2011-12-17 10:31:35 +11:00
|
|
|
<?php defined('SYSPATH') or die('No direct access allowed.');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This class is for access to SSL information
|
|
|
|
*
|
|
|
|
* @package OSB
|
2012-12-19 17:28:39 +11:00
|
|
|
* @subpackage SSL
|
2011-12-17 10:31:35 +11:00
|
|
|
* @category Helpers
|
|
|
|
* @author Deon George
|
|
|
|
* @copyright (c) 2010 Open Source Billing
|
|
|
|
* @license http://dev.osbill.net/license.html
|
|
|
|
*/
|
|
|
|
class SSL {
|
2012-12-19 17:28:39 +11:00
|
|
|
private $cert = '';
|
|
|
|
private $_details = array();
|
2011-12-17 10:31:35 +11:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function __construct($cert) {
|
|
|
|
$this->cert = $cert;
|
|
|
|
}
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public static function instance($cert) {
|
|
|
|
return new SSL($cert);
|
2012-05-09 00:59:08 +10:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
/**
|
|
|
|
* This function will convert a large decimal number into hex
|
|
|
|
* @param $number Large decimal number
|
|
|
|
*/
|
|
|
|
private static function _dec_to_hex($number) {
|
|
|
|
$hex = array();
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
if ($number == 0)
|
|
|
|
return '00';
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
while ($number > 0) {
|
|
|
|
if ($number == 0) {
|
|
|
|
array_push($hex, '0');
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
} else {
|
|
|
|
$x = (int) ($number/16);
|
|
|
|
array_push($hex,strtoupper(dechex((int)($number-($x*16)))));
|
|
|
|
$number = $x;
|
|
|
|
}
|
2012-12-11 08:48:30 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
return preg_replace('/^:/','',preg_replace('/(..)/',":$1",implode(array_reverse($hex))));
|
2012-12-11 08:48:30 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
/**
|
|
|
|
* Parse our AuthorityKeyIndentifier Extension to extract information
|
|
|
|
* @param $key Return just that index
|
|
|
|
*/
|
|
|
|
private function _aki($key=NULL) {
|
|
|
|
$return = array();
|
|
|
|
|
|
|
|
$aki = $this->_extensions('authorityKeyIdentifier');
|
|
|
|
if (! $aki)
|
|
|
|
return '';
|
|
|
|
|
|
|
|
foreach (explode("\n",preg_replace("/\n$/",'',$aki)) as $x) {
|
|
|
|
if (! $x)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (strstr($x,':')) {
|
|
|
|
list($a,$b) = explode(':',$x,2);
|
|
|
|
$return[strtolower($a)] = $b;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return is_null($key) ? $return : (isset($return[$key]) ? $return[$key] : '');
|
2012-12-11 08:48:30 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
private function _bc() {
|
|
|
|
return $this->_extensions('basicConstraints');
|
2012-12-11 08:48:30 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
/**
|
|
|
|
* Parse our Sign Certifcate to extract information
|
|
|
|
* @param $key Return just that index
|
|
|
|
*/
|
|
|
|
private function _details($key=NULL) {
|
|
|
|
if (! $this->cert)
|
|
|
|
return array();
|
|
|
|
|
|
|
|
if (! $this->_details)
|
|
|
|
$this->_details = openssl_x509_parse($this->cert);
|
|
|
|
|
|
|
|
return is_null($key) ? $this->_details : (isset($this->_details[$key]) ? $this->_details[$key] : array());
|
2012-12-11 08:48:30 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
/**
|
|
|
|
* Parse our Sign Certifcate Extensions to extract information
|
|
|
|
* @param $key Return just that index
|
|
|
|
*/
|
|
|
|
private function _extensions($key=NULL) {
|
|
|
|
$return = $this->_details('extensions');
|
|
|
|
|
|
|
|
return is_null($key) ? $return : (isset($return[$key]) ? $return[$key] : '');
|
|
|
|
}
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
/**
|
|
|
|
* Render a DN array as a string
|
|
|
|
*/
|
|
|
|
private function _dn(array $array) {
|
|
|
|
$return = '';
|
|
|
|
$i = 0;
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
foreach ($array as $k=>$v) {
|
|
|
|
if ($i++)
|
|
|
|
$return .= ',';
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
$return .= sprintf('%s=%s',$k,$v);
|
2012-05-09 00:59:08 +10:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
return $return;
|
2012-05-09 00:59:08 +10:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_aki_dirname() {
|
|
|
|
return $this->_aki('dirname');
|
|
|
|
}
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_aki_keyid() {
|
|
|
|
return $this->_aki('keyid');
|
|
|
|
}
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_aki_serial() {
|
|
|
|
return $this->_aki('serial');
|
|
|
|
}
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_algorithm() {
|
|
|
|
$e = '';
|
|
|
|
openssl_x509_export(openssl_x509_read($this->cert),$e,FALSE);
|
2012-05-09 00:59:08 +10:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
// @todo There must be a nice way to get this?
|
|
|
|
return (preg_match('/^\s+Signature Algorithm:\s*(.*)\s*$/m',$e,$match)) ? $match[1] : _('Unknown');
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_ca_path_len() {
|
|
|
|
$m = array();
|
|
|
|
$x = preg_match('/.*pathlen:\s*([0-9]+).*$/',$this->_bc(),$m);
|
|
|
|
|
|
|
|
return isset($m[1]) ? (int)$m[1] : 0;
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_dn() {
|
|
|
|
return $this->_dn($this->_details('subject'));
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_hash() {
|
|
|
|
return $this->_details('hash');
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_isCA() {
|
|
|
|
return preg_match('/CA:TRUE/',$this->_bc());
|
2012-12-11 08:48:30 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_isCert() {
|
|
|
|
return is_array($this->_details());
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_isRoot() {
|
|
|
|
return $this->get_aki_keyid() == $this->get_ski();
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_issuer() {
|
|
|
|
$k = $this->_details('issuer');
|
|
|
|
|
|
|
|
return isset($k['CN']) ? $k['CN'] : '';
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_issuerdn() {
|
|
|
|
return $this->_dn($this->_details('issuer'));
|
2012-12-11 08:48:30 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_serial() {
|
|
|
|
return $this->_dec_to_hex($this->_details('serialNumber'));
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_subject() {
|
|
|
|
$k = $this->_details('subject');
|
2011-12-17 10:31:35 +11:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
return isset($k['CN']) ? $k['CN'] : '';
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
2012-12-11 08:48:30 +11:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_ski() {
|
|
|
|
return $this->_extensions('subjectKeyIdentifier');
|
|
|
|
}
|
2012-12-11 08:48:30 +11:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_valid_to($format=FALSE) {
|
|
|
|
$k = $this->_details('validTo_time_t');
|
2012-12-11 08:48:30 +11:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
return $format ? Config::date($k) : $k;
|
|
|
|
}
|
2012-12-11 08:48:30 +11:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_valid_from($format=FALSE) {
|
|
|
|
$k = $this->_details('validFrom_time_t');
|
|
|
|
|
|
|
|
return $format ? Config::date($k) : $k;
|
|
|
|
}
|
2012-12-11 08:48:30 +11:00
|
|
|
|
2012-12-19 17:28:39 +11:00
|
|
|
public function get_version() {
|
|
|
|
return $this->_details('version');
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function xexpire($cert,$format=FALSE) {
|
|
|
|
return static::instance($cert)->get_expire($format);
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function subject($cert) {
|
|
|
|
return static::instance($cert)->get_subject();
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function csrsubject($csr) {
|
|
|
|
$c = openssl_csr_get_subject($csr);
|
|
|
|
|
|
|
|
return $c['CN'];
|
|
|
|
}
|
2011-12-17 10:31:35 +11:00
|
|
|
}
|
|
|
|
?>
|