicKey
Public key
private
string
$publicKey
Tags
$recur_limit
Recursion Limit
private
static int
$recur_limit
= 5
Tags
$serialNumber
Serial Number
private
string
$serialNumber
Tags
$signatureSubject
The signature subject
private
string
$signatureSubject
There's no guarantee \phpseclib3\File\X509 is going to re-encode an X.509 cert in the same way it was originally encoded so we take save the portion of the original cert that the signature would have made for.
Tags
$startDate
Certificate Start Date
private
string
$startDate
Tags
Methods
__construct()
Default Constructor.
public
__construct() : X509
Tags
Return values
X509computeKeyIdentifier()
Compute a public key identifier.
public
computeKeyIdentifier([mixed $key = null ][, int $method = 1 ]) : string
Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key:
- Key object
- \phpseclib3\File\X509 object with public or private key defined
- Certificate or CSR array
- \phpseclib3\File\ASN1\Element object
- PEM or DER string
Parameters
- $key : mixed = null
-
optional
- $method : int = 1
-
optional
Tags
Return values
string —binary key identifier
decodeIP()
Decodes an IP address
public
static decodeIP(string $ip) : string
Takes in a base64 encoded "blob" and returns a human readable IP address
Parameters
- $ip : string
Tags
Return values
stringdecodeNameConstraintIP()
Decodes an IP address in a name constraints extension
public
static decodeNameConstraintIP(string $ip) : array<string|int, mixed>
Takes in a base64 encoded "blob" and returns a human readable IP address / mask
Parameters
- $ip : string
Tags
Return values
array<string|int, mixed>disableURLFetch()
Prevents URIs from being automatically retrieved
public
static disableURLFetch() : mixed
Tags
enableURLFetch()
Allows URIs to be automatically retrieved
public
static enableURLFetch() : mixed
Tags
encodeIP()
Encodes an IP address
public
static encodeIP(string|array<string|int, mixed> $ip) : string
Takes a human readable IP address into a base64-encoded "blob"
Parameters
- $ip : string|array<string|int, mixed>
Tags
Return values
stringgetAttribute()
Get a CSR attribute
public
getAttribute(string $id[, int $disposition = self::ATTR_ALL ][, array<string|int, mixed> $csr = null ]) : mixed
Returns the attribute if it exists and false if not
Parameters
- $id : string
- $disposition : int = self::ATTR_ALL
-
optional
- $csr : array<string|int, mixed> = null
-
optional
Tags
getAttributes()
Returns a list of all CSR attributes in use
public
getAttributes([array<string|int, mixed> $csr = null ]) : array<string|int, mixed>
Parameters
- $csr : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed>getChain()
Get the certificate chain for the current cert
public
getChain() : mixed
Tags
getCurrentCert()
Returns the current cert
public
& getCurrentCert() : array<string|int, mixed>|bool
Tags
Return values
array<string|int, mixed>|boolgetDN()
Get the Distinguished Name for a certificates subject
public
getDN([mixed $format = self::DN_ARRAY ][, array<string|int, mixed> $dn = null ]) : array<string|int, mixed>|bool
Parameters
- $format : mixed = self::DN_ARRAY
-
optional
- $dn : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed>|boolgetDNProp()
Get Distinguished Name properties
public
getDNProp(string $propName[, array<string|int, mixed> $dn = null ][, bool $withType = false ]) : mixed
Parameters
- $propName : string
- $dn : array<string|int, mixed> = null
-
optional
- $withType : bool = false
-
optional
Tags
getExtension()
Get a certificate, CSR or CRL Extension
public
getExtension(string $id[, array<string|int, mixed> $cert = null ][, string $path = null ]) : mixed
Returns the extension if it exists and false if not
Parameters
- $id : string
- $cert : array<string|int, mixed> = null
-
optional
- $path : string = null
Tags
getExtensions()
Returns a list of all extensions in use in certificate, CSR or CRL
public
getExtensions([array<string|int, mixed> $cert = null ][, string $path = null ]) : array<string|int, mixed>
Parameters
- $cert : array<string|int, mixed> = null
-
optional
- $path : string = null
-
optional
Tags
Return values
array<string|int, mixed>getIssuerDN()
Get the Distinguished Name for a certificate/crl issuer
public
getIssuerDN([int $format = self::DN_ARRAY ]) : mixed
Parameters
- $format : int = self::DN_ARRAY
-
optional
Tags
getIssuerDNProp()
Get an individual Distinguished Name property for a certificate/crl issuer
public
getIssuerDNProp(string $propName[, bool $withType = false ]) : mixed
Parameters
- $propName : string
- $withType : bool = false
-
optional
Tags
getPublicKey()
Gets the public key
public
getPublicKey() : mixed
Returns a \phpseclib3\Crypt\RSA object or a false.
Tags
getRegisteredExtension()
Register the mapping for a custom/unsupported extension.
public
static getRegisteredExtension(string $id) : array<string|int, mixed>|null
Parameters
- $id : string
Return values
array<string|int, mixed>|nullgetRevoked()
Get a revoked certificate.
public
getRevoked(string $serial) : mixed
Parameters
- $serial : string
Tags
getRevokedCertificateExtension()
Get a Revoked Certificate Extension
public
getRevokedCertificateExtension(string $serial, string $id[, array<string|int, mixed> $crl = null ]) : mixed
Returns the extension if it exists and false if not
Parameters
- $serial : string
- $id : string
- $crl : array<string|int, mixed> = null
-
optional
Tags
getRevokedCertificateExtensions()
Returns a list of all extensions in use for a given revoked certificate
public
getRevokedCertificateExtensions(string $serial[, array<string|int, mixed> $crl = null ]) : array<string|int, mixed>|bool
Parameters
- $serial : string
- $crl : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed>|boolgetSubjectDN()
Get the Distinguished Name for a certificate/csr subject Alias of getDN()
public
getSubjectDN([int $format = self::DN_ARRAY ]) : mixed
Parameters
- $format : int = self::DN_ARRAY
-
optional
Tags
getSubjectDNProp()
Get an individual Distinguished Name property for a certificate/csr subject
public
getSubjectDNProp(string $propName[, bool $withType = false ]) : mixed
Parameters
- $propName : string
- $withType : bool = false
-
optional
Tags
listRevoked()
List revoked certificates
public
listRevoked([array<string|int, mixed> $crl = null ]) : array<string|int, mixed>|bool
Parameters
- $crl : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed>|boolloadCA()
Load an X.509 certificate as a certificate authority
public
loadCA(string $cert) : bool
Parameters
- $cert : string
Tags
Return values
boolloadCRL()
Load a Certificate Revocation List
public
loadCRL(string $crl[, int $mode = self::FORMAT_AUTO_DETECT ]) : mixed
Parameters
- $crl : string
- $mode : int = self::FORMAT_AUTO_DETECT
Tags
loadCSR()
Load a Certificate Signing Request
public
loadCSR(string $csr[, int $mode = self::FORMAT_AUTO_DETECT ]) : mixed
Parameters
- $csr : string
- $mode : int = self::FORMAT_AUTO_DETECT
Tags
loadSPKAC()
Load a SPKAC CSR
public
loadSPKAC(string $spkac) : mixed
SPKAC's are produced by the HTML5 keygen element:
https://developer.mozilla.org/en-US/docs/HTML/Element/keygen
Parameters
- $spkac : string
Tags
loadX509()
Load X.509 certificate
public
loadX509(string $cert[, int $mode = self::FORMAT_AUTO_DETECT ]) : mixed
Returns an associative array describing the X.509 cert or a false if the cert failed to load
Parameters
- $cert : string
- $mode : int = self::FORMAT_AUTO_DETECT
Tags
makeCA()
Turns the certificate into a certificate authority
public
makeCA() : mixed
Tags
registerExtension()
Register the mapping for a custom/unsupported extension.
public
static registerExtension(string $id, array<string|int, mixed> $mapping) : mixed
Parameters
- $id : string
- $mapping : array<string|int, mixed>
removeAttribute()
Remove a CSR attribute.
public
removeAttribute(string $id[, int $disposition = self::ATTR_ALL ]) : bool
Parameters
- $id : string
- $disposition : int = self::ATTR_ALL
-
optional
Tags
Return values
boolremoveDNProp()
Remove Distinguished Name properties
public
removeDNProp(string $propName) : mixed
Parameters
- $propName : string
Tags
removeExtension()
Remove a certificate, CSR or CRL Extension
public
removeExtension(string $id) : bool
Parameters
- $id : string
Tags
Return values
boolremoveRevokedCertificateExtension()
Remove a Revoked Certificate Extension
public
removeRevokedCertificateExtension(string $serial, string $id) : bool
Parameters
- $serial : string
- $id : string
Tags
Return values
boolrevoke()
Revoke a certificate.
public
revoke(string $serial[, string $date = null ]) : bool
Parameters
- $serial : string
- $date : string = null
-
optional
Tags
Return values
boolsaveCRL()
Save Certificate Revocation List.
public
saveCRL(array<string|int, mixed> $crl[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $crl : array<string|int, mixed>
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
stringsaveCSR()
Save CSR request
public
saveCSR(array<string|int, mixed> $csr[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $csr : array<string|int, mixed>
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
stringsaveSPKAC()
Save a SPKAC CSR request
public
saveSPKAC(array<string|int, mixed> $spkac[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $spkac : array<string|int, mixed>
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
stringsaveX509()
Save X.509 certificate
public
saveX509(array<string|int, mixed> $cert[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $cert : array<string|int, mixed>
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
stringsetAttribute()
Set a CSR attribute
public
setAttribute(string $id, mixed $value[, int $disposition = self::ATTR_ALL ]) : bool
Parameters
- $id : string
- $value : mixed
- $disposition : int = self::ATTR_ALL
-
optional
Tags
Return values
boolsetChallenge()
Set challenge
public
setChallenge(string $challenge) : mixed
Used for SPKAC CSR's
Parameters
- $challenge : string
Tags
setDN()
Set a Distinguished Name
public
setDN(mixed $dn[, bool $merge = false ][, string $type = 'utf8String' ]) : bool
Parameters
- $dn : mixed
- $merge : bool = false
-
optional
- $type : string = 'utf8String'
-
optional
Tags
Return values
boolsetDNProp()
Set a Distinguished Name property
public
setDNProp(string $propName, mixed $propValue[, string $type = 'utf8String' ]) : bool
Parameters
- $propName : string
- $propValue : mixed
- $type : string = 'utf8String'
-
optional
Tags
Return values
boolsetDomain()
Set the domain name's which the cert is to be valid for
public
setDomain(array<string|int, mixed> ...$domains) : array<string|int, mixed>
Parameters
- $domains : array<string|int, mixed>
Tags
Return values
array<string|int, mixed>setEndDate()
Set certificate end date
public
setEndDate(DateTimeInterface|string $date) : mixed
Parameters
- $date : DateTimeInterface|string
Tags
setExtension()
Set a certificate, CSR or CRL Extension
public
setExtension(string $id, mixed $value[, bool $critical = false ][, bool $replace = true ]) : bool
Parameters
- $id : string
- $value : mixed
- $critical : bool = false
-
optional
- $replace : bool = true
-
optional
Tags
Return values
boolsetExtensionValue()
Register the mapping for a custom/unsupported extension.
public
setExtensionValue(string $id, mixed $value[, bool $critical = false ][, bool $replace = false ]) : mixed
Parameters
- $id : string
- $value : mixed
- $critical : bool = false
- $replace : bool = false
setIPAddress()
Set the IP Addresses's which the cert is to be valid for
public
setIPAddress(array<string|int, mixed> ...$ipAddresses) : mixed
Parameters
- $ipAddresses : array<string|int, mixed>
Tags
setKeyIdentifier()
Sets the subject key identifier
public
setKeyIdentifier(string $value) : mixed
This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.
Parameters
- $value : string
Tags
setPrivateKey()
Set private key
public
setPrivateKey(PrivateKey $key) : mixed
Key needs to be a \phpseclib3\Crypt\RSA object
Parameters
- $key : PrivateKey
Tags
setPublicKey()
Set public key
public
setPublicKey(PublicKey $key) : bool
Key needs to be a \phpseclib3\Crypt\RSA object
Parameters
- $key : PublicKey
Tags
Return values
boolsetRecurLimit()
Sets the recursion limit
public
static setRecurLimit(int $count) : mixed
When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit.
Parameters
- $count : int
Tags
setRevokedCertificateExtension()
Set a Revoked Certificate Extension
public
setRevokedCertificateExtension(string $serial, string $id, mixed $value[, bool $critical = false ][, bool $replace = true ]) : bool
Parameters
- $serial : string
- $id : string
- $value : mixed
- $critical : bool = false
-
optional
- $replace : bool = true
-
optional
Tags
Return values
boolsetSerialNumber()
Set Serial Number
public
setSerialNumber(string $serial[, int $base = -256 ]) : mixed
Parameters
- $serial : string
- $base : int = -256
-
optional
Tags
setStartDate()
Set certificate start date
public
setStartDate(DateTimeInterface|string $date) : mixed
Parameters
- $date : DateTimeInterface|string
Tags
sign()
Sign an X.509 certificate
public
sign(X509 $issuer, X509 $subject) : mixed
$issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set.
Parameters
Tags
signCRL()
Sign a CRL
public
signCRL(X509 $issuer, X509 $crl) : mixed
$issuer's private key needs to be loaded.
Parameters
Tags
signCSR()
Sign a CSR
public
signCSR() : mixed
Tags
signSPKAC()
Sign a SPKAC
public
signSPKAC() : mixed
Tags
unrevoke()
Unrevoke a certificate.
public
unrevoke(string $serial) : bool
Parameters
- $serial : string
Tags
Return values
boolvalidateDate()
Validate a date
public
validateDate([DateTimeInterface|string $date = null ]) : bool
If $date isn't defined it is assumed to be the current date.
Parameters
- $date : DateTimeInterface|string = null
-
optional
Tags
Return values
boolvalidateSignature()
Validate a signature
public
validateSignature([bool $caonly = true ]) : mixed
Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error
By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed.
The behavior of this function is inspired by openssl_verify.
Parameters
- $caonly : bool = true
-
optional
Tags
validateURL()
Validate an X.509 certificate against a URL
public
validateURL(string $url) : bool
From RFC2818 "HTTP over TLS":
Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.
Parameters
- $url : string
Tags
Return values
booldnsName()
Helper function to build domain array
private
dnsName(string $domain) : array<string|int, mixed>
Parameters
- $domain : string
Tags
Return values
array<string|int, mixed>extensions()
Get a reference to an extension subarray
private
& extensions(array<string|int, mixed> &$root[, string $path = null ][, bool $create = false ]) : array<string|int, mixed>|false
Parameters
- $root : array<string|int, mixed>
- $path : string = null
-
optional absolute path with / as component separator
- $create : bool = false
-
optional
Tags
Return values
array<string|int, mixed>|falsefetchURL()
Fetches a URL
private
static fetchURL(string $url) : bool|string
Parameters
- $url : string
Tags
Return values
bool|stringformatSubjectPublicKey()
Format a public key as appropriate
private
formatSubjectPublicKey() : array<string|int, mixed>|bool
Tags
Return values
array<string|int, mixed>|boolgetExtensionHelper()
Get an Extension
private
getExtensionHelper(string $id[, array<string|int, mixed> $cert = null ][, string $path = null ]) : mixed
Returns the extension if it exists and false if not
Parameters
- $id : string
- $cert : array<string|int, mixed> = null
-
optional
- $path : string = null
-
optional
Tags
getExtensionsHelper()
Returns a list of all extensions in use
private
getExtensionsHelper([array<string|int, mixed> $cert = null ][, string $path = null ]) : array<string|int, mixed>
Parameters
- $cert : array<string|int, mixed> = null
-
optional
- $path : string = null
-
optional
Tags
Return values
array<string|int, mixed>getMapping()
Associate an extension ID to an extension mapping
private
getMapping(string $extnId) : mixed
Parameters
- $extnId : string
Tags
identifySignatureAlgorithm()
Identify signature algorithm from key settings
private
static identifySignatureAlgorithm(PrivateKey $key) : string
Parameters
- $key : PrivateKey
Tags
Return values
stringiPAddress()
Helper function to build IP Address array
private
iPAddress(string $address) : array<string|int, mixed>
(IPv6 is not currently supported)
Parameters
- $address : string
Tags
Return values
array<string|int, mixed>isSubArrayValid()
Check for validity of subarray
private
isSubArrayValid(array<string|int, mixed> $root, string $path) : bool
This is intended for use in conjunction with _subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to is_array().
Parameters
- $root : array<string|int, mixed>
- $path : string
Tags
Return values
boolmapInAttributes()
Map attribute values from ANY type to attribute-specific internal format.
private
mapInAttributes(array<string|int, mixed> &$root, string $path) : mixed
Parameters
- $root : array<string|int, mixed>
-
(by reference)
- $path : string
Tags
mapInDNs()
Map DN values from ANY type to DN-specific internal format.
private
mapInDNs(array<string|int, mixed> &$root, string $path) : mixed
Parameters
- $root : array<string|int, mixed>
-
(by reference)
- $path : string
Tags
mapInExtensions()
Map extension values from octet string to extension-specific internal format.
private
mapInExtensions(array<string|int, mixed> &$root, string $path) : mixed
Parameters
- $root : array<string|int, mixed>
-
(by reference)
- $path : string
Tags
mapOutAttributes()
Map attribute values from attribute-specific internal format to ANY type.
private
mapOutAttributes(array<string|int, mixed> &$root, string $path) : mixed
Parameters
- $root : array<string|int, mixed>
-
(by reference)
- $path : string
Tags
mapOutDNs()
Map DN values from DN-specific internal format to ANY type.
private
mapOutDNs(array<string|int, mixed> &$root, string $path) : mixed
Parameters
- $root : array<string|int, mixed>
-
(by reference)
- $path : string
Tags
mapOutExtensions()
Map extension values from extension-specific internal format to octet string.
private
mapOutExtensions(array<string|int, mixed> &$root, string $path) : mixed
Parameters
- $root : array<string|int, mixed>
-
(by reference)
- $path : string
Tags
removeExtensionHelper()
Remove an Extension
private
removeExtensionHelper(string $id[, string $path = null ]) : bool
Parameters
- $id : string
- $path : string = null
-
optional
Tags
Return values
boolrevokedCertificate()
Get the index of a revoked certificate.
private
revokedCertificate(array<string|int, mixed> &$rclist, string $serial[, bool $create = false ]) : int|false
Parameters
- $rclist : array<string|int, mixed>
- $serial : string
- $create : bool = false
-
optional
Tags
Return values
int|falsesetExtensionHelper()
Set an Extension
private
setExtensionHelper(string $id, mixed $value[, bool $critical = false ][, bool $replace = true ][, string $path = null ]) : bool
Parameters
- $id : string
- $value : mixed
- $critical : bool = false
-
optional
- $replace : bool = true
-
optional
- $path : string = null
-
optional
Tags
Return values
boolsubArray()
Get a reference to a subarray
private
& subArray(array<string|int, mixed> &$root, string $path[, bool $create = false ]) : array<string|int, mixed>|false
Parameters
- $root : array<string|int, mixed>
- $path : string
-
absolute path with / as component separator
- $create : bool = false
-
optional
Tags
Return values
array<string|int, mixed>|falsesubArrayUnchecked()
Get a reference to a subarray
private
& subArrayUnchecked(array<string|int, mixed> &$root, string $path[, bool $create = false ]) : array<string|int, mixed>|false
This variant of _subArray() does no is_array() checking, so $root should be checked with _isSubArrayValid() first.
This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive.
Parameters
- $root : array<string|int, mixed>
- $path : string
-
absolute path with / as component separator
- $create : bool = false
-
optional
Tags
Return values
array<string|int, mixed>|falsetestForIntermediate()
Validates an intermediate cert as identified via authority info access extension
private
testForIntermediate(bool $caonly, int $count) : bool
See https://tools.ietf.org/html/rfc4325 for more info
Parameters
- $caonly : bool
- $count : int
Tags
Return values
booltimeField()
Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.
private
timeField(string $date) : array<string|int, mixed>|Element
Parameters
- $date : string
-
in format date('D, d M Y H:i:s O')
Tags
Return values
array<string|int, mixed>|ElementtranslateDNProp()
"Normalizes" a Distinguished Name property
private
translateDNProp(string $propName) : mixed
Parameters
- $propName : string
Tags
validateSignatureCountable()
Validate a signature
private
validateSignatureCountable(bool $caonly, int $count) : mixed
Performs said validation whilst keeping track of how many times validation method is called
Parameters
- $caonly : bool
- $count : int
Tags
validateSignatureHelper()
Validates a signature
private
validateSignatureHelper(string $publicKeyAlgorithm, string $publicKey, string $signatureAlgorithm, string $signature, string $signatureSubject) : bool
Returns true if the signature is verified and false if it is not correct. If the algorithms are unsupposed an exception is thrown.
Parameters
- $publicKeyAlgorithm : string
- $publicKey : string
- $signatureAlgorithm : string
- $signature : string
- $signatureSubject : string