1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
<?php
/*
* This file is part of the PHPASN1 library.
*
* Copyright © Friedrich Große <friedrich.grosse@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace FG\X509;
use FG\ASN1\Exception\ParserException;
use FG\ASN1\OID;
use FG\ASN1\ASNObject;
use FG\ASN1\Parsable;
use FG\ASN1\Identifier;
use FG\ASN1\Universal\OctetString;
use FG\ASN1\Universal\Set;
use FG\ASN1\Universal\Sequence;
use FG\ASN1\Universal\ObjectIdentifier;
use FG\X509\SAN\SubjectAlternativeNames;
class CertificateExtensions extends Set implements Parsable
{
private $innerSequence;
private $extensions = [];
public function __construct()
{
$this->innerSequence = new Sequence();
parent::__construct($this->innerSequence);
}
public function addSubjectAlternativeNames(SubjectAlternativeNames $sans)
{
$this->addExtension(OID::CERT_EXT_SUBJECT_ALT_NAME, $sans);
}
private function addExtension($oidString, ASNObject $extension)
{
$sequence = new Sequence();
$sequence->addChild(new ObjectIdentifier($oidString));
$sequence->addChild($extension);
$this->innerSequence->addChild($sequence);
$this->extensions[] = $extension;
}
public function getContent()
{
return $this->extensions;
}
public static function fromBinary(&$binaryData, &$offsetIndex = 0)
{
self::parseIdentifier($binaryData[$offsetIndex], Identifier::SET, $offsetIndex++);
self::parseContentLength($binaryData, $offsetIndex);
$tmpOffset = $offsetIndex;
$extensions = Sequence::fromBinary($binaryData, $offsetIndex);
$tmpOffset += 1 + $extensions->getNumberOfLengthOctets();
$parsedObject = new self();
foreach ($extensions as $extension) {
if ($extension->getType() != Identifier::SEQUENCE) {
//FIXME wrong offset index
throw new ParserException('Could not parse Certificate Extensions: Expected ASN.1 Sequence but got '.$extension->getTypeName(), $offsetIndex);
}
$tmpOffset += 1 + $extension->getNumberOfLengthOctets();
$children = $extension->getChildren();
if (count($children) < 2) {
throw new ParserException('Could not parse Certificate Extensions: Needs at least two child elements per extension sequence (object identifier and octet string)', $tmpOffset);
}
/** @var \FG\ASN1\ASNObject $objectIdentifier */
$objectIdentifier = $children[0];
/** @var OctetString $octetString */
$octetString = $children[1];
if ($objectIdentifier->getType() != Identifier::OBJECT_IDENTIFIER) {
throw new ParserException('Could not parse Certificate Extensions: Expected ASN.1 Object Identifier but got '.$extension->getTypeName(), $tmpOffset);
}
$tmpOffset += $objectIdentifier->getObjectLength();
if ($objectIdentifier->getContent() == OID::CERT_EXT_SUBJECT_ALT_NAME) {
$sans = SubjectAlternativeNames::fromBinary($binaryData, $tmpOffset);
$parsedObject->addSubjectAlternativeNames($sans);
} else {
// can now only parse SANs. There might be more in the future
$tmpOffset += $octetString->getObjectLength();
}
}
$parsedObject->getBinary(); // Determine the number of content octets and object sizes once (just to let the equality unit tests pass :/ )
return $parsedObject;
}
}
|
