This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.

220 lines
4.6 KiB
PHP
Raw Normal View History

2011-12-17 10:31:35 +11:00
<?php defined('SYSPATH') or die('No direct access allowed.');
/**
* This class is for access to SSL information
*
* @package OSB
2012-12-19 17:28:39 +11:00
* @subpackage SSL
2011-12-17 10:31:35 +11:00
* @category Helpers
* @author Deon George
* @copyright (c) 2010 Open Source Billing
* @license http://dev.osbill.net/license.html
*/
class SSL {
2012-12-19 17:28:39 +11:00
private $cert = '';
private $_details = array();
2011-12-17 10:31:35 +11:00
2012-12-19 17:28:39 +11:00
public function __construct($cert) {
$this->cert = $cert;
}
2012-12-19 17:28:39 +11:00
public static function instance($cert) {
return new SSL($cert);
}
2012-12-19 17:28:39 +11:00
/**
* This function will convert a large decimal number into hex
* @param $number Large decimal number
*/
private static function _dec_to_hex($number) {
$hex = array();
2012-12-19 17:28:39 +11:00
if ($number == 0)
return '00';
2012-12-19 17:28:39 +11:00
while ($number > 0) {
if ($number == 0) {
array_push($hex, '0');
2012-12-19 17:28:39 +11:00
} else {
$x = (int) ($number/16);
array_push($hex,strtoupper(dechex((int)($number-($x*16)))));
$number = $x;
}
}
2012-12-19 17:28:39 +11:00
return preg_replace('/^:/','',preg_replace('/(..)/',":$1",implode(array_reverse($hex))));
}
2012-12-19 17:28:39 +11:00
/**
* Parse our AuthorityKeyIndentifier Extension to extract information
* @param $key Return just that index
*/
private function _aki($key=NULL) {
$return = array();
$aki = $this->_extensions('authorityKeyIdentifier');
if (! $aki)
return '';
foreach (explode("\n",preg_replace("/\n$/",'',$aki)) as $x) {
if (! $x)
continue;
if (strstr($x,':')) {
list($a,$b) = explode(':',$x,2);
$return[strtolower($a)] = $b;
}
}
return is_null($key) ? $return : (isset($return[$key]) ? $return[$key] : '');
}
2012-12-19 17:28:39 +11:00
private function _bc() {
return $this->_extensions('basicConstraints');
}
2012-12-19 17:28:39 +11:00
/**
* Parse our Sign Certifcate to extract information
* @param $key Return just that index
*/
private function _details($key=NULL) {
if (! $this->cert)
return array();
if (! $this->_details)
$this->_details = openssl_x509_parse($this->cert);
return is_null($key) ? $this->_details : (isset($this->_details[$key]) ? $this->_details[$key] : array());
}
2012-12-19 17:28:39 +11:00
/**
* Parse our Sign Certifcate Extensions to extract information
* @param $key Return just that index
*/
private function _extensions($key=NULL) {
$return = $this->_details('extensions');
return is_null($key) ? $return : (isset($return[$key]) ? $return[$key] : '');
}
2012-12-19 17:28:39 +11:00
/**
* Render a DN array as a string
*/
private function _dn(array $array) {
$return = '';
$i = 0;
2012-12-19 17:28:39 +11:00
foreach ($array as $k=>$v) {
if ($i++)
$return .= ',';
2012-12-19 17:28:39 +11:00
$return .= sprintf('%s=%s',$k,$v);
}
2012-12-19 17:28:39 +11:00
return $return;
}
2012-12-19 17:28:39 +11:00
public function get_aki_dirname() {
return $this->_aki('dirname');
}
2012-12-19 17:28:39 +11:00
public function get_aki_keyid() {
return $this->_aki('keyid');
}
2012-12-19 17:28:39 +11:00
public function get_aki_serial() {
return $this->_aki('serial');
}
2012-12-19 17:28:39 +11:00
public function get_algorithm() {
$e = '';
openssl_x509_export(openssl_x509_read($this->cert),$e,FALSE);
2012-12-19 17:28:39 +11:00
// @todo There must be a nice way to get this?
return (preg_match('/^\s+Signature Algorithm:\s*(.*)\s*$/m',$e,$match)) ? $match[1] : _('Unknown');
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_ca_path_len() {
$m = array();
$x = preg_match('/.*pathlen:\s*([0-9]+).*$/',$this->_bc(),$m);
return isset($m[1]) ? (int)$m[1] : 0;
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_dn() {
return $this->_dn($this->_details('subject'));
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_hash() {
return $this->_details('hash');
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_isCA() {
return preg_match('/CA:TRUE/',$this->_bc());
}
2012-12-19 17:28:39 +11:00
public function get_isCert() {
return is_array($this->_details());
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_isRoot() {
return $this->get_aki_keyid() == $this->get_ski();
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_issuer() {
$k = $this->_details('issuer');
return isset($k['CN']) ? $k['CN'] : '';
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_issuerdn() {
return $this->_dn($this->_details('issuer'));
}
2012-12-19 17:28:39 +11:00
public function get_serial() {
return $this->_dec_to_hex($this->_details('serialNumber'));
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_subject() {
$k = $this->_details('subject');
2011-12-17 10:31:35 +11:00
2012-12-19 17:28:39 +11:00
return isset($k['CN']) ? $k['CN'] : '';
2011-12-17 10:31:35 +11:00
}
2012-12-19 17:28:39 +11:00
public function get_ski() {
return $this->_extensions('subjectKeyIdentifier');
}
2012-12-19 17:28:39 +11:00
public function get_valid_to($format=FALSE) {
$k = $this->_details('validTo_time_t');
2012-12-19 17:28:39 +11:00
return $format ? Config::date($k) : $k;
}
2012-12-19 17:28:39 +11:00
public function get_valid_from($format=FALSE) {
$k = $this->_details('validFrom_time_t');
return $format ? Config::date($k) : $k;
}
2012-12-19 17:28:39 +11:00
public function get_version() {
return $this->_details('version');
}
public static function xexpire($cert,$format=FALSE) {
return static::instance($cert)->get_expire($format);
}
public static function subject($cert) {
return static::instance($cert)->get_subject();
}
public static function csrsubject($csr) {
$c = openssl_csr_get_subject($csr);
return $c['CN'];
}
2011-12-17 10:31:35 +11:00
}
?>