 |
Joomla CMS
4.2.2
Documentation des API du CMS Joomla en version 4.2.2
|
|
Joomla CMS
4.2.2
Documentation des API du CMS Joomla en version 4.2.2
|
Fonctions membres publiques | |
| __construct () | |
| loadX509 ($cert, $mode=self::FORMAT_AUTO_DETECT) | |
| saveX509 ($cert, $format=self::FORMAT_PEM) | |
| loadCA ($cert) | |
| validateURL ($url) | |
| validateDate ($date=null) | |
| validateSignature ($caonly=true) | |
| setDNProp ($propName, $propValue, $type='utf8String') | |
| removeDNProp ($propName) | |
| getDNProp ($propName, $dn=null, $withType=false) | |
| setDN ($dn, $merge=false, $type='utf8String') | |
| getDN ($format=self::DN_ARRAY, $dn=null) | |
| getIssuerDN ($format=self::DN_ARRAY) | |
| getSubjectDN ($format=self::DN_ARRAY) | |
| getIssuerDNProp ($propName, $withType=false) | |
| getSubjectDNProp ($propName, $withType=false) | |
| getChain () | |
| & | getCurrentCert () |
| setPublicKey (PublicKey $key) | |
| setPrivateKey (PrivateKey $key) | |
| setChallenge ($challenge) | |
| getPublicKey () | |
| loadCSR ($csr, $mode=self::FORMAT_AUTO_DETECT) | |
| saveCSR ($csr, $format=self::FORMAT_PEM) | |
| loadSPKAC ($spkac) | |
| saveSPKAC ($spkac, $format=self::FORMAT_PEM) | |
| loadCRL ($crl, $mode=self::FORMAT_AUTO_DETECT) | |
| saveCRL ($crl, $format=self::FORMAT_PEM) | |
| sign ($issuer, $subject) | |
| signCSR () | |
| signSPKAC () | |
| signCRL ($issuer, $crl) | |
| setStartDate ($date) | |
| setEndDate ($date) | |
| setSerialNumber ($serial, $base=-256) | |
| makeCA () | |
| removeExtension ($id) | |
| getExtension ($id, $cert=null, $path=null) | |
| getExtensions ($cert=null, $path=null) | |
| setExtension ($id, $value, $critical=false, $replace=true) | |
| removeAttribute ($id, $disposition=self::ATTR_ALL) | |
| getAttribute ($id, $disposition=self::ATTR_ALL, $csr=null) | |
| getAttributes ($csr=null) | |
| setAttribute ($id, $value, $disposition=self::ATTR_ALL) | |
| setKeyIdentifier ($value) | |
| computeKeyIdentifier ($key=null, $method=1) | |
| setDomain (... $domains) | |
| setIPAddress (... $ipAddresses) | |
| revoke ($serial, $date=null) | |
| unrevoke ($serial) | |
| getRevoked ($serial) | |
| listRevoked ($crl=null) | |
| removeRevokedCertificateExtension ($serial, $id) | |
| getRevokedCertificateExtension ($serial, $id, $crl=null) | |
| getRevokedCertificateExtensions ($serial, $crl=null) | |
| setRevokedCertificateExtension ($serial, $id, $value, $critical=false, $replace=true) | |
| setExtensionValue ($id, $value, $critical=false, $replace=false) | |
Fonctions membres publiques statiques | |
| static | setRecurLimit ($count) |
| static | disableURLFetch () |
| static | enableURLFetch () |
| static | decodeIP ($ip) |
| static | decodeNameConstraintIP ($ip) |
| static | encodeIP ($ip) |
| static | registerExtension ($id, array $mapping) |
| static | getRegisteredExtension ($id) |
Champs de données | |
| const | VALIDATE_SIGNATURE_BY_CA = 1 |
| const | DN_ARRAY = 0 |
| const | DN_STRING = 1 |
| const | DN_ASN1 = 2 |
| const | DN_OPENSSL = 3 |
| const | DN_CANON = 4 |
| const | DN_HASH = 5 |
| const | FORMAT_PEM = 0 |
| const | FORMAT_DER = 1 |
| const | FORMAT_SPKAC = 2 |
| const | FORMAT_AUTO_DETECT = 3 |
| const | ATTR_ALL = -1 |
| const | ATTR_APPEND = -2 |
| const | ATTR_REPLACE = -3 |
Fonctions membres privées | |
| mapInExtensions (&$root, $path) | |
| mapOutExtensions (&$root, $path) | |
| mapInAttributes (&$root, $path) | |
| mapOutAttributes (&$root, $path) | |
| mapInDNs (&$root, $path) | |
| mapOutDNs (&$root, $path) | |
| getMapping ($extnId) | |
| testForIntermediate ($caonly, $count) | |
| validateSignatureCountable ($caonly, $count) | |
| validateSignatureHelper ($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) | |
| translateDNProp ($propName) | |
| timeField ($date) | |
| isSubArrayValid ($root, $path) | |
| & | subArrayUnchecked (&$root, $path, $create=false) |
| & | subArray (&$root, $path, $create=false) |
| & | extensions (&$root, $path=null, $create=false) |
| removeExtensionHelper ($id, $path=null) | |
| getExtensionHelper ($id, $cert=null, $path=null) | |
| getExtensionsHelper ($cert=null, $path=null) | |
| setExtensionHelper ($id, $value, $critical=false, $replace=true, $path=null) | |
| formatSubjectPublicKey () | |
| dnsName ($domain) | |
| iPAddress ($address) | |
| revokedCertificate (&$rclist, $serial, $create=false) | |
Fonctions membres privées statiques | |
| static | fetchURL ($url) |
| static | identifySignatureAlgorithm (PrivateKey $key) |
Attributs privés | |
| $dn | |
| $publicKey | |
| $privateKey | |
| $oids | |
| $CAs | |
| $currentCert | |
| $signatureSubject | |
| $startDate | |
| $endDate | |
| $serialNumber | |
| $currentKeyIdentifier | |
| $caFlag = false | |
| $challenge | |
| $extensionValues = [] | |
| $ipAddresses = null | |
| $domains = null | |
Attributs privés statiques | |
| static | $oidsLoaded = false |
| static | $recur_limit = 5 |
| static | $disable_url_fetch = false |
| static | $extensions = [] |
| __construct | ( | ) |
| computeKeyIdentifier | ( | $key = null, |
|
$method = 1 |
|||
| ) |
Compute a public key identifier.
Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key:
| mixed | $key | optional |
| int | $method | optional public |
Références $hash, $key, $method, $this, ASN1\asn1map(), ASN1\decodeBER(), ASN1\extractBER(), PublicKeyLoader\load(), et ASN1\TYPE_BIT_STRING.
Référencé par X509\sign().
|
static |
Decodes an IP address
Takes in a base64 encoded "blob" and returns a human readable IP address
| string | $ip | private |
|
static |
Decodes an IP address in a name constraints extension
Takes in a base64 encoded "blob" and returns a human readable IP address / mask
| string | $ip | private |
Références $size.
|
static |
Prevents URIs from being automatically retrieved
public
|
private |
Helper function to build domain array
private
| string | $domain |
|
static |
Allows URIs to be automatically retrieved
public
|
static |
Encodes an IP address
Takes a human readable IP address into a base64-encoded "blob"
| string | array | $ip | private |
Get a reference to an extension subarray
| array | $root | |
| string | $path | optional absolute path with / as component separator |
| bool | $create | optional private |
Références $attributes, X509\$currentCert, X509\$extensions, $key, $path, $root, $value, et X509\subArray().
Référencé par X509\getExtensionHelper(), X509\getExtensionsHelper(), X509\removeExtensionHelper(), et X509\setExtensionHelper().
|
staticprivate |
|
private |
Format a public key as appropriate
private
Références $format, X509\$publicKey, ASN1\asn1map(), ASN1\decodeBER(), et RSA\SIGNATURE_PSS.
Référencé par X509\signCSR(), et X509\signSPKAC().
| getAttribute | ( | $id, | |
$disposition = self::ATTR_ALL, |
|||
$csr = null |
|||
| ) |
Get a CSR attribute
Returns the attribute if it exists and false if not
| string | $id | |
| int | $disposition | optional |
| array | $csr | optional public |
Références $attributes, X509\$currentCert, $id, $key, $n, et X509\subArray().
| getAttributes | ( | $csr = null | ) |
Returns a list of all CSR attributes in use
| array | $csr | optional public |
Références $attributes, X509\$currentCert, et X509\subArray().
| getChain | ( | ) |
Get the certificate chain for the current cert
public
Références X509\$currentCert, $i, $key, $value, et X509\getExtension().
| & getCurrentCert | ( | ) |
| getDN | ( | $format = self::DN_ARRAY, |
|
$dn = null |
|||
| ) |
Get the Distinguished Name for a certificates subject
| mixed | $format | optional |
| array | $dn | optional public |
Références $attr, $desc, X509\$dn, $field, $filters, $format, $hash, $i, $output, $result, $start, $type, $value, ASN1\ANY_MAP, ASN1\convert(), elseif, EncoderInterface\encode(), ASN1\encodeDER(), X509\mapOutDNs(), ASN1\setFilters(), ASN1\STRING_TYPE_SIZE, et ASN1\TYPE_UTF8_STRING.
Référencé par X509\getIssuerDN(), X509\getSubjectDN(), et X509\validateSignatureCountable().
Get Distinguished Name properties
| string | $propName | |
| array | $dn | optional |
| bool | $withType | optional |
Références X509\$dn, $filters, $i, $result, $type, ASN1\ANY_MAP, ASN1\asn1map(), ASN1\convert(), ASN1\decodeBER(), elseif, X509\getMapping(), X509\mapOutDNs(), ASN1\setFilters(), ASN1\STRING_TYPE_SIZE, X509\translateDNProp(), et ASN1\TYPE_UTF8_STRING.
Référencé par X509\getIssuerDNProp(), X509\getSubjectDNProp(), et X509\validateURL().
Get a certificate, CSR or CRL Extension
Returns the extension if it exists and false if not
| string | $id | |
| array | $cert | optional |
| string | $path | public |
Références $id, $path, et X509\getExtensionHelper().
Référencé par X509\getChain(), X509\getRevokedCertificateExtension(), X509\loadX509(), X509\sign(), X509\signCRL(), X509\testForIntermediate(), X509\validateSignatureCountable(), et X509\validateURL().
Get an Extension
Returns the extension if it exists and false if not
| string | $id | |
| array | $cert | optional |
| string | $path | optional private |
Références X509\$extensions, $id, $key, $path, $value, et X509\extensions().
Référencé par X509\getExtension().
Returns a list of all extensions in use in certificate, CSR or CRL
| array | $cert | optional |
| string | $path | optional public |
Références $path, et X509\getExtensionsHelper().
Référencé par X509\getRevokedCertificateExtensions().
Returns a list of all extensions in use
| array | $cert | optional |
| string | $path | optional private |
Références $extension, X509\$extensions, $path, et X509\extensions().
Référencé par X509\getExtensions().
| getIssuerDN | ( | $format = self::DN_ARRAY | ) |
Get the Distinguished Name for a certificate/crl issuer
| int | $format | optional public |
Références $format, et X509\getDN().
Référencé par X509\validateSignatureCountable().
| getIssuerDNProp | ( | $propName, | |
$withType = false |
|||
| ) |
Get an individual Distinguished Name property for a certificate/crl issuer
| string | $propName | |
| bool | $withType | optional public |
Références X509\getDNProp().
|
private |
Associate an extension ID to an extension mapping
| string | $extnId | private |
Référencé par X509\getDNProp(), X509\mapInAttributes(), X509\mapInDNs(), X509\mapInExtensions(), X509\mapOutAttributes(), X509\mapOutDNs(), et X509\mapOutExtensions().
| getPublicKey | ( | ) |
Gets the public key
Returns a object or a false.
public
Références $key, $path, X509\$publicKey, AsymmetricKey\loadFormat(), RSA\SIGNATURE_PKCS1, et X509\subArray().
Référencé par X509\loadCSR(), et X509\loadSPKAC().
|
static |
| getRevoked | ( | $serial | ) |
Get a revoked certificate.
| string | $serial | public |
Références $i, X509\revokedCertificate(), et X509\subArray().
| getRevokedCertificateExtension | ( | $serial, | |
| $id, | |||
$crl = null |
|||
| ) |
Get a Revoked Certificate Extension
Returns the extension if it exists and false if not
| string | $serial | |
| string | $id | |
| array | $crl | optional public |
Références X509\$currentCert, $i, $id, X509\getExtension(), X509\revokedCertificate(), et X509\subArray().
| getRevokedCertificateExtensions | ( | $serial, | |
$crl = null |
|||
| ) |
Returns a list of all extensions in use for a given revoked certificate
| string | $serial | |
| array | $crl | optional public |
Références X509\$currentCert, $i, X509\getExtensions(), X509\revokedCertificate(), et X509\subArray().
| getSubjectDN | ( | $format = self::DN_ARRAY | ) |
Get the Distinguished Name for a certificate/csr subject Alias of getDN()
| int | $format | optional public |
Références $format, et X509\getDN().
| getSubjectDNProp | ( | $propName, | |
$withType = false |
|||
| ) |
Get an individual Distinguished Name property for a certificate/csr subject
| string | $propName | |
| bool | $withType | optional public |
Références X509\getDNProp(), et null.
|
staticprivate |
Identify signature algorithm from key settings
| PrivateKey | $key | private |
Références $key, et RSA\SIGNATURE_PSS.
|
private |
Helper function to build IP Address array
(IPv6 is not currently supported)
private
| string | $address |
|
private |
Check for validity of subarray
This is intended for use in conjunction with _subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to is_array().
| array | $root | |
| string | $path |
Références $i, $path, et $root.
Référencé par X509\loadCRL(), X509\loadX509(), et X509\mapInAttributes().
| listRevoked | ( | $crl = null | ) |
List revoked certificates
| array | $crl | optional public |
Références X509\$currentCert, $result, et X509\subArray().
| loadCA | ( | $cert | ) |
Load an X.509 certificate as a certificate authority
| string | $cert | public |
Références X509\$currentCert, X509\$currentKeyIdentifier, X509\$dn, X509\$signatureSubject, et X509\loadX509().
| loadCRL | ( | $crl, | |
$mode = self::FORMAT_AUTO_DETECT |
|||
| ) |
Load a Certificate Revocation List
| string | $crl | |
| int | $mode |
Références $extension, $i, $mode, ASN1\asn1map(), ASN1\decodeBER(), ASN1\extractBER(), X509\isSubArrayValid(), X509\mapInDNs(), X509\mapInExtensions(), null, et X509\subArrayUnchecked().
Référencé par X509\signCRL().
| loadCSR | ( | $csr, | |
$mode = self::FORMAT_AUTO_DETECT |
|||
| ) |
Load a Certificate Signing Request
| string | $csr | |
| int | $mode |
Références $key, $mode, ASN1\asn1map(), ASN1\decodeBER(), ASN1\encodeDER(), ASN1\extractBER(), X509\getPublicKey(), X509\mapInAttributes(), X509\mapInDNs(), et null.
Référencé par X509\signCSR().
| loadSPKAC | ( | $spkac | ) |
Load a SPKAC CSR
SPKAC's are produced by the HTML5 keygen element:
https://developer.mozilla.org/en-US/docs/HTML/Element/keygen
| string | $spkac | public |
Références $key, $temp, ASN1\asn1map(), EncoderInterface\decode(), ASN1\decodeBER(), ASN1\encodeDER(), X509\getPublicKey(), et null.
Référencé par X509\signSPKAC().
| loadX509 | ( | $cert, | |
$mode = self::FORMAT_AUTO_DETECT |
|||
| ) |
Load X.509 certificate
Returns an associative array describing the X.509 cert or a false if the cert failed to load
| string | $cert | |
| int | $mode | public |
Références X509\$currentKeyIdentifier, $key, $mode, ASN1\asn1map(), ASN1\decodeBER(), ASN1\encodeDER(), ASN1\extractBER(), X509\getExtension(), X509\isSubArrayValid(), X509\mapInDNs(), X509\mapInExtensions(), et null.
Référencé par X509\loadCA(), et X509\sign().
| makeCA | ( | ) |
Turns the certificate into a certificate authority
public
|
private |
Map attribute values from ANY type to attribute-specific internal format.
| array | $root | (by reference) |
| string | $path | private |
Références $attributes, $i, $id, $path, $root, $value, ASN1\asn1map(), ASN1\decodeBER(), elseif, ASN1\encodeDER(), X509\getMapping(), X509\isSubArrayValid(), X509\mapInExtensions(), et X509\subArray().
Référencé par X509\loadCSR().
|
private |
Map DN values from ANY type to DN-specific internal format.
| array | $root | (by reference) |
| string | $path | private |
Références $i, $path, $root, $type, $value, ASN1\asn1map(), ASN1\decodeBER(), X509\getMapping(), et X509\subArray().
Référencé par X509\loadCRL(), X509\loadCSR(), et X509\loadX509().
|
private |
Map extension values from octet string to extension-specific internal format.
| array | $root | (by reference) |
| string | $path | private |
Références X509\$extensions, $i, $id, $path, $root, $value, ASN1\asn1map(), class, ASN1\decodeBER(), X509\getMapping(), et X509\subArrayUnchecked().
Référencé par X509\loadCRL(), X509\loadX509(), et X509\mapInAttributes().
|
private |
Map attribute values from attribute-specific internal format to ANY type.
| array | $root | (by reference) |
| string | $path | private |
Références $attributes, $i, $id, $path, $root, $size, $temp, ASN1\asn1map(), ASN1\decodeBER(), elseif, ASN1\encodeDER(), X509\getMapping(), X509\mapOutExtensions(), et X509\subArray().
Référencé par X509\saveCSR().
|
private |
Map DN values from DN-specific internal format to ANY type.
| array | $root | (by reference) |
| string | $path | private |
Références $i, $path, $root, $size, $type, $value, ASN1\encodeDER(), X509\getMapping(), et X509\subArray().
Référencé par X509\getDN(), X509\getDNProp(), X509\saveCRL(), X509\saveCSR(), et X509\saveX509().
|
private |
Map extension values from extension-specific internal format to octet string.
| array | $root | (by reference) |
| string | $path | private |
Références $data, X509\$extensions, $i, $id, $key, $path, $root, $size, $temp, $value, class, ASN1\CLASS_CONTEXT_SPECIFIC, ASN1\encodeDER(), X509\getMapping(), et X509\subArray().
Référencé par X509\mapOutAttributes(), X509\saveCRL(), et X509\saveX509().
|
static |
Register the mapping for a custom/unsupported extension.
| string | $id | |
| array | $mapping |
Références $id.
| removeAttribute | ( | $id, | |
$disposition = self::ATTR_ALL |
|||
| ) |
Remove a CSR attribute.
| string | $id | |
| int | $disposition | optional public |
Références $attributes, $id, $key, $n, $result, et X509\subArray().
Référencé par X509\setAttribute().
| removeDNProp | ( | $propName | ) |
Remove Distinguished Name properties
| string | $propName | public |
Références X509\$dn, $i, $size, et X509\translateDNProp().
Référencé par X509\setDomain().
| removeExtension | ( | $id | ) |
Remove a certificate, CSR or CRL Extension
| string | $id | public |
Références $id, et X509\removeExtensionHelper().
Référencé par X509\sign(), et X509\signCRL().
|
private |
Remove an Extension
| string | $id | |
| string | $path | optional private |
Références X509\$extensions, $id, $key, $path, $result, $value, et X509\extensions().
Référencé par X509\removeExtension(), et X509\removeRevokedCertificateExtension().
| removeRevokedCertificateExtension | ( | $serial, | |
| $id | |||
| ) |
Remove a Revoked Certificate Extension
| string | $serial | |
| string | $id | public |
Références $i, $id, X509\removeExtensionHelper(), X509\revokedCertificate(), et X509\subArray().
| revoke | ( | $serial, | |
$date = null |
|||
| ) |
Revoke a certificate.
| string | $serial | |
| string | $date | optional public |
Références $date, $i, X509\revokedCertificate(), X509\subArray(), et X509\timeField().
|
private |
Get the index of a revoked certificate.
| array | $rclist | |
| string | $serial | |
| bool | $create | optional private |
Références $i, et X509\timeField().
Référencé par X509\getRevoked(), X509\getRevokedCertificateExtension(), X509\getRevokedCertificateExtensions(), X509\removeRevokedCertificateExtension(), X509\revoke(), X509\setRevokedCertificateExtension(), et X509\unrevoke().
| saveCRL | ( | $crl, | |
$format = self::FORMAT_PEM |
|||
| ) |
Save Certificate Revocation List.
| array | $crl | |
| int | $format | optional public |
Références $extension, $filters, $format, $i, Base64\encode(), ASN1\encodeDER(), X509\mapOutDNs(), X509\mapOutExtensions(), ASN1\setFilters(), X509\subArray(), ASN1\TYPE_NULL, et ASN1\TYPE_UTF8_STRING.
Référencé par X509\signCRL().
| saveCSR | ( | $csr, | |
$format = self::FORMAT_PEM |
|||
| ) |
Save CSR request
| array | $csr | |
| int | $format | optional public |
Références $filters, $format, Base64\encode(), ASN1\encodeDER(), X509\mapOutAttributes(), X509\mapOutDNs(), ASN1\setFilters(), X509\subArray(), et ASN1\TYPE_UTF8_STRING.
Référencé par X509\signCSR().
| saveSPKAC | ( | $spkac, | |
$format = self::FORMAT_PEM |
|||
| ) |
Save a SPKAC CSR request
| array | $spkac | |
| int | $format | optional public |
Références $format, Base64\encode(), ASN1\encodeDER(), et X509\subArray().
Référencé par X509\signSPKAC().
| saveX509 | ( | $cert, | |
$format = self::FORMAT_PEM |
|||
| ) |
Save X.509 certificate
| array | $cert | |
| int | $format | optional public |
Références $extension, $filters, $format, Base64\encode(), ASN1\encodeDER(), X509\mapOutDNs(), X509\mapOutExtensions(), null, ASN1\setFilters(), X509\subArray(), ASN1\TYPE_IA5_STRING, et ASN1\TYPE_UTF8_STRING.
Référencé par X509\sign().
| setAttribute | ( | $id, | |
| $value, | |||
$disposition = self::ATTR_ALL |
|||
| ) |
Set a CSR attribute
| string | $id | |
| mixed | $value | |
| int | $disposition | optional public |
Références $attributes, $id, $key, $last, $n, $value, X509\removeAttribute(), et X509\subArray().
| setChallenge | ( | $challenge | ) |
| setDN | ( | $dn, | |
$merge = false, |
|||
$type = 'utf8String' |
|||
| ) |
| setDNProp | ( | $propName, | |
| $propValue, | |||
$type = 'utf8String' |
|||
| ) |
Set a Distinguished Name property
| string | $propName | |
| mixed | $propValue | |
| string | $type | optional public |
Références $type, et X509\translateDNProp().
Référencé par X509\setDN(), et X509\setDomain().
| setDomain | ( | $domains | ) |
Set the domain name's which the cert is to be valid for
| mixed | ...$domains public |
Références X509\$domains, X509\removeDNProp(), et X509\setDNProp().
| setEndDate | ( | $date | ) |
Set certificate end date
| \DateTimeInterface | string | $date | public |
Références $date, $temp, ASN1\encodeLength(), et ASN1\TYPE_GENERALIZED_TIME.
Set a certificate, CSR or CRL Extension
| string | $id | |
| mixed | $value | |
| bool | $critical | optional |
| bool | $replace | optional public |
Références $id, $value, et X509\setExtensionHelper().
Référencé par X509\sign(), et X509\signCRL().
Set an Extension
| string | $id | |
| mixed | $value | |
| bool | $critical | optional |
| bool | $replace | optional |
| string | $path | optional private |
Références X509\$extensions, $id, $key, $path, $value, et X509\extensions().
Référencé par X509\setExtension(), et X509\setRevokedCertificateExtension().
Register the mapping for a custom/unsupported extension.
| string | $id | |
| mixed | $value | |
| bool | $critical | |
| bool | $replace |
Références $id.
| setIPAddress | ( | $ipAddresses | ) |
Set the IP Addresses's which the cert is to be valid for
public
| mixed[] | ...$ipAddresses |
Références X509\$ipAddresses.
| setKeyIdentifier | ( | $value | ) |
Sets the subject key identifier
This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.
| string | $value | public |
Références $value.
| setPrivateKey | ( | PrivateKey | $key | ) |
| setPublicKey | ( | PublicKey | $key | ) |
|
static |
Sets the recursion limit
When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit.
| int | $count | public |
Références $count.
Set a Revoked Certificate Extension
| string | $serial | |
| string | $id | |
| mixed | $value | |
| bool | $critical | optional |
| bool | $replace | optional public |
Références $i, $id, $value, X509\revokedCertificate(), X509\setExtensionHelper(), et X509\subArray().
| setSerialNumber | ( | $serial, | |
$base = -256 |
|||
| ) |
| setStartDate | ( | $date | ) |
| sign | ( | $issuer, | |
| $subject | |||
| ) |
Sign an X.509 certificate
$issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set.
| \phpseclib3\File\X509 | $issuer | |
| \phpseclib3\File\X509 | $subject | public |
Références X509\$currentCert, X509\$endDate, X509\$ipAddresses, $r, $result, X509\$serialNumber, X509\$signatureSubject, X509\$startDate, $subject, X509\computeKeyIdentifier(), elseif, X509\getExtension(), PSS\load(), X509\loadX509(), null, X509\removeExtension(), PSS\savePSSParams(), X509\saveX509(), X509\setExtension(), Random\string(), et X509\timeField().
| signCRL | ( | $issuer, | |
| $crl | |||
| ) |
Sign a CRL
$issuer's private key needs to be loaded.
| \phpseclib3\File\X509 | $issuer | |
| \phpseclib3\File\X509 | $crl | public |
Références X509\$currentCert, $result, X509\$serialNumber, X509\$signatureSubject, $version, elseif, X509\getExtension(), X509\loadCRL(), null, X509\removeExtension(), X509\saveCRL(), X509\setExtension(), et X509\timeField().
| signCSR | ( | ) |
Sign a CSR
public
Références X509\$currentCert, X509\$dn, X509\$publicKey, $result, X509\$signatureSubject, X509\formatSubjectPublicKey(), X509\loadCSR(), null, et X509\saveCSR().
| signSPKAC | ( | ) |
Sign a SPKAC
public
Références X509\$currentCert, X509\$publicKey, $result, X509\$signatureSubject, X509\formatSubjectPublicKey(), X509\loadSPKAC(), null, et X509\saveSPKAC().
|
private |
Get a reference to a subarray
| array | $root | |
| string | $path | absolute path with / as component separator |
| bool | $create | optional private |
Références $i, $path, et $root.
Référencé par X509\extensions(), X509\getAttribute(), X509\getAttributes(), X509\getPublicKey(), X509\getRevoked(), X509\getRevokedCertificateExtension(), X509\getRevokedCertificateExtensions(), X509\listRevoked(), X509\mapInAttributes(), X509\mapInDNs(), X509\mapOutAttributes(), X509\mapOutDNs(), X509\mapOutExtensions(), X509\removeAttribute(), X509\removeRevokedCertificateExtension(), X509\revoke(), X509\saveCRL(), X509\saveCSR(), X509\saveSPKAC(), X509\saveX509(), X509\setAttribute(), X509\setRevokedCertificateExtension(), et X509\unrevoke().
|
private |
Get a reference to a subarray
This variant of _subArray() does no is_array() checking, so $root should be checked with _isSubArrayValid() first.
This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive.
| array | $root | |
| string | $path | absolute path with / as component separator |
| bool | $create | optional private |
Références $i, $path, et $root.
Référencé par X509\loadCRL(), et X509\mapInExtensions().
|
private |
Validates an intermediate cert as identified via authority info access extension
See https://tools.ietf.org/html/rfc4325 for more info
| bool | $caonly | |
| int | $count | private |
Références X509\$CAs, $count, $opts, $url, et X509\getExtension().
Référencé par X509\validateSignatureCountable().
|
private |
Helper function to build a time field according to RFC 3280 section
| string | $date | in format date('D, d M Y H:i:s O') private |
Références $date.
Référencé par X509\revoke(), X509\revokedCertificate(), X509\sign(), et X509\signCRL().
|
private |
"Normalizes" a Distinguished Name property
| string | $propName | private |
Référencé par X509\getDNProp(), X509\removeDNProp(), et X509\setDNProp().
| unrevoke | ( | $serial | ) |
Unrevoke a certificate.
| string | $serial | public |
Références $i, X509\revokedCertificate(), et X509\subArray().
| validateDate | ( | $date = null | ) |
Validate a date
If $date isn't defined it is assumed to be the current date.
| \DateTimeInterface | string | $date | optional public |
Références $date.
| validateSignature | ( | $caonly = true | ) |
Validate a signature
Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error
By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed.
The behavior of this function is inspired by openssl_verify.
| bool | $caonly | optional public |
Références X509\validateSignatureCountable().
Référencé par X509\validateSignatureCountable().
|
private |
Validate a signature
Performs said validation whilst keeping track of how many times validation method is called
| bool | $caonly | |
| int | $count | private |
Références $count, X509\$currentCert, $i, elseif, X509\getDN(), X509\getExtension(), X509\getIssuerDN(), null, X509\testForIntermediate(), X509\validateSignature(), et X509\validateSignatureHelper().
Référencé par X509\validateSignature().
|
private |
Validates a signature
Returns true if the signature is verified and false if it is not correct. If the algorithms are unsupposed an exception is thrown.
| string | $publicKeyAlgorithm | |
| string | $publicKey | |
| string | $signatureAlgorithm | |
| string | $signature | |
| string | $signatureSubject | private |
Références $key, X509\$publicKey, X509\$signatureSubject, AsymmetricKey\loadFormat(), et RSA\SIGNATURE_PKCS1.
Référencé par X509\validateSignatureCountable().
| validateURL | ( | $url | ) |
Validate an X.509 certificate against a URL
From RFC2818 "HTTP over TLS":
Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
| string | $url | public |
Références $key, $name, $names, $url, $value, X509\getDNProp(), et X509\getExtension().
|
private |
|
private |
Référencé par X509\testForIntermediate().
|
private |
Référencé par X509\setChallenge().
|
private |
Référencé par X509\extensions(), X509\getAttribute(), X509\getAttributes(), X509\getChain(), X509\getCurrentCert(), X509\getRevokedCertificateExtension(), X509\getRevokedCertificateExtensions(), X509\listRevoked(), X509\loadCA(), X509\sign(), X509\signCRL(), X509\signCSR(), X509\signSPKAC(), et X509\validateSignatureCountable().
|
private |
Référencé par X509\loadCA(), et X509\loadX509().
|
staticprivate |
|
private |
Référencé par X509\getDN(), X509\getDNProp(), X509\loadCA(), X509\removeDNProp(), X509\setDN(), et X509\signCSR().
|
private |
Référencé par X509\setDomain().
|
private |
Référencé par X509\sign().
|
staticprivate |
|
private |
|
private |
Référencé par X509\setIPAddress(), et X509\sign().
|
private |
|
staticprivate |
|
private |
|
private |
|
staticprivate |
|
private |
Référencé par X509\sign(), et X509\signCRL().
|
private |
Référencé par X509\loadCA(), X509\sign(), X509\signCRL(), X509\signCSR(), X509\signSPKAC(), et X509\validateSignatureHelper().
|
private |
Référencé par X509\sign().
| const ATTR_ALL = -1 |
Attribute value disposition. If disposition is >= 0, this is the index of the target value.
| const ATTR_APPEND = -2 |
| const ATTR_REPLACE = -3 |
| const DN_ARRAY = 0 |
Return internal array representation
public
| const DN_ASN1 = 2 |
Return ASN.1 name string
public
| const DN_CANON = 4 |
Return canonical ASN.1 RDNs string
public
| const DN_HASH = 5 |
Return name hash for file indexing
public
| const DN_OPENSSL = 3 |
Return OpenSSL compatible array
public
| const DN_STRING = 1 |
Return string
public
| const FORMAT_AUTO_DETECT = 3 |
Auto-detect the format
Used only by the load*() functions
public
| const FORMAT_DER = 1 |
Save as DER
public
| const FORMAT_PEM = 0 |
Save as PEM
ie. a base64-encoded PEM with a header and a footer
public
| const FORMAT_SPKAC = 2 |
Save as a SPKAC
public
Only works on CSRs. Not currently supported.
| const VALIDATE_SIGNATURE_BY_CA = 1 |
Flag to only accept signatures signed by certificate authorities
Not really used anymore but retained all the same to suppress E_NOTICEs from old installs
public
