phpseclib API Documentation
Class

phpseclib\File\X509

class X509

Pure-PHP X.509 Parser

Constants

VALIDATE_SIGNATURE_BY_CA

Flag to only accept signatures signed by certificate authorities

Not really used anymore but retained all the same to suppress E_NOTICEs from old installs

DN_ARRAY

Return internal array representation

DN_STRING

Return string

DN_ASN1

Return ASN.1 name string

DN_OPENSSL

Return OpenSSL compatible array

DN_CANON

Return canonical ASN.1 RDNs string

DN_HASH

Return name hash for file indexing

FORMAT_PEM

Save as PEM

ie. a base64-encoded PEM with a header and a footer

FORMAT_DER

Save as DER

FORMAT_SPKAC

Save as a SPKAC

Only works on CSRs. Not currently supported.

FORMAT_AUTO_DETECT

Auto-detect the format

Used only by the load*() functions

ATTR_ALL

Attribute value disposition.

If disposition is >= 0, this is the index of the target value.

ATTR_APPEND

ATTR_REPLACE

Properties

array $Certificate ASN.1 syntax for X.509 certificates
$DirectoryString
$PKCS9String
$AttributeValue
$Extensions
$KeyUsage
$ExtKeyUsageSyntax
$BasicConstraints
$KeyIdentifier
$CRLDistributionPoints
$AuthorityKeyIdentifier
$CertificatePolicies
$AuthorityInfoAccessSyntax
$SubjectAltName
$SubjectDirectoryAttributes
$PrivateKeyUsagePeriod
$IssuerAltName
$PolicyMappings
$NameConstraints
$CPSuri
$UserNotice
$netscape_cert_type
$netscape_comment
$netscape_ca_policy_url
$Name
$RelativeDistinguishedName
$CRLNumber
$CRLReason
$IssuingDistributionPoint
$InvalidityDate
$CertificateIssuer
$HoldInstructionCode
$SignedPublicKeyAndChallenge
$PostalAddress
array $CertificationRequest ASN.1 syntax for Certificate Signing Requests (RFC2986)
array $CertificateList ASN.1 syntax for Certificate Revocation Lists (RFC5280)
array $dn Distinguished Name
string $publicKey Public key
string $privateKey Private key
array $oids Object identifiers for X.509 certificates
array $CAs The certificate authorities
array $currentCert The currently loaded certificate
string $signatureSubject The signature subject
string $startDate Certificate Start Date
string $endDate Certificate End Date
string $serialNumber Serial Number
string $currentKeyIdentifier Key Identifier
bool $caFlag CA Flag
string $challenge SPKAC Challenge

Methods

X509 __construct()

Default Constructor.

mixed loadX509(string $cert, int $mode = self::FORMAT_AUTO_DETECT)

Load X.509 certificate

string saveX509(array $cert, int $format = self::FORMAT_PEM)

Save X.509 certificate

_mapInExtensions(array $root, string $path, object $asn1)

Map extension values from octet string to extension-specific internal format.

_mapOutExtensions(array $root, string $path, object $asn1)

Map extension values from extension-specific internal format to octet string.

_mapInAttributes(array $root, string $path, object $asn1)

Map attribute values from ANY type to attribute-specific internal format.

_mapOutAttributes(array $root, string $path, object $asn1)

Map attribute values from attribute-specific internal format to ANY type.

_mapInDNs(array $root, string $path, object $asn1)

Map DN values from ANY type to DN-specific internal format.

_mapOutDNs(array $root, string $path, object $asn1)

Map DN values from DN-specific internal format to ANY type.

mixed _getMapping(string $extnId)

Associate an extension ID to an extension mapping

bool loadCA(string $cert)

Load an X.509 certificate as a certificate authority

bool validateURL(string $url)

Validate an X.509 certificate against a URL

validateDate(DateTime|string $date = null)

Validate a date

bool _testForIntermediate(bool $caonly, int $count)

Validates an intermediate cert as identified via authority info access extension

mixed validateSignature(bool $caonly = true)

Validate a signature

mixed _validateSignatureCountable(bool $caonly, int $count)

Validate a signature

int _validateSignature(string $publicKeyAlgorithm, string $publicKey, string $signatureAlgorithm, string $signature, string $signatureSubject)

Validates a signature

string _reformatKey(string $algorithm, string $key)

Reformat public keys

string _decodeIP(string $ip)

Decodes an IP address

array _decodeNameConstraintIP(string $ip)

Decodes an IP address in a name constraints extension

string _encodeIP(string|array $ip)

Encodes an IP address

mixed _translateDNProp(string $propName)

"Normalizes" a Distinguished Name property

bool setDNProp(string $propName, mixed $propValue, string $type = 'utf8String')

Set a Distinguished Name property

removeDNProp(string $propName)

Remove Distinguished Name properties

mixed getDNProp(string $propName, array $dn = null, bool $withType = false)

Get Distinguished Name properties

bool setDN(mixed $dn, bool $merge = false, string $type = 'utf8String')

Set a Distinguished Name

bool getDN(mixed $format = self::DN_ARRAY, array $dn = null)

Get the Distinguished Name for a certificates subject

mixed getIssuerDN(int $format = self::DN_ARRAY)

Get the Distinguished Name for a certificate/crl issuer

mixed getSubjectDN(int $format = self::DN_ARRAY)

Get the Distinguished Name for a certificate/csr subject Alias of getDN()

mixed getIssuerDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/crl issuer

mixed getSubjectDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/csr subject

mixed getChain()

Get the certificate chain for the current cert

bool setPublicKey(object $key)

Set public key

setPrivateKey(object $key)

Set private key

setChallenge(string $challenge)

Set challenge

mixed getPublicKey()

Gets the public key

mixed loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT)

Load a Certificate Signing Request

string saveCSR(array $csr, int $format = self::FORMAT_PEM)

Save CSR request

mixed loadSPKAC($spkac)

Load a SPKAC CSR

string saveSPKAC($spkac, $format = self::FORMAT_PEM)

Save a SPKAC CSR request

mixed loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT)

Load a Certificate Revocation List

string saveCRL(array $crl, int $format = self::FORMAT_PEM)

Save Certificate Revocation List.

array _timeField(string $date)

Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.

mixed sign(X509 $issuer, X509 $subject, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign an X.509 certificate

mixed signCSR($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CSR

mixed signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a SPKAC

mixed signCRL(X509 $issuer, X509 $crl, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CRL

mixed _sign($key, $signatureAlgorithm)

X.509 certificate signing helper function.

setStartDate(string $date)

Set certificate start date

setEndDate(string $date)

Set certificate end date

setSerialNumber(string $serial, $base $base = -256)

Set Serial Number

makeCA()

Turns the certificate into a certificate authority

boolean _isSubArrayValid(array $root, string $path)

Check for validity of subarray

array|false _subArrayUnchecked(array $root, string $path, bool $create = false)

Get a reference to a subarray

array|false _subArray(array $root, string $path, bool $create = false)

Get a reference to a subarray

array|false _extensions(array $root, string $path = null, bool $create = false)

Get a reference to an extension subarray

bool _removeExtension(string $id, string $path = null)

Remove an Extension

mixed _getExtension(string $id, array $cert = null, string $path = null)

Get an Extension

array _getExtensions(array $cert = null, string $path = null)

Returns a list of all extensions in use

bool _setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true, string $path = null)

Set an Extension

bool removeExtension(string $id)

Remove a certificate, CSR or CRL Extension

mixed getExtension(string $id, array $cert = null)

Get a certificate, CSR or CRL Extension

array getExtensions(array $cert = null)

Returns a list of all extensions in use in certificate, CSR or CRL

bool setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a certificate, CSR or CRL Extension

bool removeAttribute(string $id, int $disposition = self::ATTR_ALL)

Remove a CSR attribute.

mixed getAttribute(string $id, int $disposition = self::ATTR_ALL, array $csr = null)

Get a CSR attribute

array getAttributes(array $csr = null)

Returns a list of all CSR attributes in use

bool setAttribute(string $id, mixed $value, bool $disposition = self::ATTR_ALL)

Set a CSR attribute

setKeyIdentifier(string $value)

Sets the subject key identifier

string computeKeyIdentifier(mixed $key = null, int $method = 1)

Compute a public key identifier.

array _formatSubjectPublicKey()

Format a public key as appropriate

array setDomain()

Set the domain name's which the cert is to be valid for

setIPAddress()

Set the IP Addresses's which the cert is to be valid for

array _dnsName(string $domain)

Helper function to build domain array

array _iPAddress(string $address)

Helper function to build IP Address array

int|false _revokedCertificate(array $rclist, string $serial, bool $create = false)

Get the index of a revoked certificate.

bool revoke(string $serial, string $date = null)

Revoke a certificate.

bool unrevoke(string $serial)

Unrevoke a certificate.

mixed getRevoked(string $serial)

Get a revoked certificate.

array listRevoked(array $crl = null)

List revoked certificates

bool removeRevokedCertificateExtension(string $serial, string $id)

Remove a Revoked Certificate Extension

mixed getRevokedCertificateExtension(string $serial, string $id, array $crl = null)

Get a Revoked Certificate Extension

array getRevokedCertificateExtensions(string $serial, array $crl = null)

Returns a list of all extensions in use for a given revoked certificate

bool setRevokedCertificateExtension(string $serial, string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a Revoked Certificate Extension

string _extractBER(string $str)

Extract raw BER from Base64 encoding

string getOID($name)

Returns the OID corresponding to a name

Details

at line 330
public X509 __construct()

Default Constructor.

Return Value

X509

at line 1465
public mixed loadX509(string $cert, int $mode = self::FORMAT_AUTO_DETECT)

Load X.509 certificate

Returns an associative array describing the X.509 cert or a false if the cert failed to load

Parameters

string $cert
int $mode

Return Value

mixed

at line 1538
public string saveX509(array $cert, int $format = self::FORMAT_PEM)

Save X.509 certificate

Parameters

array $cert
int $format optional

Return Value

string

at line 1616
public _mapInExtensions(array $root, string $path, object $asn1)

Map extension values from octet string to extension-specific internal format.

Parameters

array $root ref $root
string $path
object $asn1

at line 1669
public _mapOutExtensions(array $root, string $path, object $asn1)

Map extension values from extension-specific internal format to octet string.

Parameters

array $root ref $root
string $path
object $asn1

at line 1735
public _mapInAttributes(array $root, string $path, object $asn1)

Map attribute values from ANY type to attribute-specific internal format.

Parameters

array $root ref $root
string $path
object $asn1

at line 1776
public _mapOutAttributes(array $root, string $path, object $asn1)

Map attribute values from attribute-specific internal format to ANY type.

Parameters

array $root ref $root
string $path
object $asn1

at line 1819
public _mapInDNs(array $root, string $path, object $asn1)

Map DN values from ANY type to DN-specific internal format.

Parameters

array $root ref $root
string $path
object $asn1

at line 1849
public _mapOutDNs(array $root, string $path, object $asn1)

Map DN values from DN-specific internal format to ANY type.

Parameters

array $root ref $root
string $path
object $asn1

at line 1879
public mixed _getMapping(string $extnId)

Associate an extension ID to an extension mapping

Parameters

string $extnId

Return Value

mixed

at line 1987
public bool loadCA(string $cert)

Load an X.509 certificate as a certificate authority

Parameters

string $cert

Return Value

bool

at line 2054
public bool validateURL(string $url)

Validate an X.509 certificate against a URL

From RFC2818 "HTTP over TLS":

Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.

Parameters

string $url

Return Value

bool

at line 2113
public validateDate(DateTime|string $date = null)

Validate a date

If $date isn't defined it is assumed to be the current date.

Parameters

DateTime|string $date optional

at line 2208
public bool _testForIntermediate(bool $caonly, int $count)

Validates an intermediate cert as identified via authority info access extension

See https://tools.ietf.org/html/rfc4325 for more info

Parameters

bool $caonly
int $count

Return Value

bool

at line 2275
public mixed validateSignature(bool $caonly = true)

Validate a signature

Works on X.509 certs, CSR's and CRL's. Returns true if the signature is verified, false if it is not correct or null on error

By default returns false for self-signed certs. Call validateSignature(false) to make this support self-signed.

The behavior of this function is inspired by {@link http://php.net/openssl-verify openssl_verify}.

Parameters

bool $caonly optional

Return Value

mixed

at line 2290
public mixed _validateSignatureCountable(bool $caonly, int $count)

Validate a signature

Performs said validation whilst keeping track of how many times validation method is called

Parameters

bool $caonly
int $count

Return Value

mixed

at line 2423
public int _validateSignature(string $publicKeyAlgorithm, string $publicKey, string $signatureAlgorithm, string $signature, string $signatureSubject)

Validates a signature

Returns true if the signature is verified, false if it is not correct or null on error

Parameters

string $publicKeyAlgorithm
string $publicKey
string $signatureAlgorithm
string $signature
string $signatureSubject

Return Value

int

at line 2500
public string _reformatKey(string $algorithm, string $key)

Reformat public keys

Reformats a public key to a format supported by phpseclib (if applicable)

Parameters

string $algorithm
string $key

Return Value

string

at line 2525
public string _decodeIP(string $ip)

Decodes an IP address

Takes in a base64 encoded "blob" and returns a human readable IP address

Parameters

string $ip

Return Value

string

at line 2539
public array _decodeNameConstraintIP(string $ip)

Decodes an IP address in a name constraints extension

Takes in a base64 encoded "blob" and returns a human readable IP address / mask

Parameters

string $ip

Return Value

array

at line 2557
public string _encodeIP(string|array $ip)

Encodes an IP address

Takes a human readable IP address into a base64-encoded "blob"

Parameters

string|array $ip

Return Value

string

at line 2571
public mixed _translateDNProp(string $propName)

"Normalizes" a Distinguished Name property

Parameters

string $propName

Return Value

mixed

at line 2665
public bool setDNProp(string $propName, mixed $propValue, string $type = 'utf8String')

Set a Distinguished Name property

Parameters

string $propName
mixed $propValue
string $type optional

Return Value

bool

at line 2696
public removeDNProp(string $propName)

Remove Distinguished Name properties

Parameters

string $propName

at line 2730
public mixed getDNProp(string $propName, array $dn = null, bool $withType = false)

Get Distinguished Name properties

Parameters

string $propName
array $dn optional
bool $withType optional

Return Value

mixed

at line 2794
public bool setDN(mixed $dn, bool $merge = false, string $type = 'utf8String')

Set a Distinguished Name

Parameters

mixed $dn
bool $merge optional
string $type optional

Return Value

bool

at line 2836
public bool getDN(mixed $format = self::DN_ARRAY, array $dn = null)

Get the Distinguished Name for a certificates subject

Parameters

mixed $format optional
array $dn optional

Return Value

bool

at line 2984
public mixed getIssuerDN(int $format = self::DN_ARRAY)

Get the Distinguished Name for a certificate/crl issuer

Parameters

int $format optional

Return Value

mixed

at line 3006
public mixed getSubjectDN(int $format = self::DN_ARRAY)

Get the Distinguished Name for a certificate/csr subject Alias of getDN()

Parameters

int $format optional

Return Value

mixed

at line 3030
public mixed getIssuerDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/crl issuer

Parameters

string $propName
bool $withType optional

Return Value

mixed

at line 3052
public mixed getSubjectDNProp(string $propName, bool $withType = false)

Get an individual Distinguished Name property for a certificate/csr subject

Parameters

string $propName
bool $withType optional

Return Value

mixed

at line 3074
public mixed getChain()

Get the certificate chain for the current cert

Return Value

mixed

at line 3122
public bool setPublicKey(object $key)

Set public key

Key needs to be a \phpseclib\Crypt\RSA object

Parameters

object $key

Return Value

bool

at line 3136
public setPrivateKey(object $key)

Set private key

Key needs to be a \phpseclib\Crypt\RSA object

Parameters

object $key

at line 3149
public setChallenge(string $challenge)

Set challenge

Used for SPKAC CSR's

Parameters

string $challenge

at line 3162
public mixed getPublicKey()

Gets the public key

Returns a \phpseclib\Crypt\RSA object or a false.

Return Value

mixed

at line 3202
public mixed loadCSR($csr, $mode = self::FORMAT_AUTO_DETECT)

Load a Certificate Signing Request

Parameters

$csr
$mode

Return Value

mixed

at line 3284
public string saveCSR(array $csr, int $format = self::FORMAT_PEM)

Save CSR request

Parameters

array $csr
int $format optional

Return Value

string

at line 3339
public mixed loadSPKAC($spkac)

Load a SPKAC CSR

SPKAC's are produced by the HTML5 keygen element:

https://developer.mozilla.org/en-US/docs/HTML/Element/keygen

Parameters

$spkac

Return Value

mixed

at line 3411
public string saveSPKAC($spkac, $format = self::FORMAT_PEM)

Save a SPKAC CSR request

Parameters

$spkac
$format

Return Value

string

at line 3453
public mixed loadCRL($crl, $mode = self::FORMAT_AUTO_DETECT)

Load a Certificate Revocation List

Parameters

$crl
$mode

Return Value

mixed

at line 3523
public string saveCRL(array $crl, int $format = self::FORMAT_PEM)

Save Certificate Revocation List.

Parameters

array $crl
int $format optional

Return Value

string

at line 3585
public array _timeField(string $date)

Helper function to build a time field according to RFC 3280 section - 4.1.2.5 Validity - 5.1.2.4 This Update - 5.1.2.5 Next Update - 5.1.2.6 Revoked Certificates by choosing utcTime iff year of date given is before 2050 and generalTime else.

Parameters

string $date in format date('D, d M Y H:i:s O')

Return Value

array

at line 3612
public mixed sign(X509 $issuer, X509 $subject, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign an X.509 certificate

$issuer's private key needs to be loaded. $subject can be either an existing X.509 cert (if you want to resign it), a CSR or something with the DN and public key explicitly set.

Parameters

X509 $issuer
X509 $subject
string $signatureAlgorithm optional

Return Value

mixed

at line 3793
public mixed signCSR($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CSR

Parameters

$signatureAlgorithm

Return Value

mixed

at line 3851
public mixed signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a SPKAC

Parameters

$signatureAlgorithm

Return Value

mixed

at line 3921
public mixed signCRL(X509 $issuer, X509 $crl, string $signatureAlgorithm = 'sha1WithRSAEncryption')

Sign a CRL

$issuer's private key needs to be loaded.

Parameters

X509 $issuer
X509 $crl
string $signatureAlgorithm optional

Return Value

mixed

at line 4052
public mixed _sign($key, $signatureAlgorithm)

X.509 certificate signing helper function.

Parameters

$key
$signatureAlgorithm

Return Value

mixed

at line 4080
public setStartDate(string $date)

Set certificate start date

Parameters

string $date

at line 4095
public setEndDate(string $date)

Set certificate end date

Parameters

string $date

at line 4125
public setSerialNumber(string $serial, $base $base = -256)

Set Serial Number

Parameters

string $serial
$base $base optional

at line 4135
public makeCA()

Turns the certificate into a certificate authority

at line 4152
public boolean _isSubArrayValid(array $root, string $path)

Check for validity of subarray

This is intended for use in conjunction with subArrayUnchecked(), implementing the checks included in _subArray() but without copying a potentially large array by passing its reference by-value to isarray().

Parameters

array $root
string $path

Return Value

boolean

at line 4189
public array|false _subArrayUnchecked(array $root, string $path, bool $create = false)

Get a reference to a subarray

This variant of subArray() does no isarray() checking, so $root should be checked with _isSubArrayValid() first.

This is here for performance reasons: Passing a reference (i.e. $root) by-value (i.e. to is_array()) creates a copy. If $root is an especially large array, this is expensive.

Parameters

array $root
string $path absolute path with / as component separator
bool $create optional

Return Value

array|false

at line 4217
public array|false _subArray(array $root, string $path, bool $create = false)

Get a reference to a subarray

Parameters

array $root
string $path absolute path with / as component separator
bool $create optional

Return Value

array|false

at line 4253
public array|false _extensions(array $root, string $path = null, bool $create = false)

Get a reference to an extension subarray

Parameters

array $root
string $path optional absolute path with / as component separator
bool $create optional

Return Value

array|false

at line 4307
public bool _removeExtension(string $id, string $path = null)

Remove an Extension

Parameters

string $id
string $path optional

Return Value

bool

at line 4342
public mixed _getExtension(string $id, array $cert = null, string $path = null)

Get an Extension

Returns the extension if it exists and false if not

Parameters

string $id
array $cert optional
string $path optional

Return Value

mixed

at line 4367
public array _getExtensions(array $cert = null, string $path = null)

Returns a list of all extensions in use

Parameters

array $cert optional
string $path optional

Return Value

array

at line 4392
public bool _setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true, string $path = null)

Set an Extension

Parameters

string $id
mixed $value
bool $critical optional
bool $replace optional
string $path optional

Return Value

bool

at line 4424
public bool removeExtension(string $id)

Remove a certificate, CSR or CRL Extension

Parameters

string $id

Return Value

bool

at line 4439
public mixed getExtension(string $id, array $cert = null)

Get a certificate, CSR or CRL Extension

Returns the extension if it exists and false if not

Parameters

string $id
array $cert optional

Return Value

mixed

at line 4451
public array getExtensions(array $cert = null)

Returns a list of all extensions in use in certificate, CSR or CRL

Parameters

array $cert optional

Return Value

array

at line 4466
public bool setExtension(string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a certificate, CSR or CRL Extension

Parameters

string $id
mixed $value
bool $critical optional
bool $replace optional

Return Value

bool

at line 4479
public bool removeAttribute(string $id, int $disposition = self::ATTR_ALL)

Remove a CSR attribute.

Parameters

string $id
int $disposition optional

Return Value

bool

at line 4530
public mixed getAttribute(string $id, int $disposition = self::ATTR_ALL, array $csr = null)

Get a CSR attribute

Returns the attribute if it exists and false if not

Parameters

string $id
int $disposition optional
array $csr optional

Return Value

mixed

at line 4570
public array getAttributes(array $csr = null)

Returns a list of all CSR attributes in use

Parameters

array $csr optional

Return Value

array

at line 4597
public bool setAttribute(string $id, mixed $value, bool $disposition = self::ATTR_ALL)

Set a CSR attribute

Parameters

string $id
mixed $value
bool $disposition optional

Return Value

bool

at line 4652
public setKeyIdentifier(string $value)

Sets the subject key identifier

This is used by the id-ce-authorityKeyIdentifier and the id-ce-subjectKeyIdentifier extensions.

Parameters

string $value

at line 4679
public string computeKeyIdentifier(mixed $key = null, int $method = 1)

Compute a public key identifier.

Although key identifiers may be set to any unique value, this function computes key identifiers from public key according to the two recommended methods (4.2.1.2 RFC 3280). Highly polymorphic: try to accept all possible forms of key: - Key object - \phpseclib\File\X509 object with public or private key defined - Certificate or CSR array - \phpseclib\File\ASN1\Element object - PEM or DER string

Parameters

mixed $key optional
int $method optional

Return Value

string binary key identifier

at line 4753
public array _formatSubjectPublicKey()

Format a public key as appropriate

Return Value

array

at line 4774
public array setDomain()

Set the domain name's which the cert is to be valid for

Return Value

array

at line 4787
public setIPAddress()

Set the IP Addresses's which the cert is to be valid for

at line 4805
public array _dnsName(string $domain)

Helper function to build domain array

Parameters

string $domain

Return Value

array

at line 4819
public array _iPAddress(string $address)

Helper function to build IP Address array

(IPv6 is not currently supported)

Parameters

string $address

Return Value

array

at line 4833
public int|false _revokedCertificate(array $rclist, string $serial, bool $create = false)

Get the index of a revoked certificate.

Parameters

array $rclist
string $serial
bool $create optional

Return Value

int|false

at line 4862
public bool revoke(string $serial, string $date = null)

Revoke a certificate.

Parameters

string $serial
string $date optional

Return Value

bool

at line 4888
public bool unrevoke(string $serial)

Unrevoke a certificate.

Parameters

string $serial

Return Value

bool

at line 4908
public mixed getRevoked(string $serial)

Get a revoked certificate.

Parameters

string $serial

Return Value

mixed

at line 4926
public array listRevoked(array $crl = null)

List revoked certificates

Parameters

array $crl optional

Return Value

array

at line 4955
public bool removeRevokedCertificateExtension(string $serial, string $id)

Remove a Revoked Certificate Extension

Parameters

string $serial
string $id

Return Value

bool

at line 4977
public mixed getRevokedCertificateExtension(string $serial, string $id, array $crl = null)

Get a Revoked Certificate Extension

Returns the extension if it exists and false if not

Parameters

string $serial
string $id
array $crl optional

Return Value

mixed

at line 5000
public array getRevokedCertificateExtensions(string $serial, array $crl = null)

Returns a list of all extensions in use for a given revoked certificate

Parameters

string $serial
array $crl optional

Return Value

array

at line 5026
public bool setRevokedCertificateExtension(string $serial, string $id, mixed $value, bool $critical = false, bool $replace = true)

Set a Revoked Certificate Extension

Parameters

string $serial
string $id
mixed $value
bool $critical optional
bool $replace optional

Return Value

bool

at line 5046
public string _extractBER(string $str)

Extract raw BER from Base64 encoding

Parameters

string $str

Return Value

string

at line 5084
public string getOID($name)

Returns the OID corresponding to a name

What's returned in the associative array returned by loadX509() (or load*()) is either a name or an OID if no OID to name mapping is available. The problem with this is that what may be an unmapped OID in one version of phpseclib may not be unmapped in the next version, so apps that are looking at this OID may not be able to work from version to version.

This method will return the OID if a name is passed to it and if no mapping is avialable it'll assume that what's being passed to it already is an OID and return that instead. A few examples.

getOID('2.16.840.1.101.3.4.2.1') == '2.16.840.1.101.3.4.2.1' getOID('id-sha256') == '2.16.840.1.101.3.4.2.1' getOID('zzz') == 'zzz'

Parameters

$name

Return Value

string