X509
in package
Pure-PHP X.509 Parser
Tags
Table of Contents
- ATTR_ALL = -1
- Attribute value disposition.
- ATTR_APPEND = -2
- ATTR_REPLACE = -3
- DN_ARRAY = 0
- Return internal array representation
- DN_ASN1 = 2
- Return ASN.1 name string
- DN_CANON = 4
- Return canonical ASN.1 RDNs string
- DN_HASH = 5
- Return name hash for file indexing
- DN_OPENSSL = 3
- Return OpenSSL compatible array
- DN_STRING = 1
- Return string
- FORMAT_AUTO_DETECT = 3
- Auto-detect the format
- FORMAT_DER = 1
- Save as DER
- FORMAT_PEM = 0
- Save as PEM
- FORMAT_SPKAC = 2
- Save as a SPKAC
- VALIDATE_SIGNATURE_BY_CA = 1
- Flag to only accept signatures signed by certificate authorities
- $AttributeValue : mixed
- $AuthorityInfoAccessSyntax : mixed
- $AuthorityKeyIdentifier : mixed
- $BasicConstraints : mixed
- $caFlag : bool
- CA Flag
- $CAs : array<string|int, mixed>
- The certificate authorities
- $Certificate : array<string|int, mixed>
- ASN.1 syntax for X.509 certificates
- $CertificateIssuer : mixed
- $CertificateList : array<string|int, mixed>
- ASN.1 syntax for Certificate Revocation Lists (RFC5280)
- $CertificatePolicies : mixed
- $CertificationRequest : array<string|int, mixed>
- ASN.1 syntax for Certificate Signing Requests (RFC2986)
- $challenge : string
- SPKAC Challenge
- $CPSuri : mixed
- $CRLDistributionPoints : mixed
- $CRLNumber : mixed
- $CRLReason : mixed
- $currentCert : array<string|int, mixed>
- The currently loaded certificate
- $currentKeyIdentifier : string
- Key Identifier
- $DirectoryString : mixed
- $disable_url_fetch : bool
- URL fetch flag
- $dn : array<string|int, mixed>
- Distinguished Name
- $endDate : string
- Certificate End Date
- $Extensions : mixed
- $ExtKeyUsageSyntax : mixed
- $HoldInstructionCode : mixed
- $InvalidityDate : mixed
- $IssuerAltName : mixed
- $IssuingDistributionPoint : mixed
- $KeyIdentifier : mixed
- $KeyUsage : mixed
- $Name : mixed
- $NameConstraints : mixed
- $netscape_ca_policy_url : mixed
- $netscape_cert_type : mixed
- $netscape_comment : mixed
- $oids : array<string|int, mixed>
- Object identifiers for X.509 certificates
- $PKCS9String : mixed
- $PolicyMappings : mixed
- $PostalAddress : mixed
- $privateKey : string
- Private key
- $PrivateKeyUsagePeriod : mixed
- $publicKey : string
- Public key
- $recur_limit : int
- Recursion Limit
- $RelativeDistinguishedName : mixed
- $serialNumber : string
- Serial Number
- $signatureSubject : string
- The signature subject
- $SignedPublicKeyAndChallenge : mixed
- $startDate : string
- Certificate Start Date
- $SubjectAltName : mixed
- $SubjectDirectoryAttributes : mixed
- $UserNotice : mixed
- __construct() : X509
- Default Constructor.
- _decodeIP() : string
- Decodes an IP address
- _decodeNameConstraintIP() : array<string|int, mixed>
- Decodes an IP address in a name constraints extension
- _dnsName() : array<string|int, mixed>
- Helper function to build domain array
- _encodeIP() : string
- Encodes an IP address
- _extensions() : array<string|int, mixed>|false
- Get a reference to an extension subarray
- _extractBER() : string
- Extract raw BER from Base64 encoding
- _fetchURL() : bool|string
- Fetches a URL
- _formatSubjectPublicKey() : array<string|int, mixed>
- Format a public key as appropriate
- _getExtension() : mixed
- Get an Extension
- _getExtensions() : array<string|int, mixed>
- Returns a list of all extensions in use
- _getMapping() : mixed
- Associate an extension ID to an extension mapping
- _iPAddress() : array<string|int, mixed>
- Helper function to build IP Address array
- _isSubArrayValid() : bool
- Check for validity of subarray
- _mapInAttributes() : mixed
- Map attribute values from ANY type to attribute-specific internal format.
- _mapInDNs() : mixed
- Map DN values from ANY type to DN-specific internal format.
- _mapInExtensions() : mixed
- Map extension values from octet string to extension-specific internal format.
- _mapOutAttributes() : mixed
- Map attribute values from attribute-specific internal format to ANY type.
- _mapOutDNs() : mixed
- Map DN values from DN-specific internal format to ANY type.
- _mapOutExtensions() : mixed
- Map extension values from extension-specific internal format to octet string.
- _reformatKey() : string
- Reformat public keys
- _removeExtension() : bool
- Remove an Extension
- _revokedCertificate() : int|false
- Get the index of a revoked certificate.
- _setExtension() : bool
- Set an Extension
- _sign() : mixed
- X.509 certificate signing helper function.
- _subArray() : array<string|int, mixed>|false
- Get a reference to a subarray
- _subArrayUnchecked() : array<string|int, mixed>|false
- Get a reference to a subarray
- _testForIntermediate() : bool
- Validates an intermediate cert as identified via authority info access extension
- _timeField() : array<string|int, mixed>
- Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.
- _translateDNProp() : mixed
- "Normalizes" a Distinguished Name property
- _validateSignature() : int
- Validates a signature
- _validateSignatureCountable() : mixed
- Validate a signature
- computeKeyIdentifier() : string
- Compute a public key identifier.
- disableURLFetch() : mixed
- Prevents URIs from being automatically retrieved
- enableURLFetch() : mixed
- Allows URIs to be automatically retrieved
- getAttribute() : mixed
- Get a CSR attribute
- getAttributes() : array<string|int, mixed>
- Returns a list of all CSR attributes in use
- getChain() : mixed
- Get the certificate chain for the current cert
- getDN() : bool
- Get the Distinguished Name for a certificates subject
- getDNProp() : mixed
- Get Distinguished Name properties
- getExtension() : mixed
- Get a certificate, CSR or CRL Extension
- getExtensions() : array<string|int, mixed>
- Returns a list of all extensions in use in certificate, CSR or CRL
- getIssuerDN() : mixed
- Get the Distinguished Name for a certificate/crl issuer
- getIssuerDNProp() : mixed
- Get an individual Distinguished Name property for a certificate/crl issuer
- getOID() : string
- Returns the OID corresponding to a name
- getPublicKey() : mixed
- Gets the public key
- getRevoked() : mixed
- Get a revoked certificate.
- getRevokedCertificateExtension() : mixed
- Get a Revoked Certificate Extension
- getRevokedCertificateExtensions() : array<string|int, mixed>
- Returns a list of all extensions in use for a given revoked certificate
- getSubjectDN() : mixed
- Get the Distinguished Name for a certificate/csr subject Alias of getDN()
- getSubjectDNProp() : mixed
- Get an individual Distinguished Name property for a certificate/csr subject
- listRevoked() : array<string|int, mixed>
- List revoked certificates
- loadCA() : bool
- Load an X.509 certificate as a certificate authority
- loadCRL() : mixed
- Load a Certificate Revocation List
- loadCSR() : mixed
- Load a Certificate Signing Request
- loadSPKAC() : mixed
- Load a SPKAC CSR
- loadX509() : mixed
- Load X.509 certificate
- makeCA() : mixed
- Turns the certificate into a certificate authority
- removeAttribute() : bool
- Remove a CSR attribute.
- removeDNProp() : mixed
- Remove Distinguished Name properties
- removeExtension() : bool
- Remove a certificate, CSR or CRL Extension
- removeRevokedCertificateExtension() : bool
- Remove a Revoked Certificate Extension
- revoke() : bool
- Revoke a certificate.
- saveCRL() : string
- Save Certificate Revocation List.
- saveCSR() : string
- Save CSR request
- saveSPKAC() : string
- Save a SPKAC CSR request
- saveX509() : string
- Save X.509 certificate
- setAttribute() : bool
- Set a CSR attribute
- setChallenge() : mixed
- Set challenge
- setDN() : bool
- Set a Distinguished Name
- setDNProp() : bool
- Set a Distinguished Name property
- setDomain() : array<string|int, mixed>
- Set the domain name's which the cert is to be valid for
- setEndDate() : mixed
- Set certificate end date
- setExtension() : bool
- Set a certificate, CSR or CRL Extension
- setIPAddress() : mixed
- Set the IP Addresses's which the cert is to be valid for
- setKeyIdentifier() : mixed
- Sets the subject key identifier
- setPrivateKey() : mixed
- Set private key
- setPublicKey() : bool
- Set public key
- setRecurLimit() : mixed
- Sets the recursion limit
- setRevokedCertificateExtension() : bool
- Set a Revoked Certificate Extension
- setSerialNumber() : mixed
- Set Serial Number
- setStartDate() : mixed
- Set certificate start date
- sign() : mixed
- Sign an X.509 certificate
- signCRL() : mixed
- Sign a CRL
- signCSR() : mixed
- Sign a CSR
- signSPKAC() : mixed
- Sign a SPKAC
- unrevoke() : bool
- Unrevoke a certificate.
- validateDate() : mixed
- Validate a date
- validateSignature() : mixed
- Validate a signature
- validateURL() : bool
- Validate an X.509 certificate against a URL
Constants
ATTR_ALL
Attribute value disposition.
public
mixed
ATTR_ALL
= -1
If disposition is >= 0, this is the index of the target value.
ATTR_APPEND
public
mixed
ATTR_APPEND
= -2
ATTR_REPLACE
public
mixed
ATTR_REPLACE
= -3
DN_ARRAY
Return internal array representation
public
mixed
DN_ARRAY
= 0
DN_ASN1
Return ASN.1 name string
public
mixed
DN_ASN1
= 2
DN_CANON
Return canonical ASN.1 RDNs string
public
mixed
DN_CANON
= 4
DN_HASH
Return name hash for file indexing
public
mixed
DN_HASH
= 5
DN_OPENSSL
Return OpenSSL compatible array
public
mixed
DN_OPENSSL
= 3
DN_STRING
Return string
public
mixed
DN_STRING
= 1
FORMAT_AUTO_DETECT
Auto-detect the format
public
mixed
FORMAT_AUTO_DETECT
= 3
Used only by the load*() functions
FORMAT_DER
Save as DER
public
mixed
FORMAT_DER
= 1
FORMAT_PEM
Save as PEM
public
mixed
FORMAT_PEM
= 0
ie. a base64-encoded PEM with a header and a footer
FORMAT_SPKAC
Save as a SPKAC
public
mixed
FORMAT_SPKAC
= 2
Only works on CSRs. Not currently supported.
VALIDATE_SIGNATURE_BY_CA
Flag to only accept signatures signed by certificate authorities
public
mixed
VALIDATE_SIGNATURE_BY_CA
= 1
Not really used anymore but retained all the same to suppress E_NOTICEs from old installs
Tags
Properties
$AttributeValue
public
mixed
$AttributeValue
$AuthorityInfoAccessSyntax
public
mixed
$AuthorityInfoAccessSyntax
$AuthorityKeyIdentifier
public
mixed
$AuthorityKeyIdentifier
$BasicConstraints
public
mixed
$BasicConstraints
$caFlag
CA Flag
public
bool
$caFlag
= false
Tags
$CAs
The certificate authorities
public
array<string|int, mixed>
$CAs
Tags
$Certificate
ASN.1 syntax for X.509 certificates
public
array<string|int, mixed>
$Certificate
Tags
$CertificateIssuer
public
mixed
$CertificateIssuer
$CertificateList
ASN.1 syntax for Certificate Revocation Lists (RFC5280)
public
array<string|int, mixed>
$CertificateList
Tags
$CertificatePolicies
public
mixed
$CertificatePolicies
$CertificationRequest
ASN.1 syntax for Certificate Signing Requests (RFC2986)
public
array<string|int, mixed>
$CertificationRequest
Tags
$challenge
SPKAC Challenge
public
string
$challenge
Tags
$CPSuri
public
mixed
$CPSuri
$CRLDistributionPoints
public
mixed
$CRLDistributionPoints
$CRLNumber
public
mixed
$CRLNumber
$CRLReason
public
mixed
$CRLReason
$currentCert
The currently loaded certificate
public
array<string|int, mixed>
$currentCert
Tags
$currentKeyIdentifier
Key Identifier
public
string
$currentKeyIdentifier
Tags
$DirectoryString
public
mixed
$DirectoryString
$disable_url_fetch
URL fetch flag
public
static bool
$disable_url_fetch
= false
Tags
$dn
Distinguished Name
public
array<string|int, mixed>
$dn
Tags
$endDate
Certificate End Date
public
string
$endDate
Tags
$Extensions
public
mixed
$Extensions
$ExtKeyUsageSyntax
public
mixed
$ExtKeyUsageSyntax
$HoldInstructionCode
public
mixed
$HoldInstructionCode
$InvalidityDate
public
mixed
$InvalidityDate
$IssuerAltName
public
mixed
$IssuerAltName
$IssuingDistributionPoint
public
mixed
$IssuingDistributionPoint
$KeyIdentifier
public
mixed
$KeyIdentifier
$KeyUsage
public
mixed
$KeyUsage
$Name
public
mixed
$Name
$NameConstraints
public
mixed
$NameConstraints
$netscape_ca_policy_url
public
mixed
$netscape_ca_policy_url
$netscape_cert_type
public
mixed
$netscape_cert_type
$netscape_comment
public
mixed
$netscape_comment
$oids
Object identifiers for X.509 certificates
public
array<string|int, mixed>
$oids
Tags
$PKCS9String
public
mixed
$PKCS9String
$PolicyMappings
public
mixed
$PolicyMappings
$PostalAddress
public
mixed
$PostalAddress
$privateKey
Private key
public
string
$privateKey
Tags
$PrivateKeyUsagePeriod
public
mixed
$PrivateKeyUsagePeriod
$publicKey
Public key
public
string
$publicKey
Tags
$recur_limit
Recursion Limit
public
static int
$recur_limit
= 5
Tags
$RelativeDistinguishedName
public
mixed
$RelativeDistinguishedName
$serialNumber
Serial Number
public
string
$serialNumber
Tags
$signatureSubject
The signature subject
public
string
$signatureSubject
There's no guarantee \phpseclib\File\X509 is going to re-encode an X.509 cert in the same way it was originally encoded so we take save the portion of the original cert that the signature would have made for.
Tags
$SignedPublicKeyAndChallenge
public
mixed
$SignedPublicKeyAndChallenge
$startDate
Certificate Start Date
public
string
$startDate
Tags
$SubjectAltName
public
mixed
$SubjectAltName
$SubjectDirectoryAttributes
public
mixed
$SubjectDirectoryAttributes
$UserNotice
public
mixed
$UserNotice
Methods
__construct()
Default Constructor.
public
__construct() : X509
Tags
Return values
X509 —_decodeIP()
Decodes an IP address
public
_decodeIP(string $ip) : string
Takes in a base64 encoded "blob" and returns a human readable IP address
Parameters
- $ip : string
Tags
Return values
string —_decodeNameConstraintIP()
Decodes an IP address in a name constraints extension
public
_decodeNameConstraintIP(string $ip) : array<string|int, mixed>
Takes in a base64 encoded "blob" and returns a human readable IP address / mask
Parameters
- $ip : string
Tags
Return values
array<string|int, mixed> —_dnsName()
Helper function to build domain array
public
_dnsName(string $domain) : array<string|int, mixed>
Parameters
- $domain : string
Tags
Return values
array<string|int, mixed> —_encodeIP()
Encodes an IP address
public
_encodeIP(string|array<string|int, mixed> $ip) : string
Takes a human readable IP address into a base64-encoded "blob"
Parameters
- $ip : string|array<string|int, mixed>
Tags
Return values
string —_extensions()
Get a reference to an extension subarray
public
_extensions(array<string|int, mixed> &$root[, string $path = null ][, bool $create = false ]) : array<string|int, mixed>|false
Parameters
- $root : array<string|int, mixed>
- $path : string = null
-
optional absolute path with / as component separator
- $create : bool = false
-
optional
Tags
Return values
array<string|int, mixed>|false —_extractBER()
Extract raw BER from Base64 encoding
public
_extractBER(string $str) : string
Parameters
- $str : string
Tags
Return values
string —_fetchURL()
Fetches a URL
public
static _fetchURL(string $url) : bool|string
Parameters
- $url : string
Tags
Return values
bool|string —_formatSubjectPublicKey()
Format a public key as appropriate
public
_formatSubjectPublicKey() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —_getExtension()
Get an Extension
public
_getExtension(string $id[, array<string|int, mixed> $cert = null ][, string $path = null ]) : mixed
Returns the extension if it exists and false if not
Parameters
- $id : string
- $cert : array<string|int, mixed> = null
-
optional
- $path : string = null
-
optional
Tags
Return values
mixed —_getExtensions()
Returns a list of all extensions in use
public
_getExtensions([array<string|int, mixed> $cert = null ][, string $path = null ]) : array<string|int, mixed>
Parameters
- $cert : array<string|int, mixed> = null
-
optional
- $path : string = null
-
optional
Tags
Return values
array<string|int, mixed> —_getMapping()
Associate an extension ID to an extension mapping
public
_getMapping(string $extnId) : mixed
Parameters
- $extnId : string
Tags
Return values
mixed —_iPAddress()
Helper function to build IP Address array
public
_iPAddress(string $address) : array<string|int, mixed>
(IPv6 is not currently supported)
Parameters
- $address : string
Tags
Return values
array<string|int, mixed> —_isSubArrayValid()
Check for validity of subarray
public
_isSubArrayValid(array<string|int, mixed> $root, string $path) : bool
This is intended for use in conjunction with _subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to is_array().
Parameters
- $root : array<string|int, mixed>
- $path : string
Tags
Return values
bool —_mapInAttributes()
Map attribute values from ANY type to attribute-specific internal format.
public
_mapInAttributes(mixed &$root, string $path, object $asn1) : mixed
Parameters
- $root : mixed
- $path : string
- $asn1 : object
Tags
Return values
mixed —_mapInDNs()
Map DN values from ANY type to DN-specific internal format.
public
_mapInDNs(mixed &$root, string $path, object $asn1) : mixed
Parameters
- $root : mixed
- $path : string
- $asn1 : object
Tags
Return values
mixed —_mapInExtensions()
Map extension values from octet string to extension-specific internal format.
public
_mapInExtensions(mixed &$root, string $path, object $asn1) : mixed
Parameters
- $root : mixed
- $path : string
- $asn1 : object
Tags
Return values
mixed —_mapOutAttributes()
Map attribute values from attribute-specific internal format to ANY type.
public
_mapOutAttributes(mixed &$root, string $path, object $asn1) : mixed
Parameters
- $root : mixed
- $path : string
- $asn1 : object
Tags
Return values
mixed —_mapOutDNs()
Map DN values from DN-specific internal format to ANY type.
public
_mapOutDNs(mixed &$root, string $path, object $asn1) : mixed
Parameters
- $root : mixed
- $path : string
- $asn1 : object
Tags
Return values
mixed —_mapOutExtensions()
Map extension values from extension-specific internal format to octet string.
public
_mapOutExtensions(mixed &$root, string $path, object $asn1) : mixed
Parameters
- $root : mixed
- $path : string
- $asn1 : object
Tags
Return values
mixed —_reformatKey()
Reformat public keys
public
_reformatKey(string $algorithm, string $key) : string
Reformats a public key to a format supported by phpseclib (if applicable)
Parameters
- $algorithm : string
- $key : string
Tags
Return values
string —_removeExtension()
Remove an Extension
public
_removeExtension(string $id[, string $path = null ]) : bool
Parameters
- $id : string
- $path : string = null
-
optional
Tags
Return values
bool —_revokedCertificate()
Get the index of a revoked certificate.
public
_revokedCertificate(array<string|int, mixed> &$rclist, string $serial[, bool $create = false ]) : int|false
Parameters
- $rclist : array<string|int, mixed>
- $serial : string
- $create : bool = false
-
optional
Tags
Return values
int|false —_setExtension()
Set an Extension
public
_setExtension(string $id, mixed $value[, bool $critical = false ][, bool $replace = true ][, string $path = null ]) : bool
Parameters
- $id : string
- $value : mixed
- $critical : bool = false
-
optional
- $replace : bool = true
-
optional
- $path : string = null
-
optional
Tags
Return values
bool —_sign()
X.509 certificate signing helper function.
public
_sign(object $key, string $signatureAlgorithm) : mixed
Parameters
- $key : object
- $signatureAlgorithm : string
Tags
Return values
mixed —_subArray()
Get a reference to a subarray
public
_subArray(array<string|int, mixed> &$root, string $path[, bool $create = false ]) : array<string|int, mixed>|false
Parameters
- $root : array<string|int, mixed>
- $path : string
-
absolute path with / as component separator
- $create : bool = false
-
optional
Tags
Return values
array<string|int, mixed>|false —_subArrayUnchecked()
Get a reference to a subarray
public
_subArrayUnchecked(array<string|int, mixed> &$root, string $path[, bool $create = false ]) : array<string|int, mixed>|false
This variant of _subArray() does no is_array() checking, so $root should be checked with _isSubArrayValid() first.
This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive.
Parameters
- $root : array<string|int, mixed>
- $path : string
-
absolute path with / as component separator
- $create : bool = false
-
optional
Tags
Return values
array<string|int, mixed>|false —_testForIntermediate()
Validates an intermediate cert as identified via authority info access extension
public
_testForIntermediate(bool $caonly, int $count) : bool
See https://tools.ietf.org/html/rfc4325 for more info
Parameters
- $caonly : bool
- $count : int
Tags
Return values
bool —_timeField()
Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.
public
_timeField(string $date) : array<string|int, mixed>
Parameters
- $date : string
-
in format date('D, d M Y H:i:s O')
Tags
Return values
array<string|int, mixed> —_translateDNProp()
"Normalizes" a Distinguished Name property
public
_translateDNProp(string $propName) : mixed
Parameters
- $propName : string
Tags
Return values
mixed —_validateSignature()
Validates a signature
public
_validateSignature(string $publicKeyAlgorithm, string $publicKey, string $signatureAlgorithm, string $signature, string $signatureSubject) : int
Returns true if the signature is verified, false if it is not correct or null on error
Parameters
- $publicKeyAlgorithm : string
- $publicKey : string
- $signatureAlgorithm : string
- $signature : string
- $signatureSubject : string
Tags
Return values
int —_validateSignatureCountable()
Validate a signature
public
_validateSignatureCountable(bool $caonly, int $count) : mixed
Performs said validation whilst keeping track of how many times validation method is called
Parameters
- $caonly : bool
- $count : int
Tags
Return values
mixed —computeKeyIdentifier()
Compute a public key identifier.
public
computeKeyIdentifier([mixed $key = null ][, int $method = 1 ]) : string
Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key:
- Key object
- \phpseclib\File\X509 object with public or private key defined
- Certificate or CSR array
- \phpseclib\File\ASN1\Element object
- PEM or DER string
Parameters
- $key : mixed = null
-
optional
- $method : int = 1
-
optional
Tags
Return values
string —binary key identifier
disableURLFetch()
Prevents URIs from being automatically retrieved
public
static disableURLFetch() : mixed
Tags
Return values
mixed —enableURLFetch()
Allows URIs to be automatically retrieved
public
static enableURLFetch() : mixed
Tags
Return values
mixed —getAttribute()
Get a CSR attribute
public
getAttribute(string $id[, int $disposition = self::ATTR_ALL ][, array<string|int, mixed> $csr = null ]) : mixed
Returns the attribute if it exists and false if not
Parameters
- $id : string
- $disposition : int = self::ATTR_ALL
-
optional
- $csr : array<string|int, mixed> = null
-
optional
Tags
Return values
mixed —getAttributes()
Returns a list of all CSR attributes in use
public
getAttributes([array<string|int, mixed> $csr = null ]) : array<string|int, mixed>
Parameters
- $csr : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed> —getChain()
Get the certificate chain for the current cert
public
getChain() : mixed
Tags
Return values
mixed —getDN()
Get the Distinguished Name for a certificates subject
public
getDN([mixed $format = self::DN_ARRAY ][, array<string|int, mixed> $dn = null ]) : bool
Parameters
- $format : mixed = self::DN_ARRAY
-
optional
- $dn : array<string|int, mixed> = null
-
optional
Tags
Return values
bool —getDNProp()
Get Distinguished Name properties
public
getDNProp(string $propName[, array<string|int, mixed> $dn = null ][, bool $withType = false ]) : mixed
Parameters
- $propName : string
- $dn : array<string|int, mixed> = null
-
optional
- $withType : bool = false
-
optional
Tags
Return values
mixed —getExtension()
Get a certificate, CSR or CRL Extension
public
getExtension(string $id[, array<string|int, mixed> $cert = null ]) : mixed
Returns the extension if it exists and false if not
Parameters
- $id : string
- $cert : array<string|int, mixed> = null
-
optional
Tags
Return values
mixed —getExtensions()
Returns a list of all extensions in use in certificate, CSR or CRL
public
getExtensions([array<string|int, mixed> $cert = null ]) : array<string|int, mixed>
Parameters
- $cert : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed> —getIssuerDN()
Get the Distinguished Name for a certificate/crl issuer
public
getIssuerDN([int $format = self::DN_ARRAY ]) : mixed
Parameters
- $format : int = self::DN_ARRAY
-
optional
Tags
Return values
mixed —getIssuerDNProp()
Get an individual Distinguished Name property for a certificate/crl issuer
public
getIssuerDNProp(string $propName[, bool $withType = false ]) : mixed
Parameters
- $propName : string
- $withType : bool = false
-
optional
Tags
Return values
mixed —getOID()
Returns the OID corresponding to a name
public
getOID(mixed $name) : string
What's returned in the associative array returned by loadX509() (or load*()) is either a name or an OID if no OID to name mapping is available. The problem with this is that what may be an unmapped OID in one version of phpseclib may not be unmapped in the next version, so apps that are looking at this OID may not be able to work from version to version.
This method will return the OID if a name is passed to it and if no mapping is avialable it'll assume that what's being passed to it already is an OID and return that instead. A few examples.
getOID('2.16.840.1.101.3.4.2.1') == '2.16.840.1.101.3.4.2.1' getOID('id-sha256') == '2.16.840.1.101.3.4.2.1' getOID('zzz') == 'zzz'
Parameters
- $name : mixed
Tags
Return values
string —getPublicKey()
Gets the public key
public
getPublicKey() : mixed
Returns a \phpseclib\Crypt\RSA object or a false.
Tags
Return values
mixed —getRevoked()
Get a revoked certificate.
public
getRevoked(string $serial) : mixed
Parameters
- $serial : string
Tags
Return values
mixed —getRevokedCertificateExtension()
Get a Revoked Certificate Extension
public
getRevokedCertificateExtension(string $serial, string $id[, array<string|int, mixed> $crl = null ]) : mixed
Returns the extension if it exists and false if not
Parameters
- $serial : string
- $id : string
- $crl : array<string|int, mixed> = null
-
optional
Tags
Return values
mixed —getRevokedCertificateExtensions()
Returns a list of all extensions in use for a given revoked certificate
public
getRevokedCertificateExtensions(string $serial[, array<string|int, mixed> $crl = null ]) : array<string|int, mixed>
Parameters
- $serial : string
- $crl : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed> —getSubjectDN()
Get the Distinguished Name for a certificate/csr subject Alias of getDN()
public
getSubjectDN([int $format = self::DN_ARRAY ]) : mixed
Parameters
- $format : int = self::DN_ARRAY
-
optional
Tags
Return values
mixed —getSubjectDNProp()
Get an individual Distinguished Name property for a certificate/csr subject
public
getSubjectDNProp(string $propName[, bool $withType = false ]) : mixed
Parameters
- $propName : string
- $withType : bool = false
-
optional
Tags
Return values
mixed —listRevoked()
List revoked certificates
public
listRevoked([array<string|int, mixed> $crl = null ]) : array<string|int, mixed>
Parameters
- $crl : array<string|int, mixed> = null
-
optional
Tags
Return values
array<string|int, mixed> —loadCA()
Load an X.509 certificate as a certificate authority
public
loadCA(string $cert) : bool
Parameters
- $cert : string
Tags
Return values
bool —loadCRL()
Load a Certificate Revocation List
public
loadCRL(string $crl[, mixed $mode = self::FORMAT_AUTO_DETECT ]) : mixed
Parameters
- $crl : string
- $mode : mixed = self::FORMAT_AUTO_DETECT
Tags
Return values
mixed —loadCSR()
Load a Certificate Signing Request
public
loadCSR(string $csr[, mixed $mode = self::FORMAT_AUTO_DETECT ]) : mixed
Parameters
- $csr : string
- $mode : mixed = self::FORMAT_AUTO_DETECT
Tags
Return values
mixed —loadSPKAC()
Load a SPKAC CSR
public
loadSPKAC(mixed $spkac) : mixed
SPKAC's are produced by the HTML5 keygen element:
https://developer.mozilla.org/en-US/docs/HTML/Element/keygen
Parameters
- $spkac : mixed
Tags
Return values
mixed —loadX509()
Load X.509 certificate
public
loadX509(string $cert[, int $mode = self::FORMAT_AUTO_DETECT ]) : mixed
Returns an associative array describing the X.509 cert or a false if the cert failed to load
Parameters
- $cert : string
- $mode : int = self::FORMAT_AUTO_DETECT
Tags
Return values
mixed —makeCA()
Turns the certificate into a certificate authority
public
makeCA() : mixed
Tags
Return values
mixed —removeAttribute()
Remove a CSR attribute.
public
removeAttribute(string $id[, int $disposition = self::ATTR_ALL ]) : bool
Parameters
- $id : string
- $disposition : int = self::ATTR_ALL
-
optional
Tags
Return values
bool —removeDNProp()
Remove Distinguished Name properties
public
removeDNProp(string $propName) : mixed
Parameters
- $propName : string
Tags
Return values
mixed —removeExtension()
Remove a certificate, CSR or CRL Extension
public
removeExtension(string $id) : bool
Parameters
- $id : string
Tags
Return values
bool —removeRevokedCertificateExtension()
Remove a Revoked Certificate Extension
public
removeRevokedCertificateExtension(string $serial, string $id) : bool
Parameters
- $serial : string
- $id : string
Tags
Return values
bool —revoke()
Revoke a certificate.
public
revoke(string $serial[, string $date = null ]) : bool
Parameters
- $serial : string
- $date : string = null
-
optional
Tags
Return values
bool —saveCRL()
Save Certificate Revocation List.
public
saveCRL(array<string|int, mixed> $crl[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $crl : array<string|int, mixed>
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
string —saveCSR()
Save CSR request
public
saveCSR(array<string|int, mixed> $csr[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $csr : array<string|int, mixed>
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
string —saveSPKAC()
Save a SPKAC CSR request
public
saveSPKAC(mixed $spkac[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $spkac : mixed
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
string —saveX509()
Save X.509 certificate
public
saveX509(array<string|int, mixed> $cert[, int $format = self::FORMAT_PEM ]) : string
Parameters
- $cert : array<string|int, mixed>
- $format : int = self::FORMAT_PEM
-
optional
Tags
Return values
string —setAttribute()
Set a CSR attribute
public
setAttribute(string $id, mixed $value[, bool $disposition = self::ATTR_ALL ]) : bool
Parameters
- $id : string
- $value : mixed
- $disposition : bool = self::ATTR_ALL
-
optional
Tags
Return values
bool —setChallenge()
Set challenge
public
setChallenge(string $challenge) : mixed
Used for SPKAC CSR's
Parameters
- $challenge : string
Tags
Return values
mixed —setDN()
Set a Distinguished Name
public
setDN(mixed $dn[, bool $merge = false ][, string $type = 'utf8String' ]) : bool
Parameters
- $dn : mixed
- $merge : bool = false
-
optional
- $type : string = 'utf8String'
-
optional
Tags
Return values
bool —setDNProp()
Set a Distinguished Name property
public
setDNProp(string $propName, mixed $propValue[, string $type = 'utf8String' ]) : bool
Parameters
- $propName : string
- $propValue : mixed
- $type : string = 'utf8String'
-
optional
Tags
Return values
bool —setDomain()
Set the domain name's which the cert is to be valid for
public
setDomain() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —setEndDate()
Set certificate end date
public
setEndDate(string $date) : mixed
Parameters
- $date : string
Tags
Return values
mixed —setExtension()
Set a certificate, CSR or CRL Extension
public
setExtension(string $id, mixed $value[, bool $critical = false ][, bool $replace = true ]) : bool
Parameters
- $id : string
- $value : mixed
- $critical : bool = false
-
optional
- $replace : bool = true
-
optional
Tags
Return values
bool —setIPAddress()
Set the IP Addresses's which the cert is to be valid for
public
setIPAddress() : mixed
Tags
Return values
mixed —setKeyIdentifier()
Sets the subject key identifier
public
setKeyIdentifier(string $value) : mixed
This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.
Parameters
- $value : string
Tags
Return values
mixed —setPrivateKey()
Set private key
public
setPrivateKey(object $key) : mixed
Key needs to be a \phpseclib\Crypt\RSA object
Parameters
- $key : object
Tags
Return values
mixed —setPublicKey()
Set public key
public
setPublicKey(object $key) : bool
Key needs to be a \phpseclib\Crypt\RSA object
Parameters
- $key : object
Tags
Return values
bool —setRecurLimit()
Sets the recursion limit
public
static setRecurLimit(int $count) : mixed
When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit.
Parameters
- $count : int
Tags
Return values
mixed —setRevokedCertificateExtension()
Set a Revoked Certificate Extension
public
setRevokedCertificateExtension(string $serial, string $id, mixed $value[, bool $critical = false ][, bool $replace = true ]) : bool
Parameters
- $serial : string
- $id : string
- $value : mixed
- $critical : bool = false
-
optional
- $replace : bool = true
-
optional
Tags
Return values
bool —setSerialNumber()
Set Serial Number
public
setSerialNumber(string $serial[, $base = -256 ]) : mixed
Parameters
Tags
Return values
mixed —setStartDate()
Set certificate start date
public
setStartDate(string $date) : mixed
Parameters
- $date : string
Tags
Return values
mixed —sign()
Sign an X.509 certificate
public
sign(X509 $issuer, X509 $subject[, string $signatureAlgorithm = 'sha1WithRSAEncryption' ]) : mixed
$issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set.
Parameters
Tags
Return values
mixed —signCRL()
Sign a CRL
public
signCRL(X509 $issuer, X509 $crl[, string $signatureAlgorithm = 'sha1WithRSAEncryption' ]) : mixed
$issuer's private key needs to be loaded.
Parameters
Tags
Return values
mixed —signCSR()
Sign a CSR
public
signCSR([mixed $signatureAlgorithm = 'sha1WithRSAEncryption' ]) : mixed
Parameters
- $signatureAlgorithm : mixed = 'sha1WithRSAEncryption'
Tags
Return values
mixed —signSPKAC()
Sign a SPKAC
public
signSPKAC([mixed $signatureAlgorithm = 'sha1WithRSAEncryption' ]) : mixed
Parameters
- $signatureAlgorithm : mixed = 'sha1WithRSAEncryption'
Tags
Return values
mixed —unrevoke()
Unrevoke a certificate.
public
unrevoke(string $serial) : bool
Parameters
- $serial : string
Tags
Return values
bool —validateDate()
Validate a date
public
validateDate([DateTime|string $date = null ]) : mixed
If $date isn't defined it is assumed to be the current date.
Parameters
- $date : DateTime|string = null
-
optional
Tags
Return values
mixed —validateSignature()
Validate a signature
public
validateSignature([bool $caonly = true ]) : mixed
Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error
By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed.
The behavior of this function is inspired by openssl_verify.
Parameters
- $caonly : bool = true
-
optional
Tags
Return values
mixed —validateURL()
Validate an X.509 certificate against a URL
public
validateURL(string $url) : bool
From RFC2818 "HTTP over TLS":
Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.
Parameters
- $url : string