phpseclib API Documentation
Class

File_X509

class File_X509

Pure-PHP X.509 Parser

Properties

array $Certificate ASN.1 syntax for X.509 certificates
$DirectoryString
$PKCS9String
$AttributeValue
$Extensions
$KeyUsage
$ExtKeyUsageSyntax
$BasicConstraints
$KeyIdentifier
$CRLDistributionPoints
$AuthorityKeyIdentifier
$CertificatePolicies
$AuthorityInfoAccessSyntax
$SubjectAltName
$SubjectDirectoryAttributes
$PrivateKeyUsagePeriod
$IssuerAltName
$PolicyMappings
$NameConstraints
$CPSuri
$UserNotice
$netscape_cert_type
$netscape_comment
$netscape_ca_policy_url
$Name
$RelativeDistinguishedName
$CRLNumber
$CRLReason
$IssuingDistributionPoint
$InvalidityDate
$CertificateIssuer
$HoldInstructionCode
$SignedPublicKeyAndChallenge
$PostalAddress
array $CertificationRequest ASN.1 syntax for Certificate Signing Requests (RFC2986)
array $CertificateList ASN.1 syntax for Certificate Revocation Lists (RFC5280)
array $dn Distinguished Name
string $publicKey Public key
string $privateKey Private key
array $oids Object identifiers for X.509 certificates
array $CAs The certificate authorities
array $currentCert The currently loaded certificate
string $signatureSubject The signature subject
string $startDate Certificate Start Date
string $endDate Certificate End Date
string $serialNumber Serial Number
string $currentKeyIdentifier Key Identifier
bool $caFlag CA Flag
string $challenge SPKAC Challenge
int $recur_limit Recursion Limit
bool $disable_url_fetch URL fetch flag

Methods

File_X509 __construct()

Default Constructor.

File_X509()

PHP4 compatible Default Constructor.

mixed loadX509(string $cert, int $mode = FILE_X509_FORMAT_AUTO_DETECT)

Load X.509 certificate

string saveX509(array $cert, int $format = FILE_X509_FORMAT_PEM)

Save X.509 certificate

_mapInExtensions(array $root, string $path, object $asn1)

Map extension values from octet string to extension-specific internal format.

_mapOutExtensions(array $root, string $path, object $asn1)

Map extension values from extension-specific internal format to octet string.

_mapInAttributes(array $root, string $path, object $asn1)

Map attribute values from ANY type to attribute-specific internal format.

_mapOutAttributes(array $root, string $path, object $asn1)

Map attribute values from attribute-specific internal format to ANY type.

_mapInDNs(array $root, string $path, object $asn1)

Map DN values from ANY type to DN-specific internal format.

_mapOutDNs(array $root, string $path, object $asn1)

Map DN values from DN-specific internal format to ANY type.

mixed _getMapping(string $extnId)

Associate an extension ID to an extension mapping

bool loadCA(string $cert)

Load an X.509 certificate as a certificate authority

bool validateURL(string $url)

Validate an X.509 certificate against a URL

validateDate(DateTime|int|string $date = null)

Validate a date

bool|string _fetchURL(string $url)

Fetches a URL

bool _testForIntermediate(bool $caonly, int $count)

Validates an intermediate cert as identified via authority info access extension

mixed validateSignature(bool $caonly = true)

Validate a signature

mixed _validateSignatureCountable(bool $caonly, int $count)

Validate a signature

int _validateSignature(string $publicKeyAlgorithm, string $publicKey, string $signatureAlgorithm, string $signature, string $signatureSubject)

Validates a signature

setRecurLimit(int $count)

Sets the recursion limit

disableURLFetch()

Prevents URIs from being automatically retrieved

enableURLFetch()

Allows URIs to be automatically retrieved

string _reformatKey(string $algorithm, string $key)

Reformat public keys

string _decodeIP(string $ip)

Decodes an IP address

array _decodeNameConstraintIP(string $ip)

Decodes an IP address in a name constraints extension

string _encodeIP(string|array $ip)

Encodes an IP address

mixed _translateDNProp(string $propName)

"Normalizes" a Distinguished Name property

bool setDNProp(string $propName, mixed $propValue, string $type = 'utf8String')

Set a Distinguished Name property

removeDNProp(string $propName)

Remove Distinguished Name properties

mixed getDNProp(string $propName, array $dn = null, bool $withType = false)

Get Distinguished Name properties

bool setDN(mixed $dn, bool $merge = false, string $type = 'utf8String')

Set a Distinguished Name

bool getDN(mixed $format = FILE_X509_DN_ARRAY, array $dn = null)

Get the Distinguished Name for a certificates subject

mixed getIssuerDN(int $format = FILE_X509_DN_ARRAY)

Get the Distinguished Name for a certificate/crl issuer

mixed getSubjectDN(int $format = FILE_X509_DN_ARRAY)

Get the Distinguished Name for a certificate/csr subject Alias of getDN()

mixed getIssuerDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/crl issuer

mixed getSubjectDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/csr subject

mixed getChain()

Get the certificate chain for the current cert

bool setPublicKey(object $key)

Set public key

setPrivateKey(object $key)

Set private key

setChallenge(string $challenge)

Set challenge

mixed getPublicKey()

Gets the public key

mixed loadCSR($csr, $mode = FILE_X509_FORMAT_AUTO_DETECT)

Load a Certificate Signing Request

string saveCSR(array $csr, int $format = FILE_X509_FORMAT_PEM)

Save CSR request

mixed loadSPKAC($spkac)

Load a SPKAC CSR

string saveSPKAC($spkac, $format = FILE_X509_FORMAT_PEM)

Save a SPKAC CSR request

mixed loadCRL($crl, $mode = FILE_X509_FORMAT_AUTO_DETECT)

Load a Certificate Revocation List

string saveCRL(array $crl, int $format = FILE_X509_FORMAT_PEM)

Save Certificate Revocation List.

array _timeField(string $date)

Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.

mixed sign(File_X509 $issuer, File_X509 $subject, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign an X.509 certificate

mixed signCSR($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CSR

mixed signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a SPKAC

mixed signCRL(File_X509 $issuer, File_X509 $crl, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CRL

mixed _sign($key, $signatureAlgorithm)

X.509 certificate signing helper function.

setStartDate(string $date)

Set certificate start date

setEndDate(string $date)

Set certificate end date

setSerialNumber(string $serial, $base $base = -256)

Set Serial Number

makeCA()

Turns the certificate into a certificate authority

boolean _isSubArrayValid(array $root, string $path)

Check for validity of subarray

array|false _subArrayUnchecked(array $root, string $path, bool $create = false)

Get a reference to a subarray

array|false _subArray(array $root, string $path, bool $create = false)

Get a reference to a subarray

array|false _extensions(array $root, string $path = null, bool $create = false)

Get a reference to an extension subarray

bool _removeExtension(string $id, string $path = null)

Remove an Extension

mixed _getExtension(string $id, array $cert = null, string $path = null)

Get an Extension

array _getExtensions(array $cert = null, string $path = null)

Returns a list of all extensions in use

bool _setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true, string $path = null)

Set an Extension

bool removeExtension(string $id)

Remove a certificate, CSR or CRL Extension

mixed getExtension(string $id, array $cert = null)

Get a certificate, CSR or CRL Extension

array getExtensions(array $cert = null)

Returns a list of all extensions in use in certificate, CSR or CRL

bool setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a certificate, CSR or CRL Extension

bool removeAttribute(string $id, int $disposition = FILE_X509_ATTR_ALL)

Remove a CSR attribute.

mixed getAttribute(string $id, int $disposition = FILE_X509_ATTR_ALL, array $csr = null)

Get a CSR attribute

array getAttributes(array $csr = null)

Returns a list of all CSR attributes in use

bool setAttribute(string $id, mixed $value, bool $disposition = FILE_X509_ATTR_ALL)

Set a CSR attribute

setKeyIdentifier(string $value)

Sets the subject key identifier

string computeKeyIdentifier(mixed $key = null, int $method = 1)

Compute a public key identifier.

array _formatSubjectPublicKey()

Format a public key as appropriate

array setDomain()

Set the domain name's which the cert is to be valid for

setIPAddress()

Set the IP Addresses's which the cert is to be valid for

array _dnsName(string $domain)

Helper function to build domain array

array _iPAddress(string $address)

Helper function to build IP Address array

int|false _revokedCertificate(array $rclist, string $serial, bool $create = false)

Get the index of a revoked certificate.

bool revoke(string $serial, string $date = null)

Revoke a certificate.

bool unrevoke(string $serial)

Unrevoke a certificate.

mixed getRevoked(string $serial)

Get a revoked certificate.

array listRevoked(array $crl = null)

List revoked certificates

bool removeRevokedCertificateExtension(string $serial, string $id)

Remove a Revoked Certificate Extension

mixed getRevokedCertificateExtension(string $serial, string $id, array $crl = null)

Get a Revoked Certificate Extension

array getRevokedCertificateExtensions(string $serial, array $crl = null)

Returns a list of all extensions in use for a given revoked certificate

bool setRevokedCertificateExtension(string $serial, string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a Revoked Certificate Extension

string _extractBER(string $str)

Extract raw BER from Base64 encoding

string getOID($name)

Returns the OID corresponding to a name

Details

at line 345
public File_X509 __construct()

Default Constructor.

Return Value

File_X509

at line 1480
public File_X509()

PHP4 compatible Default Constructor.

See also

self::__construct()

at line 1495
public mixed loadX509(string $cert, int $mode = FILE_X509_FORMAT_AUTO_DETECT)

Load X.509 certificate

Returns an associative array describing the X.509 cert or a false if the cert failed to load

Parameters

string $cert
int $mode

Return Value

mixed

at line 1568
public string saveX509(array $cert, int $format = FILE_X509_FORMAT_PEM)

Save X.509 certificate

Parameters

array $cert
int $format optional

Return Value

string

at line 1646
public _mapInExtensions(array $root, string $path, object $asn1)

Map extension values from octet string to extension-specific internal format.

Parameters

array $root ref $root
string $path
object $asn1

at line 1699
public _mapOutExtensions(array $root, string $path, object $asn1)

Map extension values from extension-specific internal format to octet string.

Parameters

array $root ref $root
string $path
object $asn1

at line 1765
public _mapInAttributes(array $root, string $path, object $asn1)

Map attribute values from ANY type to attribute-specific internal format.

Parameters

array $root ref $root
string $path
object $asn1

at line 1806
public _mapOutAttributes(array $root, string $path, object $asn1)

Map attribute values from attribute-specific internal format to ANY type.

Parameters

array $root ref $root
string $path
object $asn1

at line 1849
public _mapInDNs(array $root, string $path, object $asn1)

Map DN values from ANY type to DN-specific internal format.

Parameters

array $root ref $root
string $path
object $asn1

at line 1879
public _mapOutDNs(array $root, string $path, object $asn1)

Map DN values from DN-specific internal format to ANY type.

Parameters

array $root ref $root
string $path
object $asn1

at line 1909
public mixed _getMapping(string $extnId)

Associate an extension ID to an extension mapping

Parameters

string $extnId

Return Value

mixed

at line 2017
public bool loadCA(string $cert)

Load an X.509 certificate as a certificate authority

Parameters

string $cert

Return Value

bool

at line 2084
public bool validateURL(string $url)

Validate an X.509 certificate against a URL

From RFC2818 "HTTP over TLS":

Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.

Parameters

string $url

Return Value

bool

at line 2143
public validateDate(DateTime|int|string $date = null)

Validate a date

If $date isn't defined it is assumed to be the current date.

Parameters

DateTime|int|string $date optional

at line 2191
public bool|string _fetchURL(string $url)

Fetches a URL

Parameters

string $url

Return Value

bool|string

at line 2243
public bool _testForIntermediate(bool $caonly, int $count)

Validates an intermediate cert as identified via authority info access extension

See https://tools.ietf.org/html/rfc4325 for more info

Parameters

bool $caonly
int $count

Return Value

bool

at line 2310
public mixed validateSignature(bool $caonly = true)

Validate a signature

Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error

By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed.

The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}.

Parameters

bool $caonly optional

Return Value

mixed

at line 2325
public mixed _validateSignatureCountable(bool $caonly, int $count)

Validate a signature

Performs said validation whilst keeping track of how many times validation method is called

Parameters

bool $caonly
int $count

Return Value

mixed

at line 2458
public int _validateSignature(string $publicKeyAlgorithm, string $publicKey, string $signatureAlgorithm, string $signature, string $signatureSubject)

Validates a signature

Returns true if the signature is verified, false if it is not correct or null on error

Parameters

string $publicKeyAlgorithm
string $publicKey
string $signatureAlgorithm
string $signature
string $signatureSubject

Return Value

int

at line 2503
public setRecurLimit(int $count)

Sets the recursion limit

When validating a signature it may be necessary to download intermediate certs from URI's. An intermediate cert that linked to itself would result in an infinite loop so to prevent that we set a recursion limit. A negative number means that there is no recursion limit.

Parameters

int $count

at line 2513
public disableURLFetch()

Prevents URIs from being automatically retrieved

at line 2523
public enableURLFetch()

Allows URIs to be automatically retrieved

at line 2538
public string _reformatKey(string $algorithm, string $key)

Reformat public keys

Reformats a public key to a format supported by phpseclib (if applicable)

Parameters

string $algorithm
string $key

Return Value

string

at line 2563
public string _decodeIP(string $ip)

Decodes an IP address

Takes in a base64 encoded "blob" and returns a human readable IP address

Parameters

string $ip

Return Value

string

at line 2579
public array _decodeNameConstraintIP(string $ip)

Decodes an IP address in a name constraints extension

Takes in a base64 encoded "blob" and returns a human readable IP address / mask

Parameters

string $ip

Return Value

array

at line 2595
public string _encodeIP(string|array $ip)

Encodes an IP address

Takes a human readable IP address into a base64-encoded "blob"

Parameters

string|array $ip

Return Value

string

at line 2609
public mixed _translateDNProp(string $propName)

"Normalizes" a Distinguished Name property

Parameters

string $propName

Return Value

mixed

at line 2703
public bool setDNProp(string $propName, mixed $propValue, string $type = 'utf8String')

Set a Distinguished Name property

Parameters

string $propName
mixed $propValue
string $type optional

Return Value

bool

at line 2734
public removeDNProp(string $propName)

Remove Distinguished Name properties

Parameters

string $propName

at line 2768
public mixed getDNProp(string $propName, array $dn = null, bool $withType = false)

Get Distinguished Name properties

Parameters

string $propName
array $dn optional
bool $withType optional

Return Value

mixed

at line 2832
public bool setDN(mixed $dn, bool $merge = false, string $type = 'utf8String')

Set a Distinguished Name

Parameters

mixed $dn
bool $merge optional
string $type optional

Return Value

bool

at line 2874
public bool getDN(mixed $format = FILE_X509_DN_ARRAY, array $dn = null)

Get the Distinguished Name for a certificates subject

Parameters

mixed $format optional
array $dn optional

Return Value

bool

at line 3025
public mixed getIssuerDN(int $format = FILE_X509_DN_ARRAY)

Get the Distinguished Name for a certificate/crl issuer

Parameters

int $format optional

Return Value

mixed

at line 3047
public mixed getSubjectDN(int $format = FILE_X509_DN_ARRAY)

Get the Distinguished Name for a certificate/csr subject Alias of getDN()

Parameters

int $format optional

Return Value

mixed

at line 3071
public mixed getIssuerDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/crl issuer

Parameters

string $propName
bool $withType optional

Return Value

mixed

at line 3093
public mixed getSubjectDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/csr subject

Parameters

string $propName
bool $withType optional

Return Value

mixed

at line 3115
public mixed getChain()

Get the certificate chain for the current cert

Return Value

mixed

at line 3163
public bool setPublicKey(object $key)

Set public key

Key needs to be a Crypt_RSA object

Parameters

object $key

Return Value

bool

at line 3177
public setPrivateKey(object $key)

Set private key

Key needs to be a Crypt_RSA object

Parameters

object $key

at line 3190
public setChallenge(string $challenge)

Set challenge

Used for SPKAC CSR's

Parameters

string $challenge

at line 3203
public mixed getPublicKey()

Gets the public key

Returns a Crypt_RSA object or a false.

Return Value

mixed

at line 3246
public mixed loadCSR($csr, $mode = FILE_X509_FORMAT_AUTO_DETECT)

Load a Certificate Signing Request

Parameters

$csr
$mode

Return Value

mixed

at line 3331
public string saveCSR(array $csr, int $format = FILE_X509_FORMAT_PEM)

Save CSR request

Parameters

array $csr
int $format optional

Return Value

string

at line 3386
public mixed loadSPKAC($spkac)

Load a SPKAC CSR

SPKAC's are produced by the HTML5 keygen element:

https://developer.mozilla.org/en-US/docs/HTML/Element/keygen

Parameters

$spkac

Return Value

mixed

at line 3461
public string saveSPKAC($spkac, $format = FILE_X509_FORMAT_PEM)

Save a SPKAC CSR request

Parameters

$spkac
$format

Return Value

string

at line 3503
public mixed loadCRL($crl, $mode = FILE_X509_FORMAT_AUTO_DETECT)

Load a Certificate Revocation List

Parameters

$crl
$mode

Return Value

mixed

at line 3573
public string saveCRL(array $crl, int $format = FILE_X509_FORMAT_PEM)

Save Certificate Revocation List.

Parameters

array $crl
int $format optional

Return Value

string

at line 3635
public array _timeField(string $date)

Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.

Parameters

string $date in format date('D, d M Y H:i:s O')

Return Value

array

at line 3666
public mixed sign(File_X509 $issuer, File_X509 $subject, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign an X.509 certificate

$issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set.

Parameters

File_X509 $issuer
File_X509 $subject
string $signatureAlgorithm optional

Return Value

mixed

at line 3856
public mixed signCSR($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CSR

Parameters

$signatureAlgorithm

Return Value

mixed

at line 3914
public mixed signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a SPKAC

Parameters

$signatureAlgorithm

Return Value

mixed

at line 3984
public mixed signCRL(File_X509 $issuer, File_X509 $crl, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CRL

$issuer's private key needs to be loaded.

Parameters

File_X509 $issuer
File_X509 $crl
string $signatureAlgorithm optional

Return Value

mixed

at line 4118
public mixed _sign($key, $signatureAlgorithm)

X.509 certificate signing helper function.

Parameters

$key
$signatureAlgorithm

Return Value

mixed

at line 4147
public setStartDate(string $date)

Set certificate start date

Parameters

string $date

at line 4163
public setEndDate(string $date)

Set certificate end date

Parameters

string $date

at line 4194
public setSerialNumber(string $serial, $base $base = -256)

Set Serial Number

Parameters

string $serial
$base $base optional

at line 4204
public makeCA()

Turns the certificate into a certificate authority

at line 4221
public boolean _isSubArrayValid(array $root, string $path)

Check for validity of subarray

This is intended for use in conjunction with subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to isarray().

Parameters

array $root
string $path

Return Value

boolean

at line 4258
public array|false _subArrayUnchecked(array $root, string $path, bool $create = false)

Get a reference to a subarray

This variant of subArray() does no isarray() checking, so $root should be checked with _isSubArrayValid() first.

This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive.

Parameters

array $root
string $path absolute path with / as component separator
bool $create optional

Return Value

array|false

at line 4286
public array|false _subArray(array $root, string $path, bool $create = false)

Get a reference to a subarray

Parameters

array $root
string $path absolute path with / as component separator
bool $create optional

Return Value

array|false

at line 4322
public array|false _extensions(array $root, string $path = null, bool $create = false)

Get a reference to an extension subarray

Parameters

array $root
string $path optional absolute path with / as component separator
bool $create optional

Return Value

array|false

at line 4376
public bool _removeExtension(string $id, string $path = null)

Remove an Extension

Parameters

string $id
string $path optional

Return Value

bool

at line 4411
public mixed _getExtension(string $id, array $cert = null, string $path = null)

Get an Extension

Returns the extension if it exists and false if not

Parameters

string $id
array $cert optional
string $path optional

Return Value

mixed

at line 4436
public array _getExtensions(array $cert = null, string $path = null)

Returns a list of all extensions in use

Parameters

array $cert optional
string $path optional

Return Value

array

at line 4461
public bool _setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true, string $path = null)

Set an Extension

Parameters

string $id
mixed $value
bool $critical optional
bool $replace optional
string $path optional

Return Value

bool

at line 4493
public bool removeExtension(string $id)

Remove a certificate, CSR or CRL Extension

Parameters

string $id

Return Value

bool

at line 4508
public mixed getExtension(string $id, array $cert = null)

Get a certificate, CSR or CRL Extension

Returns the extension if it exists and false if not

Parameters

string $id
array $cert optional

Return Value

mixed

at line 4520
public array getExtensions(array $cert = null)

Returns a list of all extensions in use in certificate, CSR or CRL

Parameters

array $cert optional

Return Value

array

at line 4535
public bool setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a certificate, CSR or CRL Extension

Parameters

string $id
mixed $value
bool $critical optional
bool $replace optional

Return Value

bool

at line 4548
public bool removeAttribute(string $id, int $disposition = FILE_X509_ATTR_ALL)

Remove a CSR attribute.

Parameters

string $id
int $disposition optional

Return Value

bool

at line 4599
public mixed getAttribute(string $id, int $disposition = FILE_X509_ATTR_ALL, array $csr = null)

Get a CSR attribute

Returns the attribute if it exists and false if not

Parameters

string $id
int $disposition optional
array $csr optional

Return Value

mixed

at line 4639
public array getAttributes(array $csr = null)

Returns a list of all CSR attributes in use

Parameters

array $csr optional

Return Value

array

at line 4666
public bool setAttribute(string $id, mixed $value, bool $disposition = FILE_X509_ATTR_ALL)

Set a CSR attribute

Parameters

string $id
mixed $value
bool $disposition optional

Return Value

bool

at line 4721
public setKeyIdentifier(string $value)

Sets the subject key identifier

This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.

Parameters

string $value

at line 4748
public string computeKeyIdentifier(mixed $key = null, int $method = 1)

Compute a public key identifier.

Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key: - Key object - FileX509 object with public or private key defined - Certificate or CSR array - FileASN1_Element object - PEM or DER string

Parameters

mixed $key optional
int $method optional

Return Value

string binary key identifier

at line 4828
public array _formatSubjectPublicKey()

Format a public key as appropriate

Return Value

array

at line 4854
public array setDomain()

Set the domain name's which the cert is to be valid for

Return Value

array

at line 4867
public setIPAddress()

Set the IP Addresses's which the cert is to be valid for

at line 4885
public array _dnsName(string $domain)

Helper function to build domain array

Parameters

string $domain

Return Value

array

at line 4899
public array _iPAddress(string $address)

Helper function to build IP Address array

(IPv6 is not currently supported)

Parameters

string $address

Return Value

array

at line 4913
public int|false _revokedCertificate(array $rclist, string $serial, bool $create = false)

Get the index of a revoked certificate.

Parameters

array $rclist
string $serial
bool $create optional

Return Value

int|false

at line 4948
public bool revoke(string $serial, string $date = null)

Revoke a certificate.

Parameters

string $serial
string $date optional

Return Value

bool

at line 4974
public bool unrevoke(string $serial)

Unrevoke a certificate.

Parameters

string $serial

Return Value

bool

at line 4994
public mixed getRevoked(string $serial)

Get a revoked certificate.

Parameters

string $serial

Return Value

mixed

at line 5012
public array listRevoked(array $crl = null)

List revoked certificates

Parameters

array $crl optional

Return Value

array

at line 5041
public bool removeRevokedCertificateExtension(string $serial, string $id)

Remove a Revoked Certificate Extension

Parameters

string $serial
string $id

Return Value

bool

at line 5063
public mixed getRevokedCertificateExtension(string $serial, string $id, array $crl = null)

Get a Revoked Certificate Extension

Returns the extension if it exists and false if not

Parameters

string $serial
string $id
array $crl optional

Return Value

mixed

at line 5086
public array getRevokedCertificateExtensions(string $serial, array $crl = null)

Returns a list of all extensions in use for a given revoked certificate

Parameters

string $serial
array $crl optional

Return Value

array

at line 5112
public bool setRevokedCertificateExtension(string $serial, string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a Revoked Certificate Extension

Parameters

string $serial
string $id
mixed $value
bool $critical optional
bool $replace optional

Return Value

bool

at line 5132
public string _extractBER(string $str)

Extract raw BER from Base64 encoding

Parameters

string $str

Return Value

string

at line 5170
public string getOID($name)

Returns the OID corresponding to a name

What's returned in the associative array returned by loadX509() (or load*()) is either a name or an OID if no OID to name mapping is available. The problem with this is that what may be an unmapped OID in one version of phpseclib may not be unmapped in the next version, so apps that are looking at this OID may not be able to work from version to version.

This method will return the OID if a name is passed to it and if no mapping is avialable it'll assume that what's being passed to it already is an OID and return that instead. A few examples.

getOID('2.16.840.1.101.3.4.2.1') == '2.16.840.1.101.3.4.2.1' getOID('id-sha256') == '2.16.840.1.101.3.4.2.1' getOID('zzz') == 'zzz'

Parameters

$name

Return Value

string