Merge pull request #68 from liamdennehy/ocsp-requests

OCSP requests
liamdennehy · Jun 1, 2020 · 4e95664 · 4e95664
2 parents b068187 + c09d78f
commit 4e95664
Show file tree

Hide file tree

Showing 41 changed files with 1,508 additions and 131 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -3,13 +3,14 @@ php:
   - '7.1'
   - '7.2'
   - '7.3'
+  - '7.4'
 install:
   - composer config -g github-oauth.github.com "$GITHUB_API_KEY"
   - cat composer.json
   - composer install
-  # - mkdir -p ./data
-  # - wget -O data/eu-lotl.xml https://ec.europa.eu/tools/lotl/eu-lotl.xml
+  - bash -c tools/get-tls.sh
   - scripts/showtests.sh
 cache:
   directories:
     - $HOME/.composer/cache/files
+    - $HOME/data/tl
diff --git a/src/ASN1Interface.php b/src/ASN1Interface.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace eIDASCertificate;
+
+/**
+ *
+ */
+ interface ASN1Interface
+ {
+     public function getBinary();
+     public function getASN1();
+ }
diff --git a/src/AlgorithmIdentifier.php b/src/AlgorithmIdentifier.php
@@ -0,0 +1,110 @@
+<?php
+
+namespace eIDASCertificate;
+
+use eIDASCertificate\OID;
+use eIDASCertificate\ParseException;
+use ASN1\Type\UnspecifiedType;
+use ASN1\Type\Constructed\Sequence;
+use ASN1\Type\Primitive\ObjectIdentifier;
+use ASN1\Type\Primitive\NullType;
+
+class AlgorithmIdentifier implements ASN1Interface
+{
+    private $binary;
+    private $algorithmName;
+    private $algorithmOID;
+    private $parametersIncluded;
+    private $parameters = [];
+
+    public function __construct($id, $parameters = null, $parametersIncluded = true)
+    {
+        if (is_array($parameters)) {
+            foreach ($parameters as $parameter) {
+                $this->parameters[] = $parameter;
+            }
+        }
+
+        $this->parametersIncluded = $parametersIncluded;
+        if (is_object($id)) {
+            if (get_class($id) == 'eIDASCertificate\AlgorithmIdentifier') {
+                $this->algorithmName = $id->getAlgorithmName();
+                $this->algorithmOID = $id->getAlgorithmOID();
+                $this->parameters = $id->getParameters();
+                return;
+            }
+        } elseif (is_string($id)) {
+            if (strpos($id, ".")) {
+                $this->algorithmName = OID::getName($id);
+                if ($this->algorithmName == 'unknown') {
+                    throw new ParseException("Unknown algorithm OID '$id'", 1);
+                }
+                $this->algorithmOID = OID::getOID($this->algorithmName);
+            } else {
+                $this->algorithmOID = OID::getOID($id);
+                if ($this->algorithmOID == 'unknown') {
+                    throw new ParseException("Unknown algorithm name '$id'", 1);
+                }
+                $this->algorithmName = OID::getName($this->algorithmOID);
+            }
+        }
+    }
+
+    public static function fromDER($der)
+    {
+        $obj = UnspecifiedType::fromDER($der)->asSequence();
+        if ($obj->has(1) && $obj->at(1)->tag() == 16) {
+            $parameters = [];
+            foreach ($obj->at(1)->asSequence()->elements() as $parameter) {
+                $parameters[] = $parameter->toDER();
+            }
+        } else {
+            $parameters = null;
+        }
+        $aid = new AlgorithmIdentifier(
+            $obj->at(0)->asObjectIdentifier()->oid(),
+            $parameters
+        );
+        return $aid;
+    }
+
+    public function getASN1()
+    {
+        $oid = new ObjectIdentifier($this->algorithmOID);
+        if (empty($this->parameters && $this->parametersIncluded)) {
+            if ($this->parametersIncluded) {
+                return (new Sequence($oid, new NullType));
+            } else {
+                return (new Sequence($oid));
+            }
+        } else {
+            foreach ($this->parameters as $parameterDER) {
+                $parameters[] = UnspecifiedType::fromDER($parameterDER)->asTagged();
+            }
+            return (new Sequence($oid, new Sequence(...$parameters)));
+        }
+    }
+
+    public function getBinary($value='')
+    {
+        return $this->getASN1()->toDER();
+    }
+    public function getAlgorithmName()
+    {
+        return $this->algorithmName;
+    }
+
+    public function getAlgorithmOID()
+    {
+        return $this->algorithmOID;
+    }
+
+    public function getParameters()
+    {
+        $parameters = [];
+        foreach ($this->parameters as $parameter) {
+            $parameters[] = base64_encode($parameter);
+        }
+        return $parameters;
+    }
+}
diff --git a/src/Certificate/AuthorityInformationAccess.php b/src/Certificate/AuthorityInformationAccess.php
@@ -2,7 +2,7 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
+use eIDASCertificate\ExtensionInterface;
 use eIDASCertificate\Certificate\CertificateException;
 use eIDASCertificate\Certificate\X509Certificate;
 use eIDASCertificate\OID;

diff --git a/src/Certificate/AuthorityKeyIdentifier.php b/src/Certificate/AuthorityKeyIdentifier.php
@@ -2,8 +2,8 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
-use eIDASCertificate\CertificateException;
+use eIDASCertificate\ExtensionInterface;
+use eIDASCertificate\Certificate\CertificateException;
 use eIDASCertificate\Finding;
 use eIDASCertificate\Certificate\X509Certificate;
 use ASN1\Type\UnspecifiedType;

diff --git a/src/Certificate/BasicConstraints.php b/src/Certificate/BasicConstraints.php
@@ -2,8 +2,8 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
-use eIDASCertificate\Certificate\ExtensionException;
+use eIDASCertificate\ExtensionInterface;
+use eIDASCertificate\ExtensionException;
 use eIDASCertificate\Certificate\X509Certificate;
 use eIDASCertificate\OID;
 use eIDASCertificate\Finding;

diff --git a/src/Certificate/CRLDistributionPoints.php b/src/Certificate/CRLDistributionPoints.php
@@ -2,8 +2,8 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
-use eIDASCertificate\Certificate\ExtensionException;
+use eIDASCertificate\ExtensionInterface;
+use eIDASCertificate\ExtensionException;
 use eIDASCertificate\Certificate\X509Certificate;
 use eIDASCertificate\OID;
 use eIDASCertificate\Finding;

diff --git a/src/Certificate/CertificatePolicies.php b/src/Certificate/CertificatePolicies.php
@@ -2,7 +2,7 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
+use eIDASCertificate\ExtensionInterface;
 use eIDASCertificate\CertificateException;
 use eIDASCertificate\ParseException;
 use eIDASCertificate\Finding;

diff --git a/src/Certificate/CertificateRevocationList.php b/src/Certificate/CertificateRevocationList.php
@@ -4,7 +4,7 @@
 
 use ASN1\Type\UnspecifiedType;
 use eIDASCertificate\Certificate\CRLException;
-use eIDASCertificate\Certificate\DistinguishedName;
+use eIDASCertificate\DistinguishedName;
 use eIDASCertificate\OID;
 
 /**

diff --git a/src/Certificate/ExtendedKeyUsage.php b/src/Certificate/ExtendedKeyUsage.php
@@ -2,7 +2,7 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
+use eIDASCertificate\ExtensionInterface;
 use eIDASCertificate\Certificate\X509Certificate;
 use eIDASCertificate\OID;
 use eIDASCertificate\Finding;

diff --git a/src/Certificate/KeyUsage.php b/src/Certificate/KeyUsage.php
@@ -2,8 +2,8 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
-use eIDASCertificate\Certificate\ExtensionException;
+use eIDASCertificate\ExtensionInterface;
+use eIDASCertificate\ExtensionException;
 use eIDASCertificate\Certificate\X509Certificate;
 use eIDASCertificate\OID;
 use ASN1\Type\UnspecifiedType;

diff --git a/src/Certificate/PreCertPoison.php b/src/Certificate/PreCertPoison.php
@@ -2,7 +2,7 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
+use eIDASCertificate\ExtensionInterface;
 use eIDASCertificate\Certificate\X509Certificate;
 use eIDASCertificate\Finding;
 

diff --git a/src/Certificate/SubjectAltName.php b/src/Certificate/SubjectAltName.php
@@ -2,8 +2,8 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
-use eIDASCertificate\CertificateException;
+use eIDASCertificate\ExtensionInterface;
+use eIDASCertificate\Certificate\CertificateException;
 use eIDASCertificate\ParseException;
 use eIDASCertificate\Finding;
 use eIDASCertificate\Certificate\X509Certificate;

diff --git a/src/Certificate/SubjectKeyIdentifier.php b/src/Certificate/SubjectKeyIdentifier.php
@@ -2,7 +2,7 @@
 
 namespace eIDASCertificate\Certificate;
 
-use eIDASCertificate\Certificate\ExtensionInterface;
+use eIDASCertificate\ExtensionInterface;
 use eIDASCertificate\Certificate\X509Certificate;
 use eIDASCertificate\CertificateException;
 use ASN1\Type\UnspecifiedType;

diff --git a/src/Certificate/X509Certificate.php b/src/Certificate/X509Certificate.php
@@ -7,8 +7,11 @@
 use eIDASCertificate\AttributeInterface;
 use eIDASCertificate\Finding;
 use eIDASCertificate\OID;
+use eIDASCertificate\Extensions;
 use eIDASCertificate\QCStatements;
-use eIDASCertificate\Certificate\DistinguishedName;
+use eIDASCertificate\ASN1Interface;
+use eIDASCertificate\AlgorithmIdentifier;
+use eIDASCertificate\DistinguishedName;
 use eIDASCertificate\DigitalIdentity\DigitalIdInterface;
 use eIDASCertificate\TSPService\TSPServiceException;
 use ASN1\Type\UnspecifiedType;
@@ -17,7 +20,11 @@
 /**
  *
  */
-class X509Certificate implements DigitalIdInterface, RFC5280ProfileInterface, AttributeInterface
+class X509Certificate implements
+    DigitalIdInterface,
+    RFC5280ProfileInterface,
+    AttributeInterface,
+    ASN1Interface
 {
     private $x509;
     private $crtResource;
@@ -38,14 +45,13 @@ class X509Certificate implements DigitalIdInterface, RFC5280ProfileInterface, At
     private $notBefore;
     private $notAfter;
     private $signature;
+    private $signatureAlgrothimIdentifier;
     public function __construct($candidate)
     {
-        $this->x509 = new X509();
         $this->crtBinary = X509Certificate::emit($candidate);
-        $this->crtResource = $this->x509->loadX509($this->crtBinary);
         $crtASN1 = UnspecifiedType::fromDER($this->crtBinary)->asSequence();
         $tbsCertificate = $crtASN1->at(0)->asSequence();
-        $signatureAlgorithm = $crtASN1->at(1)->asSequence();
+        $this->signatureAlgorithmIdentifier = AlgorithmIdentifier::fromDER($crtASN1->at(1)->asSequence()->toDER());
         $signatureValue = $crtASN1->at(2)->asBitString()->string();
         $idx = 0;
         if ($tbsCertificate->hasTagged(0)) {
@@ -57,7 +63,7 @@ public function __construct($candidate)
         //   return null;
         //
         }
-        $this->serialNumber = $tbsCertificate->at($idx++)->asInteger()->number();
+        $this->serialNumber = gmp_strval($tbsCertificate->at($idx++)->asInteger()->number(), 16);
         $this->signature = $tbsCertificate->at($idx++)->asSequence();
         $this->issuer = new DistinguishedName($tbsCertificate->at($idx++));
         $dates = $tbsCertificate->at($idx++)->asSequence();
@@ -304,7 +310,7 @@ public function getCRL()
         }
     }
 
-    public function getSerial()
+    public function getSerialNumber()
     {
         return $this->serialNumber;
     }
@@ -328,16 +334,36 @@ public function toPEM()
         return self::base64ToPEM(base64_encode($this->crtBinary));
     }
 
+    public function getSubjectASN1()
+    {
+        return $this->subject->getASN1();
+    }
+
     public function getSubjectDN()
     {
         return $this->subject->getDN();
     }
 
+    public function getIssuerASN1()
+    {
+        return $this->issuer->getASN1();
+    }
+
     public function getIssuerDN()
     {
         return $this->issuer->getDN();
     }
 
+    public function getSubjectNameHash($algo = 'sha256')
+    {
+        return $this->subject->getHash($algo);
+    }
+
+    public function getIssuerNameHash($algo = 'sha256')
+    {
+        return $this->issuer->getHash($algo);
+    }
+
     public function getSubjectExpanded()
     {
         return $this->subject->getExpanded();
@@ -511,4 +537,37 @@ public function getExtensionsBinary()
     {
         return $this->extensions->getBinary();
     }
+
+    public function getSignatureAlgorithmIdentifier()
+    {
+        return $this->signatureAlgorithmIdentifier;
+    }
+
+    public function getSignatureAlgorithmName()
+    {
+        return $this->signatureAlgorithmIdentifier->getalgorithmName();
+    }
+
+    public function getSignatureAlgorithmParameters()
+    {
+        return $this->signatureAlgorithmIdentifier->getParameters();
+    }
+
+    public function getASN1()
+    {
+        throw new \Exception("getASN1 not implemented", 1);
+    }
+
+    public function getSubjectPublicKeyHash($algo = 'sha256')
+    {
+        return hash(
+            $algo,
+            UnspecifiedType::fromDER($this->publicKey)
+                ->asSequence()
+                ->at(1)
+                ->asBitString()
+                ->string(),
+            true
+        );
+    }
 }