<?php defined('SYSPATH') or die('No direct access allowed.');

/**
 * This class is for access to SSL information
 *
 * @package    OSB
 * @subpackage System
 * @category   Helpers
 * @author     Deon George
 * @copyright  (c) 2010 Open Source Billing
 * @license    http://dev.osbill.net/license.html
 */
class SSL {
	public static function instance() {
		return new SSL;
	}

	public static function details($cert,$key=NULL) {
		$k = openssl_x509_parse($cert);

		return is_null($key) ? $k : $k[$key];
	}

	public static function algorithm($cert,$key=NULL) {
		if (! $cert)
			return '';

		$r = openssl_x509_read($cert);
		openssl_x509_export($r,$e,FALSE);

		// @todo There must be a nice way to get this?
		if (preg_match('/^\s+Signature Algorithm:\s*(.*)\s*$/m',$e,$match))
			return $match[1];
		else
			return _('Unknown');
	}

	public static function aki($cert,$key=NULL) {
		$k = array();
		foreach (explode("\n",preg_replace("/\n$/",'',static::extensions($cert,'authorityKeyIdentifier'))) as $x) {
			list($a,$b) = explode(":",$x,2);
			$k[strtolower($a)] = $b;
		}

		return is_null($key) ? $k : $k[$key];
	}

	public static function aki_keyid($key) {
		return static::aki($key,'keyid');
	}

	public static function aki_dirname($key) {
		return static::aki($key,'dirname');
	}

	public static function aki_serial($key) {
		return static::aki($key,'serial');
	}

	public static function dn($cert) {
		if (! $cert)
			return '';

		$s = '';

		$c = 0;
		foreach (static::details($cert,'subject') as $k=>$v) {
			if ($c++)
				$s .= ',';

			$s .= sprintf('%s=%s',$k,$v);
		}

		return $s;
	}

	public static function dnissuer($cert) {
		if (! $cert)
			return '';

		$s = '';

		$c = 0;
		foreach (static::details($cert,'issuer') as $k=>$v) {
			if ($c++)
				$s .= ',';

			$s .= sprintf('%s=%s',$k,$v);
		}

		return $s;
	}

	public static function issuer($cert) {
		$k = static::details($cert,'issuer');
		return $k['CN'];
	}

	public static function from($cert,$format=FALSE) {
		$k = static::details($cert,'validFrom_time_t');
		return $format ? Config::date($k) : $k;
	}

	public static function expire($key,$format=FALSE) {
		$k = static::details($key,'validTo_time_t');
		return $format ? Config::date($k) : $k;
	}

	public static function extensions($cert,$key=NULL) {
		$k = static::details($cert,'extensions');
		return is_null($key) ? $k : $k[$key];
	}

	public static function hash($key) {
		return static::details($key,'hash');
	}

	public static function serial($key) {
		return static::dec_to_hex(static::details($key,'serialNumber'));
	}

	public static function subject($key) {
		$k = static::details($key,'subject');
		return $k['CN'];
	}

	public static function ski($key) {
		return static::extensions($key,'subjectKeyIdentifier');
	}

	public static function version($key) {
		return static::details($key,'version');
	}

	public static function csrsubject($csr) {
		$c = openssl_csr_get_subject($csr);

		return $c['CN'];
	}

       private static function dec_to_hex($number) {
                $hex = array();

                if ($number == 0)
                        return '00';

                while ($number > 0) {
                        if ($number == 0) {
                                array_push($hex, '0');

                        } else {
				$x = (int) ($number/16);
                                array_push($hex,strtoupper(dechex((int)($number-($x*16)))));
                                $number = $x;
                        }
                }

                return preg_replace('/^:/','',preg_replace('/(..)/',":$1",implode(array_reverse($hex))));
        }
}
?>